claresheradan
2009-10-08, 10:18
Hello,
We are getting a repeated pop-up saying “ The application or DDL C:PROGRA-\Google-4\GEOC62-1.DDL is not a valid Windows image. Please check this against your installation diskette.” Having looked at your site I have done this hijack log. It would be great if someone could help.I am a bit out of my depth but think I have done everything correctly.
Many thanks
Clare
______________________________________________________________
Comparison of your HijackThis log file items to others
The table below compares the items HijackThis found on your computer with those on other people's computers. The column "% of PCs with item" indicates what percent of other people's HijackThis log files contain the item in that row of the table. Additional information will be provided as more HijackThis log files are added to the AnalyzeThis database.
Thanks very much
Clare
Each entry is coded to indicate the type of item it is on your computer. An explanation of these codes may be found at the bottom of this page.
Index % of PCs with item Code Data
61 0.0% O8 E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
62 0.0% O8 Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
63 0.0% O8 Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
64 0.0% O8 Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
65 0.0% O8 Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
66 0.0% O8 Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
67 0.0% O8 Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
68 0.0% O8 Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
69 0.0% O8 Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
70 0.0% O8 Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
78 0.0% P01 C:\WINDOWS\Explorer.EXE
79 0.0% P01 C:\WINDOWS\system32\svchost.exe
80 0.0% P01 C:\WINDOWS\system32\lsass.exe
81 0.0% P01 C:\WINDOWS\system32\winlogon.exe
82 0.0% P01 C:\WINDOWS\system32\services.exe
83 0.0% P01 C:\WINDOWS\System32\smss.exe
84 0.0% P01 C:\WINDOWS\system32\spoolsv.exe
85 0.0% P01 C:\WINDOWS\system32\ctfmon.exe
86 0.0% P01 C:\Program Files\Internet Explorer\iexplore.exe
87 0.0% P01 C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
88 0.0% P01 C:\Program Files\QuickTime\qttask.exe
89 0.0% P01 C:\Program Files\iPod\bin\iPodService.exe
90 0.0% P01 C:\Program Files\iTunes\iTunesHelper.exe
91 0.0% P01 C:\WINDOWS\System32\hkcmd.exe
92 0.0% P01 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
93 0.0% P01 C:\WINDOWS\system32\igfxpers.exe
94 0.0% P01 C:\WINDOWS\System32\HPZipm12.exe
95 0.0% P01 C:\WINDOWS\system32\igfxsrvc.exe
96 0.0% P01 C:\Program Files\Dell Support\DSAgnt.exe
97 0.0% P01 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
98 0.0% P01 C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
99 0.0% P01 C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
100 0.0% P01 C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
101 0.0% P01 C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe
102 0.0% P01 C:\Program Files\TalkTalk\bin\sprtcmd.exe
103 0.0% P01 C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe
104 0.0% P01 C:\Program Files\SAGEM\TalkTalk Broadband\dslmon.exe
105 0.0% P01 C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
106 0.0% P01 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
107 0.0% P01 C:\Program Files\AVG\AVG8\Identity Protection\agent\Bin\AVGIDSAgent.exe
108 0.0% P01 C:\Program Files\AVG\AVG8\Identity Protection\agent\Bin\AVGIDSWatcher.exe
109 0.0% P01 C:\Program Files\AVG\AVG8\Identity Protection\agent\bin\AVGIDSUI.exe
110 0.0% P01 C:\Program Files\AVG\AVG8\Identity Protection\agent\bin\AVGIDSMonitor.exe
111 0.0% P01 C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
112 0.0% P01 C:\PROGRA~1\AVG\AVG8\avgtray.exe
113 0.0% P01 C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
114 0.0% P01 C:\PROGRA~1\AVG\AVG8\avgam.exe
115 0.0% P01 C:\PROGRA~1\AVG\AVG8\avgrsx.exe
116 0.0% P01 C:\PROGRA~1\AVG\AVG8\avgnsx.exe
117 0.0% P01 C:\PROGRA~1\AVG\AVG8\avgfws8.exe
118 0.0% P01 C:\Program Files\Windows Live\Toolbar\wltuser.exe
119 0.0% R0 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
120 0.0% R0 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
121 0.0% R1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
122 0.0% R1 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
123 0.0% R1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
124 0.0% R1 HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.mytalktalk.net/
Explanation of the codes
R - Registry, StartPage/SearchPage changes
•R0 - Changed registry value
•R1 - Created registry value
•R2 - Created registry key
•R3 - Created extra registry value where only one should be
F - IniFiles, autoloading entries
•F0 - Changed inifile value
•F1 - Created inifile value
•F2 - Changed inifile value, mapped to Registry
•F3 - Created inifile value, mapped to Registry
N - Netscape/Mozilla StartPage/SearchPage changes
•N1 - Change in prefs.js of Netscape 4.x
•N2 - Change in prefs.js of Netscape 6
•N3 - Change in prefs.js of Netscape 7
•N4 - Change in prefs.js of Mozilla
O - Other, several sections which represent:
•O1 - Hijack of auto.search.msn.com with Hosts file
•O2 - Enumeration of existing MSIE BHO's
•O3 - Enumeration of existing MSIE toolbars
•O4 - Enumeration of suspicious autoloading Registry entries
•O5 - Blocking of loading Internet Options in Control Panel
•O6 - Disabling of 'Internet Options' Main tab with Policies
•O7 - Disabling of Regedit with Policies
•O8 - Extra MSIE context menu items
•O9 - Extra 'Tools' menuitems and buttons
•O10 - Breaking of Internet access by New.Net or WebHancer
•O11 - Extra options in MSIE 'Advanced' settings tab
•O12 - MSIE plugins for file extensions or MIME types
•O13 - Hijack of default URL prefixes
•O14 - Changing of IERESET.INF
•O15 - Trusted Zone Autoadd
•O16 - Download Program Files item
•O17 - Domain hijack
•O18 - Enumeration of existing protocols and filters
•O19 - User stylesheet hijack
•O20 - AppInit_DLLs autorun Registry value, Winlogon Notify Registry keys
•O21 - ShellServiceObjectDelayLoad (SSODL) autorun Registry key
•O22 - SharedTaskScheduler autorun Registry key
•O23 - Enumeration of NT Services
•O24 - Enumeration of ActiveX Desktop Components
We are getting a repeated pop-up saying “ The application or DDL C:PROGRA-\Google-4\GEOC62-1.DDL is not a valid Windows image. Please check this against your installation diskette.” Having looked at your site I have done this hijack log. It would be great if someone could help.I am a bit out of my depth but think I have done everything correctly.
Many thanks
Clare
______________________________________________________________
Comparison of your HijackThis log file items to others
The table below compares the items HijackThis found on your computer with those on other people's computers. The column "% of PCs with item" indicates what percent of other people's HijackThis log files contain the item in that row of the table. Additional information will be provided as more HijackThis log files are added to the AnalyzeThis database.
Thanks very much
Clare
Each entry is coded to indicate the type of item it is on your computer. An explanation of these codes may be found at the bottom of this page.
Index % of PCs with item Code Data
61 0.0% O8 E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
62 0.0% O8 Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
63 0.0% O8 Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
64 0.0% O8 Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
65 0.0% O8 Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
66 0.0% O8 Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
67 0.0% O8 Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
68 0.0% O8 Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
69 0.0% O8 Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
70 0.0% O8 Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
78 0.0% P01 C:\WINDOWS\Explorer.EXE
79 0.0% P01 C:\WINDOWS\system32\svchost.exe
80 0.0% P01 C:\WINDOWS\system32\lsass.exe
81 0.0% P01 C:\WINDOWS\system32\winlogon.exe
82 0.0% P01 C:\WINDOWS\system32\services.exe
83 0.0% P01 C:\WINDOWS\System32\smss.exe
84 0.0% P01 C:\WINDOWS\system32\spoolsv.exe
85 0.0% P01 C:\WINDOWS\system32\ctfmon.exe
86 0.0% P01 C:\Program Files\Internet Explorer\iexplore.exe
87 0.0% P01 C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
88 0.0% P01 C:\Program Files\QuickTime\qttask.exe
89 0.0% P01 C:\Program Files\iPod\bin\iPodService.exe
90 0.0% P01 C:\Program Files\iTunes\iTunesHelper.exe
91 0.0% P01 C:\WINDOWS\System32\hkcmd.exe
92 0.0% P01 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
93 0.0% P01 C:\WINDOWS\system32\igfxpers.exe
94 0.0% P01 C:\WINDOWS\System32\HPZipm12.exe
95 0.0% P01 C:\WINDOWS\system32\igfxsrvc.exe
96 0.0% P01 C:\Program Files\Dell Support\DSAgnt.exe
97 0.0% P01 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
98 0.0% P01 C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
99 0.0% P01 C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
100 0.0% P01 C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
101 0.0% P01 C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe
102 0.0% P01 C:\Program Files\TalkTalk\bin\sprtcmd.exe
103 0.0% P01 C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe
104 0.0% P01 C:\Program Files\SAGEM\TalkTalk Broadband\dslmon.exe
105 0.0% P01 C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
106 0.0% P01 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
107 0.0% P01 C:\Program Files\AVG\AVG8\Identity Protection\agent\Bin\AVGIDSAgent.exe
108 0.0% P01 C:\Program Files\AVG\AVG8\Identity Protection\agent\Bin\AVGIDSWatcher.exe
109 0.0% P01 C:\Program Files\AVG\AVG8\Identity Protection\agent\bin\AVGIDSUI.exe
110 0.0% P01 C:\Program Files\AVG\AVG8\Identity Protection\agent\bin\AVGIDSMonitor.exe
111 0.0% P01 C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
112 0.0% P01 C:\PROGRA~1\AVG\AVG8\avgtray.exe
113 0.0% P01 C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
114 0.0% P01 C:\PROGRA~1\AVG\AVG8\avgam.exe
115 0.0% P01 C:\PROGRA~1\AVG\AVG8\avgrsx.exe
116 0.0% P01 C:\PROGRA~1\AVG\AVG8\avgnsx.exe
117 0.0% P01 C:\PROGRA~1\AVG\AVG8\avgfws8.exe
118 0.0% P01 C:\Program Files\Windows Live\Toolbar\wltuser.exe
119 0.0% R0 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
120 0.0% R0 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
121 0.0% R1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
122 0.0% R1 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
123 0.0% R1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
124 0.0% R1 HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.mytalktalk.net/
Explanation of the codes
R - Registry, StartPage/SearchPage changes
•R0 - Changed registry value
•R1 - Created registry value
•R2 - Created registry key
•R3 - Created extra registry value where only one should be
F - IniFiles, autoloading entries
•F0 - Changed inifile value
•F1 - Created inifile value
•F2 - Changed inifile value, mapped to Registry
•F3 - Created inifile value, mapped to Registry
N - Netscape/Mozilla StartPage/SearchPage changes
•N1 - Change in prefs.js of Netscape 4.x
•N2 - Change in prefs.js of Netscape 6
•N3 - Change in prefs.js of Netscape 7
•N4 - Change in prefs.js of Mozilla
O - Other, several sections which represent:
•O1 - Hijack of auto.search.msn.com with Hosts file
•O2 - Enumeration of existing MSIE BHO's
•O3 - Enumeration of existing MSIE toolbars
•O4 - Enumeration of suspicious autoloading Registry entries
•O5 - Blocking of loading Internet Options in Control Panel
•O6 - Disabling of 'Internet Options' Main tab with Policies
•O7 - Disabling of Regedit with Policies
•O8 - Extra MSIE context menu items
•O9 - Extra 'Tools' menuitems and buttons
•O10 - Breaking of Internet access by New.Net or WebHancer
•O11 - Extra options in MSIE 'Advanced' settings tab
•O12 - MSIE plugins for file extensions or MIME types
•O13 - Hijack of default URL prefixes
•O14 - Changing of IERESET.INF
•O15 - Trusted Zone Autoadd
•O16 - Download Program Files item
•O17 - Domain hijack
•O18 - Enumeration of existing protocols and filters
•O19 - User stylesheet hijack
•O20 - AppInit_DLLs autorun Registry value, Winlogon Notify Registry keys
•O21 - ShellServiceObjectDelayLoad (SSODL) autorun Registry key
•O22 - SharedTaskScheduler autorun Registry key
•O23 - Enumeration of NT Services
•O24 - Enumeration of ActiveX Desktop Components