Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Excess broadband usage


  • This topic is locked This topic is locked
10 replies to this topic

#1 bytefright

bytefright

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 16 February 2014 - 04:31 AM

Hi, Boopme suggested I copy my two earlier posts together with a DDS log in this forum. My biggest concern is that I access broadband using a Sierra Wireless Modem device that I remove from the computer when I've finished. It's activated with a PIN; we're very aware of our usage - basically email, some YouTube, some online tutorials, nothing big, so my usage should remain stable. But over the past year it's bounced up from 1 gig to 8 gig to 11 gig and I never know when it's going to need topping up. What I do know is that I'm not using this much broadband, I'm just the one paying for it. Looking forward to your help, thanks, Margaret

 

EARLIER POSTS:

I'm not sure where to post this but I have a problem with my monthly internet data usage and I wonder whether I've been hacked in some way. I use a wireless modem device (4G Sierra) with a monthly allowance of 8Gg which just disappears, fast, for no apparent reason. I've used the internet for years and have an idea of what burns up usage but the last few months there has been no explanation for how fast it has been disappearing. Last month I was away on holidays, didn't access the internet for a couple of weeks, when I came back on line it was to find that I had an excess data usage warning and most of my allowance was used. My ISP (Telstra Business) assured me that no one could access a wireless modem except from the computer it was plugged into. Doesn't explain what's happening here - no teenagers downloading games etc and two users very aware of the problem. Any ideas?

 

My setup: Operating System:  Windows 7 Home Premium 64-bit SP1; CPU:  AMD Athlon II X4 600e, Propus 45nm Technology; RAM  4.00GB Dual-Channel DDR3 @ 665MHz;   Motherboard PEGATRON CORPORATION JESSE ( CPU 1); Graphics:  HP TouchSmart (1600x900@60Hz)     512MB NVIDIA GeForce G210; Hard Drives
 932GB Hitachi HDT721010SLA360 SATA Disk Device (SATA);  Optical Drive hp DVDWBD TS-TB23L SATA CdRom Device; Audio SoundMAX Integrated Digital HD Audio

 

I should have said earlier that I have a current Norton Internet package installed - firewall etc - , use Firefox (extensions disabled, no addons), recently installed MyTurboPC, deweeded with SuperAntiSypware etc, ran RogueKiller, Norton Root Kit and, while my computer is running faster, I'm no closer to finding out what's going on when I connect to the Internet. I pull the modem out of the computer as soon as I'm finished, I even took it away with me last month, but my usage keeps disappearing. Last month I had to top up my 8 gig to 11 gig to avoid massive fees and I'm so angry because until last year I got by fine with just 1 gig and my browsing habits havn't changed so WHAT HAS??  At wit's ends, someone please suggest something, thanks.

 

Haven't heard anything but I have found help, indirectly. After some digging came across this thread:

http://www.bleepingcomputer.com/forums/t/523463/unauthorised-broadband-usage-every-5mins/page-2#entry3283440;

and this: http://www.bleepingcomputer.com/forums/t/521772/internet-usage-is-too-high-viruses/

 and I have followed through with most of the suggestions (except Combofix as per advice not to use unless under supervision). Got rid of hundreds of tracking cookies, found some nasties with Roguekiller and registry problems with MyTurbopc,which made me wonder why the hell I'm paying top dollar for Norton protection. I now have a quicker, cleaner computer but it remains to be seen whether I've found what was chewing up my usage. Last step was to download wireshark but that was too tech for me, have no idea what I'm looking at or looking for. So I've done what I can and any other advice will be much appreciated, cheers, Margaret

 

