Dialer.webview Virus?

You have a load of issues show in your log. You have just about one of everything you could have including Trojans, viruses, malware. Is your Norton Antivirus package up to date? This going to take some time. But first you need to follow some forum guidelines. HJT logs are not to be posted unless we ask for them.

Please follow all the steps in this Sticky thread < READ ME FIRST: Basic Spyware, Trojan And Virus Removal >

If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.

You should even run about:Buster because I see some possible traces of about:Blank problems too.

NOTE: You should read the tutorial in this Sticky thread < Hijack This Tutorial And How To Post Your Log File > Do not post a HijackThis log until we ask you to and when we do it must be text document attachment to your message.

Update! Due to Hijack This logs destroying search engine and web site searches, we now ask you do not post your Hijack This log file unless requested by us. It is for advanced users, so if you do not understand how to use it, you do not need it....yet. Instead, please tell us in your post what symptoms you are experiencing so we can try and resolve it that way. When, and if, we ask you to post your log file, please attach it as a file. To do this save the log file and select manage attachments in a new thread to upload it. All running programs should be closed, including your web browser, e-mail, items in the tray, anything you can close... Close before running Hijack This!


Do NOT run Hijack This from the Desktop, a temp folder or choose run from the download. Place it in its own folder, for example C:\Program Files\HJT

You should also go to Add/Remove Programs and uninstall (if still there) anything related to Webrebates, WildTangent, Gain, GainBundle, CMESYS, Kazaa, P2P Networking, Ncase, or 180 solutions.

Also in addition to all the above, run these:
http://www.ravantivirus.com/scan/ <--- Select Auto Clean and then click Scan My PC
http://www.bitdefender.com/scan/licence.php
http://www.windowsecurity.com/trojanscan/
http://www.majorgeeks.com/download4063.html
http://www.majorgeeks.com/download4188.html

You may even want to consider loading and running the 30 day trial of TDS: http://www.majorgeeks.com/download3951.html

 

Are your definitions upto date? And also note that spyware/malware is not necessarliy the same thing as a virus/trojan which anti-virus packages look for.

 

Two weeks ago for Norton is out of date. Norton Virus Definitions August 28, 2004

 

Try booting in safe mode and then use Windows Explorer to locate and delete:
C:\124424.exe

Tell me if you have any problems doing that.

The google home page most likely occurred due to using About:Buster. Just set your home page back to what you want. (Or did you already do that http://us5.hpwis.com/ ?)

This is the first time I have heard of an "uninstall search assistant". What message do you get when you try to uninstall it?

You HijackThis log is fairly clean except for:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - _{A045DC85-FC44-45be-8A50-E4F9C62C9A84} - (no file)

Questions:
1) Did you install this Zero Knowledge Freedom AntiVirus? You already have Norton AV. You should not have multiple virus scanner applications installed and running at the same time.

2) Do you know what twink64.exe is? If not, can you try to get some properties information on this twink64.exe file shown in the below HijackThis line:
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\twink64.exe internat.dll,LoadKeyboardProfile

Locate the file with Windows Explorer and right click on it, select Properties and go thru all the tabs. Look for version info, company name, etc.
I don't like the looks of this one.

 

Okay let's do the following (I'll assume you have not fixed anything using HJT yet):

Yes, I would uninstall "The Zero freedom Anti-Virus scanner". If you have Norton AV and it is upto date, keep it if you like.

Did you run CWShredder earlier? If not, run it and click Fix!

Now run HijackThis and put check marks on the following lines but DO NOT CLICK FIX until you exit all Internet Explorer sessions:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - _{A045DC85-FC44-45be-8A50-E4F9C62C9A84} - (no file)
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\twink64.exe internat.dll,LoadKeyboardProfile

Then exit HJT and enable viewing of hidden files and folders: http://forums.majorgeeks.com/showthread.php?t=37650
Then boot in safe mode: http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406?OpenDocument&src=sec_doc_nam

Now run Windows Explorer and locate and rename:
C:\WINDOWS\System32\twink64.exe to twink64exe.bad

You rename by right click on the file and selecting rename.

This way we still have the file if you need to restore it.

 

Don't check for updates. Just verify you have the versions indicated on Majorgeeks by checking the links given in the READ ME FIRST sticky. Make sure you ran the version we have (1.59.1) and you selected Fix.

Are still having problems with the dialer and the C:\124424.exe file?

 

Let's wait awhile on that Search Assistant Uninstall until we make sure the other problems are gone.

 

Your welcome!

Yes! If the uninstall in Add/Remove Programs does not work, try this:

Now click Start, Run, and in the Open box enter "regedit" (without the quotes). Now navigate thru the registry to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Click the [+] next to uninstall. Scroll down until you see the NAMES of programs (skip past the lines with numbers in {,} ). See if you can find any of the following listed:

HSA = Home Search Agent or Home_Search_Assistent (yes, the spelling of
assistant is wrong)
SA = Search Assistant or Search Assistent
SE = Search Extender
SW = Shopping Wizzard

If you find any of them, select one at a time, and hit your delete key. Once you delete all three, you can exit the registry editor.

As an alternate approach save the following 5 lines to a file called hsafix.reg, then using windows explorer double click on the hsafix.reg file and merge the fix into the registry.
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSA]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SA]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW]