Windows Messenger keeps popping up

I recently uninstalled and reinstalled Norton SystemWorks 2004 for a separate problem, and since then I've been getting notifications from my Sygate Personal Firewall that Windows Messenger has been changed and keeps trying to access the internet. I've set Sygate to block Windows Messenger permanently, but it's still getting through (two different messages, copied below). I'm concerned about a possible virus infection or something. Thanks in advance for your help. :tazz:

The executable has changed since the last time you used: C:\Program Files\Messenger\msmsgs.exe
File Version : 4.7.0.3001
File Description : Windows Messenger
File Path : C:\Program Files\Messenger\msmsgs.exe
Process ID : 0x9E0 (Heximal) 2528 (Decimal)

Connection origin : local initiated
Protocol : UDP
Local Address : 68.91.55.110
Local Port : 47832
Remote Name :
Remote Address : 68.91.55.111
Remote Port : 1900 (SSDP - Simple Service Discovery Protocol)

Ethernet packet details:
Ethernet II (Packet Length: 188)
Destination: 00-0b-23-bb-f9-4b
Source: 00-07-e9-54-21-1b
Type: IP (0x0800)
Internet Protocol
Version: 4
Header Length: 20 bytes
Flags:
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset:0
Time to live: 1
Protocol: 0x11 (UDP - User Datagram Protocol)
Header checksum: 0x8ea0 (Correct)
Source: 68.91.55.110
Destination: 68.91.55.111
User Datagram Protocol
Source port: 47832
Destination port: 1900
Length: 8
Checksum: 0x51e0 (Correct)
Data (140 Bytes)

Binary dump of the packet:
0000: 00 0B 23 BB F9 4B 00 07 : E9 54 21 1B 08 00 45 00 | ..#..K...T!...E.
0010: 00 A0 21 2C 00 00 01 11 : A0 8E 44 5B 37 6E 44 5B | ..!,......D[7nD[
0020: 37 6F BA D8 07 6C 00 8C : E0 51 4D 2D 53 45 41 52 | 7o...l...QM-SEAR
0030: 43 48 20 2A 20 48 54 54 : 50 2F 31 2E 31 0D 0A 48 | CH * HTTP/1.1..H
0040: 4F 53 54 3A 20 32 33 39 : 2E 32 35 35 2E 32 35 35 | OST: 239.255.255
0050: 2E 32 35 30 3A 31 39 30 : 30 0D 0A 4D 41 4E 3A 20 | .250:1900..MAN:
0060: 22 73 73 64 70 3A 64 69 : 73 63 6F 76 65 72 22 0D | "ssdp:discover".
0070: 0A 4D 58 3A 20 32 0D 0A : 53 54 3A 20 75 72 6E 3A | .MX: 2..ST: urn:
0080: 73 63 68 65 6D 61 73 2D : 75 70 6E 70 2D 6F 72 67 | schemas-upnp-org
0090: 3A 73 65 72 76 69 63 65 : 3A 57 41 4E 49 50 43 6F | :service:WANIPCo
00A0: 6E 6E 65 63 74 69 6F 6E : 3A 31 0D 0A 0D 0A 2D 55 | nnection:1....-U
00B0: 53 3B 20 72 76 3A 31 2E : 36 29 20 47 | S; rv:1.6) G

The executable has changed since the last time you used: C:\Program Files\Messenger\msmsgs.exe

The new DLLs have been loaded:
C:\WINDOWS\SYSTEM32\dpnhupnp.dll
C:\WINDOWS\SYSTEM32\msdmo.dll
C:\WINDOWS\SYSTEM32\midimap.dll
C:\WINDOWS\SYSTEM32\AVICAP32.DLL
C:\WINDOWS\SYSTEM32\dsound.dll
C:\WINDOWS\WinSxS\X86_MI~1.3_X\dxmrtp.dll
C:\WINDOWS\WinSxS\X86_MI~1.3_E\rtcres.dll
C:\WINDOWS\WinSxS\X86_MI~2.3_X\rtcdll.dll
C:\Program Files\Common Files\Logitech\Scrolling\LGMSGHK.DLL
C:\WINDOWS\SYSTEM32\winsta.dll
C:\WINDOWS\SYSTEM32\wtsapi32.dll
C:\WINDOWS\SYSTEM32\sxs.dll
C:\WINDOWS\SYSTEM32\xpsp2res.dll
C:\WINDOWS\SYSTEM32\comres.dll
C:\WINDOWS\SYSTEM32\xpob2res.dll
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPHk2KS2.dll
C:\Program Files\Logitech\MouseWare\system\LgWndHk.dll
C:\PROGRA~1\SBCSEL~1\SMARTB~1\SBHook.dll
C:\WINDOWS\SYSTEM32\UMDMXFRM.DLL
C:\WINDOWS\SYSTEM32\SERWVDRV.DLL
C:\WINDOWS\SYSTEM32\cryptdll.dll
C:\WINDOWS\SYSTEM32\msimg32.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\GdiPlus.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
C:\WINDOWS\SYSTEM32\ws2help.dll
C:\WINDOWS\SYSTEM32\ws2_32.dll
C:\WINDOWS\SYSTEM32\wsock32.dll
C:\WINDOWS\SYSTEM32\user32.dll
C:\WINDOWS\SYSTEM32\gdi32.dll
C:\WINDOWS\SYSTEM32\advapi32.dll
C:\WINDOWS\SYSTEM32\msvcrt.dll
C:\WINDOWS\SYSTEM32\kernel32.dll

To disable DLL Authentication go to the security tab under the Tools, Options menu.

File Version : 4.7.0.3001
File Description : Windows Messenger
File Path : C:\Program Files\Messenger\msmsgs.exe
Process ID : 0xB30 (Heximal) 2864 (Decimal)

Connection origin : local initiated
Protocol : UDP
Local Address : 68.91.55.110
Local Port : 44556
Remote Name :
Remote Address : 68.91.55.111
Remote Port : 1900 (SSDP - Simple Service Discovery Protocol)

Ethernet packet details:
Ethernet II (Packet Length: 188)
Destination: 00-0b-23-bb-f9-4b
Source: 00-07-e9-54-21-1b
Type: IP (0x0800)
Internet Protocol
Version: 4
Header Length: 20 bytes
Flags:
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset:0
Time to live: 1
Protocol: 0x11 (UDP - User Datagram Protocol)
Header checksum: 0x7595 (Correct)
Source: 68.91.55.110
Destination: 68.91.55.111
User Datagram Protocol
Source port: 44556
Destination port: 1900
Length: 8
Checksum: 0x1ded (Correct)
Data (140 Bytes)

Binary dump of the packet:
0000: 00 0B 23 BB F9 4B 00 07 : E9 54 21 1B 08 00 45 00 | ..#..K...T!...E.
0010: 00 A0 2C 45 00 00 01 11 : 95 75 44 5B 37 6E 44 5B | ..,E.....uD[7nD[
0020: 37 6F AE 0C 07 6C 00 8C : ED 1D 4D 2D 53 45 41 52 | 7o...l....M-SEAR
0030: 43 48 20 2A 20 48 54 54 : 50 2F 31 2E 31 0D 0A 48 | CH * HTTP/1.1..H
0040: 4F 53 54 3A 20 32 33 39 : 2E 32 35 35 2E 32 35 35 | OST: 239.255.255
0050: 2E 32 35 30 3A 31 39 30 : 30 0D 0A 4D 41 4E 3A 20 | .250:1900..MAN:
0060: 22 73 73 64 70 3A 64 69 : 73 63 6F 76 65 72 22 0D | "ssdp:discover".
0070: 0A 4D 58 3A 20 32 0D 0A : 53 54 3A 20 75 72 6E 3A | .MX: 2..ST: urn:
0080: 73 63 68 65 6D 61 73 2D : 75 70 6E 70 2D 6F 72 67 | schemas-upnp-org
0090: 3A 73 65 72 76 69 63 65 : 3A 57 41 4E 49 50 43 6F | :service:WANIPCo
00A0: 6E 6E 65 63 74 69 6F 6E : 3A 31 0D 0A 0D 0A 72 76 | nnection:1....rv
00B0: 3A 31 2E 36 29 20 47 65 : 63 6B 6F 2F | :1.6) Gecko/

#1
penguinshrink

Posted 13 February 2005 - 06:37 PM

Advertisements

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us