nothing obvious in the log

 

If somebody else has an account/ another profile - you might need to scan/re-run Hijack this on that one (or each profile) too, then re-post. Good luck.

 

Thanks for looking at the log file, but this is the only account on the machine. We run Norton as a virus scanner, do you have any more ideas about how to trace this pop up?

 

if there is nothing in HJT then it's possibly a messenger pop up so
Windows XP
1. Click on the Start button and open the control panel.
2. Open the Performance and Maintenance control panel and go to Administrative Tools.
3. Now double-click on Services, then scroll to Messenger.
4. Double-click Messenger and click Stop to stop the service.
5. Change the startup type to Disable and click Apply at the bottom.
6. Click OK to exit window.

BTW, this has nothing to do with the MSN /Windows Messenger Instant Messaging service


Windows 2000
1. Click on the Start button -> Settings -> Control Panel.
2. Double click on Administrative Tools.
3. Now double-click on Services, then scroll to Messenger.
4. Double-click Messenger and click Stop to stop the service.
5. Change the startup type to Disable and click Apply at the bottom.
6. Click OK to exit window.

For Windows 95, 98, and ME
* Under Control Panel, select Add/Remove.
* Select Windows Setup.
* Select System Tools.
* Click Details.
* Uncheck WinPopUp.
* Click OK.
* Reboot

Alternative way is if you use a decent firewall then block ports 135,137,138,139,445 both TCP & UDP and both incoming & outgoing, that also stops other unwanted nasties

or you're just surfing the wrong sites and the pop ups are hard coded into the web pages

can you give some examples of the sites that the pop ups occur on

 

Many thanks, that seems to have sorted out the problem.
There was no specific sites that were activating the message, it was just popping up every 5-10 minutes. As far as I know, we didn't surf too many "wrong sites".
Lisa