1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

.exe not a valid win32 application

Discussion in 'Software' started by KatCat, May 7, 2004.

  1. KatCat

    KatCat Private E-2

    Hi there,

    I am having a major problem with my computer. I guess I did have a virus somewhere in my system, but thanks to your board postings I took care of it. Many of my programs are running fine, but some are not. When I click on a particular program, it tells me “blah blah.exe is not a valid win32 application”. I really need to run that program and for two days I am trying to resolve the issue, but seem to make it worse. You are my last help before I seriously damage this machine. Any help is greatly appreciated.

    KatCat
     
  2. Kodo

    Kodo SNATCHSQUATCH

    what application is it? what OS are you using?
     
  3. KatCat

    KatCat Private E-2

    i am trying to run jobboss a manufacturing software
     
  4. KatCat

    KatCat Private E-2

    and i am running windows XP prof.
     
  5. Kodo

    Kodo SNATCHSQUATCH

    have you tried reinstalling Jobboss. Sounds like the virus may have corrupted the exe.
     
  6. KatCat

    KatCat Private E-2

    yapp, sure did ...... i was just running housecall again and it's still detecting viruses all over. i mean , i am up to like 300 infected files ..... and some of those are not even cleanable.
     
  7. Kodo

    Kodo SNATCHSQUATCH

    do you have an Antivirus on your machine? I would assume no since you're using housecall.

    I would try installing one on your machine. You'll probably have better luck repairing.
     
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You probably need to disable System Restore. Reboot. And then re-run your virusscan program. Then re-enable System Restore and then reboot again.

    If you don't know how to use System Restore, see http://www.majorgeeks.com/vb/showthread.php?t=31668

    You may want to try another virusscan application, if you still have problems.
    Try Avast: http://www.majorgeeks.com/download1968.html
    or AntiVir: http://www.majorgeeks.com/download955.html

    Both are freeware.

    Edit: I forgot one, AVG: http://www.majorgeeks.com/download886.html
    Also freeware. Avast & AVG are the highest rate with MG users. See the poll: http://www.majorgeeks.com/vb/showthread.php?t=29263
     
    Last edited: May 7, 2004
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Excuse me for jumping in Kodo. Didn't know you were still here.
     
  10. Kodo

    Kodo SNATCHSQUATCH

    No problem dude.. jump in any time, doesn't bother me one bit.
     
  11. wk990

    wk990 Private E-2

    correct me if I'm wrong but did you say the problum is duplicating itself??? if thats the case I might have a answer
     
  12. Kodo

    Kodo SNATCHSQUATCH

  13. KatCat

    KatCat Private E-2

    ok... here we go.... i did everything you guys told me. sure enough, that stupid worm and/or virus was still hanging around. now, everything works just perfect but that jobboss program. i did try install it again (after moving the old files to another location), but it won't let me do that. i did call exact software (the maker of jobboss), but since i don't have a service contract with them anymore they won't give me any help. and that after spending about 4k on the software itself. so, i guess i am kinda screwed if i cannot reinstall the software or buy it again, right?! also, antivirus guard detected the worm directely in jobboss.
     
  14. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    What do you mean by "antivirus guard"? Is that the real name of the software? At any rate I assume your virus/worm problem is gone? Have you tried to completely uninstall jobboss first, and then re-install? And what did you mean it won't let you re-install? Is there an error message?
     
  15. Kodo

    Kodo SNATCHSQUATCH

    Kat, is your system patched completely as well? No sense in trying to clean it if it's not patched and getting re-infected.
     
  16. KatCat

    KatCat Private E-2

    i ran "antivir" i followed the link you posted earlier. i cannot un-install jobboss all together, since i am affraid that i am going to lose all my data. i used the original jobboss software cd, but it tells me my license has expired or password invalid. how can that be, since i paid for the damn thing?
    now, after cleaning the computer and running every anti virus/worm detection software there is, my windows installer comes up with programs to install, that i don't even want. i am sorry i am probably a pain right now, but this too weird.
     
  17. KatCat

    KatCat Private E-2

    Kodo,
    i have no idea if it's patched or not. is there a way to find out?
     
  18. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yeah! Go here http://v4.windowsupdate.microsoft.com/en/default.asp
    and click on Scan for Updates. You will be told what you need. Be a little selective on what you update. Some will be obvious (like security leaks). Language packs are not needed unless you need them.
     
  19. KatCat

    KatCat Private E-2

    ok... now i did the upgrades you suggested and the system is just going nuts. i have windows installer windows popping up everywhere. the main thing is earthlink pop-up blocker and windows2000.
    i also found out that the jobboss software is not repairable (from the virus scanners). i contaced jobboss again, and now they will send me brand new software. at least i guess i took care of that. but what about the "window istaller" pop-us, is there anything you could suggest to eliminate them at start-up? if i have not said it before, thank you so much for all your help.
     
  20. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Could you explain this a little better? Is this happening constantly? Have you rebooted since doing Microsoft's updates? Many time you need to reboot after certain updates are installed and then go back and install some more etc. It is a repetitive task if you get behind on updates. Are the popups only after reboot? After every boot? What do you mean "the main thing is earthlink pop-up blocker"? Are they your ISP and did you install this? And what do you mean windows 2000? You have WinXp?
     
  21. Kodo

    Kodo SNATCHSQUATCH

    Run the virus scan again to make sure you didn't get re-infected from not being patched.
     
  22. KatCat

    KatCat Private E-2

    yes , after every start-up these "installer windows" pop-up. earthlink is not my ISP, but in the past i did downloaded it. i removed all earthlink related programs off this machine, but the pop-up blocker still wants to reinstall itself. this is actually how the problems with jobboss started. after removing earthlink stuff, jobboss didn't work anymore. it's also word 2000 (not windows). so i removed MS word 2000, but it doesn't seem to help, it ask me to insert the MS XP CD.
     
  23. KatCat

    KatCat Private E-2

    will it help if i post the "hijack-it" report?
     
  24. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    To be on the safe side like Kodo suggests, have you re-run you virus scanner again?

    Why did you uninstall word 2000? Don't you need it?

    And why didn't you just put in the MS XP CD when it asked you too? It probably needs something off the CD to finish updating.
    Have you check to make sure you don't need anymore updates?
     
  25. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Edit: First do the below stuff. And then maybe and Ad-aware & SpyBot scan first and then maybe a HiJaak This log would be useful.
     
  26. KatCat

    KatCat Private E-2

    yes sure did.... at this point i am just taking off programs that annoy me. i do have the disk and can install it later again. i did put in the XP CD and some of the pop-ups are gone.
    the scan takes a long time and i guess i run it over night. i updated all the files you suggested (no language packs though) should i post the hijack-this report for you?
     
  27. KatCat

    KatCat Private E-2

    ok.. here we go: in the meantime i am going to reboot again, but have the other computer running.

    Logfile of HijackThis v1.97.7
    Scan saved at 3:58:09 PM, on 5/7/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
    C:\Program Files\AVPersonal\AVGUARD.EXE
    C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\PROGRA~1\Iomega\System32\AppServices.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\AVPersonal\AVGNT.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\PROGRA~1\SYSTEM~1\soap.exe
    C:\Program Files\SpyKiller\spykiller.exe
    C:\Program Files\NoAds\NoAds.exe
    C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\WINDOWS\System32\msiexec.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Documents and Settings\Roger Trudeau\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.
     
  28. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Is that your whole log? It would expect more lines below the R0 & R1 lines?

    It may not be a good idea to be running to anti virus programs. Your appear to have both Norton and AVPersonal. I would remove at least one of them (personally I would not use either. I would use Avast. Personal preference.)
     
  29. KatCat

    KatCat Private E-2

    log again

    sorry, i am stupid. didn't cpy the entire log.. here we go, hope that's all there is


    Logfile of HijackThis v1.97.7
    Scan saved at 3:58:09 PM, on 5/7/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
    C:\Program Files\AVPersonal\AVGUARD.EXE
    C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\PROGRA~1\Iomega\System32\AppServices.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\AVPersonal\AVGNT.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\PROGRA~1\SYSTEM~1\soap.exe
    C:\Program Files\SpyKiller\spykiller.exe
    C:\Program Files\NoAds\NoAds.exe
    C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\WINDOWS\System32\msiexec.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Documents and Settings\Roger Trudeau\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;localhost
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.excite.com/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://shell.windows.com/fileassoc/0409/xml/redir.asp?Ext=XLS
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
    O2 - BHO: (no name) - {001F2570-5DF5-11d3-B991-00A0C9BB0874} - C:\Program Files\eBay\eBay Toolbar\4.2.0.3\eBayBand.dll
    O2 - BHO: (no name) - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL (file missing)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: eBay Toolbar - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - C:\Program Files\eBay\eBay Toolbar\4.2.0.3\eBayBand.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
    O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [Iomega Automatic Backup 1.0.1] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
    O4 - HKLM\..\Run: [2@KN4M84WSDCT@] C:\WINDOWS\System32\Oms4Rt6.exe
    O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
    O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
    O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
    O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Iomega Automatic Backup] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
    O4 - HKCU\..\Run: [System Soap Pro] C:\PROGRA~1\SYSTEM~1\soap.exe min
    O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
    O4 - HKCU\..\Run: [NoAds] "C:\Program Files\NoAds\NoAds.exe"
    O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - Startup: JobBOSS ShopAlerts Server.lnk = C:\Program Files\jobboss old files\JobBOSS\Client70\ShopAlerts\JBTdySvr.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: eBay Toolbar.LNK = C:\Program Files\eBay\eBay Toolbar\4.2.0.3\ebaytbar.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O4 - Global Startup: officejet 6100.lnk = ?
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\QUICKENW\bagent.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: eBay Toolbar (HKLM)
    O9 - Extra 'Tools' menuitem: eBay Toolbar (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: MoneySide (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O12 - Plugin for .doc: C:\Program Files\Internet Explorer\PLUGINS\npcsidoc.dll
    O12 - Plugin for .dwg: C:\Program Files\Internet Explorer\PLUGINS\npcsidwg.dll
    O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
    O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .ps: C:\Program Files\Internet Explorer\PLUGINS\npcsips.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://download-ak.systemsoap.com/ssoap/pptproactauthakamai/systemsoappro.cab
    O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\MDT6\AcDcToday.ocx
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37636.6023726852
    O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB
    O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\MDT6\InstBanr.ocx
    O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\MDT6\InstFred.ocx
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://exactsoftware.webex.com/client/latest/webex/ieatgpc.cab
    O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup.cab
    O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\MDT6\AcPreview.ocx
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B66A8AA5-94F2-47B1-AF3D-62F8637A3683}: NameServer = 68.11.16.30,68.1.208.30
    .
     
