[I've got a tough one...]

Ran them last night, here's the results:

JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.4.2 (01.08.2013:1)

OS: Windows 7 Enterprise x86

Ran by 2011 on Wed 01/09/2013 at 18:35:20.27

Blog: http://thisisudax.blogspot.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Users\2011\AppData\Roaming\pccustubinstaller"

Successfully deleted: [Folder] "C:\Users\2011\appdata\locallow\boost_interprocess"

Successfully deleted: [Folder] "C:\ProgramData\ask"

~~~ FireFox

Successfully deleted: [File] C:\Users\2011\AppData\Roaming\mozilla\firefox\profiles\1z5fxem1.default\searchplugins\askcom.xml

Successfully deleted the following from C:\Users\2011\AppData\Roaming\mozilla\firefox\profiles\1z5fxem1.default\prefs.js

user_pref("browser.search.order.1", "Ask.com");

Emptied folder: C:\Users\2011\AppData\Roaming\mozilla\firefox\profiles\1z5fxem1.default\minidumps [21 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Wed 01/09/2013 at 18:38:42.29

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

AdwCleaner:

# AdwCleaner v2.105 - Logfile created 01/09/2013 at 18:51:11

# Updated 08/01/2013 by Xplode

# Operating system : Windows 7 Enterprise Service Pack 1 (32 bits)

# User : 2011 - WINDOWS-KVIHLAV

# Boot Mode : Normal

# Running from : C:\Users\2011\Desktop\AdwCleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Users\2011\AppData\Roaming\Mozilla\Firefox\Profiles\1z5fxem1.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [757 octets] - [09/01/2013 18:51:11]

########## EOF - C:\AdwCleaner[s1].txt - [816 octets] ##########

MBAM:

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2013.01.09.10

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

2011 :: WINDOWS-KVIHLAV [administrator]

1/9/2013 7:00:15 PM

mbam-log-2013-01-09 (19-00-15).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 227801

Time elapsed: 3 minute(s), 42 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

ESET:

C:\TDSSKiller_Quarantine\09.07.2012_20.26.15\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.KS trojan

[I've got a tough one...]

CatByte,

That seems to have fixed my problem, I can now access www.google.com, and reCaptcha boxes are now showing up. Thank you so much! We would certainly be lost without the good people out there working harder to stop the bad ones than the bad people are working to screw things up.

Here's the log file that combofix created. Is there anything else I need to do to finish the cleanup?

ComboFix 13-01-08.01 - 2011 01/08/2013 23:39:58.1.2 - x86

Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.2046.1159 [GMT -6:00]

Running from: c:\users\2011\Desktop\ComboFix.exe

AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\isRS-000.tmp

c:\windows\system32\Packet.dll

c:\windows\system32\pthreadVC.dll

c:\windows\system32\WanPacket.dll

c:\windows\system32\wpcap.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-12-09 to 2013-01-09 )))))))))))))))))))))))))))))))

.

.

2013-01-09 05:46 . 2013-01-09 05:47 -------- d-----w- c:\users\2011\AppData\Local\temp

2013-01-09 05:46 . 2013-01-09 05:46 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-01-08 04:43 . 2013-01-08 04:43 -------- d-----w- c:\users\2011\AppData\Local\Programs

2012-12-22 09:01 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll

2012-12-22 09:01 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll

2012-12-12 07:14 . 2012-11-22 02:56 2345984 ----a-w- c:\windows\system32\win32k.sys

2012-12-12 07:13 . 2012-10-04 16:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2012-12-12 07:13 . 2012-11-02 05:11 376832 ----a-w- c:\windows\system32\dpnet.dll

2012-12-12 07:13 . 2012-11-09 04:42 2048 ----a-w- c:\windows\system32\tzres.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-14 22:49 . 2012-06-07 12:36 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-07 03:37 . 2012-04-12 12:21 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-11-07 03:37 . 2011-05-23 01:18 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-16 07:39 . 2012-11-28 13:54 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-12-05 06:27 . 2012-12-05 06:27 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Spotify"="c:\users\2011\AppData\Roaming\Spotify\Spotify.exe" [2012-05-20 9478320]

"RemotelessHelper"="c:\program files\SpotifyRemotelessHelper\SpotifyRemotelessHelper.exe" [2011-12-12 2280448]

"Spotify Web Helper"="c:\users\2011\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-20 932528]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2011-12-01 206120]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Z1"="c:\users\2011\Desktop\mbar-1.01.0.1011\mbar\mbar.exe" [2013-01-08 1342312]

.

c:\users\2011\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]

