1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Cant download programs off the net

Discussion in 'Web & Email' started by AmericanHero, Jan 11, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. AmericanHero

    AmericanHero Thread Starter

    Joined:
    Jan 11, 2003
    Messages:
    4
    Awhile ago I downloaded napster to get mp3s. after having it for a good amount of time i wanted to delete it. I searched for all files containing napster(which i should not have done) and deleted all the files that came up. I now cant download any programs off the net such as imesh or kazaa. tell me what i can do to be able to download my precious music again.
     
  2. bandit429

    bandit429

    Joined:
    Feb 11, 2002
    Messages:
    4,962
    Welcome to TSG,


    Go to the site i posted a link at the bottom of this post,,download and run the startup list program and paste the generated text back here in a post so we can look at it.


    Click here
     
  3. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    Also, what exacly happens when you try to download something?

    Aside from music, are you able to download other files, or does the same thing happen?
     
  4. AmericanHero

    AmericanHero Thread Starter

    Joined:
    Jan 11, 2003
    Messages:
    4
    This is what the startup list showed:
    StartupList report, 1/12/2003, 3:56:39 PM
    StartupList version: 1.50
    Started from : C:\Documents and Settings\default\Local Settings\Temp\Temporary Directory 1 for startuplist15[1].zip\StartupList.EXE
    Detected: Windows XP (WinNT 5.01.2600)
    Detected: Internet Explorer v6.00 (6.00.2600.0000)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Iomega\System32\AppServices.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
    C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
    C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
    C:\Program Files\Iomega HotBurn\Autolaunch.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\PROGRA~1\MESSEN~1\msmsgs.exe
    C:\PROGRA~1\COMPAQ\EASYAC~1\BTTNSERV.EXE
    C:\PROGRA~1\COMPAQ\EASYAC~1\EAUSBKBD.EXE
    C:\Program Files\America Online 7.0a\waol.exe
    C:\Documents and Settings\default\Local Settings\Temp\Temporary Directory 1 for startuplist15[1].zip\StartupList.exe

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Startup:
    [C:\Documents and Settings\default\Start Menu\Programs\Startup]
    PowerReg SchedulerV2.exe

    --------------------------------------------------

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    SystemTray = SysTray.Exe
    CPQEASYACC = C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
    Alogserv = C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
    McAfee Guardian = "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
    Drag'n'Drop_Autolaunch = "C:\Program Files\Iomega HotBurn\Autolaunch.exe"
    RealTray = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    McAfee.InstantUpdate.Monitor = "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
    MSMSGS = "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background

    --------------------------------------------------

    Enumerating Active Setup stub paths:
    HKLM\Software\Microsoft\Active Setup\Installed Components
    (* = disabled by HKCU twin)

    [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
    StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

    [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
    StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

    [{7790769C-0471-11d2-AF11-00C04FA35D02}] *
    StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

    [{89820200-ECBD-11cf-8B85-00AA005B4340}] *
    StubPath = regsvr32.exe /s /n /i:U shell32.dll

    [{89820200-ECBD-11cf-8B85-00AA005B4383}] *
    StubPath = %SystemRoot%\system32\ie4uinit.exe

    [{89820200-ECBD-11cf-8B85-00AA005B4395}] *
    StubPath = regsvr32.exe /s /n /i:U shell32.dll

    --------------------------------------------------

    Load/Run keys from C:\WINDOWS\WIN.INI:

    load=
    run=

    Load/Run keys from Registry:

    HKLM\..\Windows NT\CurrentVersion\WinLogon: load=
    HKLM\..\Windows NT\CurrentVersion\WinLogon: run=
    HKLM\..\Windows\CurrentVersion\WinLogon: load=
    HKLM\..\Windows\CurrentVersion\WinLogon: run=
    HKCU\..\Windows NT\CurrentVersion\WinLogon: load=
    HKCU\..\Windows NT\CurrentVersion\WinLogon: run=
    HKCU\..\Windows\CurrentVersion\WinLogon: load=
    HKCU\..\Windows\CurrentVersion\WinLogon: run=
    HKCU\..\Windows NT\CurrentVersion\Windows: load=
    HKCU\..\Windows NT\CurrentVersion\Windows: run=
    HKLM\..\Windows NT\CurrentVersion\Windows: load=
    HKLM\..\Windows NT\CurrentVersion\Windows: run=
    HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

    --------------------------------------------------

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    *INI section not found*
    *INI section not found*
    *INI section not found*

    Shell & screensaver key from Registry:

    Shell=Explorer.exe
    SCRNSAVE.EXE=C:\WINDOWS\System32\ssmarque.scr
    *Registry value not found*

    Policies Shell key:

    HKCU\..\Policies: *Registry value not found*
    HKLM\..\Policies: *Registry value not found*

    --------------------------------------------------

    Checking for EXPLORER.EXE instances:

    C:\WINDOWS\Explorer.exe: PRESENT!

    C:\Explorer.exe: not present
    C:\WINDOWS\Explorer\Explorer.exe: not present
    C:\WINDOWS\System\Explorer.exe: not present
    C:\WINDOWS\System32\Explorer.exe: not present
    C:\WINDOWS\Command\Explorer.exe: not present

    --------------------------------------------------

    Checking for superhidden extensions:

    .lnk: HIDDEN! (arrow overlay: yes)
    .pif: HIDDEN! (arrow overlay: yes)
    .exe: not hidden
    .com: not hidden
    .bat: not hidden
    .hta: not hidden
    .scr: not hidden
    .shs: HIDDEN!
    .shb: HIDDEN!
    .vbs: not hidden
    .vbe: not hidden
    .wsh: not hidden
    .scf: HIDDEN! (arrow overlay: NO!)
    .url: HIDDEN! (arrow overlay: yes)
    .js: not hidden
    .jse: not hidden

    --------------------------------------------------

    Enumerating Browser Helper Objects:

    (no name) - C:\WINDOWS\fhfmm.dll - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271}
    ezSearchBar Helper - C:\WINDOWS\SYSTEM32\ezsearch.dll - {760A9DDE-1433-4A7C-8189-D6735BB5D3DD}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    Tune-up Application Start.job
    PCHealth Scheduler for Data Collection.job
    Registration reminder 2.job
    Registration reminder 3.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [Win32 Classes]

    [FHFMMObj Class]
    InProcServer32 = C:\WINDOWS\fhfmm.dll

    [{00000012-890E-4AAC-AFD9-EFF6954A34DD}]

    [VivoActive Control]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\VVWEB.OCX
    CODEBASE = http://player.vivo.com/ie/vvweb.cab

    [{11111111-1111-1111-1111-111111111111}]
    CODEBASE = http://ams-download.nocreditcard.com/download/newdial-erp/1536/dialer.exe

    [Shockwave ActiveX Control]
    InProcServer32 = C:\WINDOWS\SYSTEM32\MACROMED\DIRECTOR\SwDir.dll
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/swdir8d205.cab

    [Inst Class]
    InProcServer32 = C:\WINDOWS\SYSTEM32\ezsearch.dll
    CODEBASE = http://205.134.182.164/1/ezsb.cab

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\System32\macromed\flash\swflash.ocx
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash5r42.cab

    [NSUpdateLiteCtrl Class]
    InProcServer32 = C:\WINDOWS\System32\nsupdate.dll
    CODEBASE = http://62.129.133.7/mt/dialers/on/NSupd9x.cab

    --------------------------------------------------
    End of report, 7,811 bytes
    Report generated in 2.393 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only

    And i cant download certain programs not jus music...
     
  5. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    You do have a small assortment of spyware programs there:

    Ezsearch, a dialer, AdBreak.

    Please do this:

    Download Spybot - Search & Destroy

    It looks for spyware, but also targets dialers, keyloggers, and other nasties, and it's freeware.

    After installing, press Online, and search for, put a check mark at, and install all updates.

    Next, go to the Settings tab > File Sets, and uncheck 'System Internals' and 'Tracks' .
    These aren't needed for our present purpose, and you can always experiment with them later on.

    Finally, after closing down Internet Explorer, hit 'Check for Problems', and have SpyBot remove all it finds.

    Cheers,
     
  6. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    If after running SpyBot, the problem still exists, please do two things:

    Go to http://www.spywareinfo.com/downloads.php#det , and download 'Hijack This!'.
    Unzip, doubleclick HijackThis.exe, and hit "Scan".

    When the scan is finished, the "Scan" button will change into a "Save Log" button.
    Press that, save the log somewhere, and please show us its contents.

    And do this:

    Create a new Text file on your desktop, and paste the following bold text into it:


    REGEDIT4

    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Plugins\Extension]




    Save as Extension.reg

    Doubleclick it, and answer 'yes' when asked whether you want to merge the contents of the file into the registry.

    Reboot.

    It might solve your download problem.
     
  7. AmericanHero

    AmericanHero Thread Starter

    Joined:
    Jan 11, 2003
    Messages:
    4
    I cant download the spybot search and destroy program....when i click on the page to download it a blankpage wit a little picture wit shapes on it pops up.
     
  8. bandit429

    bandit429

    Joined:
    Feb 11, 2002
    Messages:
    4,962
    Look in add/remove programs and see if you have any uninstallers for the spyware that Tony mentioned above?
     
