Program.exe is not a valid Win32 application

My family computer is a desktop PC running Windows Vista with McAfee. I make sure to run all updates ASAP. My updates are current through yesterday. When I tried to update my computer this morning, the updates failed with an unknown error. "Error(s) found: code 80070103 Windows Update encountered an unknown error"

This morning, I turned on the computer to find that McAfee has been disabled, Windows Defender has been disabled, and that I cannot turn them back on. Additionally, I cannot run any programs. Invariably, I get the response "program.exe is not a valid Win32 application" regardless of whether I run the program from the C drive or a USB.

Neither Internet Explorer nor Firefox are working; I can only access the internet by opening windows explorer and typing an address into the address bar in that window.

I have tried running McAfee in safe mode, but get the same message. I tried the "repair computer" function when I boot the computer, but it insists that I have another drive attached (though I have unplugged the camera, flash drvie, external hard drive)... There is nothing attached (except for the keyboard and mouse). I have tried restoring my computer to a previous restore point only to be told by the computer that there are no restore points.

I started Googling and thought that it may be the Bagle virus because of the "is not a valid Win32 application" but found none of the files listed on the Removing Bagle Infections page.

I looked at the thread titled “x:\ is not a valid Win32 application” which led me to a dead link: http://support.microsoft.com/Default.aspx?kbid=303395&sd=RMVP .

I have read and followed the instructions on the READ AND RUN ME FIRST and Vista Cleaning Procedure threads, but to no avail. I could not download the files on the infected computer, and so I used my personal laptop to download the scans to a flash drive. I plugged the flash drive into the infected computer and tried to run each scan as instructed by the threads. I have no logs to attach as the scans could not run. I took the following notes:

• Could not open McAfee to empty quarantine folder. “c:\Windows\system32\rundlll32.exe is not a valid Win32 application”
  
• Could not run CCleaner. “F:\C Cleaner.exe is not a valid Win32 application”
  
• Could not be sure Msconfig was set for normal startup. “C:\Windows\system32\msconfig.exe is not a valid Win32 application”
  
• Could not follow Step 4; link to “Uninstall Malware via Add/Remove Programs” did not work
  
• Could not download Root Repeal because “The bandwidth or page view limit for this site has been exceeded and the page Could not be viewed at this time. Once the site is below the limit, it will once again begin serving as normal.”
  
• Could not install/ run SUPERAntiSpyware. “F:\SUPERAntiSpyware.exe is not a valid Win32 application”
  
• Could not install Malware Bytes. “F:\mb.exe is not a valid Win32 application”
  
• Could not run/ install ComboFix. “C:\Users\Onixill\Desktop\ComboFix.exe is not a valid Win32 application” and “F:\ComboFix.exe is not a valid Win32 application”
  
• Could not run/ install MGtools. “C:\MGtools.exe is not a valid Win32 application”

To get a better idea of what I’m dealing with, I ran Kaspersky’s online scanner. It found the following threats:

(My apologies for not attaching a log; the report was made on the infected computer and my [limited] experience workign with computers has taught me not to pull something off of an infected computer to put onto a clean one)

• File- C:\Program Files\2wire\sst\VNC\MotVNC.exe
  Name- “not-a-virus:RemoteAdmin.Win32.WinVNC-based.b”
  There are 2 reported objects infected by this virus.
  
• File: C:\Program Files\Windows Antivirus Pro\Windows Antivirus Pro.exe
  Name: “not-a-virus:Fraud Tool.Win32.AntiVirusPro.nf”
  There is 1 object reported infected by this one.
  
• File: C:\ProgramData\19195324\19195324.exe
  Name: “Packed.Win32.Krap.r”
  There is 1 object reported as infected by it.
  
• File: C:\Users\All Users\19195324\19195324.exe
  Name: “Packed.Win32.Krap.r”
  There is 1 object reported as infected by it.
  
• File: C:\Users\Onixill\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1ITK5PR2\Setup[1].exe
  Name: Trojan-Downloader.Win32.FraudLoad.wmxc
  There is 1 object reported as infected by it.

I hope that I have been thorough enough. Any help would be greatly appreciated! Thank you.

 

Sun Java was not already installed on the computer and so I did not need to remove the program. I could not download Sun Java; I received an error message: “C:\Users\Onixill\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1M7YKNST\jre-6u15-windows-i586(1).exe is not a valid Win32 application”

I proceeded (as instructed by R&R ME FIRST)

When I tried to run BitDefender, the computer told me that “Internet Explorer is not running with administrative privileges so BitDefender Online Scanner will not work properly. Please run IE as administrator”. I clicked on the “more info” and told the computer to “allow” the scan to run. I’m not sure if this allowed it administrative privileges or not..

I clicked “start scan” and a screen flashed quickly with two red bars that read “fail” above them; I could not make out the rest of the text even after repeating to see it. Next a screen popped up. It said “Update Failed. Continue?” in the title bar. The text: “BitDefendere failed to update the virus definitions. Although it might be possible to check for viruses, the result will probably not be 100% accurate.

Do you want to start scanning?” I selected “Yes” The next window: “Scan Failed!” Could not check the computer for viruses.” The last window said that my computer has no viruses, but likely because it did not scan…


Moved on to Housecall. When I clicked to agree to the Terms of Use and launched Housecall, it told me that [an error occurred when transferring information from the internet] something to that effect; I missed the exact text. I selected “scan complete computer” but the program seemed to jump directly to past step 2 (“scanning local and computer and connected components”) to step 3 (“listing and removing detected infections and vulnerabilities”). It reported that “Housecall did not find any potential threats to your computer.”

On the off chance that something was fixed, I tried again to download Sun Java. Same result as posted above. So far as I can tell, there has been no change..

 

I found that an unused User account existed on the computer and was able to run the scans. Attached are the logs; below I will edit in the problems which I encountered. They must be edited in because the logs are on the infected computer while the notes were taken on a computer which was not scanning.

Problems encountered while scanning:

Running Combofix. As soon as it starts: “Parasites found!! The following files were trying to attach to Combofix. They shall be disabled.

C:\Program Filed\iZ3D Driver\Win32\S3DInjector.dll
C:\Program Filed\iZ3D Driver\Win32\S3DInjector.dll”
(same file twice?)

While I was disabling McAfee (before running Combofix) Combofix detected “Rootkit!! Combofix has detected rootkit activity and needs to reboot the machine.

C:\Program Files\iZ3d Driver\Win32\S3DInjector.dll”

After reboot, “NirCmd.cfexe- Bad Image

C:\Program Files\iZ3d Driver\Win32\S3DInjector.dll is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support.”

Exact same message pops up over and over after I click “ok” with the following titles in place of “NirCmd.cfexe”:
Attrib.exe, grep.cfexe (cam up multiple times), Attrib.cfexe, grep.cfexe, SWREG.cfexe, chcp.com, hidec.exe, PING.exe, PV.cfexe, sed.cfxex, pev.cfexe, CF15904.exe, gsar.exe, regt.cfexe, eRUNT.exe, sort.exe, dumphive.cfexe, setpath.cfexe, FINDSTR.cfexe, moveex.cfexe,

Combofix in the background says it is preparing to run; kept clicking “ok” in the hopes that it would continue. Blue screen disappeared; black screen. Kept clicking “ok”, got to disclaimer. Clicked “ok”, Bad Image screens persist through attempting to create a system restore point and scan.

Kept clicking “ok”; scan seemed to pause when I was not clicking. Particularly hard to get through stages 1,2,3, 36A, 42

Combofix rebooted; error messages started popping up on startup.
Combofix reported: “The system cannot find the file whitedir01” Errors continued through log creation and when the log opened up. Saved log; closed it. Errors ceased.

Moved on to RootRepeal; Bad Image result pops up once when I open RootRepeal Zip and program; The same message appears with “rootrepeal.exe-Bad Image” as the title. I select the file tab and click scan, but the program stops responding. I left it for 30 minutes, but no response.

Moved on to MGTools. Same message with “MGTools.exe” in the title, then again with “cmd.exe”. Error pop-ups persist through installerand scan, but scan completed and yielded a log.

The message persists when I try to use other programs on the computer (enable User Control, open Internet Explorer, sign on after rebooting)

Attempts to run TrendMicro HouseCall and BitDefender Online Scan yielded the same results as before.

Thanks so much for your help!