PDA

View Full Version : Incredifind


bopdude
31-05-2004, 10:40
Hi all, I have a daft problem that I can't get rid of, as the title says, it's incredifind taking over IE. I have looked on the net for removal tips but it goes into registry editing, I don't want to risk it. I have run nortons \ adaware \ spybot s&d but no joy. I know one of you will have the answer so over to you guys and girls.

TIA :)
Ps, what a job I had getting here :(

dilli-theclaw
31-05-2004, 11:13
Try this?

http://www.kephyr.com/spywarescanner/library/incredifind/index.phtml

Alan Waddington
31-05-2004, 11:15
There is a removal tool on the incredifind.com home page (look at the bottom). Whether it's trustworthy is another matter though.

Pest Patrol claims to be able to remove it (for a price).

Otherwise, printout the instructions & proceed carefully with the the registry editor. Maybe backup the registry first
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/199762382617?OpenDocument&src=sec_doc_nam

bopdude
31-05-2004, 11:18
Try this?

http://www.kephyr.com/spywarescanner/library/incredifind/index.phtml
Thanks, just d\led it now will let you know.
Ps thanks AW :) but I am weary of editing the registry :tu:

bopdude
31-05-2004, 11:28
OK so I have installed Bazooka and it has come up with a short list :(

BookedSpace
ClipGenie
MS Media Player GUID
My Search Bar
My Search Bar.B
Scbar
Winpup

But Bazooka onlt gives you the regedit option of removal :( or so it seems, any other ideas more than welcome.

Ps I try and keep a clean pc but with 4 kids doing their own thing its not easy........ HELP ME ......lol

TIA

Paul K
31-05-2004, 11:56
How about http://www.uninstall-i-lookup.com/incredifind-uninstall/incredifind-uninstall.html ? or you could try the cws shredder tool from http://www.spywareinfo.com/~merijn/downloads.html

bopdude
31-05-2004, 12:14
How about http://www.uninstall-i-lookup.com/incredifind-uninstall/incredifind-uninstall.html ? or you could try the cws shredder tool from http://www.spywareinfo.com/~merijn/downloads.htmlCheers Paul, scanning now and already picked up 10 registry items and 9 cookies with some way to go yet, picked up incredifind as well :tu:

EDIT:- AAAAARRRGH, I hit the start remove and you have to pay, not that i'm tight or anything but surely theres a free prog out there :) will let you know how i get on, for now though i've been given the impossible task of trying to get 6 seats for harry Potter for today :Yikes: rather try and do the registry thing :D ;)

bopdude
31-05-2004, 12:59
Ok now I have tried a few different progs, all wanting a fee, not that i mind paying but not before I try...lol

Ok so here's a log of highjack this, make sense to anyone :shrug: if so please help me, thank you to all who do

Logfile of HijackThis v1.97.7
Scan saved at 11:53:15, on 31/05/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security Professional\NISUM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\r2 studios\HideOE\HideOE.exe
C:\WINDOWS\SOINTGR.EXE
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\outlook express\msimn.exe
C:\Program Files\Norton Internet Security Professional\ccPxySvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\set ups\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.timecomputers.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.ntlworld.com/start
R3 - URLSearchHook: IncrediFindBHO Class - {4FC95EDD-4796-4966-9049-29649C80111D} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NavErrRedir Class - {4FC95EDD-4796-4966-9049-29649C80111D} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SupaStatus] C:\Program Files\Internet Explorer\Connection Wizard\Status.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [UBIOSYFL] C:\WINDOWS\UBIOSYFL.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [HideOE] "C:\Program Files\r2 studios\HideOE\HideOE.exe"
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\Run: [bdtuqk] C:\WINDOWS\System32\bdtuqk.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: ieSpell (HKLM)
O9 - Extra 'Tools' menuitem: ieSpell (HKLM)
O9 - Extra 'Tools' menuitem: ieSpell Options (HKLM)
O9 - Extra button: Create Mobile Favorite (HKLM)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.timecomputers.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab27571.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab27571.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab27571.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Paul K
31-05-2004, 15:29
O2 - BHO: NavErrRedir Class - {4FC95EDD-4796-4966-9049-29649C80111D} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL is one to get rid of as its the incredifind program.

Ramrod
31-05-2004, 15:41
Try this?

http://www.kephyr.com/spywarescanner/library/incredifind/index.phtmlThat looks like the best bet.....

bopdude
31-05-2004, 23:10
O2 - BHO: NavErrRedir Class - {4FC95EDD-4796-4966-9049-29649C80111D} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL is one to get rid of as its the incredifind program.

How do I delete that safely or is it a case of just finding and deleting ?


That looks like the best bet.....
Tried it, but found no entry in the registry and when I found the file folder it said file in use and could not delete :banghead:

Thanks for the tips, looks like i'm gonna have to put hand in pocket :p

Maggy
31-05-2004, 23:23
How do I delete that safely or is it a case of just finding and deleting ?



Tried it, but found no entry in the registry and when I found the file folder it said file in use and could not delete :banghead:

Thanks for the tips, looks like i'm gonna have to put hand in pocket :p

Hey don't give up yet.I'm sure my friend Paul will be able to help. ;)

Paul K
01-06-2004, 02:13
How do I delete that safely or is it a case of just finding and deleting ?



Tried it, but found no entry in the registry and when I found the file folder it said file in use and could not delete :banghead:

Thanks for the tips, looks like i'm gonna have to put hand in pocket :p
If you use Hijackthis then you just put a tick in the box (on the left hand side of the list) next to the entry and then tell the software to "fix it", it will then delete it for you. If you need more help I'll be online about 3pm ish tomorrow but I'm sure others will be around to help if I'm not here lol.

bopdude
01-06-2004, 08:19
If you use Hijackthis then you just put a tick in the box (on the left hand side of the list) next to the entry and then tell the software to "fix it", it will then delete it for you. If you need more help I'll be online about 3pm ish tomorrow but I'm sure others will be around to help if I'm not here lol.
D'oh, wan't thinking straight. Thanks for the tips and hints, I will check back at the end of the week when I get back, off to work somewher, find out where in 1 hour when I getto the office ;) I will run highjack when I get back.

Thanks again :tu:

Paul K
01-06-2004, 16:07
D'oh, wan't thinking straight. Thanks for the tips and hints, I will check back at the end of the week when I get back, off to work somewher, find out where in 1 hour when I getto the office ;) I will run highjack when I get back.

Thanks again :tu:
Hopefully that will sort it for you if not you know where we are ;)

Matth
01-06-2004, 22:50
http://www.snapfiles.com/get/bho.html
BHOCaptor is another way to examine and control "Browser Helper Objects", though not all crapware is a BHO.

Spyhunter gets a bad press, for faking tactics, some even say it's a problem, itself.

swoop101
01-06-2004, 23:05
Get Regcleaner (freeware) from my webspace HERE (http://homepage.ntlworld.com/john.forrest3/Regcleaner%204.3%20(freeware)/)
Look down the list and if it shows up tick the box and scroll down to the botom and click remove. Job done - nice and easy :D

Also regprotect is there as well, to let you know when anything is being put in the registry by any programs/websites/spyware etc.