05-01-2012 06:24 AM - edited 05-01-2012 06:28 AM
What are you doing?
Netsvc:: <-- ?
NETSVCS REQUIRES REPAIRS - current entries shown
3c1807pd Related to 3Com WinModem driver
point32 Microsoft IntelliPoint Filter Driver.
GoProto GoProto protocol driver from Gteko Ltd
s616unic related to Sony Ericsson Device
se44mdm System file
adsservice related to Earth Link
s117nd5 Sony Ericsson Device Driver
Do you know what is doing Quarantine:: directv in Combofix???
05-01-2012 09:09 AM
OK, a new day dawns
I could not get past the disabling of the keyboard/mouse during the Windows installation disc, so ...
I took the drive out and put it in as a secondary drive in another identical machine here in the computer lab. I used DriveCopy to mirror the functional drive onto the infected one. Replaced the infected drive into its machine and rebooted. Changed the Computer Name to match its location. Reran ComboFix.exe (log attached) after updating ComboFix and disabling OfficeScan.
There were NO INFECTION messages! W00t! <<does the happy dance!
I am SERIOUSLY DISTURBED that Trend Micro OfficeScan allowed the infection in the first place! WTF is up with that?!?! Is my trust in this product just a fantasy? Seriously considering changing vendors. This was not a good experience. Maybe if we could have cleaned it the first day or so, but TWO FREAKIN WEEKS?!?! not so good.
Thank you, malwarekiller, for your patience and sticking with me.
Please address the above concerns.
05-01-2012 09:13 AM
ok so here goes a win for good guys
Simply delete and uninstall all tools we used.
subject to no further problems?
your computer is clean.
Now let me do some tune-ups.
Mark this topic as solved...use the options tab of your topic to do so.Select the reply which u think is the solution to your problem..and click on the options tab of that particular reply and select mark as solution.
For the first run I would recommend a boot defrag and disk check
Download and run Puran Disc Defragmenter
u may use this tool to keep junk temp files away:
Open OTL and hit cleanup button
Malwarebytes. Update and run it today also i recommend to run it weekly to keep your system clean
Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.
To manually create a new Restore Point
Now we can purge the infected ones
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.
To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
check your PM
05-15-2012 01:25 AM - edited 05-15-2012 01:31 AM
Having a bit of a nightmare getting rid of the above. TrendMicro keeps finding and quarantining and the cleaning files and prompting restart and yet it keeps coming back. Have followed the instructions on the main TrendMicro encyclopedia but didn't find the registry entries (not that know exactly what I'm looking for):
Have ran SpyBot and that found 1 trojan and cleaned it, currently in process of running MalwareBytes program, waiting on results although whilst scan in progress, keeps saying "successfully blocked potentially malicious outgoing connection" so I'm assuming something is still running and trying to connect to net. I've disconnected from internet in meantime. I have access to a second computer on diff network so can download any utilities to this and transfer to infected machine with USB. Any help would be greatly appreciated.
05-15-2012 01:32 AM
lets get to it
Download OTL to your Desktop.
C:\Program Files\Common Files\ComObjects\*.* /s
Download aswmbr.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan.
Click the [Scan] button to start scan
On completion of the scan click [Save log], save it to your desktop and post in your next reply.
05-15-2012 09:22 AM - edited 05-15-2012 09:23 AM
Hi sorry for late response...
Download ComboFix from the any of the locations given in this website:
05-15-2012 10:56 AM - edited 05-15-2012 11:40 AM
Thanks for getting back to me. I know you want all current security off before run ComboFix but it is IMPOSSIBLE to completely remove TrendMicro OfficeScan. I have ran the uninstall and then restarted machine. As far as Add/Remove programs and Start Menu Entries and Startup items in MSCONFIG are concerned, it is gone but ComboFix keeps saying that it is still running. So....I ran ComboFix anyway, said that has infected TCP/IP Stack, really difficult to remove blah blah, then done its stuff, restarted, done a load of processes and then said reboot machine again...except it didn't. It got stuck on that screen for about an hour. I ended up manually rebooting (I know it says you shouldn't but literally it was stuck. Wasn't even seeing a lit up "working" light on my PC). Then it came up and generated a log. A copy of which I've attached here.
Thanks in advance
05-16-2012 12:14 AM
Alright! combofix got the most of it.
delete the current version of combofix from desktop and download a new one and run it and attach the log.