Jump to content

help removing pup.optional wajam


nancyld

Recommended Posts

ran a scan and afterwards it found 2 things as you can see in the log below...checked the boxes and clicked on removal and malwarebytes just hangs there,,,then it says on top.. malwarebytes not responding...tried several times and get the same results...can someone advise me on what to do next...buy a new computer??  thanks so much for the help...!

this is what it found...

C:\Users\Nancy Lynn\AppData\Local\Wajam (PUP.Optional.Wajam.A) -> No action taken.
C:\Users\Nancy Lynn\AppData\Local\Wajam\Chrome (PUP.Optional.Wajam.A) -> No action taken.

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.20.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Nancy Lynn :: NANCYLYNN-PC [administrator]

2/20/2014 12:55:26 AM
MBAM-log-2014-02-20 (01-04-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 210010
Time elapsed: 8 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\Users\Nancy Lynn\AppData\Local\Wajam (PUP.Optional.Wajam.A) -> No action taken.
C:\Users\Nancy Lynn\AppData\Local\Wajam\Chrome (PUP.Optional.Wajam.A) -> No action taken.

Files Detected: 0
(No malicious items detected)

(end)

 

attach.txt

dds.txt

Link to post
Share on other sites

  • Root Admin

Hi Nancy

 

Research asked me to have you make sure that all Browsers like Internet Explorer, Firefox, Chrome, etc are closed along with any other programs while running the scan and see if it is then able to remove it. If it still hangs then restart the computer into Safe Mode and try again from there.

 

If needed here are some links on how to start the computer in Safe Mode

 

How to boot into Safe Mode in Windows Vista

Start your computer in safe mode
 

If it's able to remove it then please post back the new MBAM log.

Link to post
Share on other sites

Hi,

I only have IE browser and i had no windows open...I ran in safe mode and still could not remove them...I check both boxes and as soon as I click on removal I get the spinning thing in the window and then at the top of the malware page is says again ...malware bytes is not responding....did it in safe mode too and eveyrtime I have done tonite/today...I ran it again after I restarted from being in safe mode and get the same thing happening....do I need to uninstall malware and reinstall??  I even let it stay up with the not responding for about 30 minutesw and nothing happened...have to do control alt delete to close out of the window...everything else is working good on here except malware...

thanks

Link to post
Share on other sites

  • Root Admin

Okay, please run the following for me and post back the logs.  Getting late here for me so I'll check back on you sometime tomorrow.

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


 

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-02-2014

Ran by Nancy Lynn (administrator) on NANCYLYNN-PC on 20-02-2014 04:32:02

Running from C:\Users\Nancy Lynn\Downloads

Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Normal

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe

(Agere Systems) C:\Windows\system32\agrsmsvc.exe

(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe

(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

(Toshiba) C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe

(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\SmoothView\SmoothView.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe

(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\NDSTray.exe

(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

(TOSHIBA) C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe

(Siber Systems) C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe

(Microsoft Corporation) C:\Windows\ehome\ehtray.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

(Intel Corporation) C:\Windows\system32\igfxsrvc.exe

(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe

(Intel Corporation) C:\Windows\system32\igfxext.exe

(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6037504 2008-04-08] (Realtek Semiconductor)

HKLM\...\Run: [iAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-04-15] (Intel Corporation)

HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-12-06] (Synaptics, Inc.)

HKLM\...\Run: [Camera Assistant Software] - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [417792 2008-04-29] (Chicony)

HKLM\...\Run: [jswtrayutil] - "C:\Program Files\Jumpstart\jswtrayutil.exe"

HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [431456 2008-02-06] (TOSHIBA Corporation)

HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [54608 2007-11-01] (TOSHIBA Corporation)

HKLM\...\Run: [smoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [505720 2008-06-02] (TOSHIBA Corporation)

HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [716800 2008-05-09] (TOSHIBA Corporation)

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)

HKLM\...\Run: [NDSTray.exe] - NDSTray.exe

HKLM\...\Run: [cfFncEnabler.exe] - cfFncEnabler.exe

HKLM\...\Run: [Google Desktop Search] - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-14] (Google)

HKLM\...\Run: [Mirabilis ICQ] - C:\Program Files\ICQ\ICQNet.exe [38984 2003-10-14] ()

HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-10-15] (Adobe Systems Incorporated)

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)

HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-01-28] (Apple Inc.)

HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)

HKLM\...\Run: [skytel] - C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)

Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)

HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\S-1-5-21-809015223-3471323333-3725180717-1000\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)

HKU\S-1-5-21-809015223-3471323333-3725180717-1000\...\Run: [RoboForm] - C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [160592 2009-02-16] (Siber Systems)

HKU\S-1-5-21-809015223-3471323333-3725180717-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)

AppInit_DLLs: C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-08-14] (Google)

Startup: C:\Users\Nancy Lynn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB

SearchScopes: HKLM - DefaultScope {F7E68936-DBD8-4E82-A98B-8B15F160901A} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB

SearchScopes: HKLM - {F7E68936-DBD8-4E82-A98B-8B15F160901A} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB

SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=AbEBxEpKd9KXcGkDj207nD76EKA?q={searchTerms}

SearchScopes: HKCU - {F7E68936-DBD8-4E82-A98B-8B15F160901A} URL =

BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

BHO: No Name - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)

BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File

Toolbar: HKLM - &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

Toolbar: HKLM - &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

Toolbar: HKCU - &Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)

Toolbar: HKCU - &RoboForm - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://mywayphotos.riteaid.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Link to post
Share on other sites

  • Root Admin

The program makes no changes.  It simply queries the computer to ask it what's running. 

 

Please shut down the computer and leave it off for a couple minutes.  Then restart it and see if it will start normally and access the Internet.

If not then shut it down and press F8 on restart and choose "Last Known Good Configuration"

 

Good night.  Check back on you tomorrow.

Link to post
Share on other sites

A new day but still cant get on the laptop you were helping me with....when I went to post the last file you asked for...addition txt...that is when it would not let me do anything....said I didnt have the right to...and I forget...I can view my documents..pics and that is about all...cant go to a web page or even get a connection...says I dont have access...called my isp and they couldnt go anything...computer status unknown...access denied..couldnt even do a system restore...it tried but it told me it failed...dont know what else to do...it lets me run malewarebytes but I guess you can do that without being online...any suggestions

Link to post
Share on other sites

 Hi,

 

Just wanted to thank you for all the help you have given me...still cant use my lappy...sure dont know what happened but when i treid to attach that last file you needed, Addition.txt I got a pop up saying I dont have the right to ...and then i dont really know what happened...I couldnt do anything...did control alt delete and closed all windows that way did a restart and cant get a connection..access denied...cant go to IE even off line...  I get this from mircrosft when I start up...in product messaging application has stopped working...not sure what to do next....yes...very stressed out....dont really want to take it in to be fixed...I heard no noises from it....starts up good...just seems like I lost my administration rights...good I have been hacked from posting my reports?  I said I know nothing about this techy stuff....just need to know if I should go any farther with this issue...thx so much for what you have already done...

Link to post
Share on other sites

  • Root Admin

Please run the following. You can copy the file over from a USB stick if needed. Please try to run from Normal Mode if possible if not then run it from Safe Mode.

Make sure you fully disable your antivirus before running as well.

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here: C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites

Hi,

Ok...I guess I can ask a silly question...am I suppose to try and do the above on the laptop that wont let me connect or do anything on?  Will it run this program on the laptop with the issues..getting a bit confused here...Im gonna study it and do it tomorrow when my head is clearer....only slept 1 hour since all of this...

you have been very helpful and have had alot of patience with,,,much appreciated...now if you guys would only make housecalls!  Will be looking for your answer...I guess I thought i would have to have an internet connection to run the above info you posted...

thanks again for putting up with my non techy mind...

nancy

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.