hi my dad was using my laptop and was doing some surveys, he ended up downloading but didn’t install a program called VisualBee. he opened the installer though, but didn’t install. after a couple minutes my browser (Chrome) closed out by itself and when I tried to reopen it, it has a new home page… he also installed something called SavingsVault and when I try to uninstall it using CCleaner, the uninstaller just freezes up… also for VisualBee it somehow took over my chrome browser and by this I mean that everytime I open it, it shows a VisualBee search engine as the home page and even when I open a new tab. I’ve tried changing the home page and removing the extension in the settings of Chrome but after I reopen a new one, it just goes back to being VisualBee. as for SavingsVault i’m not sure what actions it is performing right now as I don’t see a change regarding that.

i am running on windows 7 home premium 64 bit and posting all this info from a second computer while using a usb to transfer files/logs back and forth.

here is the MBAM log and the rest are attached as requested in the sticky thread. i appreciate anyone’s help in helping me fix this so thanks in advance.

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.20.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
User :: USER-HP [administrator]

2/20/2013 2:34:03 AM
mbam-log-2013-02-20 (02-34-03).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200002
Time elapsed: 2 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\User\AppData\Local\Temp\CSM2DAA.tmp (PUP.Adware.RelevantKnowledge) → Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Temp\CSM7B8B.tmp (PUP.Adware.RelevantKnowledge) → Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Temp\CSM81D2.tmp (PUP.Adware.RelevantKnowledge) → Quarantined and deleted successfully.

(end)

Is it still there after running adwcleaner and malwarebytes

Removers will check your logs later today

Step1

Re-run OTL.exe.

[*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.

:Files
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\hqi888z7.default\extensions\extension23986@extension23986.com
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\hqi888z7.default\extensions\toolbar@ask.com
C:\Users\User\AppData\Roaming\Babylon
C:\Users\User\AppData\Local\Savings Vault

ipconfig /flushdns /c
netsh int ip reset c:\resetlog.txt /c
ipconfig /release /c
ipconfig /renew /c

:Otl
CHR - homepage: http://visualbee.claro-search.com/?affID=120125&babsrc=HP_ss&mntrId=2256d4790000000000004ceb4228e2dc
CHR - homepage: http://visualbee.claro-search.com/?affID=120125&babsrc=HP_ss&mntrId=2256d4790000000000004ceb4228e2dc
CHR - Extension: VisualBee Toolbar = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfldpfnhfpiclgobehefdjjjhdnhlfnj\1.0_0\
O3 - HKU\S-1-5-21-1275422926-1184598271-3716548337-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

:commands
[CREATERESTOREPOINT]
[emptytemp]

[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.[/list]

Step2

Please download zoek.exe and save it to your desktop.

[list]
[*] Close any open browsers.

[*] Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.

[*] Double click on zoek.exe to run the tool .
Please wait while the tool does not start…

[*] Copy the text present inside the code box below and paste it into the large window in the zoek tool:

autoclean;
filesrcm;
startupall;
installedprogs;
firefoxlook;
chromelook;
emptyclsid;

[*] Click on Run script button
Please wait until a logreport will open (this can be after reboot)

[*] Save notepad to your Desktop and attach here zoek-results.log

Note: It will also create a log in the C:\ directory named “zoek-results.log”

Step3

Re-run OTL, just click on RunScan and attach here fresh OTL.txt log

hi thank you for the replies. i just woke up so sorry for the late reply and started doing what you said. i’ll attach the logs as requested.

EDIT: after doing all the fixes, VisualBee seems to have disappeared from my browser, but could you please make sure? as for Savings/Strong Vault, i’m not sure because it is still in the programs list of CCleaner.

actually, I believe the VisualBee is still on my computer? I was checking to see if Savings/Strong Vault was still in the programs list and Visual Bee was in there also.

Hi,

I was checking to see if Savings/Strong Vault was still in the programs list and Visual Bee was in there also.

Re-run zoek.exe as before…

[*] Close any open browsers.

[*] Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.

[*] Double click on zoek.exe to run the tool .
Please wait while the tool does not start…

[*] Copy the text present inside the code box below and paste it into the large window in the zoek tool:

Savings Vault;z
Strong Vault;z
VisualBee;z
VisualBee Toolbar;z
Savings Vault;s
Strong Vault;s
VisualBee;s
VisualBee Toolbar;s
emptytemp;

Check the options below:

Standard Search
System Restore Point

[*] Click on Run script button
Please wait until a logreport will open (this can be after reboot)

[*] Save notepad to your Desktop and attach here zoek-results.log

Note: It will also create a log in the C:\ directory named “zoek-results.log”