DDS LOG:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16518
Run by owner at 18:08:30 on 2014-02-15
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.61.1033.18.4095.2114 [GMT 10:00]
.
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AEADISRV.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe
c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe
C:\Program Files (x86)\Telstra\BigPond Wireless Broadband\TelstraUCM.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\JAN2OSD.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uWindow Title = Telstra BigPond Home Internet Explorer
uSearch Page = hxxp://www.telstra.com/
mStart Page = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\ips\ipsbho.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: surf, aNd keep: {FFBE9796-B3A0-080B-15BA-331DA493E47D} - LocalServer32 - <no file>
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coieplg.dll
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [Google Update] "C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [CAHeadless] C:\Program Files (x86)\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [HP KEYBOARDx] "C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE"
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [Buttons & OSDs control application gen3] c:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe
mRun: [BigPondWirelessBroadbandCM] "C:\Program Files (x86)\Telstra\BigPond Wireless Broadband\TelstraUCM.exe" -tsr
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDSMAR~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: Interfaces\{02AE8A7E-26F8-4105-ADD9-11BFE919907F} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{1FA9F623-1056-405D-883C-DFED4C93AA73} : DHCPNameServer = 10.0.0.138
TCP: Interfaces\{1FA9F623-1056-405D-883C-DFED4C93AA73}\E4564734F6D6D60275962756C65637370263033393 : DHCPNameServer = 192.168.20.1
TCP: Interfaces\{6F278362-2CF5-42D2-BE80-263CC2579EAE} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{79242A23-A242-4DF2-BE83-A0B86A08D810} : NameServer = 10.5.136.242 10.5.133.45
TCP: Interfaces\{964FA92D-95EC-4603-90B6-AECB1B0D63B9} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{9B1E45DC-9C83-4297-8CBE-43CE51C2E36C} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{B3544FAF-6205-46FE-9BD3-AD67AAF269E7} : DHCPNameServer = 61.9.194.49 61.9.211.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: YoutubeAdblocker: {00400746-07EA-3540-8463-09AD18073836} - LocalServer32 - <no file>
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coieplg.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-BHO: surf, aNd keep: {FFBE9796-B3A0-080B-15BA-331DA493E47D} - LocalServer32 - <no file>
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coieplg.dll
x64-Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
x64-Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe
x64-Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe /tray
x64-Run: [IntelliType Pro] "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\mhdrbbyj.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\owner\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Users\owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\owner\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-11-2 55856]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1501000.012\symds64.sys [2013-10-11 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1501000.012\symefa64.sys [2013-10-11 1147480]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.1.3\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [2014-1-28 1526488]
R1 ccSet_NIS;NIS Settings Manager;C:\Windows\System32\drivers\NISx64\1501000.012\ccsetx64.sys [2013-10-11 162392]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.1.3\Definitions\IPSDefs\20140214.001\IDSviA64.sys [2014-2-15 521944]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-23 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1501000.012\ironx64.sys [2013-10-11 264280]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1501000.012\symnets.sys [2013-10-11 590936]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-24 143120]
R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-9-1 169624]
R2 CalendarSynchService;CalendarSynchService;C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2009-9-10 22072]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-11-4 92160]
