Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

zippapromos

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

zippapromos

Unread postby bigjohn1 » May 28th, 2005, 6:43 am

I have downloaded something I cant get rid of. I asked on PC Advisor forum who directed me to this Forum. Sometimes a pop up comes up for zippapromos - someitme it is for games you can play and sometimes it has adult content. It keeps popping up randomly and my normal security wont get rid of it. Can anyone help?
bigjohn1
Active Member
 
Posts: 6
Joined: May 28th, 2005, 6:36 am
Advertisement
Register to Remove

Unread postby njustice » May 28th, 2005, 6:51 am

Hello,

Please download this self extracting file to your My Downloads folder or My Received Files (dependent on your Operating System):

http://www.merijn.org/files/hijackthis_sfx.exe

Click the "Save" button.

Navigate to My Documents>Chose My Downloads or My Received Files folder once inside that folder click "Save".

Now go to the folder you saved HijackThis_sfx.exe in.

Double click HijackThis_sfx.exe and select Unzip. When done click "OK".
Close the WinZip self Extractor window.

Navigate to C:\Program Files\HijackThis and double click HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, Ctrl-A to Select All, and paste Ctrl-V its contents here [Add Reply].

Most of what it lists will be harmless or even essential, don't fix anything yet.
njustice
Regular Member
 
Posts: 108
Joined: February 24th, 2005, 2:55 pm

Is this what you need to see?

Unread postby bigjohn1 » May 28th, 2005, 7:34 am

Logfile of HijackThis v1.99.1
Scan saved at 12:34:41, on 28/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\ZyXEL\ZyXEL USB ADSL\CnxDslTb.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\5736.exe
C:\PROGRA~1\HELPAN~1\Pavilion\XPEWWBF4\plugin\bin\pchbutton.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ArcSoft\Software Suite\Media Card Companion\MCC Monitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SpamPal\spampal.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.zpecialoffer.com/indexie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.zpecialoffer.com/indexie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.zpecialoffer.com/results.asp?keyword=%s
O2 - BHO: ICOOExternal Class - {0519A9C9-064A-4cbc-BC47-D0EACD581477} - C:\Program Files\ICOO Loader\addons\icooue.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ICOODManager Class - {465A59EC-20E5-4fca-A38A-E5EC3C480218} - C:\Program Files\ICOO Loader\addons\icoou.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {8E13DDE1-E013-47ec-9C4C-27C2F78BDD26} - C:\WINDOWS\system32\req.dll (file missing)
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PSDrvCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZyXEL\ZyXEL USB ADSL\CnxDslTb.exe" "ZyXEL\ZyXEL USB ADSL"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Apwheel] C:\WINDOWS\system32\5736.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPEWWBF4\plugin\bin\pchbutton.exe
O4 - Startup: SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Media Card Companion Monitor.lnk = C:\Program Files\ArcSoft\Software Suite\Media Card Companion\MCC Monitor.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {54C75FB0-6B8B-4278-BF7B-77036F15A69E} - http://akamai.downloadv3.com/binaries/P ... _EN_XP.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE6E0313-4EC4-4391-94B2-83320B25BB36}: NameServer = 195.184.228.6 195.184.228.7
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: req - C:\WINDOWS\system32\req.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
bigjohn1
Active Member
 
Posts: 6
Joined: May 28th, 2005, 6:36 am

Unread postby njustice » May 28th, 2005, 11:50 am

bigjohn1,

Hello! and welcome to our help forums.

===============

Go to www.trendmicro.com, and then:

1. Click "Free Online Scan".
2. Click "Scan now, it's free".

It'll take a few minutes to download (especially with a dialup connection), so be patient. When it's done:

1. Select all available drives.
2. Check(tick) "Auto Clean".
3. Click "Scan".

When it completes, copy the full filename of any files that cannot be cleaned or deleted and post them when your done with the following fix.


===============

Download, unzip to your desktop CWShredder and run it, then:

1. Click "Check For Update"

(If an update isn't available, skip to step #4.)

2. Click "Click here to Download the update".
3. When the new version has been downloaded, click "Save".
4. Click "Fix ->"


===============

Run HiJackThis and click "Scan", then check(tick) the following, if present:


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.zpecialoffer.com/indexie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.zpecialoffer.com/indexie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.zpecialoffer.com/results.asp?keyword=%s

O2 - BHO: ICOOExternal Class - {0519A9C9-064A-4cbc-BC47-D0EACD581477} - C:\Program Files\ICOO Loader\addons\icooue.dll
O2 - BHO: ICOODManager Class - {465A59EC-20E5-4fca-A38A-E5EC3C480218} - C:\Program Files\ICOO Loader\addons\icoou.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {8E13DDE1-E013-47ec-9C4C-27C2F78BDD26} - C:\WINDOWS\system32\req.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O16 - DPF: {54C75FB0-6B8B-4278-BF7B-77036F15A69E} - http://akamai.downloadv3.com/binaries/P ... _EN_XP.cab

O20 - Winlogon Notify: req - C:\WINDOWS\system32\req.dll (file missing)


Now, with all windows closed except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure your able to"view system and hidden files/folders":

folders...

C:\Program Files\ICOO Loader

-

Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them from "Safe Mode".

===============

Reboot your computer.

Post back a new log, report any problems and let me know how everything goes.

IMPORTANT! PLEASE do not restart your computer unless asked, restarting can reinfect your computer resulting in us starting the cleaning up process all over!

-

~Njustice~
njustice
Regular Member
 
Posts: 108
Joined: February 24th, 2005, 2:55 pm

Unread postby bigjohn1 » May 28th, 2005, 3:40 pm

done trendmicro.com, but 2 files cannot be cleaned or deleted:

JAVA BYTEVER.A-1
JAVA BYTEVER.A-1

it says they cannot be accessed
bigjohn1
Active Member
 
Posts: 6
Joined: May 28th, 2005, 6:36 am

The hijack now says after running those programs:

Unread postby bigjohn1 » May 28th, 2005, 5:09 pm

Logfile of HijackThis v1.99.1
Scan saved at 22:08:31, on 28/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\ZyXEL\ZyXEL USB ADSL\CnxDslTb.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\5736.exe
C:\PROGRA~1\HELPAN~1\Pavilion\XPEWWBF4\plugin\bin\pchbutton.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ArcSoft\Software Suite\Media Card Companion\MCC Monitor.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Program Files\SpamPal\spampal.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {8E13DDE1-E013-47ec-9C4C-27C2F78BDD26} - C:\WINDOWS\system32\req.dll (file missing)
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PSDrvCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZyXEL\ZyXEL USB ADSL\CnxDslTb.exe" "ZyXEL\ZyXEL USB ADSL"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Apwheel] C:\WINDOWS\system32\5736.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPEWWBF4\plugin\bin\pchbutton.exe
O4 - Startup: SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Media Card Companion Monitor.lnk = C:\Program Files\ArcSoft\Software Suite\Media Card Companion\MCC Monitor.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {54C75FB0-6B8B-4278-BF7B-77036F15A69E} - http://akamai.downloadv3.com/binaries/P ... _EN_XP.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE6E0313-4EC4-4391-94B2-83320B25BB36}: NameServer = 195.184.228.6 195.184.228.7
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: req - C:\WINDOWS\system32\req.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
bigjohn1
Active Member
 
Posts: 6
Joined: May 28th, 2005, 6:36 am

Unread postby njustice » May 28th, 2005, 8:16 pm

1.) Please download and install this disk cleanup utility called Cleanup! http://cleanup.stevengould.org/
It will get rid of any malware which may be hiding in your temp folders ( a common hiding place). You will also regain a massive amount of disk space.
Here is a tutorial which describes its usage:
Run the disk cleanup utility and check the custom settings to your liking under options, but be sure to delete temporary files and temporary internet files for all user profiles. Also, cleanout the prefetch folder and the recycle bin.


2.) Download and run the List Installed Programs script from here http://www.billsway.com/vbspage/ You will have to scroll about halfway down the page to find it. Run the script and post contents here in this thread.
njustice
Regular Member
 