R3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\DRIVERS\AE2500w7.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [x]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1309000.009\SYMDS.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1309000.009\SYMEFA.SYS [x]

S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\BASHDefs\20130107.001\BHDrvx86.sys [x]

S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAV\1309000.009\ccSetx86.sys [x]

S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\IPSDefs\20130108.002\IDSvix86.sys [x]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1309000.009\Ironx86.SYS [x]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAV\1309000.009\SYMNETS.SYS [x]

S2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\19.9.0.9\ccSvcHst.exe [x]

S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [x]

S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe [x]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]

S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [x]

S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]

S3 GKUPRO2D;GKUPRO2D;c:\windows\system32\Drivers\GKUPRO2D.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - AFPIYPOC

*Deregistered* - afpiypoc

.

Contents of the 'Scheduled Tasks' folder

.

2013-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-31 16:55]

.

2013-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-31 16:55]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.1 4.2.2.2

FF - ProfilePath - c:\users\2011\AppData\Roaming\Mozilla\Firefox\Profiles\1z5fxem1.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: network.proxy.type - 0

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV]

"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\19.9.0.9\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\19.9.0.9\diMaster.dll\" /prefetch:1"

--

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]

"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.12.27\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-01-08 23:48:58

ComboFix-quarantined-files.txt 2013-01-09 05:48

.

Pre-Run: 178,815,897,600 bytes free

Post-Run: 179,647,672,320 bytes free

.

- - End Of File - - A1452C96FC81825F1B790539B4DD9849

[I've got a tough one...]

I ran it according to the instructions, no malware was found. Here are the log files:

Malwarebytes Anti-Rootkit 1.01.0.1011

www.malwarebytes.org

Database version: v2013.01.08.10

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

2011 :: WINDOWS-KVIHLAV [administrator]

1/8/2013 11:39:21 AM

mbar-log-2013-01-08 (11-39-21).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 28827

Time elapsed: 8 minute(s), 15 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1011

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_33

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 2.605000 GHz

Memory total: 2145837056, free: 1256112128

------------ Kernel report ------------

01/08/2013 11:30:32

------------ Loaded modules -----------

\SystemRoot\system32\ntkrnlpa.exe

\SystemRoot\system32\halmacpi.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_AuthenticAMD.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\BOOTVID.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\nvstor.sys

\SystemRoot\system32\drivers\storport.sys

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\NAV\1309000.009\SYMDS.SYS

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\system32\drivers\NAV\1309000.009\SYMEFA.SYS

\SystemRoot\System32\Drivers\PxHelp20.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\vmstorfl.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\drivers\disk.sys

\SystemRoot\system32\drivers\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\drivers\NAV\1309000.009\ccSetx86.sys

\SystemRoot\system32\drivers\NAV\1309000.009\Ironx86.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\serial.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\System32\Drivers\NAV\1309000.009\SYMNETS.SYS

\??\C:\Windows\system32\Drivers\SYMEVENT.SYS

\SystemRoot\system32\drivers\NAV\1309000.009\SRTSPX.SYS

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\IPSDefs\20130105.001\IDSvix86.sys

\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\system32\drivers\csc.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\BASHDefs\20121130.005\BHDrvx86.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\amdk8.sys

\SystemRoot\system32\DRIVERS\b57nd60x.sys

\SystemRoot\system32\DRIVERS\atikmdag.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\usbohci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\serenum.sys

\SystemRoot\system32\DRIVERS\parport.sys

\SystemRoot\system32\DRIVERS\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\rdpbus.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\HdAudio.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\System32\Drivers\GKUPRO2D.sys

