How JustAnswer Works:
  • Ask an Expert
    Experts are full of valuable knowledge and are ready to help with any question. Credentials confirmed by a Fortune 500 verification firm.
  • Get a Professional Answer
    Via email, text message, or notification as you wait on our site. Ask follow up questions if you need to.
  • 100% Satisfaction Guarantee
    Rate the answer you receive.
Ask Steve Gardner Your Own Question
Steve Gardner
Steve Gardner, Computer Enthusiast
Category: Computer
Satisfied Customers: 17987
Experience:  Engineer with a ton of computer experience.
Type Your Computer Question Here...
Steve Gardner is online now
A new question is answered every 9 seconds

I am getting crazy pop ups all of a sudden. I ran a virus ...

This answer was rated:

I am getting crazy pop ups all of a sudden. I ran a virus check and found nothing. Is there a strange program or something that I should look for and uninstall? If so, how do I go about it. I am on Windows XP.

Anyone have any advice?

Optional Information:
OS: Windows XP; Browser: IE

Already Tried:
Virus check - found nothing.

Pop ups are not necessarily viruses.

Run this online scan now:

Then, download and run the following programs and run them regularly:

Adaware at

Spybot at

Make sure your PC is up to date with all necessary patches by clicking on 'WIndows Update' on your Start menu.

Steve Gardner and 2 other Computer Specialists are ready to help you
Customer: replied 11 years ago.
Reply to Steve Gardner's Post:

I ran the scan and it found no problems. And I already had spybot and mcafee. Neither finds a problem when I search. But I keep getting the pop ups.

Is there a program that my 10 year old might have hit "yes" on when he was playing on the internet and accidentally installed? The popups are program specific. If I am looking at health questions on JA, I get health pop ups. If I'm doing pets, I get pet pop ups. If I'm not doing anything specific, I get naked women. Although it's thrilling to compare myself to "hot naked women who will do anything," it's not really my cup of tea.

Is there a specific program that I might be on the lookout for? Something that might have been installed and now I need to get rid of it?

Any other suggestions?

OK, run 'Hijack This' and cut and paste the results into JA. Or if you know what you are looking at you may see the errant program listed. If I don't get back to you this evening I will do so early in the AM. Hijack this will find it.

Customer: replied 11 years ago.

When I tried to run Hijack, my Mcafee stopped it and said that it was a worm and deleted it.

Any other ideas?

Disable Mcafee temporarily. Hijack This behaves like a worm but it isn't. It is the only way to see what is going on.
Customer: replied 11 years ago.


It turns out that the problem is actually (in part) due to Winfixer. I have found instructions for how to remove winfixer but am still having problems. I can't reboot in safe mode because it says I am missing a file.

I can't run Hijack because I can't figure out how to disable McAfee.

Can you offer any more suggestions?

OK, to disable Mcafee, go to control panel, administrative tools, services.

Depending on how many modules of Mcafee products you are running, you may have between 3 and 10 services all running labelled 'Mcafee something blahblah'.

Click on them one by one and stop them. Don't change anything else.

Also right click on the red 'M' in your system tray and exit.

Now you should be able to run Hijack This and remove your Winfixer problem.

I would like to see what HT finds if you want to cut/paste here.


Customer: replied 11 years ago.
When I go to control panel, I don't see anything called administrative tools. I'm on XP. Would it be called something else for me?

Ahh, Ok then. Do this. Right click on the Start button, click 'Properties'. Click 'Advanced' and in the lower 'Start Menu' box look for mention of Administrative tools. Click on one of the options to display it on the Start menu.

Then close and exit and Admin Tools should show up on your menu.

Customer: replied 11 years ago.

I know that this is difficult for you since you can't see what I'm seeing but, if I right click on start, I don't get anything that even remotely looks like what you are describing.

If I go start> properties>, I only get task bar and start menu properties.

Customer: replied 11 years ago.

OK. I figured it out. And I ran hijack and created a log.

Can you tell me what to do next?

Logfile of HijackThis v1.99.1
Scan saved at 2:38:00 PM, on 11/25/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\Tammy Falkner\Local Settings\Temp\Temporary Directory 1 for\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\\agent\McUpdate.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\\agent\mcregwiz.exe /autorun
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Image Transfer.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} ( ActionRunner Class) -
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} ( Configuration Class) -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
O16 - DPF: {D44C75D8-C827-473E-8F68-A77E42500782} (Uploader Class) -
O16 - DPF: {E6EB803E-DD89-11D3-80C4-0050DA2E09D0} (LightSurfUploadCtl Class) -
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McShield (McShield) - Unknown owner - c:\PROGRA~1\\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\\Agent\mcupdmgr.exe
O23 - Service: VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

At first glance I see a lot of unnecessary stuff but nothing malicious. Only 3 BHO objects which all seem legit.
I will keep looking but would invite any other geeks to go through it and comment.

Tammy, give this other app a try as well.

I have used it before. Thanksto Andy for reminding me of it.

Customer: replied 11 years ago.

I ran the BHOdemon and it said that I had three BHO's running (Spybot, Adobe and one other) all of which were benign.

So, there was no problem here, either.

Any other suggestions?

Have you experienced any more pop ups?

Customer: replied 11 years ago.

Not in the past hour or so. But it's not uncommon for them to go away for a few hours and then start up again. Seems like every time I feel confidant enough to let my 10 year old use the computer, there they go again!


Do you think that all the things we have tried today could have possibly gotten rid of it?

Not sure. The BHODemon running ion the system tray will alert you if anything tries to misbehave.
Steve Gardner and 2 other Computer Specialists are ready to help you
Customer: replied 11 years ago.
I'll let you know how it goes from here. Thanks for all the help!