Posts: 108
Joined: February 24th, 2005, 2:55 pm

Ive done both, and below is the script

Unread postby bigjohn1 » May 29th, 2005, 9:53 am

INSTALLED SOFTWARE (167) - YOUR-73751C030B - 29/05/2005 14:52:20

1300 Ver: 43.0.213.000 Installed: 25/12/2004
1300_Help Ver: 43.0.213.000 Installed: 25/12/2004
1300Trb Ver: 43.0.213.000 Installed: 25/12/2004
Ad-Aware SE Personal
Adobe Acrobat - Reader 6.0.2 Update Ver: 6.0.2 Installed: 04/10/2004
Adobe Reader 6.0.1 Ver: 006.000.001 Installed: 04/10/2004
Agere Systems PCI Soft Modem
AiO_Scan Ver: 43.0.213.000 Installed: 04/10/2004
AiOSoftware Ver: 43.0.213.000 Installed: 04/10/2004
ArcSoft Software Suite
ASAPI Update
Astro Man!
ATI Control Panel Ver: 6.14.10.5117
ATI Display Driver Ver: 8.041.1.1.1-040826a-017728C-HP
BreakQuest
Bubble Puzzle '97
BufferChm Ver: 43.1.5.000 Installed: 04/10/2004
Business Plan
bvtham
CameraDrivers Ver: 3.1.0 Installed: 04/10/2004
CC_ccProxyMSI Ver: 2.1.1.700 Installed: 01/01/2002
CC_ccStart Ver: 2.1.1.700 Installed: 01/01/2002
ccCommon Ver: 2.1.1.700 Installed: 01/01/2002
Clean 5 Ver: Clean 5
CleanUp!
Copy Ver: 43.1.5.000 Installed: 04/10/2004
Creative Driver
Creative MediaSource
CreativeProjects Ver: 43.1.5.000 Installed: 04/10/2004
CreativeProjectsTemplates Ver: 43.1.5.000 Installed: 04/10/2004
Cubasis VST 5
CueTour Ver: 43.1.5.000 Installed: 04/10/2004
Destinations Ver: 43.1.5.000 Installed: 04/10/2004
Director Ver: 43.1.5.000 Installed: 04/10/2004
DocProc Ver: 4.0.0.0 Installed: 04/10/2004
DocumentViewer Ver: 43.0.213.000 Installed: 04/10/2004
Driving Test Success 2002-2003 Ver: 6.01.0001 Installed: 16/01/2005
Easy Guitar
Easy Internet Sign-up Ver: FE UI-3.0.0.1236 Installed: 04/10/2004
Easy Internet Sign-up Ver: FE UI-3.0.0.1236 Installed: 04/10/2004
Fax Ver: 43.0.213.000 Installed: 04/10/2004
FinePixViewer Ver.4.2
FUJIFILM USB Driver
Hazard Perception Training 2002-2003 Ver: 6.01.0001 Installed: 16/01/2005
Help and Support Additions
High Definition Audio Driver Package - KB835221 Ver: 20040219.000000
HijackThis 1.99.1 Ver: 1.99.1
HP Deskjet Preloaded Printer Drivers Ver: 8.3.3.0 Installed: 04/10/2004
HP Diagnostic Assistant Ver: 1.0.0.0 Installed: 04/10/2004
HP Flat Panel Monitor INF Software 4.00
HP Image Zone 4.2 Ver: 4.2
HP Image Zone for Media Center PC Ver: 1.01.001 Installed: 04/10/2004
HP Image Zone Plus 4.2 Ver: 4.2
HP Photo & Imaging 3.5 - HP Devices Ver: 3.0
HP PSC & OfficeJet 4.0
HP Software Update Ver: 2.0.39.20040212 Installed: 04/10/2004
HP Tunes Ver: 1.00.6 Installed: 04/10/2004
hpg2436 Ver: 3.5.0.0 Installed: 04/10/2004
hpg3970 Ver: 3.5.0.0 Installed: 04/10/2004
hpg4600 Ver: 3.5.0.0 Installed: 04/10/2004
hpg5530 Ver: 3.5.0.0 Installed: 04/10/2004
hpg8200 Ver: 3.5.0.0 Installed: 04/10/2004
HPIZ402 Ver: 4.2.2.0 Installed: 04/10/2004
HpSdpAppCoreApp Ver: 3.00.0000 Installed: 04/10/2004
HPSystemDiagnostics Ver: 1.5.0.0 Installed: 04/10/2004
ICOO Loader 2.1
ImageMixer VCD2 for FinePix
InstantShare Ver: 4.0.0.40 Installed: 04/10/2004
InterVideo WinDVD Creator 2 Ver: 2.0.14.352
InterVideo WinDVD Player Ver: 5.0-B11.533
iTunes Ver: 4.6.0.15 Installed: 04/10/2004
iTunes Ver: 4.6.0.15 Installed: 04/10/2004
Jacky Bomb
Java 2 Runtime Environment, SE v1.4.2_03 Ver: 1.4.2_03 Installed: 04/10/2004
KBD
Label Editor Ver: 1.0.1.172 Installed: 12/25/2004
LiveReg (Symantec Corporation) Ver: 2.4.2.2295
LiveUpdate 2.6 (Symantec Corporation) Ver: 2.6.14.0
Master Unit
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.1 Ver: 1.1.4322 Installed: 04/10/2004
Microsoft AutoRoute v11.0 Ver: 11.00.18.1900 Installed: 14/12/2004
Microsoft Encarta Encyclopedia Standard - WE 2004 Ver: 2004 Installed: 14/12/2004
Microsoft Money Ver: 12.0.100 Installed: 14/12/2004
Microsoft Money System Pack Ver: 12.0.120 Installed: 14/12/2004
Microsoft Picture It! Photo Standard 9 Ver: 9.0.0.0000
Microsoft Picture It! Photo Standard 9 Ver: 9.0.0.0000 Installed: 14/12/2004
Microsoft Word 2002 Ver: 10.0.2627.01 Installed: 14/12/2004
Microsoft Works Ver: 07.03.0719 Installed: 14/12/2004
Microsoft Works 2004 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word Ver: 7.0.0.0000 Installed: 14/12/2004
MicroStaff WINASPI
Minigame Madness 2 Gold
MSRedist Ver: 1.0.0.0 Installed: 01/01/2002
Muon Tau MDrive
Norton AntiVirus 2004 Ver: 10.00.25 Installed: 01/01/2002
Norton AntiVirus 2004 (Symantec Corporation) Ver: 10.00.25
Norton AntiVirus Parent MSI Ver: 10.0.10 Installed: 01/01/2002
Norton Internet Security Ver: 5.2.1.207 Installed: 01/01/2002
Norton Internet Security Ver: 7.0.3.8 Installed: 01/01/2002
Norton Internet Security Ver: 7.0.3.8 Installed: 01/01/2002
Norton Internet Security Ver: 7.0.3.8 Installed: 01/01/2002
Norton Internet Security Ver: 7.0.3.8 Installed: 01/01/2002
Norton Internet Security Ver: 7.0.3.8 Installed: 01/01/2002
Norton Internet Security Ver: 7.0.3.8 Installed: 01/01/2002
Norton Personal Firewall Ver: 7.0.3.8 Installed: 01/01/2002
Norton Personal Firewall (Symantec Corporation) Ver: 7.0.3.8
Norton Security Center Ver: 2005.1.0.111 Installed: 01/01/2002
Norton WMI Update Ver: 2005.1.0.111 Installed: 01/01/2002
PC-Doctor for Windows
PhotoGallery Ver: 43.1.5.000 Installed: 04/10/2004
Photosmart 320,370,7400,8100,8400 Series Ver: 2.0
Pinnacle Hollywood FX
PrintScreen Ver: 43.1.5.000 Installed: 04/10/2004
ProductContext Ver: 43.0.213.000 Installed: 25/12/2004
PS2
PSPrinters06 Ver: 1.00.0000 Installed: 04/10/2004
Python 2.2 combined Win32 extensions
Python 2.2.1 Ver: 2.2.1
QFolder Ver: 1.00.0000 Installed: 04/10/2004
QuickProjects Ver: 43.1.5.000 Installed: 04/10/2004
QuickTime
RAW FILE CONVERTER LE
Readme Ver: 43.0.213.000 Installed: 04/10/2004
RealPlayer
Roxio Easy Media Creator 7 Basic DVD Edition Ver: 7.1.0.183 Installed: 25/12/2004
Scan Ver: 4.1.0.0 Installed: 04/10/2004
Shockwave
Shockwave Flash
SkinsHP1 Ver: 43.1.5.000 Installed: 04/10/2004
SkinsHP2 Ver: 5.35.0.043 Installed: 04/10/2004
Sonic Encoders Ver: 1.00 Installed: 04/10/2004
Sonic RecordNow! Ver: 7.22 Installed: 04/10/2004
Sound Blaster Audigy 2 ZS
SpamPal Ver: v1.588 Installed: 04/19/2005
Spybot - Search & Destroy 1.3 Ver: 1.3
SpySubtract
Studio 9 Ver: 9.1
Symantec Network Drivers Update Ver: 5.5.1.6 Installed: 01/05/2005
TrayApp Ver: 43.1.5.000 Installed: 04/10/2004
Unload Ver: 4.0.0 Installed: 04/10/2004
Visual J# .NET Redistributable Package Ver: 1.0.4205 Installed: 04/10/2004
WaveLab Lite Ver: 2.5.2.172 Installed: 12/25/2004
WebFldrs XP Ver: 9.50.7523 Installed: 04/10/2004
WebReg Ver: 43.1.5.000 Installed: 04/10/2004
Windows Installer 3.1 (KB893803) Ver: 3.1
Windows Installer 3.1 (KB893803) Ver: 3.1
Windows XP Hotfix - KB873333 Ver: 20050114.005213
Windows XP Hotfix - KB873339 Ver: 20041117.092459
Windows XP Hotfix - KB885250 Ver: 20050118.202711
Windows XP Hotfix - KB885835 Ver: 20041027.181713
Windows XP Hotfix - KB885836 Ver: 20041028.173203
Windows XP Hotfix - KB885884 Ver: 20040924.025457
Windows XP Hotfix - KB886185 Ver: 20041021.090540
Windows XP Hotfix - KB887472 Ver: 20041014.162858
Windows XP Hotfix - KB887742 Ver: 20041103.095002
Windows XP Hotfix - KB888113 Ver: 20041116.131036
Windows XP Hotfix - KB888302 Ver: 20041207.111426
Windows XP Hotfix - KB890175 Ver: 20041201.233338
Windows XP Hotfix - KB890859 Ver: 1
Windows XP Hotfix - KB890923 Ver: 1
Windows XP Hotfix - KB891781 Ver: 20050110.165439
Windows XP Hotfix - KB893066 Ver: 1
Windows XP Hotfix - KB893086 Ver: 1
WinPatrol
ZoneAlarm Ver: 5.5.062.011
ZyXEL USB ADSL
bigjohn1
Active Member
 
Posts: 6
Joined: May 28th, 2005, 6:36 am

Unread postby njustice » May 29th, 2005, 12:49 pm

Download "Registry Search Tool" (RegSrch.vbs) from here
http://www.billsway.com/vbspage/
start it and paste in bvtham, wait, hit ok.
Then when Wordpad opens, copy that back here please.
njustice
Regular Member
 
Posts: 108
Joined: February 24th, 2005, 2:55 pm

5 instances of bvtham found

Unread postby bigjohn1 » May 29th, 2005, 2:21 pm

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "bvtham" 29/05/2005 19:20:11

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"bvtham"="c:\\windows\\system32\\bvtham.exe -start"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bvtham]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bvtham]
"UninstallString"="c:\\windows\\system32\\bvtham.exe -uninstall"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bvtham]
"DisplayName"="bvtham"

[HKEY_USERS\S-1-5-21-158050370-1548101889-3777507259-1006\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\windows\\system32\\bvtham.exe"="bvtham"
bigjohn1
Active Member
 
Posts: 6
Joined: May 28th, 2005, 6:36 am

Unread postby njustice » May 29th, 2005, 2:28 pm

Step 1
Download and install Reglite It is an easy to use Registry editor and we will use it later on in the fix..

Please back up your registry, instructions here It is important to back up your registry before making any changes to it/

Step 2
Download Pocket Killbox from here: http://www.downloads.subratam.org/KillBox.zip

Unzip the files to a folder, then open and double-click on Killbox.exe to run it. In the "Paste Full Path of File to Delete" box, copy and paste the following:

C:\WINDOWS\System32\bvtham.exe


Check the box to delete on reboot and click the red X to the right. Click OK, then Yes to reboot now.

Allow it to reboot.

While the computer is booting up, tap F8 during bootup, use arrow keys to select Safe Mode, then hit 'enter'.


Step 3
Open RegLite and copy/paste the following string in the address window at the top then click go.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run


Right click the "bvtham"="c:\\windows\\system32\\bvtham.exe -start" value in the right pane and delete.

Then copy/paste the following into the address window and click go.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bvtham.exe

Right click the bvtham.exe key in the left pane and delete.

Exit Reglite.


Step 4
Open C:\Windows\Prefetch, select all and delete. (This will cause your computer to boot-up slower for the first few boots. Please do not be alarmed.)

Please delete your temporary files by deleting all files and folders that are in those folders (do not delete the temp folder itself) like for example
C:\WINDOWS\Temp\
C:\Temp\
C:\Documents and Settings\Every username\Local Settings\Temp\
Also delete your Temporary Internet Files (Start > Control Panel > Internet Options > Delete Files), be sure to also select delete all offline content.
Empty the Recycle Bin.


Step 5
Reboot normally and run at least two of the following online virus scans making sure to reboot in between each one. Allow them to fix anything they find.

TrendMicro HouseCall
eTrust AntiVirus Web Scanner
Panda ActiveScan
Bitdefender


Write down anything that can not be fixed.

Scan with HijackThis and post the new log as a reply to this thread. Include anything that can not be fixed by the online scans. Let us know if the popups stop.
Please let us know of any complications and how the computer is behaving.
njustice
Regular Member
 
Posts: 108
Joined: February 24th, 2005, 2:55 pm

Unread postby Nick-YF19 » June 8th, 2005, 10:55 pm

Whilst we appreciate that you may be busy, it has been 10 days or more since we heard from you.

Infections can change and fresh instructions will now need to be given. This topic is now closed, if you still require assistance then please start a new topic in the Malware Removal Forum

If you wish this topic reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid,
working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
Nick-YF19
Admin/Teacher Emeritus
 
Posts: 4036
Joined: May 17th, 2005, 12:42 am
Location: California
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 50 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware