asked on

C:\Windows\Image.DLL

I have read many posts on this site and have tried several of the resolutions. Unfortunately I have not yet been able to stop the error message from coming up. Below is my HijackThis.Log file.

Anyone that has any fresh ideas as to how I can stop this error message from coming up would be greatly appreciated. Many thanks.

Logfile of HijackThis v1.97.7
Scan saved at 11:46:43 AM, on 8/4/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://mshp.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://69.31.79.182/search.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AdBlocker - {1028F737-81E7-452B-A860-E50CAD90A08C} - C:\Program Files\SpyAssassin\AdBlocker.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O9 - Extra button: Researcher (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38178.495625
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DeanHarris1

what is the error?

SheharyaarSaahil

Hello StevenED1964 =)

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://mshp.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://69.31.79.182/search.php
=================================

Fix these two lines.... adn then goto Start>Run>msconfig>Startup
and uncheck the lines for Nero and InCD
reboot and check if the error is still coming ??

and btw why i cannot see any AntiVirus or Firewall running on ur system ??

Edward Stevens

ASKER

Thanks SheharyaarSaahil. I'll try this and get right back to you. The reason you don't see any anti-virus or firewall is because my friend is not computer smart. I am assisting in the cleanup and then I will be installing such software to help him out going forward. Some guys just have to learn the gard way first. :)

SheharyaarSaahil

that's not good =\

but to my surprise,,,, i cannot see any spyware or virus type of thing running on the system :-o
and neither the entry for this image.dll
so i think its realted to NERO coz nero also installs a dll file called image.dll which supports NERO while burning the cds !!
and as u cae see that NERO is starting at startup, so if u stop it from being starting up, may be the error goes away :-?

Edward Stevens

ASKER

SheharyaarSaahil:

It didn't work. I fixed the two entries and disabled Nero and InCD but after the PC rebooted, I still got the error during the login process. Have any other ideas? This thing is just killing me.

Edward Stevens

ASKER

Based upon your previous comment about Nero, I uninstalled "all" of the components that were added by Nero (i.e. the media player, InCD, the main application, etc.) After I rebooted, the error still appeared. :(

SheharyaarSaahil

hmmmmmmm ok two things now !!!!!

search ur hard drive for image.dll file. how many it founds ??
then goto Start>Run>regedit
and hit Ctrl+F and enter the name image.dll
find it and look where u can find it there ??

post back results ??

SheharyaarSaahil

Also,,,, just try one more thing my friend,,,

Download these tools and install Adaware and Spybot:
========================================================
AdAware ==> http://www.spychecker.com/program/adaware.html
SpyBot ==> http://www.spychecker.com/program/spybot.html
CoolWebShredder ==> http://www.spychecker.com/program/coolwebshredder.html
ToolBar Cop >> http://www.mvps.org/sramesh2k/toolbarcop.htm
Stinger >> http://vil.nai.com/vil/stinger
========================================================

then reboot ur system in Safemode, and run these tools, and delete everything they detect !!!!!
reboot back in normal mode and check for the problem ??

report back :)

Edward Stevens

ASKER

I have the following results from your first request:

The directory search turned up one entry: C:\Program Files\Ahead\NeroMediaPlayer\API\image.dll

The registry search turned up the following:

[HKEY_CURRENT_USER\Software\Google\NavClient\1.1\History]"\"c:\\windows\\image.dll\""=hex:7a,f9,10,41
[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]"000"="image.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]"Image"="rundll32 C:\\WINDOWS\\image.dll,Install"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEFeatSL_Uninstall]"DisplayName"="IEFeatSL Uninstall"
"UninstallString"="rundll32.exe C:\\WINDOWS\\image.dll,Uninstall"

[HKEY_USERS\S-1-5-21-1547161642-113007714-1343024091-1013\Software\Google\NavClient\1.1\History]"\"c:\\windows\\image.dll\""=hex:7a,f9,10,41

[HKEY_USERS\S-1-5-21-1547161642-113007714-1343024091-1013\Software\Microsoft\Search Assistant\ACMru\5603]"000"="image.dll"

ASKER CERTIFIED SOLUTION

SheharyaarSaahil

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Edward Stevens

ASKER

SheharyaarSaahil :

Thank you so very much!!! I could have sworn that I had previously removed that (maybe I was dreaming the whole thing) but it is gone! Ureka!

Have a nice day and thanks again!

SheharyaarSaahil

:)

i can understand, but u know the startup files are not stored only in one place in registry,,,, there are lots of them, look here >> http://www.mvps.org/sramesh2k/Startup.htm

so ever in future if u come across such type of problem, then make sure that u have deleted the corrupted entry from all the places =)

!! Happy Computing !!