Jump to content

Another PUP DataMngr request


Recommended Posts

Hi,

I have been having trouble recently with PUP Datamnger and the NUSEARCH engine. Could somebody please tell me how to get rid of this virus. Here are the logs

# AdwCleaner v2.107 - Logfile created 01/22/2013 at 19:32:43

# Updated 21/01/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Joe - JOE-PC

# Boot Mode : Normal

# Running from : C:\Users\Joe\AppData\Local\Temp\fgdjxdf2.tmp\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml

File Found : C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ljz5bkfl.default-1351771952608\searchplugins\Search_Results.xml

Folder Found : C:\Program Files (x86)\search results toolbar

Folder Found : C:\Program Files (x86)\Yontoo Layers Runtime

Folder Found : C:\ProgramData\Ask

Folder Found : C:\ProgramData\boost_interprocess

Folder Found : C:\ProgramData\Tarma Installer

Folder Found : C:\Users\Joe\AppData\Local\Ilivid Player

Folder Found : C:\Users\Joe\AppData\LocalLow\searchquband

Folder Found : C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ljz5bkfl.default-1351771952608\extensions\{1fd91a9c-410c-4090-bbcc-55d3450ef433}

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Crossrider

Key Found : HKCU\Software\AppDataLow\Software\searchqutoolbar

Key Found : HKCU\Software\Cr_Installer

Key Found : HKCU\Software\DataMngr

Key Found : HKCU\Software\DataMngr_Toolbar

Key Found : HKCU\Software\ilivid

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1ED9DA0-AFD0-4b90-AC6A-D3874F591014}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Found : HKCU\Software\Softonic

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}

Key Found : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}

Key Found : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll

Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL

Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api

Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1

Key Found : HKLM\Software\iLividSRTB

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

Key Found : HKLM\SOFTWARE\DataMngr

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Key Found : HKLM\SOFTWARE\Tarma Installer

Key Found : HKU\S-1-5-21-4199401296-4234757258-1743201466-1001\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Key Found : HKU\S-1-5-21-4199401296-4234757258-1743201466-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]

Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.snap.do/?publisher=Download2&dpid=Download2&co=GB&userid=0d3352a5-7efc-48b6-bd38-1394824af6da&searchtype=ds&q={searchTerms}

[HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.snap.do/?publisher=Download2&dpid=Download2&co=GB&userid=0d3352a5-7efc-48b6-bd38-1394824af6da&searchtype=ds&q={searchTerms}

[HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=Download2&dpid=Download2&co=GB&userid=0d3352a5-7efc-48b6-bd38-1394824af6da&searchtype=ds&q={searchTerms}

[HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=Download2&dpid=Download2&co=GB&userid=0d3352a5-7efc-48b6-bd38-1394824af6da&searchtype=ds&q={searchTerms}

-\\ Mozilla Firefox v18.0.1 (en-US)

File : C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\ljz5bkfl.default-1351771952608\prefs.js

Found : user_pref("browser.search.defaultenginename", "Search Results");

Found : user_pref("browser.search.order.1", "Search Results");

Found : user_pref("browser.search.selectedEngine", "Search Results");

Found : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=550&systemid=406&apn[...]

-\\ Opera v [unable to get version]

File : C:\Users\Joe\AppData\Roaming\Opera\Opera\operaprefs.ini

Found : Home URL=hxxp://www.searchnu.com/406

*************************

AdwCleaner[R1].txt - [7350 octets] - [22/01/2013 19:32:43]

########## EOF - C:\AdwCleaner[R1].txt - [7410 octets] ##########

Link to post
Share on other sites

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs here.....DDS.txt and Attach.txt

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Quit all running programs.

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.