0

Hi first of all my speaking language it’s Spanish so excuse me for my mistakes. I’ll appreciate any help that I can get. Here’s a summery of what’s been happening with my PC…
When I start my pc I receive immediately a massage about an error RUNDLL, and also I can’t summit any information in the internet because I get the cannot display the page this happen also when I try to see my email account in yahoo. I’ve been reading a lot of post about the same problems but it doesn’t seem to resolve my problem. When all of these started to happen I didn’t research for answer and I immediately started to erase stuff from the add/remove programs and I erased activex controls, I don’t know if that has something to do with my problem. Any way I’m going to post my log hope that anyone can help me thanx!

Logfile of HijackThis v1.99.1
Scan saved at 10:01:59 PM, on 11/23/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\inetsrv\DavCData.exe
C:\Documents and Settings\sheila\My Documents\New Folder (2)\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://mshp.dll/index.html#22776
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ViewSource Class - {587DBF2D-9145-4c9e-92C2-1F953DA73773} - C:\WINDOWS\winap\winap.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Image] rundll32 C:\WINDOWS\image.dll,Install
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Downloads - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\nge-kazemule-uk\index.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.exe
O20 - Winlogon Notify: ComPlusSetup - C:\WINDOWS\System32\catsrvut.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

2
Contributors
4
Replies
5
Views
11 Years
Discussion Span
Last Post by just_a_nobody
0

CoolWebSearch Trojan(s) Found!

You have a CWS (CoolWebSearch) http://www.intermute.com/spysubtract/cwshredder_download.html spyware variant. Download and run CWSShredder to remove it.

Malicious

These entries have been positively identified as malicious programs. In the HijackThis program, place a check mark next to the following entries.

O2 - BHO: ViewSource Class - {587DBF2D-9145-4c9e-92C2-1F953DA73773} - C:\WINDOWS\winap\winap.dll (file missing)
(Description: CoolWebSearch parasite variant)

O4 - HKLM\..\Run: [Image] rundll32 C:\WINDOWS\image.dll,Install
(Description: CoolWebSearch parasite related )

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...etup1.0.0.8.exe
(Description: Unknown imgfarm.com)

Suggestions

The following are not necessarily spyware/malware, but we suggest you place a check mark next to the following entries, as these programs may be taking up system resources.

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
(Description: Intel hotkey applet. Unnecessary. Removing this will free up a small amount of system resources.)

O4 - HKLM\..\Run: [Internet Optimizer] \"C:\Program Files\Internet Optimizer\optimize.exe\"
(Description: Internet connection optimizer. Leave this enabled if you find it improves your connection. Otherwise, remove it to free up some system resources. )

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
(Description: Microsoft Office startup assistant. Not necessary. Removing this entry will free up a significant amount of system resources.)

1) Press the "Fix checked" button. Then close HijackThis.

2) Then reboot your computer.

3) Delete the file image.dll which resides in C:\WINDOWS\System32\ or C:\WINDOWS\System\

4) Empty your recycle bin.

5) Run Windows Update and install all critical updates.

6) Make sure your anti-virus program is up to date with the latest patches. If you do not have an anti-virus program, download and install AVG Personal Edition Anti-Virus, which is free.

7) Reboot one last time. Your PC should now be free from spyware!
We suggest that you run HijackThis again, just to make sure that none of the entries that you removed suddenly reappeared. If they haven't, print out our HijackThis log and put it somewhere safe. You can refer to it later if your PC starts acting up.

Also, download Ewido and run that, after you do the above.

You can download a trial version of Ewido here: http://www.ewido.net/en/

Be sure you update it before using it, and when it finds a problem, be sure to select the check box to do the same action (clean) when it finds a problem, otherwise, you will have to click continue, to keep scanning with every problem it finds.

0

thanx for your help i did what you said... i can't find the file image.dll and when i try to run window updates it says that my current security settings prohibt running activeX controls and then...
The website has encountered a problem and cannot display the page you are trying to view. Take the following steps to try solving the problem:
Refresh the page.
In Internet Explorer, delete your Temporary Internet Files by going to the Tools menu and clicking Internet Options.
Close and then re-open Internet Explorer.

0

the same it's happenig with the ewido, nothing happens because of the active x controls :mad:

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.