Google redirects again

been having redirects again lately..i reset the hosts file and that seemed to fix it for a little bit but now its back. heres a few logs to help get started:

Results of screen317's Security Check version 0.99.7
(UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Spybot - Search & Destroy
Java™ 7 Update 1
Adobe Flash Player 11.1.102.55
Mozilla Firefox (x86 en-US..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
``````````End of Log````````````

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

MiniToolBox by Farbar Version: 23-07-2012
Ran by Cyber (administrator) on 02-08-2012 at 12:02:08
Microsoft Windows 7 NVIDIA 2010 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

# ::1 localhost

========================= IP Configuration: ================================

NVIDIA nForce Networking Controller = Local Area Connection (Connecting)
Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter = Wireless Network Connection 6 (Connected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 7 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add address name="Local Area Connection" address=192.168.137.1


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Cyber-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Mixed
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #3
Physical Address. . . . . . . . . : 00-08-54-9B-92-47
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 6:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter
Physical Address. . . . . . . . . : 00-08-54-9B-92-47
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::25ad:23:5264:c638%24(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.103(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, August 02, 2012 10:47:19 AM
Lease Expires . . . . . . . . . . : Friday, August 03, 2012 10:47:18 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 402655316
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-80-A5-78-00-26-2D-28-A4-F7
DNS Servers . . . . . . . . . . . : 167.206.251.129
167.206.251.130
167.206.251.129
167.206.251.130
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
Physical Address. . . . . . . . . : 00-26-2D-28-A4-F7
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::64a4:218b:ba66:c2e%11(Deprecated)
Autoconfiguration IPv4 Address. . : 169.254.12.46(Tentative)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
IPv4 Address. . . . . . . . . . . : 192.168.137.1(Tentative)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{1C368BD4-6558-4113-A226-1C7933CC685F}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:38f2:1433:ba83:f632(Preferred)
Link-local IPv6 Address . . . . . : fe80::38f2:1433:ba83:f632%13(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: vdns1.srv.whplny.cv.net
Address: 167.206.251.129

Name: google.com
Addresses: 2607:f8b0:4006:803::1004
173.194.43.36
173.194.43.41
173.194.43.39
173.194.43.33
173.194.43.32
173.194.43.40
173.194.43.46
173.194.43.34
173.194.43.35
173.194.43.37
173.194.43.38


Pinging google.com [173.194.43.40] with 32 bytes of data:
Reply from 173.194.43.40: bytes=32 time=13ms TTL=55
Reply from 173.194.43.40: bytes=32 time=13ms TTL=55

Ping statistics for 173.194.43.40:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 13ms, Maximum = 13ms, Average = 13ms
Server: vdns1.srv.whplny.cv.net
Address: 167.206.251.129

Name: yahoo.com
Addresses: 98.139.183.24
209.191.122.70
72.30.38.140


Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=94ms TTL=52
Reply from 209.191.122.70: bytes=32 time=90ms TTL=52

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 90ms, Maximum = 94ms, Average = 92ms
Server: vdns1.srv.whplny.cv.net
Address: 167.206.251.129

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
25...00 08 54 9b 92 47 ......Microsoft Virtual WiFi Miniport Adapter #3
24...00 08 54 9b 92 47 ......Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter
11...00 26 2d 28 a4 f7 ......NVIDIA nForce Networking Controller
1...........................Software Loopback Interface 1
28...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.103 30
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.103 286
192.168.1.103 255.255.255.255 On-link 192.168.1.103 286
192.168.1.255 255.255.255.255 On-link 192.168.1.103 286
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.103 286
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.103 286
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 58 ::/0 On-link
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:9d38:953c:38f2:1433:ba83:f632/128
On-link
24 286 fe80::/64 On-link
13 306 fe80::/64 On-link
24 286 fe80::25ad:23:5264:c638/128
On-link
13 306 fe80::38f2:1433:ba83:f632/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
24 286 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Catalog9 02 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Catalog9 03 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Catalog9 04 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Catalog9 05 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Catalog9 06 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Catalog9 18 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70144] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208] (NVIDIA)
x64-Catalog9 02 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208] (NVIDIA)
x64-Catalog9 03 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208] (NVIDIA)
x64-Catalog9 04 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208] (NVIDIA)
x64-Catalog9 05 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208] (NVIDIA)
x64-Catalog9 06 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208] (NVIDIA)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 14 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 15 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 16 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 17 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208] (NVIDIA)
