Pop up as soon as I turn on my comp, HELP

[CBR900RR]

Every time when I start my comp, this site http://ultra-software.info/cp/adv177/ with start by itself, I am on cable 24/7, also has already scan with norton anti virus 2003 , sypbot , and have pop-up-cops intergrated in explorer, help please.

[Storm90]

Sounds Like It might have a exe. in your startup files. Try looking in them. This could possibly be the problem. Good luck!

[CBR900RR]

Already check the startup folder and MSCONFIG and nothing, and another pop up http://www.vano-soft.biz/remedy/adv177/ when I was playing online games!

[CBR900RR]

Another just pop up http://www.teensguru.com/toolbar.html when I was running spybot scan, HELP

[Storm90]

Did you try find files and checking your startup folders this way sometimes they are not listed in MSCONFIG. Plus check your Program file for any new programs you may not have installed. I have had a few spyware programs that adware or spybot did not remove. Found the in my programs folder. Other then that I am not sure.

[CBR900RR]

Already try and I am running out of idea, can you show me a couple good program to use.

[Storm90]

The only other spyware program I use is Adware 6 you can get that at http://lavasoft.element5.com/support/download/ Only other thing I can think of there is a exe some where on your c drive you might have to hunt to find it. Plus did you try cleaning out you internet explorer cache. Plus your cookies and history. Plus is there any new programs you might have installed lately. That you downloaded from the internet . Other then this I am at a complete loss. Well lets see if someone else here has had this problem. Maybe they will have a answer.

[CBR900RR]

Thanks for the reply, I did fix it with an one month old image file, but piror to this, I was thinking about make a new image, than install Zone alarm and see which program try to open up a web page , than restore with my new image and uninstall the program, but I am all fine now, thanks.

[Storm90]

Instead of useing Zonealarm why not use Sygate or Outpost. They are much better firewalls. Plus they are free to. I have tried all three. I still use My Old version of TinyFirewall. I have still have the last version from when you could down load it for free. But if I ever loose the copy I have of. I would go to Sygate or Outpost. I glad to here you solved your problem. GoodLuck!

[YeOldeStonecat]

When you run Spybot Search and Destroy....do you update it's definitions first? So it's library of "stuff to look for" is up to date?

First advice...get a router. If not, are you using WinXP? If so...at least have the XP firewall turned on?

[Big-Dave]

Also go into services and make sure the messenger service is disabled. It has nothing to do with instant messenger. This would have solved your problem I Believe.

[YeOldeStonecat]

His browser is launching with websites though.....that's not the messenger service.

[CBR900RR]

Thanks for all the reply, I had my router on with MAC filtering and WEP Encryption with 256bit (56digit password), spybot and noron are up to date,messenger service is already disabled and instant messenger is already uninstall.

Reason why I said using zone alarm is not for protecting my comp, I just want to find out which SERVICE is trying to access the internet.

[YeOldeStonecat]

So with Spybot, fully updated and scanned, you're still getting parasite web browser launches?

You're behind a NAT router, that will block messenger service pop ups from the internet. But browser popups...that's something S&D should find, and kill.

[CBR900RR]

Originally posted by YeOldeStonecat
So with Spybot, fully updated and scanned, you're still getting parasite web browser launches?

You're behind a NAT router, that will block messenger service pop ups from the internet. But browser popups...that's something S&D should find, and kill.

That's what I thought too, any idea of what kind virus/spyware/.EXE that would be?

[YeOldeStonecat]

Originally posted by CBR900RR
That's what I thought too, any idea of what kind virus/spyware/.EXE that would be?

No...just that S&D should have gotten it. You sure you have S&D updated? You check for updates, should look for 9,700 something known items when you kick off a scan.

You have anything in your startup folder?

Are you comfortable peeking into the registry into the Run Services?

Have you deleted all your temp internet files, temp files, and cookies?

[Thorazine]

If something is loading at startup then it can be found in the following locations:

HKeyLM\software\microsoft\windows\run

HKeyLM\software\microsoft\windows\runonce

HKeyLM\software\microsoft\windows\runoncex

I think there are a few keys in IE that will trigger code at startup.

What's in those keys?

[CBR900RR]

I did all that, plus check in the register too.

[Thorazine]

Okay....

then try some of this:

Boot to safe mode. Does the code run?

it's win98 right, so create a bootlog.txt file or even watch what loads and doesn't load at startup. Anything funny loading that shouldn't load?

go here -> http://www.sysinternals.com and download filemon and regmon

Those two programs will tell you every about what is happening to your computer. You might want to pick up a copy of handles.exe and listdlls.exe while your there.

try renaming iexplorer.exe to see if it stops.