Did i told you ? Last ComboFix, step 2 dumphive.3xe crashed, then on completion before reboot.
Now, it’s the same, i dragged the CFScript.txt, ComboFix launched, step 2 dumphive.3xe crashed, and before reboot.
Opened start menu, searched for consrv.dll, it’s not there anymore =)

Here’s the last log, should i scan with avast and SpyBot ?

One more run with OTL as the net service entry has not gone. once this has run a log will popup could you post that please

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL SRV:64bit: - [2009-07-13 20:39:46 | 000,006,656 | ---- | M] (Oak Technology Inc.) [Auto | Running] -- C:\Windows\SysNative\Dell1100_FUService.dll -- (sqlagent$soshome22) NetSvcs:64bit: sqlagent$soshome22 - C:\Windows\SysNative\Dell1100_FUService.dll (Oak Technology Inc.)

:Files
ipconfig /flushdns /c
C:\Windows\SysNative\Dell1100_FUService.dll

I ran OTL with the instruction you gave me…

No internet access… Plug an USB Key to get the log, unable to install the new hardware…

Reboot, blue screen…

Tried the boot repair utility, i said that i didn’t wanted to restore using a restauration point. Now the boot repair process runs forever, and i can’t cancel it !

Restore to the latest restore point please and let me know the result

I restored consrv has returned.

OK this one is very resilient and it really takes umbrage if I use OTL to kill the respawning service… So I may need to run Combofix two or three times to really smack it down

So initially could you run a full combofix scan, allow it to update if it asks

Post the resultant log

Is theire any difference between a ComboFix Scan and a FULL ComboFix Scan ???

anyway ! hivedump.3xe crashed on step 2, and on output. Rebooted to resolve the registry thing.

Here’s the log

Yep this one will target the protection service

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:

File:: C:\Windows\SysNative\Dell1100_FUService.dll

NetSvc::
sqlagent$soshome22

Driver::
sqlagent$soshome22

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Can you explain me what is that DumpHive.3xe ??

Here’s the fresh CF log.

Excellent,
Avast doesn’t detect consrv.dll anymore, i ran a complete scan and the only entry it found were in the quarantine !

Thank you very much !

We need to do another run to remove the service now as it doesn’t really get the hint the first time that it should go

DumpHive.3xe is a part of combofixes inner workings

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:

File:: C:\Windows\SysNative\Dell1100_FUService.dll

NetSvc::
sqlagent$soshome22

Driver::
sqlagent$soshome22

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Hello everyone,

I don’t know if I should post there, it seems relevant because I have the exact same problem as Phobophile89, I had google redirectory, ads and slow internet.

Avast detected some threats (consrv.dll in system32 and desktop.ini, I don’t know if the two threats were related.).

Avast quarantined the threats and I encountered the blue screen of death. I did a restore and followed the steps I found in this article (http://blog.crosbydrive.com/?p=245) .

It was tricky because it included manual modifications in 2 registry keys.

Anyway, after that, few more scans with avast, malwarebites, combofix, roguekiller, tdsskiller … (yes I was very upset).

In the end, the registry keys is back to normal, BUT, I still have a little problem, sometimes (like 10/20 times a day) avast tells me that a threat was detected and quarantined (consrv.dll) but when I do a scan with avast or something else, it tells me that everything is clean.

Do you advise to do as in the last post (by essexboy) ?

Thanks,

Clad_fisher

Do you advise to do as in the last post (by essexboy) ?

you should start your own topic and attach the logs there
http://forum.avast.com/index.php?topic=53253.0

Then Essexboy will help you when he arrive in a few hours…