Hi Folks, A few months ago the laptop which my son uses for internet games became infected with a virus that was hijacking IE. I used MBAM to quickly and successfully clean it up -- thanks for that. Last night I found that it's got a similar infection, but MBAM won't fix it this time. After poking around this forum I've tried a bunch of things with no real success. Here are the symptoms, and what I have tried so far: OS is WinXP home SP3. 1. MBAM will install and run briefly. It begins "preparing for the scan" then suddenly exits after about 15 - 20 seconds. At that point it has scanned 0 objects and found 0 infections. I cannot restart MBAM (access denied -- or permission denied), nor can I delete the MalwareBytes program folder, but I can use the MBAM uninstall then run the MBAM setup again to get it to run again. It behaves exactly the same; early exit. I tried renaming to "Winlogon.exe" but no difference. 2. HJT will install but only runs for a very few seconds before exiting. I can't tell exactly what it is looking at (flashes by too briefly) but it might be going through the registry. Same as MBAM, access is denied after the exit. I can delete the HJT folder and re-install HJT. Again, it will exit early. 3. I tried ComboFix. It will start running, but after about 7 - 10 min I get a blue screen of death. Once I restart the machine I can run Combofix again with the same result.I tried renaming to Combo-Fix upon d/l, but no difference. 4. I tried RootRepeal. When it starts I get a message "Error - invalid PE image found". It scans for a little while 15 - 25 sec then exits. Subsequent tries give "access denied" errors. I can unzip a fresh copy of RootRepeal to the same place with the same results. 5. I tried ProcessExplorer to look for suspicious processes. Almost everything looks legit, with all of the processes that I can't identify being in the "windows/system32/" folder. There is, however, a process called "b.exe" which is there sometimes and not at other times. I believe that this is how the previous virus manifested itself, and might be causing the IE popups etc. I kill it when I see it, but it comes back after maybe 1/2 hour or so. 6. I tried removing the HD and slaving it to my desktop computer. MBAM was able to scan it fully and it found and fixed 1 infected object. But, upon reinstalling in the laptop, MBAM is still not able to run. So, I've gotten to the point of asking for help. From what I've read It seems like it might be time for an Avenger2 script, but I won't do that until I'm told to by someone smarter than myself. Thanks. Bob