R2 HTCMonitorService;HTCMonitorService;C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [2013-4-12 87368]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-2-9 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-2-9 701512]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\nis.exe [2013-10-11 275696]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-12-7 167424]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2013-12-7 1229528]
R2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [2012-6-4 326544]
R2 TVCapSvc;TV Background Capture Service (TVBCS);C:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe [2009-10-6 296360]
R2 WDDMService;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-10-14 116224]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 ACPIService;Buttons and OSDs ACPI driver gen2;C:\Windows\System32\drivers\OSDACPI.SYS [2010-3-19 17992]
R3 AVerAVF2;AVerAVF2;C:\Windows\System32\drivers\AVerAVF2.sys [2010-11-11 1212416]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-11-21 137648]
R3 hidkmdf;Microsoft HID Class Shim for KMDF;C:\Windows\System32\drivers\hidkmdf.sys [2010-3-19 14328]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2013-3-3 87040]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-2-9 25928]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2009-10-12 763904]
R3 NW1950;NextWindow 1950 Touch Screen;C:\Windows\System32\drivers\NW1950.sys [2010-3-19 25080]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-3-19 239616]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-3-18 34872]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2009-2-13 14464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-10-18 57856]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2012-9-25 36928]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-13 111616]
S3 massfilter;ZTE Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter.sys [2012-1-4 9216]
S3 massfilter_lte;LTE Device Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter_LTE.sys [2012-1-4 18456]
S3 PSI;PSI;C:\Windows\System32\drivers\psi_mf_amd64.sys [2013-12-7 18456]
S3 swg3kser00;Sierra Wireless QMI USB Device for Legacy Serial Communication;C:\Windows\System32\drivers\swg3kser00.sys [2013-3-3 259328]
S3 swiwdmbx;Sierra Wireless USB Bus Service;C:\Windows\System32\drivers\swiwdmbx64.sys [2013-3-3 108800]
S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);C:\Windows\System32\drivers\swnc8ua3.sys [2013-3-3 300544]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-17 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-17 1255736]
S3 ZTEusbnet;ZTE USB-NDIS miniport;C:\Windows\System32\drivers\ZTEusbnet.sys [2012-10-31 135168]
.
=============== File Associations ===============
.
ShellExec: switch.exe: open="C:\Program Files (x86)\NCH Software\Switch\switch" "%L"
.
=============== Created Last 30 ================
.
2014-02-15 08:08:29    0    ---ha-w-    C:\Users\owner\BITFD42.tmp
2014-02-15 07:23:32    --------    d-----w-    C:\Users\owner\AppData\Roaming\DriverCure
2014-02-14 02:21:19    --------    d-----w-    C:\Users\owner\AppData\Local\Western_Digital
2014-02-14 00:17:48    --------    d-----w-    C:\ProgramData\WD_SmartWareCommon
2014-02-14 00:16:20    --------    d-----w-    C:\Users\owner\AppData\Roaming\Western Digital
2014-02-14 00:16:11    --------    d-----w-    C:\ProgramData\Western Digital
2014-02-14 00:15:02    --------    d-----w-    C:\Program Files\Western Digital
2014-02-14 00:15:02    --------    d-----w-    C:\Program Files (x86)\Western Digital
2014-02-14 00:13:22    --------    d-----w-    C:\Users\owner\AppData\Local\Western Digital
2014-02-12 23:10:25    548864    ----a-w-    C:\Windows\System32\vbscript.dll
2014-02-12 23:10:25    454656    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-02-12 23:07:55    4244480    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-02-12 23:07:54    5768704    ----a-w-    C:\Windows\System32\jscript9.dll
2014-02-12 23:07:35    1882112    ----a-w-    C:\Windows\System32\msxml3.dll
2014-02-12 23:07:34    2048    ----a-w-    C:\Windows\SysWow64\msxml3r.dll
2014-02-12 23:07:34    2048    ----a-w-    C:\Windows\System32\msxml3r.dll
2014-02-12 23:07:34    1237504    ----a-w-    C:\Windows\SysWow64\msxml3.dll
2014-02-12 23:04:14    --------    d-----w-    C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-09 09:16:55    --------    d-----w-    C:\Users\owner\AppData\Roaming\Malwarebytes
