wajam and browserdefender.exe

[shankar]

files removed...registry entries present

Hi,

Seems there are some registry entries

SystemLook 30.07.11 by jpshortstuff
Log created at 21:57 on 24/06/2013 by Owner
Administrator - Elevation successful

========== folderfind ==========

Searching for "BrowserDefender"
C:\_OTL\MovedFiles\06242013_141746\C_ProgramData\BrowserDefender d------ [09:21 05/06/2013]

========== filefind ==========

Searching for "BrowserDefender"
No files found.

========== regfind ==========

Searching for "BrowserDefender"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs]
"url4"="C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe"="Application Manager"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe"="Application Manager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
"DllName"="PCTBrowserDefender.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}]
"DllName"="PCTBrowserDefender.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68294DFC-01A7-400F-BC7D-B1527DBE3C5F}]
"Path"="\BrowserDefendert"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserDefendert]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
"DllName"="PCTBrowserDefender.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}]
"DllName"="PCTBrowserDefender.dll"
[HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000\Software\Microsoft\Internet Explorer\TypedURLs]
"url4"="C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe"="Application Manager"
[HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe"="Application Manager"
[HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe"="Application Manager"
[HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe"="Application Manager"

-= EOF =-

 

[ken545]

Thanks for sticking with me through this, this should be the last of it. The registry entries are not harmful, more clutter than anything else


Again, back up your registry with ERUNT, then run an OTL fix with this script

Open OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  

  :OTL
  
  :Services
  
  :Reg
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs]
  "url4""=""
  
  [HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
  ""=""
  
  [HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
  ""=""
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
  
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}]
  
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68294DFC-01A7-400F-BC7D-B1527DBE3C5F}]
  
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserDefendert]
  
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
  
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}]
  
  [HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000\Software\Microsoft\Internet Explorer\TypedURLs]
  "url4""=""
  
  [HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
  ""=""
  [HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
  ""=""
  [HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
  ""=""
  [HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
  ""=""
  
  :Files
  C:\_OTL\MovedFiles\06242013_141746\C_ProgramData\BrowserDefender
  
  
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

• Then click the Run Fix button at the top. <--Not run Scan
• Let the program run unhindered, reboot when it is done
• Then post the results of the log it produces

 

[ken545]

If you have not run the fix yet just hang on a bit, I may need to add something

 

[ken545]

Fix away, dont forget to back up with ERUNT first

 

[shankar]

otl fix logs

Hi,

I took a backup with ERUNT and ran OTL fix. I copied the contents into OTL just few minutes before so I guess I used the latest. Logs below.

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs\\"url4""|"" /E : value set successfully!
HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\""|"" /E : value set successfully!
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\""|"" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68294DFC-01A7-400F-BC7D-B1527DBE3C5F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68294DFC-01A7-400F-BC7D-B1527DBE3C5F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserDefendert\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000\Software\Microsoft\Internet Explorer\TypedURLs\\"url4""|"" /E : value set successfully!
HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\""|"" /E : value set successfully!
HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\""|"" /E : value set successfully!
HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\""|"" /E : value set successfully!
HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\""|"" /E : value set successfully!
========== FILES ==========
C:\_OTL\MovedFiles\06242013_141746\C_ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings folder moved successfully.
C:\_OTL\MovedFiles\06242013_141746\C_ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension folder moved successfully.
C:\_OTL\MovedFiles\06242013_141746\C_ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8} folder moved successfully.
C:\_OTL\MovedFiles\06242013_141746\C_ProgramData\BrowserDefender\2.6.1339.144 folder moved successfully.
C:\_OTL\MovedFiles\06242013_141746\C_ProgramData\BrowserDefender folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 528217 bytes
->Temporary Internet Files folder emptied: 2114511 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 5410720 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 506 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 94994054 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 98.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 06252013_091604

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

[ken545]

Great, go ahead and run the same script as you did last time with SystemLook and let me take one more peak

 

[shankar]

still in registry

Hi,

The entries are still in registry. Shall i try OTL in safe mode?

SystemLook 30.07.11 by jpshortstuff
Log created at 15:20 on 25/06/2013 by Owner
Administrator - Elevation successful

========== folderfind ==========

Searching for "BrowserDefender"
C:\_OTL\MovedFiles\06252013_091604\C__OTL\MovedFiles\06242013_141746\C_ProgramData\BrowserDefender d------ [09:21 05/06/2013]

========== filefind ==========

Searching for "BrowserDefender"
No files found.

========== regfind ==========

Searching for "BrowserDefender"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs]
"url4"="C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe"="Application Manager"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe"="Application Manager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
"DllName"="PCTBrowserDefender.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}]
"DllName"="PCTBrowserDefender.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68294DFC-01A7-400F-BC7D-B1527DBE3C5F}]
"Path"="\BrowserDefendert"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserDefendert]
[HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000\Software\Microsoft\Internet Explorer\TypedURLs]
"url4"="C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe"="Application Manager"
[HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe"="Application Manager"
[HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe"="Application Manager"
[HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe"="Application Manager"

-= EOF =-

 

[ken545]

Those are the same entries that where removed, has to be a fluke of some sort. Drag the or any SystemLook reports to the trash , reboot your system and rerun a new scan with SystemLook

ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.

1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
   ESET OnlineScan
2. Click the
   
   button.
3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
   1. Click on
      
      to download the ESET Smart Installer. Save it to your desktop.
   2. Double click on the
      
      icon on your desktop.
4. Check
   
5. Click the
   
   button.
6. Accept any security warnings from your browser.
7. Check
   
8. Make sure that the option "Remove found threats" is Unchecked
9. Push the Start button.
10. ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
11. When the scan completes, push
    
12. Push
    
    , and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
13. Push the
    
    button.
14. Push
    

Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.

 

[ken545]

If you have not run ESET yet thats fine, we like to run it as a final check but we can do that later.

After you deleted the SystemLook logs and rebooted, first do this

Open Internet Explorer and go to Tools > Delete Browsing History and delete Temp Files, Cookies and History, but before you do this and remove cookies, make sure you have username and passwords for sites you frequent and need to access as removing cookies will delete this info

Then close IE and run a new scan with SystemLook, same script as before

 

[shankar]

cleared IE history. still in registry.

Hi,

I ran ESET overnight and cleared IE history today morning. Ran system look today and the entires are not yet removed. Tried in safemode also still unable to remove the entries.

************************************
ESET LOG
************************************

C:\ProgramData\Spybot - Search & Destroy\Recovery\iCrossRider20.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\iCrossRider20.zip Win32/Bagle.gen.zip worm


************************************
SYSTEM LOOK LOG
************************************
SystemLook 30.07.11 by jpshortstuff
Log created at 06:58 on 26/06/2013 by Owner
Administrator - Elevation successful

========== folderfind ==========

Searching for "BrowserDefender"
C:\_OTL\MovedFiles\06252013_091604\C__OTL\MovedFiles\06242013_141746\C_ProgramData\BrowserDefender d------ [09:21 05/06/2013]

========== filefind ==========

Searching for "BrowserDefender"
No files found.

========== regfind ==========

Searching for "BrowserDefender"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe"="Application Manager"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe"="Application Manager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
"DllName"="PCTBrowserDefender.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}]
"DllName"="PCTBrowserDefender.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68294DFC-01A7-400F-BC7D-B1527DBE3C5F}]
"Path"="\BrowserDefendert"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserDefendert]
[HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe"="Application Manager"
[HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe"="Application Manager"
[HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe"="Application Manager"
[HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe"="Application Manager"

-= EOF =-

 

[ken545]

Good Morning,

Like I said before those entries are just in a cache, there harmless but lets try this and see if they will be removed

Again, back up your registry

REGEDIT4


[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"=""
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"=""
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68294DFC-01A7-400F-BC7D-B1527DBE3C5F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserDefendert]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}]
[HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"=""
[HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"=""
[HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"=""
[HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"=""

Copy the entire contents inside the Quote box and Paste it into Notepad ( this will only work with Notepad ) name the file Regfix.reg and in the drop down box, save it as All Files. Save it to your desktop. Then Rightclick on the Regfix.reg file and click on Merge, when it asks you to merge with the Registry, say yes.

If you saved the file correctly it should look like this

 

[shankar]

removed few entries...

Good evening.. I did the registry merge and it seemed to work but not all entries were removed.

I ran the SystemLook and it came with fewer entries than before. Shall i delete these entries manually? I dont have any issues in running any other exes or code to get rid of these. I can wait for your instructions. But if this is not worth spending time and if you can help someone else in that time I can delete them manually.

SystemLook 30.07.11 by jpshortstuff
Log created at 21:10 on 26/06/2013 by Owner
Administrator - Elevation successful

========== folderfind ==========

Searching for "BrowserDefender"
C:\_OTL\MovedFiles\06252013_091604\C__OTL\MovedFiles\06242013_141746\C_ProgramData\BrowserDefender d------ [09:21 05/06/2013]

========== filefind ==========

Searching for "BrowserDefender"
No files found.

========== regfind ==========

Searching for "BrowserDefender"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe"="Application Manager"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe"="Application Manager"
[HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe"="Application Manager"
[HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe"="Application Manager"
[HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe"="Application Manager"
[HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe"="Application Manager"

-= EOF =-

 

[ken545]

All those entries are stored in both these places, those entries are not harmful , just a list of run programs, if you want to try and clear them out yourself , give it a shot. Looks like this program can do it for you

http://www.nirsoft.net/utils/muicache_view.html

HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache
HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache

 

[shankar]

not in the list...

:bigthumb:

At last the entries are now gone. Its not harmful but still I didnt want that in my computer The systemlook seems ok. Thanks very very much for your help and the time you spent helping me out. Is there any cleanup to be done. While you are still here, shall I restart the machine once and see if everything is normal and then remove the registry backups ?

SystemLook 30.07.11 by jpshortstuff
Log created at 22:59 on 26/06/2013 by Owner
Administrator - Elevation successful

========== folderfind ==========

Searching for "BrowserDefender"
C:\_OTL\MovedFiles\06252013_091604\C__OTL\MovedFiles\06242013_141746\C_ProgramData\BrowserDefender d------ [09:21 05/06/2013]

========== filefind ==========

Searching for "BrowserDefender"
No files found.

========== regfind ==========

Searching for "BrowserDefender"
No data found.

-= EOF =-

 

[ken545]

shankar,

That's great. Let me tell ya, been at this for over 12 years and have worked with so many people and working with you has been a pleasure. :bigthumb:


We need to update your Java to keep you more secure

1. Go to your Control Panel and click on the Java Icon ( looks like a little coffee cup ) click on About and you should have Version 7 Update 25, if not proceed with the instructions.
   
2. Go to the update Tab and update it
3. Important, during the upgrade UNCHECK ASK TOOL BAR. ( you do not need or want this )
   
4. Then go to your Add Remove Programs (WIN XP) or Programs and Features (Vista / Win 7) in the Control Panel and uninstall all previous versions.

You can verify the installation Here




Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.


Malwarebytes is the free version and yours to keep and will not be removed

• 
  How did I get infected in the first place ?
  Read these links and find out how to prevent getting infected again.
• Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.
• WhattheTech
• Grinler BleepingComputer
• GeeksTo Go
• Dslreports

Safe Surfn
Ken

 

[ken545]

Forgot to mention,

Open up Spybot Search and Destroy and go to the Recovery Folder and remove everything thats in there

Ken

 

[shankar]

bye....

Hi Ken,

All working fine. I have updated java and uninstalled the older version. OTL cleanup done. Spybot recovery files removal done. System restore done. Have to remove ad-aware. I even ran the SystemLook today to see if something appears All perfect and fine....

I am really thankful to you :thanks: Thanks for your help and the compliments as well , will print it A3 size and hang it my room . The link to WhatTheTech page is broken. You are checking me if I am still following your instructions...right? I am still following your instructions Ken...

I had a look at the threads that I started in this forum. 1st was in 2007 then 2010 and now 2013. So, I may be back by 2016 - just to say Hi ! You take care and happy helping..let me know if I can help you...anytime..Have a good day..bye...

 

[ken545]

Thanks for your help and the compliments as well , will print it A3 size and hang it my room .

The WhattheTech link worked for me
http://forums.whatthetech.com/index.php?showtopic=57817

Well, you most likely will do well, seems like you know your way around windows fairly well and you have your head on straight.

Just be careful surfing around, the threats are never ending, there are some that are uncleanable, the only alternative is to format, reinstall windows, not a lot of fun

Take care my friend.

Ken