browser goes to random sites and sometimes plays random radio stations

after I ran combo fix nothing worked until I restarted computer, so I could not save the log,my computer is running a lot better now.15:58:06.099 Scan finished successfully
15:58:21.543 Disk 0 MBR has been saved successfully to "C:\Users\GOD\Downloads\MBR.dat"
15:58:21.543 The log file has been saved successfully to "C:\Users\GOD\Downloads\aswMBR.txt"


aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-04 15:54:02
-----------------------------
15:54:02.277 OS Version: Windows x64 6.1.7601 Service Pack 1
15:54:02.277 Number of processors: 4 586 0x502
15:54:02.277 ComputerName: GOD-PC UserName: GOD
15:54:02.839 Initialize success
15:55:32.001 AVAST engine defs: 11120400
15:56:04.855 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000056
15:56:04.861 Disk 0 Vendor: WDC_WD50 05.0 Size: 476940MB BusType: 3
15:56:06.878 Disk 0 MBR read successfully
15:56:06.884 Disk 0 MBR scan
15:56:06.893 Disk 0 Windows 7 default MBR code
15:56:06.900 Service scanning
15:56:07.939 Modules scanning
15:56:07.947 Disk 0 trace - called modules:
15:56:07.956 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8003455254]<<
15:56:07.964 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003435060]
15:56:07.973 3 CLASSPNP.SYS[fffff8800161743f] -> nt!IofCallDriver -> [0xfffffa8002f99590]
15:56:07.977 5 ACPI.sys[fffff88000f2c7a1] -> nt!IofCallDriver -> \Device\00000056[0xfffffa8002f908b0]
15:56:07.981 \Driver\nvstor[0xfffffa8002af1cd0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8003455254
15:56:08.621 AVAST engine scan C:\Windows
15:56:10.214 AVAST engine scan C:\Windows\system32
15:57:21.342 AVAST engine scan C:\Windows\system32\drivers
15:57:27.910 AVAST engine scan C:\Users\GOD
15:57:52.043 AVAST engine scan C:\ProgramData
15:58:06.099 Scan finished successfully
15:58:21.543 Disk 0 MBR has been saved successfully to "C:\Users\GOD\Downloads\MBR.dat"
15:58:21.543 The log file has been saved successfully to "C:\Users\GOD\Downloads\aswMBR.txt"
15:59:44.008 Disk 0 MBR has been saved successfully to "C:\Users\GOD\Downloads\MBR.dat"
15:59:44.008 The log file has been saved successfully to "C:\Users\GOD\Downloads\aswMBR.txt"


aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-04 15:54:02
-----------------------------
15:54:02.277 OS Version: Windows x64 6.1.7601 Service Pack 1
15:54:02.277 Number of processors: 4 586 0x502
15:54:02.277 ComputerName: GOD-PC UserName: GOD
15:54:02.839 Initialize success
15:55:32.001 AVAST engine defs: 11120400
15:56:04.855 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000056
15:56:04.861 Disk 0 Vendor: WDC_WD50 05.0 Size: 476940MB BusType: 3
15:56:06.878 Disk 0 MBR read successfully
15:56:06.884 Disk 0 MBR scan
15:56:06.893 Disk 0 Windows 7 default MBR code
15:56:06.900 Service scanning
15:56:07.939 Modules scanning
15:56:07.947 Disk 0 trace - called modules:
15:56:07.956 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8003455254]<<
15:56:07.964 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003435060]
15:56:07.973 3 CLASSPNP.SYS[fffff8800161743f] -> nt!IofCallDriver -> [0xfffffa8002f99590]
15:56:07.977 5 ACPI.sys[fffff88000f2c7a1] -> nt!IofCallDriver -> \Device\00000056[0xfffffa8002f908b0]
15:56:07.981 \Driver\nvstor[0xfffffa8002af1cd0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8003455254
15:56:08.621 AVAST engine scan C:\Windows
15:56:10.214 AVAST engine scan C:\Windows\system32
15:57:21.342 AVAST engine scan C:\Windows\system32\drivers
15:57:27.910 AVAST engine scan C:\Users\GOD
15:57:52.043 AVAST engine scan C:\ProgramData
15:58:06.099 Scan finished successfully
15:58:21.543 Disk 0 MBR has been saved successfully to "C:\Users\GOD\Downloads\MBR.dat"
15:58:21.543 The log file has been saved successfully to "C:\Users\GOD\Downloads\aswMBR.txt"
15:59:44.008 Disk 0 MBR has been saved successfully to "C:\Users\GOD\Downloads\MBR.dat"
15:59:44.008 The log file has been saved successfully to "C:\Users\GOD\Downloads\aswMBR.txt"
16:05:22.057 Disk 0 MBR has been saved successfully to "C:\Users\GOD\Downloads\MBR.dat"
16:05:22.057 The log file has been saved successfully to "C:\Users\GOD\Downloads\aswMBR.txt"

so I could not save the log

The log can be found on your C drive under ComboFix.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=be08dd9eb87e144c8cd879fdb5005ffb
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-04 07:44:15
# local_time=2011-12-04 07:44:15 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1024 16777215 100 0 12007 12007 0 0
# compatibility_mode=3588 16777214 85 19 1022274 68636685 0 0
# compatibility_mode=5893 16776574 100 94 17717 75490518 0 0
# compatibility_mode=8192 67108863 100 0 3796 3796 0 0
# scanned=85059
# found=1
# cleaned=1
# scan_time=2387
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5 a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
omboFix 11-12-04.02 - GOD 04/12/2011 13:46:39.5.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2815.1862 [GMT 0:00]
Running from: c:\users\GOD\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-11-04 to 2011-12-04 )))))))))))))))))))))))))))))))
.
.
2011-12-04 14:40 . 2011-12-04 14:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-04 14:40 . 2011-12-04 14:40 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-12-03 19:58 . 2011-12-03 19:58 59 ----a-w- C:\user.js
2011-12-03 19:58 . 2011-12-03 19:58 -------- d-----w- c:\program files (x86)\BabylonToolbar
2011-12-03 19:58 . 2011-12-03 19:58 -------- d-----w- c:\programdata\Babylon
2011-12-03 14:31 . 2011-12-03 14:31 -------- d-----w- c:\programdata\MacPaw
2011-12-03 14:30 . 2011-12-03 14:35 -------- d-----w- c:\program files\CleanMyPC
2011-12-02 13:18 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0848F0B6-9EBC-4652-AECD-AA43C7523D2E}\mpengine.dll
2011-11-29 15:03 . 2011-11-29 15:03 -------- d-----w- C:\_OTL
2011-11-27 11:10 . 2011-11-27 11:10 -------- d-----w- c:\program files (x86)\Common Files\IVA
2011-11-27 11:09 . 2011-11-27 11:10 -------- d-----w- c:\program files (x86)\Common Files\Nuance
2011-11-27 11:07 . 2011-11-27 11:07 -------- d-----w- c:\programdata\Nuance
2011-11-27 11:07 . 2011-11-27 11:07 -------- d-----w- c:\programdata\FLEXnet
2011-11-27 11:07 . 2011-11-27 11:07 -------- d-----w- c:\program files (x86)\Nuance
2011-11-27 10:16 . 2011-06-16 17:53 232960 ----a-w- c:\windows\system32\Spool\prtprocs\x64\EKIJ5000PPR.dll
2011-11-27 10:16 . 2011-11-27 10:16 -------- d-----w- c:\windows\system32\kodak
2011-11-27 10:12 . 2011-11-27 10:12 -------- d-----w- c:\windows\SysWow64\kodak
2011-11-27 10:10 . 2011-11-27 10:10 -------- d-----w- c:\windows\SysWow64\spool
2011-11-27 10:10 . 2011-11-27 10:10 -------- d-----w- c:\program files (x86)\Kodak
2011-11-27 10:09 . 2011-12-04 14:42 -------- d-----w- c:\programdata\Kodak
2011-11-26 09:35 . 2011-11-26 09:35 -------- d-----w- c:\program files (x86)\Ashampoo
2011-11-24 23:50 . 2011-10-19 23:10 22872 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2011-11-24 12:41 . 2011-11-24 12:41 -------- d-----w- C:\cc8f23cd96fb7d08746bf9609e
2011-11-24 12:27 . 2011-11-24 12:27 -------- d-----w- c:\windows\system32\SPReview
2011-11-24 12:26 . 2011-11-24 12:26 -------- d-----w- c:\windows\system32\EventProviders
2011-11-24 12:04 . 2010-11-20 13:33 273792 ----a-w- c:\windows\system32\drivers\msiscsi.sys
2011-11-24 12:03 . 2010-11-20 13:28 223248 ----a-w- c:\windows\system32\drivers\fvevol.sys
2011-11-24 12:02 . 2010-11-20 13:27 636416 ----a-w- c:\windows\system32\wmdrmdev.dll
2011-11-24 12:01 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2011-11-24 12:01 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2011-11-24 11:59 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2011-11-24 11:54 . 2011-11-25 13:50 -------- d-----w- c:\programdata\McAfee
2011-11-24 09:26 . 2011-11-24 09:26 39192 ----a-w- c:\windows\system32\Partizan.exe
2011-11-24 09:25 . 2011-11-27 01:12 24416 ----a-w- c:\windows\SysWow64\drivers\regguard.sys
2011-11-24 09:21 . 2011-11-24 09:21 2 --shatr- c:\windows\winstart.bat
2011-11-24 09:21 . 2011-11-24 09:21 -------- d-----w- c:\program files (x86)\Greatis
2011-11-23 20:15 . 2011-11-23 20:15 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-11-23 19:59 . 2011-11-23 19:59 -------- d-----w- c:\program files\Microsoft IntelliPoint
2011-11-23 19:55 . 2011-11-23 19:55 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2011-11-23 18:36 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2011-11-23 18:36 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll
2011-11-23 18:36 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-11-23 18:36 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-11-23 18:36 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-11-23 12:56 . 2011-11-23 12:56 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-11-23 12:56 . 2011-11-23 12:56 -------- d-----w- c:\windows\SysWow64\Wat