2014-02-09 09:16:44    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-02-09 09:16:43    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-02-09 09:16:43    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-09 08:14:35    --------    d-----w-    C:\Windows\ERUNT
2014-02-07 00:35:39    --------    d-----w-    C:\Users\owner\AppData\Local\Secunia PSI
2014-02-07 00:35:26    --------    d-----w-    C:\Program Files (x86)\Secunia
2014-02-05 00:13:39    --------    d-----w-    C:\Users\owner\AppData\Roaming\MyTurboPC.com
2014-02-05 00:13:12    --------    d-----w-    C:\Program Files (x86)\Common Files\MyTurboPC.com
2014-02-05 00:13:10    --------    d-----w-    C:\ProgramData\MyTurboPC.com
2014-02-05 00:13:10    --------    d-----w-    C:\Program Files (x86)\MyTurboPC.com
2014-02-05 00:06:43    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-05 00:06:43    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-04 05:06:35    --------    d-----w-    C:\Users\owner\AppData\Local\NPE
2014-01-31 09:22:34    --------    d-----w-    C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-01-20 08:44:59    99840    ----a-w-    C:\Windows\System32\drivers\usbccgp.sys
2014-01-20 08:44:59    7808    ----a-w-    C:\Windows\System32\drivers\usbd.sys
2014-01-20 08:44:59    53248    ----a-w-    C:\Windows\System32\drivers\usbehci.sys
2014-01-20 08:44:59    343040    ----a-w-    C:\Windows\System32\drivers\usbhub.sys
2014-01-20 08:44:59    325120    ----a-w-    C:\Windows\System32\drivers\usbport.sys
2014-01-20 08:44:59    30720    ----a-w-    C:\Windows\System32\drivers\usbuhci.sys
2014-01-20 08:44:59    25600    ----a-w-    C:\Windows\System32\drivers\usbohci.sys
2014-01-20 08:44:56    3156480    ----a-w-    C:\Windows\System32\win32k.sys
2014-01-20 08:44:53    376768    ----a-w-    C:\Windows\System32\drivers\netio.sys
.
==================== Find3M  ====================
.
2014-02-06 11:30:46    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:01:36    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32    2041856    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:24:52    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2014-02-06 09:09:30    1964032    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-12-24 23:09:41    1987584    ----a-w-    C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32    2565120    ----a-w-    C:\Windows\System32\d3d10warp.dll
2013-12-06 14:47:12    18456    ----a-w-    C:\Windows\System32\drivers\psi_mf_amd64.sys
2013-12-04 02:27:33    485888    ----a-w-    C:\Windows\System32\secproc_isv.dll
2013-12-04 02:27:33    123392    ----a-w-    C:\Windows\System32\secproc_ssp_isv.dll
2013-12-04 02:27:33    123392    ----a-w-    C:\Windows\System32\secproc_ssp.dll
2013-12-04 02:27:16    488448    ----a-w-    C:\Windows\System32\secproc.dll
2013-12-04 02:26:32    528384    ----a-w-    C:\Windows\System32\msdrm.dll
2013-12-04 02:16:51    658432    ----a-w-    C:\Windows\System32\RMActivate_isv.exe
2013-12-04 02:16:51    626176    ----a-w-    C:\Windows\System32\RMActivate.exe
2013-12-04 02:16:50    552960    ----a-w-    C:\Windows\System32\RMActivate_ssp_isv.exe
2013-12-04 02:16:48    553984    ----a-w-    C:\Windows\System32\RMActivate_ssp.exe
2013-12-04 02:03:20    87040    ----a-w-    C:\Windows\SysWow64\secproc_ssp_isv.dll
2013-12-04 02:03:20    87040    ----a-w-    C:\Windows\SysWow64\secproc_ssp.dll
2013-12-04 02:03:20    423936    ----a-w-    C:\Windows\SysWow64\secproc_isv.dll
2013-12-04 02:03:08    428032    ----a-w-    C:\Windows\SysWow64\secproc.dll
2013-12-04 02:02:06    390144    ----a-w-    C:\Windows\SysWow64\msdrm.dll
2013-12-04 01:54:14    510976    ----a-w-    C:\Windows\SysWow64\RMActivate_ssp.exe
2013-12-04 01:54:10    594944    ----a-w-    C:\Windows\SysWow64\RMActivate_isv.exe
2013-12-04 01:54:09    572416    ----a-w-    C:\Windows\SysWow64\RMActivate.exe
2013-12-04 01:54:06    508928    ----a-w-    C:\Windows\SysWow64\RMActivate_ssp_isv.exe
2013-11-26 08:16:50    3419136    ----a-w-    C:\Windows\SysWow64\d2d1.dll
2013-11-23 18:26:20    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll
2013-11-22 22:48:21    3928064    ----a-w-    C:\Windows\System32\d2d1.dll
.
============= FINISH: 18:08:58.12 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:00 AM

Posted 17 February 2014 - 03:32 PM

Good evening. :)

When you say that your wireless device is activated with a PIN, what exactly do you mean? My wireless kit has a password to access the internal settings and another to connect my PC to it.

Also, do you have an application on your PC to monitor your internet usage, or are you relying on your ISP to inform you of what is being downloaded?

Finally, assuming that you are using the modem wirelessly, what security are you using - WEP, WPA, WPA2 etc...


So long, and thanks for all the fish.

 

 


#3 bytefright

bytefright
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 19 February 2014 - 05:25 PM

Hi Noviciate,

Sorry for the late reply – haven’t been able to get near the computer for various reasons. My wireless modem is a Telstra USB 4G          Sierra Wireless AirCard 320U WWAN Modem. It plugs into a desktop USB port. The PIN accesses software – Telstra Broadband Manger 3.15.21015 - which connects the modem to the internet. That is the only PIN I have.  I don’t have an independent application to monitor internet usage; I rely on the logs from the Broadband Manager itself and data usage info I get from my Telstra account.  And as to security – Telstra assures me that the only way to access my broadband is through physically plugging the modem into the USB port, that it is like a mobile phone and no one can use it except the person using the phone. So, no, I don’t have security because they told me I didn’t need it. That was one of the first things I did - chase up Telstra about someone accessing my Sierra. Thanks for your help, Margaret



#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:00 AM

Posted 21 February 2014 - 02:56 PM

Good evening. :)

Would it be possible for you to ask your ISP whether the data is being downloaded or uploaded using your connection - I don't have any direct experience with the kit you are using, but I would have thought that having a cable connection rules out a hacked wireless connection, given that you don't have that option available to you. If somebody is somehow using your connection then the data being transferred is likely to involve more downloads than uploads; however if your PC has a nasty that is sending spam or taking part in some sort of DOS attack then the data would tend to be more uploaded.

 

I'd also like you to run a scan and see what that picks up:

 

Pay a visit to the ESET Online Scanner.
 

  • Click the Run ESET Online Scanner button.
  • If you are using any other browser than IE, you will be prompted to download and run esetsmartinstaller_enu.exe and the scan will run from within the window that the executable opens.
  • Regardless of which browser you are using, you will be shown some terms and conditions and you will need to accept these to continue.
  • If you are running IE for this scan you will then be prompted to allow an ActiveX component to be downloaded, unless you already have it installed, and the scan will run inside IE.
  • When you see the Computer Scan Settings window, you will need to make the following changes:
    • UNCHECK Remove found threats - this is important.
    • Check Scan archives
    • Click on Advanced settings
    • Check Scan for potentially unsafe applications
  • Once ready, click Start to begin - not a surprise really!
  • The anti-virus definitions will now be downloaded, so don't forget to allow them through your firewall if prompted.
  • The above will take a little time, so now is a good time to fire up the kettle and open the biccies.
  • Once the scan has completed you will be shown the results - assuming that the scanner has found anything.
  • Click List of found threats and then Export to text file... and save the log somewhere convenient.
  • You can then close out the scanner - don't bother uninstalling it as you may need to use it again.
  • Please post the contents of this file in your next reply, or let me know that nothing was identified.

 


So long, and thanks for all the fish.

 

 


#5 bytefright

bytefright
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 25 February 2014 - 01:26 AM

Hi Noviciate, I had a few problems running the ESET scanner (kept stopping at about 30% completed) but finally got finished results; it found 9 problems as follows:

 

C:\Users\NatTrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cinnhamiefbjlmmpabfjineghloicjck\2.19\N_39_7c.js    Win32/Adware.MultiPlug.H application
C:\Users\NatTrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckhjfoaehpdinjfbmjllchmcemflnfoa\1.0\C__Z.js    Win32/Adware.MultiPlug.H application
C:\Users\NatTrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdlhmigiidfmnogngmnabgjaokjejlla\1.0\pplPK0SQ9dR.js    Win32/Adware.MultiPlug.H application
C:\Users\owner\Downloads\ccsetup405.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\owner\Downloads\SetupImgBurn_2.5.2.0.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\owner\Downloads\Shockwave_Installer_Slim.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\owner\Downloads\spsetup122.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\owner\Downloads\spsetup123.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\owner\Downloads\Utilities\spsetup122.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application

 

