consrv.dll removal help

[I_am_your_GOD]

Hey, so I was trying to alter my Firewall settings, but Windows wouldn't let me change anything. I later found out that it's because I have that virus.

I guess other common problems created by it are Google redirects, but for some reason I'm not getting that.


Any way, is there a way I can remove it?

[mchain]

I_am_your_GOD

I am going to take a chance with a name like that, and point you to an Avast! help topic.  Please attach all scan results in following posts.

http://forum.avast.com/index.php?topic=53253.0

Either essexboy or oldman will pick up the thread once you post the results of your scan.  Please be patient, as this often is a game of catchup, as one or the other is online and/or in a different time zone.  Both, however, are good at what they do.

[I_am_your_GOD]

Alright, thanks.

[I_am_your_GOD]

Should've put my attachments in one post...

[essexboy]

Could you also run aswMBR please

[I_am_your_GOD]

Farbar Service Scanner Version: 10-02-2012
Ran by Rich (administrator) on 10-02-2012 at 15:38:41
Running from "C:\Users\Rich\Downloads"
Microsoft Windows 7 Professional   (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is offline
Attempt to access Yahoo IP returend error: Yahoo IP is offline


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================


File Check:
========
C:\Windows\System32\mpssvc.dll
[2009-07-13 19:09] - [2009-07-13 20:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

[I_am_your_GOD]

Could you also run aswMBR please

Posted. haha, sorry, I was in the middle of something as I was running the programs.

[essexboy]

OK here we go

I do not see an antivirus - are you using one ?

Re-Run aswMBR

Click Scan

On completion of the scan
Click the   Fix Button



Save the log as before and post in your next reply

THEN

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  O4 - HKCU..\Run: [sp] C:\Windows\sysWOW64\rundll32.exe "c:\windows\SysWow64\config\systemprofile\appdata\roaming\adobe\sp.dll",ServiceMain File not found
  [2011/12/09 14:03:45 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\2fx5l3.com.b
  [2011/12/09 14:00:15 | 000,000,112 | ---- | C] () -- C:\ProgramData\c163Un.dat
  [2011/12/09 01:14:51 | 000,011,066 | -HS- | C] () -- C:\Users\Rich\AppData\Local\d8ov80j6rj8rtf
  [2011/12/09 01:14:51 | 000,011,066 | -HS- | C] () -- C:\ProgramData\d8ov80j6rj8rtf
  [2011/11/15 01:31:55 | 000,000,000 | ---D | M] -- C:\Users\Rich\AppData\Roaming\bpmmG55aQJ6
  [2011/11/15 01:31:54 | 000,000,000 | ---D | M] -- C:\Users\Rich\AppData\Roaming\IlIIBrzzNyxAuv2
  [2011/09/17 00:07:29 | 000,000,000 | ---D | M] -- C:\Users\Rich\AppData\Roaming\InterVideo
  [2011/11/15 01:31:47 | 000,000,000 | ---D | M] -- C:\Users\Rich\AppData\Roaming\iqqqhCCwkUVlOtx
  [2011/11/15 01:31:48 | 000,000,000 | ---D | M] -- C:\Users\Rich\AppData\Roaming\j22oonF4pm5sJ
  [2011/11/15 16:11:29 | 000,000,000 | ---D | M] -- C:\Users\Rich\AppData\Roaming\qmmHH5sWJ7dE8gZ
  
  :Files
  ipconfig /flushdns /c
  C:\Windows\tasks\At*.job
  c:\windows\SysWow64\config\systemprofile\appdata\roaming\adobe\sp.dll
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [CREATERESTOREPOINT]
  [Reboot]
• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[I_am_your_GOD]

I have Malwarebytes, if that counts.

[Pondus]

I have Malwarebytes, if that counts.

No...Malwarebytes is a specialised tool with a limited amount of detections
they concentrate on executable files not older than 3 months


so you should add a antivirus program also

[I_am_your_GOD]

okey doke

[Pondus]

but you may wait with doing that untill essexboy is done... 

[essexboy]

I can recommend an excellent AV 

We now need to run an elevated command prompt

Go Start > All Programs > Accessories
Right click Command Prompt
Select Run as Administrator
In the black box that opens type the following commands pressing enter after each line

netsh winsock reset catalog
netsh int ip reset reset.log

Once done can you let me know what problems remain