Most likely that is ActiveX. I can't imagine any other way for all those
changes to take place with no prompting.You really should set ActiveX to
prompt or disable, especially for shady sites like that one and most
too for that matter.
Regedit can probably be brought back with an XSetup plugin.
http://www.xteq.com Install that and open it in the defaut UI. Navigate to
System > Security > Common and there is a plugin to disable
regedit/regedit32. Leave that box unchecked and click the apply button. If
that doesn't do it, I don't know what to say. Perhaps you could try Reghance
from Lavasoft. http://www.lavasoftusa.com/downloads.html
Run a search on both machines for any files that contain that in
it's text. Especially dll files as they're often used to hide registry
hacks. IF you find something, could you send it to me?
That 2K machine won't have msconfig, so go here (
http://www.mlin.net/StartupCPL.shtml ) and install this. It works on 9x/2K.
Not sure of XP. See if there are any rundll entries or regedit -s entries,
or anything suspicious looking. If all that fails, try disabling things one
at the time to see if that popup goes away. Also look at win.ini and see if
run= or load= has a suspicious entry.
Mike Healan (Dingo)