i'm being hounded with the same pop up over and over and I have tried to get rid of it with no reults...HELP PLEASE The link is www.registry defender

Print these instructions out.

NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

STEP 1. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

RESTART COMPUTER

STEP 3. Download, install, and run HijackThis:
http://www.snapfiles.com/get/hijackthis.html
Post HijackThis log.
Do NOT attempt to "fix" anything!


DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Hi
Thanks for your help I have pasted the results below and I am now going to restart my computer.

Malwarebytes' Anti-Malware 1.36
Database version: 1970
Windows 5.1.2600 Service Pack 3

12/04/2009 19:31:54
mbam-log-2009-04-12 (19-31-44).txt

Scan type: Full Scan (C:\|)
Objects scanned: 173144
Time elapsed: 20 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 2
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\antiwpa.dll (Trojan.I.Stole.Windows) -> No action taken.
C:\WINDOWS\system32\__c0098A90.dat (Trojan.Agent) -> No action taken.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\antiwpa (Trojan.I.Stole.Windows) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0098a90 (Trojan.Vundo) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\syste m32\ntos.exe,) Good: (userinit.exe) -> No action taken.

Folders Infected:
C:\WINDOWS\system32\wsnpoem (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\wsnpoem (Trojan.Agent) -> No action taken.

Files Infected:
C:\Documents and Settings\Kevin\My Documents\Software for New Install XP\VIDEO CONVERTERS\DVDFab Platinum 5.2.2.0 Final + Patch\Patch\universal.dvdfab.platinum.5-patch.2.2.exe (Rogue.Patch) -> No action taken.
C:\WINDOWS\system32\ftp_non_crp.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\winsetupgl.exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\Temp\_A00F3973C18.exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\wsnpoem\audio.dll.vir (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\wsnpoem\video.dll.vir (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\wsnpoem\audio.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\antiwpa.dll (Trojan.I.Stole.Windows) -> No action taken.
C:\WINDOWS\system32\__c0098A90.dat (Trojan.Vundo) -> No action taken.

Your log says No action taken next to each entry, so you either didn't:

Be sure that everything is checked, and click Remove Selected

or you posted the log from BEFORE fixes.
Post the correct log, or re-run Bytes.

Malwarebytes' Anti-Malware 1.36
Database version: 1970
Windows 5.1.2600 Service Pack 3

12/04/2009 19:32:08
mbam-log-2009-04-12 (19-32-08).txt

Scan type: Full Scan (C:\|)
Objects scanned: 173144
Time elapsed: 20 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 2
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\antiwpa.dll (Trojan.I.Stole.Windows) -> Delete on reboot.
C:\WINDOWS\system32\__c0098A90.dat (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\antiwpa (Trojan.I.Stole.Windows) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0098a90 (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\syste m32\ntos.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\wsnpoem (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\wsnpoem (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Kevin\My Documents\Software for New Install XP\VIDEO CONVERTERS\DVDFab Platinum 5.2.2.0 Final + Patch\Patch\universal.dvdfab.platinum.5-patch.2.2.exe (Rogue.Patch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ftp_non_crp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsetupgl.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\_A00F3973C18.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wsnpoem\audio.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wsnpoem\video.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\wsnpoem\audio.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\antiwpa.dll (Trojan.I.Stole.Windows) -> Delete on reboot.
C:\WINDOWS\system32\__c0098A90.dat (Trojan.Vundo) -> Delete on reboot.

For some reason it will not let me send the gmer as an attach it keeps saying its an invalid file...any ideas

I'm not familiar yet, what type of files can be uploaded on this board (I'll ask), so, try to zip it first.

Attachment 148