I ran ad -aware because of my computer running real slow and found "dialer" listed tried to delete it however it keeps appearing even after I quarntine it. How do I remove this and what harm can be done? Thanks for reading the post.

Paul

Start with doing a free online virus scan http://housecall.trendmicro.com/
Then post back with the results along with your operating system

ArchiveData(auto-quarantine- 2005-07-07 17-59-55.bckp)
Referencefile : SE1R53 07.07.2005
================================================== ====

MRU LIST
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=MRU RegReference : software\microsoft\directdraw\mostrecentapplicatio n name
obj[1]=MRU RegReference : .DEFAULT\software\microsoft\internet explorer\typedurls
obj[2]=MRU RegReference : .DEFAULT\software\microsoft\mediaplayer\preference s lastplaylistindex
obj[3]=MRU RegReference : .DEFAULT\software\microsoft\mediaplayer\preference s lastplaylist
obj[23]=MRU RegReference : .DEFAULT\software\realnetworks\realplayer\6.0\pref erences\MostRecentSkins1
obj[40]=MRU RegReference : .DEFAULT\software\realnetworks\realplayer\6.0\pref erences\MostRecentClips1
obj[47]=MRU RegReference : .DEFAULT\software\realnetworks\realplayer\6.0\pref erences\MostRecentClips2
obj[48]=MRU RegReference : .DEFAULT\software\realnetworks\realplayer\6.0\pref erences\MostRecentClips3
obj[49]=MRU RegReference : .DEFAULT\software\realnetworks\realplayer\6.0\pref erences\MostRecentClips4
obj[50]=MRU RegReference : .DEFAULT\software\realnetworks\realplayer\6.0\pref erences\MostRecentClips5
obj[51]=MRU RegReference : .DEFAULT\software\realnetworks\realplayer\6.0\pref erences\MostRecentClips6
obj[52]=MRU RegReference : .DEFAULT\software\realnetworks\realplayer\6.0\pref erences\MostRecentClips7
obj[59]=MRU RegReference : .DEFAULT\software\realnetworks\realplayer\6.0\pref erences\MostRecentClips8
obj[34]=MRU RegReference : .DEFAULT\software\realnetworks\realplayer\6.0\pref erences\LastLoginTime
obj[65]=MRU RegReference : .DEFAULT\software\microsoft\windows media\wmsdk\general computername

DIALER
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[9]=RegValue : software\microsoft\windows\currentversion\run ""

Hmmm I was hoping it would give me a little more info such as the name of the dialer lol

Was that the result from the online scan or your own AV?
What Operating Sytem?
Check your startup see if there is anything odd

Download and run HijackThis: http://www.tomcoyote.org/hjt/
Follow the instructions and post back with the scan results.

Logfile of HijackThis v1.99.1
Scan saved at 12:06:04 PM, on 7/8/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pulse24.com/Front_Page/page.asp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/253a29c2d2f9d5cf8202/netzip/RdxIE601.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

Nothing unusual in the HJT log. Looks ok.

The MRU's that adaware detects are not a threat.
(Most recenly used)

This :
DIALER
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[9]=RegValue : software\microsoft\windows\currentversion\run ""

That looks to be a quarrantined registry item. No file detected with it.
Just not enough info there.

Dialers are a concern, but there's nothing showing in the hjt log.
Nothing suspicious running .

If it's still a concern:

Run an additional on-line scan at RAV. Bit slow, bit of a pain. but it has a great database of dialers. ( at one time the best available on-line)

http://www.ravantivirus.com/scan/

Middle of the page click continue without subscribing click here.
On the next page choose scan pc.

Once the scan is done click report. You can copy /paste that result here.
Disable your AVG realtime temporarily while scanning.
It's a slower scan than Housecall.

False positive
http://www.dslreports.com/forum/remark,13833729

Nice find, Ron. Thanks.

False positive? Sorry new to all this, so should I worry about the dialer showing up?

said by bladerunner:
False positive? Sorry new to all this, so should I worry about the dialer showing up?

A "false positive" is a file/reg key that has been wrongly identifed. It is a non-infected file that has been identified as infected. Update you definitions in Adaware and it should go away. They corrected the error in the new definitions. Nothing to worry about.

Thanks for the help.