Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Junk Removal Tool by thisisu


  • Please log in to reply
19 replies to this topic

#1 oldblueeyes

oldblueeyes

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Glenview, Illinois
  • Local time:02:09 AM

Posted 14 August 2013 - 09:31 PM

This is a two part question and since I am new I hope this is the proper forum to post if not please forward to the proper area and let me know.

 

1.) My computer is working fine as best can be determined but when I ran the JRT(which I plan to do once a week to check on junk on the computer) that Dell downloaded for me in reference to another situation I had they wanted to check on viruses and the like.  When I ran the application I received this from the log:  Incidentally all other topics were fine did not find anything.

 

~~~ Registry Keys

Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajamupdater_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajamupdater_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\webcakedesktop_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\webcakedesktop_rasmancs
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\datamngr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnSetup_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnSetup_RASMANCS

 

 

As you can see there are three registry keys not deleted because the program said when I first ran it that they were not found.

 

HKEY_LOCAL_MACHINE\Software\Wow6432Node\datamngr

HKEY_CURRENT_USER\Software\datamngr
HKEY_LOCAL_MACHINE\Software\datamngr

 

I tried to look up the meaning on these on Bing and could not really get a sense of what the last two were but the first one does have something to do in that I am running  64 bit program and this is the designation for it as far as I can tell not really sure. So is this normal or should have JRT have found them or have they indeed been deleted by me somehow which I don't think so since it would seem to me that I would be experiencing at least some type of problem since I feel these keys might be important?

 

2nd question much easier. When Dell tried to update the JRT by pressing Y it did not do it and he went to the website to get presumably the latest edition.  Do you know if this is correct or why it was not able to load the current version by pressing Y when the application started because it did inform me that I had an outdated version. Also do you know about when new versions come out so that I will not have  to consistently go and waste my time trying to find them.

 

Thank you very much.


Edited by Orange Blossom, 14 August 2013 - 10:41 PM.
Moved to more appropriate forum. ~ OB


BC AdBot (Login to Remove)

 


#2 czarboom

czarboom

  • Members
  • 512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Central Texas
  • Local time:02:09 AM

Posted 14 August 2013 - 11:31 PM

well, thats a lot and a little.  datamgnr is a process that needs to be removed.  Looks like it aint  Check out this page here on the forum

DataMngr-DataMngrUI.exe

its got some start info on this.

Also go to malwarebytes.com, you can google it.  Get the Malwarebytes Root Kit, also get File and Registry Assassian programs .  Also.  Got get CCleaner also.  Its over kill but it works if nothing else does.

Running CCleaner will get rid of the junk.  Run it a few times till nothing comes back.  If it keeps comming back, then you know whats what.  (meaning its bad)

Use the Root Kit tool.  And back up all of the registry before you start.  CCleaner will do that for you. 

If you cant get it to stay gone, read the READ ME file that comes with the install, and run Root Kit in Safe Mode.  Reboot, still there, well you need to find the file/ registry or process.  Then get rid of it.  Get plan old malwarebytes .  This will run as a virus scan, and you dont have to mess with your current anitvirus to do it. 

Each file returned, find the Key(if any) in the reg. tree.  Then use Registry Assassian to get it.  Delete all.  Reboot, run all again. 

This should do it.  If not, Reboot and reinstall.  Or use Bitdefender or simular that has a boot scan, and all those highspeed tools.  Also check with

www.nist.gov/information-technology-portal.cfm  Great knowledge base for all things IT and security

also http://www.securelist.com/en/   A virus site mantained by the top anti virus companies

good luck

As for the Dell thing, get ShouldIRemoveIt  Great tool that will explain all the programs on your computer, and give you info baised on user use, removal, and who installs it.  Then you can find what your looking for and the "Y" thing, dont know, it was not super clear as to what you were getting at there.  Also Dell.com, to see about current versions with your PC.  Dell has a auto scan and update tool that will do this for you, but its a Hog, and has some bloat ware.  But it works.

 

 

