Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Have PC and Laptop sharing satellite internet, data disappearing


  • Please log in to reply
24 replies to this topic

#1 rickmcm

rickmcm

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:42 AM

Posted 07 August 2015 - 01:13 AM

I have a Toshiba Satellite C55-A laptop with Windows 8 and an eMachines EL1360G PC with Windows 7. I use Hughesnet satellite internet and have noticed a massive increase in data usage. Our monthly download allowance of 10Gb used to last 35-40 days, now lasts only 20, and 500Mb can be used when we're not home.

 

Clearly something odd is happening. I have run MBAM on both machines but found only PUPs. I have tried to run Spybot but it won't update.

 

   



BC AdBot (Login to Remove)

 


#2 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,813 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:42 PM

Posted 07 August 2015 - 01:22 AM

Have you contacted Hughesnet  ?


Condobloke ...Outback Australian  

 

fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

 

Microsoft gives you Windows, Linux gives you the whole house...

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

#3 Firehouse

Firehouse

  • Members
  • 637 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:42 PM

Posted 07 August 2015 - 01:37 AM

Hello,
 
please download MiniToolBox by Farbar and save it to your desktop.
 
Run tool as Administrator and make sure that these options are checked :
 

  • Flush DNS
  • Reset IE Proxy Settings
  • Reset FF Proxy Settings
  • List Installed Programs

Post log here .
 
Step 2
 
Download TFC by OldTimer and save it to your desktop.
 
Run it as Administrator and click on Start button.
 
If programs need reboot, allow it to do so.
 
NOTE: IF your desktop disappears, don't panic, it's normal.



#4 rickmcm

rickmcm
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:42 AM

Posted 07 August 2015 - 06:42 AM

Hello,
 
please download MiniToolBox by Farbar and save it to your desktop.
 
Run tool as Administrator and make sure that these options are checked :
 

  • Flush DNS
  • Reset IE Proxy Settings
  • Reset FF Proxy Settings
  • List Installed Programs

Post log here .

 

Here is MiniToolBox log for Toshiba laptop:

 

MiniToolBox by Farbar  Version: 25-07-2015 01
Ran by Rick (administrator) on 07-08-2015 at 07:28:59
Running from "C:\Users\Rick\Downloads"
Microsoft Windows 8  (X64)
Model: Satellite C55-A Manufacturer: TOSHIBA
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

"Reset FF Proxy Settings": Firefox Proxy settings were reset.


