Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 38

Thread: wajam and browserdefender.exe

  1. #21
    Member
    Join Date
    Sep 2007
    Posts
    42

    Default files removed...registry entries present

    Hi,

    Seems there are some registry entries :(

    SystemLook 30.07.11 by jpshortstuff
    Log created at 21:57 on 24/06/2013 by Owner
    Administrator - Elevation successful

    ========== folderfind ==========

    Searching for "BrowserDefender"
    C:\_OTL\MovedFiles\06242013_141746\C_ProgramData\BrowserDefender d------ [09:21 05/06/2013]

    ========== filefind ==========

    Searching for "BrowserDefender"
    No files found.

    ========== regfind ==========

    Searching for "BrowserDefender"
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs]
    "url4"="C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
    [HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe"="Application Manager"
    [HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe"="Application Manager"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
    "DllName"="PCTBrowserDefender.dll"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}]
    "DllName"="PCTBrowserDefender.dll"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68294DFC-01A7-400F-BC7D-B1527DBE3C5F}]
    "Path"="\BrowserDefendert"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserDefendert]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
    "DllName"="PCTBrowserDefender.dll"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}]
    "DllName"="PCTBrowserDefender.dll"
    [HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000\Software\Microsoft\Internet Explorer\TypedURLs]
    "url4"="C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
    [HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe"="Application Manager"
    [HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe"="Application Manager"
    [HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe"="Application Manager"
    [HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe"="Application Manager"

    -= EOF =-

  2. #22
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Thanks for sticking with me through this, this should be the last of it. The registry entries are not harmful, more clutter than anything else


    Again, back up your registry with ERUNT, then run an OTL fix with this script

    Open OTL.exe
    • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

      Code:
      :OTL
      
      :Services
      
      :Reg
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs]
      "url4""=""
      
      [HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
      ""=""
      
      [HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
      ""=""
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
      
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}]
      
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68294DFC-01A7-400F-BC7D-B1527DBE3C5F}]
      
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserDefendert]
      
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
      
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}]
      
      [HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000\Software\Microsoft\Internet Explorer\TypedURLs]
      "url4""=""
      
      [HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
      ""=""
      [HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
      ""=""
      [HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
      ""=""
      [HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
      ""=""
      
      :Files
      C:\_OTL\MovedFiles\06242013_141746\C_ProgramData\BrowserDefender
      
      
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Then click the Run Fix button at the top. <--Not run Scan
    • Let the program run unhindered, reboot when it is done
    • Then post the results of the log it produces
    Last edited by ken545; 2013-06-25 at 04:29.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #23
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    If you have not run the fix yet just hang on a bit, I may need to add something
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  4. #24
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Fix away, dont forget to back up with ERUNT first
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  5. #25
    Member
    Join Date
    Sep 2007
    Posts
    42

    Default otl fix logs

    Hi,

    I took a backup with ERUNT and ran OTL fix. I copied the contents into OTL just few minutes before so I guess I used the latest. Logs below.

    All processes killed
    ========== OTL ==========
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs\\"url4""|"" /E : value set successfully!
    HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\""|"" /E : value set successfully!
    HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\""|"" /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68294DFC-01A7-400F-BC7D-B1527DBE3C5F}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68294DFC-01A7-400F-BC7D-B1527DBE3C5F}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserDefendert\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
    HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000\Software\Microsoft\Internet Explorer\TypedURLs\\"url4""|"" /E : value set successfully!
    HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\""|"" /E : value set successfully!
    HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\""|"" /E : value set successfully!
    HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\""|"" /E : value set successfully!
    HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\""|"" /E : value set successfully!
    ========== FILES ==========
    C:\_OTL\MovedFiles\06242013_141746\C_ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings folder moved successfully.
    C:\_OTL\MovedFiles\06242013_141746\C_ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension folder moved successfully.
    C:\_OTL\MovedFiles\06242013_141746\C_ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8} folder moved successfully.
    C:\_OTL\MovedFiles\06242013_141746\C_ProgramData\BrowserDefender\2.6.1339.144 folder moved successfully.
    C:\_OTL\MovedFiles\06242013_141746\C_ProgramData\BrowserDefender folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: AppData

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Owner
    ->Temp folder emptied: 528217 bytes
    ->Temporary Internet Files folder emptied: 2114511 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 5410720 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 506 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 94994054 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 98.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 06252013_091604

    Files\Folders moved on Reboot...

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...

  6. #26
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Great, go ahead and run the same script as you did last time with SystemLook and let me take one more peak
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  7. #27
    Member
    Join Date
    Sep 2007
    Posts
    42

    Default still in registry

    Hi,

    The entries are still in registry. Shall i try OTL in safe mode?

    SystemLook 30.07.11 by jpshortstuff
    Log created at 15:20 on 25/06/2013 by Owner
    Administrator - Elevation successful

    ========== folderfind ==========

    Searching for "BrowserDefender"
    C:\_OTL\MovedFiles\06252013_091604\C__OTL\MovedFiles\06242013_141746\C_ProgramData\BrowserDefender d------ [09:21 05/06/2013]

    ========== filefind ==========

    Searching for "BrowserDefender"
    No files found.

    ========== regfind ==========

    Searching for "BrowserDefender"
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs]
    "url4"="C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
    [HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe"="Application Manager"
    [HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe"="Application Manager"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
    "DllName"="PCTBrowserDefender.dll"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}]
    "DllName"="PCTBrowserDefender.dll"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68294DFC-01A7-400F-BC7D-B1527DBE3C5F}]
    "Path"="\BrowserDefendert"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserDefendert]
    [HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000\Software\Microsoft\Internet Explorer\TypedURLs]
    "url4"="C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
    [HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe"="Application Manager"
    [HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe"="Application Manager"
    [HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe"="Application Manager"
    [HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe"="Application Manager"

    -= EOF =-

  8. #28
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Those are the same entries that where removed, has to be a fluke of some sort. Drag the or any SystemLook reports to the trash , reboot your system and rerun a new scan with SystemLook

    ESET Online Scanner
    I'd like us to scan your machine with ESET OnlineScan

    *Note
    It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
    Please don't go surfing while your resident protection is disabled!
    Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



    1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    2. Click the button.
    3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      1. Click on to download the ESET Smart Installer. Save it to your desktop.
      2. Double click on the icon on your desktop.
    4. Check
    5. Click the button.
    6. Accept any security warnings from your browser.
    7. Check
    8. Make sure that the option "Remove found threats" is Unchecked
    9. Push the Start button.
    10. ESET will then download updates for itself, install itself, and begin
      scanning your computer. Please be patient as this can take some time.
    11. When the scan completes, push
    12. Push , and save the file to your desktop using a unique name, such as
      ESETScan. Include the contents of this report in your next reply.
    13. Push the button.
    14. Push
    Please make sure you include the following items in your next post:
    The log that was produced after running ESET Online Scanner.
    Last edited by ken545; 2013-06-25 at 23:45.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  9. #29
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    If you have not run ESET yet thats fine, we like to run it as a final check but we can do that later.

    After you deleted the SystemLook logs and rebooted, first do this

    Open Internet Explorer and go to Tools > Delete Browsing History and delete Temp Files, Cookies and History, but before you do this and remove cookies, make sure you have username and passwords for sites you frequent and need to access as removing cookies will delete this info

    Then close IE and run a new scan with SystemLook, same script as before
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  10. #30
    Member
    Join Date
    Sep 2007
    Posts
    42

    Default cleared IE history. still in registry.

    Hi,

    I ran ESET overnight and cleared IE history today morning. Ran system look today and the entires are not yet removed. Tried in safemode also still unable to remove the entries.

    ************************************
    ESET LOG
    ************************************

    C:\ProgramData\Spybot - Search & Destroy\Recovery\iCrossRider20.zip Win32/Bagle.gen.zip worm
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\iCrossRider20.zip Win32/Bagle.gen.zip worm


    ************************************
    SYSTEM LOOK LOG
    ************************************
    SystemLook 30.07.11 by jpshortstuff
    Log created at 06:58 on 26/06/2013 by Owner
    Administrator - Elevation successful

    ========== folderfind ==========

    Searching for "BrowserDefender"
    C:\_OTL\MovedFiles\06252013_091604\C__OTL\MovedFiles\06242013_141746\C_ProgramData\BrowserDefender d------ [09:21 05/06/2013]

    ========== filefind ==========

    Searching for "BrowserDefender"
    No files found.

    ========== regfind ==========

    Searching for "BrowserDefender"
    [HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe"="Application Manager"
    [HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe"="Application Manager"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
    "DllName"="PCTBrowserDefender.dll"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}]
    "DllName"="PCTBrowserDefender.dll"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68294DFC-01A7-400F-BC7D-B1527DBE3C5F}]
    "Path"="\BrowserDefendert"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserDefendert]
    [HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe"="Application Manager"
    [HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe"="Application Manager"
    [HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe"="Application Manager"
    [HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe"="Application Manager"

    -= EOF =-

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •