criticat

Ran them last night, here's the results: JRT: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.4.2 (01.08.2013:1) OS: Windows 7 Enterprise x86 Ran by 2011 on Wed 01/09/2013 at 18:35:20.27 Blog: http://thisisudax.blogspot.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\2011\AppData\Roaming\pccustubinstaller" Successfully deleted: [Folder] "C:\Users\2011\appdata\locallow\boost_interprocess" Successfully deleted: [Folder] "C:\ProgramData\ask" ~~~ FireFox Successfully deleted: [File] C:\Users\2011\AppData\Roaming\mozilla\firefox\profiles\1z5fxem1.default\searchplugins\askcom.xml Successfully deleted the following from C:\Users\2011\AppData\Roaming\mozilla\firefox\profiles\1z5fxem1.default\prefs.js user_pref("browser.search.order.1", "Ask.com"); Emptied folder: C:\Users\2011\AppData\Roaming\mozilla\firefox\profiles\1z5fxem1.default\minidumps [21 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Wed 01/09/2013 at 18:38:42.29 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ AdwCleaner: # AdwCleaner v2.105 - Logfile created 01/09/2013 at 18:51:11 # Updated 08/01/2013 by Xplode # Operating system : Windows 7 Enterprise Service Pack 1 (32 bits) # User : 2011 - WINDOWS-KVIHLAV # Boot Mode : Normal # Running from : C:\Users\2011\Desktop\AdwCleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Registry is clean. -\\ Mozilla Firefox v17.0.1 (en-US) File : C:\Users\2011\AppData\Roaming\Mozilla\Firefox\Profiles\1z5fxem1.default\prefs.js [OK] File is clean. ************************* AdwCleaner[s1].txt - [757 octets] - [09/01/2013 18:51:11] ########## EOF - C:\AdwCleaner[s1].txt - [816 octets] ########## MBAM: Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.09.10 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 2011 :: WINDOWS-KVIHLAV [administrator] 1/9/2013 7:00:15 PM mbam-log-2013-01-09 (19-00-15).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 227801 Time elapsed: 3 minute(s), 42 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ESET: C:\TDSSKiller_Quarantine\09.07.2012_20.26.15\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.KS trojan

CatByte, That seems to have fixed my problem, I can now access www.google.com, and reCaptcha boxes are now showing up. Thank you so much! We would certainly be lost without the good people out there working harder to stop the bad ones than the bad people are working to screw things up. Here's the log file that combofix created. Is there anything else I need to do to finish the cleanup? ComboFix 13-01-08.01 - 2011 01/08/2013 23:39:58.1.2 - x86 Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.2046.1159 [GMT -6:00] Running from: c:\users\2011\Desktop\ComboFix.exe AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\isRS-000.tmp c:\windows\system32\Packet.dll c:\windows\system32\pthreadVC.dll c:\windows\system32\WanPacket.dll c:\windows\system32\wpcap.dll . . ((((((((((((((((((((((((( Files Created from 2012-12-09 to 2013-01-09 ))))))))))))))))))))))))))))))) . . 2013-01-09 05:46 . 2013-01-09 05:47 -------- d-----w- c:\users\2011\AppData\Local\temp 2013-01-09 05:46 . 2013-01-09 05:46 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-08 04:43 . 2013-01-08 04:43 -------- d-----w- c:\users\2011\AppData\Local\Programs 2012-12-22 09:01 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll 2012-12-22 09:01 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-12 07:14 . 2012-11-22 02:56 2345984 ----a-w- c:\windows\system32\win32k.sys 2012-12-12 07:13 . 2012-10-04 16:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2012-12-12 07:13 . 2012-11-02 05:11 376832 ----a-w- c:\windows\system32\dpnet.dll 2012-12-12 07:13 . 2012-11-09 04:42 2048 ----a-w- c:\windows\system32\tzres.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-14 22:49 . 2012-06-07 12:36 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-07 03:37 . 2012-04-12 12:21 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-11-07 03:37 . 2011-05-23 01:18 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-10-16 07:39 . 2012-11-28 13:54 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-12-05 06:27 . 2012-12-05 06:27 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spotify"="c:\users\2011\AppData\Roaming\Spotify\Spotify.exe" [2012-05-20 9478320] "RemotelessHelper"="c:\program files\SpotifyRemotelessHelper\SpotifyRemotelessHelper.exe" [2011-12-12 2280448] "Spotify Web Helper"="c:\users\2011\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-20 932528] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2011-12-01 206120] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Z1"="c:\users\2011\Desktop\mbar-1.01.0.1011\mbar\mbar.exe" [2013-01-08 1342312] . c:\users\2011\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x] R3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\DRIVERS\AE2500w7.sys [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [x] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1309000.009\SYMDS.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1309000.009\SYMEFA.SYS [x] S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\BASHDefs\20130107.001\BHDrvx86.sys [x] S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAV\1309000.009\ccSetx86.sys [x] S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\IPSDefs\20130108.002\IDSvix86.sys [x] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1309000.009\Ironx86.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAV\1309000.009\SYMNETS.SYS [x] S2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\19.9.0.9\ccSvcHst.exe [x] S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [x] S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe [x] S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x] S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [x] S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x] S3 GKUPRO2D;GKUPRO2D;c:\windows\system32\Drivers\GKUPRO2D.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - AFPIYPOC *Deregistered* - afpiypoc . Contents of the 'Scheduled Tasks' folder . 2013-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-10-31 16:55] . 2013-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-10-31 16:55] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.1 4.2.2.2 FF - ProfilePath - c:\users\2011\AppData\Roaming\Mozilla\Firefox\Profiles\1z5fxem1.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: network.proxy.type - 0 . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV] "ImagePath"="\"c:\program files\Norton AntiVirus\Engine\19.9.0.9\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\19.9.0.9\diMaster.dll\" /prefetch:1" -- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr] "ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.12.27\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-01-08 23:48:58 ComboFix-quarantined-files.txt 2013-01-09 05:48 . Pre-Run: 178,815,897,600 bytes free Post-Run: 179,647,672,320 bytes free . - - End Of File - - A1452C96FC81825F1B790539B4DD9849

I ran it according to the instructions, no malware was found. Here are the log files: Malwarebytes Anti-Rootkit 1.01.0.1011 www.malwarebytes.org Database version: v2013.01.08.10 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 2011 :: WINDOWS-KVIHLAV [administrator] 1/8/2013 11:39:21 AM mbar-log-2013-01-08 (11-39-21).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 28827 Time elapsed: 8 minute(s), 15 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1011 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x86 Account is Administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_33 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.605000 GHz Memory total: 2145837056, free: 1256112128 ------------ Kernel report ------------ 01/08/2013 11:30:32 ------------ Loaded modules ----------- \SystemRoot\system32\ntkrnlpa.exe \SystemRoot\system32\halmacpi.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_AuthenticAMD.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\nvstor.sys \SystemRoot\system32\drivers\storport.sys \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\NAV\1309000.009\SYMDS.SYS \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\system32\drivers\NAV\1309000.009\SYMEFA.SYS \SystemRoot\System32\Drivers\PxHelp20.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\vmstorfl.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\drivers\NAV\1309000.009\ccSetx86.sys \SystemRoot\system32\drivers\NAV\1309000.009\Ironx86.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\serial.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\System32\Drivers\NAV\1309000.009\SYMNETS.SYS \??\C:\Windows\system32\Drivers\SYMEVENT.SYS \SystemRoot\system32\drivers\NAV\1309000.009\SRTSPX.SYS \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\IPSDefs\20130105.001\IDSvix86.sys \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\system32\drivers\csc.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\BASHDefs\20121130.005\BHDrvx86.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\amdk8.sys \SystemRoot\system32\DRIVERS\b57nd60x.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\usbohci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\serenum.sys \SystemRoot\system32\DRIVERS\parport.sys \SystemRoot\system32\DRIVERS\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\rdpbus.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\HdAudio.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\System32\Drivers\GKUPRO2D.sys \SystemRoot\System32\Drivers\SMCLIB.SYS \SystemRoot\System32\DRIVERS\scfilter.sys \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_diskdump.sys \SystemRoot\System32\Drivers\dump_nvstor.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\DRIVERS\parvdm.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \??\C:\Windows\system32\drivers\mbam.sys \SystemRoot\System32\Drivers\NAV\1309000.009\SRTSP.SYS \SystemRoot\system32\DRIVERS\asyncmac.sys \??\C:\Users\2011\AppData\Local\Temp\mbr.sys \??\C:\Users\2011\AppData\Local\Temp\afpiypoc.sys \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\VirusDefs\20130107.023\NAVEX15.SYS \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\VirusDefs\20130107.023\NAVENG.SYS \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff85a7ba20 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000063\ Lower Device Object: 0xffffffff853bec68 Lower Device Driver Name: \Driver\nvstor\ Driver name found: nvstor DriverEntry returned 0x0 Function returned 0x0 Downloaded database version: v2013.01.08.10 Downloaded database version: v2013.01.04.01 Initializing... Done! <<<2>>> Device number: 0, partition: 1 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff85a7ba20, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff85a7b658, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff85a7ba20, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff84a52700, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xffffffff853bec68, DeviceName: \Device\00000063\, DriverName: \Driver\nvstor\ ------------ End ---------- Upper DeviceData: 0xffffffffcb90a068, 0xffffffff85a7ba20, 0xffffffff8f904990 Lower DeviceData: 0xffffffffa5311bc0, 0xffffffff853bec68, 0xffffffff84cc42b0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\Windows\system32\drivers... Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: B20D2E58 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 488277154 Partition file system is NTFS Partition is bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 250000000000 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488261250-488281250)... Done! Performing system, memory and registry scan... Done! Scan finished =======================================

I've had what I think is a nasty little bug get into my computer. It started with google search redirect, now google has stopped working alltogether. If I try to go to google, the browser sits there for a long time trying to connect and then cannot display the page. The same thing happens with bing.com. Other things are going wrong, including not being able to display any of the "reCaptcha" phrase boxes that you use to sign into forums and stuff. Also, on every startup, I get two error boxes that pop up. The first: "There was a problem starting C:\\Users\2011\AppData\Local\Temp\Wedes.dll The specified module could not be found." The Second: "There was a problem starting C:\\Users\2011\AppData\Local\Temp\usast.dll The specified module could not be found." I ran the malwarebytes program (I've been using it for a while), and nothing came back. I then followed the instructions here: http://forums.malwar...howtopic=81385. The mbam and dds log files are posted below, the other files are attached as requested. Thanks in advance for the help. mbam file: Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.08.02 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 2011 :: WINDOWS-KVIHLAV [administrator] 1/7/2013 10:49:48 PM mbam-log-2013-01-07 (22-49-48).txt Scan type: Full scan (C:\|D:\|E:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 423836 Time elapsed: 1 hour(s), 15 minute(s), 14 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ddsfile: DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0_33 Run by 2011 at 0:45:01 on 2013-01-08 Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.2046.765 [GMT -6:00] . AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Norton AntiVirus\Engine\19.9.0.9\ccSvcHst.exe C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe C:\Program Files\VERIZONDM\bin\sprtsvc.exe C:\Program Files\VERIZONDM\bin\tgsrvc.exe C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe C:\Windows\system32\taskhost.exe C:\Program Files\Norton AntiVirus\Engine\19.9.0.9\ccSvcHst.exe C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\VERIZONDM\bin\sprtcmd.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\SpotifyRemotelessHelper\SpotifyRemotelessHelper.exe C:\Users\2011\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\notepad.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k imgsvc . attach.zip