wajam and browserdefender.exe

[ken545]

Good Morning,

Like I said before those entries are just in a cache, there harmless but lets try this and see if they will be removed

Again, back up your registry

REGEDIT4


[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"=""
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"=""
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68294DFC-01A7-400F-BC7D-B1527DBE3C5F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserDefendert]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}]
[HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"=""
[HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"=""
[HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"=""
[HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"=""

Copy the entire contents inside the Quote box and Paste it into Notepad ( this will only work with Notepad ) name the file Regfix.reg and in the drop down box, save it as All Files. Save it to your desktop. Then Rightclick on the Regfix.reg file and click on Merge, when it asks you to merge with the Registry, say yes.

If you saved the file correctly it should look like this

[shankar]

Good evening.. I did the registry merge and it seemed to work but not all entries were removed.

I ran the SystemLook and it came with fewer entries than before. Shall i delete these entries manually? I dont have any issues in running any other exes or code to get rid of these. I can wait for your instructions. But if this is not worth spending time and if you can help someone else in that time I can delete them manually.

SystemLook 30.07.11 by jpshortstuff
Log created at 21:10 on 26/06/2013 by Owner
Administrator - Elevation successful

========== folderfind ==========

Searching for "BrowserDefender"
C:\_OTL\MovedFiles\06252013_091604\C__OTL\MovedFiles\06242013_141746\C_ProgramData\BrowserDefender d------ [09:21 05/06/2013]

========== filefind ==========

Searching for "BrowserDefender"
No files found.

========== regfind ==========

Searching for "BrowserDefender"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe"="Application Manager"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe"="Application Manager"
[HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe"="Application Manager"
[HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe"="Application Manager"
[HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe"="Application Manager"
[HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe"="Application Manager"

-= EOF =-

[ken545]

All those entries are stored in both these places, those entries are not harmful , just a list of run programs, if you want to try and clear them out yourself , give it a shot. Looks like this program can do it for you

http://www.nirsoft.net/utils/muicache_view.html

HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache
HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache

[shankar]

At last the entries are now gone. Its not harmful but still I didnt want that in my computer The systemlook seems ok. Thanks very very much for your help and the time you spent helping me out. Is there any cleanup to be done. While you are still here, shall I restart the machine once and see if everything is normal and then remove the registry backups ?

SystemLook 30.07.11 by jpshortstuff
Log created at 22:59 on 26/06/2013 by Owner
Administrator - Elevation successful

========== folderfind ==========

Searching for "BrowserDefender"
C:\_OTL\MovedFiles\06252013_091604\C__OTL\MovedFiles\06242013_141746\C_ProgramData\BrowserDefender d------ [09:21 05/06/2013]

========== filefind ==========

Searching for "BrowserDefender"
No files found.

========== regfind ==========

Searching for "BrowserDefender"
No data found.

-= EOF =-

[ken545]

shankar,

That's great. Let me tell ya, been at this for over 12 years and have worked with so many people and working with you has been a pleasure.


We need to update your Java to keep you more secure

1. Go to your Control Panel and click on the Java Icon ( looks like a little coffee cup ) click on About and you should have Version 7 Update 25, if not proceed with the instructions.
   
2. Go to the update Tab and update it
3. Important, during the upgrade UNCHECK ASK TOOL BAR. ( you do not need or want this )
   
4. Then go to your Add Remove Programs (WIN XP) or Programs and Features (Vista / Win 7) in the Control Panel and uninstall all previous versions.

You can verify the installation Here




Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.


Malwarebytes is the free version and yours to keep and will not be removed

• How did I get infected in the first place ?
  Read these links and find out how to prevent getting infected again.
• Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.
• WhattheTech
• Grinler BleepingComputer
• GeeksTo Go
• Dslreports

Safe Surfn
Ken

[ken545]

Forgot to mention,

Open up Spybot Search and Destroy and go to the Recovery Folder and remove everything thats in there

Ken

[shankar]

Hi Ken,

All working fine. I have updated java and uninstalled the older version. OTL cleanup done. Spybot recovery files removal done. System restore done. Have to remove ad-aware. I even ran the SystemLook today to see if something appears All perfect and fine....

I am really thankful to you Thanks for your help and the compliments as well , will print it A3 size and hang it my room . The link to WhatTheTech page is broken. You are checking me if I am still following your instructions...right? I am still following your instructions Ken...

I had a look at the threads that I started in this forum. 1st was in 2007 then 2010 and now 2013. So, I may be back by 2016 - just to say Hi ! You take care and happy helping..let me know if I can help you...anytime..Have a good day..bye...

[ken545]

Thanks for your help and the compliments as well , will print it A3 size and hang it my room .

The WhattheTech link worked for me
http://forums.whatthetech.com/index.php?showtopic=57817

Well, you most likely will do well, seems like you know your way around windows fairly well and you have your head on straight.

Just be careful surfing around, the threats are never ending, there are some that are uncleanable, the only alternative is to format, reinstall windows, not a lot of fun

Take care my friend.

Ken