consrv.dll desktop.ini ping.exe Win32:Sirefef-HO [Rtk]

[DavidR]

If you still have that file in the combofix quarantine, submit to the virus labs so that it can be added to the avast! detections.

Send the sample/s to avast as a Undetected Malware:
Open the chest and right click in the Chest and select Add, navigate to where you have the sample (combofix quarantine or still in the original location) and add it to the chest (see image). Once in the chest, right click on the file and select 'Submit to virus lab...' complete the form and submit, the file will be uploaded during the next update. Note: manually adding to the chest doesn't remove them from the original location, so they still have to be dealt with in that location, in due course by combofix, etc.

[DaManJ]

done

[DavidR]

Thank you for helping to improve avast detections.

[oldman]

Hi DaManJ,

I'm not sure if combofix got all of it.

Next

Please open OTL.

• Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, click the None button near the top (it may looked greyed out)
  
  
• In the window under Custom Scans/Fixes copy and paste the following
  
  
  NetSvcs
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTIDrvr /s
  /md5start
  incdrm.*
  /md5stop
     
  
  
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  

When the scan completes, it will open a notepad window, OTL.Txt. Please post this log.

Please post back with

• OTL.txt

[DaManJ]

here it is,

OTL logfile created on: 10/02/2012 10:56:22 - Run 4
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Jeremy\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
7.89 Gb Total Physical Memory | 4.86 Gb Available Physical Memory | 61.68% Memory free
15.77 Gb Paging File | 12.37 Gb Available in Paging File | 78.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.20 Gb Total Space | 100.33 Gb Free Space | 35.18% Space Free | Partition Type: NTFS
Drive Q: | 11.72 Gb Total Space | 2.38 Gb Free Space | 20.30% Space Free | Partition Type: NTFS
Drive W: | 3.00 Gb Total Space | 2.18 Gb Free Space | 72.62% Space Free | Partition Type: FAT32
 
Computer Name: LACEY | User Name: Jeremy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
========== Custom Scans ==========
 
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTIDrvr /s >
 

< End of report >

[oldman]

Hi DaManJ,

Not sure why combofix showed traces of it but the OTL log shows it is gone.

You can remove combofix and OTL as prescribed below. aswMBR can simply be deleted.


Click the Start button, click Run. [Win7 users, go Start>"Start search"] Copy and paste the following line into the run box and click OK

Combofix /uninstall



Next

Open OTL then click the Clean Up button. You may get prompted by your firewall that OTL wants to contact the internet -  allow this.  A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will do some clean up tasks and delete some of the tools you have downloaded plus itself.




Your java is out of date. Click your start button > Control Panel

• Use the drop down menu beside view by and change it to small icons
  
• locate java (32bit) in the list and click on it
  
• when the java console opens click the update tab
  
• Click update now
  

Do the same for java (64bit)

Next, clear the java cache

To clear the Java Plug-in cache:

• Click Start > Control Panel.
• Double-click the Java icon in the control panel.
• On the General tab, Click Settings under Temporary Internet Files.
  
• On the Temporary Files Settings screen, Click Delete Files.
  
• check all boxes
• Click OK
  

[DaManJ]

all done. thanks for your help!

[oldman]

You are welcome.