Solved redirect virus again?

ok, i tried running the otl with the info pasted and it quit running and got message stating that, i had to boot the computer as it was froze up. on reboot. this message in notepad was there

Files\Folders moved on Reboot...
C:\Users\jerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y7OUSVN7\fastbutton[6].htm moved successfully.

PendingFileRenameOperations files...
File C:\Users\jerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y7OUSVN7\fastbutton[6].htm not found!

Registry entries deleted on Reboot...


so should i run otl with fix again?

 

ok, it ran and this notpad came up after reboot, i'll do the other stuff you ask

All processes killed
Error: Unable to interpret < > in the current context!
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1182583647-3259410284-1344731716-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ not found.
Unable to delete ADS C:\Program Files\Colt Poker:MID .
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: jerry
->Temp folder emptied: 680281 bytes
->Temporary Internet Files folder emptied: 53674512 bytes
->Java cache emptied: 3706659 bytes
->Google Chrome cache emptied: 18553375 bytes
->Flash cache emptied: 536 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 14910 bytes
RecycleBin emptied: 111916 bytes

Total Files Cleaned = 73.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: jerry
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: jerry
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.53.1 log created on 07222012_154308

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

Farbar Service Scanner Version: 19-07-2012
Ran by jerry (administrator) on 22-07-2012 at 15:58:24
Running from "C:\Users\jerry\Downloads "
Microsoft® Windows Vistaâ„¢ Home Basic Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware "=DWORD:1


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Auto
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-05-11 14:26] - [2012-03-30 08:39] - 0905600 ____A (Microsoft Corporation) 27D470DABC77BC60D0A3B0E4DEB6CB91

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

 

the eset scan results


C:\TDSSKiller_Quarantine\19.07.2012_05.35.20\rtkt0000\svc0000\tsk0000.dta Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\19.07.2012_05.35.20\rtkt0000\zafs0000\tsk0001.dta Win32/Sirefef.EZ trojan deleted - quarantined
C:\TDSSKiller_Quarantine\19.07.2012_05.35.20\rtkt0000\zafs0000\tsk0009.dta a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\19.07.2012_05.35.20\rtkt0000\zafs0000\tsk0010.dta a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined

 

Results of screen317's Security Check version 0.99.24
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
AVG 2012
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Spybot - Search & Destroy
SUPERAntiSpyware
Java(TM) 6 Update 31
Out of date Java installed!
Adobe Flash Player 11.2.202.235
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````


this computer still seems to have something wrong with it as when i checked my email this morning, it was all out of sorts, like it was when we started this fix, like i got redirected when i tried to come to this site

 

All I can say is that its running even worse now, like my email is all messed up and i get redirected everytime i do a search like on yahoo. I've also been getting avg warnings and threats being removed. I dont know what else to say except my computer experience status should be lowered, i feel like less than a beginner...... ok, here is an example, i go to yahoo and type in acer in the search bar, the results come up and when i click on the www.acer.com it opens a window but goes to different site, i close this window and try it again and it takes me to a different site again, seems i have to put the web address in the url bar to get to where i want to go.

 

ok, when i did the f8 and choose Repair Your Computer it just goes to the black screen with the green bar moving across the screen and just stays there, i tried it two times and the second time i let it run for 30 min before shutting it down and posting this

 

no i dont

 

i cant find the right f key to get to the bios settings, i've tired f1 f2 f8 and f12. all put up a message to hit any key to boot from cd or dvd but most of the time it just starts normally. only f8 gets me to the safe mode with other things i could click on but none are bios. I think i was able to get it to boot from the disk but it gets to the screen with the green bar and just stays there

 

RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: jerry [Admin rights]
Mode: Scan -- Date: 07/24/2012 18:01:17

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[Faked.Drv][FAKED] tdx.sys : c:\windows\system32\drivers\tdx.sys --> CANNOT FIX

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD16 00BEVT-22ZCT0 SCSI Disk Device +++++
--- User ---
[MBR] 3cc9fe40bde09045362c2c919a02afed
[BSP] 0f071cfbe77f754bc10c577fc5353435 : Acer tatooed MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 10244 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20981760 | Size: 71192 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 166782976 | Size: 71189 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: Memorex TD Classic 003B USB Device +++++
--- User ---
[MBR] ba50da09410d0df8388535e127f8b1ea
[BSP] a49932512316e134c286bc3de249bd39 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT16-LBA (0x0e) [VISIBLE] Offset (sectors): 32 | Size: 980 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt

 

18:57:34.0196 5392 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
18:57:34.0707 5392 ============================================================
18:57:34.0707 5392 Current date / time: 2012/07/24 18:57:34.0707
18:57:34.0707 5392 SystemInfo:
18:57:34.0707 5392
18:57:34.0708 5392 OS Version: 6.0.6002 ServicePack: 2.0
18:57:34.0708 5392 Product type: Workstation
18:57:34.0708 5392 ComputerName: JERRY-PC
18:57:34.0709 5392 UserName: jerry
18:57:34.0710 5392 Windows directory: C:\Windows
18:57:34.0710 5392 System windows directory: C:\Windows
18:57:34.0710 5392 Processor architecture: Intel x86
18:57:34.0710 5392 Number of processors: 1
18:57:34.0710 5392 Page size: 0x1000
18:57:34.0710 5392 Boot type: Normal boot
18:57:34.0710 5392 ============================================================
18:57:37.0662 5392 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:57:37.0677 5392 Drive \Device\Harddisk1\DR1 - Size: 0x3D500000 (0.96 Gb), SectorSize: 0x200, Cylinders: 0x7D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:57:37.0680 5392 ============================================================
18:57:37.0680 5392 \Device\Harddisk0\DR0:
18:57:37.0680 5392 MBR partitions:
18:57:37.0681 5392 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1402800, BlocksNum 0x8B0C000
18:57:37.0681 5392 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x9F0E800, BlocksNum 0x8B0A800
18:57:37.0681 5392 \Device\Harddisk1\DR1:
18:57:37.0682 5392 MBR partitions:
18:57:37.0682 5392 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xE, StartLBA 0x20, BlocksNum 0x1EA7E0
18:57:37.0682 5392 ============================================================
18:57:37.0731 5392 C: <-> \Device\Harddisk0\DR0\Partition0
18:57:37.0782 5392 D: <-> \Device\Harddisk0\DR0\Partition1
18:57:37.0782 5392 ============================================================
18:57:37.0783 5392 Initialize success
18:57:37.0783 5392 ============================================================

this computer is running much better now, no more redirect when serching yahoo and my yahoo email looks right now.