RobertFranz

Not of much help to you - but I ran into something similar. I had someone call me and tell me that one of our PC's was getting a message that "windows reported...." By the second word, I knew what happened. By the time I strolled down to that location 6 blocks away, they had installed AV 2009, Spy Hunter, and all their little friends. Spybot was dead, MSI was dead, F-Prot (which may be fired soon) was dead. The ONLY thing (or at least the first thing) that would install was MBAM. Good thing, as it was able to clear out 95% of the infection via the quick scan, the rest on the reboot, and the subsequent detailed scans all came out clean. I normally require nothing more than a command prompt and my experienced nose to cure most malware, so this one threw me a bit. I'm wondering why S&D was affected whereas MBAM wasn't. Is it perhaps the same thing I've run into with AV - where most of the big players rely on (potentially infected) windows api's for file access? That was why I went with Kaspersky originally - though it's reliance on msi meant it was useless in this situation.