Cant download programs off the net

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

AmericanHero

Thread Starter
Joined
Jan 11, 2003
Messages
4
Awhile ago I downloaded napster to get mp3s. after having it for a good amount of time i wanted to delete it. I searched for all files containing napster(which i should not have done) and deleted all the files that came up. I now cant download any programs off the net such as imesh or kazaa. tell me what i can do to be able to download my precious music again.
 
Joined
Feb 11, 2002
Messages
4,962
Welcome to TSG,


Go to the site i posted a link at the bottom of this post,,download and run the startup list program and paste the generated text back here in a post so we can look at it.


Click here
 

TonyKlein

Malware Specialist
Joined
Aug 26, 2001
Messages
10,392
Also, what exacly happens when you try to download something?

Aside from music, are you able to download other files, or does the same thing happen?
 

AmericanHero

Thread Starter
Joined
Jan 11, 2003
Messages
4
This is what the startup list showed:
StartupList report, 1/12/2003, 3:56:39 PM
StartupList version: 1.50
Started from : C:\Documents and Settings\default\Local Settings\Temp\Temporary Directory 1 for startuplist15[1].zip\StartupList.EXE
Detected: Windows XP (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 (6.00.2600.0000)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\Iomega HotBurn\Autolaunch.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\MESSEN~1\msmsgs.exe
C:\PROGRA~1\COMPAQ\EASYAC~1\BTTNSERV.EXE
C:\PROGRA~1\COMPAQ\EASYAC~1\EAUSBKBD.EXE
C:\Program Files\America Online 7.0a\waol.exe
C:\Documents and Settings\default\Local Settings\Temp\Temporary Directory 1 for startuplist15[1].zip\StartupList.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\default\Start Menu\Programs\Startup]
PowerReg SchedulerV2.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SystemTray = SysTray.Exe
CPQEASYACC = C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
Alogserv = C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
McAfee Guardian = "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
Drag'n'Drop_Autolaunch = "C:\Program Files\Iomega HotBurn\Autolaunch.exe"
RealTray = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

McAfee.InstantUpdate.Monitor = "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
MSMSGS = "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

[{89820200-ECBD-11cf-8B85-00AA005B4395}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=
run=

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=
HKLM\..\Windows\CurrentVersion\WinLogon: load=
HKLM\..\Windows\CurrentVersion\WinLogon: run=
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=
HKCU\..\Windows\CurrentVersion\WinLogon: load=
HKCU\..\Windows\CurrentVersion\WinLogon: run=
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=
HKLM\..\Windows NT\CurrentVersion\Windows: load=
HKLM\..\Windows NT\CurrentVersion\Windows: run=
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

*INI section not found*
*INI section not found*
*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\ssmarque.scr
*Registry value not found*

Policies Shell key:

HKCU\..\Policies: *Registry value not found*
HKLM\..\Policies: *Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\WINDOWS\fhfmm.dll - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271}
ezSearchBar Helper - C:\WINDOWS\SYSTEM32\ezsearch.dll - {760A9DDE-1433-4A7C-8189-D6735BB5D3DD}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Tune-up Application Start.job
PCHealth Scheduler for Data Collection.job
Registration reminder 2.job
Registration reminder 3.job

--------------------------------------------------

Enumerating Download Program Files:

[Win32 Classes]

[FHFMMObj Class]
InProcServer32 = C:\WINDOWS\fhfmm.dll

[{00000012-890E-4AAC-AFD9-EFF6954A34DD}]

[VivoActive Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\VVWEB.OCX
CODEBASE = http://player.vivo.com/ie/vvweb.cab

[{11111111-1111-1111-1111-111111111111}]
CODEBASE = http://ams-download.nocreditcard.com/download/newdial-erp/1536/dialer.exe

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM32\MACROMED\DIRECTOR\SwDir.dll
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/swdir8d205.cab

[Inst Class]
InProcServer32 = C:\WINDOWS\SYSTEM32\ezsearch.dll
CODEBASE = http://205.134.182.164/1/ezsb.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\swflash.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash5r42.cab

[NSUpdateLiteCtrl Class]
InProcServer32 = C:\WINDOWS\System32\nsupdate.dll
CODEBASE = http://62.129.133.7/mt/dialers/on/NSupd9x.cab

--------------------------------------------------
End of report, 7,811 bytes
Report generated in 2.393 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

And i cant download certain programs not jus music...
 

TonyKlein

Malware Specialist
Joined
Aug 26, 2001
Messages
10,392
You do have a small assortment of spyware programs there:

Ezsearch, a dialer, AdBreak.

Please do this:

Download Spybot - Search & Destroy

It looks for spyware, but also targets dialers, keyloggers, and other nasties, and it's freeware.

After installing, press Online, and search for, put a check mark at, and install all updates.

Next, go to the Settings tab > File Sets, and uncheck 'System Internals' and 'Tracks' .
These aren't needed for our present purpose, and you can always experiment with them later on.

Finally, after closing down Internet Explorer, hit 'Check for Problems', and have SpyBot remove all it finds.

Cheers,
 

TonyKlein

Malware Specialist
Joined
Aug 26, 2001
Messages
10,392
If after running SpyBot, the problem still exists, please do two things:

Go to http://www.spywareinfo.com/downloads.php#det , and download 'Hijack This!'.
Unzip, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log somewhere, and please show us its contents.

And do this:

Create a new Text file on your desktop, and paste the following bold text into it:


REGEDIT4

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Plugins\Extension]




Save as Extension.reg

Doubleclick it, and answer 'yes' when asked whether you want to merge the contents of the file into the registry.

Reboot.

It might solve your download problem.
 

AmericanHero

Thread Starter
Joined
Jan 11, 2003
Messages
4
I cant download the spybot search and destroy program....when i click on the page to download it a blankpage wit a little picture wit shapes on it pops up.
 
Joined
Feb 11, 2002
Messages
4,962
Look in add/remove programs and see if you have any uninstallers for the spyware that Tony mentioned above?
 

TonyKlein

Malware Specialist
Joined
Aug 26, 2001
Messages
10,392
Originally posted by AmericanHero:
I cant download the spybot search and destroy program....when i click on the page to download it a blankpage wit a little picture wit shapes on it pops up.
If you run Extension.reg as I explained in my previous post you will again be able to download everything.

I repeat:

Create a new Text file on your desktop, and paste the following bold text into it:


REGEDIT4

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Plugins\Extension]




Save as Extension.reg

Doubleclick it, and answer 'yes' when asked whether you want to merge the contents of the file into the registry.

Reboot.


You'll be able to download SpyBot afterwards.
 

AmericanHero

Thread Starter
Joined
Jan 11, 2003
Messages
4
This is the log after i downloaded hijack this:

Logfile of HijackThis v1.91.0
Scan saved at 3:45:29 PM, on 1/13/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL=http://216.65.3.68/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.judysearch.com/home.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://search.bisextop.com/index1.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://fastmetasearch.com/bar.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://216.65.3.68/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=http://search.bisextop.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.judysearch.com/home.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title=Microsoft Internet Explorer
O1 - Hosts: 66.40.16.218 auto.search.msn.com
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - C:\WINDOWS\fhfmm.dll
O2 - BHO: ezSearchBar Helper - {760A9DDE-1433-4A7C-8189-D6735BB5D3DD} - C:\WINDOWS\SYSTEM32\ezsearch.dll
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ez Search Bar - {CCE83E45-30B2-4BAE-B1F5-25D128D27A43} - C:\WINDOWS\SYSTEM32\ezsearch.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn\Autolaunch.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
O4 - Startup: PowerReg SchedulerV2.exe
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM)
O9 - Extra 'Tools' menuitem: AV Live (HKLM)
O9 - Extra button: Translate (HKLM)
O9 - Extra 'Tools' menuitem: AV &Translate (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .asx: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O12 - Plugin for .avi: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npavi32.dll
O12 - Plugin for .exe: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npaudio.dll
O16 - DPF: Win32 Classes -
O16 - DPF: {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} (FHFMMObj Class) -
O16 - DPF: {00000012-890E-4AAC-AFD9-EFF6954A34DD} -
O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://player.vivo.com/ie/vvweb.cab
O16 - DPF: {11111111-1111-1111-1111-111111111111} - http://ams-download.nocreditcard.com/download/newdial-erp/1536/dialer.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir8d205.cab
O16 - DPF: {B8AB2281-447F-482B-86E9-1F0ED5973637} (Inst Class) - http://205.134.182.164/1/ezsb.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash5r42.cab
O16 - DPF: {DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C} (NSUpdateLiteCtrl Class) - http://62.129.133.7/mt/dialers/on/NSupd9x.cab
 

TonyKlein

Malware Specialist
Joined
Aug 26, 2001
Messages
10,392
Thanks.

Run Hijack This, and check ALL of the following items. Doublecheck, so as not to miss a single one.
Next, shut down ALL Internet Explorer windows, and have Hijack This remove all checked:


R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL=http://216.65.3.68/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.judysearch.com/home.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://search.bisextop.com/index1.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://fastmetasearch.com/bar.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://216.65.3.68/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=http://search.bisextop.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.judysearch.com/home.php

O1 - Hosts: 66.40.16.218 auto.search.msn.com
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - C:\WINDOWS\fhfmm.dll
O2 - BHO: ezSearchBar Helper - {760A9DDE-1433-4A7C-8189-D6735BB5D3DD} - C:\WINDOWS\SYSTEM32\ezsearch.dll

O3 - Toolbar: ez Search Bar - {CCE83E45-30B2-4BAE-B1F5-25D128D27A43} - C:\WINDOWS\SYSTEM32\ezsearch.dll

O16 - DPF: {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} (FHFMMObj Class) -
O16 - DPF: {00000012-890E-4AAC-AFD9-EFF6954A34DD} -
O16 - DPF: {11111111-1111-1111-1111-111111111111} - http://ams-download.nocreditcard.co...1536/dialer.exe
O16 - DPF: {B8AB2281-447F-482B-86E9-1F0ED5973637} (Inst Class) - http://205.134.182.164/1/ezsb.cab
O16 - DPF: {DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C} (NSUpdateLiteCtrl Class) - http://62.129.133.7/mt/dialers/on/NSupd9x.cab


Reboot when yoú're done, and try running SpyBot.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top