Another MWB Installation issue "not a valid win32 application" error

[DucknCover]

So I read through most of the Archived post

Forums.mwb.com/topic/168504-is-not-a-valid-win32-application/

I also submitted a ticket to support but thought this might be the better route as their first response was to request the MWB support tool logs.

This is the installation problem:

Apr 7, 2021, 15:13 PDT I am trying to install MWB on a computer (xp 32 bit) which I have cleaned with MWB in the past. but keep getting the "not a valid win32 application error" even after running rKill.exe I have tried the current MWB version 4-2 and multiple older versions which I have around. I followed through part of MWB/topic/168504-is-not-a-valid-win32-application/ FRST ran (although it did not update, but the file was 4/5/21. I have those logs (attached). I also ran roguekiller_setup and found about 8 issues, mostly pups and suspicious paths but one labeled "critical" associated with Blackberry.. Following a restart the error persisted. I can provide the logs when your team responds.

Addition.txt FRST.txt

[Malwarebytes]

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes for Windows Help forum.

If you are having technical issues with our Windows product, please do the following:

Malwarebytes Support Tool - Advanced Options

This feature is designed for the following reasons:

• For use when you are on the forums and need to provide logs for assistance
• For use when you don't need or want to create a ticket with Malwarebytes
• For use when you want to perform local troubleshooting on your own

How to use the Advanced Options:

Spoiler

1. Download Malwarebytes Support Tool
2. Double-click mb-support-X.X.X.XXXX.exe to run the program
   • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
3. Place a checkmark next to Accept License Agreement and click Next
4. Navigate to the Advanced tab
5. The Advanced menu page contains four categories:
   • Gather Logs: Collects troubleshooting information from the computer. As part of this process, Farbar Recovery Scan Tool (FRST) is run to perform a complete diagnosis. The information is saved to a file on the Desktop named mbst-grab-results.zip and can be added as an email attachment or uploaded to a forum post to assist with troubleshooting the issue at hand.
   • Clean: Performs an automated uninstallation of all Malwarebytes products installed to the computer and prompts to install the latest version of Malwarebytes for Windows afterwards. The Premium license key is backed up and reinstated. All user configurations and other data are removed. This process requires a reboot.
   •  Repair System: Includes various system-related repairs in case a Windows service is not functioning correctly that Malwarebytes for Windows is dependent on. It is not recommended to use any Repair System options unless instructed by a Malwarebytes Support agent.
   • Anonymously help the community by providing usage and threat statistics: Unchecking this option will prevent Malwarebytes Support Tool from sending anonymous telemetry data on usage of the program.
6. To provide logs for review click the Gather Logs button
7. Upon completion, click OK
8. A file named mbst-grab-results.zip will be saved to your Desktop
9. Please attach the file in your next reply.
10. To uninstall all Malwarebytes Products, click the Clean button.
11. Click the Yes button to proceed. 
12. Save all your work and click OK when you are ready to reboot.
13. After the reboot, you will have the option to re-install the latest version of Malwarebytes for Windows.
14. Select Yes to install Malwarebytes.
15. Malwarebytes for Windows will open once the installation completes successfully.

Screenshots:

Spoiler

 

 

 

 

Spoiler

 

 

 

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

• Renewals
• Refunds (including double billing)
• Cancellations
• Update Billing Info
• Multiple Transactions
• Consumer Purchases
• Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/hc/en-us/requests/new to get help

If you need help looking up your license details, please head here: Find my premium license key

 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

[DucknCover]

The autoreply was helpful I was able to get the support tool, but the required  .net framework download is really slow. it has failed twice now the second time with error 0x800c0008.

Trying again.

[Porthos]

Since you are using XP (not recommended for security issues) The following is the only version of Malwarebytes that will work.

If you are on Windows XP/ Windows Vista
Click here to download

[DucknCover]

48 minutes ago, Porthos said:

Since you are using XP (not recommended for security issues) The following is the only version of Malwarebytes that will work.

If you are on Windows XP/ Windows Vista
Click here to download

Thanks Porthos,

it is a limited use machine.

I will try that (now that you mention it I thought that I had an earlier legacy version) it explains the niggle in the back of my head when I was looking at the download site and the two versions available.  I wonder why that download page says 4-2 works for XP...