Good Luck


CZARBOOM 
Malware Study Hall Sophomore
 
"Never Stop Asking Questions, Question Your Environment, Question Your Government, above all Question Yourself.  We all lose when you Stop asking Why?

 

 


#3 oldblueeyes

oldblueeyes
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Glenview, Illinois
  • Local time:02:09 AM

Posted 15 August 2013 - 12:37 AM

I don't think you understood and thank you for your response.  could it be that ccleaner and Malwarebytes deleted the keys because I do use both of these programs as well which I forgot to tell you. Maybe that's why JRT could not find the keys since they were deleted by one of those programs already? Perhaps one of these programs recognized that the keys were not necessary and removed them where as JRT does not remove the keys but just the junk attached to them and since the keys were already deleted obviously no junk could be associated with them?   What I meant by Y is in that JRT platform it has the user put in the letter Y for Yes which is found in the platform before you start it. Have you used it yourself then you should be familiar with Y or Yes for the update. If I have to Ill just go to the website from time to time.



#4 thisisu

thisisu

    U


  • Malware Response Team
  • 2,103 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:09 AM

Posted 15 August 2013 - 01:35 AM

Hello oldblueeyes,

 

The following keys:

 

HKEY_LOCAL_MACHINE\Software\Wow6432Node\datamngr

HKEY_CURRENT_USER\Software\datamngr
HKEY_LOCAL_MACHINE\Software\datamngr

 

Are indeed considered adware as czarboom pointed out.

It appears the tool recognized the keys were present on your system, but had difficulty deleting them (hence the failed to delete message). This has been a problem for a while and I will try to implement a better way to attempt to remove those keys :)

 

__

 

 

Do you know if this is correct or why it was not able to load the current version by pressing Y when the application started because it did inform me that I had an outdated version. 

 

 

The auto-update feature needs some work done to it. Hopefully I can have it fixed in the next version. Thanks for bringing up these issues

 

Best regards,

Thisisu



#5 oldblueeyes

oldblueeyes
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Glenview, Illinois
  • Local time:02:09 AM

Posted 15 August 2013 - 02:10 AM

Thank you so much. Just a follow up first can you please explain in laymans terms exactly what those keys are suppose to be. One of them I know has to do with the 64 bit system I am operating which is what I was given when I put it on bing its this one (HKEY_LOCAL_MACHINE\Software\Wow6432Node\datamngr) It seemed like it had a definite purpose are you absolutely sure that this one as well as the other two are absolutely not meant to be on the computer?

JRT said that the application could not delete them because it could not find them. This was said (could not find) on the application itself after the run, not on the log that was on my computer . There it mentioned could not delete. Does that not indicate that this is so because one of the other programs I use actually deleted them already. Do you know what I am getting at? Again thanks.

Now then, are you saying that you are aware of these problems, that is to say, others have said the exact same thing. Or am I correct and the keys are actually deleted from the computer and if so that would not be commensurate with your above comment saying it did not delete because of a known problem



#6 oldblueeyes

oldblueeyes
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Glenview, Illinois
  • Local time:02:09 AM

Posted 15 August 2013 - 02:16 AM

Lastly is there a danger in the case I am wrong and actually still on the computer, which is my mind may not actually be.  Please explain sort of confusing to me.



#7 thisisu

thisisu

    U


  • Malware Response Team
  • 2,103 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:09 AM

Posted 16 August 2013 - 02:15 AM

The keys are simply traces of "DataMngr". It is bundled with Potentially Unwanted Softwares (PUPs) such as "Search-Results Toolbar", "Bearshare", "bProtector", "iLivid", etc..

 

"HKEY_LOCAL_MACHINE\Software\Wow6432Node\datamngr" is indeed an indication that you are on a 64-bit operating system (OS) as you would only see the subkey Wow6432Node present on a 64-bit OS.

 

 

are you absolutely sure that this one as well as the other two are absolutely not meant to be on the computer?

 

It's considered PUP. It's nothing to be too concerned about. PUP usually gets installed without the user's consent which is why it's targeted by the tool in the first place.

 

 

JRT said that the application could not delete them because it could not find them.

 

 