The ISP log information is a bit harder to get. The logs I access through my online account only give totals, no separation between download/upload data usage. Means I'll have to sit in a phone queue for hours and invariably losing my temper with the call centre operatives who seem unable to answer plain questions. So I've been putting it off but will face up to it tomorrow. In the meantime, I did a screenshot of the small log I can access from the Broadband Manager - Well, that didn't work (using Word/Paste icon above tried to paste Screen shot into window but for some reason won't work)  so will summarise: over 23/4/5 Feb sent: 7 MB, 296 KB, received 108 MB, 392KB, so, in this period, downloads are much heavier than uploads. From memory, on those days I did little on the computer - accessed email and did some online shopping. Will go do battle with Telstra flak and get back to you tomorrow with more comprehensive logs. Until then, thanks for the help, Margaret

  



#6 bytefright

bytefright
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 25 February 2014 - 01:39 AM

Hi Noviciate, I was intrigued by you location - imagined a tiny island called Xschenumnti somewhere off Hong Kong but when I googled it found out how wrong I was (http://www.theguardian.com/uk/2007/apr/04). /britishidentity.features11). At BC I just learn and learn, chuckling, Margaret



#7 bytefright

bytefright
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 25 February 2014 - 01:40 AM

That was supposed to copy as http://www.theguardian.com/uk/2007/apr/04/britishidentity.features11, M



#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:00 AM

Posted 25 February 2014 - 03:28 PM

Good evening. :)

 

I sympathise with you with regard to the call center numpties as I tend to go off on one quite quickly when simple tasks seem to be beyond the ability of customer disservice operatives.

 

You said in your other thread that "Last month I was away on holidays, didn't access the internet for a couple of weeks, when I came back on line it was to find that I had an excess data usage warning and most of my allowance was used". That reads as if your allowance was being used while you were away from home.

Assuming this is the case, would it be possible for you to access your log for the total usage so far just before you disconnect from the internet and shut your modem down and then check the log again when you reconnect. If you can do this each time you log off and then log on it may show usage outside of the times that your connection is available to your machine.

 

If it doesn't cause any issues with your internet access on reconnection, can you disconnect the modem from the USB port when you are finished with the internet.


So long, and thanks for all the fish.

 

 


#9 bytefright

bytefright
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 27 February 2014 - 11:42 PM

Hi Noviciate, That's a good idea about checking the log on disconnection/ reconnection. I feel stupid not to have thought of that myself. I always take the modem device out of the destop USB port whenever I disconnect from the internet, which is why I feel so sure something fishy is going on. I've had no luck with getting logs from Telstra with info on download vs upload usage. Although I have access to a 3 day session log via the Broadband Manager, which does split usage into download/upload, the ISP tells me that info is striclty client-side info, that all they see is a summary of total usage. I found this hard to believe but the guy I was chatting to was insistent that there was no way I could get that info, nor backdate logs further than the current billing period. What I did find out that was useful was that this Sierra Wireless mobile device uses WPA encryption and has TWO passwords - the one I knew about (the software PIN) and another, a WIFI password that connects the device to the internet. Once its logged on, the first time its operated, the password is remembered by the computer. However, I still don't understand how the WIFI password was implemented the first time as I have no memory of doing it. Anyway, apparently I can change the WIFI password if I log onto the Telstra 4g homepage, use an admin password and go to WIFI settings. When I said to the consultant that I still felt very uncertain about the security of the whole operation this is the reply (it was through online chat)

"Even the Pentagon and NASA have been hacked. However, these are high value targets - that require a whole team of highly experienced hackers. Ultimately, WPA encryption is very hard to hack and if a person had the skills, time and patience to do it, they'd be targeting something else rather than your wifi.
In saying that, if you believe that someone may have your wifi password - then you can always change your wifi password just to be sure. 

 

So that's my next step - change the WIFI password. And shall I delete the 9 problems that ESET found? cheers, M



#10 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:00 AM

Posted 28 February 2014 - 02:37 PM

Good evening. :)

 

Once you've changed your password, monitor the logs for a few days and see what you can find out.

 

 

shall I delete the 9 problems that ESET found?

 

Feel free.

 

 


So long, and thanks for all the fish.

 

 


#11 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:00 AM

Posted 17 March 2014 - 02:29 PM

Given that there has been no addition to this thread for over two weeks I have to consider it closed and lock it.


So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users