From Andy:
its possibly detecting some registry entries that
may be still there here's some info on it,it may look
like alot of work but this is for all the variants of
huntbar so if you know which one you can go straight to
that one also running spybot and adaware in safe mode may
help get rid of this
Double check for these :
HuntBar/Side may put an entry called 'MSIETS' in the
Control Panel's Add/Remove Programs option, which should
remove this variant.
HuntBar/SToolbar puts an entry called 'Search Toolbar' in
Add/Remove Programs, which should work (though it
requires an internet connection).
HuntBar/WinTools has an entry for 'Web Search Toolbar'
along with at least one entry called 'Win-Tools Easy
Installer', all of which need to be used to remove the
software. An internet connection is needed to complete
the uninstallation; you must also ignore the software's
pleas to be allowed to continue (pay attention to the
potentially confusing action buttons).
Manual removal
WinTools variant
The WinTools variant cannot be removed in the normal
desktop because each of the three processes, plus a BHO,
keep each other alive when you try to stop them. So you
will need to use Safe Mode.
To get to Safe Mode, press the F8 key just as Windows is
about to boot. If you use a multiboot system, this is the
point where the boot menu appears; if not, just keep
tapping F8 as the machine boots until the menu appears.
Open the registry (click 'Start', choose 'Run',
enter 'regedit') and find the key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on.
Select the subkey 'Run' and delete the 'WinTools' entry
on the right. If there is still a 'TB_setup' or 'TBPS'
entry here, delete that too.
Next, select the subkey 'Explorer\Browser Helper
Objects', delete the whole subkey with the
name '{87766247-311C-43B4-8499-3D5FEC94A183}'. Finally,
find the key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services and
delete the WinToolsSvc subkey. Reboot normally.
All variants
Open a DOS command prompt window (from Start->Programs-
Accessories), and enter the following commands.
with these put copy and past the first line in cd"%windir
etc.. into the dos prompt screen then press enter then
copy and past the second line in which starts regsvr32
and ends with .dll"
For HuntBar/TS:
cd "%WinDir%\System"
regsvr32 /u "\Program Files\Common
Files\MSIETS\msiets.dll"
For HuntBar/Side and HuntBar/MSLink, enter:
cd "%WinDir%\System"
regsvr32 /u "\Program Files\Common
Files\MSIETS\msielink.dll"
For HuntBar/BTLink, enter:
cd "%WinDir%\System"
regsvr32 /u "\Program Files\Common
Files\BTLINK\btlink.dll"
For HuntBar/MSIn, enter:
cd "%WinDir%\System"
regsvr32 /u msiein.dll
For HuntBar/BTIn, enter:
cd "%WinDir%\System"
regsvr32 /u btiein.dll
For HuntBar/SToolbar, enter:
cd "%WinDir%\System"
regsvr32 /u "\Program Files\Search Toolbar\SToolbar.dll"
For HuntBar/WinTools, enter:
cd "%WinDir%\System"
regsvr32 /u "\Program Files\Common
Files\WinTools\WToolsB.dll"
regsvr32 /u "\Program Files\Common
Files\WinTools\btiein.dll"
regsvr32 /u "\Program Files\Toolbar\toolbar.dll"
File deletion
Having done this you can reboot the machine and delete
the HuntBar files. Open the 'Common Files' folder inside
Program Files. For the TS, Side, MSLink variants,
delete 'MSIETS'; for the BTLink variant delete 'BTLINK';
for the WinTools variant delete 'WinTools'.
Go back to the Program Files folder and delete 'Search
Toolbar' (SToolbar variant) or 'Toolbar' (WinTools
variant). Finally, open the System folder (inside the
Windows folder, called 'System32' under Windows
NT/2000/XP/2003) and delete 'msiein.dll' (MSIn variant)
or 'btiein.dll' (BTIn variant).
Other traces
You can also open 'Downloaded Program Files' in the
Windows folder and delete the entry '{8A05273A-2EA5-42DE-
AA75-59EA7D9D50D7}', '{59450DB0-341D-4436-B380-
B8377D8B6796}', '{D6E66235-7AA6-44ED-A06C-6F2033B1D993}'
or '{26E8361F-BCE7-4F75-A347-98C88B418322}', if you
received HuntBar through a drive-by download.
To clean up, you can also open the registry
(click 'Start', choose 'Run', enter 'regedit') and delete
any of the
subkeys 'MSIETS', 'MSIEIN', 'MSLINK', 'BTIEIN', 'BTLINK',
'Search Toolbar' and 'WinTools' in the Software subkey of
both HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER.
For WinTools, you can also delete the keys inside
HKEY_CLASSES_ROOT\CLSID with numbers {26E8361F-BCE7-4F75-
A347-98C88B418322} and {87067F04-DE4C-4688-BC3C-
4FCF39D609E7}. Inside HKEY_CLASSES_ROOT\PROTOCOLS, the
Name-Space Handler\res\WToolsB.ResProtocol key can also
go.
Next, open
Microsoft\Windows\CurrentVersion\Installer\UserData in
HKEY_LOCAL_MACHINE\Software, and delete the 'AUI'
and 'STO' subkeys, and the 'TUID' entry.
Finally (phew!) you may want to delete the shortcuts the
HuntBar/Side and TS variants add to the desktop, start
menu and favourites menu, and reset your search and home
pages back to normal (Tools->Internet Options->Programs-
Good Luck
Andy
--
Andre
Extended64 |
http://www.extended64.com
Blog |
http://www.extended64.com/blogs/andre
http://spaces.msn.com/members/adacosta
FAQ for MS AntiSpy
http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm