Got the Picture?--No.

I’ve got a picture problem plus a merchant pop-up problem, not too many but the lack of. My OS is Me. All worked well until about a month ago when I installed some anti-spy/malware programs.

  1. My emails come in with large blank areas that have a little red ‘x’ in th upper left corner, this is in the area where a picture is supposed to be. Right click on them and a drop down/pop-up menu comes on. On the menu is included ‘Show Picture’, left click on that and nothing. This senario also applies to web sites, not all. Some of he emails have listed, as size, enough kb’s to have the picture included, but when I forward them the size, kb’s, is only enouh for the text and that’s all the outgoing email contains, the text. I’ve called my ISP, Verizon, and revceive a ‘used car salesman’s’ response.

  2. My next problem is similar but different. Many pop-ups, merchant, game and on-line program initiaters to name a few appear to be loading for about one second then the pop-up area turns gray and a little white rectangle appears in which are three geometric shapes, a square, triangle and round, red, blue and green, respectively. Right and left clicking on the group of shapes usually produces nothing. One time I got the same drop down menu as I get when right clicking on the red ‘x’, mentioned above. Didn’t do any good.

I called Discover Card, I use their ‘Deskshop’ propgram, and performed all of the adjustments they advised to make my system compatable with their program, again nothing. I thought one or some of my anti-spyware programs were at fault and proceeded to turn them off one at a time, restarting my OS after each, again no help.

Speaking of help, I could use some.

rondlac

Do an online spyware scan (there is a link in my signiture).

Then download and run HijackThis and post a log here for us to analyse.

xistenz,

Attached is the log file.

rondlac

Extract from Eddy’s Log File Analyser:


CHECKING HIJACKTHIS, WINDOWS, INTERNET EXPLORER AND FIREWALL :

You are using the latest version of Internet Explorer.
Software firewall detected.


GENERAL INFORMATION :

All items in the original HijackThis log file which
are not shown here need further investigation.

Tutorial on the hijackthislog : http://members.home.nl/edeijl/

For email support on this application : hjtbeta@yahoo.com

Use www.google.com to find out more on items
not listed here or if you have doubts.

In addition to this application, you can also analyze the
original HijackThis log online at: http://hijackthis.de


THESE ITEMS ARE EITHER HARMFULL OR A SECURITY RISK
WE STRONGLY RECOMMEND TO FIX THEM :

o9 - extra button: related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\windows\web\related.htm (file missing)
o9 - extra ‘tools’ menuitem: show &related links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\windows\web\related.htm (file missing)
o16 - dpf: {f5c90925-abbf-4475-88f5-8622b452ba9e} (compaq system data class) - http://wwemail.support.hp.com/fd2/objects/sysquery.cab
o16 - dpf: {56336bcb-3d8a-11d6-a00b-0050da18de71} (rdxie class) - http://software-dl.real.com/08b3fd06d18314fb1f03/netzip/rdxie601.cab
o16 - dpf: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (yinststarter class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
o16 - dpf: yahoo! spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
o16 - dpf: {d719897a-b07a-4c0c-aea9-9b663a28dfcb} (itunesdetector class) - http://ax.phobos.apple.com.edgesuite.net/detection/itdetector.cab
o16 - dpf: {15589fa1-c456-11ce-bf01-00aa0055595a} - http://w4s.work4sure.com/c/ge/w4sgeen9.exe
o16 - dpf: yahoo! mahjong solitaire - http://download.games.yahoo.com/games/clients/y/mjst4_x.cab
o16 - dpf: {a90a5822-f108-45ad-8482-9bc8b12dd539} (crucial cpcscan) - http://www.crucial.com/controls/cpcscanner.cab


HARMFULL ITEMS IN THE DOCUMENTS AND SETTINGS FOLDER(S) :

Nothing found.


THE FOLLOWING ITEMS ARE NOT NEEDED TO LOAD
AT BOOTTIME FOR THE SYSTEM TO WORK PROPERLY :

o4 - hklm..\run: [msconfigreminder] c:\windows\system\msconfig.exe /reminder


WE HAVE NO INFO ON THE FOLLOWING ITEMS. THEY CAN BE BAD OR GOOD.
YOU HAVE TO VERIFY THEM MANUALLY. PLEASE TELL US IF YOU HAVE INFO ON THEM :

Nothing found.


THE FOLLOWING ITEMS ARE SAFE TO KEEP :

\windows\system\kernel32.dll
\windows\system\msgsrv32.exe
\windows\system\mmtask.tsk
\windows\system\mprexe.exe
\program files\alwil software\avast4\ashserv.exe
\windows\system\zonelabs\vsmon.exe
\windows\explorer.exe
\windows\system\rpcss.exe
\windows\system\restore\stmgr.exe
\windows\system\systray.exe
\program files\verizon online\winpoet\winpppoverethernet.exe
\program files\zone labs\zonealarm\zlclient.exe
\program files\alwil software\avast4\ashwebsv.exe
\program files\alwil software\avast4\ashmaisv.exe
\windows\system\wmiexe.exe
\windows\system\rnaapp.exe
\windows\system\tapisrv.exe
\program files\internet explorer\iexplore.exe
\windows\system\spool32.exe
\windows\system\ddhelp.exe
\windows\system\stimon.exe
\program files\adobe\acrobat 6.0\reader\acrord32.exe
\windows\explorer.exe
r1 - hkcu\software\microsoft\internet explorer\main
r0 - hkcu\software\microsoft\internet explorer\main
r1 - hkcu\software\microsoft\internet explorer\main
window title = microsoft internet explorer provided by verizon online
o2 - bho: acroiehlprobj class - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\acroiehelper.dll
o3 - toolbar: &radio - {8e718888-423f-11d2-876e-00a0c9082467} - c:\windows\system\msdxm.ocx
o4 - hklm..\run: [systemtray] systray.exe
o4 - hklm..\run: [a-winpoet-service] “c:\program files\verizon online\winpoet\winpppoverethernet.exe”
o4 - hklm..\run: [zone labs client] “c:\program files\zone labs\zonealarm\zlclient.exe”
o4 - hklm..\run: [loadpowerprofile] rundll32.exe powrprof.dll
loadcurrentpwrscheme
o4 - hklm..\run: [ashmaisv] c:\progra~1\alwils~1\avast4\ashmaisv.exe
o4 - hklm..\runservices: [avast!] c:\program files\alwil software\avast4\ashserv.exe
o4 - hklm..\runservices: [*statemgr] c:\windows\system\restore\statemgr.exe
o4 - hklm..\runservices: [truevector] c:\windows\system\zonelabs\vsmon.exe -service
o4 - global startup: verizon online dialer.lnk = c:\program files\common files\verizon online\connmgr\verizon online.exe

An Online Analysis may be found here: http://hijackthis.de/logfiles/6c59629cb8453d1d55841cce10e1361b.html (Valid for 3 days only)

xistenz,

What you suggested, I did. A trojan (Trojan.Clicker.VB.DN) was identified in two files of one program, one file was deleted by the scan program and the other I deleted along with the program. The program is ‘Start Up-Mechanic v2.2’. I doubt if it was a threat more likely a program tool, whatever, it is gone. Two pieces of spyware were found and deleted by the scan program. In the synopsis that followed the scan, the trojan was identified as: Trojan.Clicker.VB.DN1, any difference?
I reviewed the analysis of the Hijackthis scan and found nothing that I could identify as a problem, there is an extra Windows button along with a related missing file, that has been like that for quite awhile and two ‘o16’ items.
The first ‘o16’ item (dpf: {f5c90925-11d2-a20b-00aa003c157a}…etc.) talks to HP.com email support, that one is to be fixed. The second item (dpf: {3052830-99f7-4bb4…etc.) is a mystry to me, I’ll have to keep digging until I find what it is.
There is one thing I did not mention in my initial post and that is, I cannot access HP.COM or any of the support web sites. There are a few possible reasons for this, floating around in my paranoid mind and they are: 1-malware, 2-anti spyware–active or just inhabiting my system (programs downloaded not installed), 3-corrupt files or Registry—or— 4-HP doesn’t like me and black balled me with a cookie. Items 1 & 2 I hope to get answered here, item 3 is pending at an OS forum as for item 4, how do I identify and remove specific HP cookies?

rondlac

I would say that Trojan.Clicker.VB.DN1 is essentially the same as Trojan.Clicker.VB.DN.

As for not being able to access HP support, remove anything that refers to support.hp.com (in particular {f5c90925-abbf-4475-etc}), it will be redownloaded when you revisit the HP support site. Then check you hosts file (Using notepad, open C:\WINDOWS\system32\drivers\etc\hosts) and make sure that the only line is “127.0.0.1 localhost”. Remove anything that refers to hp.com.

You can use CCleaner to remove cookies.

Checked, found and did what you suggested–no change,

I used CCleaner to fix cookies and temp files, only. Now the problem has worsened. I think that should say something as to where the problem is, I can’ see it. Something somewhere is a little screwed up. If the problem area is not spy/mal ware then it is the system. The picture problem began after I started using Adaware, SpyBot,…etc. Apparantly key system files and/or registry files have been altered or deleted. How can they be fixed without stripping the HDD? Backups are not an option because I don’t know where most of them are.

rondlac

I belive that (and I could be wrong) Ad-Aware and Spybot S&D make backups of everything that they remove. Run both programs and look for Quarantine or backup or something to that extent. Then restore what you think needs to be restored.