Laptop downloading data without reason

**Data838** · 02-03-2023, 02:53 AM

Yes, web advisor seems to be gone, it’s just that I saw that GeekUninstaller offered Uninstall option for other programs and I used removal because the Uninstall option wasn’t available.

I guess I’ll be able to tell you if it worked only after several hours I just observed that since the moment I started applying your latest instructions which was 30-40 min. ago, 1 GB of information was downloaded in my disk C, although I don’t think that by downloading removal tools or applying the fix would have used this amount of information.

**Malnutrition** · 02-03-2023, 07:08 AM

Disable windows update, and only enable it once a week to update on your terms not whenever microsoft feels you need an update.

Download Autologger to your desktop.
Disable your Anitivirus/Defender prior to running.

[ul]
[li]Unzip it there. – If you are unsure how to unzip a program, then use ---- http://www.7-zip.org/ ----[/li][li]Right click Autologger and run as administrator. (Xp user double click)[/li][li]AVZ4 will open and scan your machine, allow this to complete.[/li][li]Upload Collectionlog.zip to your next reply.[/li][/ul]

**Data838** · 02-03-2023, 07:40 AM

I hope it’s the right one.

**Malnutrition** · 02-03-2023, 11:04 PM

@Data838 Look in the Autologger folder and drag out the [COLOR=rgb(184, 49, 47)]CheckBrowsersLNK file.
To your desktop.
AutoLogger\CheckBrowserLnk

Drag and drop onto the ClearLNK utility .
After saving ClearLNK to desktop.
[IMG alt=“move.gif”]https://dragokas.com/tools/move.gif

Right click Run HijackThis! [COLOR=rgb(184, 49, 47)]as admin! (located in the folder …Autologger\HijackThis)
Do a system scan, then check each item below, [COLOR=rgb(184, 49, 47)]make sure and only check the items listed.
Then click Fix checked.
The computer will need to reboot, allow it to do so.

Code:

O22 - Task: (damaged) C:\WINDOWS\System32\Tasks\Mozilla (empty)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2ABEEE59-E55F-4B47-A1A3-15BA0035616D} - \Mozilla\Firefox Background Update 308046B0AF4A39CB (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B5D860C-085F-4F4B-9D99-D7C612E11F31} - \Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS (empty)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WaterfoxLimited (empty)
O22 - Tasks: (damaged) AsusSystemAnalysis_754F3273-0563-4F20-B12F-826510B07474 - C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_0100494bef227dd5\ASUSSystemAnalysis\AsusSystemAnalysis.exe -j0 (user missing)
O22 - Tasks: ASUS Update Checker 2.0 - C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_0100494bef227dd5\ASUSSoftwareManager\AsusUpdateChecker.exe
O22 - Tasks: AsusSystemAnalysis_754F3273-0563-4F20-B12F-826510B07474 - C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_0100494bef227dd5\ASUSSystemAnalysis\AsusSystemAnalysis.exe -j0
O22 - Tasks: EOSv3 Scheduler onLogOn - C:\Users\acco5\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe LOGON (file missing)
O22 - Tasks: EOSv3 Scheduler onTime - C:\Users\acco5\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe SCHED (file missing)
O22 - Tasks_Migrated: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft)
O22 - Tasks_Migrated: (telemetry) NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe
O22 - Tasks_Migrated: (telemetry) NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe
O22 - Tasks_Migrated: (telemetry) NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe
O22 - Tasks_Migrated: (telemetry) NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe
O22 - Tasks_Migrated: \ASUS\ASUSUpdateTaskMachineCore - C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe /c
O22 - Tasks_Migrated: \ASUS\ASUSUpdateTaskMachineUA - C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe /ua /installsource scheduler
O22 - Tasks_Migrated: \McAfee\DAD.Execute.Updates - C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe (file missing)
O22 - Tasks_Migrated: \McAfee\McAfee Auto Maintenance Task Agent - {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} - (no file)
O22 - Tasks_Migrated: \McAfee\McAfee Idle Detection Task - {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} - (no file)
O22 - Tasks_Migrated: \McAfee\StartOOBEFix - C:\Program Files\Common Files\McAfee\OOBE\McOOBEFix.exe (file missing)
O22 - Tasks_Migrated: ASUS Optimization 36D18D69AFC3 - C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_e72ab2c70c461382\ASUSOptimization\AsusHotkeyExec.exe -CancelShutdown (file missing)
O22 - Tasks_Migrated: ASUS Update Checker 2.0 - C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_e72ab2c70c461382\ASUSSoftwareManager\AsusUpdateChecker.exe (file missing)
O22 - Tasks_Migrated: McAfee Remediation (Prepare) - C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe /prepare (file missing)
O22 - Tasks_Migrated: McAfeeLogon - C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe /platui /runkey (file missing)
O26 - Debugger: HKLM\..\EOSnotify.exe: [Debugger] = / (file missing)
O26 - Debugger: HKLM\..\InstallAgent.exe: [Debugger] = / (file missing)
O26 - Debugger: HKLM\..\MoNotificationUx.exe: [Debugger] = / (file missing)
O26 - Debugger: HKLM\..\MusNotification.exe: [Debugger] = / (file missing)
O26 - Debugger: HKLM\..\MusNotificationUx.exe: [Debugger] = / (file missing)
O26 - Debugger: HKLM\..\remsh.exe: [Debugger] = / (file missing)
O26 - Debugger: HKLM\..\SihClient.exe: [Debugger] = / (file missing)
O26 - Debugger: HKLM\..\UpdateAssistant.exe: [Debugger] = / (file missing)
O26 - Debugger: HKLM\..\upfc.exe: [Debugger] = / (file missing)
O26 - Debugger: HKLM\..\UsoClient.exe: [Debugger] = / (file missing)
O26 - Debugger: HKLM\..\WaaSMedic.exe: [Debugger] = / (file missing)
O26 - Debugger: HKLM\..\WaasMedicAgent.exe: [Debugger] = / (file missing)
O26 - Debugger: HKLM\..\Windows10Upgrade.exe: [Debugger] = / (file missing)
O26 - Debugger: HKLM\..\Windows10UpgraderApp.exe: [Debugger] = / (file missing)

Download TaskSchedulerView (64-bit) and disable the task below, unless you know you need them.

C:\WINDOWS\system32\tasks\Microsoft\Windows\Workpl ace Join\Automatic-Device-Join
C:\WINDOWS\system32\tasks\Microsoft\Windows\Workpl ace Join\Recovery-Check
C:\WINDOWS\system32\tasks\Microsoft\Windows\Window s Media Sharing\UpdateLibrary
C:\WINDOWS\system32\tasks\Microsoft\XblGameSave\Xb lGameSaveTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Remote Assistance\RemoteAssistanceTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\HelloF ace\FODCleanupTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Custom er Experience Improvement Program\Consolidator

Download Autoruns and Autorunsc Unzip it to your desktop and then right click

[IMG alt=“Capture.PNG”]https://pchelpforum.net/attachments/capture-png.9995/
Run as Admin.
After the scan is finished then click on File----Then click----Save
The default name will be autoruns.arn make sure to leave it this way.
Attach the file in your next reply.
If the file is too large, then use catbox.moe or Ufile.io and send the link in your next reply.[/IMG][/COLOR]

**Data838** · 02-04-2023, 04:16 AM

Since I last wrote, I think the amount of the data downloaded has more or less gone back to normal, at least it has been approximately the one I use every day. Also, I didn’t see my laptop downloading data from the internet by itself while I wasn’t using it. The only thing that persisted until now was the C disk filling up slowly.

Here’s the link to the file, only its default name wasn’t autoruns.arn, I left the one the software gave it, as well as pchelpforum.net wouldn’t let me attach it to this message because it didn’t have an extension accepted here.

Upload files for free - LAPTOP-6ODOHNQP.arn - ufile.io

https://ufile.io/4kntbb50

Download LAPTOP-6ODOHNQP.arn for free from ufile.io instantly, no signup required and no popup ads

**Malnutrition** · 02-04-2023, 06:14 AM

Do you use one drive? If not uninstall/disable it.

How to Turn Off OneDrive on Windows

https://www.howtogeek.com/845208/how-to-turn-off-onedrive-on-windows/

Want to turn off OneDrive? This guide can help.

Right Click Autoruns and run as admin.

Uncheck the items I have marked in the screen shots below, then reboot your machine. You only really need your antivirus to start with your computer, the anything else can be started by you manually. By double clicking the program

[ATTACH type=“full” alt=“1675573753942.png”]11490[/ATTACH]

[ATTACH type=“full” alt=“1675573835817.png”]11491[/ATTACH]

[COLOR=rgb(184, 49, 47)]Now please re run and give me updated FRST and Addition.txt logs.

Also, as far as your free space…

The downloads folder is easily a good place to start, you can free up a lot of space from here easily, open it up check it out and decide what needs to go.
C:\Users\acco5\downloads

You can use Treesize to find files on your machine that you may wish to delete. I am curious as to where all this data was downloaded, this should help you identify large files that you can delete.

You can use the Everything Search Engine to find and remove files from your machine.
[ul]
[li]Searching for file extensions in Everything Search, to help you along the way is easy.[/li][li]You can simply type .mp3 to find all of your music, or .mp4 to find your videos.[/li][li]You can open the file from the tools gui by double clicking it, and then decide if it needs to go.[/li][/ul][/COLOR]

**Data838** · 02-06-2023, 03:54 AM

Well, since last time my main concern was that after applying your previous solutions it continued to fill up space a little, until it stopped at some point and haven’t been doing it anymore. It wasn’t downloading additional data, as well as my C disk liberated by itself some additional GBs, so it seems that finally it worked ???.
So I’ll tale a look at what files I can delete to free some space later, but yeah, right now it’s gone back to normal again (y)

**Data838** · 02-06-2023, 04:55 AM

Actually, maybe it was a little bit too soon to deliver you the good news. When I wrote my previous post, I verified the size of the C disk and it really hadn’t been filled up for more than a day, but now I see that the free space has diminished again. I mean, I can liberate some space but if it continues filling up, it won’t be efficient. I see how much effort you put in by helping me, but if none of the solutions are really working, I was thinking maybe I should just reset my laptop with or without files, although last time it didn’t really work…

**Malnutrition** · 02-07-2023, 12:33 AM

Where is this data being downloaded to? Can you check with Treesize to see if you are able to find large files you are not familiar with please.

Also, install this firewall, there will be no connections made unless you allow them.

GlassWire - Personal Firewall & Network Monitor

https://www.glasswire.com/

GlassWire is a modern personal firewall and network monitor with over 48 million downloads. Download GlassWire free!

When installing make sure and tick reset firewall default settings..

Once installed, go to traffic in tab, and monitor the connections, screen shot this for me…

[ATTACH type=“full” alt=“1675813193852.png”]11504[/ATTACH]

**Data838** · 02-07-2023, 02:41 PM

I don’t really know how to tell where they are downloaded to, all I saw in Internet Data Usage was that Firefox was the one downloading most of the amount of information, second was System, which wasn’t much compared to Firefox.
The folders containing the most data are WinSxS and System32, but I didn’t find any particularly large individual files there.
Since the last time, my C disk downloaded something like 100 MB and then stopped again, so maybe the problem has been resolved contrary to what I was thinking, I’ll see how it goes in the coming days. Though it’s weird that when I installed GlassWire, I immediately lost 2 GB of space.

**Malnutrition** · 02-09-2023, 12:17 AM

How are things now? Any change?

**Data838** · 02-09-2023, 08:56 AM

Well, since the last time C disk freed about a half of the lost volume and doesn’t fill up anymore.
I was also wondering if it’s normal that even if I have GlassWire installed, pop-ups appear on my screen with Malwarebytes blocking some sites wanting to access my computer. I didn’t have these attacks before I installed GlassWire.

**Malnutrition** · 02-09-2023, 02:29 PM

Security programs often conflict with each other. Can you screen shot the alert from malwarebytes.

**Data838** · 02-10-2023, 05:39 AM

I could try but it’s a pop-up window which stays on the screen only for 5 seconds or so. It basically says that a site with a name containing a string of random letters tried to access firefox.exe. Here’s a Malwarebytes screenshot with the information containing details on the last attack.

**Data838** · 02-10-2023, 09:18 AM

Here’s one

Laptop downloading data without reason

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment