---- Services - GMER 1.0.15 ---- Service C:WindowsservicingTrustedInstaller.exe (*** hidden *** )
That was 9 weeks ago. From that point, I started seeing new symtoms every time I had to format and reinstall; which was often. A number of times, Hotfixes were deployed despite Windows Update being deactivated; as soon as I brought the system online - one example: http://i.imgur.com/Lm6uo.png Confused, I checked Event log and saw the Hotfix had been installed by a command: http://i.imgur.com/kMPmj.png I Googled the command and only a handful of hits, all referencingForefront Endpoint Protection, which I guess was remotely deploying onto my system. My systems are now all mostly kaput, having been very well protected...from me. I have mountains of data but I don't have the requisite skills / knowledge to secure my systems (I'm about to buy new ones, but not until I can figure out how to secure them). I have cbs.log files that are just...I can't make sense of them, one example: Yesterday, a MSSE update downloaded by MSSE suddenly appeared in Windows Update 6 hrs later as an optional update. I downloaded and installed it, the entire process took under a minute. I checked cbs.log and almost fell off my chair. I think 7100 cbs.log entries in 41 seconds. But I don't know what they're telling me. In my cbs.log files, I see client initiated sessions by DISM, Package Manager Provider, Software Explorer and various things which all seem to suggest unattended installations. If I run sfc /scannow it finds a lot of corrupted files and replaces them. If I run sfc /verifyonly it finds a lot of corrupted files and replaces them. I found that pretty surprising. I don't know if SFP or WFP are the 'enemy' or an 'ally'; but they're working against each other, with WFP silently replacing all the files replaced by sfc /scannow. And it goes around in circles, like that. I just ran sfc /scannow to create some output. 3253 lines from a single sfc /scannow command; the first 400 of which are here: http://codepad.org/V3gFV7Z0 (I can upload the entire logs to Google Docs for download if that will assist?) I'm rather annoyed at myself, in hindsight, for wasting my time on malware forums. I should have realised months ago the malware (of which there is plenty) is merely a side-effect of the real issue; which I think basically boils down to BUILTIN Administrator being relegated and severely limited (services greyed out, permission denied messages, etc) Thanks in advance for your expertise; and please let me know if there's anything at all I can provide (installation logs, or screenshots or anything) that might assist. cheers!