Posted Today, 01:53 PM
It has Trend Titanium / Windows Security Essentials / MAB installed and running.
Trend was blocking our club's site, I turned off all addons and was able to then see the site.
I noticed that microsoft updates wouldn't run, I couldn't enable updates from the tool tray, but could from the secruty center.
### Running defogger caused the cursor to bounce around the DOS screen
### Running ddr.scr gave the error that "not a recognized program" and when I did get it to start, same issue as defogger.
Updated MAB, now the service terminates on boot: "MBAMservice terminated unexpectedly - See the event log"
## Service Event log: The MBAMservice entered the stopped state
## Application Event log: Many windows serch indexing error (maybe something I did), and A Windows security service center start message around the time that MBAM stopped. No ther messages.
TDSkiller.exe shows unsigned files (in windows/system32?) but they stay there.
MSE is hidden.
Windows Installer seems to have issues as well.
Ran Trend's Rootkit buster, RU botted, and HiJack this (scan and fix). Nothing too unusual still no MS update website access.
Scaned with F-secure (Linux online boot) and found a suspicious file (and one in the system restore directgory) that I couldn't delete.
Used SysInternals to look at processes that may have the file open and didn't see any (or maybe I don't know the tool well enough).
Running combofix allowed me to to the microsoft update site, but was re-infected (ala stuxnet?) before I could get the updates installed.
Updates downloaded (very slowly), but did not uncompress or install.
Anything I should do short of repaving?
End of added content. ~ OB
Posting the logs as requested.
Also after running defogger I started GMER
I have a partial scan log for GMER and a windows dump for a bluescreen that occured while writing to the CD.
Stop A (fbb20238,2,0,806d5805)
Edited by Orange Blossom, 03 November 2011 - 06:15 PM.