Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

"not a valid Win32 application" [Solved]

Started by GordonW , Jan 29 2009 09:15 PM

  • This topic is locked This topic is locked

#1
GordonW
Posted 29 January 2009 - 09:15 PM

GordonW

    Member

  • Member
  • PipPip
  • 38 posts
Hi everyone, sorry if this is a repetitive problem for you, but every time I download something, like the "ATF Cleaner" for instance(i did read the Malware Removal Guide), and try to open it after it goes to my desk top, I always get "windows cannot open this file" and "(.exe)is not a valid Win32 application". I've tried to find some other solutions in your forum and elsewhere but I am at a loss.
Could it be as easy as just Restoring my computer to an earlier point ?

Here's my HJT log if it helps at this time.

Logfile of HijackThis v1.99.1
Scan saved at 7:16:40 PM, on 1/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ImageIt\ItRun.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\VIA\VIA Sound Player\mixer\AudioDeck_bmp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\winhlp32.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [WinIt] C:\Program Files\ImageIt\ItRun.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA\VIA Sound Player\mixer\AudioDeck_bmp.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1132860876384
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1132860863406
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Edited by GordonW, 02 February 2009 - 06:23 PM.

  • 0

Advertisements

#2
emeraldnzl
Posted 02 February 2009 - 08:37 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello GordonW,

Welcome to Geekstogo.

Number of things could be getting in the way of AFT Cleaner including your own security programs. I see you have ZoneAlarm which can cause difficulties on a computer. Other things can make that happen too so we will have a look and see what we can find.

You may have used Malwarebytes before. If you have and still have it on your machine please update and run. Post the scan report back here.

If you do not have Malwarebytes please download from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next
  • Please download random's system information tool (RSIT) by random/random from here.
  • It is important that is saved to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
So when you return please post
  • MBAM log
  • the two RSIT logs - log.txt and info.txt

Note: Unless otherwise instructed always post the logs in the forum. It is likely these reports will not fit on one post. It might be necessary to break the logs up to get them on the forum. Just use as many posts as you need, that's fine. :)
  • 1

#3
GordonW
Posted 02 February 2009 - 09:35 PM

GordonW

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Thanks for your response emeraldnzl.
No, I don't have Malwarebytes and like everthing else that I try to download and open, it wont. I click download, it goes to my desktop, and when I double click to open the file I get

(for this example) "windows cannot open this file"
File: mbam-setup.exe. part
and
mbam-setup.exe is not a valid Win32 application

What is your recommendation other than ZoneAlarm.

Hope I replied back to you in the right place.

Edited by GordonW, 02 February 2009 - 09:37 PM.

  • 0

#4
emeraldnzl
Posted 02 February 2009 - 09:39 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
I take it you are managing to download the progam alright, just not able to run it?

Try this:

ZoneAlarm's OS Firewall

1. Go to the Program tab, then click "Main".
2. Press the first "Custom" button from the top.
3. Uncheck "Enable OS Firewall".
4. Click OK.

Come back and tell me if that has made it possible to load MBAM.
  • 0

#5
GordonW
Posted 02 February 2009 - 10:26 PM

GordonW

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Nope, turning off the firewall in ZoneAlarm didn't work. You'd think it would. I just have the free ZoneAlrm if that makes any differance, but I wouldn't think so.
  • 0

#6
emeraldnzl
Posted 03 February 2009 - 12:17 AM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Well we could go to uninstalling ZoneAlarm but before we try that, lets try this.

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

  • 0

#7
GordonW
Posted 03 February 2009 - 03:01 AM

GordonW

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Nope, same thing. Saves to my Desktop, but can't open the file. Ahhhhh Frustrating. I don't get it, I haven't done
anything different to my computer.
Would doing a system restore help, or could it really mess things up?
  • 0

#8
emeraldnzl
Posted 03 February 2009 - 11:41 AM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
OK. My thought is that it is still a security program that is doing this.

Could be wrong, but lets check that your AVG Resident Shield is turned off.

How to disable AVG's Resident Shield.

Right click the AVG icon and click Open.

In the Overview panel click on Resident Sheild > Uncheck the Resident Sheild Active box > Save Changes.
  • 0

#9
GordonW
Posted 03 February 2009 - 05:36 PM

GordonW

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
I don't have AVG anymore. AVG is something else that is messing up my computer. After hearing how bad the free version is for your computer I deleted it back in mid 2008, or thought I did. It doesn't fully delete from your computer (I should have read the forums a little more to know this! ) and causes problems with it. Also not letting me download some things(Missing AVG tool bar). And it wont let me download it (AVG)again.
But this problem that I contacted GTG about started within the last few weeks.
Now I'm thinking this could be the problem. Or at least part of it.

Edited by GordonW, 03 February 2009 - 07:27 PM.

  • 0

#10
emeraldnzl
Posted 03 February 2009 - 07:54 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Yes there is some malware that will do this too.

Lets see if you can do this one then.

Please download and run Conficker or Downadup wormfix from F-Secure.

Double click the Zip file

Click f-downudup

Click run

A black screen should open and show you the progress of the scan.

Once complete come back and tell me if the scan was successful.


edited to add report back request.

Edited by emeraldnzl, 03 February 2009 - 09:58 PM.

  • 0

Advertisements

#11
GordonW
Posted 03 February 2009 - 11:30 PM

GordonW

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Scan was successful, it says everything is clean. At the bottom it says " start scanning system", how do you do that?
  • 0

#12
emeraldnzl
Posted 04 February 2009 - 12:08 AM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

At the bottom it says " start scanning system", how do you do that?


When I tested it on my machine it did that automatically after a short pause. I wonder whether you waited quite long enough. It does seem as though nothing is happening for a bit.

However, before we get too carried away with that, please try running Malwarebytes again to see if it works now. If not I think we will move to a different tool.
  • 0

#13
GordonW
Posted 04 February 2009 - 12:22 AM

GordonW

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
No, sorry same thing ( not a valid Win32 application).
  • 0

#14
emeraldnzl
Posted 04 February 2009 - 12:39 AM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Okay then Gordon. Lets take a different approach.

Lets see if we can run Malwarebytes in Safe Mode.

Boot into Safe Mode:

1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, tap F8 continually.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

You may have to choose to run as administrator or in your user account I don't think it matters which.

After you have successfully made it to Safe Mode please run MBAM following the instructions in my earlier post.
  • 0

#15
GordonW
Posted 04 February 2009 - 01:46 AM

GordonW

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Nope, I went into safe mode then double clicked MBAM on my desk top and got the same
message ( "not a valid Win32 app".).
If you can figure this out, I'm definitely donating to ya!
And if I haven't said it yet, thanks for all the help.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP