Hello Avast forums I feel happy about finding this forum in an effort to remove this unknown toolbar (Visualbee) from my machine. I am under the impression that it is a result of a recent download from Cnet and a program with a great big June bug as a logo. I have erased this program from my machine, and do not remember the name and Cnet downloads will not load in the browser right now for some reason on a separate machine (scary). I have followed the directions in this post (http://forum.avast.com/index.php?topic=53253.0) and have successfully removed the toolbar with adwcleaner, but I read the post completely and it was strongly recommended by essexboy that I also run a scan with OTL and post the resulting logs to insure all remnants of this nasty pushy toolbar.
MY MACHINE…
Dell XPS M1530
Intel core duo T7250@ 2.0Ghz
3.00 GB
32 bit OS
Windows Vista w/Service Pack 2
I recently had a subscription with Trend Micro that lasted for four years (My first paid security program) and I have experimented with some freeware security such as AVG, Avast, and currently Avira. I have not had very many issue’s with any of them until now as I consider myself a careful user. If you guy’s can help me I would greatly appreciate it.
:OTL
SRV - File not found [On_Demand | Stopped] -- C:\Users\admin\AppData\Local\Temp\KYN.exe -- (KYN)
SRV - File not found [On_Demand | Stopped] -- C:\Users\admin\AppData\Local\Temp\IKLD.exe -- (IKLD)
SRV - File not found [On_Demand | Stopped] -- C:\Users\admin\AppData\Local\Temp\FNLKQ.exe -- (FNLKQ)
SRV - File not found [On_Demand | Stopped] -- C:\Users\admin\AppData\Local\Temp\EBJQCG.exe -- (EBJQCG)
SRV - File not found [On_Demand | Stopped] -- C:\Users\admin\AppData\Local\Temp\AU.exe -- (AU)
IE - HKU\.DEFAULT\..\SearchScopes\{3242CAC7-9F8C-4E87-91B4-04026905453F}: "URL" = http://www.dealio.com/products.html?kwd={searchTerms}
IE - HKU\S-1-5-18\..\SearchScopes\{3242CAC7-9F8C-4E87-91B4-04026905453F}: "URL" = http://www.dealio.com/products.html?kwd={searchTerms}
IE - HKU\S-1-5-21-2024730028-169539145-3738533185-1000\..\SearchScopes\{2BB819D3-AA5D-4525-B727-D07CE2BCB59C}: "URL" = http://www.dealio.com/products.html?kwd={searchTerms}
IE - HKU\S-1-5-21-2024730028-169539145-3738533185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
O3 - HKU\S-1-5-21-2024730028-169539145-3738533185-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
[2013/02/01 00:32:27 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\VisualBeeExe
[2013/02/01 00:32:16 | 000,000,000 | ---D | C] -- C:\ProgramData\VisualBee
:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
The problems that prompted me to investigate started while trying to stream Pandora music I noticed the machine would not stream fluidly without constant buffering. At that point I opened task manager and noticed that memory and CPU were both running above 60% even after reboot and running at idle. I have never really paid too much attention to this before so I can not say if this is normal or not, but it did raise an eyebrow. I proceeded to start removing programs that I rarely or no longer use and working within the msconfig to remove start-up programs because I suspected the download from Cnet had caused this issue. While opening new tabs to search for solutions I noticed my page showing a Visualbee search page and would not allow me to delete it from the view/tool bars menu.
I hope this information make some sense to you in an effort to resolve my concerns about this adware.
After running adwcleaner the Visualbee page, and the toolbar is no longer showing up. The browsers affected seemed to be Mozilla Firefox chrome shows that my preference file is corrupt, but I rarely use that browser on this machine so I didn’t notice if it affected that one, IE seemed to be unaffected. Would it be wise to do a fresh install of both Google chrome and Firefox?
My task manager does show that CPU is back to a normal looking state between 4% - 18% at idle, but memory is still running at 54%???
Hello essexboy looks like the Visualbee toolbar is no longer an issue. I have uninstalled Firefox and Chrome and all of their settings. I will reload them some time today after I clean up the machine a little more. I have also investigated the high memory issue and as it turns out everything seems normal for a vista machine as like you stated the OS will utilize as much memory as possible but in an efficient manner.
Thanks again for your quick assistance, I wish all forums were this courteous and responsive…
