Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

downloadopensoftware.com rejections pop up


  • Please log in to reply
11 replies to this topic

#1 hedera

hedera

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 10 August 2016 - 02:38 PM

In the last few days, when I try to go to a site I usually use (in the last case, Verizon's "your documents" site), MalwareBytes Anti-Exploit Free pops up a "malicious site blocked" for downloadopensoftware.com, and possibly one other, but I remember this one.  I'm not noticing any other effects on my system.  Popups happen in both Chrome 52.0.2743.116 and Firefox 47.0.1.  I almost never use Internet Explorer.  I've found advice that recommends using the control panel to uninstall the bad software but nothing called downloadopensoftware is installed on my system.

 

My system:  Windows 7 Pro 64 bit, patched to date

Security software:  Windows Firewall; BitDefender Free 1.0.21.1109; Malwarebytes Pro 2.2.1.1043; MalwareBytes Anti-Exploit 1.08.1.272 (was free but I just paid for it as free doesn't seem to log incidents)

 

I normally run a MalwareBytes Hyper scan daily (ran this morning, found nothing), and a Threat scan weekly (tomorrow; I'm running it right now, and it is checking for rootkits).

 

I thought this system was pretty secure; all these programs run all the time.  And since I'm not seeing effects but the blocking popups from MalwareBytes Anti-Exploit, they seem to be working.  But if I'm getting blocks, I must be getting undercover requests from this critter; I'd like to get rid of it.  I know about your instructions for getting rid of adware and viruses and will go through it, would appreciate advice.

 

But I'd like to know if I should modify my security in some way.  I've preferred the free anti-virus software for some years and would like to stay with it, but I'm open to advice.



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,325 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:58 PM

Posted 11 August 2016 - 06:24 AM

Perhaps MB is blocking a cookie or beacon that is on that Verizon site. What purpose or use is the Verizon My Documents site? Is it a free cloud storage site?

 

You can block Third Party cookies....aka ad/ tracking cookies from being installed. Once blocked you can use CCleaner to remove the existing

by following the directions below. How to disable third-party cookies in all major web browsers

 

If you don't have an ad blocker installed I suggest using Adblock Plus in both Chrome and Firefox. Adblock Plus :: Add-ons for Firefox

Adblock Plus - Chrome Web Store   

 

Use the programs below to clean and to remove malware and adware.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 


Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 hedera

hedera
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 14 August 2016 - 10:53 PM

Yes, the Verizon "my documents" site is a cloud storage site which is "free" in the sense that I don't pay them more for access to it!  They use it to put legal documents about accounts - I just changed my billing to their new plan.

 

Thanks very much for the suggestion about 3rd party cookies.  I've blocked 3rd party cookies in Chrome and FireFox on my desktop and will also do the laptop.  I'm already blocking tracking cookies with Ghostery 6.3.2. 

 

As for adware blockers, I have Ublock 0.9.5.0.1-let-fixed installed - it was recommended by a poster on BleepingComputer.  I can certainly go back to AdBlock if you think it's better.

 

I have CCleaner installed but don't use it enough! 

 

It'll take me some time to run the 3 adware removers you recommended, as my desktop is a big box, 16GB of RAM and a terabyte of hard drive, plus a 256GB flash C: drive.  I'll post the results as I get the logs collected.  At this point, though, I suspect some kind of cookie issue.



#4 buddy215

buddy215

  • Moderator
  • 13,325 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:58 PM

Posted 15 August 2016 - 06:08 AM

AdwCleaner and JRT will take a few minutes each to run. The Eset scan will take more than hour depending on computer's resources and size of data stored.

You don't need to make any changes in ad blocking or security programs at this time.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 hedera

hedera
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 17 August 2016 - 04:21 PM

OK, I've run AdwCleaner and JRT.exe. Here are the log contents:

 

# AdwCleaner v6.000 - Logfile created 17/08/2016 at 13:44:04
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-08-17.2 [Server]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : Karen - KAREN-PC
# Running from : E:\Install Executables\AdwCleaner.exe
# Mode: Clean
# Support : https://toolslib.net/forum



***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKU\S-1-5-21-2440039925-2435328980-3879175924-1000\Software\Yahoo\Companion
[#] Key deleted on reboot: HKCU\Software\Yahoo\Companion


***** [ Web browsers ] *****

[-] [aol.com] [Search Provider] Deleted: aol.com
[-] [ask.com] [Search Provider] Deleted: ask.com


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1003 Bytes] - [17/08/2016 13:44:04]
C:\AdwCleaner\AdwCleaner[S0].txt - [1393 Bytes] - [17/08/2016 13:39:01]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1149 Bytes] ##########

 

And the JRT.exe log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 7 Professional x64
Ran by Karen (Administrator) on Wed 08/17/2016 at 13:58:38.64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 47

Successfully deleted: C:\ProgramData\1441737931.bdinstall.bin (File)
Successfully deleted: C:\ProgramData\1458850339.bdinstall.bin (File)
Successfully deleted: C:\ProgramData\1458850341.bdinstall.bin (File)
Successfully deleted: C:\ProgramData\1458850670.bdinstall.bin (File)
Successfully deleted: C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla (Folder)
Successfully deleted: C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ajpgkpeckebdhofmmjfgcjjiiejpodla_0.localstorage (File)
Successfully deleted: C:\Users\Karen\AppData\Roaming\wyupdate au (Folder)
Successfully deleted: C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2ZQNB7FU (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JB61PWY (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6WKQA9FS (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8RL5T71P (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9L33DKTR (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C78MRIJY (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOM4481Z (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FW62HC6P (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDD9XT8K (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IEOU5EFX (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KIBE88HL (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MG2PG6TI (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OH8KP9J9 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OROLGNYJ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWGVQPRB (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z4Q3G3IS (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2ZQNB7FU (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JB61PWY (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6WKQA9FS (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8RL5T71P (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9L33DKTR (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C78MRIJY (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOM4481Z (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FW62HC6P (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDD9XT8K (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IEOU5EFX (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KIBE88HL (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MG2PG6TI (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OH8KP9J9 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OROLGNYJ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWGVQPRB (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z4Q3G3IS (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 08/17/2016 at 13:59:28.44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

I'm impressed by the number of temporary files JRT found, as I had just previously run CCleaner and deleted 25GB of them!  (Of course that included the recycle bin.)

 

I'll see if I can run ESET Online Scanner from Internet Explorer (which I almost never use).  I don't especially want to install it.
 



#6 buddy215

buddy215

  • Moderator
  • 13,325 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:58 PM

Posted 17 August 2016 - 05:14 PM

After the Eset scan is completed do this:

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 hedera

hedera
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 17 August 2016 - 05:26 PM

I ran ESET OnlineScanner and it found 3 threats:

E:\Install Executables\AxCrypt-1.7.3156.0-Setup.exe	Win32/OpenCandy potentially unsafe application	deleted
E:\Install Executables\ccsetup418.exe	Win32/Bundled.Toolbar.Google.D potentially unsafe application	deleted
E:\Install Executables\ccsetup508.exe	Win32/Bundled.Toolbar.Google.D potentially unsafe application	deleted

The 3 items in E:\Install Executables are installers for programs I use, so I took them out of quarantine.  I've turned my anti-virus and anti-malware products back on.  Frankly, it all looks pretty clean to me; I'd be interested to see if you disagree.  Thanks for the word on the adware cleanup tools, I'll save those references.  I'm not sure about ESET, though - it just looks like another alternative to BitDefender/Avast/etc.



#8 hedera

hedera
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 17 August 2016 - 05:38 PM

Here are the CCleaner lists:

 

Startup

 

No    HKCU:Run    WinPatrol    Ruiware    C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe -expressboot
No    Startup Common    Cloudmark DesktopOne.lnk    Cloudmark, Inc.    C:\PROGRA~2\CLOUDM~1\Desktop\Service\cdswin.exe
Yes    HKCU:Run    BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}    Nero AG    "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
Yes    HKCU:Run    BOINC Manager for Windows    Space Sciences Laboratory    C:\Program Files\BOINC\boincmgr.exe
Yes    HKCU:Run    CCleaner Monitoring    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes    HKCU:Run    CompanionLink    CompanionLink Software, Inc.    "c:\program files (x86)\companionlink\companionlink.exe" -Icon
Yes    HKCU:Run    Dropbox Update    Dropbox, Inc.    "C:\Users\Karen\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
Yes    HKCU:Run    Malwarebytes Anti-Malware    Malwarebytes    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
Yes    HKCU:Run    Sidebar    Microsoft Corporation    C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
Yes    HKCU:Run    WinPatrol    Ruiware    C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe
Yes    HKLM:Run    boincmgr    Space Sciences Laboratory    "C:\Program Files\BOINC\boincmgr.exe" /a /s
Yes    HKLM:Run    boinctray    Space Sciences Laboratory    "C:\Program Files\BOINC\boinctray.exe"
Yes    HKLM:Run    CrashPlanTray    Code 42 Software, Inc.    C:\Program Files\CrashPlan\CrashPlanTray.exe
Yes    HKLM:Run    IMSS    Intel Corporation    "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
Yes    HKLM:Run    iTunesHelper    Apple Inc.    "C:\Program Files\iTunes\iTunesHelper.exe"
Yes    HKLM:Run    Malwarebytes Anti-Exploit    Malwarebytes Corporation    C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
Yes    HKLM:Run    USB3MON    Intel Corporation    "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
Yes    Startup Common    Bitmeter2.lnk         C:\Program Files (x86)\Codebox\BitMeter\BitMeter2.exe
Yes    Startup User    Dropbox.lnk    Dropbox, Inc.    C:\Users\Karen\AppData\Roaming\Dropbox\bin\Dropbox.exe
Yes    Startup User    EvernoteClipper.lnk    Evernote Corp., 305 Walnut Street, Redwood City, CA 94063    C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

No    HKCU:Run    WinPatrol    Ruiware    C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe -expressboot
No    Startup Common    Cloudmark DesktopOne.lnk    Cloudmark, Inc.    C:\PROGRA~2\CLOUDM~1\Desktop\Service\cdswin.exe
Yes    HKCU:Run    BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}    Nero AG    "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
Yes    HKCU:Run    BOINC Manager for Windows    Space Sciences Laboratory    C:\Program Files\BOINC\boincmgr.exe
Yes    HKCU:Run    CCleaner Monitoring    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes    HKCU:Run    CompanionLink    CompanionLink Software, Inc.    "c:\program files (x86)\companionlink\companionlink.exe" -Icon
Yes    HKCU:Run    Dropbox Update    Dropbox, Inc.    "C:\Users\Karen\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
Yes    HKCU:Run    Malwarebytes Anti-Malware    Malwarebytes    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
Yes    HKCU:Run    Sidebar    Microsoft Corporation    C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
Yes    HKCU:Run    WinPatrol    Ruiware    C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe
Yes    HKLM:Run    boincmgr    Space Sciences Laboratory    "C:\Program Files\BOINC\boincmgr.exe" /a /s
Yes    HKLM:Run    boinctray    Space Sciences Laboratory    "C:\Program Files\BOINC\boinctray.exe"
Yes    HKLM:Run    CrashPlanTray    Code 42 Software, Inc.    C:\Program Files\CrashPlan\CrashPlanTray.exe
Yes    HKLM:Run    IMSS    Intel Corporation    "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
Yes    HKLM:Run    iTunesHelper    Apple Inc.    "C:\Program Files\iTunes\iTunesHelper.exe"
Yes    HKLM:Run    Malwarebytes Anti-Exploit    Malwarebytes Corporation    C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
Yes    HKLM:Run    USB3MON    Intel Corporation    "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
Yes    Startup Common    Bitmeter2.lnk         C:\Program Files (x86)\Codebox\BitMeter\BitMeter2.exe
Yes    Startup User    Dropbox.lnk    Dropbox, Inc.    C:\Users\Karen\AppData\Roaming\Dropbox\bin\Dropbox.exe
Yes    Startup User    EvernoteClipper.lnk    Evernote Corp., 305 Walnut Street, Redwood City, CA 94063    C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
 

Scheduled:

Yes    Task    Adobe Acrobat Update Task    Adobe Systems Incorporated    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Yes    Task    Adobe Flash Player Updater    Adobe Systems Incorporated    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes    Task    CCleanerSkipUAC    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes    Task    DropboxUpdateTaskUserS-1-5-21-2440039925-2435328980-3879175924-1000Core    Dropbox, Inc.    C:\Users\Karen\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c
Yes    Task    DropboxUpdateTaskUserS-1-5-21-2440039925-2435328980-3879175924-1000UA    Dropbox, Inc.    C:\Users\Karen\AppData\Local\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
Yes    Task    GoogleUpdateTaskMachineCore    Google Inc.    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes    Task    GoogleUpdateTaskMachineUA    Google Inc.    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes    Task    Microsoft Security Essentials Weekly Scan        "C:\Program Files\Microsoft Security Client\MpCmdRun.exe" -scan -scantype 2
Yes    Task    Process Explorer-Karen-PC-Karen    Sysinternals - www.sysinternals.com    "E:\INSTALL EXECUTABLES\PROCESSEXPLORER\PROCEXP.EXE" /t
 

Installed Programs:

7-Zip 9.20 (x64 edition)    Igor Pavlov    10/13/2014    4.53 MB    9.20.00.0
ActivePerl 5.16.3 Build 1604 (64-bit)    ActiveState    10/1/2014    83.9 MB    5.16.1604
Adobe Acrobat Reader DC    Adobe Systems Incorporated    8/4/2016    200 MB    15.017.20053
Adobe AIR    Adobe Systems Inc.    9/26/2014        1.5.2.8870
Adobe Flash Player 22 NPAPI    Adobe Systems Incorporated    7/12/2016    5.79 MB    22.0.0.209
Adobe Photoshop Elements 8.0    Adobe Systems Incorporated    9/26/2014    1.54 GB    8.0
Adobe Photoshop Lightroom 3.6 64-bit    Adobe    9/26/2014    318 MB    3.6.1
Adobe Photoshop Lightroom 5.7 64-bit    Adobe Systems Incorporated    1/3/2015    1.07 GB    5.7.0
Adobe Photoshop.com Inspiration Browser    Adobe Systems Incorporated    9/26/2014        3.02
Apple Application Support (32-bit)    Apple Inc.    7/26/2016    116 MB    4.3.2
Apple Application Support (64-bit)    Apple Inc.    7/26/2016    131 MB    4.3.2
Apple Mobile Device Support    Apple Inc.    5/2/2016    28.5 MB    9.3.0.15
Apple Software Update    Apple Inc.    5/2/2016    2.69 MB    2.2.0.150
AxCrypt 1.7.3156.0    Axantum Software AB    9/24/2014    2.83 MB    1.7.3156.0
Bitdefender Antivirus Free Edition    Bitdefender    3/24/2016        1.0.21.1109
BitMeter        9/24/2014        
BOINC    Space Sciences Laboratory, U.C. Berkeley    7/15/2016    23.4 MB    7.6.22
Bonjour    Apple Inc.    11/16/2015    2.01 MB    3.1.0.1
CCleaner    Piriform    8/17/2016        5.21
Cloudmark DesktopOne    Cloudmark    11/18/2015    27.0 MB    1.9.0.33
Cloudmark DesktopOne Outlook Add-in    Cloudmark    8/17/2016        1.9.0.33
CompanionLink    CompanionLink Software, Inc.    3/20/2016    81.6 MB    8.0.0.0
CrashPlan    Code 42 Software    7/15/2016    264 MB    4.7.0.344
Cyberduck 4.7.2        8/19/2015        4.7.2
Documents To Go Desktop for Android    DataViz, Inc.    1/20/2015        4.0000.043
Dropbox    Dropbox, Inc.    8/5/2016        7.4.30
Evernote v. 6.1.2    Evernote Corp.    6/4/2016    219 MB    6.1.2.2292
FileZilla Client 3.16.1    Tim Kosse    4/12/2016    22.1 MB    3.16.1
GoodSync    Siber Systems    8/7/2016    63.4 MB    9.9.53.0
Google Chrome    Google Inc.    9/24/2014        52.0.2743.116
Google Earth    Google    7/11/2015    179 MB    7.1.5.1557
GoToMyPC    Citrix Systems, Inc.    7/25/2016    35.6 MB    9.1.1875
