messenger service pop up

robbb · 07-05-2006, 02:48 PM

hello
just joined.
i have reloaded xp after some problems and keep getting boxes popping up that say. messenger service... windows has found critical system errors...
go to regfixit.com. it's a scam and i can't stop the pop ups. i have spyware and antivirus but they won't fix this. i have just loaded "hijackthis" but can't decipher the list it brings up.
i don't know what this sort of thing is even called ? viruse, worm or what?
thanks for any help.

computerhakk · 07-05-2006, 02:49 PM

post your hjt log here. you'll get help for it.

robbb · 07-05-2006, 02:56 PM

thanks for the quick reply but i don't know know what an hjt log is.

**Buzz1927** · 07-05-2006, 03:23 PM

Run Hijackthis and select "Do a system scan and save a logfile". The log will open in notepad, copy and paste the log here.

computerhakk · 07-05-2006, 03:33 PM

Oh, I thought you knew what it was when you said you ran Hijackthis.
I meant that list it generated for you. I wasn't so clear cause I thought you knew it.

But yeah, post that up and buzz will walk you through it step by step.

robbb · 07-05-2006, 09:31 PM

Thank you here it is. if i leave the internet on for 2 hours there are so many on top of each other it takes 5 min. to remove them. i don't know if that info will help.

Logfile of HijackThis v1.99.1
Scan saved at 3:29:47 PM, on 7/5/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\System32\safryj.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\NetAssistant\bin\mpbtn.exe
C:\WINDOWS\System32\wpabaln.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [zpfq32] lsass_32.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [RPC Service] safryj.exe
O4 - HKLM\..\RunServices: [zpfq32] lsass_32.exe
O4 - HKLM\..\RunServices: [RPC Service] safryj.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/tech...l/LSSupCtl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...l/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/tech...rl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/tech...rl/tgctlsr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1152034924068
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8EE67FD-5D37-4183-A25E-EAA78CC16DF7}: NameServer = 206.47.244.61 206.47.244.89
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\cm9i\command.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe

**Buzz1927** · 07-05-2006, 11:30 PM

You got a few things going on here, run Ewido, then we'll get what's left.

Download, install, update and scan your system with the free version of Ewido Security Suite:
1. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
2. When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
3. From the main ewido screen, click on update in the left menu, then click the Start update button.
4. After the update finishes (the status bar at the bottom will display "Update successful"), exit Ewido and boot into safe mode:

Restart your computer, and begin tapping the F8 key on your keyboard. Continue to do so until the Windows Advanced Options menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Using the arrow keys on the keyboard, scroll to and select the Safe mode menu item, and then press Enter.

Now open Ewido, click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run, so time to go get a drink and a snack....
If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
When the scan finishes, click on "Save Report". This will create a text file. Please restart normally, then paste the contents of the text file to this thread, along with a new HijackThis log.

elmarcorulz · 07-05-2006, 11:34 PM

To get rid of the messenger pop ups, click start > run and type "services.msc". Scroll down to messenger and double click it. Change it from automatic to disable and then click stop. When its stopped press apply and OK.

**Buzz1927** · 07-06-2006, 12:02 AM

Quote:

Originally Posted by elmarcorulz

To get rid of the messenger pop ups, click start > run and type "services.msc". Scroll down to messenger and double click it. Change it from automatic to disable and then click stop. When its stopped press apply and OK.

Oi, that was gonna be in my next post, smartarse.

robbb · 07-06-2006, 05:01 AM

after reloading windows and setting everything up those boxes were driving us crazy. we are free again! the short suggestion worked exactly as stated. thanks for all suggestions. this looks like it's a good forum. last year i was obsessed with boats and discovered that through a forum i could fix boat motors. now after a lot of pc trouble (about 6 years old computer) i have decided to learn how to take control so i will start posting questions.

07-05-2006, 02:48 PM	#1 (permalink)
robbb Silver Member Join Date: Jul 2006 Posts: 125	messenger service pop up hello just joined. i have reloaded xp after some problems and keep getting boxes popping up that say. messenger service... windows has found critical system errors... go to regfixit.com. it's a scam and i can't stop the pop ups. i have spyware and antivirus but they won't fix this. i have just loaded "hijackthis" but can't decipher the list it brings up. i don't know what this sort of thing is even called ? viruse, worm or what? thanks for any help.

