Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

VisualBee tool bar adware removal


  • Please log in to reply
9 replies to this topic

#1 crong

crong

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:09 PM

Posted 03 April 2013 - 10:29 PM

Hello,

 

I found this forum from google searching how to remove the VisualBee tool bar, and I have followed the instructions from previous posts as follows,

 

1. Ran AdwCleaner

2. Ran ESET

3. Ran TDSS

4. Ran AdwCleaner again

 

It appears the program was disabled after first time running AdwCleaner, however ESET found a further 17 threats, some of which it quarantined and the ones it didn't, I manually searched and deleted the containing folders.

 

However, after all this, there was still the VisualBee chrome toolbar entry in my add/remove program list in control panel, and whenever I try to remove it, windows asks for permission to allow windows/installer/979c19f.msi to make changes, which I wasn't sure about so I did not allow. Finally, I used CCleaner to uninstall this entry, and it removed it without asking for any permission. By chance, I noticed there's 4 system restore points with the description "removed visualbee chrome toolbar" so I wonder if it has been completely removed or not? The latest scans from AdwCleaner are all clean. Also would it be better (and cleaner) to just use system restore to a date before this happened?

 

I really appreciate this program AdwCleaner, it's helped majorly, now I just want to make sure this program is completely out of the system.

 

Thanks a lot

 

PS: does this program compromise my security (i.e. access personal information such as files and passwords) or is it simply an invasive adware?


Edited by crong, 03 April 2013 - 10:55 PM.


BC AdBot (Login to Remove)

 


#2 crong

crong
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:09 PM

Posted 04 April 2013 - 12:28 PM

Sorry to sound impatient, could anyone just tell me how to confirm this program has been completely cleaned? I'm wary of using my computer to log in anywhere as I'm not sure if my safety is still compromised because of this adware.

 

Thanks again



#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 61,429 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:09 AM

Posted 04 April 2013 - 10:47 PM

Hello please run these also and we se what we have yet to do.
 
Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
     
    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
     
     >>>>
     
    Please download TFC Temp File Cleaner) by Old Timer and save it to your desktop.
    Alternate download link

Edited by boopme, 04 April 2013 - 10:50 PM.

How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#4 crong

crong
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:09 PM

Posted 04 April 2013 - 11:10 PM

Hello, thank you for responding. I forgot to mention I had already run a Malwarebytes full scan so the log posted is from the past, also I have run a full scan and boot scan with Avast and used CCleaner. Below is the log from MiniToolBox.

 

MiniToolBox by Farbar  Version:05-03-2013
Ran by Catherine (administrator) on 05-04-2013 at 05:03:51
Running from "C:\Users\Catherine\Desktop\Adware Removal"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Atheros AR9285 Wireless Network Adapter = Wireless Network Connection (Connected)
Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20) = Local Area Connection (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Catherine-VAIO
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : B6-39-E5-C0-5B-B1
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 94-39-E5-C0-5B-B2
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Atheros AR9285 Wireless Network Adapter
   Physical Address. . . . . . . . . : 94-39-E5-C0-5B-B1
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::e001:78d6:7e5:9e77%13(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.212.217.233(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.240.0
   Lease Obtained. . . . . . . . . . : April-04-13 10:02:36 PM
   Lease Expires . . . . . . . . . . : April-06-13 2:48:40 AM
   Default Gateway . . . . . . . . . : 10.212.208.1
   DHCP Server . . . . . . . . . . . : 10.212.208.1
   DHCPv6 IAID . . . . . . . . . . . : 328481253
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-9D-6A-1C-78-84-3C-AA-A5-79
   DNS Servers . . . . . . . . . . . : 10.212.208.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : customer.ropemaker.crm.lan
   Description . . . . . . . . . . . : Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
   Physical Address. . . . . . . . . : 78-84-3C-AA-A5-79
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{F7A4E0CE-36EF-4269-B089-00899C1A8A4C}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{A4C8D153-1F18-415C-B83D-FD3A6EA30499}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:b0:1ddf:f52b:2616(Preferred)
   Link-local IPv6 Address . . . . . : fe80::b0:1ddf:f52b:2616%16(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{DFAFD1A6-8A38-432A-8934-63A62F822543}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  gw.wireless.ropemaker.crm.lan
Address:  10.212.208.1

