Corrupt dll or something, i don't know - thats why i'm asking.

"The application or DLL C:\WINDOWS\system32\hggecyv.dll is not a valid Windows image. Please check this against your installation diskette."

It doesn't seem to cause me problems but I want to know whats going on. =]

I appreiciate your help.

 

You sure you got the name of that dll correct? I googled it and couldn't find anything on it. Also, I checked a couple of pages that I use for reference to dll files and came up empty. Double check the file name.

 

I agree with dolphin2. I even looked in my own system32 file and couldn't find it. I had googled it and checked microsoft knowledge base. No luck with that one!!

 

Same with the other people here I have checked some sites I use to download .dll's and have checked my own system32 folder and have found no hggecyv.dll file. What are you trying to do? As the quote in your post say "The Application or DLL" so my question again is what are you trying to do? What application are you trying to launch?

 

It doesnt prevent me from openeing anything, it seems as though it just appears randomly. When I turned my computer on a minute ago it popped up. The only reason i can think that it seems to appear randomly is that it is a backgorund program that I don't see running normally.

I have had adware lately and I have removed quite alot. It might be the remaining .dll from a 'used to be' adware program that it is not dangerous on its own so the adware removal software did not remove it, and therefore it is complaining because it is lost without the files that accompanied it before.

As far as I know, the file name is correct i'll double check next time.

Thanks for your concern.

CR3AT10N

 

I have had to turn off my computer by unplugging it a few times because it has been freezing. I had to do it again just then. This time, when I started my computer after having unplugged it while it was on, that same message repeated it self over and over and over again on my screen and I had to keep clicking OK. I think this might have been a problem bourn out of unplugging my computer while it was still on.

 

The first thing you need to do is make sure you have Lavasoft Ad-Aware updated. If you don't have it you may find it at download.com. Second thing to do is to make sure your AV is updated to the latest .dat file.

Restart your computer in safe mode and run both programs. If that doesn't get rid of it you may need to download Hijack This. If you run HT then do nothing unless you are familiar with OS systems. Instead post the log for us to look at. This could all stem from a Trojan of some sorts.

Good Luck! Don't re-install your OS. That doesn't always get rid of tyrants!

 

I can't start in safe mode. I don't know why, but I cant. I press F* and all that but it doesnt work.

 

Do you mean F8? If you are running Windows press F8 repeatedly until it brings up the option to start in safe mode. Don't select safe mode with networking, because we don't want any start up programs present. You will have to access your files from the start menu unless you have shortcuts on the desktop.

 

If you can't get into safe mode you may need to turn off all of your start up items and try running it in standard mode. I don't normally recomend this, but it sounds like you have a virus!

 

You can try and unregister the dll and see if it makes any difference.

Remove dll files:

Click on Start > Run...

type: regsvr32 -u "filename".dll

Run the system for awhile and see what happens. Post back the results.

 

When I do that it says.
""hggecyv.dll" is not an executable file and no registration helper is registered for this file type."

@syxguns:

I did this but it didnt work becuase when I ever connect to the internet my anti-vir says "A Trojan Horse Was Found"

This is starting to piss me off now becuase my computer has slowed right down. =[

Thanks for trying to help.

 

Can you move or rename the dll? Change it to hggecyv.old and see what happens. Move it to a different folder.

 

Do a system restore TO BEFORE your computer was infected.
Then run HJT (Hi jack this) an post the complete log,
Then you should be able to boot to safe mode,
We can then read the HJT log and get rid of the Virii.

Good luck.

 

It turns out the trojan that kept letting adware in was the Win32:Blob.

I did some stuff, and then I used smitfraudfix.exe. Now when I scan with Ewido I appear to have removed everything apart from a virus called "Dialler.Generic". But I doubt I have to worry about this as I have broadband!

As for the dll eroor, I used registry mechanic and some other stuff, and it does not seem to appear anymore.

I am now trying to get rid of Dialler.Generic anyway, just so I am completely clean.

So far all is going well, and I thank all you guys who have helped me. I just hope I have not spoken to soon!!!

 

Here's a HJT log for you guys to analise for me.


------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 20:18:56, on 03/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Media Connect 2\WMCCFG.exe
C:\PROGRA~1\Mouse\Amoumain.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\RAMpage\RAMpage.exe
C:\Program Files\QuickTime\qttask.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
D:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Generic\USB Card Reader Driver v2.0\Disk_Monitor.exe
C:\WINDOWS\system32\c879692a.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Talk\googletalk.exe
D:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Google\Google Updater\1.1.514.27546\GoogleUpdater.exe
D:\Program Files\Nokia\PC Suite for Nokia N-Gage\connmngmntbox.exe
D:\Program Files\Nokia\PC Suite for Nokia N-Gage\ectaskscheduler.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
D:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\Program Files\One.Care\bin\mpbtn.exe
D:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
D:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
D:\PROGRA~1\FIREFOX\FIREFOX.EXE
C:\Documents and Settings\Rory\Desktop\HijackThis_v1.99.1.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ROBOTFTPSCHED] D:\Program Files\FTPShell\botsched.exe
O4 - HKLM\..\Run: [RAMpage] "D:\Program Files\RAMpage\RAMpage.exe" U=1 M=28 T=50 LW D=Y P="D:\Program Files\RAMpage\RAMpageConfig.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\Generic\USB Card Reader Driver v2.0\Disk_Monitor.exe
O4 - HKLM\..\Run: [c879692a.exe] C:\WINDOWS\system32\c879692a.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Ocic] "C:\Program Files\susc\corh.exe" -vt tzt
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Free Download Manager] D:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [c879692a.exe] C:\Documents and Settings\Rory\Local Settings\Application Data\c879692a.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\1.1.514.27546\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: One.Care.lnk = C:\Program Files\One.Care\bin\matcli.exe
O4 - Global Startup: PCSuiteForNokiaN-Gage Detect.lnk = ?
O4 - Global Startup: PCSuiteForNokiaN-Gage TS.lnk = ?
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://D:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://D:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://D:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://D:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Get Flash by &Arty Flash Ripper - D:\Program Files\Softdigger\FlashRipper\IEMenu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/haphazard/raptisoftgameloader.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.1.74.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{29956EC6-476F-45FA-814E-8A944DE2C4D7}: NameServer = 212.67.120.148 212.67.96.129
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: hggecyv - C:\WINDOWS\SYSTEM32\hggecyv.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winzwr32 - C:\WINDOWS\SYSTEM32\winzwr32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

--------------------------------------------------------------

 

And here's the smitfraudfix.exe log;

---------------------------------------------
SmitFraudFix v2.67

Scan done at 19:25:02.92, 03/07/2006
Run from C:\Documents and Settings\Rory\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

-------------------------------------------------

 

And an Ewido report showing the Dialler.generic virus
-----------------------------------------------------
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 20:09:14 03/07/2006

+ Scan result:



HKLM\SYSTEM\ControlSet002\Control\SPPInfo\PPSE1IDesc -> Dialer.Generic : No action taken.


::Report end

---------------------------------------------

 

I have a similar problem;I have formatted my h/d in order to reinstall Win XP.This has failed severel times.I got following message refering to these files:
- diskcopy.dll
- dmime.dll
- dpvoice.dll
- drmv2clt.dll
"file placed on your h/d is not a valid Windows XP system image"
Who can help?
I have tried 3 different copies of Win XP.

 

All 3 copies gave the same files? Are they all legal copies? How did you format the drive (ie program used)? Does the install stop due to those?