hi my dad was using my laptop and was doing some surveys, he ended up downloading but didn't install a program called VisualBee. he opened the installer though, but didn't install. after a couple minutes my browser (Chrome) closed out by itself and when I tried to reopen it, it has a new home page.. he also installed something called SavingsVault and when I try to uninstall it using CCleaner, the uninstaller just freezes up.. also for VisualBee it somehow took over my chrome browser and by this I mean that everytime I open it, it shows a VisualBee search engine as the home page and even when I open a new tab. I've tried changing the home page and removing the extension in the settings of Chrome but after I reopen a new one, it just goes back to being VisualBee. as for SavingsVault i'm not sure what actions it is performing right now as I don't see a change regarding that.
i am running on windows 7 home premium 64 bit and posting all this info from a second computer while using a usb to transfer files/logs back and forth.
here is the MBAM log and the rest are attached as requested in the sticky thread. i appreciate anyone's help in helping me fix this so thanks in advance.
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.orgDatabase version: v2013.02.20.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
User :: USER-HP [administrator]
2/20/2013 2:34:03 AM
mbam-log-2013-02-20 (02-34-03).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200002
Time elapsed: 2 minute(s), 44 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 3
C:\Users\User\AppData\Local\Temp\CSM2DAA.tmp (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Temp\CSM7B8B.tmp (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Temp\CSM81D2.tmp (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
(end)