Need help with a rootkit - (consrv.dll, sirefef rtk)

[jeffce]

Hi,

Looks like ComboFix may have knocked it out, but we need to be sure.

Run a new scan with OTL.  In the Custom Scans section please place the following:

netsvcs
/MD5START
consrv.dll
bcoreusb.dll
/MD5STOP
CREATERESTOREPOINT

In your next reply please post the log that is created by OTL. 

[Mikhail]

Sorry I took so long to reply.

[jeffce]

Hi Mikhail,

Please download and run ERUNT (Emergency Recovery Utility NT).  This program allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.  **Remember if you are using Windows Vista as your operating system right-click the executable and Run as Administrator.
----------

Run OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  

Code: [Select]

:Services

:OTL
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

:Files
C:\Windows\SysNative\bcoreusb.dll

:Commands
[purity]
[emptytemp]
[resethosts]
[start explorer]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot when it is done
• Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
  

[jeffce]

Hi,

Are you still with me?