constant download problem.
David Barwell
continually downloading.
I have Norton Antivirus which is up to date and the latest version of
Spybot, both report system is clear.
I have disabled windows automatic updates.
How can I find out what is causing this? I ma running XP
TIA
Rod Speed
"David Barwell" <barw...@bigpond.com> wrote in message news:DKD7d.11737$5O5....@news-server.bigpond.net.au...
See what's getting cpu time in the task manager.
derek / nul
then type 'netstat -a' without the quotes.
It will show you all connections to/from your machine.
Alecto
Download HijackThis and let it scan your system and post the output here.
David Barwell
Logfile of HijackThis v1.97.7
Scan saved at 4:32:53 PM, on 3/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\sistray.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\essspk.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\System32\cmd.exe
C:\Documents and Settings\joe\My Documents\My Received Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.ninemsn.com.au/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program
Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec
Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec
Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check]
C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program
Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program
Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program
Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .mpeg: C:\Program Files\Internet
Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX
Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
http://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} -
http://download.ebay.com/turbo_lister/AU/install.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} -
http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -
http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-12.cab
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) -
http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) -
http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -
http://chat.msn.com/bin/msnchat45.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{F91DF90C-675E-44A1-8615-2120994C44B5}:
NameServer = 203.49.70.92 139.134.2.190
"Alecto" <ale...@goulburn.net.au> wrote in message
news:415F6FF9...@goulburn.net.au...
David Barwell
C:\Documents and Settings\joe>netstat -a
Active Connections
Proto Local Address Foreign Address State
TCP joe-u99hwzhn2yt:epmap joe-u99hwzhn2yt:0 LISTENING
TCP joe-u99hwzhn2yt:microsoft-ds joe-u99hwzhn2yt:0 LISTENING
TCP joe-u99hwzhn2yt:1025 joe-u99hwzhn2yt:0 LISTENING
TCP joe-u99hwzhn2yt:1026 joe-u99hwzhn2yt:0 LISTENING
TCP joe-u99hwzhn2yt:3014 joe-u99hwzhn2yt:0 LISTENING
TCP joe-u99hwzhn2yt:3225 joe-u99hwzhn2yt:0 LISTENING
TCP joe-u99hwzhn2yt:3233 joe-u99hwzhn2yt:0 LISTENING
TCP joe-u99hwzhn2yt:3237 joe-u99hwzhn2yt:0 LISTENING
TCP joe-u99hwzhn2yt:5000 joe-u99hwzhn2yt:0 LISTENING
TCP joe-u99hwzhn2yt:3001 joe-u99hwzhn2yt:0 LISTENING
TCP joe-u99hwzhn2yt:3002 joe-u99hwzhn2yt:0 LISTENING
TCP joe-u99hwzhn2yt:3003 joe-u99hwzhn2yt:0 LISTENING
TCP joe-u99hwzhn2yt:3007 joe-u99hwzhn2yt:0 LISTENING
TCP joe-u99hwzhn2yt:3007 localhost:3251 TIME_WAIT
TCP joe-u99hwzhn2yt:3225 64.4.23.61:http ESTABLISHED
TCP joe-u99hwzhn2yt:3233 news-server.bigpond.net.au:nntp ESTABLISHED
TCP joe-u99hwzhn2yt:3237 news-server.bigpond.net.au:nntp ESTABLISHED
TCP joe-u99hwzhn2yt:3250 news-server.bigpond.net.au:nntp TIME_WAIT
TCP joe-u99hwzhn2yt:11677 joe-u99hwzhn2yt:0 LISTENING
UDP joe-u99hwzhn2yt:microsoft-ds *:*
UDP joe-u99hwzhn2yt:isakmp *:*
UDP joe-u99hwzhn2yt:3006 *:*
UDP joe-u99hwzhn2yt:3009 *:*
UDP joe-u99hwzhn2yt:3013 *:*
UDP joe-u99hwzhn2yt:3244 *:*
UDP joe-u99hwzhn2yt:ntp *:*
UDP joe-u99hwzhn2yt:1900 *:*
UDP joe-u99hwzhn2yt:3156 *:*
UDP joe-u99hwzhn2yt:3212 *:*
UDP joe-u99hwzhn2yt:3224 *:*
UDP joe-u99hwzhn2yt:ntp *:*
UDP joe-u99hwzhn2yt:1900 *:*
UDP joe-u99hwzhn2yt:8825 *:*
UDP joe-u99hwzhn2yt:13174 *:*
C:\Documents and Settings\joe>
"derek / nul" <spam...@sgrail.org> wrote in message
news:3cdul093c87rgfcge...@4ax.com...
Alecto
>
> Got the following :_
Hmm... run msconfig, disable the Kodak software and reboot to see if that makes
any difference.
What level is your XP updated to?
David Barwell
Windows XP home edition 2002, SP1
"Alecto" <ale...@goulburn.net.au> wrote in message
news:41600A59...@goulburn.net.au...
Alecto
>
> Disabled Kodak software as suggested - No difference.
>
> Windows XP home edition 2002, SP1
Do you have all the other WixXP updates prior to SP2 installed?
Try disabling all the startup items with msconfig and see it the problem goes
away.
Try downloading the Stinger tool from Mcafee and scanning your system with it.