Posted 29 April 2011 - 11:20 AM
Whilst I waited I ran and already had run several tools. I finally solved the issue. I would have liked to use a sniper bullet to kill this bug but ended up using a grenade! Here is what was done for anyone who would like to know.
tdss rootkit - reported clean
combofix - clean
malwarebyres - clean
superantispyware - misc bugs but not this one.
microsoft security - nothing
AVG? - it was the app that let me know what it was and where it was. Agent_r.xj in svhost and iexplorer
(both were causing the random page redirects/ blocking of update site)
nothing i threw at it would remove it. (avg said it did but didnt. so what I finally ended up doing was taking another hard-drive and installing xp pro from scratch. once it was at the desktop I created a folder called data, and copied all the EXE, SYS and DLL from the windows\sytem32 folder, then copied the entire internet explorer folder from program files.
once that was done, I booted to a live CD. I think it was ERD 2005. with both drives connected I overwrote all the files on the target drive with the ones I copied from the clean install. removed clean drive, rebooted and installed the offline copy of IE8 installer. BOOM updates were available and the site was no longer blocked. I ran ALL updates and updated MSE, hopefully this bug will not return.