browdefender still there ...
Hi,
I am sorry. I didnt notice that you had replied. I ran the malwarebytes and it fixed two - 1 file and 1 registry. The file was a valid file that I use to see my wifi details not sure if it false alarm or was it really infected. Anyway I know where to download it so I will take it later. The systemlook results are more than I expected I just thought it was in one place but it seems to be in lot of places. Logs as requested. I am in GMT+1 zone and its almost 12:30 AM here. I may go to sleep and may not be able to post any replies immediately. Sorry. I will look at your response in morning and reply to it. Thanks for spending your sunday helping me out.
Malwarebytes log
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
Database version: v2013.06.23.06
Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]
Protection: Enabled
06/23/2013 11:49:02 PM
mbam-log-2013-06-23 (23-49-02).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 223641
Time elapsed: 9 minute(s), 2 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\Owner\Downloads\wirelesskeyview-x64.zip (PUP.WirelessKeyView) -> Quarantined and deleted successfully.
(end)
******************************************************
SystemLook Log
******************************************************
SystemLook 30.07.11 by jpshortstuff
Log created at 00:00 on 24/06/2013 by Owner
Administrator - Elevation successful
========== folderfind ==========
Searching for "BrowserDefender"
C:\ProgramData\BrowserDefender d------ [09:21 05/06/2013]
C:\Users\All Users\BrowserDefender d------ [09:21 05/06/2013]
========== filefind ==========
Searching for "BrowserDefender"
No files found.
========== regfind ==========
Searching for "BrowserDefender"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs]
"url4"="C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe"="Application Manager"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe"="Application Manager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
"DllName"="PCTBrowserDefender.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}]
"DllName"="PCTBrowserDefender.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68294DFC-01A7-400F-BC7D-B1527DBE3C5F}]
"Path"="\BrowserDefendert"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserDefendert]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
"DllName"="PCTBrowserDefender.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}]
"DllName"="PCTBrowserDefender.dll"
[HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000\Software\Microsoft\Internet Explorer\TypedURLs]
"url4"="C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe"="Application Manager"
[HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe"="Application Manager"
[HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe"="Application Manager"
[HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe"="Application Manager"
-= EOF =-
OTL log and blank white screen during pc boot
Hi,
I took a registry backup using ERUNT and ran the OTL run fix. The BrowserDefender folders have been deleted. I notice a new issue , whenever I restart / turn on the PC i get a blank white screen for about 30 seconds before my desktop appears. My laptop used to slow but I was able to see at least the wallpaper when the startup apps (like avast,adaware..) were starting but now its only a white screen and then after 20 or 30 seconds my wallpaper loads. This started appearing only from yesterday, is this because of malwarebytes anti malware installation or something normal during the cleanup process?
Thanks for the info about Wirelesskeyview. I live in a hostel like environment and we have lots of wifi's and I switch between rooms often so I use this to see the plain pwd and new roommates need these details often. If this application is sending back the info to server then I am worried but I dont think this app does any such thing.
********************************
OTL LOG
********************************
All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\BrowserDefender\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\BrowserDefender\ not found.
========== FILES ==========
C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings folder moved successfully.
C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension folder moved successfully.
C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8} folder moved successfully.
C:\ProgramData\BrowserDefender\2.6.1339.144 folder moved successfully.
C:\ProgramData\BrowserDefender folder moved successfully.
File\Folder C:\Users\All Users\BrowserDefender not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: AppData
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Owner
->Temp folder emptied: 168210 bytes
->Temporary Internet Files folder emptied: 2901425 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 5537992 bytes
->Google Chrome cache emptied: 18636826 bytes
->Flash cache emptied: 506 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 95006556 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 117.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 06242013_141746
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...