Instant Eyedropper 1.75        10/13/2014        
Intel® Management Engine Components    Intel Corporation    9/15/2013        9.5.15.1730
Intel® USB 3.0 eXtensible Host Controller Driver    Intel Corporation    4/26/2013        2.5.0.19
iSEEK AnswerWorks English Runtime    Vantage Linguistics    9/30/2014    4.77 MB    010.000.0101
iTunes    Apple Inc.    7/26/2016    215 MB    12.4.2.4
Java 8 Update 31    Oracle Corporation    1/21/2015    74.0 MB    8.0.310
Legacy 8.0    Millennia Corporation    7/9/2016        8.0
Malwarebytes Anti-Exploit version 1.8.1.2572    Malwarebytes    8/2/2016    6.53 MB    1.8.1.2572
Malwarebytes Anti-Malware version 2.2.1.1043    Malwarebytes    3/23/2016    66.8 MB    2.2.1.1043
Microsoft .NET Framework 4.6.1    Microsoft Corporation    5/25/2016    38.8 MB    4.6.01055
Microsoft ASP.NET MVC 4 Runtime    Microsoft Corporation    10/15/2014    1.59 MB    4.0.40804.0
Microsoft Mouse and Keyboard Center    Microsoft Corporation    3/30/2015        2.3.188.0
Microsoft Office Professional 2010    Microsoft Corporation    9/24/2014        14.0.7015.1000
Microsoft Outlook Personal Folders Backup    Microsoft Corporation    9/25/2014    33.0 KB    1.10.0.0
Microsoft Silverlight    Microsoft Corporation    6/24/2016    299 MB    5.1.50428.0
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161    Microsoft Corporation    9/26/2014    788 KB    9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161    Microsoft Corporation    9/26/2014    600 KB    9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219    Microsoft Corporation    9/27/2014    13.8 MB    10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219    Microsoft Corporation    9/27/2014    11.1 MB    10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030    Microsoft Corporation    1/13/2016    20.5 MB    11.0.61030.0
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501    Microsoft Corporation    2/29/2016    17.1 MB    12.0.30501.0
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)    Microsoft Corporation    9/27/2014        10.0.50903
Mozilla Firefox 48.0 (x86 en-US)    Mozilla    8/11/2016    91.5 MB    48.0
Mozilla Maintenance Service    Mozilla    8/11/2016    220 KB    48.0.0.6051
MSXML 4.0 SP2 (KB954430)    Microsoft Corporation    10/1/2014    1.27 MB    4.20.9870.0
MSXML 4.0 SP2 (KB973688)    Microsoft Corporation    10/1/2014    1.33 MB    4.20.9876.0
Nero 7 Essentials    Nero AG    9/23/2014    153 MB    7.02.8078
Notepad2 (Notepad Replacement)    Florian Balmer    9/26/2014    963 KB    4.2.25
NVIDIA 3D Vision Controller Driver 344.65    NVIDIA Corporation    11/10/2014        344.65
NVIDIA 3D Vision Driver 347.52    NVIDIA Corporation    3/4/2015        347.52
NVIDIA Graphics Driver 347.52    NVIDIA Corporation    3/4/2015        347.52
NVIDIA PhysX System Software 9.14.0702    NVIDIA Corporation    9/25/2014        9.14.0702
NVIDIA Update 10.4.0    NVIDIA Corporation    3/4/2015        10.4.0
OpenOffice 4.1.2    Apache Software Foundation    5/25/2016    336 MB    4.12.9782
Oracle VM VirtualBox 4.3.12    Oracle Corporation    11/26/2014    153 MB    4.3.12
Quicken 2016    Intuit    2/17/2016    217 MB    25.1.8.5
Realtek Ethernet Controller Driver    Realtek    9/23/2014        7.75.827.2013
Realtek High Definition Audio Driver    Realtek Semiconductor Corp.    9/23/2014        6.0.1.7071
Skype™ 7.3    Skype Technologies S.A.    11/5/2015    49.2 MB    7.3.101
VueScan x64        10/14/2014        
WinPatrol    Ruiware    5/25/2016    3.06 MB    33.6.2015.18
 



#9 buddy215

buddy215

  • Moderator
  • 13,325 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:58 PM

Posted 17 August 2016 - 05:48 PM

You should of left those files in quarantine. They are adware. It won't affect the programs you have installed. Only the adware bundled with the program installers

was quarantined.

 

I'll have recommendations for the 3 lists later.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#10 buddy215

buddy215

  • Moderator
  • 13,325 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:58 PM

Posted 17 August 2016 - 06:10 PM

Suggest disabling these Startups: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes    HKCU:Run    CCleaner Monitoring    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

Yes    HKCU:Run    Dropbox Update    Dropbox, Inc.    "C:\Users\Karen\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c

Yes    HKCU:Run    Sidebar    Microsoft Corporation    C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

Yes    HKLM:Run    IMSS    Intel Corporation    "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
Yes    HKLM:Run    iTunesHelper    Apple Inc.    "C:\Program Files\iTunes\iTunesHelper.exe"

Yes    Startup User    Dropbox.lnk    Dropbox, Inc.    C:\Users\Karen\AppData\Roaming\Dropbox\bin\Dropbox.exe
Yes    Startup User    EvernoteClipper.lnk    Evernote Corp., 305 Walnut Street, Redwood City, CA 94063    C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

 

Disable these Tasks: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes    Task    Adobe Acrobat Update Task    Adobe Systems Incorporated    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

Yes    Task    DropboxUpdateTaskUserS-1-5-21-2440039925-2435328980-3879175924-1000Core    Dropbox, Inc.    C:\Users\Karen\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c
Yes    Task    DropboxUpdateTaskUserS-1-5-21-2440039925-2435328980-3879175924-1000UA    Dropbox, Inc.    C:\Users\Karen\AppData\Local\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler

Yes    Task    GoogleUpdateTaskMachineUA    Google Inc.    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

Yes    Task    Process Explorer-Karen-PC-Karen    Sysinternals - www.sysinternals.com    "E:\INSTALL EXECUTABLES\PROCESSEXPLORER\PROCEXP.EXE" /t
 

Uninstall these programs:

Adobe AIR    Adobe Systems Inc.    9/26/2014        1.5.2.8870

Java 8 Update 31    Oracle Corporation    1/21/2015    74.0 MB    8.0.310

 

After completing the above and rebooting....please let me know if MBAM still complains about downloadopensoftware.com


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#11 hedera

hedera
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 17 August 2016 - 06:47 PM

For the record, I just accessed the Verizon documents and the popup is gone, so one of the things you recommended did the trick, thank you.

 

On removing startup and scheduled tasks, I'll take some of your recommendations, but frankly, some of those things are running because I choose to have them (particularly DropBox and Evernote Clipper).  Thank you for making me look at these lists, though - I didn't realize the Microsoft Essentials Weekly Scan was still there (I replaced it with BitDefender months ago).  Or, for that matter, iTunes Helper.  I suppose it won't hurt me to update Google Chrome and Adobe Reader manually.



#12 buddy215

buddy215

  • Moderator
  • 13,325 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:58 PM

Posted 18 August 2016 - 07:14 AM

Only one Google updater was disabled. Firefox has its own pdf reader. If that is the only thing you use Adobe Reader for you can uninstall it.

 

You're welcome....happy surfin'


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users