Registry cleaner popups from Messenger service (RESOLVED)

  1. 15-04-2006  #1
    gusman
    gusman is offline Newbie

    Registry cleaner popups from Messenger service (RESOLVED)

    Hi, I used you guys for a problem a little while back. You guys helped me out greatly, but now I'm back. I just redownloaded windows to cleanup some problems (system working slow, to get rid of old programs not needed) and everything works great except I keep getting these annoying popups. there is a copy of one directly underneath this message, but they all say a different website. There is also a copy of the Hijack this file directly underneath that. Any help would be appreciated.

    Ps. I downloaded Itunes and McAfee antivirus software with the new install, don't think any problems would come from downloading McAfee but maybe Itunes??
    ---------------------------
    Messenger Service
    ---------------------------
    Message from Microsoft Registry to Microsoft User on 4/14/2006 8:50:24 PM



    SYSTEM ERROR - YOUR WINDOWS REGISTRY IS DAMANGED



    YOU NEED TO CLEAN YOUR REGISTRY IMMEDIATELY



    Your Windows Registry is severely corrupted and is allowing

    unauthorized access to your computer by internet hackers.



    If the Registry is not CLEANED immediately, it will lead to a

    COMPLETE operating system failure and the loss of your data.



    To fix this problem:



    1. Open Internet Explorer

    2. In the URL Field type - www.RegistryCleanerExpress.com

    3. Note that all versions of windows are supported.

    4. Once you load the program, close this window.



    Please note that once you visit www.RegistryCleanerExpress.com and install the

    cleaner program you will not receive any more reminders or pop-ups like this one.



    www.RegistryCleanerExpress.com
    ---------------------------
    OK
    ---------------------------
    Logfile of HijackThis v1.99.1
    Scan saved at 8:54:10 PM, on 4/14/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\system32\spoolsv.exe
    d:\program files\mcafee.com\agent\mcdetect.exe
    d:\PROGRA~1\mcafee.com\vso\mcshield.exe
    d:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    D:\WINDOWS\System32\hkcmd.exe
    D:\Program Files\PhoneTools\CapFax.EXE
    D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    d:\PROGRA~1\mcafee.com\vso\OasClnt.exe
    D:\Program Files\iTunes\iTunesHelper.exe
    D:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    D:\Program Files\McAfee.com\VSO\mcvsshld.exe
    d:\program files\mcafee.com\agent\mcagent.exe
    d:\progra~1\mcafee.com\vso\mcvsescn.exe
    D:\WINDOWS\System32\NMSSvc.exe
    D:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    D:\WINDOWS\system32\svchost.exe
    D:\PROGRA~1\mcafee.com\mps\mscifapp.exe
    D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    D:\Program Files\iPod\bin\iPodService.exe
    D:\PROGRA~1\McAfee.com\PERSON~1\Mp***ent.exe
    D:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe
    D:\Program Files\Nero\Nero 7\Nero Vision\NeroVision.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    d:\PROGRA~1\mcafee.com\agent\McDash.exe
    d:\program files\mcafee.com\shared\mghtml.exe
    D:\C\Program files\Hijackthis\hijackthis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - d:\program files\mcafee.com\mps\mcbrhlpr.dll
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - D:\Program Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - d:\program files\mcafee.com\mps\popupkiller.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - d:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [CapFax] D:\Program Files\PhoneTools\CapFax.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [VSOCheckTask] "D:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] D:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [OASClnt] D:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [MCAgentExe] d:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] D:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
    O4 - HKLM\..\Run: [MPFExe] D:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [MPSExe] d:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [SpySweeper] "D:\C\Program files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - D:\Program Files\Microsoft Money\System\mnyside.dll
    O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
    O20 - Winlogon Notify: igfxcui - D:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - d:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - d:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - d:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - D:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - D:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - D:\WINDOWS\System32\NMSSvc.exe
    O23 - Service: PictureTaker - LANovation - D:\WINDOWS\System32\PCTKRNT.SYS
  2. 15-04-2006  #2
    VopThis
    VopThis is offline Senior Member (Canada)
    If you disable the Messenger Service , you will not be able to display the fix tool offer on your PC:


    Please download Shoot The Messenger

    Download and run the small (22 kbyte) "ShootTheMessenger.exe" utility. It will display the current status of your system's Messenger Service. The button near the bottom of its window will allow you to set the service to whichever state — running or disabled — that you desire.

    If, for any reason, you should ever choose to re-enable the Windows Messenger Service, simply re-run ShootTheMessenger to do so.



    SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:

    O18 - Filter: text/html - (no CLSID) - (no file)

    Make sure that all browser windows and internet links are closed, even this one!
    CLICK ’FIX CHECKED’ with HijackThis.



    POST A REVISED HIJACKTHIS LOG for review:
    Reboot and post a new HijackThis log with any feedback as appropriate - how things are now behaving: any new or remaining apparent issues.
  3. 15-04-2006  #3
    gusman
    gusman is offline Newbie
    Save 20% on AVG Internet Security 2012 Suite!
    Could not find "O18 - Filter: text/html - (no CLSID) - (no file)" on hijackThis log. Here is the log file. But so far so good.
    Logfile of HijackThis v1.99.1
    Scan saved at 9:17:37 AM, on 4/15/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\system32\spoolsv.exe
    d:\program files\mcafee.com\agent\mcdetect.exe
    d:\PROGRA~1\mcafee.com\vso\mcshield.exe
    d:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    D:\WINDOWS\System32\hkcmd.exe
    D:\Program Files\PhoneTools\CapFax.EXE
    D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    D:\Program Files\iTunes\iTunesHelper.exe
    d:\PROGRA~1\mcafee.com\vso\OasClnt.exe
    D:\Program Files\McAfee.com\VSO\mcvsshld.exe
    d:\program files\mcafee.com\agent\mcagent.exe
    d:\progra~1\mcafee.com\vso\mcvsescn.exe
    D:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    D:\PROGRA~1\mcafee.com\mps\mscifapp.exe
    D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    D:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    D:\WINDOWS\system32\svchost.exe
    D:\C\Program files\Webroot\Spy Sweeper\SpySweeper.exe
    D:\Program Files\iPod\bin\iPodService.exe
    D:\PROGRA~1\McAfee.com\PERSON~1\Mp***ent.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    D:\Program Files\TurboTax\Premier 2005\32bit\ttax.exe
    D:\C\Program files\Hijackthis\hijackthis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - d:\program files\mcafee.com\mps\mcbrhlpr.dll
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - D:\Program Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - d:\program files\mcafee.com\mps\popupkiller.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - d:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [CapFax] D:\Program Files\PhoneTools\CapFax.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [VSOCheckTask] "D:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] D:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [OASClnt] D:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [MCAgentExe] d:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] d:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MPFExe] D:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [MPSExe] d:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [SpySweeper] "D:\C\Program files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - D:\Program Files\Microsoft Money\System\mnyside.dll
    O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
    O20 - Winlogon Notify: igfxcui - D:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - d:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - d:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - d:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - D:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - D:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - D:\WINDOWS\System32\NMSSvc.exe
    O23 - Service: PictureTaker - LANovation - D:\WINDOWS\System32\PCTKRNT.SYS
+ Reply to Thread
« system32 file opens at startup -and my hijack file | download.trojan help »