New
#41
iceman087,
Something went wrong with the OTL run. Need to try it again.
Please copy only the text in the quote box at the end of this post, starting with :OTL, and ending with [CREATERESTOREPOINT]. Do not copy the word 'Quote', and leave no blank space either above or below the text.
Paste the text with the cursor at the top left corner in the Custom Scans/Fixes box, located at the bottom of OTL.
Click: Run Fix
Allow the program to run without interruption.
The computer restarts itself, and a log is created after the machine reboots.
Please post the contents of the new OTL log (follow Post #30) in your next reply.
Text to copy:
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = {searchTerms - Search-results Search}
IE - HKLM\..\URLSearchHook: {7aeae561-714b-45f6-ace3-4a8aed6e227b} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = {searchTerms - Search-results Search}
IE - HKU\S-1-5-21-1709582024-3653389009-2489712307-1001\..\URLSearchHook: {7aeae561-714b-45f6-ace3-4a8aed6e227b} - No CLSID value found
IE - HKU\S-1-5-21-1709582024-3653389009-2489712307-1001\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
O2:64bit: - BHO: (no name) - {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7aeae561-714b-45f6-ace3-4a8aed6e227b} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-1709582024-3653389009-2489712307-1001\..\Toolbar\WebBrowser: (no name) - {7AEAE561-714B-45F6-ACE3-4A8AED6E227B} - No CLSID value found.
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) - File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll) - File not found
:Files
C:\Users\chuck\AppData\Local\VisualBeeExe
C:\Users\chuck\AppData\Local\Conduit
C:\ProgramData\Tarma Installer
C:\ProgramData\VisualBee
:Commands
[emptytemp]
[Reboot]
[CREATERESTOREPOINT]
this is what it says
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{7aeae561-714b-45f6-ace3-4a8aed6e227b} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7aeae561-714b-45f6-ace3-4a8aed6e227b}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry value HKEY_USERS\S-1-5-21-1709582024-3653389009-2489712307-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{7aeae561-714b-45f6-ace3-4a8aed6e227b} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7aeae561-714b-45f6-ace3-4a8aed6e227b}\ not found.
HKEY_USERS\S-1-5-21-1709582024-3653389009-2489712307-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1ED9DA0-AFD0-4b90-AC6A-D3874F591014}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C1ED9DA0-AFD0-4b90-AC6A-D3874F591014}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7aeae561-714b-45f6-ace3-4a8aed6e227b} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7aeae561-714b-45f6-ace3-4a8aed6e227b}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 not found.
Registry value HKEY_USERS\S-1-5-21-1709582024-3653389009-2489712307-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7AEAE561-714B-45F6-ACE3-4A8AED6E227B} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll deleted successfully.
========== FILES ==========
C:\Users\chuck\AppData\Local\VisualBeeExe folder moved successfully.
File\Folder C:\Users\chuck\AppData\Local\Conduit not found.
File\Folder C:\ProgramData\Tarma Installer not found.
C:\ProgramData\VisualBee folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: chuck
->Temp folder emptied: 1994995 bytes
->Temporary Internet Files folder emptied: 71047 bytes
->Google Chrome cache emptied: 62565158 bytes
->Flash cache emptied: 0 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 547334 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 62.00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.69.0 log created on 02042013_103723
Files\Folders moved on Reboot...
C:\Users\chuck\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
i gtg to work for a bit,ill check back later....
Now we're cookin'!! Got rid of that 'stuff'.
Please go back to Post #34, follow the instructions for using Farbar's Recovery Scan Tool, and provide its report.
We will be able to see if anything is there (like a RootKit) before Windows starts.
Then, knowing what we have at hand, we can use the tool(s) needed to remove.
If nothing of significance shows up, we'll take it!!
ok guys heres the text file...sorry it took so long,had an iracing race lastnight...
iceman087,
The FRST report looks OK.
How is the computer running? Presuming you have no more PUP.Datamngr problems any longer...
no,ive ran several scans and its never been detected again.my computer never did run bad,just didnt want it there.thanks again.im assuming thats its solved?