I imagine this is a common one, I've seen it on other computers, but never mine, until I built this new computer. I only installed WinXP Pro, some drivers, and a handful of programs I had on my last computer, but somehow these popups got on there too.
Every so often (20 minutes?) I get a popup from 'System' to 'User' telling me to visit a site or whatever.. I keep closing/ignoring them, but they keep coming back.
Here's the lovely HijackThis log ^.^
Logfile of HijackThis v1.99.1
Scan saved at 11:07:12 AM, on 6/3/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis\HijackThis.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{F48BB275-1908-4717-BCDC-2401605DB86A}: NameServer = 150.199.178.1 150.199.8.1
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Full Version: 'System Message' Popups
Suggest A Fix PC Support Forums > Security > Malicious Code: Viruses, Trojans, Spyware and Browser HiJacking
Hi TogiJoji, on addition to what Mark suggested can you also do the following:
You are not running any antivirus software, and so it is only a matter of time before you get infected. Please get some as soon as you are able.
Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
Click on Fix Checked when finished and exit HijackThis. Reboot.
That was merely a tidying-up exercise more than anything else; your log is otherwise clean.
You are not running any antivirus software, and so it is only a matter of time before you get infected. Please get some as soon as you are able.
Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
Click on Fix Checked when finished and exit HijackThis. Reboot.
That was merely a tidying-up exercise more than anything else; your log is otherwise clean.
Alright! I did the things that both of you said, and installed/ran Ad-Aware SE Personal.. so.. hopefully it'll be alright now ^.^ (Hard to tell yet, though, since those popups don't come so often).
Thank you both for the help ^.^
Thank you both for the help ^.^
Well done.
Keep Ad-Aware up-to-date and run it periodically. But remember, Ad-Aware is an anti-spyware solution, not an anti-virus program.
Get hold of the Free AVG if you can't afford an anti-virus program; it's fully functional and does a pretty good job.
Keep Ad-Aware up-to-date and run it periodically. But remember, Ad-Aware is an anti-spyware solution, not an anti-virus program.
Get hold of the Free AVG if you can't afford an anti-virus program; it's fully functional and does a pretty good job.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.