Fixed. for the most part.
Downloaded and Ran RegScrubXP, great program, completely free.
www.majorgeeks.com search for it. then i had to the following to get rid of Software\BTIEIN registry key:
Courtesy of Computer Cops
Just1vet
Cadet
Joined: Jan 14, 2004
Posts: 1
Location: USA
Posted: Wed Jan 14, 2004 7:31 pm Post subject:
--------------------------------------------------------------------------------
Whew, is that a stuborn one or what. OK, here is how to delete that entry. On NT,2000 or XP head into your system32 folder run regedt32.exe.
Find that worthless BTIEIN registry. On XP do a right click and go to permissions. Now the one that I just had my battle with was on an NT4 machine, so what worked with it may not on XP.
Right click on permissions, click Advance and go to ownership. First I would try to take ownership, On NT4 that didn't work but I am hoping XP may be different. After taking ownership try to delete it. If that doesn't work head back into permissions/add and on the NT4 I added "Any Authorized User" to be in control of that registry.
Now once again stressing the point this was NT4 The directory looked something like this
btiein/btiein/taskdata
For some reason I had to delete out that taskdata first (when I clicked on it through the standard regedit it would give me an error message) than I deleted the other 2 without any problem.
I hit this turkey with every tool I could think of, several different reg cleaners, and it was impervious. Spybot would just keep asking to run on reboot but would not nail it and it did not show up on Hijack This.
I did notice everytime I had to boot the system another huntbar.zip file would show up that I deleted and that was with all the known .dll's removed. So something is hiding deep.
I hope someone out there with more brains than me can figure out how they protected this thing. In the permission area there was a "Global Mod" added in the group. I don't know whether or not this was from them or something that came down through our own policy pushdowns.
Hope this helps. Regedit will just laugh at this one.