autoregister

has anyone heard of this? i think it is bad? any info would be appreciated. it keeps appearring in my trusted sites and in the registry

Hi polstar,

What is the full address listed?

Tom

https://autoreg.autoregister.net

It appears to be harmless. It's for registering your cable modem on your ISP's network:

http://www.google.com/search?hl=en&...register.net%22

Tom

i thought that might be something bad that is stopping me view my yahoo email. i cannot get the page to load. each time it comes up with a blank page and in the bottom left corner is says "error on page. done"
if i refresh it then comes back with the "page cannot be displayed" error message. any ideas?

You might want to post a HijackThis log and we'll see if anything turns up there.

Tom

hi tom

i have recently got broadband from talk talk. pages loading fine and quickly but i still cannot access yahoo email

Logfile of HijackThis v1.99.0
Scan saved at 7:41:42 PM, on 4/9/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\DRIVERS\dcfssvc.exe
C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\mspn32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\SAGEM\TalkTalk Broadband\dslmon.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.mytalktalk.net
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ntlfreedom] rundll32 C:\PROGRA~1\ntldial\RyDial.dll,QuickStart
O4 - HKLM\..\Run: [Windows Processe Manager] mspn32.exe
O4 - HKLM\..\RunServices: [Windows Processe Manager] mspn32.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Windows Processe Manager] mspn32.exe
O4 - HKCU\..\RunServices: [Windows Processe Manager] mspn32.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\TalkTalk Broadband\dslmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{25014A8E-F339-4012-8C52-1A247BE78480}: NameServer = 62.24.199.10 62.24.199.20
O17 - HKLM\System\CS2\Services\Tcpip\..\{25014A8E-F339-4012-8C52-1A247BE78480}: NameServer = 62.24.199.10 62.24.199.20
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: dcfssvc - Eastman Kodak Company - C:\WINDOWS\System32\DRIVERS\dcfssvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ptssvc - Unknown - C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe



any thing odd here?

You seem to be infected with at least one worm.

I would like you to perform an onlne virus scan at Trend Micro Housecall

http://housecall.trendmicro.com/

Select all of your drives listed for scanning. Please check "Auto clean" before scanning.

Please copy and paste the report logs from the scan into your next post. If you can't capture the information, please write down what was found and if anything was or was not deleted. Please include this information in your next post.

Next...

I don't see an antivirus program running in your log...

AVG has a new, free version available - AVG7 Free edition:

http://free.grisoft.com/freeweb.php.

Be sure to update it right away and perform a full system scan.

Also...

I don't see a firewall running in your log.

ZoneAlarm has a free firewall:

http://www.zonelabs.com/store/conte...reeDownload.jsp

Next...

Please update HijackThis, you are using an outdated version. The new version does a better job of detecting malware:

Open HijackThis, click Config > Misc Tools > Check for Update online

Or download a copy of version 1.99.1 at:

http://www.majorgeeks.com/download3155.html

If you downloaded the newer version, please delete the older version you are using now.

Post a fresh log with this new version.

Tom