That's fine just wanted to be certain.
Now I am somewhat confused here....Exactly WHICH computer is the infected computer we are working on at this moment? Have any of the others been infected? Don't tell me anything about the ones that are not. Is the infected one the one on the router or the one directly connected to the internet?

Sorry for the confusion. Just trying to give u all the info.

The laptop is not infected. The sever pc is not infected. My personal one is infected. My personal pc and server pc are connected to the wireless router via ethernet cables.

I put "TuneUpDefragService.exe" into google and its malware sites galore that come up.

Yeah, I know that is why I asked.

Also, have to say here I am not familiar with using a router, wireless or otherwise but have found multiple listings while searching that this particular infection does some changes with DNS settings on the router.
Concerning being connected to a wireless router and this particular infection take a look at this;
http://voices.washingtonpost.com/sec..._wirele_1.html

and this one; http://forums.spybot.info/showthread.php?t=35568&page=2
and also this one;
http://extremesecurity.blogspot.com/...-hijacked.html

So is it possible that me having Tuneup utilities 2008 is just a coincidence? Or would MBA-M have picked this up if it was actually malware?

Edit- Hmm maybe not. Just done some more searching and it looks legit with having tuneup utilities installed.

For now I will say it appears to be a legitimate program. You should STOP it from running automatically via services the same way I told you to stop the others. There is no reason for this program to run all the time anyway.

I had a look at those websites and it is interesting how the trojan can actually get into the router and change DNS settings. I don't think this has happened on mine as i didn't see any changes BUT i did realise that i was using some DNS IP's that were recommended on my ISP forum. Just incase these have stopped working i changed them to openDNS.

The "TuneUpDefragService.exe" in services say's is actually not running. It is already stopped, which is strange. So i changed it to disabled for now. See if that helps. Going to do a restart and ill report back.

Edit - OMG i restarted and everything just started to update automatically, was like all my programs were coming alive. Looks like it was my router DNS settings that were the culprit after all. Im changing the username and password on my router right now. Thanks so much for your help. I'm pretty sure evrything is working properly now, but i'll report back if not :-)

Well I'll be. Like I said, know next to nothing about router usage but when you said you used the router on a couple of the computers I thought maybe that could be the problem, especially since everything else looked clean.
Judy

Have done some more checking and from what I have found, even though other computers connected to this router have not displayed any signs of this infection all I have found states that ALL should be put through the same clean up procedures, the MBA-M scan should be done on each also just to be sure the infection is not lurking on them to infect the others again. Afterwards you may have to reset the router again.

OK will do. Thanks for all your help Judy

Let us know what or if you find anything ok? This will certainly help others as I have now seen this problem twice in this forum in the last week and also on another forum where I do some posting.
Judy