Author Topic: TIBS42 dialer prolem (Read 687 times)

jmccull · « **on:** November 12, 2006, 04:12:59 PM »

I've been dealing with a minor nuisance problem for about 3 weeks now. It shows up randomly and bogs down my machine somewhat, but now I notice that the drive seems to be working all the time.

It seems to be the TIBS42 dialer problem.

Here is the HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 3:35:29 PM, on 11/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\QBOOKSW\Components\QBAgent\QBDAgent.exe
C:\QUICKENW\QWDLLS.EXE
C:\WINDOWS\system32\mrtMngr.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [HP Lamp] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
O4 - HKLM\..\Run: [QBCD Autorun] E:\autorun.exe restart QB_SEQUENCE first
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [EPSON Stylus C82 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE /P23 "EPSON Stylus C82 Series" /O6 "USB001" /M "Stylus C82"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: HotSync Manager.LNK = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Delivery Agent.lnk = C:\QBOOKSW\Components\QBAgent\QBDAgent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1130879458448
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1130881033786
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

guestolo · « **Reply #1 on:** November 12, 2006, 04:53:08 PM »

Can I just have a look at another log, see if uncovers any other files that may be bad

Download this file - Combofix.exe and save it too desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post the log from combofix please

jmccull · « **Reply #2 on:** November 13, 2006, 07:56:58 AM »

[quote name=\'guestolo\' post=\'238270\' date=\'Nov 12 2006, 04:53 PM\']Can I just have a look at another log, see if uncovers any other files that may be bad

Download this file - Combofix.exe and save it too desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post the log from combofix please[/quote]

Here is the COMBOFIX log:

Administrator - 06-11-13 7:39:01.02 Service Pack 2
ComboFix 06.11.9 - Running from: "C:\Documents and Settings\Administrator\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-10-13 to 2006-11-13 ))))))))))))))))))))))))))))))))))

2006-11-01   12:50   114,688   --a------   C:\WINDOWS\system32\calc.exe

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-11-13 07:37   --------   d--------   C:\Program Files\Mozilla Firefox
2006-11-12 12:04   --------   d--------   C:\Program Files\iTunes
2006-11-12 12:04   --------   d--------   C:\Documents and Settings\Administrator\Application Data\Apple Computer
2006-11-12 12:03   --------   d--------   C:\Program Files\iPod
2006-11-12 12:02   --------   d--------   C:\Program Files\QuickTime
2006-11-08 17:00   --------   d--------   C:\Program Files\UniDream PowerBatch
2006-11-04 11:31   --------   d--------   C:\Program Files\Easy Thumbnails
2006-10-28 06:30   --------   d--------   C:\Program Files\Windows NT
2006-10-12 21:33   --------   d--------   C:\Program Files\EPSON
2006-10-12 05:50   --------   d--------   C:\Documents and Settings\Administrator\Application Data\iPodder
2006-10-04 08:46   --------   d--------   C:\Program Files\Juice
2006-10-01 09:19   --------   d--------   C:\Documents and Settings\Administrator\Application Data\Snapfish
2006-09-21 19:53   --------   d--------   C:\Documents and Settings\Administrator\Application Data\AdobeUM
2006-09-20 22:37   --------   d--------   C:\Documents and Settings\Administrator\Application Data\Adobe
2006-09-19 15:44   15664   --a------   C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2006-09-19 15:43   109360   --a------   C:\WINDOWS\system32\GEARAspi.dll
2006-09-18 06:49   --------   d--------   C:\Program Files\AntiVir PersonalEdition Classic
2006-09-15 22:41   --------   d--------   C:\Program Files\LimeWire
2006-09-13 00:01   1084416   --a------   C:\WINDOWS\system32\msxml3.dll
2006-08-25 10:45   617472   --a------   C:\WINDOWS\system32\comctl32.dll
2006-08-22 23:31   5906432   ---------   C:\WINDOWS\system32\ieframe.dll
2006-08-22 23:31   50688   ---------   C:\WINDOWS\system32\msfeedsbs.dll
2006-08-22 23:31   457728   ---------   C:\WINDOWS\system32\msfeeds.dll
2006-08-22 23:31   413696   --a------   C:\WINDOWS\system32\vbscript.dll
2006-08-22 23:31   225792   --a------   C:\WINDOWS\system32\webcheck.dll
2006-08-22 23:31   175616   ---------   C:\WINDOWS\system32\ieui.dll
2006-08-22 23:31   152064   --a------   C:\WINDOWS\system32\msls31.dll
2006-08-22 23:18   78336   --a------   C:\WINDOWS\system32\ieencode.dll
2006-08-22 23:18   206336   ---------   C:\WINDOWS\system32\WinFXDocObj.exe
2006-08-22 23:17   40448   --a------   C:\WINDOWS\system32\licmgr10.dll
2006-08-22 23:17   105472   --a------   C:\WINDOWS\system32\url.dll
2006-08-22 23:17   100352   --a------   C:\WINDOWS\system32\occache.dll
2006-08-22 23:16   16896   --a------   C:\WINDOWS\system32\corpol.dll
2006-08-22 23:14   378368   --a------   C:\WINDOWS\system32\iedkcs32.dll
2006-08-22 23:14   229376   --a------   C:\WINDOWS\system32\ieaksie.dll
2006-08-22 23:13   71680   --a------   C:\WINDOWS\system32\admparse.dll
2006-08-22 23:13   55296   --a------   C:\WINDOWS\system32\iesetup.dll
2006-08-22 23:13   54784   --a------   C:\WINDOWS\system32\ie4uinit.exe
2006-08-22 23:13   43008   --a------   C:\WINDOWS\system32\iernonce.dll
2006-08-22 23:13   152064   --a------   C:\WINDOWS\system32\ieakeng.dll
2006-08-22 23:13   122880   --a------   C:\WINDOWS\system32\advpack.dll
2006-08-22 23:13   11776   --a------   C:\WINDOWS\system32\ieudinit.exe
2006-08-22 23:11   12288   ---------   C:\WINDOWS\system32\msfeedssync.exe
2006-08-22 23:10   61440   ---------   C:\WINDOWS\system32\icardie.dll
2006-08-22 23:10   35328   --a------   C:\WINDOWS\system32\imgutil.dll
2006-08-22 23:09   262656   ---------   C:\WINDOWS\system32\iertutil.dll
2006-08-22 23:07   45568   --a------   C:\WINDOWS\system32\mshta.exe
2006-08-22 22:37   48128   --a------   C:\WINDOWS\system32\mshtmler.dll
2006-08-22 22:36   380928   ---------   C:\WINDOWS\system32\ieapfltr.dll
2006-08-22 22:30   161792   --a------   C:\WINDOWS\system32\ieakui.dll
2006-08-21 07:21   16896   --a------   C:\WINDOWS\system32\fltlib.dll
2006-08-21 04:14   23040   --a------   C:\WINDOWS\system32\fltmc.exe
2006-08-16 06:58   100352   --a------   C:\WINDOWS\system32\6to4svc.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"AdaptecDirectCD"="C:\\Program Files\\Adaptec\\Easy CD Creator 5\\DirectCD\\DirectCD.exe"
"HP Lamp"="C:\\Program Files\\Hewlett-Packard\\HP PrecisionScan\\PrecisionScan\\HPLamp.exe"
"QBCD Autorun"="E:\\autorun.exe restart QB_SEQUENCE first"
"STOPzilla"="\"C:\\Program Files\\STOPzilla!\\Stopzilla.exe\" /autorun"
"avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"EPSON Stylus C82 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S0HIC1.EXE /P23 \"EPSON Stylus C82 Series\" /O6 \"USB001\" /M \"Stylus C82\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"Source"="http://us.i1.yimg.com/us.yimg.com/i/ww/m6v8c.gif"
"SubscribedURL"="http://us.i1.yimg.com/us.yimg.com/i/ww/m6v8c.gif"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,94,00,00,00,a0,00,00,00,e4,02,00,00,30,00,00,00,e8,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,94,00,00,00,a0,00,00,00,e4,02,00,00,30,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,1a,03,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,60,c8,20,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,a0,00,00,00,01,00,00,00,80,02,00,00,3b,02,00,00,ea,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3c,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3c,02,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NVMCTRAY.DLL,NvTaskbarInit"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NVMCTRAY.DLL,NvTaskbarInit"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{553858A7-4922-4e7e-B1C1-97140C1C16EF}"="IE Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
"path"="C:\\Documents and Settings\\Administrator\\Start Menu\\Programs\\Startup\\LimeWire On Startup.lnk"
"backup"="C:\\WINDOWS\\pss\\LimeWire On Startup.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\LimeWire\\LimeWire.exe -startup"
"item"="LimeWire On Startup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Billminder.lnk"
"backup"="C:\\WINDOWS\\pss\\Billminder.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\QUICKENW\\BILLMIND.EXE -startup"
"item"="Billminder"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ypager"
"hkey"="HKCU"
"command"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe -quiet"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20051116-011819-286
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
backup-20051116-011819-549
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
backup-20051116-011819-137
O15 - Trusted IP range: 195.190.118.157 (HKLM)
backup-20051116-011819-475
O15 - Trusted Zone: *.searchmeup.cc (HKLM)
backup-20051116-011819-144
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
backup-20051116-011819-276
O15 - Trusted Zone: *.skoobidoo.com
backup-20051116-011819-470
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
backup-20051116-011819-387
R3 - Default URLSearchHook is missing
backup-20051116-011819-377
O15 - Trusted Zone: *.searchmeup.cc
backup-20051116-011819-167
O4 - HKLM\..\Run: [bxuphqj] C:\WINDOWS\System32\vqxwebw.exe r
backup-20051116-011819-562
O4 - HKCU\..\Run: [Munj] C:\WINDOWS\System32\mzg.exe
Completion time: 06-11-13 7:40:34.60
C:\ComboFix.txt ... 06-11-13 07:40

guestolo · « **Reply #3 on:** November 13, 2006, 02:15:06 PM »

Can you do the following
Find and delete these files if still around, they were probably deleted as they were disabled a long time ago
But take a look
C:\WINDOWS\System32\vqxwebw.exe
C:\WINDOWS\System32\mzg.exe

Can you also do the following
Go to start > control panel > Display properties > Desktop > Customize Desktop... > Web tab
Do you recognize everything under the Web Pages field?

If you don't recognize the one entry
Uncheck and delete it
Don't delete My current home page

From my signature below,
Use INTERNET EXPLORER
Run an online virus scan at Kaspersky's
Accept the prompt at the Welcome screen
You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make sure that the following are selected:

***Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
***Scan Options:
Scan Archives
Scan Mail Bases

Click OK
Now under select a target to scan:

Select My Computer

This program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.

***Now click on the Save as Text button:

Save the file to your desktop.

* Copy and paste that information in your next post

jmccull · « **Reply #4 on:** November 14, 2006, 07:02:30 PM »

I could not get the Kaspersky site to scan my PC. The ActiveX component would not install. When prompted about ActiveX, I said yes, then the program went back to the initial agree/disagree screen

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\'

\' /> . I emailed customer service and they suggested to install the 30 day trial version. I didn't since I'm already running an AV program. Waiting for your advice.

guestolo · « **Reply #5 on:** November 14, 2006, 07:10:40 PM »

Let's try one at Panda's instead
Use Internet Explorer and Run the online Panda ActiveScan
* Once you are on the Panda site click the Scan your PC button at the bottom of the page
* A new window will open...click the big Check Now button.
* Enter your Country.
* Enter your State/Province.
* Enter your e-mail address.
* Select either "Home User or Company."
* Click the big Scan Now button.
* Allow the ActiveX component to install and download the files required for the scan. This may take a couple of minutes.
* Click on Local Disks to start the scan.

When the scan is complete
click See Report, then click Save Report and save it to your Desktop.

Post a fresh hijacthis log afterwards and the Full report from Panda's please

jmccull · « **Reply #6 on:** November 16, 2006, 12:34:53 AM »

[quote name=\'guestolo\' post=\'239546\' date=\'Nov 14 2006, 07:10 PM\']Let's try one at Panda's instead
Use Internet Explorer and Run the online Panda ActiveScan
* Once you are on the Panda site click the Scan your PC button at the bottom of the page
* A new window will open...click the big Check Now button.
* Enter your Country.
* Enter your State/Province.
* Enter your e-mail address.
* Select either "Home User or Company."
* Click the big Scan Now button.
* Allow the ActiveX component to install and download the files required for the scan. This may take a couple of minutes.
* Click on Local Disks to start the scan.

When the scan is complete
click See Report, then click Save Report and save it to your Desktop.

Post a fresh hijacthis log afterwards and the Full report from Panda's please[/quote]

I tried the Panda scan following all the prompts. Everytime I tried to scan, it ran through the cycle and gave me an error message. I tried to reboot, but the same problem. I then went ahead and tried the Trend Micro scan. It scanned for about two hours. When it finished it told me what problems I had and offered to fix. When I told it to clean, my browser crashed. UGH....

guestolo · « **Reply #7 on:** November 16, 2006, 12:41:33 AM »

Try this Jim
* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, Click Options > Change settings
Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
Back at the main window, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found:
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:

This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured.
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

You can try this in safe mode if Normal windows is not successful

TheTechGuide Forum

News:

Author Topic: TIBS42 dialer prolem (Read 687 times)

jmccull

TIBS42 dialer prolem

guestolo

TIBS42 dialer prolem

jmccull

TIBS42 dialer prolem

guestolo

TIBS42 dialer prolem

jmccull

TIBS42 dialer prolem

guestolo

TIBS42 dialer prolem

jmccull

TIBS42 dialer prolem

guestolo

TIBS42 dialer prolem