2011-11-23 12:56 . 2011-11-23 12:56 -------- d-----w- c:\windows\system32\Wat
2011-11-23 12:50 . 2011-11-23 12:50 -------- d-----w- c:\programdata\Systweak
2011-11-23 12:36 . 2011-07-07 13:26 18816 ----a-w- c:\windows\system32\roboot64.exe
2011-11-23 12:36 . 2010-10-06 12:25 16896 ----a-w- c:\windows\system32\sasnative64.exe
2011-11-23 12:35 . 2011-11-23 13:06 -------- d-----w- c:\program files (x86)\Advanced System Optimizer 3
2011-11-23 12:32 . 2011-11-23 12:32 -------- d-----w- c:\program files (x86)\Common Files\Spigot
2011-11-23 12:32 . 2011-11-23 12:32 -------- d-----w- c:\programdata\IObit
2011-11-23 12:30 . 2011-11-23 12:30 -------- d-----w- c:\program files (x86)\IObit
2011-11-23 12:20 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2011-11-23 11:58 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-23 11:58 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-23 11:56 . 2011-02-24 06:15 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-11-23 11:55 . 2011-03-03 06:24 183296 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-11-23 11:54 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-11-23 09:15 . 2011-11-23 12:29 -------- d--h--w- c:\windows\msdownld.tmp
2011-11-23 08:43 . 2011-11-23 08:43 -------- d-----w- c:\programdata\Malwarebytes
2011-11-23 08:42 . 2011-11-24 11:58 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-23 08:42 . 2011-11-23 08:42 -------- d-----w- c:\windows\system32\Macromed
2011-11-23 06:56 . 2011-11-23 06:56 -------- d-----w- c:\windows\NAPP_Dism_Log
2011-11-23 00:36 . 2011-11-23 00:36 -------- d-----w- c:\program files\CCleaner
2011-11-23 00:04 . 2011-11-23 00:04 -------- d-----w- c:\program files (x86)\VS Revo Group
2011-11-22 23:54 . 2011-05-24 18:14 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-11-22 23:49 . 2011-11-28 18:01 256960 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-22 23:49 . 2011-12-03 19:47 -------- d-----w- c:\programdata\AVAST Software
2011-11-22 23:49 . 2011-11-22 23:49 -------- d-----w- c:\program files\AVAST Software
2011-11-22 23:42 . 2011-11-25 13:46 -------- d-----w- c:\programdata\Fighters
2011-11-22 23:37 . 2010-11-09 14:56 49752 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-11-22 23:37 . 2010-11-09 14:56 27472 ----a-w- c:\windows\system32\sbbd.exe
2011-11-22 23:37 . 2011-11-23 00:19 -------- d-----w- C:\VIPRERESCUE
2011-11-22 23:25 . 2006-11-29 13:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-11-22 23:25 . 2006-11-29 13:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2011-11-22 23:24 . 2011-11-22 23:24 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2011-11-22 23:24 . 2011-11-22 23:24 -------- d-----w- c:\program files (x86)\Microsoft
2011-11-22 23:23 . 2011-11-22 23:23 -------- d-----w- c:\program files (x86)\Windows Live SkyDrive
2011-11-22 23:23 . 2011-11-22 23:23 -------- d-----w- c:\windows\PCHEALTH
2011-11-22 23:23 . 2011-11-22 23:23 -------- d-----w- c:\program files\Eraser
2011-11-22 23:21 . 2011-11-22 23:21 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2011-11-22 23:20 . 2011-11-22 23:20 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
2011-11-22 23:16 . 2011-11-22 23:16 -------- d---a-w- C:\book
2011-11-22 23:13 . 2011-11-22 23:13 -------- d-----w- c:\program files\PB Accessory Store
2011-11-22 23:13 . 2011-11-22 23:13 -------- d-----w- c:\users\Public\Symantec
2011-11-22 23:13 . 2011-12-02 12:40 -------- d-----w- c:\users\GOD
2011-11-22 23:12 . 2011-11-22 23:12 -------- d-----w- C:\Recovery
2011-11-22 23:07 . 2011-11-22 23:07 -------- d-----w- c:\windows\SysWow64\RTCOM
2011-11-22 23:07 . 2011-11-22 23:07 -------- d-----w- c:\program files\Realtek
2011-11-22 23:05 . 2011-11-23 23:01 -------- d-----w- c:\programdata\NVIDIA
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-04 14:45 . 2011-12-04 14:45 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0848F0B6-9EBC-4652-AECD-AA43C7523D2E}\offreg.dll
2011-11-24 12:57 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-11-24 12:57 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-11-22 23:09 . 2010-05-10 09:06 6 ----a-w- c:\windows\system32\PLD_Framework.cmd
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-03_10.21.01 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-12-03 08:48 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-12-03 19:15 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-12-03 08:48 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-03 19:15 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-03 08:48 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-03 19:15 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-05-10 08:45 . 2011-12-03 19:52 40402 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-12-04 11:02 31092 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-11-23 13:05 . 2011-11-30 12:50 5328 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-11-23 13:05 . 2011-12-03 16:57 5328 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-11-22 23:36 . 2011-12-04 11:02 6734 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-437603247-1892917397-2572452206-1000_UserData.bin
- 2011-12-03 10:19 . 2011-12-03 10:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-04 14:42 . 2011-12-04 14:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-04 14:42 . 2011-12-04 14:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-12-03 10:19 . 2011-12-03 10:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-11-23 11:41 . 2011-12-04 14:35 253520 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 02:36 . 2011-12-03 09:03 628024 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-12-04 11:05 628024 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-12-03 09:03 110208 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-12-04 11:05 110208 c:\windows\system32\perfc009.dat
+ 2011-12-03 17:40 . 2011-12-04 14:42 149440 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 05:01 . 2011-12-04 14:42 244452 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-12-03 10:18 244452 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-11-23 09:16 . 2011-12-04 14:42 7234100 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-437603247-1892917397-2572452206-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2010-05-10 09:10 433648 ----a-w- c:\programdata\Partner\Partner.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-10 39408]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-11-12 1647448]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SMASH"="c:\program files (x86)\Ashampoo\Ashampoo Office 2010\smash.exe" [2009-10-30 229411]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2011-06-06 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Hotkey Utility"="c:\program files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe" [2010-08-04 611872]
"DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2010-10-27 328992]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe" [2011-06-16 2922496]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Conime"="c:\windows\system32\conime.exe" [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-23 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-23 136176]
R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2010-05-10 332272]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-11-10 490840]
S2 CleanMyPCService;CleanMyPC Watcher;c:\program files\CleanMyPC\CleanMyPCService.exe [2011-08-18 69424]
S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2011-06-05 296808]
S2 Greg_Service;GRegService;c:\program files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-09-05 393648]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-28 243232]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-23 00:35]
.
2011-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-23 00:35]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2010-05-10 09:10 750064 ----a-w- c:\programdata\Partner\Partner64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-17 9608224]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2010-11-04 980368]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2011-06-16 2922496]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/?AF=100490&babsrc=HP_ss&mntrId=e8bfad8100000000000000262d47a7a0
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=imedia_s1300&r=173611114206p04f5v1l5y47k12206
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\GOD\AppData\Roaming\Mozilla\Firefox\Profiles\xyxde1pt.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?AF=100490&babsrc=HP_ss&mntrId=e8bfad8100000000000000262d47a7a0
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=100490&babsrc=adbartrp&mntrId=e8bfad8100000000000000262d47a7a0&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-04 15:01:34 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-04 15:01
ComboFix2.txt 2011-12-04 10:58
ComboFix3.txt 2011-12-03 23:00
ComboFix4.txt 2011-12-03 10:40
.
Pre-Run: 203,597,512,704 bytes free
Post-Run: 203,993,681,920 bytes free
.
- - End Of File - - E59331E97ECE9FBA76C7673C85C7CA9C

