Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Web & Email Web & Email
Search Search
Search for:
Tech Support Guy > > >

My Computer Wont Stop Downloading!


(!)

Safe's Avatar
Safe Safe is offline
Member with 49 posts.
THREAD STARTER
 
Join Date: Mar 2003
19-Apr-2003, 06:01 PM #1
My Computer Wont Stop Downloading!
Sometimes when im not doing anything with my internet connection, all of a sudden my internet starts to download something... I haven got automatic update on anything... When it starts, it takes ages to stop aswell...

Ive run ad aware on my computer but that hasent stopped it... Whats going on???!!!
steamwiz's Avatar
Senior Member with 2,773 posts.
 
Join Date: Oct 2002
Location: Yorkshire UK
19-Apr-2003, 06:03 PM #2
Hi Safe

If you post your startup list we may be able to spot something

Please post your startup list by doing the following :-

Please go here and download startuplist 1.52 :-

http://www.lurkhere.com/~nicefiles/

Download to any folder or your desktop
Unzip the zipfile
Double click the exe file
go to Edit - select all - copy - and paste the results in a new post here

steam
Safe's Avatar
Safe Safe is offline
Member with 49 posts.
THREAD STARTER
 
Join Date: Mar 2003
19-Apr-2003, 06:13 PM #3
Here it is, and thankyou for your quick reply:-

Quote:
StartupList report, 20/04/2003, 00:10:41
StartupList version: 1.52
Started from : C:\Documents and Settings\James\Desktop\startuplist1521\StartupList.EXE
Detected: Windows XP (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 (6.00.2600.0000)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\apache\mysql\bin\mysqld-nt.exe
C:\Program Files\Photodex\CompuPicPro\ScsiAccess.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\S3hotkey.exe
C:\WINDOWS\System32\S3tray2.exe
C:\WINDOWS\System32\pctspk.exe
C:\WINDOWS\System32\ESB.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\LeapFTP\LeapFTP.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Opera7\opera.exe
C:\Program Files\ICQ\ICQ.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\James\Desktop\startuplist1521\StartupList.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
pop3httpproxy.lnk = C:\Program Files\HotPOP3\pop3httpproxy.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

S3hotkey = S3hotkey.exe
S3TRAY2 = S3tray2.exe
PCTVOICE = pctspk.exe
ESB = C:\WINDOWS\System32\ESB.exe
Supastatus = C:\Program Files\Internet Explorer\Connection Wizard\status.exe
EPSON Stylus C42 Series = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
AdaptecDirectCD = C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
MMTray = C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
Mirabilis ICQ = C:\Program Files\ICQ\ICQNet.exe
TkBellExe = C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

ICQ = C:\Program Files\ICQ\ICQ.exe -trayboot

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRA~1\FLASHGET\jccatch.dll - {A5366673-E8CA-11D3-9CD9-0090271D075B}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE = http://download.macromedia.com/pub/s...irector/sw.cab

[Yahoo! Audio Conferencing]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\yacscom.dll
CODEBASE = http://us.chat1.yimg.com/us.yimg.com...43/yacscom.cab

[{41F17733-B041-4099-A042-B518BB6A408C}]
CODEBASE = http://apple.speedera.net/qtinstall....eInstaller.exe

[Yahoo! Audio UI1]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\yacsui.dll
CODEBASE = http://chat.yahoo.com/cab/yacsui.cab

[Update Class]
InProcServer32 = C:\WINDOWS\System32\iuctl.dll
CODEBASE = http://v4.windowsupdate.microsoft.co...725.4737037037

[Symantec RuFSI Registry Information Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll
CODEBASE = http://security.symantec.com/SSC/Sha.../bin/cabsa.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/s...sh/swflash.cab

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\Program Files\WinRAR\RarExt.dll.0.tmp||c:\documents and settings\James\cookies\James@bluestreak[1].txt||c:\documents and settings\James\cookies\James@www.qksrv[1].txt||c:\documents and settings\James\cookies\James@atdmt[2].txt||c:\documents and settings\James\cookies\James@hitbox[1].txt||c:\documents and settings\James\cookies\James@doubleclick[2].txt||c:\documents and settings\James\cookies\James@hg1.hitbox[1].txt||c:\documents and settings\James\cookies\James@bfast[2].txt||c:\documents and settings\James\cookies\James@bravenet[2].txt||c:\documents and settings\James\cookies\James@fastclick[2].txt||c:\system volume information\_restore{9de8165d-af8f-428a-ad2a-69ee6a9e2c3d}\rp82\a0059171.dll||c:\system volume information\_restore{9de8165d-af8f-428a-ad2a-69ee6a9e2c3d}\rp82\a0059172.dll


--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 7,348 bytes
Report generated in 0.390 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
steamwiz's Avatar
Senior Member with 2,773 posts.
 
Join Date: Oct 2002
Location: Yorkshire UK
19-Apr-2003, 06:49 PM #4
Hi

You have a lot of programs running at startup that you do not need to - you could just start a lot of them manually when you need them

There are one or two things in your startup I'm not sure of, unfortunately it's nearly 1am here and time I logged off for the night

One possibility - C:\Program Files\LeapFTP\LeapFTP.exe

could this be downloading files which you have queued ?

Other programs such as this could be downloading updates - C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe

good luck

steam
RSM123's Avatar
Member with 5,531 posts.
 
Join Date: Aug 2002
Location: London
19-Apr-2003, 07:36 PM #5
See here :

http://www.pacs-portal.co.uk/startup_content.htm

Read through your startup list and check for those entries in the list at Pacs Portal to see exactly what you can remove safely.
TonyKlein's Avatar
Malware Removal Specialist with 10,392 posts.
 
Join Date: Aug 2001
Location: The Netherlands
20-Apr-2003, 04:39 AM #6
This startup is totally suspect:

Supastatus = C:\Program Files\Internet Explorer\Connection Wizard\status.exe

There is NO Internet Explorer file called Status.exe.

Go to Start > Run > Msconfig,and uncheck this one on the Startup tab.

Click OK, close Msconfig and reboot.

Next, go to C:\Program Files\Internet Explorer\Connection Wizard, and rename status.exe to status.bak

And I'd like a copy of that file for analysis, please.

Would you mind terribly sending me a (zipped up) copy of Status.exe (or Status.bak) for analysis?

I'd be vey grateful for that file. I'll PM you with my e-mail addie.

TIA!
__________________
Tony < - > CLSID List - A Collection of Autostart Locations
Safe's Avatar
Safe Safe is offline
Member with 49 posts.
THREAD STARTER
 
Join Date: Mar 2003
20-Apr-2003, 07:40 AM #7
i just looked at the file, I think it is a file from supranet isp... I dont think its anything big, but ive sent you it anyway, if it is anything, could you PM me back and tell me what it is, thanks

Safe
putasolution's Avatar
Senior Member with 4,823 posts.
 
Join Date: Mar 2003
Location: North East, UK
Experience: no longer reading the "dummies" books
20-Apr-2003, 07:48 AM #8
I would bet on TkBellExe, part of the Real that gives you live updates
TonyKlein's Avatar
Malware Removal Specialist with 10,392 posts.
 
Join Date: Aug 2001
Location: The Netherlands
20-Apr-2003, 08:17 AM #9
Yup, it says it's from "Supanet": http://www.supanet.com/

Appears to be harmless, but I would leave it unchecked, as I doubt it needs to be running.

It may even be responsible for that internet activity you've been noticing.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