This situation keeps getting more complicated as time goes on. I'll try to explain the best I can and in a chronological fashion.
Prior to the problem below, I experienced a hard drive failure (7 year old seagate just died) and popped a new one into place. I installed Windows 7 and put my backups back on my laptop. This occurred on December 28-30th. Since replacing the hard drive, everything has been normal until 3 days ago.
I share an Amazon prime account with my brother. Starting 3 days ago, I get redirected to this page when logging in to Amazon: https://i.imgur.com/Sn5TXod.jpg (sorry about the literal picture of a computer screen, I used my phone to text it my brother so we could investigate).
This has never happened before and does not happen on any other computer that isn't my laptop. I was obviously concerned about phishing, so I knew something was wrong. The URL during the redirect (which I could link if requested) appears to be legitimate, but I could be wrong. Since this began, my browser (Firefox) has been repeatedly crashing at random points in time. Sometimes it crashes on startup, sometimes when opening a new tab. it's completely random. It crashed while making this post, just out of spite.
I tested the redirect to see if it happens with any other browsers. It also occurs with Chrome, a fresh install of Firefox, but not with IE. The Amazon sign-in will occur normally (no re-direct) with IE, but I am greeted with this error before and after signing in: https://i.imgur.com/awubFxK.png?1
After doing this testing, I downloaded AVG, Malwarebytes, and the Windows Malicious Software Removal tool and ran them all. AVG found nothing. Malwarebytes found some registry keys that I quarantined and took care of. This didn't fix it. The Windows tool found 5 files that it took care of. This still didn't fix it.
Since running those tools, Malwarebytes is now actively stopping something called "Trojan.Dridex" every hour. It quarantines the file (bcrypt.dll), but I get a real-time alert the next hour, on the hour, that it quarantined it again. I saved the log file if requested. Despite all of this, I'm still getting the Amazon redirect.
I'm not sure what to do or how to proceed at this point. I changed passwords as necessary, but I'm totally lost. Any help or assistance would be greatly appreciated. Thanks in advance!
Edit: Since making this post, AVG just found "Win64:Malware-gen" and quarantined/deleted it. Still getting the redirect.
Edit2: I also just found a task called "TpmInit.exe" that is scheduled to run at :23 every hour. It is located in the directory C:\Windows\System32\5557 along with the infected file bcrypt.dll. How should I proceed with these system32 files?
Edit3: I think I solved this myself. I downloaded HitmanPro, which not only deleted C:\Windows\System32\5557\bcrypt.dll, but another .dll contained in an oddly-named subfolder stored in in C:\Users\Username\Appdata\Roaming. This subfolder kept re-appearing after deletion, so I restarted and it was gone. The redirect no longer occurs on any browser. This was what the software described as "Gen.Variant.Mikey" and was evidently hijacking my browser, among other things. I'm gonna just run some more AV scans and call it good, unless anyone on here can offer more suggestions.
Edited by mw14000, 15 January 2018 - 08:18 PM.