goodthinxx redirection...help

Unregistered · Apr 12, 2004

Hi Guys
I need your help with a problem I got. Every time i try to reach a web page (although thang god not an important page) i get redirected. I have done some scans awith various programms and found that the goodthinxx is the redirecting problem. Although I can't seem able to fix it. I have various programs that report these :

1. With Xoftsoy v3.1 (demo version won't let me fix the problem)
a. Coolwebsearch.Svinit Regisrty Key Interface\{48E59291-9880-11CF-9754-OOAAOOCCOO908}
b. CoolwebSearch.Svinit Registry Key Interface\{48E59292-9880-11CF-9754-00AA00CC00908}
c. MSConnect Registry Key Software\Netscape\Netscape Navigator\User Trusted External Applications
d. MainPean Dialer Registry Key Software\Freeware

I have removed the first two manualy within regedit but showed up again after a couple of internet uses, I couldn't find the last two to manually remove them. I had a rundll.problem that i fixed it but those 4 items remaned.

2. Ad aware 6.0 doesn't show up anything except some data miner tracking cookies which i remove each time i run the software (reference file 01R281 09.04.2004) and each time some show up again.
3. Norton antivirus 2003 scan (latest update) doesn't find a virus. I have internet security installed and updated too
4. CoolWebShredder v 1.56.1 (latest update) doesn't find any problem
5. I installed lately Spybot S&D v.1.2 which only identifies Download accelerator plus as a problem (its a download manager,helps me download programs faster). I uninstalled it since it tells that it won't co-work with ad-aware.
6. I run Hijackthis which genarated this log file. (I can't find anything)

Logfile of HijackThis v1.97.7
Scan saved at 14:49:30, on 12/4/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\InternetProgramms\SpywareGuard\sgmain.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\InternetProgramms\SpywareGuard\sgbhp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamebookers.com/en/index.shtml
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\InternetProgramms\DAP\DAPBHO.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\InternetProgramms\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\INTERN~2\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Ραδιόφωνο - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\InternetProgramms\DAP\DAPIEBar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\InternetProgramms\SpywareGuard\sgmain.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\INTERN~2\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\INTERN~2\DAP\dapextie2.htm
O8 - Extra context menu item: Λήψη όλων με το Net Transport - C:\Program Files\InternetProgramms\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Λήψη με το Net Transport - C:\Program Files\InternetProgramms\NetTransport 2\NTAddLink.html
O9 - Extra button: ATI TV (HKLM)
O9 - Extra button: Run DAP (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for ΄ως: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

I would appreciate any help from you to help me fix or shape up my pc. Thank you in advance for your time.
Akis from Greece

dvk01 · Apr 13, 2004

Adaware is now at version 287 so try to update to that one, it might help

There are several new CWS hijackers that have appeared on mass this weekend and we are having problems curing them all at this time.

I think your version is caused by either of these 2 problems so try the fixes, they can't harm even if they don't cure

1. boot into safe mode and look for mtwirl32.dll in system32 folder and if found delete the mtwirl32.dll

2. download this file, rename it as searchxfix.reg and then double click it to merge into registry
https://www.wilderssecurity.com/attachment.php?attachmentid=136409

reboot & see if it cures

Unregistered · Apr 12, 2004

Ad aware is version 6 built 1.81 cant find version 287
mtwirl32.dll is not present in my system
the file searchxfix cannot be merged into registry
Thank you anyway.

dvk01 · Apr 12, 2004

sorry I should have said that adaware 181 now has internal reference file number 287 and you should update to that by using the internal updater

you have to right click the file called searchxfix.txt and rename it to searchxfix.reg and then it will change to a regedit file not a text file and you can double click it to merge it into registry

Akis · Apr 13, 2004

I have renamed the file but stil can't be merged it says that only binary filew can be merged into registry. Problem stil occurs when i try to view the certain webpage

dvk01 · Apr 13, 2004

there was an error in the attachment and that is being dealt with

but a new cwshredder version 1.56.2 has come out and that should cure this one when it is run in safe mode

Log in or Sign up

goodthinxx redirection...help

Unregistered Guest

dvk01 Global Moderator

Unregistered Guest

dvk01 Global Moderator

Akis Guest

dvk01 Global Moderator

Log in or Sign up

goodthinxx redirection...help

Unregistered Guest

dvk01 Global Moderator

Unregistered Guest

dvk01 Global Moderator

Akis Guest

dvk01 Global Moderator

Useful Searches