Tech Support banner

Status
Not open for further replies.
1 - 8 of 8 Posts

·
Registered
Joined
·
6 Posts
Discussion Starter #1
I'm having problem finding out solution to remove the following message everytime I reboot: "Windows cannot find ‘C:\windows\system32\proper.exe’. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search."

After finding out that I can't access ctrl panel, etc., I tried smitfraud and superantispyware. Now I can gained access to ctrl panel, etc, but the above window popups started. Thank you for taking the time to read this post. Following the guidelines of 5 steps to hijackthis post, here is the log:

Deckard's System Scanner v20071014.68
Run by Ghozali Subandi on 2007-11-22 09:54:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; unknown error code 0x00000001


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 479 MiB (512 MiB recommended).


-- HijackThis (run as Ghozali Subandi.exe) -------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:56:15 AM, on 11/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\System32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Ghozali Subandi\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Ghozali Subandi.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\proper.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2FE68711-8830-417D-95E0-EAB307DB0447} (mpsPwLc7.PMWebSiteLogin) - http://prolog-web.rhinonet.com/pw/mpsPwLc7.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9C024426-7859-4B2D-AB4C-B1E370AE7549} - http://us.mcafee.com/Apps/WSC/en-us/WscWlanScannerCtrl.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O20 - AppInit_DLLs: skuns.dat
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: lmab_device - Unknown owner - C:\WINDOWS\system32\LMabcoms.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 9731 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R1 SrvcEKIOMngr - c:\windows\system32\drivers\ekiomngr.sys <Not Verified; COMPAL ELECTRONIC INC.; Compal IoManager Application>
R1 SrvcEPECioctl - c:\windows\system32\drivers\ecioctl.sys
R1 SrvcEPIOMngr - c:\windows\system32\drivers\epiomngr.sys <Not Verified; COMPAL ELECTRONIC INC.; Compal IoManager Application>
R1 SrvcSSIOMngr - c:\windows\system32\drivers\ssiomngr.sys <Not Verified; COMPAL ELECTRONIC INC.; Compal IoManager Application>
R1 SrvcTPIOMngr - c:\windows\system32\drivers\tpiomngr.sys <Not Verified; COMPAL ELECTRONIC INC.; Compal IoManager Application>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.10.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.10.0>
R2 CdaC15BA - c:\windows\system32\drivers\cdac15ba.sys
R2 Netdevio (TOSHIBA Network Device Usermode I/O Protocol) - c:\windows\system32\drivers\netdevio.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Network Device Usermode I/O protocol>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R2 TBiosDrv - c:\windows\system32\drivers\tbiosdrv.sys
R3 AnyDVD - c:\windows\system32\drivers\anydvd.sys <Not Verified; SlySoft, Inc.; AnyDVD>
R3 EPOWER (Compal E-POWER Driver) - c:\windows\system32\drivers\hkdrv.sys <Not Verified; Compal Electronic Inc.; EPOWER>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S2 PLUSBCF (USB Compact Flash Reader) - c:\windows\system32\drivers\ucf1pl.sys <Not Verified; ; USB Compact Flash Reader Driver>
S3 PLSCSICF - c:\windows\system32\drivers\ucf0pl.sys <Not Verified; ; USB Compact Flash Reader Driver>
S3 SABProcEnum - c:\program files\internet explorer\sabprocenum.sys (file missing)
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CeEPwrSvc - c:\program files\toshiba\power management\ceepwrsvc.exe <Not Verified; COMPAL ELECTRONIC INC.; CeEPwrSvc Module>
R2 CFSvcs (ConfigFree Service) - c:\program files\toshiba\configfree\cfsvcs.exe <Not Verified; TOSHIBA CORPORATION; ConfigFree(TM)>
R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service>
R2 Swupdtmr - c:\toshiba\ivp\swupdate\swupdtmr.exe

S2 C-DillaCdaC11BA - c:\windows\system32\drivers\cdac11ba.exe <Not Verified; C-Dilla Ltd; SafeCast Windows NT>
S3 lmab_device - c:\windows\system32\lmabcoms.exe -service <Not Verified; ; Printer Communication System>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\65404DF823F4A
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\65404DF823F4A
Service: NIC1394


-- Scheduled Tasks -------------------------------------------------------------

2007-05-20 12:25:16 560 --a------ C:\WINDOWS\Tasks\Registry Repair.job
2007-05-20 12:25:15 432 --a------ C:\WINDOWS\Tasks\Registry Repair4.job
2005-08-24 18:53:35 126 --a------ C:\WINDOWS\Tasks\Thomas & Friends.job
2005-02-27 21:28:20 384 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job


-- Files created between 2007-10-22 and 2007-11-22 -----------------------------

2007-11-21 10:08:22 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-11-21 09:42:15 0 d-------- C:\Program Files\Cisco Systems
2007-11-21 09:42:14 0 d-------- C:\Program Files\Common Files\Deterministic Networks
2007-11-21 09:41:52 0 d-------- C:\VPN366A
2007-11-21 09:14:44 0 d-------- C:\Program Files\Trend Micro
2007-11-17 21:43:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-17 19:23:57 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-17 19:23:51 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-11-17 19:23:51 0 d-------- C:\Documents and Settings\Ghozali Subandi\Application Data\SUPERAntiSpyware.com
2007-11-17 18:41:01 4372 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-17 18:39:13 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-11-17 18:39:13 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2007-11-17 18:39:13 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-11-17 18:39:13 0 d-------- C:\Documents and Settings\Administrator\Application Data\toshiba
2007-11-17 18:39:13 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-11-17 18:39:13 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2007-11-17 18:39:13 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-11-17 18:39:13 0 d-------- C:\Documents and Settings\Administrator\Application Data\InterVideo
2007-11-17 18:39:13 0 d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2007-11-17 18:39:13 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-11-17 18:39:13 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2007-11-17 18:39:12 0 dr------- C:\Documents and Settings\Administrator\Favorites
2007-11-17 18:39:11 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2007-11-17 18:39:11 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-11-17 18:39:11 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-11-17 18:39:11 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-11-17 18:39:11 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-11-17 18:39:11 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-11-17 18:39:11 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-11-17 18:39:11 0 dr------- C:\Documents and Settings\Administrator\My Documents
2007-11-17 18:39:11 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-11-17 18:39:09 1835008 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT


-- Find3M Report ---------------------------------------------------------------

2007-11-22 09:03:11 0 d-------- C:\Program Files\EzButton
2007-11-22 09:01:28 0 d-------- C:\Program Files\ATI Multimedia
2007-11-22 09:00:11 0 d-------- C:\Program Files\Apoint2K
2007-11-21 09:43:04 8 --a------ C:\WINDOWS\system32\success
2007-11-21 09:42:14 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-21 09:42:14 0 d-------- C:\Program Files\Common Files
2007-11-17 22:32:30 0 d-------- C:\Program Files\ewido anti-malware
2007-11-17 22:28:15 0 d-------- C:\Program Files\Napster
2007-11-06 19:42:23 0 d-------- C:\Program Files\ZipWiz
2007-10-28 18:31:04 40 ---hs---- C:\Documents and Settings\Ghozali Subandi\Application Data\.zreglib
2007-10-20 06:16:20 0 d-------- C:\Program Files\Java
2007-10-06 18:06:13 0 d-------- C:\Program Files\Lexmark
2007-10-06 17:37:03 0 d-------- C:\Program Files\Lexmark_HostCD
2007-09-22 10:21:51 0 d-------- C:\Documents and Settings\Ghozali Subandi\Application Data\Snapfish


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CeEPOWER"="C:\Program Files\TOSHIBA\Power Management\CePMTray.exe" [08/19/2004 06:14 PM]
"@"="" []
"AGRSMMSG"="AGRSMMSG.exe" []
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [10/30/2003 04:46 PM]
"EzButton"="C:\Program Files\EzButton\EzButton.EXE" [07/07/2004 04:25 PM]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [08/06/2004 03:14 PM]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [02/03/2004 02:47 PM]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [03/02/2004 01:45 PM]
"ZoomingHook"="c:\WINDOWS\System32\ZoomingHook.exe" [07/14/2004 04:07 PM]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [07/28/2004 04:23 PM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [11/18/2003 01:24 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [11/18/2003 01:11 AM]
"Pinger"="C:\TOSHIBA\IVP\ISM\pinger.exe" [03/17/2005 04:37 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [07/30/2002 11:35 AM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [01/14/2005 01:05 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [08/19/2004 05:44 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50 AM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [04/14/2006 11:51 AM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [04/14/2006 11:52 AM]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [04/14/2006 11:56 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 03:06 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]
"ATI Scheduler"="C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE" [05/04/2005 09:42 PM]
"ATI DeviceDetect"="C:\Program Files\ATI Multimedia\main\ATIDtct.EXE" [05/04/2005 09:41 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 08:05 PM]
"ATI Launchpad"="" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [10/23/2003 9:37:56 PM]
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe [11/21/2007 9:42:15 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1/21/2000 1:15:54 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWindowsUpdate"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe C:\WINDOWS\system32\proper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=skuns.dat





