adware button sneaked in, please help!

[arko]

hey folks!
my IE6 toolbar has been showing a button linking to CrackPortal.com. i am apprehensive that it may be adware/malware related or whatever. anyway, i want to remove it but neither Add or Remove Programs nor anything else seems to be working. my system can't even find the installed stuff.
if anyone knows anything about what i am talking about, then please help.

thanks!

[Aseem Nasnodkar]

c friend. first of all let me tel u............... going on crack sites isn't bad, but ven u download somethin' like toolbars............ it sticks to ur comp like glue!

Well as you mentioned, I believe it's an adware. and there can be nothing better than using an adware removal program or spyware removal program. U will find many in digit itself! Well its all on a matter of a click!

[theraven]

use ad-aware and/or spybot search and destroy

[mariner]

use the combination of ad aware se and spybot search and destroy.
u might also like to download spyware blaster and spyguard for real time protection.

i am also facin' a similar kinda prblm. there's a button in the tools menu which says "Click here to search at CrackSpider.com for cracks". i have NEVER visited a crack site nor wish to. the programs that i am runnin' r bought by me.Plz tell me wat to do...........

[it_waaznt_me]

Please post yourHijackThis Logfile for better assesment of your problem.

[Kl@w-24]

Go to Windows/Downloaded Program Files/ and see th properties of th Active-X controls installed. Delete th one whose properties show th source as www.crackspider.com. Search th registry for 'spider' or 'crack'. Delete th entries. Go to Program Files and see if there is a folder named like 'Crackspider' or something similar. Delete th folder.

[sujithtom]

Use Ad-Aware (www.lavasoftusa.com) or Spy bot (www.safer-networking.org/en/download/) Clean ur cookies regurarly.

Here's wat my hijack this log says :

Logfile of HijackThis v1.98.2
Scan saved at 11:12:43 AM, on 12/09/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG6~1.0\avgserv.exe
C:\PROGRA~1\Grisoft\AVG6~1.0\avgcc32.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\SYSTEM32\mspaint.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\Documents and Settings\Nipun\My Documents\Setups\Hijack This (Spyware Finding Software In Internet Explorer)\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rediffmail.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.makemesearch.com/?said=113
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.rediffmail.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Nipun's Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\dapbho.dll
O2 - BHO: DAPBHO Class - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - C:\PROGRAM FILES\DAP\DAPIEBAR.DLL
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem301.dll
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ICQ Net] C:\WINDOWS\winlogon.exe -stealth
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6~1.0\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaE ngineMain
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.netpaloffers.net/NetpalOf...O1/s1udc0m.cab
O16 - DPF: {086A694F-91FB-4068-B44C-124FB69BF05D} - http://www.searchwww.com/search.cab
O16 - DPF: {11111111-1111-1111-1111-111111111123} - ms-its:mhtml:file://c:\nosuch.mht!http://www.awmdabest.com/bltd/113.chm::/file.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/fu...tup1.0.0.6.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1093931579551
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/downplain.cab

Plz suggest which 1s shud i remove.......................

[alib_i]

i think this should help ...

its a small 220kb file ..

Code:

http://www.winxptutor.com/download/ToolbarCop.zip

[it_waaznt_me]

To proceed with your HijackThis log, Run HijackThis again and put a CheckMark next to these entries and Click on Fix Checked.
Please make sure that all Internet Explorer and Windows Explorer windows are closed.

Quote:

Originally Posted by nipun_the_gr8

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.makemesearch.com/?said=113
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem301.dll
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll (file missing)
O4 - HKLM\..\Run: [ICQ Net] C:\WINDOWS\winlogon.exe -stealth
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaE ngineMain <-- Wild Tangent is a Spyware
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.netpaloffers.net/NetpalOf...O1/s1udc0m.cab
O16 - DPF: {086A694F-91FB-4068-B44C-124FB69BF05D} - http://www.searchwww.com/search.cab
O16 - DPF: {11111111-1111-1111-1111-111111111123} - ms-its:mhtml:file://c:\nosuch.mht!http://www.awmdabest.com/bltd/113.chm::/file.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/fu...tup1.0.0.6.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/downplain.cab

[it_waaznt_me]

Your system is infested with too many spyware and parasite.I recommend using Spybot Search N Destroy and Spyware Blaster for keeping system free from spywares. Both should be updated regularily as new malwares are discovered frequently.

Thankx buddies !!