W32/Dialer.TCS-behavior

You did not follow the directions in step 3 of the READ ME. You have Command Antivirus and also Bitdefender Antivirus installed. If you installed this version of Bitdefender AV while running the READ ME, you did not follow directions. You were only suppose to run their online scanner. You also did not attach a log from Bitdefender. Either way, uninstall Bitdefender 9 or keep it and uninstal Command AV.

You also appear to have Symantec's Internet Security sotware install as the below line shows:
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

Is this really still installed?

Did you add the below IP address to your Trusted Zone?
O15 - Trusted IP range: 206.161.125.149

We don't recommend adding anything to the TZ unless you cannot live without it. For that reason, I putting it in my procedure below to remove. If you really need it, then skip that line.

Make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKCU\..\Run: [Microsoft Works Update Detection] ???\WkDetect.exe
O9 - Extra button: Dell Home - {54B536E0-A901-11D3-BFD1-F03B4EC10000} - http://www.dell.com/ (file missing) (HKCU)

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
c:\windows\system32\InstantPleasure-uninstall.exe
c:\windows\STWSI <--- the folder or file

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
Now run Ccleaner (installed while running the READ ME FIRST).

Now we need to Reset Web Settings:

1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now reboot in normal mode and post a new HJT log.

Make sure you tell me how things are working now.

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

I'm not sure what you mean you cannot find it. The link is given in step 6 of the READ ME. All yo have to do is click on it and follow the directions.

Let's remove the Symantec service.

Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'. On the page that opens, scroll down to Symantec Event Manager ... then right click the entry, select 'Properties' and press 'Stop Service'. When it shows that it is stopped, next please set the 'Start-up Type' to 'Disabled'. Press 'OK' until you get back to Windows.

Next, run HJT, but instead of scanning, click on the "None of the above, just start the program" button at the bottom of the choices. At the lower right, click on the 'Config" button, and then the Misc tools' button ... select 'Delete an NT Service" ... copy/paste the following into the box that opens, and press "OK":

ccEvtMgr

If you receive any error messages just ignore them and continue.

Now exit HJT but do not reboot when it tells you it needs to. We will do that further down after running HJT again to fix some other items.

Make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O15 - Trusted IP range: 206.161.125.149
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\Program Files\Common Files\Symantec Shared <--- the folder if found

Now reboot in normal mode and post a new HJT log.

Make sure you tell me how things are working now.

 

By the way, you could try using HijackThis to remove the Norton stuff from Add/Remove programs.

• Run HijackThis, click Open the Misc Tools section
• Click Open Uninstall Manager
• Select each item in the list and then on the right side of the window click the Delete this entry button.

Let me know if this works..

 

You need to be more specific and tell me exactly what you are finding and where it is finding it. Your logs have been clean. I suspect all your finding is something in system restore. In fact let's just do the below.

Go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link:


How to Protect yourself from malware!

You could also try using the below to remove left over items from Add/Remove programs:

Your Uninstaller! 2006

 

I did not really need a new HJT log. You log has been clean for awhile.

You need to get a new antivirus program. If it cannot fix what it is finding then it is not worth having.

Boot into safe mode and delete the file yourself using the below steps!

Special Step to delete files in the Downloaded Program Files folder :
- Click Start, Run, and enter cmd in the box and click OK. This opens a command prompt windows.
- Enter the following command lines each followed by the enter key
cd C:\WINDOWS\Downloaded Program Files\
attrib -r -h -s GBA1680.EXE
del GBA1680.EXE
exit

 

You're welcome!

See how easy that was to fix! Makes you wonder why your antivirus program could not fix/delete this.