PUP.Datamgnr

[itsnotmee]

I ran Malwarebytes multiple times, it keeps detecting:

Registry Keys Detected: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} (PUP.Datamngr) -> Quarantined and deleted successfully.

Help?

[AdvancedSetup]

Hello and

Please run the following scanner and send back the logs.

Download DDS from one of the locations below and save to your Desktop

dds.scr

dds.com

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click dds.scr or dds.com to run the tool.

Click the Run button if prompted with an Open File - Security Warning dialog box.

A black DOS console should open and run for a moment.

When done, DDS will open two (2) logs:
• 
  
  1. DDS.txt
     
  2. Attach.txt
     

• Save both reports to your desktop
  
• Please include the following logs in your next reply: DDS.txt and Attach.txt
  You can ignore the note about zipping the Attach.txt file in most cases.
  

Thank you

[itsnotmee]

Thanks for your reply,

here are the requested attachment (without internet connection and AV disabled)

attach.txt

dds.txt

[AdvancedSetup]

Well the logs show that you appear to be running or have run too many antivirus products at the same time.

You can typically run an Anti-Malware product alongside an antivirus product but you cannot run 2 antivirus products at the same time.

Please temporarily disable your antivirus and run the following steps.

STEP 1

AVG and Lavasoft both appear to be full fledged antivirus products. You need to choose which one you want to use and fully remove the other one.

In fact AVG says you're running both a Free version and what would appear to be the paid version. If so you should remove the free version.

AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}

SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}

FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

Ad-Aware Antivirus

Ad-Aware Browsing Protection

AVG 2013

STEP 2

Please go to Control Panel, Programs Add/Remove and uninstall the following program.

Search-Results Toolbar

STEP 3

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

• Please download ERUNT from here
  
• ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  
• Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  
• Use the default install settings but say NO to the portion that asks you to add ERUNT to the Start-Up folder. You can enable this option later if you wish.
  
• Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  
• Choose a location for the backup.
  
  • Note: the default location is C:\Windows\ERDNT which is acceptable.
    

  [*]Make sure that at least the first two check boxes are selected.

  [*]Click on OK

  [*]Then click on YES to create the folder.

Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

STEP 4

Please download Junkware Removal Tool to your desktop.

• Shutdown your antivirus to avoid any conflicts.
  
• Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  
• The tool will open and start scanning your system.
  
• Please be patient as this can take a while to complete.
  
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  
• Post the contents of JRT.txt into your next reply message
  
• When completed make sure to re-enable your antivirus

STEP 5

Please download AdwCleaner by Xplode to your desktop.

• Close all open programs and internet browsers.
  
• Double click on AdwCleaner.exe to run the tool.
  
• If prompted by the User Account Control click Yes to allow it to run.
  
• Under Actions click on the Delete button.
  
• Click OK on all prompts.
  
• You will be prompted to restart your computer. A text file will open after the restart.
  
• Please post the entire contents of that logfile to your next reply.
  
• You can find the logfile at C:\AdwCleaner[s1].txt where the number in brackets indicates how often it was run.

STEP 6

Please download MiniToolBox save it to your desktop and run it.

Checkmark the following check-boxes:

• Flush DNS
  
• Report IE Proxy Settings
  
• Reset IE Proxy Settings
  
• Report FF Proxy Settings
  
• Reset FF Proxy Settings
  
• List content of Hosts
  
• List IP configuration
  
• List Winsock Entries
  
• List last 10 Event Viewer log
  
• List Installed Programs
  
• List Devices
  
• List Users, Partitions and Memory size.
  
• List Minidump Files
  

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using Reset FF Proxy Settings option Firefox should be closed.

[itsnotmee]

Uninstalled Adaware.

Note: Ran AdwCleaner twice, it did not give a log in the first reboot (?)

AdwCleanerS1.txt

JRT.txt

Result.txt

[AdvancedSetup]

Please temporarily disable your current antivirus and run this online av scan. Note the directions may have changed somewhat for the interface but the general idea should still apply.

If you have trouble running it please let me know. When done please also run MBAM and check for updates and then do a Quick Scan and post back that log as well.