\SystemRoot\System32\Drivers\SMCLIB.SYS

\SystemRoot\System32\DRIVERS\scfilter.sys

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_diskdump.sys

\SystemRoot\System32\Drivers\dump_nvstor.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\DRIVERS\parvdm.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\??\C:\Windows\system32\drivers\mbam.sys

\SystemRoot\System32\Drivers\NAV\1309000.009\SRTSP.SYS

\SystemRoot\system32\DRIVERS\asyncmac.sys

\??\C:\Users\2011\AppData\Local\Temp\mbr.sys

\??\C:\Users\2011\AppData\Local\Temp\afpiypoc.sys

\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\VirusDefs\20130107.023\NAVEX15.SYS

\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\VirusDefs\20130107.023\NAVENG.SYS

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xffffffff85a7ba20

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000063\

Lower Device Object: 0xffffffff853bec68

Lower Device Driver Name: \Driver\nvstor\

Driver name found: nvstor

DriverEntry returned 0x0

Function returned 0x0

Downloaded database version: v2013.01.08.10

Downloaded database version: v2013.01.04.01

Initializing...

Done!

<<<2>>>

Device number: 0, partition: 1

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xffffffff85a7ba20, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff85a7b658, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xffffffff85a7ba20, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff84a52700, DeviceName: Unknown, DriverName: \Driver\ACPI\

DevicePointer: 0xffffffff853bec68, DeviceName: \Device\00000063\, DriverName: \Driver\nvstor\

------------ End ----------

Upper DeviceData: 0xffffffffcb90a068, 0xffffffff85a7ba20, 0xffffffff8f904990

Lower DeviceData: 0xffffffffa5311bc0, 0xffffffff853bec68, 0xffffffff84cc42b0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning directory: C:\Windows\system32\drivers...

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: B20D2E58

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 2048 Numsec = 488277154

Partition file system is NTFS

Partition is bootable

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 250000000000 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488261250-488281250)...

Done!

Performing system, memory and registry scan...

Done!

Scan finished

=======================================

[I've got a tough one...]

I've had what I think is a nasty little bug get into my computer. It started with google search redirect, now google has stopped working alltogether. If I try to go to google, the browser sits there for a long time trying to connect and then cannot display the page. The same thing happens with bing.com. Other things are going wrong, including not being able to display any of the "reCaptcha" phrase boxes that you use to sign into forums and stuff.

Also, on every startup, I get two error boxes that pop up. The first: "There was a problem starting C:\\Users\2011\AppData\Local\Temp\Wedes.dll

The specified module could not be found."

The Second: "There was a problem starting C:\\Users\2011\AppData\Local\Temp\usast.dll

The specified module could not be found."

I ran the malwarebytes program (I've been using it for a while), and nothing came back. I then followed the instructions here: http://forums.malwar...howtopic=81385. The mbam and dds log files are posted below, the other files are attached as requested.

Thanks in advance for the help.

mbam file:

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2013.01.08.02

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

2011 :: WINDOWS-KVIHLAV [administrator]

1/7/2013 10:49:48 PM

mbam-log-2013-01-07 (22-49-48).txt

Scan type: Full scan (C:\|D:\|E:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 423836

Time elapsed: 1 hour(s), 15 minute(s), 14 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

ddsfile:

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0_33

Run by 2011 at 0:45:01 on 2013-01-08

Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.2046.765 [GMT -6:00]

.

AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Norton AntiVirus\Engine\19.9.0.9\ccSvcHst.exe

C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe

C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe

C:\Program Files\VERIZONDM\bin\sprtsvc.exe

C:\Program Files\VERIZONDM\bin\tgsrvc.exe

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Norton AntiVirus\Engine\19.9.0.9\ccSvcHst.exe

C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\VERIZONDM\bin\sprtcmd.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\SpotifyRemotelessHelper\SpotifyRemotelessHelper.exe

C:\Users\2011\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\notepad.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k imgsvc

.

attach.zip