messenger service pop up

[robbb]

hello
just joined.
i have reloaded xp after some problems and keep getting boxes popping up that say. messenger service... windows has found critical system errors...
go to regfixit.com. it's a scam and i can't stop the pop ups. i have spyware and antivirus but they won't fix this. i have just loaded "hijackthis" but can't decipher the list it brings up.
i don't know what this sort of thing is even called ? viruse, worm or what?
thanks for any help.

 

[computerhakk]

post your hjt log here. you'll get help for it.

 

[robbb]

thanks for the quick reply but i don't know know what an hjt log is.

 

[Buzz1927]

Run Hijackthis and select "Do a system scan and save a logfile". The log will open in notepad, copy and paste the log here.

 

[computerhakk]

Oh, I thought you knew what it was when you said you ran Hijackthis.
I meant that list it generated for you. I wasn't so clear cause I thought you knew it.

But yeah, post that up and buzz will walk you through it step by step.

 

[robbb]

Thank you here it is. if i leave the internet on for 2 hours there are so many on top of each other it takes 5 min. to remove them. i don't know if that info will help.



Logfile of HijackThis v1.99.1
Scan saved at 3:29:47 PM, on 7/5/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\System32\safryj.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\NetAssistant\bin\mpbtn.exe
C:\WINDOWS\System32\wpabaln.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [zpfq32] lsass_32.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [RPC Service] safryj.exe
O4 - HKLM\..\RunServices: [zpfq32] lsass_32.exe
O4 - HKLM\..\RunServices: [RPC Service] safryj.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152034924068
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8EE67FD-5D37-4183-A25E-EAA78CC16DF7}: NameServer = 206.47.244.61 206.47.244.89
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\cm9i\command.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe

 

[Buzz1927]

You got a few things going on here, run Ewido, then we'll get what's left.

Download, install, update and scan your system with the free version of Ewido Security Suite:
1. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
2. When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
3. From the main ewido screen, click on update in the left menu, then click the Start update button.
4. After the update finishes (the status bar at the bottom will display "Update successful"), exit Ewido and boot into safe mode:

Restart your computer, and begin tapping the F8 key on your keyboard. Continue to do so until the Windows Advanced Options menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Using the arrow keys on the keyboard, scroll to and select the Safe mode menu item, and then press Enter.


Now open Ewido, click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run, so time to go get a drink and a snack....
If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
When the scan finishes, click on "Save Report". This will create a text file. Please restart normally, then paste the contents of the text file to this thread, along with a new HijackThis log.

 

[elmarcorulz]

To get rid of the messenger pop ups, click start > run and type "services.msc". Scroll down to messenger and double click it. Change it from automatic to disable and then click stop. When its stopped press apply and OK.

 

[Buzz1927]

To get rid of the messenger pop ups, click start > run and type "services.msc". Scroll down to messenger and double click it. Change it from automatic to disable and then click stop. When its stopped press apply and OK.

Oi, that was gonna be in my next post, smartarse.

 

[robbb]

after reloading windows and setting everything up those boxes were driving us crazy. we are free again! the short suggestion worked exactly as stated. thanks for all suggestions. this looks like it's a good forum. last year i was obsessed with boats and discovered that through a forum i could fix boat motors. now after a lot of pc trouble (about 6 years old computer) i have decided to learn how to take control so i will start posting questions.

 

[elmarcorulz]

Oi, that was gonna be in my next post, smartarse.