It's getting a bit late here so I'll be heading out but I'll check back with you tomorrow.

Next, please run a free online scan with the ESET Online Scanner

US Link: http://www.eset.com/us/online-scanner/

EU Link: http://www.eset.eu/online-scanner/

Note: You will need to use Internet Explorer for this scan or if using Chrome or Firefox you may need to download the scanner manually.

Manual scanner download link (only needed if you cannot run the scanner from Internet Explorer)

http://download.eset...staller_enu.exe

* Tick the box next to YES, I accept the Terms of Use.

* Click Start

* When asked, allow the program to install the "OnlineScanner.cab" file by clicking the Install button

* You may get a warning about resending the data, please click on the Retry button if shown

* Click Yes to allow it to install the Scanner cab file now

* Make sure that the options "Remove found threats" is checked

* Then click on the "Advanced settings" link.

* Make sure that the option "Scan for potentially unwanted applications" is checked.

* Make sure that the option "Scan for potentially unsafe applications" is checked.

* Make sure that the option "Enable Anti-Stealth technology" is checked.

* Now click the Start button

* It may ask one more time to install a cab file, please click Yes to allow it.

* Now it will download the virus signature database and then automatically start scanning your system.

* Wait for the scan to finish

* When the scan is finished make sure to click on the "List of found threats"

* Now click on the "Export to text file" link and save the log to a location where you can find it again later.

* Then click the "back" button

* Now click on the "Finish" button and go ahead and close the program.

* Go find the exported list of detected files you saved earlier and attach that log on your next reply.

[itsnotmee]

I have problems running the online scanner, after it download the virus signature database and begin to scan, it will be stuck with 0 files scanned.

[AdvancedSetup]

Okay let's try another antivirus scanner for now.

Download Dr.Web CureIt to the desktop.

The download is nearly 104.6 MB in size

• Turn OFF your antivirus program.
  How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  
• Turn off any other add-on security app {if you have them} like MBAM File System Protection.
  
• If this system is Windows 8/7 or VISTA, then Right-click on drweb-cureit.exe and select Run as Administrator.
  
• Otherwise, on Windows XP, doubleclick on drweb-cureit.exe file to start the tool.
  
• You will see a screen similar to this:
  
  Click the checkbox to participate, and then click on Continue button.
  
• Next
  
  Click on Select onjects for scanning
  
• Next
  
  Put a checkmark by clicking on the boxes as shown.
  Do not select Temporary files or System Restore points.
  Then click on Start scanning button
  
• The scan in progress will be shown like this
  
  
• IF something is detected, you will see a screen similar to this
  
  For each item "detected", click on the Action column down arrow, like this
  
  Your options will be Cure or Ignore
  IF you see an item that you are very sure is ok, then un-check the checkbox for that item.
  Typically, you will keep the Cure default.
  Then click on the Neutralize button.
  
• When the actions are completed, you will see this
  
  
• Click on the green Open Report line. It will pop-up the report in NOTEPAD.
  Save the report to your desktop. The report will be called Cureit.log
  
• Close Dr.Web Cureit.
  
• Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  
• After reboot, attach the log Cureit.log you saved previously in your next reply.
  
• You may need to change it from .log to .txt in order to attach it.
  

Re-Enable your antivirus program when all done.

[itsnotmee]

I ran the ESET Online Scanner this morning and it worked.

Results.txt

[AdvancedSetup]

Please run Malwarebytes Anti-Malware and check for updates. Then do a Quick Scan and post back the new log.

[itsnotmee]

No malicious objects detected

[AdvancedSetup]

Well that's good then. So there are no more signs of the PUP.Datamgnr detection?

How is the computer running now?

[itsnotmee]

I forgot to attach the results:

mbam-log-2013-06-04 (14-31-12).txt

[itsnotmee]

I think the computer is running the same speed as before, but there are no random freezes now.

Thanks

[AdvancedSetup]

Okay then unless you have any other questions or issues related to malware we should be done here.

You can remove any tools we've used up to this point if you like.

Please read the following articles to help you keep from getting infected.

How Malware Spreads - How did I get infected

Best Practices for Safe Computing - Prevention of Malware Infection

Thanks and good luck out there

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!