goodthinxx redirection...help

Discussion in 'adware, spyware & hijack cleaning' started by Unregistered, Apr 12, 2004.

Thread Status:
Not open for further replies.
  1. Unregistered

    Unregistered Guest

    Hi Guys
    I need your help with a problem I got. Every time i try to reach a web page (although thang god not an important page) i get redirected. I have done some scans awith various programms and found that the goodthinxx is the redirecting problem. Although I can't seem able to fix it. I have various programs that report these :

    1. With Xoftsoy v3.1 (demo version won't let me fix the problem)
    a. Coolwebsearch.Svinit Regisrty Key Interface\{48E59291-9880-11CF-9754-OOAAOOCCOO908}
    b. CoolwebSearch.Svinit Registry Key Interface\{48E59292-9880-11CF-9754-00AA00CC00908}
    c. MSConnect Registry Key Software\Netscape\Netscape Navigator\User Trusted External Applications
    d. MainPean Dialer Registry Key Software\Freeware

    I have removed the first two manualy within regedit but showed up again after a couple of internet uses, I couldn't find the last two to manually remove them. I had a rundll.problem that i fixed it but those 4 items remaned.

    2. Ad aware 6.0 doesn't show up anything except some data miner tracking cookies which i remove each time i run the software (reference file 01R281 09.04.2004) and each time some show up again.
    3. Norton antivirus 2003 scan (latest update) doesn't find a virus. I have internet security installed and updated too
    4. CoolWebShredder v 1.56.1 (latest update) doesn't find any problem
    5. I installed lately Spybot S&D v.1.2 which only identifies Download accelerator plus as a problem (its a download manager,helps me download programs faster). I uninstalled it since it tells that it won't co-work with ad-aware.
    6. I run Hijackthis which genarated this log file. (I can't find anything)

    Logfile of HijackThis v1.97.7
    Scan saved at 14:49:30, on 12/4/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Norton Internet Security\NISUM.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Norton Internet Security\ccPxySvc.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\htpatch.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\Program Files\InternetProgramms\SpywareGuard\sgmain.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\InternetProgramms\SpywareGuard\sgbhp.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamebookers.com/en/index.shtml
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
    O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\InternetProgramms\DAP\DAPBHO.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\InternetProgramms\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\INTERN~2\SPYBOT~1\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Ραδιόφωνο - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\InternetProgramms\DAP\DAPIEBar.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\InternetProgramms\SpywareGuard\sgmain.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\INTERN~2\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\INTERN~2\DAP\dapextie2.htm
    O8 - Extra context menu item: Λήψη όλων με το Net Transport - C:\Program Files\InternetProgramms\NetTransport 2\NTAddList.html
    O8 - Extra context menu item: Λήψη με το Net Transport - C:\Program Files\InternetProgramms\NetTransport 2\NTAddLink.html
    O9 - Extra button: ATI TV (HKLM)
    O9 - Extra button: Run DAP (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O12 - Plugin for ΄ως: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    I would appreciate any help from you to help me fix or shape up my pc. Thank you in advance for your time.
    Akis from Greece
     
  2. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    Adaware is now at version 287 so try to update to that one, it might help

    There are several new CWS hijackers that have appeared on mass this weekend and we are having problems curing them all at this time.

    I think your version is caused by either of these 2 problems so try the fixes, they can't harm even if they don't cure

    1. boot into safe mode and look for mtwirl32.dll in system32 folder and if found delete the mtwirl32.dll

    2. download this file, rename it as searchxfix.reg and then double click it to merge into registry
    https://www.wilderssecurity.com/attachment.php?attachmentid=136409

    reboot & see if it cures
     
    Last edited: Apr 13, 2004
  3. Unregistered

    Unregistered Guest

    Ad aware is version 6 built 1.81 cant find version 287
    mtwirl32.dll is not present in my system
    the file searchxfix cannot be merged into registry
    Thank you anyway.
     
  4. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    sorry I should have said that adaware 181 now has internal reference file number 287 and you should update to that by using the internal updater

    you have to right click the file called searchxfix.txt and rename it to searchxfix.reg and then it will change to a regedit file not a text file and you can double click it to merge it into registry
     
  5. Akis

    Akis Guest

    I have renamed the file but stil can't be merged it says that only binary filew can be merged into registry. Problem stil occurs when i try to view the certain webpage
     
  6. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    there was an error in the attachment and that is being dealt with

    but a new cwshredder version 1.56.2 has come out and that should cure this one when it is run in safe mode
     
Thread Status:
Not open for further replies.