Hi oldman,
I don't have any file at c:\windows\system32\incdrm.dll
I uploaded the incdrm.dll at C:\Windows\SysNative\ and C:\Windows\system64\ though, but the scans didn't find any problems.
It is interesting though, because all other dll's in that folder have TrustedInstaller as owner under security tab of properties, but this dll does not have it, so it seems foreign.
Someone has written a comment on that website though of "Seems to be a zero access loader" (
https://www.virustotal.com/file/77c3a8a545e7339fb149f20bf0864c7e5772022f4ced67236d8b78d51328dc12/analysis/1328754716/)
I've modified permissions to deny access to all users on incdrm.dll, so i'll reboot and see if avast keeps finding consrv.dll popping up.
Portable Executable structural information
PE Sections...................:
Name Virtual Address Virtual Size Raw Size Entropy MD5
.text 4096 1664 2048 5.33 aaf91b113926ae493eec8c5d71878cff
.rdata 8192 1136 1536 3.34 56d6416c322465203a32f8f356694427
.data 12288 76 512 0.12 079c994a503500c2182eb28a393cac08
.pdata 16384 120 512 1.04 573a1379382940b53060c249d59a5f0d
.rsrc 20480 808 1024 2.69 04adb191b0415df07b52a8b2d37c9829
PE Imports....................:
ADVAPI32.dll
RegisterServiceCtrlHandlerExW, SetServiceStatus
ntdll.dll
ZwDelayExecution, ZwClose, ZwQueryEaFile, ZwOpenThread, RtlFreeUnicodeString, ZwOpenFile, RtlDosPathNameToNtPathName_U, LdrFindEntryForAddress, ZwAlertThread, memcpy, strcmp, __chkstk
KERNEL32.dll
FreeLibrary, GetCurrentThreadId, GetCurrentProcessId, LocalFree, VirtualFree, VirtualAlloc, LocalAlloc
Cabinet.dll
-, -, -
PE Exports....................:
S, e, r, v, i, c, e, M, a, i, n