Name:    google.com
Addresses:  2a00:1450:4009:802::1007
      173.194.34.73
      173.194.34.78
      173.194.34.64
      173.194.34.65
      173.194.34.66
      173.194.34.67
      173.194.34.68
      173.194.34.69
      173.194.34.70
      173.194.34.71
      173.194.34.72


Pinging google.com [173.194.34.72] with 32 bytes of data:
Reply from 173.194.34.72: bytes=32 time=29ms TTL=50
Reply from 173.194.34.72: bytes=32 time=29ms TTL=50

Ping statistics for 173.194.34.72:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 29ms, Maximum = 29ms, Average = 29ms
Server:  gw.wireless.ropemaker.crm.lan
Address:  10.212.208.1

Name:    yahoo.com
Addresses:  98.138.253.109
      98.139.183.24
      206.190.36.45


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=207ms TTL=53
Reply from 206.190.36.45: bytes=32 time=258ms TTL=53

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 207ms, Maximum = 258ms, Average = 232ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 17...b6 39 e5 c0 5b b1 ......Microsoft Virtual WiFi Miniport Adapter
 14...94 39 e5 c0 5b b2 ......Bluetooth Device (Personal Area Network)
 13...94 39 e5 c0 5b b1 ......Atheros AR9285 Wireless Network Adapter
 11...78 84 3c aa a5 79 ......Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
  1...........................Software Loopback Interface 1
 22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     10.212.208.1   10.212.217.233     25
     10.212.208.0    255.255.240.0         On-link    10.212.217.233    281
   10.212.217.233  255.255.255.255         On-link    10.212.217.233    281
   10.212.223.255  255.255.255.255         On-link    10.212.217.233    281
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link    10.212.217.233    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link    10.212.217.233    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 16     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 16     58 2001::/32                On-link
 16    306 2001:0:4137:9e76:b0:1ddf:f52b:2616/128
                                    On-link
 13    281 fe80::/64                On-link
 16    306 fe80::/64                On-link
 16    306 fe80::b0:1ddf:f52b:2616/128
                                    On-link
 13    281 fe80::e001:78d6:7e5:9e77/128
                                    On-link
  1    306 ff00::/8                 On-link
 16    306 ff00::/8                 On-link
 13    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 09 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/05/2013 02:08:25 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/04/2013 09:53:31 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/04/2013 07:18:33 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/04/2013 07:07:24 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/04/2013 06:39:55 PM) (Source: PerfNet) (User: )
Description:

Error: (04/04/2013 06:33:55 PM) (Source: PerfNet) (User: )
Description:

Error: (04/04/2013 06:31:52 PM) (Source: PerfNet) (User: )
Description:

Error: (04/04/2013 05:59:54 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/04/2013 05:58:44 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/04/2013 05:58:42 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (04/04/2013 08:44:20 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (04/04/2013 07:16:50 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 7:15:30 PM on ?04/?04/?2013 was unexpected.

Error: (04/04/2013 07:05:11 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (04/04/2013 07:05:11 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (04/04/2013 07:05:11 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (04/04/2013 07:04:07 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (04/04/2013 07:04:07 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (04/04/2013 07:04:07 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (04/04/2013 07:03:39 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (04/04/2013 07:03:39 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (04/05/2013 02:08:25 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Catherine\Desktop\Adware Removal\esetsmartinstaller_enu.exe

Error: (04/04/2013 09:53:31 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/04/2013 07:18:33 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/04/2013 07:07:24 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/04/2013 06:39:55 PM) (Source: PerfNet)(User: )
Description:

Error: (04/04/2013 06:33:55 PM) (Source: PerfNet)(User: )
Description:

Error: (04/04/2013 06:31:52 PM) (Source: PerfNet)(User: )
Description:

Error: (04/04/2013 05:59:54 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/04/2013 05:58:44 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Catherine\Desktop\Adware Removal\esetsmartinstaller_enu.exe

Error: (04/04/2013 05:58:42 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Catherine\Desktop\Adware Removal\esetsmartinstaller_enu.exe


=========================== Installed Programs ============================

7-Zip 9.20
ACID Music Studio 8.0 (Version: 8.0.178)
Adobe Flash Player 11 ActiveX (Version: 11.6.602.168)
Adobe Flash Player 11 Plugin (Version: 11.6.602.180)
Adobe Reader X (10.1.6) (Version: 10.1.6)
AOL Uninstaller (Choose which Products to Remove)
ArcSoft Magic-i Visual Effects 2 (Version: 2.0.1.142)
ArcSoft WebCam Companion 4 (Version: 4.0.21.485)
Atheros WiFi Driver Installation (Version: 3.0)
avast! Free Antivirus (Version: 8.0.1483.0)
Bandisoft MPEG-1 Decoder
BatteryCare 0.9.13.0 (Version: 0.9.13.0)
Bluetooth Win7 Suite (64) (Version: 7.3.0.100)
C9
CCleaner (Version: 4.00)
Color Cop 5.4.3
Conexant HD Audio (Version: 8.54.18.50)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Defraggler (Version: 2.13)
DVD Architect Studio 5.0 (Version: 5.0.128)
Google Chrome (Version: 26.0.1410.43)
Google Talk (remove only)
Google Talk Plugin (Version: 3.17.0.12440)
Google Update Helper (Version: 1.3.21.135)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® Processor Graphics (Version: 9.17.10.2932)
Intel® Rapid Storage Technology (Version: 10.1.0.1008)
Intel® SDK for OpenCL - CPU Only Runtime Package (Version: 2.0.0.37149)
Junk Mail filter update (Version: 15.4.3502.0922)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
Media Gallery (Version: 1.5.0.16020)
Mendeley Desktop 1.6 (Version: 1.6)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Business 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft VC9 runtime libraries (Version: 1.0.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 19.0.2 (x86 en-US) (Version: 19.0.2)
Mozilla Maintenance Service (Version: 19.0.2)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT Redists (Version: 1.0)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Nexon Game Manager
NVIDIA PhysX (Version: 9.10.0129)
OOBE (Version: 11.2.1.10)
Pando Media Booster (Version: 2.6.0.8)
PMB (Version: 5.5.02.12220)
PMB VAIO Edition Plug-in (Version: 1.5.10.05300)
PMB VAIO Edition Plug-in (Version: 1.6.00.06010)
Realtek PCIE Card Reader (Version: 6.1.7600.74)
Remote Keyboard (Version: 1.1.1.03020)
Remote Play with PlayStation 3 (Version: 1.1.0.15070)
Samsung Kies (Version: 2.3.3.12085_7)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.9.0)
Sony Corporation (Version: 1.0.0)
Sony Photo Go 1.0b (Version: 1.0.123)
Sound Forge Audio Studio 10.0 (Version: 10.0.153)
SSLx64 (Version: 1.0.0)
SSLx86 (Version: 1.0.0)
Synaptics Pointing Device Driver (Version: 15.1.9.0)
System Requirements Lab for Intel (Version: 4.5.11.0)
Ubuntu (Version: 12.04-rev272)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
VAIO - Media Gallery (Version: 1.5.0.16020)
VAIO - PMB VAIO Edition Guide (Version: 1.6.00.06030)
VAIO - PMB VAIO Edition Plug-in (Version: 1.6.00.06140)
VAIO - Remote Keyboard (Version: 1.0.1.03020)
VAIO - Remote Play with PlayStation®3 (Version: 1.1.0.15070)
VAIO Care (Version: 6.4.0.15030)
VAIO Control Center (Version: 4.5.0.03040)
VAIO Data Restore Tool (Version: 1.6.0.13140)
VAIO Easy Connect (Version: 1.0.0.03050)
VAIO Event Service (Version: 5.5.0.03040)
VAIO Hardware Diagnostics (Version: 4.2.0.14280)
VAIO Help and Support (Version: 14.00.0125)
VAIO Improvement (Version: 1.0.0.14150)
VAIO Manual (Version: 2.0.0.02250)
VAIO Quick Web Access (Version: 1.4.5.5)
VAIO Sample Contents (Version: 1.4.0.09010)
VAIO Satisfaction Survey. (Version: 3.0)
VAIO Smart Network (Version: 3.5.0.02280)
VAIO Transfer Support (Version: 1.4.0.14230)
VAIO Update (Version: 6.1.1.10250)
VCCx86 (Version: 1.0.0)
Vegas Movie Studio HD Platinum 10.0 (Version: 10.0.179)
VESx64 (Version: 1.0.0)
VESx86 (Version: 1.0.0)
Vindictus
Vindictus EU
VIx64 (Version: 1.0.0)
VIx86 (Version: 1.0.0)
VSNx64 (Version: 1.0.0)
VU5x64 (Version: 1.1.0)
VU5x86 (Version: 1.1.0)
VueMinder Lite (Version: 10.1.6000)
VWSTx86 (Version: 1.0.0)
WEBZEN Browser Extension (Version: 1.01.020)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)

========================= Memory info: ===================================

Percentage of memory in use: 27%
Total physical RAM: 6091.86 MB
Available physical RAM: 4403.5 MB
Total Pagefile: 12181.91 MB
Available Pagefile: 10281.56 MB
Total Virtual: 4095.88 MB
Available Virtual: 3959.68 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:581.22 GB) (Free:483.07 GB) NTFS

========================= Users: ========================================

User accounts for \\CATHERINE-VAIO

Administrator            Catherine                Guest                    


**** End of log ****
 



Log from Malwarebytes

 

 

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.04.03.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Catherine :: CATHERINE-VAIO [administrator]

04/04/2013 4:32:40 AM
mbam-log-2013-04-04 (04-32-40).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 335387
Time elapsed: 31 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 



#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 61,429 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:09 AM

Posted 05 April 2013 - 08:26 PM

Hello,
Now you should Create a New Restore Point (alternate method) to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.
The easiest and safest way to do this is:
  • Go to Start > All Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
Then use Disk Cleanup to remove all but the newly created Restore Point.



Also run one more tool and I think we'll be done.

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#6 crong

crong
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:09 PM

Posted 05 April 2013 - 08:50 PM

Hello,

 

JRT log below. I'm surprised there are still traces of visual bee after so many scans by different programs, is it completely removed as of now? Do I need to be worried about my passwords and other personal info being collected while it was installed? I posted the AdwCleaner logs below as well for information.

 

Thanks a lot

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.3 (04.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Catherine on 06/04/2013 at  2:35:48.41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Catherine\appdata\local\visualbeeexe"



~~~ FireFox

Successfully deleted: [File] C:\Users\Catherine\AppData\Roaming\mozilla\firefox\profiles\6a6sh330.default\invalidprefs.js
Successfully deleted the following from C:\Users\Catherine\AppData\Roaming\mozilla\firefox\profiles\6a6sh330.default\prefs.js

user_pref("extensions.visualbee.tlbrId", "vdelta");
Emptied folder: C:\Users\Catherine\AppData\Roaming\mozilla\firefox\profiles\6a6sh330.default\minidumps [226 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06/04/2013 at  2:42:43.12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

# AdwCleaner v2.200 - Logfile created 04/04/2013 at 02:04:47
# Updated 02/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Catherine - CATHERINE-VAIO
# Boot Mode : Normal
# Running from : C:\Users\Catherine\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : BrowserProtect

***** [Files / Folders] *****

Deleted on reboot : C:\ProgramData\BrowserProtect
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\Users\Catherine\AppData\Roaming\Mozilla\Firefox\Profiles\6a6sh330.default\bprotector_extensions.sqlite
File Deleted : C:\Users\Catherine\AppData\Roaming\Mozilla\Firefox\Profiles\6a6sh330.default\bprotector_prefs.js
Folder Deleted : C:\Program Files (x86)\Viewpoint
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Folder Deleted : C:\Users\Catherine\AppData\Local\PackageAware
Folder Deleted : C:\Users\Catherine\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Catherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\261125~1.80\{c16c1~1\browse~1.dll
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\532d9dbe03cee46
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Wow6432Node\532d9dbe03cee46
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKU\S-1-5-21-2363000091-588270323-1130742962-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{0F827075-B026-42F3-885D-98981EE7B1AE}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://visualbee.delta-search.com/?affID=121376&babsrc=HP_ss&mntrId=8472B639E5C05BB1 --> hxxp://www.google.com

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Users\Catherine\AppData\Roaming\Mozilla\Firefox\Profiles\6a6sh330.default\prefs.js

C:\Users\Catherine\AppData\Roaming\Mozilla\Firefox\Profiles\6a6sh330.default\user.js ... Deleted !

Deleted : user_pref("avg.install.userHPSettings", "hxxp://visualbee.delta-search.com/?affID=121376&babsrc=HP_s[...]
Deleted : user_pref("browser.newtab.url", "hxxp://visualbee.delta-search.com/?affID=121376&babsrc=NT_ss&mntrId[...]

-\\ Google Chrome v26.0.1410.43

File : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [5335 octets] - [04/04/2013 02:04:18]
AdwCleaner[S1].txt - [5367 octets] - [04/04/2013 02:04:47]

########## EOF - C:\AdwCleaner[S1].txt - [5427 octets] ##########
 

 

# AdwCleaner v2.200 - Logfile created 04/04/2013 at 03:25:56
# Updated 02/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Catherine - CATHERINE-VAIO
# Boot Mode : Normal
# Running from : C:\Users\Catherine\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Users\Catherine\AppData\Roaming\Mozilla\Firefox\Profiles\6a6sh330.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v26.0.1410.43

File : C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [5335 octets] - [04/04/2013 02:04:18]
AdwCleaner[R2].txt - [1254 octets] - [04/04/2013 02:36:32]
AdwCleaner[R3].txt - [1268 octets] - [04/04/2013 03:25:47]
AdwCleaner[S1].txt - [5490 octets] - [04/04/2013 02:04:47]
AdwCleaner[S2].txt - [1201 octets] - [04/04/2013 03:25:56]

########## EOF - C:\AdwCleaner[S2].txt - [1261 octets] ##########
 


Edited by crong, 05 April 2013 - 09:21 PM.


#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 61,429 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:09 AM

Posted 05 April 2013 - 10:47 PM

If you reboot and rerun ADWcleaner is it clean now?

 

This VB appears to be a part of the Conduit infection family,, some were found in some CNET downloads and Face book links.

 

It does NOT steal passwords ,but  searches are directed to a company that tracks and effectively "sells" that information to their customersand you will get continuous ads and redirects.


How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#8 crong

crong
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:09 PM

Posted 05 April 2013 - 11:02 PM

I believe AdwCleaner is coming up clean, I have used the "search" function a few times after the initial runs. Now I uninstalled it and downloaded again, hit "delete" and it asked to reboot, after which it generated the log blow. I'm not sure what that line with prefs.js is, but it has always been there since the first scan and stays there, also not sure why chrome has disappeared from the log in this most recent run.

 

Thank you for the confirmation regarding passwords!

 

# AdwCleaner v2.200 - Logfile created 04/06/2013 at 04:52:42
# Updated 02/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Catherine - CATHERINE-VAIO
# Boot Mode : Normal
# Running from : C:\Users\Catherine\Desktop\Adware Removal\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Users\Catherine\AppData\Roaming\Mozilla\Firefox\Profiles\6a6sh330.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [702 octets] - [06/04/2013 04:52:42]

########## EOF - C:\AdwCleaner[S1].txt - [761 octets] ##########
 



#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 61,429 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:09 AM

Posted 05 April 2013 - 11:14 PM

That file is OK. It is just being checked.

 

http://kb.mozillazine.org/Prefs.js_file

 

You're good to go and thanks for visiting. :thumbsup2:


How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#10 crong

crong
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:09 PM

Posted 05 April 2013 - 11:16 PM

Thank you for all the help! :)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users