HI i think my modem has some kind of viris/spyware/adware/whateverware i have 2 computers and i am saving to buy a router so i can share internet so recently i just switch internet cords from one computer to the other now whenever i do that the computer who has access ALWAYS gets these stupid annoying messages like windows messenger your registry has been affected please download registryfix (or something like that) and it says MS told em to send me this messages (which i know is a bunch of BS) or ill get this think that says your system is infected all windows opperating systems (except Windows ME) is infected download (dont remeber) now to recover your system before it gets out of hand these messages i placed are form what i can remeber they are of course reworded as i cant see the message right now (though it will pop up in about 10 mins) when ever i didsconnect the internet the messages go away and when i place it back in the messages come back ive run a whole bunch of removal software and im not infected (i've used Spybot S&D, Norton AV, Spyblaster, MS Microsoft Windows Malicious Software Removal Tool, and im in the prosess of using windows defender once i get it working) thay all said i have nothing but the messgae is always coming back also i tryed reinstalling my OS and this stupid message keeps comming back i know my regisrty is alright please help me

Please post a Hijack This log so that the files associated with the virus/spyware/hijacker can be identified. You can download Hijack This at this link http://www.tomcoyote.org/hjt/ then place it into a folder of it's on, such as C:\HJT, so that back up copies can be made and not clutter your desktop or other folders and the backup copies of deleted items can be easily located if needed. Once saved double click HijackThis.exe, and press "Scan". When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that, save the log, Ctrl-A to Select All, and copy its contents into the text editor at this forum. Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly.

Logfile of HijackThis v1.99.1 Scan saved at 4:34:40 PM, on 4/1/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\Explorer.exe C:\WINNT\System32\svchost.exe C:\Program Files\Internet Explorer\IEXPLORE.exe C:\Documents and Settings\Douglas Bailey\Desktop\hijackthis\HijackThis.exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\RunOnce: [MigrateMMDrivers] rundll32.exe mmsys.cpl,mmseRunOnce O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143929670150 O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

I see nothing in you HT log. Please download ATF-Cleaner from this link http://www.atribune.org/content/view/19/2/ by Atribune. It sounds like SmitRem but there is no evidence. Please download smitRem.zip and save it to your desktop from this link http://noahdfear.geekstogo.com/smitRem.exe Open the file and it will extract itself to a new folder called SmitRem. Reboot into safe mode by following the directions in the Ewido paragraph. Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Your desktop and icons will disappear and then reappear again, this is normal. Wait for the tool to complete and Disk Cleanup to finish, this may take a while; please be patient. Next go to Start > Control Panel > click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present. Run ATF-Cleaner while still in safe mode. Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If that does not help try the following. Run this free online scan from Panda When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to the desktop, then copy/paste into the text editor and post it. Download Ewido Security Suite then set it up this way Ewido Setup Instructions reboot into Safe Mode and run Ewido When the scan has completed, Ewido will create a report.txt file. Click the "Save Report" button on the bottom of the screen and save the log to your desktop. Please reboot into normal mode and post the ewido log.

kageaberzger, are you sure you're not getting messenger pop-ups? If so just google for 'Shoot the Messenger'It will allow you to disable messenger in one click safely. Hopefully my advice will help you...Please post back with your results....thanks

to jabuck this is panda Incident Status Location Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\(my name)\Desktop\MESSAGE DIE\smitRem.exe[Process.exe] Spyware:Cookie/Microsofte Not disinfected C:\Documents and Settings\(My Name)\Cookies\(My Name)@microsofteup.112.2o7[2].txt and this is ewido --------------- ewido anti-malware - Scan report --------------- + Created on: 7:24:13 PM, 4/1/2006 + Report-Checksum: AA1401C7 + Scan result: No infected objects found. ::Report End

kageaberzger, As XpUser4Real stated I also believe that the problem is Windows Messenger pop-up messages. Either use Shoot The Messenger or disable Windows Messenger following the instructions at the link below. How to turn off Windows Messenger Service Tufenuf