Thanks in advance. I have 2 infected computers with roughly the same behavior so I am totally confused. Fairly sure I have the Google redirect virus but not sure. Been fighting them for a week so have all of the newest tools. Just found out here that Combofix is "Not a Toy" but it seems the only tool that will clean to the point that I can boot outside of safe mode. That being said, it is probably the reason Norton realtime will not enable. I have gotten the computer "clean" according to the following tools on several occasions but then out of nowhere, I will be redirected or the XP Security Center scare software will pop up and I start scanning. Although nothing reported, on reboot under normal mode, still have the Norton problem and explorer loads but priority is set to Above Normal and does not show on the screen. Sometimes I can set to normal and it will show but most of the time I have to kill it and start a new task. Even though I have come to rely on Combofix, I use it as a last resort and NEVER delete anything that I am not 90% sure it shouldn't be there. The tools that report NO problem (in the usual order I run them) TDSSKiller - Never found anything so quit using it except every now and then. Same with Microsoft MRT...it found a minor things on the first run but nothing after that. RootRepeal - Used to find a Hidden Service called PEVSystemStart but I think that is from Combofix. Now, if I come up in normal mode and scan on hidden services, I get a BSOD. It also reports dump_iastore_sys as hidden driver that cannot be removed. When I run RKUnhooker service release 2 it gives me the detected parasite inside itself warning and says that it fixes it but keeps coming back. It reports a ton of entries in SSDS having to do with ntkrnlpa.exe but none are hooked and anything to do with kernel or MBR and I don't try to repair because I don't understand "hooking" and it seems dangerous to mess with those areas. It reports 31 code hooks but have done nothing with them. Just got Malwarebytes tool and it found a total of 17 items but only 2 Trojans and 1 "hijackStartMenuItemInternet" that had not been quarantined by combobox. And finally Gmer which I have run but It reports a lot of valid items and I can't differentiate between good and bad (plus I am saturated with information) I need guidance with a logical path to eradicate rather than going in circles as I have been. Thanks!!
Edited by techengr, 01 May 2011 - 11:44 AM.