I know which error message you are talking about now. It has nothing to do with DataMngr or any other particular software. JRT is searching for something else but the output is not nulled out if it is not found. It will be fixed in an upcoming version.

 

 

Now then, are you saying that you are aware of these problems, that is to say, others have said the exact same thing.

 

Yes, others have reported the same thing in regards to those 3 keys being difficult for the tool to remove.

 

There is a similar tool that can remove those keys without a problem. The tool is called AdwCleaner incase you want to look into removing them and other adware / PUP.

 

 

Lastly is there a danger in the case I am wrong and actually still on the computer

 

 

I wouldn't say it is "dangerous". It's just a leftover / trace of a program that was once installed that used DataMngr

 

Recommending reading if you are interested : http://support.mozilla.org/en-US/questions/816181

 

Best regards

Thisisu


Edited by thisisu, 16 August 2013 - 02:17 AM.


#8 oldblueeyes

oldblueeyes
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Glenview, Illinois
  • Local time:02:09 AM

Posted 16 August 2013 - 12:21 PM

I appreciate your responses very much! But since I am such a perfectionist please allow me just two more questions. The key signifying that I am using a 64-bit system well since I am using that system why would it be considered adware or otherwise something that is not necessary to my computer and therefore should be deleted? In other words why is it showing up as something the application feels should be deleted?

Moreover if I do decide to download the adware cleaner which I probably will there is an option there a special option to disable various browsers so that conditions will not be detected with those browsers now then if I am running Internet Explorer and that is the only browser that I am running should I then choose enable detection for IE browser and
make sure I have disabled for the other browsers or perhaps since I don't have the other browsers I don't have to do anything for those browsers just make sure that I have enable for the IE browser. Is that correct?

Just so I can understand are you the president of Thisisu and the one who actually developed the JRT application? Just wondering With whom I am having this delightful conversation with!

This has nothing to do with my Technical questions I am done with them. But I wanted To know if you can be kind enough to explain to me how does one work the multiquote and the quote section. (what's the difference) on the website. Obviously you know how since you were able to single out my quotes. If I want to do that how do I go about doing that? Thank you very much for all your help.

#9 thisisu

thisisu

    U


  • Malware Response Team
  • 2,103 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:09 AM

Posted 17 August 2013 - 02:07 AM



The key signifying that I am using a 64-bit system well since I am using that system why would it be considered adware

 

It's not. Perhaps this will explain it better.

 

  • HKEY_LOCAL_MACHINE\Software\Wow6432Node\datamngr = adware
  • HKEY_LOCAL_MACHINE\Software\Wow6432Node = legitimate. The Wow6432Node gives us a hint that the operating system is 64-bit.

__

 


 

Moreover if I do decide to download the adware cleaner which I probably will there is an option there a special option to disable various browsers

 

Yes. The switches you can use with the tool are explained in detail on the download page.

 

__

 


 

and the one who actually developed the JRT application

 

 

Yes I am the developer of the tool :)

 

__

 


Obviously you know how since you were able to single out my quotes.

 

I am copy pasting what you wrote, then I select the line again of what you wrote and press the "Quote" button. ( see pic below )

 

Attached File  quote.jpg   18.36KB   3 downloads

 

__

 

By the way, I just uploaded a new version of the tool which hopefully should fix the problem of seeing the "ERROR: The system was unable to find the specified registry key or value." message while the tool is scanning.

 

Have a great weekend!

Thisisu



#10 oldblueeyes

oldblueeyes
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Glenview, Illinois
  • Local time:02:09 AM

Posted 17 August 2013 - 11:46 AM

1.) Is the new version the one on bleeping.com that says last added July 13, 2013, I believe, because that would be some time ago?   2) Also does it take  care  of the update problem that you agreed with me that there was one. You know when you press Y or yes to update it did not.  3.) Lastly the 64 bit key still do not understand. You gave one that said =legitimate the other one = adware what was this all  to mean and if legitimate still do not know why application was looking for it. Still confusing just on that one point everything else I understand and I can not thank you enough for being so patient and professional with me and giving me excellent answers seems rare on forums of this nature; but, I suppose it depends on whom one is talking to and you obviously are very proficient!

 

