Spybot now gives me 2 registry errors that read HKLM\sys\Curnt Control set\services\wscsvc\start is not w=2,and when i Physically go to the Registry entry,they do not appear.Spybot then "fixes" the entries and upon next scan,there they are,again, My IP connections show in (cmd prompt)that i have several 12+ connections,one of which takes me to a site,In russian,that offers"Fresh Proxy's",it looks like a porn site,but this is only @ certain times of the evening,Malware bytes finds nothing,but interestingly,there are Registry entries that i cannot access labeled MBAMExt.MAMBShl.txt all other Mbam entries and Files are gone,save these 5 entries,and cannot even be seen unless running regedit in Safe mode,Reg assassin cannot see these entries and will not run in Safe mode,These sorts (and more)of Problems have been happening for Months,with the WIN gen 32\BACK DOOR DOWNLOADER,i received from HIRENS BOOT CD,any rate i am convinced that whatever is on my machine has dual .exe's,and at the moment there are no application "hangs" failures,but they usually follow in 5-10 days after i reinstall my OS,ComboFix will not run on 64 bit,super antispyware found nothing and Avast,failed to load after it detected and cleaned the Wingen 32 downloader,so i didnt bother with it again,My PC is much slower that it should be and am about at the end of ideas,got any NEW ones? anybody?,Thanx in advancce
OH YAE i forgot HI evenBody!
Also Have unregmp2.dll,it lives in C:\ System 32,and when i delete it ,it multiplies several times in System Volume Info,it, according to my research is a Co Installer for MP,it used to be "unregmp.dll,untill i deleted it after modifing a Sevice Pack uninstall DLL,this event was PRE reformat and it is currently residing as unregmp2.dll still/again it also reappears several more times in system vol info when i delete it there.Thanx again
Edit: Moved topic from Windows NT/2000/2003/2008 to the more appropriate forum. ~ Animal
OK where did you move it too??
I removed a Browser preloader and my download times increased dramtically,HijacThis detected 4 files that reside in my eathernet controller App,and said that it "fixes" the Suspicious files that COULD be New.Net ect,only no files were deleted,so i manually deleted the 2 files that i could actually see,I then removed all the files for that APP and reinstalled the eathernet driver.
My video driver details in Device manager show that there is a Co-Installer as a driver,along with the Normal nv4_disp.dll,never seen that before,Process Monitor also shows an unusaully high cpu usage coming from DSN,that never happened before.
list of programs used to no avail
Reg assassin (standalone)
reset/reformat router including MAC enable/password change with the Cloaking
ALL MS update's
Edited by BM2, 07 December 2010 - 04:23 PM.