07-05-2006, 02:49 PM	#2 (permalink)
computerhakk VIP Member Join Date: Aug 2005 Location: THOJhakk county Posts: 3,635	post your hjt log here. you'll get help for it. __________________ "Remember, wrong advice may be worse than no advice at all." ::COMPUTERHAKK:::

07-05-2006, 03:23 PM	#4 (permalink)
Buzz1927 Digaredd Join Date: May 2005 Location: Melbourne AU Posts: 6,728	Run Hijackthis and select "Do a system scan and save a logfile". The log will open in notepad, copy and paste the log here. __________________ The Grim Reaper - Son of Glyndwr "To Hell or Connacht" may you burn in Hell tonight!

07-05-2006, 03:33 PM	#5 (permalink)
computerhakk VIP Member Join Date: Aug 2005 Location: THOJhakk county Posts: 3,635	Oh, I thought you knew what it was when you said you ran Hijackthis. I meant that list it generated for you. I wasn't so clear cause I thought you knew it. But yeah, post that up and buzz will walk you through it step by step. __________________ "Remember, wrong advice may be worse than no advice at all." ::COMPUTERHAKK:::

07-05-2006, 11:30 PM	#7 (permalink)
Buzz1927 Digaredd Join Date: May 2005 Location: Melbourne AU Posts: 6,728	You got a few things going on here, run Ewido, then we'll get what's left. Download, install, update and scan your system with the free version of Ewido Security Suite: 1. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu". 2. When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment. 3. From the main ewido screen, click on update in the left menu, then click the Start update button. 4. After the update finishes (the status bar at the bottom will display "Update successful"), exit Ewido and boot into safe mode: Restart your computer, and begin tapping the F8 key on your keyboard. Continue to do so until the Windows Advanced Options menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again. Using the arrow keys on the keyboard, scroll to and select the Safe mode menu item, and then press Enter. Now open Ewido, click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run, so time to go get a drink and a snack.... If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK. When the scan finishes, click on "Save Report". This will create a text file. Please restart normally, then paste the contents of the text file to this thread, along with a new HijackThis log. __________________ The Grim Reaper - Son of Glyndwr "To Hell or Connacht" may you burn in Hell tonight!

07-05-2006, 02:56 PM	#3 (permalink)
robbb Silver Member Join Date: Jul 2006 Posts: 125	thanks for the quick reply but i don't know know what an hjt log is.

07-05-2006, 09:31 PM	#6 (permalink)
robbb Silver Member Join Date: Jul 2006 Posts: 125	Thank you here it is. if i leave the internet on for 2 hours there are so many on top of each other it takes 5 min. to remove them. i don't know if that info will help. Logfile of HijackThis v1.99.1 Scan saved at 3:29:47 PM, on 7/5/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Network Monitor\netmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe C:\WINDOWS\System32\safryj.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\NetAssistant\bin\mpbtn.exe C:\WINDOWS\System32\wpabaln.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [zpfq32] lsass_32.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [RPC Service] safryj.exe O4 - HKLM\..\RunServices: [zpfq32] lsass_32.exe O4 - HKLM\..\RunServices: [RPC Service] safryj.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/tech...l/LSSupCtl.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...l/SymAData.cab O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/tech...rl/tgctlsi.cab O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/tech...rl/tgctlsr.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1152034924068 O17 - HKLM\System\CCS\Services\Tcpip\..\{F8EE67FD-5D37-4183-A25E-EAA78CC16DF7}: NameServer = 206.47.244.61 206.47.244.89 O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\cm9i\command.exe (file missing) O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe

07-05-2006, 11:34 PM	#8 (permalink)
elmarcorulz VIP Member Join Date: Feb 2005 Location: UK Age: 22 Posts: 6,033	To get rid of the messenger pop ups, click start > run and type "services.msc". Scroll down to messenger and double click it. Change it from automatic to disable and then click stop. When its stopped press apply and OK. __________________ C2D E6300 @ 2.6Ghz Gigabyte GA-965P-DS3 2GB DDR2 667 1TB (1x500GB 2x250GB HDD) BFG 8800GTS 320MB PFC Til I Die

07-06-2006, 05:01 AM	#10 (permalink)
robbb Silver Member Join Date: Jul 2006 Posts: 125	after reloading windows and setting everything up those boxes were driving us crazy. we are free again! the short suggestion worked exactly as stated. thanks for all suggestions. this looks like it's a good forum. last year i was obsessed with boats and discovered that through a forum i could fix boat motors. now after a lot of pc trouble (about 6 years old computer) i have decided to learn how to take control so i will start posting questions.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode