I googled ccleaner today and downloaded it here, which I thought was its own website.
http:// ccleaner.softm8. com/?gclid=CJnP9M-p4bcCFWLHtAodkRkA4g (I’ve put in some spaces to break the link.)

I should have been more careful, it downloaded anything BUT ccleaner. I removed everything immediately but how
can I be sure something isn’t still lurking? There were ads and pop ups all over the place and yet ANOTHER toolbar!
I got rid of most of it but the search bar is still there and won’t go away.
Can’t believe I’ve been such an idiot. I downloaded ccleaner eventually from cnet, the laptop was doing odd things
like switching itself off and freezing, and the mousepad wasn’t working properly. That seems to be sorted now but
I’m worried I’ve downloaded something nasty. >:(

see here. http://forum.avast.com/index.php?topic=53253.0

run AdwCleaner…click delete…post log here
run Malwarebyts quick scan…click remove selected if anything is found…post log here

CCleaner (and other tools they make) is found here. http://www.piriform.com/
or at www.filehippo.com

Thank you, malwarebytes is running now, I’ll download and run the other one when it has finished.

Being discussed here: http://forum.piriform.com/index.php?showtopic=37847
softm8.com appears to be a rogue download site
Sophos detects this here: https://www.virustotal.com/nl/url/ad000d6d519dffdaac5b74fb18f5ac196e1836d301f3d907e486c2f54ed424a3/analysis/1371138957/
The URL host was subjected to threat Mal/HTMLGen-A.

polonus

if you already had it…remember to update it before you start a scan… they release about 10 updates a day.

The in initial download at least has adware from htxp://flex.atdmt.com/ Ads Conversion Tracker,

pol

OBS… and CCleaner will also give you a toolbar, unless you remove the tic during install…or use the slim installer

slim installer at the bottom here. http://www.piriform.com/ccleaner/builds

Hi Pondus,

Thanks for that info and warning.
Yes, the unticking pf bundled crapware with software downloads,
seems to become more and more of a custom nowadays.
Thanks for the heads-up again,

polonus

ADW log

AdwCleaner v2.303 - Logfile created 06/13/2013 at 17:58:35

Updated 08/06/2013 by Xplode

Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

User : grandma - GRANDMA-PC

Boot Mode : Normal

Running from : C:\Users\grandma\Downloads\adwcleaner.exe

Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\grandma\AppData\Roaming\Mozilla\Firefox\Profiles\wni8eqoj.default\searchplugins\Askcom.xml
File Deleted : C:\Users\grandma\AppData\Roaming\Mozilla\Firefox\Profiles\wni8eqoj.default\searchplugins\Babylon.xml
File Deleted : C:\Users\grandma\AppData\Roaming\Mozilla\Firefox\Profiles\wni8eqoj.default\searchplugins\delta.xml
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Windows\Tasks\DSite.job
Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Users\grandma\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Folder Deleted : C:\Users\grandma\AppData\Roaming\Babylon
Folder Deleted : C:\Users\grandma\AppData\Roaming\DSite

***** [Registry] *****

Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Wow6432Node\a2dcdcb634ba44
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

***** [Internet Browsers] *****

-\ Internet Explorer v9.0.8112.16490

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.delta-search.com/?affID=119357&babsrc=HP_ss&mntrId=A42574DE2B061BDA → hxxp://www.google.com

-\ Mozilla Firefox v13.0.1 (en-US)

File : C:\Users\grandma\AppData\Roaming\Mozilla\Firefox\Profiles\wni8eqoj.default\prefs.js

C:\Users\grandma\AppData\Roaming\Mozilla\Firefox\Profiles\wni8eqoj.default\user.js … Deleted !

Deleted : user_pref(“extensions.enabledAddons”, "wrc@avast.com:7.0.1474,toolbar@ask.com:3.15.2.100013,{972ce4c[…]
Deleted : user_pref(“browser.search.defaultengine”, “Ask.com”);

-\ Google Chrome v27.0.1453.110

File : C:\Users\grandma\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.44] : icon_url = “hxxp://www.delta-search.com/favicon.ico”,
Deleted [l.47] : keyword = “delta-search.com”,
Deleted [l.51] : search_url = "hxxp://www.delta-search.com/?q={searchTerms}&affID=119357&babsrc=SP_ss&mntrId=A[…]
Deleted [l.2235] : homepage = “hxxp://www.delta-search.com/?affID=119357&babsrc=HP_ss&mntrId=A42574DE2B061BDA”,
Deleted [l.2675] : urls_to_restore_on_startup = [ "hxxp://www.delta-search.com/?affID=119357&babsrc=HP_ss&mntrId[…]

AdwCleaner[R1].txt - [5412 octets] - [13/06/2013 17:57:30]
AdwCleaner[R2].txt - [5472 octets] - [13/06/2013 17:58:07]
AdwCleaner[S1].txt - [5321 octets] - [13/06/2013 17:58:35]

########## EOF - C:\AdwCleaner[S1].txt - [5381 octets] ##########

Malwarebytes log

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.13.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
grandma :: GRANDMA-PC [administrator]

13/06/2013 16:48:43
mbam-log-2013-06-13 (16-48-43).txt

Scan type: Full scan (C:|D:|Q:|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 361021
Time elapsed: 54 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\grandma\Downloads\Setup.exe (Adware.DomaIQ) → Quarantined and deleted successfully.

(end)

seems AdwCleaner removed lots of crap from ask/babylon/delta

any problems ?

I updated malwarebytes before scanning. And now my mouse is going crazy again and that’s what led me to this mess! I’ve checked mouse settings and cleaned the mousepad. The wired mouse is going wild too. Grabbing things and not letting go. Not my day today!

if you want a extra check… see in the same guide i gave you above
scroll down to OTL… follow instructions and attach (not copy and paste) OTL.txt diagnostic log

when done a removal expert will check the log…

Ok thanks Pondus, how do I attach a file?

below the txt box you write in here…you will see. attachments and other options

One file, its taking a while because mouse won’t behave. Any ideas on that too?
Will attempt to post the second one.

#2

essexboy is notified…should be here soon

Hi Mamma I see you currently have 3 antivirus programmes running… More is not better…

I will assume that you want neither Norton nor AVG. Se we will remove those first and then see how the computer is behaving

Download the following programmes to your desktop :

Norton removal tool https://support.norton.com/sp/en/uk/home/current/solutions/kb20080710133834EN_EndUserProfile_en_us
AVG removal tool http://www.avg.com/gb-en/utilities

Then from the control panel > programmes and features uninstall both Norton/Symantec and AVG, you may require a reboot between each one

Once they are both removed then run each removal tool that is on your desktop. Again reboots may be needed

Then run a fresh OTL scan for me please so that I can see what is what. Let me know what your current problems are as well