Infected with consrv.dll

Viruses and worms
1

Recently I got infected with this and it caused Win 7 Antivirus to pop up and hijack a lot of my stuff. I believe I fixed it, but to be certain, I’d like to go through the process. First here are the first two logs.

2

Screenshot

3

aswMBR log. I see a virus that needs to go… swore I’ve deleted that one already, so awaiting instructions.

4

have you done a quick scan with Malwarebytes ?

if not do and attach the log…make sure it is updated before you start the scan

Essexboy will check your logs when he arrive here tomorrow…around 08:00pm - 11:59pm UK time

5

Last two Malwarebyte’s logs that detected something. Current scans detect nothing

6

Hi on completion of this run can you let me know what problems you are having

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 97 55 DA 01 56 1C 31 4D BF A2 5A A9 6B A4 FE 29 [binary data] IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 97 55 DA 01 56 1C 31 4D BF A2 5A A9 6B A4 FE 29 [binary data] IE - HKU\S-1-5-21-4162686938-2645483614-3529793939-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 97 55 DA 01 56 1C 31 4D BF A2 5A A9 6B A4 FE 29 [binary data] [2011/12/18 17:17:00 | 000,009,074 | -HS- | M] () -- C:\Users\Eric\AppData\Local\evmleo8d3rmy2idp7gyy6i865k5d [2011/12/18 17:17:00 | 000,009,074 | -HS- | M] () -- C:\ProgramData\evmleo8d3rmy2idp7gyy6i865k5d [2011/12/18 01:56:23 | 000,009,582 | -HS- | M] () -- C:\Users\Eric\AppData\Local\0q61ci1o46h636 [2011/12/18 01:56:23 | 000,009,582 | -HS- | M] () -- C:\ProgramData\0q61ci1o46h636 [2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Eric\AppData\Local\Temp\RarSFX0\procs\explorer.exe [2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Eric\AppData\Local\Temp\RarSFX0\userinit.exe [2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Eric\AppData\Local\Temp\RarSFX0\winlogon.exe

:Reg
[HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-
[HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-
[HKU\S-1-5-21-4162686938-2645483614-3529793939-1000\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]


[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

7

How’s it look, doc?

8

Looks good - what problems do you have ?

9

Nothing at this point. All seems well, just I know that can be deceptive at times. Thanks for the help.

10

If all is still well tomorrow - let me know and I will tidy up ;D

11

OK, no issues on my PC… slow downs on my laptop, but that’s a different problem I’ll post elsewhere. What’s the cleanup I need?

12

:cry:

EDITED AND POST REMOVED.

13

You have been repeatedly told not to offer advice in this section of the forum unless you need help, your either thick in the head or just plain insolent.

You have been reported

14

Honestly since essex is the one that got this all set up, he’s the only one I’d really trust with this, so no worries