Persistent TIB Dialer problem

I'm running windows xp and I've downloaded all the recommended software for removing and protecting against spyware but TIB dialer keeps coming back 15-30 minutes after removal.

I'm trying to follow the instructions in the basic thread but I'm having trouble with this:

b) And Windows XP, 2000, NT, ME, users boot in "safe mode with networking support" (and remain in there). See how to boot in safe mode below.
do an online scan at Trend Micro's Free Online Virus Scan
do an online scan at Symantec Security Check
run McAfee AVERT Stinger

When I'm on safe mode with networking support I can't go online and do the online scans because I'm not on a network or LAN connection I connect directly to the ISP.

I hope you guys can help me, thanks.

 

I've successfully run Symantec's Security Check on normal mode, used Spybot, AdAware, CWShredder, CClean, etc on safe mode reverted to normal mode and then turned on System Restore once again. But an executable called inst.exe still keeps coming back and re-installing TIB dialer after some time passes.

I'm trying to finish downloading TrendMicro's update engine and pattern file in the hopes that TIB won't interrupt me.

Anyhow I noticed that yesterday I was able to stay online for about a couple of hours problem-free (which is longer than usual w/ TIB) when I had System Restore turned off. When I turned it back on, TIB started coming back again.

 

I finished running TrendMicro's scan and it didn't find anything. I downloaded and ran HijackThis right after and I'm attaching my logfile.

TIB doesn't seem to come back as long as my system restore is off.

 

I am learning
wait for chaslang to confirm plse!!!


fix

and if you dont know/want these
fix all six of these

I would get rid of

you propably don't want this

again
pleas wait for an ok
because if I am wrong on any account
or if I missed something
someone else will know more than I


@chaslang
forgive me if I am wrong
"if I dont know what I am doing dont post" I know
but I have learnd alot here and would like to continue
and help thos who help me help. . .
thank you

 

not bad Jarcher.

the 09's aren't "bad" per say, but are probably ok to remove


Boot to safe mode and go to start.. run.. type

REGSVR32.EXE /u MADOPEW.DLL

Hit ok to any prompt. If you get an error, that's fine.

then here's a list that should be removed in HJT.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
O2 - BHO: (no name) - {ADA406F7-A185-4DDB-A3AC-A84D69F466B8} - C:\WINDOWS\madopew.dll (file missing)
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
O18 - Filter: text/html - {EE7A946E-61FA-4979-87B8-A6C462E6FA62} - (no file)

 

I've removed the listed files via HJT, run all the spyware detection/prevention/clean-up programs listed in the basic thread and am about to enable System Restore once again.

So far I've been able to stay online without problems, I even went as far as to play Ragnarok Online for a couple of hours. Hopefully it stays that way when I enable System Restore. The last time TIB came back after I enabled System Restore but at that time I didn't run HJT.

Thanks to y'all!

 

Bad News: As soon as I enabled System Restore, TIB dialer came back within 5-10 mins. When System Restore is disabled, my PC is left in peace.

It's such a strange problem..

 

Okay, disabled System Restore and ran HJT again.

What's more, as soon as TIB came back, my brower was also invaded by all sorts of hijackers shortly after. When I have System Restore off I am able to stay online completely undisturbed. I also got some sort of bug which insists that I use "http://" every time I go anywhere, I can't just type the url directly without the "http://" prefix.

 

I'll DL the Windows and Explorer updates now, and yes I did use Spybot's Immunize feature and I also have SpywareBlaster installed. Thanks.

 

I've downloaded Microsoft Service Pack 1 and some other updates, ran HJT again, and attached the latest HJT logfile. System Restore is still disabled. I also fixed the ff:

O9 - Extra button: Corel Network monitor worker - {9AB8E4F2-2CD7-460F-919D-0CEE05CEAC01} - (no file)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {9AB8E4F2-2CD7-460F-919D-0CEE05CEAC01} - (no file)
O9 - Extra button: Corel Network monitor worker - {9AB8E4F2-2CD7-460F-919D-0CEE05CEAC01} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {9AB8E4F2-2CD7-460F-919D-0CEE05CEAC01} - (no file) (HKCU)
O13 - DefaultPrefix:
O13 - WWW Prefix:
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=iehomepage&c=3C01&lc=6009

 

TIB hasn't re-appeared so far, I'll be enabling System Restore now. Hopefully it won't come back. Thanks!