Fresh HJT Log after XP installation ,still getting Messenger Service Pops

[Thaqalain]

I was operating Windows ME, but it was targettted by Pops/virus/spyware
ultimate I lost broadband connection and I decided to install Windows
XP.
Kindly tell me anything need to be cleaned as I am having 2 XP windows
installed,not sure which one need to be deleted.Moreover I am still
getting Messenger Service pops,will I follow their instruction:
Messenger Service
System Error
www.cleanthispc.com
Buffer overrun in Messenger Service allows remote code execution,virus
infection and unexpected computer shutdown.
www.Patchupdate.info
Kaspersky did'nt find any infection.


Logfile of HijackThis v1.99.1
Scan saved at 10:11:08 AM, on 1/26/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://groups.google.ca/group/24hou...helpdesk?lnk=li
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky
Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links -
{c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky
Lab\Kaspersky Anti-Virus Personal\kavsvc.exe

 

[Jupiter Jones [MVP]]

You need to enable your firewall IMMEDIATELY:
http://support.microsoft.com/?kbid=283673

Make sure you have all the Windows Critical Updates installed.

Also see:
http://www3.telus.net/dandemar/security.htm

 

[Lews]

He has SP1

You need to enable your firewall IMMEDIATELY:
http://support.microsoft.com/?kbid=283673

Make sure you have all the Windows Critical Updates installed.

Also see:
http://www3.telus.net/dandemar/security.htm

--
Jupiter Jones [MVP]
http://www3.telus.net/dandemar
http://www.dts-l.org

I was operating Windows ME, but it was targettted by Pops/virus/spyware
ultimate I lost broadband connection and I decided to install Windows
XP.
Kindly tell me anything need to be cleaned as I am having 2 XP windows
installed,not sure which one need to be deleted.Moreover I am still
getting Messenger Service pops,will I follow their instruction:
Messenger Service
System Error
www.cleanthispc.com
Buffer overrun in Messenger Service allows remote code execution,virus
infection and unexpected computer shutdown.
www.Patchupdate.info
Kaspersky did'nt find any infection.


Logfile of HijackThis v1.99.1
Scan saved at 10:11:08 AM, on 1/26/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://groups.google.ca/group/24hou...helpdesk?lnk=li
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky
Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links -
{c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky
Lab\Kaspersky Anti-Virus Personal\kavsvc.exe

 

[Jupiter Jones [MVP]]

SP-1 is not relevant especially since SP-1 does not enable the firewall by
default like SP-2 does.

--
Jupiter Jones [MVP]
http://www3.telus.net/dandemar
http://www.dts-l.org

He has SP1

You need to enable your firewall IMMEDIATELY:
http://support.microsoft.com/?kbid=283673

Make sure you have all the Windows Critical Updates installed.

Also see:
http://www3.telus.net/dandemar/security.htm

--
Jupiter Jones [MVP]
http://www3.telus.net/dandemar
http://www.dts-l.org

I was operating Windows ME, but it was targettted by Pops/virus/spyware
ultimate I lost broadband connection and I decided to install Windows
XP.
Kindly tell me anything need to be cleaned as I am having 2 XP windows
installed,not sure which one need to be deleted.Moreover I am still
getting Messenger Service pops,will I follow their instruction:
Messenger Service
System Error
www.cleanthispc.com
Buffer overrun in Messenger Service allows remote code execution,virus
infection and unexpected computer shutdown.
www.Patchupdate.info
Kaspersky did'nt find any infection.


Logfile of HijackThis v1.99.1
Scan saved at 10:11:08 AM, on 1/26/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://groups.google.ca/group/24hou...helpdesk?lnk=li
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky
Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links -
{c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky
Lab\Kaspersky Anti-Virus Personal\kavsvc.exe

 

[Lews]

Windows Firewall was not part of SP1. ICF is but that is different.

SP-1 is not relevant especially since SP-1 does not enable the firewall by
default like SP-2 does.

--
Jupiter Jones [MVP]
http://www3.telus.net/dandemar
http://www.dts-l.org

He has SP1

You need to enable your firewall IMMEDIATELY:
http://support.microsoft.com/?kbid=283673

Make sure you have all the Windows Critical Updates installed.

Also see:
http://www3.telus.net/dandemar/security.htm

--
Jupiter Jones [MVP]
http://www3.telus.net/dandemar
http://www.dts-l.org


I was operating Windows ME, but it was targettted by Pops/virus/spyware
ultimate I lost broadband connection and I decided to install Windows
XP.
Kindly tell me anything need to be cleaned as I am having 2 XP windows
installed,not sure which one need to be deleted.Moreover I am still
getting Messenger Service pops,will I follow their instruction:
Messenger Service
System Error
www.cleanthispc.com
Buffer overrun in Messenger Service allows remote code execution,virus
infection and unexpected computer shutdown.
www.Patchupdate.info
Kaspersky did'nt find any infection.


Logfile of HijackThis v1.99.1
Scan saved at 10:11:08 AM, on 1/26/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://groups.google.ca/group/24hou...helpdesk?lnk=li
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky
Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links -
{c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky
Lab\Kaspersky Anti-Virus Personal\kavsvc.exe

 

[Jupiter Jones [MVP]]

Different yes, protection offered to prevent intrusions from the outside,
they are the same.
Both as well as other firewalls would prevent the issue the OP has.
The firewall is enabled the same way for Windows XP Gold, SP-1 and SP-2.
So the type of firewall is irrelevant to this thread.

--
Jupiter Jones [MVP]
http://www3.telus.net/dandemar
http://www.dts-l.org