My Computer Wont Stop Downloading!


19-Apr-2003, 07:01 PM #1
My Computer Wont Stop Downloading!
Sometimes when im not doing anything with my internet connection, all of a sudden my internet starts to download something... I haven got automatic update on anything... When it starts, it takes ages to stop aswell...

Ive run ad aware on my computer but that hasent stopped it... Whats going on???!!!
19-Apr-2003, 07:03 PM #2
Hi Safe

If you post your startup list we may be able to spot something

Please post your startup list by doing the following :-

Please go here and download startuplist 1.52 :-

Download to any folder or your desktop
Unzip the zipfile
Double click the exe file
go to Edit - select all - copy - and paste the results in a new post here

19-Apr-2003, 07:13 PM #3
Here it is, and thankyou for your quick reply:-

StartupList report, 20/04/2003, 00:10:41
StartupList version: 1.52
Started from : C:\Documents and Settings\James\Desktop\startuplist1521\StartupList.EXE
Detected: Windows XP (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 (6.00.2600.0000)
* Using default options

Running processes:

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Photodex\CompuPicPro\ScsiAccess.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\LeapFTP\LeapFTP.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Opera7\opera.exe
C:\Program Files\ICQ\ICQ.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\James\Desktop\startuplist1521\StartupList.exe


Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
pop3httpproxy.lnk = C:\Program Files\HotPOP3\pop3httpproxy.exe


Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,


Autorun entries from Registry:

S3hotkey = S3hotkey.exe
S3TRAY2 = S3tray2.exe
PCTVOICE = pctspk.exe
ESB = C:\WINDOWS\System32\ESB.exe
Supastatus = C:\Program Files\Internet Explorer\Connection Wizard\status.exe
EPSON Stylus C42 Series = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
AdaptecDirectCD = C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
MMTray = C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
Mirabilis ICQ = C:\Program Files\ICQ\ICQNet.exe
TkBellExe = C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot


Autorun entries from Registry:

ICQ = C:\Program Files\ICQ\ICQ.exe -trayboot


Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRA~1\FLASHGET\jccatch.dll - {A5366673-E8CA-11D3-9CD9-0090271D075B}


Enumerating Task Scheduler jobs:

Symantec NetDetect.job


Enumerating Download Program Files:

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll

[Yahoo! Audio Conferencing]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\yacscom.dll


[Yahoo! Audio UI1]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\yacsui.dll

[Update Class]
InProcServer32 = C:\WINDOWS\System32\iuctl.dll

[Symantec RuFSI Registry Information Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx


Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\Program Files\WinRAR\RarExt.dll.0.tmp||c:\documents and settings\James\cookies\James@bluestreak[1].txt||c:\documents and settings\James\cookies\James@www.qksrv[1].txt||c:\documents and settings\James\cookies\James@atdmt[2].txt||c:\documents and settings\James\cookies\James@hitbox[1].txt||c:\documents and settings\James\cookies\James@doubleclick[2].txt||c:\documents and settings\James\cookies\James@hg1.hitbox[1].txt||c:\documents and settings\James\cookies\James@bfast[2].txt||c:\documents and settings\James\cookies\James@bravenet[2].txt||c:\documents and settings\James\cookies\James@fastclick[2].txt||c:\system volume information\_restore{9de8165d-af8f-428a-ad2a-69ee6a9e2c3d}\rp82\a0059171.dll||c:\system volume information\_restore{9de8165d-af8f-428a-ad2a-69ee6a9e2c3d}\rp82\a0059172.dll


Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

End of report, 7,348 bytes
Report generated in 0.390 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
19-Apr-2003, 07:49 PM #4

You have a lot of programs running at startup that you do not need to - you could just start a lot of them manually when you need them

There are one or two things in your startup I'm not sure of, unfortunately it's nearly 1am here and time I logged off for the night

One possibility - C:\Program Files\LeapFTP\LeapFTP.exe

could this be downloading files which you have queued ?

Other programs such as this could be downloading updates - C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe

good luck

19-Apr-2003, 08:36 PM #5
See here :

Read through your startup list and check for those entries in the list at Pacs Portal to see exactly what you can remove safely.
20-Apr-2003, 05:39 AM #6
This startup is totally suspect:

Supastatus = C:\Program Files\Internet Explorer\Connection Wizard\status.exe

There is NO Internet Explorer file called Status.exe.

Go to Start > Run > Msconfig,and uncheck this one on the Startup tab.

Click OK, close Msconfig and reboot.

Next, go to C:\Program Files\Internet Explorer\Connection Wizard, and rename status.exe to status.bak

And I'd like a copy of that file for analysis, please.

Would you mind terribly sending me a (zipped up) copy of Status.exe (or Status.bak) for analysis?

I'd be vey grateful for that file. I'll PM you with my e-mail addie.

Tony
20-Apr-2003, 08:40 AM #7
i just looked at the file, I think it is a file from supranet isp... I dont think its anything big, but ive sent you it anyway, if it is anything, could you PM me back and tell me what it is, thanks

20-Apr-2003, 08:48 AM #8
I would bet on TkBellExe, part of the Real that gives you live updates
20-Apr-2003, 09:17 AM #9
Yup, it says it's from "Supanet":

Appears to be harmless, but I would leave it unchecked, as I doubt it needs to be running.

It may even be responsible for that internet activity you've been noticing.