Thanks and have a nice weekend too. Hopefully Ill get your response early next week.

 

Sincerely,

 

Bob (Bobby) Epstein

 

 

 



#11 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 27,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:12:09 AM

Posted 17 August 2013 - 01:27 PM

Just to answer your question about quotes. MultiQuote is when you want to quote replies from multiple respondents within the thread or topic. For example any or all of posts number 2, 5 and 7 in this topic. You would click the MultiQuote button in each of those posts. Just using the quote button gives you the whole reply of one single reply of your choosing within that topic. Hope that helps clarify the difference between Quote and MultiQuote.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown


Posted Image


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams.


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+


#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 32,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:09 AM

Posted 17 August 2013 - 08:03 PM


oldblueeyes, let me elaborate more about a PUP detection as it seems you may not fully understand what it is.

A Potentially Unwanted Program (PUP) is a very broad threat category which can encompass any number of different programs to include those which are benign as well as malicious. Thus, this type of detection does not always necessarily mean the file is malware or a bad program. PUPs in and of themselves are not always bad...many are generally known, non-malicious but unwanted software. PUPs are considered unwanted because they can cause undesirable system performance or other problems and are sometimes installed without the user's consent since they are often included when downloading legitimate programs.

PUPs may also be defined somewhat differently by various security vendors.
Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#13 czarboom

czarboom

  • Members
  • 512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Central Texas
  • Local time:02:09 AM

Posted 18 August 2013 - 12:00 AM

Sorry about that, Didnt read the post right, thats what I get for doing this after working for 20 hrs.  O well, hope you get it sorted,


CZARBOOM 
Malware Study Hall Sophomore
 
"Never Stop Asking Questions, Question Your Environment, Question Your Government, above all Question Yourself.  We all lose when you Stop asking Why?

 

 


#14 thisisu

thisisu

    U


  • Malware Response Team
  • 2,103 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:09 AM

Posted 22 August 2013 - 06:09 PM

Lastly the 64 bit key still do not understand. You gave one that said =legitimate the other one = adware what was this all  to mean and if legitimate still do not know why application was looking for it.

 

Here is a better explanation (from Microsoft themselves) of the registry key I put a "= legitimate" next to: http://msdn.microsoft.com/en-us/library/windows/desktop/ms724072(v=vs.85).aspx .

 

JRT only checks this registry key's subkeys if a 64-bit operating system is detected.


Edited by thisisu, 22 August 2013 - 06:09 PM.


#15 oldblueeyes

oldblueeyes
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Glenview, Illinois
  • Local time:02:09 AM

Posted 24 August 2013 - 04:49 PM

Hi Thisisu

 

Just to let you know that I ran the new version just now on 8/24/13 and apparently the problem is ok now as the Log apparently shows a clear computer.    Here is the log and let me know if you agree

 

 

Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.4 (08.22.2013:1)
OS: Windows 7 Home Premium x64
Ran by Bobby on Sat 08/24/2013 at 16:12:23.30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 08/24/2013 at 16:16:21.10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

There is still those three error messages that appear during the scan saying that the keys can not be found. I trust you know what the three actually say since I was not able to copy and paste them until it was finished and you addressed this in an earlier post to me above. Apparently this problem has not been resolved yet since the other problem of removing those  datamgr. keys and that Wow6432 has apparently been resolved as no mention of them is on the log as shown above  with this new version. 

 

Just one more thing: The backup to the registry in the case that I have to or have someone else have to go to restore the latest registry in case there are problems although I trust there will not be,where would I or some one go on the computer to get to any of the backups I created, presumably I would install the latest one.

 

Again thanks

 

Sincerely,

 

Bobby






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users