Win32.Bifrost registry key issue

[ken545]

Open OTL and click on Cleanup and it will remove most of the tools we used and there backups. It wont remove Malwarebytes , you have the free version and its yours to keep. Keep it updated and run a scan once a week or so.

• 
  How did I get infected in the first place ?
  Read these links and find out how to prevent getting infected again.
• Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.
• WhattheTech
• Grinler BleepingComputer
• GeeksTo Go
• Dslreports

Keep in mind if you install some of these programs. Only ONE Anti Virus and only ONE Firewall is recommended, more is overkill and can cause you problems. You can install all the Spyware programs I have listed without any problems. If you install Spyware Blaster and Spyware Guard, they will conflict with the TeaTimer in Spybot , you can still install Spybot Search and Destroy but do not enable the TeaTimer .

Here are some free programs to install, all free and highly regarded by the fine people in the Malware Removal Community

• Spybot Search and Destroy 1.6
  Check for Updates/ Immunize and run a Full System Scan on a regular basis. If you install Spyware Blaster ( Recommended ) then do not enable the TeaTimer in Spybot Search and Destroy.
  
• WinPatrol Keep this fine program activated to block a lot of threats
  
• Spyware Blaster It will prevent most spyware from ever being installed. No scan to run, just update about once a week and enable all protection.
  
• Spyware Guard It offers realtime protection from spyware installation attempts, again, no scan to run, just install it and let it do its thing.
  
• IE-Spyad
  IE-Spyad places over 6000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.
  
• Firefox 3 It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.

Safe Surfn
Ken

 

[3168osowskp]

One last thing. When I was looking at the startup items in msconfig, the C:\WINDOWS\windef\browser.exe is there, but there is no file at that location(because we deleted it). Just wondering if that matters at all. If not, Thank you for your help, it was very insightful. I appreciate your time.

 

[ken545]

Why don't you use msconfig and disable that entry. Just uncheck that box. Let me know how it went

 

[3168osowskp]

I have left it uncheck. I don't notice any difference either way(check or uncheck). I was just wondering if it mattered that there was still a path to a file we deleted.

 

[ken545]

I just looked over your logs , lets add this to the OTL fix, make sure you do another registry backup with ERUNT

Run OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  

  :OTL
  PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
  
  
  :Services
  
  :reg
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "UptSched"=-
  
  :Files
  
  
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• Then post the results of the log and a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

Then let me know if its gone

 

[3168osowskp]

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\UptSched deleted successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Gerald
->Temp folder emptied: 3719977 bytes
->Temporary Internet Files folder emptied: 1439469 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 46174766 bytes
->Flash cache emptied: 4208 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 68395008 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 37350 bytes

Total Files Cleaned = 114.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 12202010_195649

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

 

[3168osowskp]

I forgot to mention that it is gone now from msconfig.

 

[ken545]

Wonderful.

Merry Christmas and Happy New Year to you and your family

 

[3168osowskp]

Thank you again for your time. Happy holidays to you as well.

 

[ken545]

Your very welcome.

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.