=========================== Installed Programs ============================

Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
AppCloudUpdater (HKCU\...\AppCloudUpdater) (Version:  - AppCloudUpdater)
Apple Application Support (HKLM-x32\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2223 - AVAST Software)
Bejeweled 3 (HKLM-x32\...\WTA-ac18fae5-0a5b-41af-9ba1-2bf142b02056) (Version: 2.2.0.97 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bonusprint (HKCU\...\{22BBE99C-4A0D-4EB4-A139-14CFD848C0F8}_is1) (Version:  - Bonusprint)
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
Chuzzle Deluxe (HKLM-x32\...\WTA-1473d981-97c4-45e5-a8da-1ae9a049b74d) (Version: 2.2.0.95 - WildTangent) Hidden
Dashlane (HKCU\...\Dashlane) (Version: 3.5.0.89717 - Dashlane SAS)
DTS Sound (HKLM-x32\...\{5A5BA3BD-630B-4707-A46C-788CF6A82AD9}) (Version: 1.00.0057 - DTS, Inc.)
Elementals - The Magic Key (HKLM-x32\...\WTA-d145cfd3-e952-459e-b4d0-995b1128f87f) (Version: 2.2.0.97 - WildTangent) Hidden
EPSON WorkForce 520 Series Printer Uninstall (HKLM\...\EPSON WorkForce 520 Series) (Version:  - SEIKO EPSON Corporation)
EZ-Pix (HKLM-x32\...\EZ-Pix_is1) (Version: v8.0 - Xequte Software)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.28.1 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HomeGauge5 (HKLM-x32\...\HomeGauge5) (Version: 5.1.24.0 - SHGI Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3040 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.4.1001 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.)
Jack of All Tribes (HKLM-x32\...\WTA-45566bc8-2907-45da-9169-85b30491e22d) (Version: 2.2.0.97 - WildTangent) Hidden
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Java™ 6 Update 30 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216030FF}) (Version: 6.0.300 - Oracle)
King Oddball (HKLM-x32\...\WTA-703c1ad7-91e6-4b13-b4f5-571352da0ac3) (Version: 3.0.2.48 - WildTangent) Hidden
Luxor Evolved (HKLM-x32\...\WTA-35dbbed9-107a-4952-b5f3-6df45528369e) (Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4737.1003 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 39.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0.3 (x86 en-US)) (Version: 39.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyDriveConnect 3.3.0.1812 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1812 - TomTom)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.12.73 - Electronic Arts, Inc.)
Photo! Editor 1.1 (HKLM-x32\...\PhotoToolkit_is1) (Version:  - )
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-036ebbde-654b-46d4-9157-40def0706849) (Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Pokki (HKCU\...\Pokki) (Version: 0.262.11.408 - Pokki)
Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.13 - Qualcomm Atheros Communications Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Realtek USB Card Reader (HKLM-x32\...\{1E496A68-4943-424E-829D-5C3C85B7B8F2}) (Version: 6.2.9200.39041 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0021 - REALTEK Semiconductor Corp.)
Setup1 (HKLM-x32\...\{CC44C1E5-7DEB-4171-A46F-2B4BD776DFA5}) (Version: 1.0.0 - Default Company Name)
SleepMapper Data Card Uploader 2.0.0.0 (HKLM-x32\...\4414-4382-9884-2117) (Version: 2.0.0.0 - © 2014 Koninklijke Philips N.V.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
StartW8 1.2.111.0 (HKLM-x32\...\{2FA895E0-C8CF-4216-90AB-C2E21A62BCB1}) (Version: 1.2.111.0 - SODATSW spol. s r. o.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.5 - TOSHIBA)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.15.4 - Toshiba Corporation)
Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.01.02.6405 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.3.6403 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6629.6406 - Toshiba Corporation)
TOSHIBA HDD Accelerator (HKLM\...\{DB4D9937-0B14-4EF1-BF9A-BB7E3B9DCB04}) (Version: 2.0.0001 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v2.0.0.7 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.0.01.55004008 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.5.03 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{6499E894-43F8-458B-AE35-724F4732BCDE}) (Version: 2.5.6 - Toshiba Corporation)
Toshiba Start (HKCU\...\Pokki_b52b7a05ea010d22183cece45cbb6e86cf917a76) (Version: 1.0.0.0 - Pokki)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0020 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0007.32003 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.5.59 - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba) (Version: 4.0.11.9 - WildTangent) Hidden
Wonderland Solitaire (HKLM-x32\...\WTA-8b4a0e9e-531f-41bb-b753-bfcb79c638d9) (Version: 2.2.0.110 - WildTangent) Hidden
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.16.938 - Zemana Ltd.)

**** End of log ****


 
Step 2
 
Download TFC by OldTimer and save it to your desktop.
 
Run it as Administrator and click on Start button.

 

If programs need reboot, allow it to do so.
 
NOTE: IF your desktop disappears, don't panic, it's normal.



#5 rickmcm

rickmcm
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:42 AM

Posted 07 August 2015 - 06:47 AM



 
Step 2
 
Download TFC by OldTimer and save it to your desktop.
 
Run it as Administrator and click on Start button.
 
If programs need reboot, allow it to do so.
 
NOTE: IF your desktop disappears, don't panic, it's normal.

 

***Tried downloading TFC - was redirected to GeekstoGo for download but when I click on Download button, I get message:

 

"The connection was reset

The connection to the server was reset while the page was loading.

    The site could be temporarily unavailable or too busy. Try again in a few moments.
    If you are unable to load any pages, check your computer's network connection.
    If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web."



#6 rickmcm

rickmcm
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:42 AM

Posted 07 August 2015 - 06:50 AM

Have you contacted Hughesnet  ?

Yep, we got a shrug of the shoulders.



#7 Firehouse

Firehouse

  • Members
  • 637 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:42 PM

Posted 07 August 2015 - 07:09 AM

We will need to uninstall some unwanted / unneeded programs :

 

  • Spybot - Search & Destroy
  • AppCloudUpdater

After uninstallation, restart your computer and proceed to next step :

 

Download AdwCleaner by Xplode and save it to your desktop.
 
Run tool as Administrator, accept terms of usage, and wait while database is updating.
 
After it's done with updating, click Scan button and wait while it's scanning.
 
All found items remove by clicking on Cleaning button, and allow tool to restart.
 
