Jump to content

Recommended Posts

Hi Everyone,

I have just downloaded the free Malwarebytes from cnet (stellar reviews, fellas) because I want to try it out before upgrading to the paid version.

Downloading went fine, but each time I tried to run it, up popped the little dialog box 'not a valid Win32 application' This is on XP

Hmm! Now what? I've Googled around, but the info is a little confusing. Is this a backward-compatibility problem?

Thanks in advance for any help on this.

Link to post
Share on other sites

Greetings and welcome :)

Please delete the copy of the program you downloaded and try downloading it again from here to see if it will install. It's possible that your first download was corrupt.

If the second copy has the same issue and you suspect you may be infected then please do the following:

Please read and follow the directions here, skipping any steps you are unable to complete. Then create a NEW topic here.

One of the expert helpers there will give you one on one assistance when one becomes available.

Please note that it may take 48 hours or more for you to receive a response in the malware removal forum, as it is often busy at times. Please do not reply to your own post asking for help unless its been more than 48 hours since you originally posted, as this can make it appear as though you are being helped and take longer for you to get help.

If you are unable to do all or any of the steps in the link to the directions above, just post your problem into the forum I gave you a link to anyway and someone will be able to assist you.

If you prefer to be assisted via email you may contact support@malwarebytes.org and one of our support staff members will assist you directly.

If you are a reseller, affiliate, technician, corporate, business, educational, government or non-profit customer then please contact corporate-support@malwarebytes.org and include full contact details along with your Reference # when you do to ensure that you receive prompt assistance.

Thank you :)

Link to post
Share on other sites

Hi Everybody,

I posted today about a dialog box that keeps popping up saying 'not a valid Win32 application'

Thank you, exile 360, for your quick reply.

Here are the results -

Downloaded mbam-setup.exe from the link in exile 360's post. Same dialog box.

Updated my Antivirus, and did a full scan. Antivirus happy.

Did a rootkit scan. All OK.

Downloaded Defogger.exe. Same result with the dialog box.

Downloaded dds.scr. Same result.

Downloaded the GMER Rootkit Scanner. Same result.

So ... I have no logs to show.

***

The only other information I can offer is that I then tried to run downloads from other companies. With identical results.

***

All help will be appreciated. Thanks in advance.

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Click Start --> Run, enter cmd.exe, and press Enter

In the black box that appears, enter this command exactly as shown:

chkdsk>"%userprofile%\desktop\chkdsk.txt"

Press Enter.

When it finishes, open chkdsk.txt on your Desktop and post its contents here.

-screen317

Link to post
Share on other sites

Thank you, screen 317, for your quick reply.

Here are the contents of chkdsk.txt.

Sorry to create work but my computer is Spanish. I have run it four or five times now, but it never goes further than 16 per cent of the second stage. But here goes ...

**********************

El tipo del sistema de archivos es NTFS.

La etiqueta de volumen es ACER.

Advertencia: par

Link to post
Share on other sites

  • Staff

Hi,

Please do the following:

  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
    • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
      Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Link to post
Share on other sites

UPDATE

A Firefox 4 problem. (Not the first.) So I used another browser.

Downloaded and ran exeHelper.com. Seemed fine.

Rebooted.

Downloaded and ran mbam-clean.exe. Seemed fine.

Rebooted.

Disabled antivirus.

Tried to download MAM from Major Geeks using Mozilla several times. But Mozilla said something about illegal Shockwave Flash and closed itself every time.

Tried Internet Explorer several times but it kept saying my security settings were wrong.

Re-enabled virus and went out for a coffee. Enough for one day.

*****

But I do want to say that I appreciate your efforts. Thanks.

Link to post
Share on other sites

  • Staff

Hi,

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Link to post
Share on other sites

Hi,

Downloaded TDSSKiller.zip, but it wouldn't extract.

Winzip left this message

*****

Extracting to "D:\System\Security\Spy\"

Use Path: yes Overlay Files: no

Extracting TDSSKiller.exe

File was blocked, user selected to skip all blocked files and continue processing

Extracting eula.txt

Link to post
Share on other sites

UPDATE

I don't know if it will help but I downloaded and ran DDS anyway.

Here is dds.txt

*****

.

DDS (Ver_2011-06-12.02) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_07

Run by Peter Gray at 9:22:05 on 2011-06-13

Microsoft Windows XP Home Edition 5.1.2600.3.1252.34.3082.18.1014.210 [GMT 2:00]

.

AV: AVG Anti-Virus *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\Archivos de programa\AVG\AVG9\avgchsvx.exe

C:\Archivos de programa\AVG\AVG9\avgrsx.exe

svchost.exe

C:\Archivos de programa\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Archivos de programa\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

C:\Archivos de programa\AVG\AVG9\avgwdsvc.exe

C:\Acer\Empowering Technology\admServ.exe

C:\Archivos de programa\AVG\AVG9\avgam.exe

C:\Archivos de programa\AVG\AVG9\avgnsx.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\WINDOWS\system32\svchost.exe -k HPService

C:\Archivos de programa\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Archivos de programa\Carbonite\Carbonite Backup\carboniteservice.exe

