Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
i'd really like some help to get rid of "Find4U". it's the most annoying thing ever. i simply want to know how to get rid of it. i downloaded the "spywareblaster" it got rid of all the other stuff except for this annoying search engine.
Sounds like a job for CWShredder, download and read history at http://www.spywareinfo.com/~merijn/cwschronicles.html
0 
I tried that as well. CWS Shredder didn't fix it. I also tried Ad-Aware and hijack this. If anyone can help, please post!!!
0
you have to do the full process to ensure the results.....
First – please download and run Spybot Search & Destroy;
http://www.safer-networking.org
Short tutorial and download link here:
http://tomcoyote.org/SPYBOT/
*check for updates*; and then scan,
and fix all RED items that Spybot finds.
Reboot when done.[#or AdAware if you’ve done Spybot]
http://www.lavasoft.de/support/download/Then download/update 'Hijack This!' 1.97.0.7 new version http://www.spywareinfo.com/~merijn/files/hijackthis.zip
Unzip/extract all…
Double click on hijackthis.exe..and complete the install.Close All browser windows and
Run HijackThis,
Press Scan, and wait,
Save the log, (the ‘scan’ button changes to ‘save log’)
Edit>select All > copy and paste its contents here.
Most of what it lists will be harmless or even essential, so don't fix anything yet.
Post the full log including header info in reply.
It should be reviewed by someone here.
0
follow up for yb125 and David B,
as far as I know, Find4u is not one of the CWS Cool Web Search variants, and running the CWShedder will not remove it.
The HijackThis log will show up any CWS if they are present.If you think you have CWS the following applies:
Download and run a new update of cwshredder.zip Click “Next”
http://www.spywareinfo.com/~merijn/files/cwshredder.zip
(obtain a new version for each run; there is a recent update)The full story on CWS:
New address: http://www.merijn.org/cwschronicles.html
Make sure that you have the latest version of CWShredder, and that you click “Next”
and don't just scan.
0
IT IS THE MOST ANNOYING THING EVER... HERES THE RESPONSE TO HIJACKTHIS
Logfile of HijackThis v1.97.7
Scan saved at 9:31:55, on 12/10/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\NORTON~1\navapw32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\program files\support.com\bin\tgcmd.exe
C:\WINDOWS\Plaxo\1.4.0.140\InstallStub.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\SBC\Connection Manager\CManager.exe
C:\PROGRA~1\BROADJ~1\CORREC~1\CCD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\VAW\Local Settings\Temp\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.dogpile.com/info.dogpl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.dogpile.com/info.dogpl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.dogpile.com/info.dogpl.toolbar/
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.startup.homepage", ""); (C:\Documents and Settings\VAW\Application Data\Mozilla\Profiles\default\k91663ot.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\VAW\Application Data\Mozilla\Profiles\default\k91663ot.slt\prefs.js)
O1 - Hosts: 66.250.130.133 google.com
O1 - Hosts: 66.250.130.133 www.google.com
O1 - Hosts: 66.250.130.133 google.de
O1 - Hosts: 66.250.130.133 www.google.de
O1 - Hosts: 66.250.130.133 google.co.in
O1 - Hosts: 66.250.130.133 www.google.co.in
O1 - Hosts: 66.250.130.133 google.ca
O1 - Hosts: 66.250.130.133 www.google.ca
O1 - Hosts: 66.250.130.133 google.fr
O1 - Hosts: 66.250.130.133 www.google.fr
O1 - Hosts: 66.250.130.133 google.it
O1 - Hosts: 66.250.130.133 www.google.it
O1 - Hosts: 66.250.130.133 google.com.au
O1 - Hosts: 66.250.130.133 www.google.com.au
O1 - Hosts: 66.250.130.133 google.co.uk
O1 - Hosts: 66.250.130.133 www.google.co.uk
O1 - Hosts: 66.250.130.133 google.be
O1 - Hosts: 66.250.130.133 www.google.be
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Adobe\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Adobe\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Dogpile Toolbar - {5E92F538-B50B-46c5-9C5F-C6EECED3F6C6} - C:\Program Files\DogpileToolbar\ultrabar.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.exe" /background
O4 - HKCU\..\Run: [PlaxoUpdate] C:\WINDOWS\Plaxo\1.4.0.140\InstallStub.exe -a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Washer] C:\Washer\washer.exe /0
O4 - Global Startup: winlogon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Dogpile Cursor Search - C:\Documents and Settings\All Users\Application Data\Infospace\DogpileToolbar\contextsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {02BED220-FBC7-4392-93A2-3A50B056F78E} - http://down.plaxo.com/down/release/instub.cab
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1071071208949
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_1us.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://photo.walmart.com/photo/upload/XUpload.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{14B9D124-B7DB-462E-9AC6-A8BB7FAF29CA}: NameServer = 64.169.140.6 206.13.28.12
0
thanks for your responses but i dont know what a CWS is, i'm not exactly a computer nerd or anything. but i have downloaded adaware and i have spywareblaster or something like that. it's so annoying, i simply want it removed. :(
0
Name: mykepredko
Date: December 10, 2003 at 07:25:06 Pacific
Subject: Remove Pup ups and home page
Reply:Let's try this again, in the previous post I forgot to mention that you should delete "garbage.garbage". I've updated the list below to include this.
Here are the steps that I used:
1. Do a search on "winlogon.exe". You should find two copies, one in your start menu and the other in program files. The start menu one was 23k while the one in program files was 505k. It is the 23k one that is causing the problems.
2. Start up your MS-DOS Prompt ("cmd" from "Run") and "cd" (change directory to the directory the start menu directory pointed to by search) and then "ren winlogon.exe garbage.garbage". This is important because you have to change the file type from .exe to something THAT CANNOT EXECUTE.
3. Power Down and Power Up your PC. As you power down you will still get the win min.exe error ("End Program" and continue). When you power back up, you will get a message saying the system can't execute or open "garbage.garbage". It will ask you if you would like to choose a program to open it up, just "cancel".
4. Using "search", find "garbage.garbage" and delete it. Once you have deleted this, you will no longer get the start up error message noted in the previous step.
5. Execute "regedit" from "Run" and look for (Ctrl-F) all instances of "find4u" and delete the entries.
6. Start up Explorer, you will still get the find4u on start up, but you can now change it to your normal start up window. You might also want to check your "Favorites", chances are a few surprises have been added there.
7. That's it, now when you power up and down, you should be fine.
myke
0
Thanks to everyone on here who gave some piece of advice on removing that damn find4u from your homepage.
The following worked for me:
http://www.spywareinfo.com/~merijn/files/cwshredder.zipstupid idiots have nothing better to do with their time than create menacing spyware like this!!
Thanks again guys. Happy 2004.
0
I've been fighting this same problem myself for the last few hours.
CWshreded didn't work!
SpyBot didn't work!
Hijackthis almost worked?!? (it came back after each restart)none of the other Spy/Ad ware removal programs I have worked...
btw the three I listed work Great and I highly recommend them
hijackthis
http://www.merijn.org/SpyBot
http://www.safer-networking.org/I can't find the link for cwshreder right now but it is well worth the time to look it up.
well like I said none of them worked... although they did find alot of other "bugs"
I finnally KILLED find4u by using a wonderful program called X-setup
http://www.xteq.com/
Locker Gnome is also a usefull little prog. it's like windows help... but but it actually makes sence instead of being useless double talkX-setup is great it opens up every control panel on your entire system so you don't have to dig to find them all... it even opens up controls that you can't find in windows!
after you install and run it choose Power User, under the startup/shutdown menu pick your version of windows and goto Auto Run (#2 worked for me but you may need to look in both)
what I had to do was Disable "olehelp"
I restarted and find4u didn't come back
you can delete the item but I wouldn't suggest that just incase you don't have the right program (you can restore it if it is something you still need)Spyware is a pain but heck it keeps a lot of people in work... and not just the idiots who make it... also the Great people who make Spybot, Hijackthis, Cwshreder, and the wonderfull people at X-teq! and all the others.
Good luck I'm sure other people are gonna have probs with this and hopefully they will get rid of it quicker than I did.
0
Many thanks to Myke in response #8! Renaming and deleting the bogus winlogon.exe file and cleaning up the registry on my XP machine rid me of the "Find4U" porno prison!
Take home lesson...be very careful of the e-mail that you choose to open. Why do people waste our time with this crap?
0
Thank you very very much Myke in reponse #8. Finaly I got rid of find4u crap on my computer by follow your step. I try so many way to get rid of it it but it is the best way to do it.
One more time I want to thank Myke for helping us. Good luck to other people still got that problem.
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