After restart will make a log which you will attach or paste in your reply.

Download JRT by Malwarebytes and save it to your desktop.

Run tool as Administrator,accept disclaimer by pressing Y, and wait while it's scanning system.

Tool will automatically scan and remove all found items, if tool requires restart, allow it to do so.

Attach log here.

 

Scan with Malwarebytes AntiRootkit
 
Please download MBAR and save it to your desktop.
 
Run tool as Administrator, tool will extract itself, and then launch.
 
Click Next to accept terms and conditions, and click Update to obtain latest definitions.
 
If malware is found click on Cleanup button , but make sure that Create restore point option is checked before proceeding !
 
Program will ask you to restart, allow it to do so.

Note: If you're experiencing internet connection issues or other anomalies after running MBAR and removal of rootkits, it is recommended to run fixdamage.exe located inside mbar folder. Run it as Administrator and press Y if asks you do you want to continue.

 

Attach log here.



#8 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,813 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:42 PM

Posted 07 August 2015 - 08:08 AM

While it is quite possible that your system is infected....I am not sure that would be the source of "massive data loss"

 

Have there been any changes to the habits of those who use these PC's ?

 

Have you had any contact from people via phone wishing to connect to your pc to fix problems...etc...?

 

Has anything been installed via a usb drive (flash drive, pen drive..)....?

 

I am unfamiliar with satellite hook ups.....so i must ask ....is there a router/modem involved in the set up ?

 

Does it have a password ?....do you know what that password is ?


Condobloke ...Outback Australian  

 

fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

 

Microsoft gives you Windows, Linux gives you the whole house...

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

#9 rickmcm

rickmcm
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:42 AM

Posted 07 August 2015 - 11:00 AM

We will need to uninstall some unwanted / unneeded programs :

 

  • Spybot - Search & Destroy
  • AppCloudUpdater

After uninstallation, restart your computer and proceed to next step :

 

Download AdwCleaner by Xplode and save it to your desktop.
 
Run tool as Administrator, accept terms of usage, and wait while database is updating.
 
After it's done with updating, click Scan button and wait while it's scanning.
 
All found items remove by clicking on Cleaning button, and allow tool to restart.
 
After restart will make a log which you will attach or paste in your reply.

 

**********I uninstalled Spybot as instructed and tried uninstalling AppCloudUpdater. I got message that there was an error uninstalling AppCloudUpdater, tht it may have already been uninstalled and asking if I wanted to remove it from Programs and Features.

 

I selected Yes and restarted PC and ran AdwCleaner. As you will see from the Log File below, AppCloudUpdater still appears...

 

*********AdwCleaner Log Here...

 

# AdwCleaner v4.208 - Logfile created 07/08/2015 at 11:53:57
# Updated 09/07/2015 by Xplode
# Database : 2015-08-01.1 [Server]
# Operating system : Windows 8  (x64)
# Username : Rick - RICKLAPTOP
# Running from : C:\Users\Rick\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml
File Found : C:\Users\Rick\daemonprocess.txt
Folder Found : C:\Users\Administrator\Favorites\StumbleUpon
Folder Found : C:\Users\Rick\AppData\Local\genienext
Folder Found : C:\Users\Rick\AppData\Local\Mobogenie
Folder Found : C:\Users\Rick\AppData\Local\pokki
Folder Found : C:\Users\Rick\Documents\Mobogenie
Folder Found : C:\Users\Rick\Favorites\StumbleUpon
Folder Found : C:\Users\Rick\Favorites\StumbleUpon

***** [ Scheduled tasks ] *****

Task Found : AppCloudUpdater

***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_b52b7a05ea010d22183cece45cbb6e86cf917a76
Key Found : HKCU\Software\Pokki
Key Found : [x64] HKCU\Software\Pokki
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{442718d9-475e-452a-b3e1-fb1ee16b8e9f}]

***** [ Web browsers ] *****

-\\ Internet Explorer v10.0.9200.16537


-\\ Mozilla Firefox v39.0.3 (x86 en-US)

[mg7vx85d.default] - Line Found : user_pref("extensions.dashlane.safesearchcapable", false);
[mg7vx85d.default] - Line Found : user_pref("extensions.toolbar.mindspark._5aMembers_.lastActivePing", "1437083697422");
[mg7vx85d.default] - Line Found : user_pref("extensions.toolbar.mindspark.lastInstalled", "mywebface@mindspark.com");

*************************

AdwCleaner[R0].txt - [2223 bytes] - [07/08/2015 11:46:56]
AdwCleaner[R1].txt - [2140 bytes] - [07/08/2015 11:53:57]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [2199 bytes] ##########
 

 

 



#10 rickmcm

rickmcm
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:42 AM

Posted 07 August 2015 - 11:08 AM



Download JRT by Malwarebytes and save it to your desktop.