C:\Archivos de programa\AVG\AVG9\avgcsrvx.exe

C:\Archivos de programa\QuickTime\qttask.exe

C:\ARCHIV~1\AVG\AVG9\avgtray.exe

C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe

C:\Archivos de programa\Carbonite\Carbonite Backup\CarboniteUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Archivos de programa\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe

C:\Archivos de programa\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Archivos de programa\HP\Digital Imaging\bin\hpqbam08.exe

C:\Archivos de programa\HP\Digital Imaging\bin\hpqgpc01.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\System32\vssvc.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\dllhost.exe

C:\Archivos de programa\TrueCrypt\TrueCrypt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Archivos de programa\Mozilla Firefox\firefox.exe

C:\Archivos de programa\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\Explorer.EXE

C:\Archivos de programa\mozilla.org\Mozilla\mozilla.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearch Bar = hxxp://www.yahoo.com/search/ie.html

mStart Page = hxxp://www.internetvodafone.es

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\archivos de programa\avg\avg9\toolbar\IEToolbar.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\archivos de programa\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\archivos de programa\avg\avg9\avgssie.dll

BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\archivos de programa\siber systems\ai roboform\roboform.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\archivos de programa\java\jre1.6.0_07\bin\ssv.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\archivos de programa\avg\avg9\toolbar\IEToolbar.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\archivos de programa\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\archivos de programa\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\archivos de programa\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\archivos de programa\avg\avg9\toolbar\IEToolbar.dll

TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\archivos de programa\siber systems\ai roboform\roboform.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\archivos de programa\google\google toolbar\GoogleToolbar_32.dll

TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\archivos de programa\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\archivos de programa\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [RoboForm] "c:\archivos de programa\siber systems\ai roboform\RoboTaskBarIcon.exe"

mRun: [QuickTime Task] "c:\archivos de programa\quicktime\qttask.exe" -atboottime

mRun: [AVG9_TRAY] c:\archiv~1\avg\avg9\avgtray.exe

mRun: [HP Software Update] c:\archivos de programa\hp\hp software update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [Carbonite Backup] c:\archivos de programa\carbonite\carbonite backup\CarboniteUI.exe

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicio\hp digital imaging monitor.lnk - c:\archivos de programa\hp\digital imaging\bin\hpqtra08.exe

IE: Customize Menu - file://c:\archivos de programa\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html

IE: E&xportar a Microsoft Excel - c:\archiv~1\micros~2\office11\EXCEL.EXE/3000

IE: Fill Forms - file://c:\archivos de programa\siber systems\ai roboform\RoboFormComFillForms.html

IE: Google Sidewiki... - c:\archivos de programa\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

IE: RoboForm Toolbar - file://c:\archivos de programa\siber systems\ai roboform\RoboFormComShowToolbar.html

IE: Save Forms - file://c:\archivos de programa\siber systems\ai roboform\RoboFormComSavePass.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\archivos de programa\siber systems\ai roboform\RoboFormComFillForms.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\archivos de programa\siber systems\ai roboform\RoboFormComSavePass.html

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\archivos de programa\siber systems\ai roboform\RoboFormComShowToolbar.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\archivos de programa\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\archivos de programa\java\jre1.6.0_07\bin\ssv.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\archiv~1\micros~2\office11\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\archivos de programa\hp\digital imaging\smart web printing\hpswp_BHO.dll

LSP: imon.dll

Trusted Zone: gistweb.com

DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1284372966031

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll

TCP: DhcpNameServer = 192.168.0.1 192.168.0.1

TCP: Interfaces\{BA8B8E95-CAC7-4875-B4E7-AE3F2B7BAE09} : DhcpNameServer = 192.168.0.1 192.168.0.1

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\archivos de programa\avg\avg9\toolbar\IEToolbar.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\archivos de programa\avg\avg9\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\archiv~1\archiv~1\skype\Skype4COM.dll

Notify: AtiExtEvent - Ati2evxx.dll

Notify: avgrsstarter - avgrsstx.dll

Notify: igfxcui - igfxdev.dll

AppInit_DLLs:

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\peter gray\datos de programa\mozilla\firefox\profiles\bzxbgo3x.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: browser.startup.homepage - file:///D:/Mis%20documentos/PeterGray.name/Peter Gray.html|hxxp://www.scroogle.org/cgi-bin/scraper.htm|http://www.wolframalpha.com/

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c8aa5af&v=6.103.018.001&i=26&tp=ab&iy=&ychte=es&lng=en-US&q=

FF - component: c:\archivos de programa\avg\avg9\firefox\components\avgssff.dll

FF - component: c:\archivos de programa\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\archivos de programa\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\archivos de programa\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll

FF - component: c:\archivos de programa\siber systems\ai roboform\firefox\components\rfproxy_31.dll

FF - plugin: c:\archivos de programa\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\windows\system32\c2mp\npdivx32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-9-10 52872]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-9-10 216400]

R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-9-10 29584]

R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-9-10 243152]

R2 avg9wd;AVG WatchDog;c:\archivos de programa\avg\avg9\avgwdsvc.exe [2010-9-10 308136]

R2 AWService;AdminWorks Agent X6;c:\acer\empowering technology\admServ.exe [2005-10-24 1314816]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Servicio Google Update (gupdate);c:\archivos de programa\google\update\GoogleUpdate.exe [2010-3-28 135664]

S2 Programador de LiveUpdate autom

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.