could not find combo fix.exe/script. I have great difficulty in trying to drag notebook over to, combo fix. I appreciate the time you spent trying to help me as far as I can see PC ok, but now no sound.

Regards Peter

Are the re-directs still happening?

yes but not as often as before

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.

• Save it to your desktop.
  
• Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
  
• Double click the setup file to run it.
  
• Click Next to continue.
  
• Accept the License agreement and click on next.
  
• It will, by default, install it to your desktop folder. Click Next.
  
• It will then open a box There will be a tab that says Automatic scan.
  
• Under Automatic scan make sure these are checked.
  
  
• Hidden Startup Objects
  
• System Memory
  
• Disk Boot Sectors.
  
• My Computer.
  
• Also any other drives (Removable that you may have)
  

Leave the rest of the settings as they appear as default.
•Then click on Scan at the to right hand Corner.
•It will automatically Neutralize any objects found.
•If some objects are left un-neutralized then click the button that says Neutralize all
•If it says it cannot be neutralized then choose the delete option when prompted.
•After that is done click on the reports button at the bottom and save it to file name it Kas.
•Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

athering system information: completed 52 minutes ago (events: 26, time: 00:01:18)
06/12/2011 00:01:57 Task completed Gathering system information
06/12/2011 00:01:57 Main script of analysis
06/12/2011 00:01:57 Deleting service/driver: ujqyoduy
06/12/2011 00:01:57 Deleting service/driver: utqyoduy
06/12/2011 00:01:57 System Analysis - complete
06/12/2011 00:01:21 System Analysis in progress
06/12/2011 00:01:20 >> Windows Explorer - show extensions of known file types
06/12/2011 00:01:20 >> Disable removable media autorun
06/12/2011 00:01:20 >> Disable CD/DVD autorun
06/12/2011 00:01:20 >> Disable autorun from network drives
06/12/2011 00:01:19 >> Disable HDD autorun
06/12/2011 00:01:19 >> Service termination timeout is out of admissible values
06/12/2011 00:01:19 >> Process termination timeout is out of admissible values
06/12/2011 00:01:17 >> Security: sending Remote Assistant queries is enabled
06/12/2011 00:01:17 >> Security: anonymous user access is enabled
06/12/2011 00:01:17 >> Security: administrative shares (C$, D$ ...) are enabled
06/12/2011 00:01:17 >> Security: disk drives' autorun is enabled
06/12/2011 00:01:17 > Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
06/12/2011 00:01:17 >> Services: potentially dangerous service allowed: Schedule (@%SystemRoot%\system32\schedsvc.dll,-100)
06/12/2011 00:01:17 >> Services: potentially dangerous service allowed: SSDPSRV (@%systemroot%\system32\ssdpsrv.dll,-100)
06/12/2011 00:01:17 >> Services: potentially dangerous service allowed: TermService (@%SystemRoot%\System32\termsrv.dll,-268)
06/12/2011 00:00:39 System booted in Safe Mode
06/12/2011 00:00:39 System Restore: enabled
06/12/2011 00:00:39 Windows version: Windows 7 Home Premium, Build=7601, SP="Service Pack 1"
06/12/2011 00:00:39 Main script of analysis
06/12/2011 00:00:39 Task started Gathering system information
Gathering system information: completed 50 minutes ago (events: 26, time: 00:00:55)
06/12/2011 00:03:35 Task completed Gathering system information
06/12/2011 00:03:35 Main script of analysis
06/12/2011 00:03:35 Deleting service/driver: ujqyoduy
06/12/2011 00:03:35 Deleting service/driver: utqyoduy
06/12/2011 00:03:35 System Analysis - complete
06/12/2011 00:03:13 System Analysis in progress
06/12/2011 00:03:12 >> Windows Explorer - show extensions of known file types
06/12/2011 00:03:12 >> Disable removable media autorun
06/12/2011 00:03:12 >> Disable CD/DVD autorun
06/12/2011 00:03:12 >> Disable autorun from network drives
06/12/2011 00:03:12 >> Disable HDD autorun
06/12/2011 00:03:12 >> Service termination timeout is out of admissible values
06/12/2011 00:03:12 >> Process termination timeout is out of admissible values
06/12/2011 00:03:09 >> Security: sending Remote Assistant queries is enabled
06/12/2011 00:03:09 >> Security: anonymous user access is enabled
06/12/2011 00:03:09 >> Security: administrative shares (C$, D$ ...) are enabled
06/12/2011 00:03:09 >> Security: disk drives' autorun is enabled
06/12/2011 00:03:09 > Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
06/12/2011 00:03:09 >> Services: potentially dangerous service allowed: Schedule (@%SystemRoot%\system32\schedsvc.dll,-100)
06/12/2011 00:03:09 >> Services: potentially dangerous service allowed: SSDPSRV (@%systemroot%\system32\ssdpsrv.dll,-100)
06/12/2011 00:03:09 >> Services: potentially dangerous service allowed: TermService (@%SystemRoot%\System32\termsrv.dll,-268)
06/12/2011 00:02:40 System booted in Safe Mode
06/12/2011 00:02:40 System Restore: enabled
06/12/2011 00:02:40 Windows version: Windows 7 Home Premium, Build=7601, SP="Service Pack 1"
06/12/2011 00:02:40 Main script of analysis

Any change?

YES !!! YES!!! Thank you for your time,i have learnt a lot from you

Regards Peter

YES !!! YES!!! Thank you for your time,i have learnt a lot from you

You're welcome. Now, we should do some cleanup.

To uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall
  

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
  

If this doesn't remove ComboFix, please let me know.
****************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
***************************************************
Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
*****************************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Everything is working,and i have done everything you said. Iwill keep all your notes and learn from them .AGAIN THANK YOU.


Regards Peter

You're welcome. Happy Holidays