My IE keeps redirecting me to www.incredifind.com I ran Hijack This! and the following is the log file: What should be deleted??? Thanks for any help - I am miserable!!!!!! Logfile of HijackThis v1.97.7 Scan saved at 11:19:29 AM, on 12/4/2003 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe C:\WINNT\Cpqdiag\Cpqdfwag.exe c:\winnt\system32\domtimec.exe C:\WINNT\System32\svchost.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\WINNT\system32\mgabg.exe C:\Program Files\Microsoft SQL Server\MSSQL$PROPHETSQL\Binn\sqlservr.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\Program Files\RealVNC\WinVNC\WinVNC.exe C:\WINNT\system32\svchost.exe C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe C:\WINNT\Explorer.exe C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.exe C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe C:\Program Files\Analog Devices\SoundMAX\Smtray.exe C:\WINNT\system32\dttray.exe C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.exe C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.exe C:\Compaq\EAKDRV\EAUSBKBD.exe C:\WINNT\system32\PDesk\PDesk.exe C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe C:\Program Files\AIM95\aim.exe C:\Program Files\Quote.com\QCharts\QCharts.exe C:\Program Files\CyberTrader\CyberX2\CyberX2.exe C:\Program Files\RBEnhance\rbenh.exe C:\PROGRA~1\MICROS~2\Office\OUTLOOK.exe C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.exe C:\PROGRA~1\Netscape\Netscape\Netscp.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\Documents and Settings\nycwod\Local Settings\Temp\HijackThis.exe R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file) N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.com/"); (C:\Documents and Settings\nycwod\Application Data\Mozilla\Profiles\default\31xyrmmo.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\nycwod\Application Data\Mozilla\Profiles\default\31xyrmmo.slt\prefs.js) O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {BCF96FB4-5F1B-497B-AECC-910304A55011} - C:\WINNT\hh.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [ChkAdmin] C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.exe O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper O4 - HKLM\..\Run: [DomainTimeTrayIcon] C:\WINNT\system32\dttray.exe O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\system32\PDesk\PDesk.exe /Autolaunch O4 - HKLM\..\Run: [rbenh 6l7720] "C:\Program Files\RBEnhance\rbenh.exe" O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINNT\Cpqdiag\CpqDfwAg.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo O4 - Startup: Check for QCharts Updates.lnk = C:\Program Files\Quote.com\QCharts\WiseUpdt.exe O4 - Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe O4 - Startup: Download Plus.lnk.disabled O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe O9 - Extra button: AIM (HKLM) O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O10 - Broken Internet access because of LSP provider 'lsp.dll' missing O16 - DPF: {1DD81666-F3AD-11D3-BA86-00500487B4EC} (WonSearchX Control) - http://www.dailygraphs.com/member/ocx/WonSearchX.ocx O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?RND= O16 - DPF: {78267546-F2AC-11D2-A278-005004676C44} (WonList Control) - http://www.dailygraphs.com/member/ocx/WonList.ocx O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37959.1969791667 O16 - DPF: {AECD14A8-F662-11D1-A395-00805F535788} (Plotwon Control) - http://www.investors.com/member/ocx/plotwon.ocx O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://meeting.webex.com/client/latest/webex/ieatgpc.cab O16 - DPF: {EE3CD402-69EB-4B53-819D-0CA2F95AD7DA} (PFMngr Control) - http://www.investors.com/member/ocx/pfmngr.ocx O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = global.corp.euram.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = global.corp.euram.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = global.corp.euram.com

Install Adaware 6 and use that instead of Spybot.

Here's my take on the bad guys: C:\Program Files\RBEnhance\rbenh.exe R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file) O2 - BHO: (no name) - {BCF96FB4-5F1B-497B-AECC-910304A55011} - C:\WINNT\hh.dll O4 - HKLM\..\Run: [rbenh 6l7720] "C:\Program Files\RBEnhance\rbenh.exe" O10 - Broken Internet access because of LSP provider 'lsp.dll' missing ( To fix the lsp.dll missing) LSP Fix There might be more, but I hth shep

I installed both spybot and adware 6 and it does not seem to delete incredifind. The key is to delete the incredifind folder I went to incredifind website and click on uninstall link and downloaded uninstall file. After running the uninstall for a few 2nd -nothing will show up, I was able to delete the incredifind directory. That seem to fix it, I haven't had incredifind for a week now. I have a problem with vgfe.com ads, spybot and ad-ware cannot resolve it.

My main concern would be the RealWinVNC that allows remote access to your PC unless you deliberately installed this.

Pleae try this steps Start the registry editor. This is done by clicking Start then Run. (The Run dialog will appear.) Type regedit and click OK. (The registry editor will open.) Delete 'HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ {5D60FF48-95BE-4956-B4C6-6BB168A70310}', if it exists. Delete 'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Browser Helper Objects \ {5D60FF48-95BE-4956-B4C6-6BB168A70310}', if it exists. Exit the registry editor. Restart your computer. Delete %ProgramsDir%\IncrediFind\BHO\incfindbho.dll Note: %ProgramsDir% is a variable. By default, this is C:\Program Files. Start Microsoft Internet Explorer. In Internet Explorer, click Tools -> Internet Options. Click the Programs tab -> Reset Web Settings. Regards Kevin Roberts