Wintools can be a nightmare to remove because there are
three executables running at startup. These processes
interact to stop each other from being killed, preventing
removal of the software.
Try this fix by symantec for this
http://securityresponse.symantec.com/avcenter/FxWebsch.exe
Save to desktop.open and run a scan (also run this fix
tool in safe mode)
Check Add/remove screen for these and remove if found:
Toolbar
WinTools
WebOffer
Web Search Toolbar
Win-Tools Easy Installer
Manual Removal : (If you need to remove the manually copy
this to notepad and save it so you can still use it in
safe mode)
WinTools cannot be removed in normal mode because of each
of the three processes, plus a BHO, keep each other alive
when you try to stop them. So you will need to use Safe
Mode.
To get to Safe Mode, press the F8 key just as Windows is
about to boot. keep tapping F8 as the machine boots until
the menu appears.
Open the registry
click Start, choose Run, enter
regedit
and find the key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Run
and delete the
'WinTools' entry on the right.
If there is still a 'TB_setup' or 'TBPS' entry here,
delete that too.
Next, select the subkey 'Explorer\Browser Helper
Objects', delete the whole subkey with the name
{87766247-311C-43B4-8499-3D5FEC94A183}
find the key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services and
delete the WinToolsSvc subkey.
To clean up, delete
WinTools
in the Software subkey of both HKEY_LOCAL_MACHINE and
HKEY_CURRENT_USER.
you can also delete the keys inside
HKEY_CLASSES_ROOT\CLSID with numbers
{26E8361F-BCE7-4F75-A347-98C88B418322} and
{87067F04-DE4C-4688-BC3C-4FCF39D609E7}
Inside HKEY_CLASSES_ROOT\PROTOCOLS,
the Name-Space Handler\res\WToolsB.ResProtocol can be
deleted
Next, open
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersi
on\Installer\UserData and delete the
'AUI'
'STO'
'TUID'
entries if found
Reboot normally.
Open a DOS command prompt window
(from Start->Programs->Accessories), and enter the
following commands.
Copy & Paste the lines in and press enter
then copy and paste the other lines in pressing enter
after each one
cd "%WinDir%\System"
regsvr32 /u "\Program Files\Common
Files\WinTools\WToolsB.dll"
regsvr32 /u "\Program Files\Common
Files\WinTools\btiein.dll"
regsvr32 /u "\Program Files\Toolbar\toolbar.dll"
File deletion
Having done this you can reboot the machine and delete
the HuntBar files. Open the 'Common Files' folder inside
Program Files. delete 'WinTools'.
Go back to the Program Files folder and delete
Toolbar
Other traces
You can also open 'Downloaded Program Files' in the
Windows folder and delete these if found:
{8A05273A-2EA5-42DE-AA75-59EA7D9D50D7}
{59450DB0-341D-4436-B380-B8377D8B6796}
{D6E66235-7AA6-44ED-A06C-6F2033B1D993}
{26E8361F-BCE7-4F75-A347-98C88B418322}
Finally reset your search and home pages back to normal
(Tools->Internet Options->Programs->Reset Web Settings).
Good Luck
Andy
