Hi All,

I have tried to download AdAware, Spybot, and Norton AV updates recently. All downloads start ok and seem to be progressing but never finish. When download starts I see the Quicktime Icon (the letter Q in a square box) for a while and then I get a screen with a broken film strip. I suspect a problem with Quicktime and have actually tried to remove and re-install Quicktime several times.
Can anyone offer a course of action to re-establish my ability to download?
Thanks in advance for your help!

It looks or sounds Like you have Quicktime
associated with the file extension of the downloads (ZIP, EXE ? )

Quicktime should Not have anything to do with these downloads

Try disabling Quicktime before attempting a download
The quicktime quick start is what you are seeing in the task bar correct ?

Rick,

I get the Quicktime icon right square in the middle of the screen...over the top of the download screen. How do I go about disabling Quicktime? I don't see it as a running program when I open Task Manager (Ctrl/Alt/Del).

BTW, Thanks for your quick reply!

If you just want to dump it...head for the ADD/REMOVE PROGRAMS in Control Panel...you should find it listed there...

Also, Welcome to http://www.pcguide.com/ubb/pcgubb.gif Forums!

See if you can download and run HijackThis. To run HJT, extract it to a permanent folder such as C:\Documents or one you create like C:\HJT. Close all browsers and make sure that all programs are enabled if you use msconfig. Run it and Scan, then Save the log. When the log window appears, Right click to copy it, open your browser and come here to post the log. Do not make any changes until it is checked since most items are either benign or essential to the computer.

This can help us to find out what is going on with Quicktime. I have heard of at least one bit of malware that uses a Quicktime spoof to do its thing...

Budfred,

Downloaded Hijack. Put ZIP file in folder c:\HJT. Unzipped and tried to run program. Get this message:
"Error Starting Program"
"A required .DLL file, MSVBVM60.DLL was not found."

I will try downloading, unzipping and running again while I await your reply.
Thanks!

Apparently you need to download and install the Visual Basic run time files.
http://support.microsoft.com/default.aspx?...b;en-us;q192461

Hopefully that will be possible with the problems you are having....:)

Me again!

Budfred...here is the HighjackThis log. I was able to download the Visual Basic update even tho the Quicktime logo appeared...go figure?

Whyzman...I have tried to Add/Remove QT several times. Even followed instructions that said I had to download the latest version to be able to obtain an uninstall utility. I have three(3) QT icons showing on my Control Panel one of which is Quicktime32.

Anyway...here is the log:

Logfile of HijackThis v1.97.7
Scan saved at 5:39:37 PM, on 1/11/04
Platform: Windows 95 C (Win9x 4.00.1111)
MSIE: Internet Explorer v5.00 (5.00.2314.1000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\AMERICA ONLINE 5.0\AOLTRAY.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NSCHED32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://146.20.38.19
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.topsearcher.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crooder.com/search/?p=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://zoosecret.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://zoosecret.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://146.20.38.19
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://146.20.38.19
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.abcsearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.abcsearch.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://146.20.38.19
F1 - win.ini: run=hpfsched
O1 - Hosts: 146.20.38.19 auto.search.msn.com
O3 - Toolbar: (no name) - {69550BE2-9A78-11d2-BA91-00600827878D} - C:\WINDOWS\system\shdocvw.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Srng] C:\Program Files\Srng\Srng.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: America Online 5.0 Tray Icon.lnk = C:\America Online 5.0\aoltray.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: Norton Program Scheduler.lnk = C:\Program Files\Norton AntiVirus\NSCHED32.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .avi: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .bmp: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .exe: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O13 - WWW. Prefix: http://
O14 - IERESET.INF: SEARCH_PAGE_URL=http://home.microsoft.com/access/allinone.asp
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {FC3A74E5-F281-4F10-AE1E-733078684F3C} (Downloader Class) - http://www.2020search.com/toolbar/2020Search.cab

It looks like you have a CoolWebSearch infestation and some other things... Let's start by getting that cleaned out. Download and run CWShredder from the links at the bottom of my post. Choose to Fix rather than just Scan and copy the results to post here. Reboot and run HJT again. Open your browser and post the log here again so we can see what is left and clean it out......

Quick heads up, folks......certain versions of CWS are apparantly messing with the downloads of certain programs....namely Antivirus/Antispyware (the stuff to kill it with).

Almost always if something odd comes up when someone is trying to download AdAware, Spybot or an AV then you can be fairly certain that CWS is behind it.

CWS has been known to set up a proxy to intercept the request to go to those pages, it seems it may be messing with MIME types too....

mjc,Budfred, Whyzman, and Rick

I really wasn't trying to confuse things. I felt you guys had helped me finally get Hijackthis, and SpyBot downloaded and executed as well as CWShredder. Rather than bounce from one problem to the next in this thread, I thought to start a new one. After reviewing your posts, I see that you guys feel most of my probs are due to Adware/Spyware ....including the Quicktime issue.
If you don't mind continuing with your good advice.....
Here is the latest Hijack log:

One file I would like to know about is "SRNG.EXE". I am getting an error message on my desktop at startup that says something about SRNG not being able to find a file.


Logfile of HijackThis v1.97.7
Scan saved at 6:45:13 PM, on 1/13/04
Platform: Windows 95 C (Win9x 4.00.1111)
MSIE: Internet Explorer v5.00 (5.00.2314.1000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\AMERICA ONLINE 5.0\AOLTRAY.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NSCHED32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://146.20.38.19
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://zoosecret.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://zoosecret.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://146.20.38.19
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://146.20.38.19
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.abcsearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.abcsearch.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://146.20.38.19
F1 - win.ini: run=hpfsched
O3 - Toolbar: (no name) - {69550BE2-9A78-11d2-BA91-00600827878D} - (no file)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Srng] C:\Program Files\Srng\Srng.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: America Online 5.0 Tray Icon.lnk = C:\America Online 5.0\aoltray.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: Norton Program Scheduler.lnk = C:\Program Files\Norton AntiVirus\NSCHED32.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .avi: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .bmp: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .exe: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O13 - WWW. Prefix: http://
O14 - IERESET.INF: SEARCH_PAGE_URL=http://home.microsoft.com/access/allinone.asp
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {FC3A74E5-F281-4F10-AE1E-733078684F3C} (Downloader Class) - http://www.2020search.com/toolbar/2020Search.cab

You might want to have a look at the moderators suggestions in this post related to SRNG....

http://computercops.biz/postp37106.html

You still have a few things that need to be fixed. Use HJT to fix these:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://146.20.38.19
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://zoosecret.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://zoosecret.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://146.20.38.19
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://146.20.38.19
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.abcsearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.abcsearch.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://146.20.38.19
O3 - Toolbar: (no name) - {69550BE2-9A78-11d2-BA91-00600827878D} - (no file)
O4 - HKLM\..\Run: [Srng] C:\Program Files\Srng\Srng.exe
O13 - WWW. Prefix: http://
O16 - DPF: {FC3A74E5-F281-4F10-AE1E-733078684F3C} (Downloader Class) - http://www.2020search.com/toolbar/2020Search.cab

These are technically legit, but many consider them to be malware and they are resource hogs without providing much function. I would fix them, but you decide...

O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

The AOL entry here is probably legit, but one of the 2 isn't, so that leaves the other one to fix:

O14 - IERESET.INF: SEARCH_PAGE_URL=http://home.microsoft.com/access/allinone.asp
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com

I think that will do it, but please reboot after the fixes, run HJT again , open your browser and post the new log here....