1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Error Message

Discussion in 'Windows XP' started by Jeannette7, Jul 30, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. Jeannette7

    Jeannette7 Thread Starter

    Joined:
    Jan 12, 2005
    Messages:
    105

    Hi,
    I ran an install and while it was running I received this message which I copied down word for word.


    D:\I386\APPS\APP20989\AwayMode-KB902437-enu.exe is not a valid Win32 application.

    Here are the specs on my Gateway DX310X

    200G hard drive
    CD/DVD combo
    2 dual core processors (Pentium 4 G)
    1G RAM

    I have also run what Gateway calls a destructive recovery on two different occasions and both times this message appeared. The first time which I refer to earlier, I did an in place install and did not run a destructive recovery. The second and the third times I ran a destructive recovery and the same message appeared. The first and second times I used the System Recovery DVD that Gateway sent me. The third time, I ran the recovery from Drive D. The message appeared the third time.

    Also, I have the Jeepo or Jeefo virus on this computer. I would like to get rid of it if we could do that. Please let me hear from you. Thanks!

    Jeannette7
     
  2. ozrom1e

    ozrom1e

    Joined:
    May 15, 2006
    Messages:
    11,849
    Article from Microsoft KBase = KB902437

    Description of the new Away mode for Windows XP Media Center Edition 2005

    http://support.microsoft.com/kb/902437/en-us

    This should not be an invalid 32-bit app

    I would suggest re-downloading it and running the installation again. But please read the article for other points.
     
  3. Miz

    Miz

    Joined:
    Jul 1, 2002
    Messages:
    2,146
    If you have scanned with an antivirus program and it's reporting a virus in "System Volume Information," then it has found it in the Restore Points.

    Antivirus software cannot clean the restore points so the only way to get rid of the virus in that folder is to delete all restore points. You don't want to use a restore point that's got a virus anyway so may as well delete them.

    To do that, right click on My Computer, left click Properties, go to the System Restore tab. Check "Turn off system restore," click Apply. OK the warning message. When it's finished deleting, uncheck the box, click OK.

    If it's reporting finding the virus elsewhare, download and run Stinger. It's a small virus scan that doesn't have to install so the virus cannot attack the installation. Hopefully, it will find and remove that virus...and any others lurking about.

    It may be the error relates to the virus having gotten into the I386 folder and getting rid of the virus may also get rid of the error message.
     
  4. Jeannette7

    Jeannette7 Thread Starter

    Joined:
    Jan 12, 2005
    Messages:
    105
    Thanks for the quick responses. I will download and run Stinger and report the results when I have done so.
     
  5. Jeannette7

    Jeannette7 Thread Starter

    Joined:
    Jan 12, 2005
    Messages:
    105
    Hi
    I have run Stinger and it reports clean files.:eek: I scanned Drives C and D.

    Re the file: where do I find it to download it?:confused: I do not have an XP CD. I seem to remember that this was the problem with the HP computer that died in June but I don't remember what I did.
     
  6. Jeannette7

    Jeannette7 Thread Starter

    Joined:
    Jan 12, 2005
    Messages:
    105
    I have disabled System Restore as you asked. I need to find out how to reinstall the file. I have only the Gateway System Recovery Disk. I did not receive an XP CD.
     
  7. Jeannette7

    Jeannette7 Thread Starter

    Joined:
    Jan 12, 2005
    Messages:
    105
    Logfile of HijackThis v1.99.1
    Scan saved at 2:01:26 AM, on 7/31/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Digital Media Reader\readericon45G.exe
    C:\WINDOWS\zHotkey.exe
    C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\Program Files\BigFix\bigfix.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\eHome\ehmsas.exe
    c:\program files\mcafee.com\shared\mghtml.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Administrator\Desktop\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.com/g/sidepanel.html?Ch=Consumer&Br=GTW&Loc=ENG_US&Sys=DTP&M=
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Consumer&Br=GTW&Loc=ENG_US&Sys=DTP&M=
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Consumer&Br=GTW&Loc=ENG_US&Sys=DTP&M=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Consumer&Br=GTW&Loc=ENG_US&Sys=DTP&M=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Consumer&Br=GTW&Loc=ENG_US&Sys=DTP&M=
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/virusInfo/default.asp?affid=370-12
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
    O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
    O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\PROGRA~1\NETSCA~1\NETSCA~1\pbhelper.dll
    O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [Gateway Extended Warranty] "C:\Program Files\Gateway\GWCares\GWCares.exe"
    O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
    O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
    O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [Gateway Registration] "C:\windows\system32\GTW1.exe" /remind /language=ENU
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
    O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
    O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
    O4 - HKLM\..\RunOnce: [1] C:\WINDOWS\system32\cmd.exe /c erase "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\acsuninstall.exe"
    O4 - HKLM\..\RunOnce: [2] C:\WINDOWS\system32\cmd.exe /c erase "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AcsUninstallRes.dll"
    O4 - HKLM\..\RunOnce: [3] C:\WINDOWS\system32\cmd.exe /c erase "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\shfolder.dll"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E89D64E3-4DE3-4CC4-B567-6487CFE3C753}: NameServer = 206.74.254.2 204.116.57.2
    O17 - HKLM\System\CS2\Services\Tcpip\..\{10DAA833-9600-4428-8660-2392E5590B36}: NameServer = 206.74.254.2 204.116.57.2
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: Netscape Update Service (NCUpdateSvc) - Netscape Communications Corporation - C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
     
  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,042
    Are you having any specific problems?
     
  9. Jeannette7

    Jeannette7 Thread Starter

    Joined:
    Jan 12, 2005
    Messages:
    105
    There is a missing file message. There is also a virus. Somebody said that the virus may be causing the missing file message. I have the missing file message. Basically it says that one of the DLL files is not a valid Win21 application. Someone here said that maybe this message was caused by the virus. Please the next time anyone answers, please have something that I may do to make this better or correct this. I wouldn't have posted here if I wasn't having problems that I couldn't solve.

    Edited by Cookiegal to change the colour which was very difficult to read
     
  10. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,042
    First of all, you can lose the attitude. I don't have ESP nor can I see around corners. You started a new thread to post a HijackThis log with no comments as to what was going on or any reference to your other thread.

    I've merged them both together so we can see the entire story. Please continue replying in this thread only until the issue is resolved.
     
  11. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,042
    I assume it's McAfee that detected the virus. Can you tell us where it says it's located please?
     
  12. Jeannette7

    Jeannette7 Thread Starter

    Joined:
    Jan 12, 2005
    Messages:
    105
    I'm sorry about the attitude Cookiegal. It's just that I have been working with this quite a long time and getting nowhere and I'm getting extremely frustrated, but I was wrong to take that out on you. I'm sorry. It was McAfee that located the virus. It is located in many files on Drive C. Also there is a message that a file on Drive D is an invalid Win32 application.
     
  13. Jeannette7

    Jeannette7 Thread Starter

    Joined:
    Jan 12, 2005
    Messages:
    105
  14. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,042
    I understand the frustration and appreciate the apology. :)


    Download the trial version of Ewido Anti-spyware from HERE and save that file to your desktop. When the trial period expires it becomes freeware with reduced functions but still worth keeping.



    • Once you have downloaded Ewido Anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
    • Once the setup is complete you will need run Ewido and update the definition files.
    • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    • Once in the Settings screen click on "Recommended actions" and then select "Quarantine"
    • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"

    Close Ewido Anti-spyware, Do NOT run a scan yet. We will do that later in safe mode.


    • Reboot your computer into Safe Mode now. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
      IMPORTANT: Do not open any other windows or programs while Ewido is scanning as it may interfere with the scanning process:
    • Launch Ewido Anti-spyware by double-clicking the icon on your desktop.
    • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    • Ewido will now begin the scanning process. Be patient this may take a little time.
      Once the scan is complete do the following:
    • If you have any infections you will prompted, then select "Apply all actions"
    • Next select the "Reports" icon at the top.
    • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    • Close Ewido and reboot your system back into Normal Mode.


    Please go HERE to run Panda's ActiveScan
    • Once you are on the Panda site click the Scan your PC button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report


    Come back here and post a new HijackThis log along with the logs from the Ewido and Panda scans.
     
  15. Jeannette7

    Jeannette7 Thread Starter

    Joined:
    Jan 12, 2005
    Messages:
    105
    Hi Cookiegal,
    Sorry I have not been back before now. Thanks for the detailed and clear instructions. I had finished downloading Ewido and I ran it from Safe Mode. I saved the report that it generated. I noticed that CoolWebSearch was found along with some cookies. They were all quarantined. I then attempted to follow the link to Panda online scan. I did get there, but when I started to type in the info that was required, I discovered that the keyboard would not work. I then went to Control Panel and chose the Keyboard icon and from there I tried to update the driver. This was impossible. It wouldn't work correctly. Therefore, what I did was to shut down my computer and run a non-destructive recovery from the D partition on my hard drive and it ran successfully. The "invalid Win32 app" message did not appear while the recovery was running as it had before and when the drivers were being installed, the "invalid Win32 app" message didn't appear either so as Andy Griffith said on the Andy Griffith Show "I believe we've got her if she don't jump!." Translation: I believe the problem is solved.

    I will follow your instructions and download Ewido again and run HiJackThis again and I should be able to run Panda now. I would like to do that anyway just to make sure that there is nothing there.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Solved Error Message
  1. ehbowen
    Replies:
    7
    Views:
    401
  2. Cvenegas8
    Replies:
    1
    Views:
    345
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/487817

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice