Damn toolbars (fixed)

[Lasthitlarry]

I went into safe mode and deleted the damn thing!

Thank you, I'll have to remember this simple trick.

 

[amdskip]

Del-R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
Del-O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSB.DLL
Del-O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
Del-O2 - BHO: Fizzlebar.clsFwBar - {9056A11F-5EA6-4A67-BDE9-8D3C7C453DAC} - C:\SYSFWB\6593267538\IEFWBAR.DLL (file missing)
Del-O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HP Network Registry Agent] C:\WINDOWS\SYSTEM\hpnra.exe
O4 - HKLM\..\Run: [RepliGo Assistant] "C:\Palm\Add-on\RepliGo\RepliGoMon.exe"
O4 - HKLM\..\Run: [REGAD] C:\WINDOWS\SYSTEM32\REGAD.EXE
O4 - HKLM\..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe
Del-O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [PaciSoft] C:\WINDOWS\SYSTEM\pacis.exe
Del-O4 - HKLM\..\Run: [etbrun] C:\WINDOWS\SYSTEM\ELITEHBR32.EXE
Del-O4 - HKLM\..\Run: [Media Access] C:\PROGRAM FILES\MEDIA ACCESS\MediaAccK.exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
Del-O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\TOOLBAR\TBPS.exe
Del-O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [HP Port Resolver] C:\WINDOWS\SYSTEM\hpbpro.exe
O4 - HKLM\..\RunServices: [HP Status Server] C:\WINDOWS\SYSTEM\hpboid.exe
Del-O4 - HKLM\..\RunServices: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
Del-O4 - HKLM\..\RunServicesOnce: [TBPS] C:\PROGRA~1\TOOLBAR\TBPS.exe /boot
Del-O4 - HKLM\..\RunServicesOnce: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE /boot
Del-O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
Del-O4 - HKCU\..\Run: [KPCP32] C:\WINDOWS\SYSTEM\KPCP32.EXE
Del-O4 - HKCU\..\RunServices: [Washer] C:\Program Files\Washer\washer.exe /0
Del-O4 - HKCU\..\RunServices: [KPCP32] C:\WINDOWS\SYSTEM\KPCP32.EXE
O4 - Startup: Service Manager.lnk = C:\MSSQL7\Binn\sqlmangr.exe
O4 - Startup: SQL Server.lnk = C:\MSSQL7\Binn\scm.exe
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://www.arcountydata.com/wfica.cab
O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} (Autodesk Express Viewer Control) - http://www.autodesk.com/global/expressviewer/installer/ExpressViewerSetup.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\update.exe
Del-O16 - DPF: {5D68B82D-C79F-4FFC-83C0-8D0FC794CEF2} (alaWeb.clsGetStats) - file://G:\TOTAL\WIN2000\CONTENT\cabs\alaWeb.CAB
Del-O16 - DPF: {F4303A82-D82B-11D4-89D5-00105AA3C57F} (alaGrid.SupportHistory) - file://G:\TOTAL\WIN2000\CONTENT\cabs\alaGrid.CAB
Del-O16 - DPF: {2C15848B-21C0-406A-9902-56C8D90684F3} (alaWeb.clsGetStats) - file://G:\TOTAL\WIN2000\CONTENT\cabs\alaWeb.CAB
Del-O16 - DPF: {AED6797A-D608-11D4-89D2-00105AA3C57F} (alaGrid.TechDocSearch) - file://G:\TOTAL\WIN2000\CONTENT\cabs\alaGrid.CAB
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
Del-O16 - DPF: {D1ACD2D8-7312-4D06-BECD-90EB094D2277} - http://mediaplayer.walmart.com/installer/install.cab
Del-O16 - DPF: {53A1630A-DB38-4316-B18F-911719E1F66E} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v11/ticker.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab

Boot into safe mode, delete the entries I have marked (pretty sure everything marked is junk). Manually delete the folders in program files and also manually cleanout all the temp files. Yes, upgrade to xp.

Download and run adaware. I like it better than spybot.

 

[islandtechengineers]

hey there, I googled "TBPS.exe" and came up with a lot of stuff in regards to the spyware proggie. research it and im quite sure you'll find an auto-cure. If you cant get a spyware program to clean it for you, then go in, operate and then hit the registry. your post has the location of the spyware on that particular pc. Try ad-aware and a couply of other spyware removal utilities. If you still cant kill it, let us know! Firewall = acquire if you dont have one and tweak it to perfection. You shouldnt have a PC connected to the interent without protection (these days).

 

[FlyingPenguin]

Doublepost - ignore this one

 

[FlyingPenguin]

Microsoft's Anti-Spyware Beta easily removes TBPS BUT it doesn't run under Win98.

For Win9x I recommend you download the 30 day free trial of Webroot's SpySweeper (just as good as Microsoft's product). Install & update it, then reboot into Safe Mode and run the anti-spyware scan (you should always do a spyware scan from safe mode on a known infected system).

Adaware and Spybot have been off my radar for 8 months. Both have been extremely compromised IMO. Adaware has sold out to several spyware publishers. Both together still miss a LOT.

More details on thorough spyware cleaning procedures in my blog here: http://soldcentralfl.com/flyingpenguin/penguin_blog.shtml#spyware-removal