-- Hosts -----------------------------------------------------------------------

192.168.200.3 ad.doubleclick.net
192.168.200.3 ad.fastclick.net
192.168.200.3 ads.fastclick.net
192.168.200.3 atdmt.com
192.168.200.3 awaps.net
192.168.200.3 banner.fastclick.net
192.168.200.3 banners.fastclick.net
192.168.200.3 click.atdmt.com
192.168.200.3 clicks.atdmt.com
192.168.200.3 engine.awaps.net

9 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2007-11-22 09:57:28 ------------
 

Attachments

·
Registered
Joined
·
6 Posts
Discussion Starter #2
Re: How to remove popup saying can't find proper.exe

It's been 3 days & I'm bumping this post. Still hoping someone can help me with this malware problem. I also noticed web browsing in general was slower than before and I'm unable to upgrade to the latest flash plug-ins (i.e trying to view legitimate website). pls help.
 

·
TSF Security Manager, Emeritus
Joined
·
52,197 Posts
Re: How to remove popup saying can't find proper.exe

Hello, and Welcome to TSF.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------
  1. Download this file - http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

    * IMPORTANT !!! Place combofix.exe on your Desktop

  2. Go to
    -> Run -> paste in the following single line command & click OK


    "%userprofile%\desktop\combofix.exe" /killall




  3. Follow the prompts. Type "1" and press Enter to begin the scan.
  4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  5. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

    ---------------------------------------------------------------------------------------------

  6. Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

    ---------------------------------------------------------------------------------------------
 

·
Registered
Joined
·
6 Posts
Discussion Starter #4
Re: How to remove popup saying can't find proper.exe

Tetonbob,

Wish I waited, but since yesterday my laptop has been practically on non-stop. I didn't know much & didn't want to post in another forum, but from hours of browsing I just basically downloaded all kinds of free antivirus/spyware removals, etc. Between doing that & using ccleaner & stompsoft registry cleaners I attempted to clean the computer a bit. There is no more annoying "can't find ...proper.exe'...popups. Not really sure if there are any more virus or whatever it was. I'm not comfortable going to my online banking, etc.

Thanks for your time. Do you think I should perhaps run that hijackthis/combofix programs as you stated above to be sure?
 

·
TSF Security Manager, Emeritus
Joined
·
52,197 Posts
Re: How to remove popup saying can't find proper.exe

At the very least, you should post another set of DSS logs to help make sure.

Registry Cleaners can often cause more trouble than good.

To be more sure of your online banking, you can use another machine and change passwords.

Please run Deckard's System Scanner once again, this time using these instructions:

Click the Windows 'Start' button > Select 'Run' - then copy/paste this into the run box & click OK

"%userprofile%\desktop\dss.exe" /config

Click on "Check All"

Click Scan!

When finished, it shall produce two logs for you. Post those logs in your next reply.
 

·
Registered
Joined
·
6 Posts
Discussion Starter #6
Re: How to remove popup saying can't find proper.exe

Tetonbob, thanks for your response. The following 2 files are the logs. I'm not sure if you wanted me to copy & paste here or just put in as attachment. I don't know if it was smart to download everything, because now I can't uninstall some programs, like superantisypware. It doesn't even show up on my control panel add/remove programs.
 

Attachments

·
TSF Security Manager, Emeritus
Joined
·
52,197 Posts
Re: How to remove popup saying can't find proper.exe

Looks like the malware has been removed.

I see bits of SUPERAntiSpyware on the machine. There are services still present, registry entries and a Program Files folder. Is there an uninstaller file present in that location? Even if it's there, it may not uninstall cleanly due to missing files.

Sometimes, if you can't uninstall a program which has become corrupted, if you run the installer again there is a repair function or, after installing it again, it can be uninstalled completely. You may want to try that with SUPERAntiSpyware.

Previously mentioned was the trouble using registry cleaners can cause.

Essentially, though, I see this as an OS/application problem at this point, and not a malware removal issue. For continued support, answers to those questions will be better asked in our Windows XP support forum. The staff and members in that area will be better able to assist you with that.
 

·
Registered
Joined
·
6 Posts
Discussion Starter #8
Re: How to remove popup saying can't find proper.exe

Thanks for the confirmation & your effort as well. I just wasn't so sure anything was still lurking but you have confirmed it...I feel a bit lucky...thanks for your effort.
 
1 - 8 of 8 Posts
Status
Not open for further replies.
Top