 

[DucknCover]

3 hours ago, Porthos said:

Since you are using XP (not recommended for security issues) The following is the only version of Malwarebytes that will work.

If you are on Windows XP/ Windows Vista
Click here to download

That worked and it is clean.

one follow question:

Is there a trick to removing Rogue_Killer?

I know it was recommended by Kevinf80 in the above mentioned thread by parvs, not yourself, Add/Remove programs fails in normal mode and Safemode as Administrator

"A device attached to the system is not functioning"

then:

"Access violation at 100DDEC3 00000004"

 

[Porthos]

18 minutes ago, DucknCover said:

Is there a trick to removing Rogue_Killer?

I know it was recommended by Kevinf80 in the above mentioned thread by parvs

This is why we ask/tell users the the instructions posted for each user is only for that user.

I will ask @AdvancedSetup to guide you with removing rouge killer and other clean tools you used.

[AdvancedSetup]

Please consider uninstalling CCleaner - most Experts no longer recommend using it. The choice is yours though.

You do have old, compromised versions of Java on the computer. Unless you really need them I would highly recommend that you uninstall ALL versions of Java.

• Java(TM) 6 Update 21
• Java(TM) 6 Update 3
• Java(TM) 6 Update 7

 

Also recommend you uninstall the following

McAfee Security Scan Plus

 

Otherwise, the logs provided do not show that Rogue Killer is still installed on the system unless you have newer logs?

 

[DucknCover]

1 hour ago, Porthos said:

This is why we ask/tell users the the instructions posted for each user is only for that user.

I will ask @AdvancedSetup to guide you with removing rouge killer and other clean tools you used.

Thanks

I appreciate your help.

Apparently what I "thought I knew" was wrong.

I see the Adlice software Global Moderator forum says for the "portable version" deleting the executable is "enough" I just don't see anything denoting it as the "portable version"  since it shows up in Ad/remove while it did not for the referenced poster on the Adlice forum.

[AdvancedSetup]

Is there anything else we can assist you with at this time @DucknCover

 

[DucknCover]

1 hour ago, AdvancedSetup said:

Please consider uninstalling CCleaner - most Experts no longer recommend using it. The choice is yours though.

You do have old, compromised versions of Java on the computer. Unless you really need them I would highly recommend that you uninstall ALL versions of Java.

• Java(TM) 6 Update 21
• Java(TM) 6 Update 3
• Java(TM) 6 Update 7

 

Also recommend you uninstall the following

McAfee Security Scan Plus

 

Otherwise, the logs provided do not show that Rogue Killer is still installed on the system unless you have newer logs?

 

apologies, i was away from my terminal.

Thank you for the recommendations.

I believe that I installed and ran Roguekiller v 14.6.6.0 yesterday after running FRST (also yesterday) which generated those logs.

I have not re-run FRST but I am attaching my MWB output file.

Roguekiller shows up in my add/Remove and is still on my desktop (as a shortcut) 

don't know that the version I downloaded is that version (I believe I used the link on the MWB website. here is the link from my history.

Downloading RogueKiller

Thanks

 

 

MWB-040821.txt

[AdvancedSetup]

If Rogue Killer won't remove then I need new FRST logs please.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press the Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Thank you

 

 

[DucknCover]

1 hour ago, AdvancedSetup said:

Is there anything else we can assist you with at this time @DucknCover

 

here is a newer FRST Addition log showing RK

 

Addition2.txt

[AdvancedSetup]

I need the FRST.TXT too please.

 

[AdvancedSetup]

Bonjour, CCleaner, and Java are still showing as installed as well.

I would recommend you remove them

 

 

[DucknCover]

That FRST output is from after installing RK but I am just now removing java.

let me see if there is a second FRST to go with the addition2 I sent...

[DucknCover]

21 minutes ago, AdvancedSetup said:

I need the FRST.TXT too please.

 

Here are two files from a fresh run:

 

FRST3.txt Addition3.txt

[AdvancedSetup]

I seriously doubt any of these applications are supported or receive updates for Windows XP anymore. It's probably best to remove these tasks and stop wasting resources on them.

 

Task: C:\WINDOWS\Tasks\Adobe Flash Player NPAPI Notifier.job => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_32_0_0_465_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\LifeSync.job => C:\Program Files\LifePics\LifeSync\LifeSync.exedsharpe@aol.com
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

 

FF Extension: (Java Quick Starter) - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010-08-06] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: (McAfee Security Scan Plus) - C:\Documents and Settings\All Users\Application Data\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_32_0_0_465.dll [2020-12-14] (Adobe Inc. -> ) [File not signed]
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2012-03-06] (Apple Inc. -> )
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2010-07-17] (Sun Microsystems, Inc.) [File not signed]
 

S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-14] (Adobe Inc. -> Adobe) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2010-07-17] (Sun Microsystems, Inc. -> Sun Microsystems, Inc.)
S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe" [X]
U3 TrueSight; \??\C:\WINDOWS\system32\drivers\truesight.sys [X]
 

HKU\S-1-5-21-2804080333-3260160020-2839971614-1006\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2804080333-3260160020-2839971614-1006\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2804080333-3260160020-2839971614-1006 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
SearchScopes: HKU\S-1-5-21-2804080333-3260160020-2839971614-1006 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
SearchScopes: HKU\S-1-5-21-2804080333-3260160020-2839971614-1006 -> {A42D1805-8A8C-4D40-A74B-362D9967735B} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7SUNC_en
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll => No File
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2010-08-04] (Sun Microsystems, Inc. -> Sun Microsystems, Inc.)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-04] (Sun Microsystems, Inc. -> Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-08-04] (Sun Microsystems, Inc. -> Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-2804080333-3260160020-2839971614-1006 -> No Name - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -  No File
Toolbar: HKU\S-1-5-21-2804080333-3260160020-2839971614-1006 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies SA -> Skype Technologies)

 

 

I can write a script to remove the above items for you automatically.

I would recommend you use Control Panel, Programs, Add/Remove and uninstall the following first though

 

• Bonjour
• CCleaner
• Java(TM) 6 Update 21
• Java(TM) 6 Update 7
• McAfee Security Scan Plus

Let me know

 

Edited April 9, 2021 by AdvancedSetup
updated information

[DucknCover]

That would be helpful. thank you.

I cant recall the last time an apple device was synced with this computer so I cant imagine bonjour does any good.

It is one using resources which I have been unsure about.  Not sure if there is still any apple secured music on there but Itunes is never used either.

I will get to your list for me to remove in the meantime...

[AdvancedSetup]

Bonjour  has nothing to do with music or media protection.

 

What exactly is mDNSResponder.exe? (Bonjour)

https://www.groovypost.com/howto/howto/what-is-mdnsresponder-exe-and-why-is-it-running/

MDNSResponder, also known as Bonjour, is Apple’s native zero-configuration networking process for Mac that was ported over to Windows and associated with MDNSNSP.DLL.  On a Mac or iOS device, this program is used for networking nearly everything.  On Windows, this process is only necessary for sharing libraries via iTunes and other Mac applications like the Apple TV that were ported to Windows.  Bonjour allows different computers running iTunes to communicate with each other regardless of network configuration, this is because it enables automatic network discovery.

What Is mDNSResponder.exe / Bonjour and How Can I Uninstall or Remove It?
https://www.howtogeek.com/howto/6456/what-is-mdnsresponder.exe-bonjour-and-how-can-i-uninstall-or-remove-it/

 

 

[AdvancedSetup]

The issue for Windows XP is that today since it does not fully support updated SSL certificates or TLS 1.2 most major sites will not properly support the operating system.

So, no matter what you do it's always an insecure operating system. If one must use it then it's probably best to use some software like Macrium Reflect or Acronis True Image to do image back up of the entire drive. That way if something happens to the system you can always recover back to the exact way it was.

 

Backup Software
https://forums.malwarebytes.org/index.php?/topic/136226-backup-software

[DucknCover]

Your list is taken care of and there are no important itunes music library files on the device.

[AdvancedSetup]

Okay, if there is nothing else I'll go ahead then and close your topic soon and wish you well.

Take care and stay safe out there.

Have a great upcoming weekend

Cheers

 

[DucknCover]

Thanks.

 I was reading this in the meantime.

https://tencomputer.com/what-is-bonjour-in-my-computer/

The XP machine is of very limited use, but is set up for some very specific tasks such as navigational software.

MWB is the only "new" site it has visited in the passed 6 months.

[DucknCover]

Was your script going to remove RougeKiller?

thx