  9. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    If you run Extension.reg as I explained in my previous post you will again be able to download everything.

    I repeat:

    Create a new Text file on your desktop, and paste the following bold text into it:


    REGEDIT4

    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Plugins\Extension]




    Save as Extension.reg

    Doubleclick it, and answer 'yes' when asked whether you want to merge the contents of the file into the registry.

    Reboot.


    You'll be able to download SpyBot afterwards.
     
  10. AmericanHero

    AmericanHero Thread Starter

    Joined:
    Jan 11, 2003
    Messages:
    4
    This is the log after i downloaded hijack this:

    Logfile of HijackThis v1.91.0
    Scan saved at 3:45:29 PM, on 1/13/2003
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL=http://216.65.3.68/search/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.judysearch.com/home.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://search.bisextop.com/index1.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://fastmetasearch.com/bar.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://216.65.3.68/search/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=http://search.bisextop.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.judysearch.com/home.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title=Microsoft Internet Explorer
    O1 - Hosts: 66.40.16.218 auto.search.msn.com
    O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - C:\WINDOWS\fhfmm.dll
    O2 - BHO: ezSearchBar Helper - {760A9DDE-1433-4A7C-8189-D6735BB5D3DD} - C:\WINDOWS\SYSTEM32\ezsearch.dll
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: ez Search Bar - {CCE83E45-30B2-4BAE-B1F5-25D128D27A43} - C:\WINDOWS\SYSTEM32\ezsearch.dll
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
    O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
    O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
    O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn\Autolaunch.exe"
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
    O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
    O4 - Startup: PowerReg SchedulerV2.exe
    O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM)
    O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM)
    O9 - Extra 'Tools' menuitem: AV Live (HKLM)
    O9 - Extra button: Translate (HKLM)
    O9 - Extra 'Tools' menuitem: AV &Translate (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O12 - Plugin for .asx: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
    O12 - Plugin for .avi: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npavi32.dll
    O12 - Plugin for .exe: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npaudio.dll
    O16 - DPF: Win32 Classes -
    O16 - DPF: {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} (FHFMMObj Class) -
    O16 - DPF: {00000012-890E-4AAC-AFD9-EFF6954A34DD} -
    O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://player.vivo.com/ie/vvweb.cab
    O16 - DPF: {11111111-1111-1111-1111-111111111111} - http://ams-download.nocreditcard.com/download/newdial-erp/1536/dialer.exe
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir8d205.cab
    O16 - DPF: {B8AB2281-447F-482B-86E9-1F0ED5973637} (Inst Class) - http://205.134.182.164/1/ezsb.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash5r42.cab
    O16 - DPF: {DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C} (NSUpdateLiteCtrl Class) - http://62.129.133.7/mt/dialers/on/NSupd9x.cab
     
  11. brendandonhu

    brendandonhu

    Joined:
    Jul 8, 2002
    Messages:
    14,681
    Did you run Spybot?
    I still see stuff that looks like it might be spyware.
     
  12. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    Thanks.

    Run Hijack This, and check ALL of the following items. Doublecheck, so as not to miss a single one.
    Next, shut down ALL Internet Explorer windows, and have Hijack This remove all checked:


    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL=http://216.65.3.68/search/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.judysearch.com/home.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://search.bisextop.com/index1.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://fastmetasearch.com/bar.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://216.65.3.68/search/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=http://search.bisextop.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.judysearch.com/home.php

    O1 - Hosts: 66.40.16.218 auto.search.msn.com
    O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - C:\WINDOWS\fhfmm.dll
    O2 - BHO: ezSearchBar Helper - {760A9DDE-1433-4A7C-8189-D6735BB5D3DD} - C:\WINDOWS\SYSTEM32\ezsearch.dll

    O3 - Toolbar: ez Search Bar - {CCE83E45-30B2-4BAE-B1F5-25D128D27A43} - C:\WINDOWS\SYSTEM32\ezsearch.dll

    O16 - DPF: {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} (FHFMMObj Class) -
    O16 - DPF: {00000012-890E-4AAC-AFD9-EFF6954A34DD} -
    O16 - DPF: {11111111-1111-1111-1111-111111111111} - http://ams-download.nocreditcard.co...1536/dialer.exe
    O16 - DPF: {B8AB2281-447F-482B-86E9-1F0ED5973637} (Inst Class) - http://205.134.182.164/1/ezsb.cab
    O16 - DPF: {DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C} (NSUpdateLiteCtrl Class) - http://62.129.133.7/mt/dialers/on/NSupd9x.cab


    Reboot when yoú're done, and try running SpyBot.
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/112749

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice