Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

c:/r.reg & Global Dialer 2

Status
Not open for further replies.
bluebilly

bluebilly

Technical User
Nov 11, 2002
48
0
0
AU
HELP!!

While on the net I keep getting this message :
Cannot import c:/r.reg The specified file is not a registry script. You can only import registry files.

I also then pick up the Global Dialer Program which tries to connect me (presumably at premium rate) to one of several 'dodgy' sites and creates favourites and sometimes desktop shortcuts to these sites.

I have run the following software in an attempt to repair.
CW Shredder
Adware
Spybot Search and Destroy
Spywareblaster
HiJack This

What else do I need to do????? - cos it keeps on coming back at what would appear random times during surfing.
My wife had a rather unfortunate experience the other night when trying to locate the Essex Cross Country Association, when some rather graphic images suddenly appeared before her. Could this be something to do with the 'sex' in 'Essex'?
Do I need to run these progs when logged on under my other family members profiles ?
An idiots guide to a definitive procedure would be gretaly appreciated, particularly as it just might save my marriage !

Cheers

(very) bluebilly
 
Sort by date Sort by votes
I know of at least one site that attempts to download a dialler every time it is viewed...I just stopped going there.

I suppose another option would be to use the internet security settings and disable javascript altogether, but this would prevent some legit sites from working.

Does the download appear to be triggered by a specific site?
Are the settings for home page, default search, etc all correct and unaltered?
 
Upvote 0 Downvote
Hi, thanks for showing some interest.
The download doesn't appear to be triggered by any particular site, although I have disabled MSN as this seemed to cause more pop-up problems than most.
I think that CWShredder puts right any changes to the Home Page and default search, as certainly before I started using that I had all sorts of rubbish coming up everytime I hit the Home page.
I've recently changed the Security settings to Prompt for any ActiveX controls, but this still doesn't stop Global Dialer, which is fast becoming the bane of my life !

Cheers
bluebilly
 
Upvote 0 Downvote
Run Hijack This and select SCAN. After that, the SCAN button changes to SAVE LOG. Do this, cut and paste the log here and we can take a look at it. DO NOT FIX ANYTHING AT THIS TIME.

Terry
**************************
* General Disclaimor - Please read *
**************************
Please make sure your post is in the CORRECT forum, has a descriptive title, gives as much detail to the problem as possible, and has examples of expected results. This will enable me and others to help you faster...
 
Upvote 0 Downvote
Here is the Hijack This log thatyou requested.
Any help would be greatly appreciated.
Many thanks
bluebilly

Logfile of HijackThis v1.97.7
Scan saved at 18:35:23, on 13/02/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS2\SYSTEM\KERNEL32.DLL
C:\WINDOWS2\SYSTEM\MSGSRV32.EXE
C:\WINDOWS2\SYSTEM\SPOOL32.EXE
C:\WINDOWS2\SYSTEM\MPREXE.EXE
C:\WINDOWS2\SYSTEM\MSTASK.EXE
C:\WINDOWS2\SYSTEM\mmtask.tsk
C:\WINDOWS2\TASKMON.EXE
C:\WINDOWS2\WINH.EXE
C:\WINDOWS2\SYSTEM\MSREXE.EXE
C:\DISKSERV.EXE
C:\WINDOWS2\SYSTEM\WMIEXE.EXE
C:\WINDOWS2\SYSTEM\DDHELP.EXE
C:\WINDOWS2\EXPLORER.EXE
C:\WINDOWS2\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\PROGRAM FILES\CREATIVE\SURROUNDMIXER\CTSYSVOL.EXE
C:\PROGRAM FILES\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\AVCONSOL.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\WINDOWS2\LOADQM.EXE
C:\WINDOWS2\SYSTEM\QTTASK.EXE
C:\APPS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = ,
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = ,
O1 - Hosts: 212.33.69.3 js1.hitbox.com
O1 - Hosts: 212.33.69.3 stats.hitbox.com
O1 - Hosts: 212.33.69.3 pagead2.googlesyndication.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS2\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS2\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS2\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\PROGRAM FILES\CREATIVE\SURROUNDMIXER\CTSYSVOL.EXE
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [RegShave] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun
O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\Network Associates\McAfee VirusScan\avconsol.exe /minimize
O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSEcomR.EXE
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS2\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [OWCCardbusTray] ocbtray.exe
O4 - HKLM\..\Run: [Internet Explorer Updater] C:\WINDOWS2\system\lexbac.exe
O4 - HKLM\..\Run: [Winhost] C:\WINDOWS2\winh.exe
O4 - HKLM\..\Run: [System Service] C:\WINDOWS2\SYSTEM\MSREXE.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O9 - Extra button: Descargas (HKLM)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - O16 - DPF: {EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} (IMViewerControl Class) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} (DialerWeb Class) - O16 - DPF: {38545C2A-03CD-42C3-BC62-C537A6D5A8F6} (38545C2A-03CD-42C3-BC62-C537A6D5A8F6) - O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - O16 - DPF: {034CC2DC-3245-4B26-B5C7-7B8777739CB7} -
 
Upvote 0 Downvote
Remove these entries:

O1 - Hosts: 212.33.69.3 js1.hitbox.com
O1 - Hosts: 212.33.69.3 stats.hitbox.com
O1 - Hosts: 212.33.69.3 pagead2.googlesyndication.com

O4 - HKLM\..\Run: [Internet Explorer Updater] C:\WINDOWS2\system\lexbac.exe
O4 - HKLM\..\Run: [Winhost] C:\WINDOWS2\winh.exe
O4 - HKLM\..\Run: [System Service] C:\WINDOWS2\SYSTEM\MSREXE.EXE


"'Tis an ill wind that blows no minds." - Malaclypse the Younger
 
Upvote 0 Downvote
I also suggest the following unless they point to sites you frequent:

O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} (DialerWeb Class) - O16 - DPF: {38545C2A-03CD-42C3-BC62-C537A6D5A8F6} (38545C2A-03CD-42C3-BC62-C537A6D5A8F6) - O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - O16 - DPF: {034CC2DC-3245-4B26-B5C7-7B8777739CB7} -
If you frequent the sites that need those objects, they will be automatically reloaded.

Terry
**************************
* General Disclaimor - Please read *
**************************
Please make sure your post is in the CORRECT forum, has a descriptive title, gives as much detail to the problem as possible, and has examples of expected results. This will enable me and others to help you faster...
 
Upvote 0 Downvote
Be sure to disable "System Restore" before doing repairs or Sys Restore will put the "baddies" right back in!
 
Upvote 0 Downvote
Thanks guys - all looks good so far !
Really appreciate your help

bluebilly
 
Upvote 0 Downvote
micker377

Windows 98 doesn't have System Restore

"'Tis an ill wind that blows no minds." - Malaclypse the Younger
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DrB0b
  • Locked
  • Question
Curious network activity over port 445
Replies
8
Views
107
DrB0b
DrB0b
Olumighty
  • Locked
  • Question
BIOS PASSWORD WIPE OR CLEAR ON COMPUTER LAPTOP 1
Replies
1
Views
57
SamBones
SamBones
2ffat
  • Locked
  • News
C-Ware Bundled on "ALL" Freeware Sites
Replies
6
Views
55
xit
xit
goombawaho
  • Locked
  • News
Malware Injected Into CCleaner 3
Replies
2
Views
51
goombawaho
goombawaho
Shimmy613
  • Locked
  • Question
Avira Free: "Your computer is not secure! A Service is not working correctly"
Replies
14
Views
173
ChrisHirst
ChrisHirst

Part and Inventory Search

Sponsor

Back
Top