Run tool as Administrator,accept disclaimer by pressing Y, and wait while it's scanning system.

Tool will automatically scan and remove all found items, if tool requires restart, allow it to do so.

Attach log here.

 

***********JRT LOG:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.5 (08.05.2015:1)
OS: Windows 8 x64
Ran by Rick on Fri 08/07/2015 at 12:02:17.78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\pokki



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\Users\Rick\Appdata\Local\genienext
Successfully deleted: [Folder] C:\Users\Rick\Appdata\Local\mobogenie
Successfully deleted: [Folder] C:\Users\Rick\Appdata\Local\pokki



~~~ FireFox

Failed to delete: [Folder] C:\Users\Rick\AppData\Roaming\mozilla\firefox\profiles\mg7vx85d.default\extensions\trash
Successfully deleted the following from C:\Users\Rick\AppData\Roaming\mozilla\firefox\profiles\mg7vx85d.default\prefs.js

user_pref(extensions.dashlane.safesearchcapable, false);
user_pref(extensions.toolbar.mindspark._5aMembers_.lastActivePing, 1437083697422);
user_pref(extensions.toolbar.mindspark.lastInstalled, mywebface@mindspark.com);
Emptied folder: C:\Users\Rick\AppData\Roaming\mozilla\firefox\profiles\mg7vx85d.default\minidumps [15 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 08/07/2015 at 12:05:44.14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 



#11 rickmcm

rickmcm
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:42 AM

Posted 07 August 2015 - 11:26 AM



Please download MBAR and save it to your desktop.
 
Run tool as Administrator, tool will extract itself, and then launch.
 
Click Next to accept terms and conditions, and click Update to obtain latest definitions.
 
If malware is found click on Cleanup button 

 

*********No Malware Found



#12 Firehouse

Firehouse

  • Members
  • 637 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:42 PM

Posted 07 August 2015 - 11:31 AM

Try to do a scan with NPE to see is there more risks.

 

http://www.norton.com/npe



#13 rickmcm

rickmcm
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:42 AM

Posted 07 August 2015 - 11:31 AM

While it is quite possible that your system is infected....I am not sure that would be the source of "massive data loss"

 

Have there been any changes to the habits of those who use these PC's ? - *****No, no change of usage, just my wife and me

 

Have you had any contact from people via phone wishing to connect to your pc to fix problems...etc...? - No, not at all

 

Has anything been installed via a usb drive (flash drive, pen drive..)....?  No, nothing installed from USB drive

 

I am unfamiliar with satellite hook ups.....so i must ask ....is there a router/modem involved in the set up ?Yes, there is a modem which is connected to my own wifi router

 

Does it have a password ?....do you know what that password is ? Yes, router is password-protected, and we live 20 miles out in the country. Have next-door neighbour, but little else

 

We are limited to 10Gb per month and 500Mb can disappear in an hour when we're not even home. 



#14 rickmcm

rickmcm
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:42 AM

Posted 07 August 2015 - 11:54 AM

Try to do a scan with NPE to see is there more risks.

 

http://www.norton.com/npe

Completed NPE scan, No Threats Found. It did find an older version of Java which I have uninstalled and am now installing latest version.



#15 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,813 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:42 PM

Posted 07 August 2015 - 08:31 PM

Have a look in task scheduler for me please...

 

To remove a scheduled task

1.

Open Scheduled Tasks.

2.

Right-click the task that you want to remove, and then click Delete.

Note

To open Scheduled Tasks, click Start, click All Programs, point to Accessories, point to System Tools, and then click Scheduled Tasks

Removing a scheduled task only removes the task from the schedule. The program file the task runs is not removed from the hard disk.

You can also remove a scheduled task by selecting it and then pressing DELETE.

 

If there is something there is not known to you and you are going to delete it.....take note of the name of the program that it starts/runs before deleting it

 


Condobloke ...Outback Australian  

 

fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

 

Microsoft gives you Windows, Linux gives you the whole house...

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users