    Last edited: May 7, 2004
  30. Bitzy

    Bitzy Private E-2

    not a valid win32 application.

    Probably not worth much but here goes anyhoo.

    In my situation, I used to have the WordPerfect Corel Suite wth Quatro Pro 10
    I was constantly getting that error message and my spreadsheets were corrupted and couldn't recover them. Some suggested it might be a corrupt dll file.
    I was working on spreadsheets between Quatro at home and Excel at work.
    I finally gave up after reinstalling Quatro two times,,,
    dumped the entire Corel WordPerfect Suite and got MS Office.
    Have not received that error since, not even once.

    Some programs are simply not designed to talk to each other and can cause
    lots of other problems as well. I know there are patches but from what I hear,,
    'taint worth it. It's that apples/oranges "conflict" thing.

    Bitzy
     
  31. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    WoW Kat!!! This is a large log. You really have too much stuff running at
    startup. Do you really need all these programs to be running?

    Are you sure you have run full scans with both Ad-aware & SpyBot Search & Destroy?
    What verions are you running? And are they updated???


    At any rate delete the following using HiJaak This:

    C:\PROGRA~1\SYSTEM~1\soap.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;localhost

    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
    O2 - BHO: (no name) - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL (file missing)


    You said you no longer use EarthLink, if that is true delete the next line too:

    O2 - BHO: (no name) - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll


    DO you use ebay and require their Toolbar stuff? If not, delete the next three lines:

    O2 - BHO: (no name) - {001F2570-5DF5-11d3-B991-00A0C9BB0874} - C:\Program Files\eBay\eBay Toolbar\4.2.0.3\eBayBand.dll
    O3 - Toolbar: eBay Toolbar - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - C:\Program Files\eBay\eBay Toolbar\4.2.0.3\eBayBand.dll
    O4 - Global Startup: eBay Toolbar.LNK = C:\Program Files\eBay\eBay Toolbar\4.2.0.3\ebaytbar.exe


    Delete these
    O4 - HKLM\..\Run: [2@KN4M84WSDCT@] C:\WINDOWS\System32\Oms4Rt6.exe
    O4 - HKCU\..\Run: [System Soap Pro] C:\PROGRA~1\SYSTEM~1\soap.exe min
    O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
    O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://download-ak.systemsoap.com/s...stemsoappro.cab




    Your choice of deleting the below. They are not needed:

    This next one is an application that reminds users to register for
    their Creative Labs products.

    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE


    Not sure about the below items, but see this link: http://support.microsoft.com/default.aspx?scid=kb%3BEN-US%3BQ321810
    Have you installed the Cimmetry AutoVue program?

    O12 - Plugin for .doc: C:\Program Files\Internet Explorer\PLUGINS\npcsidoc.dll
    O12 - Plugin for .dwg: C:\Program Files\Internet Explorer\PLUGINS\npcsidwg.dll
    O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
    O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .ps: C:\Program Files\Internet Explorer\PLUGINS\npcsips.dll
     
  32. KatCat

    KatCat Private E-2

    ok, did everything to told me and the computer is running good. now i just have to wait for the software to be replaced by jobboss and i am good to go. thank you all so much for your help.
     
  33. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    That's good news Kat! :) Glad we could help.
     

Share This Page


MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds


<