Does this occur when the browser is open or at any time at all ?
I am not really sure. Most often all my work is done online. But I’ll close my browser for about 5 minutes and then report back. Thanks again.
BBL
It’s is doing it the minute I boot up and am connected to the internet, without browser being opened. Crazy stuff huh??
When I started writing to you today, I had around 520 network connections that went through the shield, right now the number is over 1300.
What is happening? Doing it right now as well, plus I am running Firefox sand boxed!
Two possibilities here, one is that your router has been infected and the second is the MBR
First could you reset your router… There should be a small hole at the back marked reset.
Insert a biro or pin press the button inside to reset it
Download the latest version of TDSSKiller from here and save it to your Desktop.
[*]Doubleclick on TDSSKiller.exe to run the application
https://dl.dropbox.com/u/73555776/tdss%20start.JPG
[*]Then click on Change parameters.
https://dl.dropbox.com/u/73555776/tdss%20Change%20param.JPG
[*]Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
[*]Click the Start Scan button.
[*]If a suspicious object is detected, the default action will be Skip, click on Continue.
https://dl.dropbox.com/u/73555776/tdss%20threat.JPG
[*]If malicious objects are found, they will show in the Scan results and offer three (3) options.
[*]Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
[*]Get the report by selecting Reports
https://dl.dropbox.com/u/73555776/tdss%20report.JPG
[*]Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
Please copy and paste its contents on your next reply.
Interesting thread.
Just wanted to add Don’t forget that resetting the router will change the password back to the default. If the default password had been previously changed and there are any wireless devices running through the router their passwords will have to be reset. At least that is what happens with my router 
Thanks. I have no wireless devices, but I did have to spend some time on the phone explaining my situation after I reset the router to re configure it.
Did a full reset on my modem. Ran the tdsskiller, but I am unable to copy/paste it. It also is a dat file so I can’t attach it. It did find 8 suspicious items, several of which I am familiar with because they are unsigned components that were installed when my system was custom built for me in 2010.
Now what?? Is there a way to convert the dat file into something you are able to read, or is it possible to send a link by using Speccy?
Could you just copy and past the last 10 lines where it shows MBR data and unsigned files
It will not allow me to copy and paste ANY of the report file. Not sure what to do here… but my hair is getting grayer by the minute and I’m very unhappy with Avast. The day this all started was when I renewed my paid version…
I have Internet Security 7 and when I boot my PC a Windows 7 machine Avast tells me the system is unprotected and when I start Avast it shows the firewall not working. After about 5 to 10 Mins it starts and says the system is fully protected. I don’t understand why. Has anyone else experienced this?
Here’s the last 10 lines or so, someone from bleeping told me where to find the Wordpad version. However, when he had me run it, I wasn’t asked to click the box for ‘verify digital signatures’.
Also I am resending you the aswMBR because it shows an infection but neither Pondus or Essexboy picked up on it.
Thanks!
TDSSKiller:
16:46:01.0171 4068 ============================================================
16:46:01.0171 4068 Scan finished
16:46:01.0171 4068 ============================================================
16:46:01.0296 3880 Detected object count: 8
16:46:01.0296 3880 Actual detected object count: 8
16:47:40.0375 3880 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user
16:47:40.0375 3880 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:47:40.0375 3880 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
16:47:40.0375 3880 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:47:40.0375 3880 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
16:47:40.0375 3880 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:47:40.0390 3880 MASPINT ( UnsignedFile.Multi.Generic ) - skipped by user
16:47:40.0390 3880 MASPINT ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:47:40.0390 3880 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:47:40.0390 3880 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:47:40.0390 3880 NTSIM ( UnsignedFile.Multi.Generic ) - skipped by user
16:47:40.0390 3880 NTSIM ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:47:40.0406 3880 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:47:40.0406 3880 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:47:40.0406 3880 SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - skipped by user
16:47:40.0406 3880 SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:52:27.0859 2836 Deinitialize success
aswMBR attachment
Now I have another issue. Avast will not allow me to click the box to run my browser sand-boxed AND it does not respond when I ask for a boot time scan. I am beginning to think my best bet is to completely unistall and do a complete new install.
I even tried to do a system restore, I had a good restore point… but it failed.
I can go online and do whatever I want, but all these networks running through my PC are eventually going to cause a MAJOR issue.
If you looked at the aswMBR test results and saw the infected file, how do I get rid of it??
The infected file is a part of combofix but we can remove that when we run the OTL cleanup
Lets reinstall Avast
Download aswClear to your Desktop.
Download the correct version of Avast
http://files.avast.com/iavs5x/avast_free_antivirus_setup.exe
http://files.avast.com/iavs5x/avast_pro_antivirus_setup.exe
http://files.avast.com/iavs5x/avast_internet_security_setup.exe
Disconnect from the net
Uninstall Avast via control panel
[*]Boot to Safe Mode.
[*] Restart the computer.
[*] As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
[*] Use the arrow keys to select the Safe mode with Networking menu item
[*] Press Enter.
[*]Run aswClear
[*]In the Select Product to Uninstall dropdown choose the version of Avast that is on your system.
https://dl.dropbox.com/u/73555776/aswclear.JPG
[*]Press Uninstall
[*]Once complete reboot your system to Normal Mode
[*]Reinstall Avast
Followed your instructions. ISSUE: I am unable to update the virus definitions. They are the definitions from October 31. HELP!!
I am using sage mode with networking at this time hoping my Windows firewall keeps me ok.
Thanking you for your continued help
- Set avast! to: Direct Connection (No Proxy)
- Reboot.
If need be download the latest definitions from here, this may repair the blockage http://www.avast.com/download-update
I downloaded the repair and used it. Now my updates are current. I thank you so much for your much needed help and your patience.
Have a Merry Christmas
Streim
Let us know if the next update functions correctly
Yes the updates are functioning correctly. I have been having some slow issues with boot up and online, but I ran a CCleaner (newest version) and so far so good. Again thank you to all of you for your help.
Just one more thing… if you lived close by I’d give some of my Christmas goodies I’ve been baking… 
Streim