Yet more conserv.dll / Sirefef.. Please save me essexboy

Viruses and worms
21

Run and is rebooting

22

Once that run has completed I have a registry fix for you to repair defender

Go here and download windef.reg to your desktop https://skydrive.live.com/?cid=32D8666F4048075B&id=32D8666F4048075B!117
Right click the file and select Merge
Accept the warnings
Reboot and try defender again

23

Windows failed to boot… examining cause now

24

OK they have changed the malware

Select a restore point to get back to windows

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
File:: C:\Windows\SysNative\SECYPUSB.dll

NetSvc::
SMCB000

Driver::
SMCB000

Save this as CFScript.txt, in the same location as ComboFix.exe

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

25

Ok back up and running

Here is the combofix log

26

How is the computer running now ?

Did you download the defender registry fix ?

Could you run a final OTL quick scan please - no script required apart from the netsvc entry

27

scan is running.

Looking good so far. I am fairly sure we got it now.

Got the reg keys ready to install when doing cleanup

28

OTL log

29

Ok going to reboot now to apply the win defender reg and check noting new pops up on reboot

30

I wish these malware writers would stop changing the programmes it makes my life hard ;D

31

No signs of conserv or any strange services. Windows Defend is still broken. No control panel interface for it now and if I try to start the service manually it reports Error:126 The specified module can not be found.

32

One of the reasons I would rather keep doing automotive repair instead of going into PC repair despite having a ton of experience

33

Looks like it took out mpsvc.dll … copying it from my PC and will try to start again.

34

Re-run Farbar an I will check all the files are present

35

WTF… you have to be kidding me… %SystemRoot%\system32\svchost.exe is missing lmao guess i got to copy that too

36

Moving svchost.exe now

37

Looks like svchost.exe was already there … I hate laptop pointing devices… makes it hard to scoll list

38

“%ProgramFiles(x86)%\Windows Defender\mpsvc.dll”.

Where did you place the defender file - was it in the above location ?

What error do you get when you try to start defender

39

I placed it in %ProgramFiles%\Windows Defender\ have not even looked in the %ProgramFiles(x86)% directory yet … and there it is… that reg entry is wrong it should be %ProgramFiles% as well … changed it and now it runs

40

running windows update and will begin updating Java flashplayer ect soon