Virus and dialer not showing up at any scan!

Welcome to Majorgeeks!

Why do you day you have a dialer? Do you have a log that says you have a dialer?

You problems are more than likely due to the Cracks you or someone else is downloading and installing on this PC. Delete all the crack files and uninstall all the illegal software. That may stop you problems or at least it will help to keep them from getting worse.

Is this Windows version a none english version? I see lots of jibberish characters in the newfiles.txt log and also things like below in HJT:
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ÓõíäÝóåéò
O4 - Global Startup: ÃñÞãïñç åêêßíçóç HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

And also like this too:
C:\Documents and Settings\user\ÅðéöÜíåéá åñãáóßáò\Billy\keyfinder.exe

Do you have corrupted folder names or is the above supposed to be Local Settings? If it is Local Settings then why does the below look OK?
C:\Documents and Settings\user\Local Settings\Temp


You have Spybot Teatimer running which we requested that you not run during the READ ME. You need to stop it at least while cleaning your PC of the below fixes (which are not really malware) will not work.


Uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 6
Mozilla Firefox (1.5.0.9)

Make sure you reboot after uninstalling the above!


Then install the current version of FireFox from: Mozilla Firefox

If you need the Sun Java Development kit you can get it here: http://java.sun.com/javase/downloads/index.jsp



Make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} (Settings Class) -

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\Documents and Settings\user\ÅðéöÜíåéá åñãáóßáò\Billy\keyfinder.exe
C:\Program Files\GameHouse\FeedingFrenzy\CrAcK.ExE
H:\Billy\keyfinder.exe

Now we need to Reset Web Settings:

1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Note for IE 7 users: You need to select Internet Options then the Advanced tab and then Reset Internet Explorer Settings!

Also delete all files in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
C:\WINDOWS\Temp\
C:\Documents and Settings\user\Local Settings\Temp

Now run Ccleaner.

Now attach the below new logs and tell me how the above steps went.

1. GetRunKey
2. ShowNew
3. HJT

Make sure you tell me how things are working now!

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

What NOD is finding is only in System Restore. Toggle system restore - see step 8 of the READ & RUN ME. Delete your NOD log so that from now on you only see new reports. Your log is also showing old stuff already removed.

Are you still having problems?

 

I'm not sure exactly what you mean by connecting to the internet. DSL is always connected. Do you mean that browsers are popping up by themselves?

Teatimer is still the same as it always has been. Yes Teatimer is the active protection feature of Spybot. It is still showing trying to load in your HJT log. And it and CounterSpy may have blocked some of the last changes I requested.


Please follow the steps below.

First uninstall the CounterSpy trial since we are finished with it now. Then delete the below two folders:
C:\Documents and Settings\user\Local Settings\Application Data\Sunbelt Software
C:\Program Files\Sunbelt Software

To make sure Spybot's TeaTimer is disabled do the below

• Run Spybot and click Mode
• Select Advanced Mode.
• Then click Tools and select Resident.
• Now in the right window pane, uncheck TeaTimer.
• Also while this is open, in the left column now select IE Tweaks
• and then in the right pane make sure all the Miscellaneous locks are unchecked.
• Now quit Spybot!

Now run HJT and fix the below lines:
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

Now exit HJT. Reboot and attach a new HJT log.

If the two O2 BHO lines do not go away, we will need to use a special procedure to remove them.

 

This could happen if you have any software that is trying to connect to the internet. This is not malware. Did this only happen when you started up your PC, or did it happen as soon as you opened a browser.

Let us know if it still happens and describe exactly when it happens!

I seriously doubt this has anything to do with malware.

Yes you can toggle system restore. Your log is clean. By steps down below cover doing this.

Yes it should be safe for you to make backups. But is your CD burner how you make backups?

You're welcome!

If you are not having any other malware problems, it is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we used ComboFix you can delete the ComboFix.exe file and associated C:\combofix.txt log that was created.
3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
4. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
5. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
6. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
7. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
8. If you are running Windows XP or Windows ME, do the below:
   • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
9. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!