x64-Catalog9 18 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208] (NVIDIA)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/02/2012 10:47:18 AM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (08/01/2012 08:45:08 AM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (08/01/2012 06:14:54 AM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (07/31/2012 11:28:46 AM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (07/31/2012 00:46:47 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 76009350

Error: (07/31/2012 00:46:47 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 76009350

Error: (07/31/2012 00:46:47 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/31/2012 00:46:40 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 76001581

Error: (07/31/2012 00:46:40 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 76001581

Error: (07/31/2012 00:46:40 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (08/01/2012 08:46:02 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (07/31/2012 11:29:43 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (07/29/2012 08:53:56 AM) (Source: ipnathlp) (User: )
Description: 0

Error: (07/27/2012 02:17:44 PM) (Source: ipnathlp) (User: )
Description: 0

Error: (07/27/2012 01:01:06 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/27/2012 00:35:27 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/27/2012 00:35:27 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/27/2012 00:34:33 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/27/2012 00:34:29 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/27/2012 00:34:29 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

µTorrent (Version: 3.1.3)
7-Zip 4.65
Adobe Flash Player 10 ActiveX (Version: 10.0.45.2)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Shockwave Player 11.5 (Version: 11.5.9.620)
Adobe SVG Viewer 3.0 (Version: 3.0)
AIM 7
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
Ask Toolbar (Version: 1.15.4.0)
Ask Toolbar Updater (Version: 1.2.2.23821)
AVG 2012 (Version: 12.0.2176)
AVG 2012 (Version: 12.0.2425)
AVG 2012 (Version: 2012.0.2176)
AviSynth 2.5
Bonjour (Version: 3.0.0.10)
BurnAware Free 4.9
BurnAware Home 4.9
CCleaner (Version: 3.01)
DivX Setup (Version: 2.5.0.8)
DIYAutoTune's Tuning Software Package - 052610
Download Updater (AOL LLC)
Dropbox (Version: 1.2.49)
DVD Author Plus 2.3
DVDFab 8.1.6.8 (17/03/2012) Qt
ESET Online Scanner v3
Facebook Video Calling 1.2.0.159 (Version: 1.2.159)
ffdshow [rev 2583] [2009-01-05] (Version: 1.0)
FormatFactory 2.95 (Version: 2.95)
Foxit Reader (Version: 4.3.0.1110)
Freemake Video Converter version 3.0.2 (Version: 3.0.2)
FrostWire 5.2.11 (Version: 5.2.11.0)
Google Chrome (Version: 20.0.1132.57)
Haali Media Splitter
ImgBurn (Version: 2.4.1.0)
Inne Biosy do FPse
iTunes (Version: 10.6.3.25)
Java Auto Updater (Version: 2.1.5.1)
Java™ 7 (64-bit) (Version: 7.0.0)
Java™ 7 Update 1 (Version: 7.0.10)
K-Lite Codec Pack 6.4.0 (Full) (Version: 6.4.0)
LG United Mobile Driver (Version: 2.2)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
MegaLogViewer (Version: 2.95.9)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NVIDIA Display Control Panel (Version: 6.14.12.5896)
NVIDIA Drivers (Version: 1.10.62.40)
NVIDIA ForceWare Network Access Manager (Version: 1.00.7316)
PeerBlock 1.1 (r518) (Version: 1.1.0.518)
PVSonyDll (Version: 1.00.0001)
QuickTime (Version: 7.72.80.56)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30117)
SD Formatter (Version: 2.9.5)
SDFormatter
SixaxisPairTool 0.2.3 (Version: 0.2.3)
Sothink Movie DVD Maker (Version: 3.7)
Spybot - Search & Destroy (Version: 1.6.2)
SUPERAntiSpyware (Version: 5.0.1118)
TunerStudio MS 1.007
TunerStudioMS (Version: 0.99.91)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
Windows Mobile Device Center (Version: 6.1.6965.0)
WinRAR archiver
WinZip 14.5 (Version: 14.5.9095)
Xilisoft DVD Creator (Version: 7.1.0.20120530)
Yahoo! Messenger
Yahoo! Software Update
YTD Toolbar v6.2 (Version: 6.2)
YTD Video Downloader 3.9

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 41%
Total physical RAM: 3838.55 MB
Available physical RAM: 2244.52 MB
Total Pagefile: 7675.25 MB
Available Pagefile: 5706.33 MB
Total Virtual: 4095.88 MB
Available Virtual: 3948.57 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:684.87 GB) (Free:400.05 GB) NTFS
2 Drive d: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

========================= Users: ========================================

User accounts for \\CYBER-PC

Administrator Cyber Guest

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

03-07-2012 15:19:06 Scheduled Checkpoint
05-07-2012 13:28:20 Windows Update
14-07-2012 20:46:26 Scheduled Checkpoint
25-07-2012 15:40:41 Scheduled Checkpoint
27-07-2012 18:13:23 Installed Microsoft Fix it 50267

**** End of log ****

-------------------------------------------------------------------------------------------------------------------------------------------
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-02 12:35:38
Windows 6.1.7600
Running: 9vyxpbb8.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD5 0xEB 0xDB 0x1F ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x70 0x5E 0xE5 0x62 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA9 0x43 0xF0 0xE3 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD5 0xEB 0xDB 0x1F ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x70 0x5E 0xE5 0x62 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA9 0x43 0xF0 0xE3 ...

---- EOF - GMER 1.0.15 ----

Which browser is affected?

Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
NOTE. If you already have MBAM installed, update it before running the scan.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer IF MBAM asks you to do so.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

===================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

firefox is affected. i appreciate the help




Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.02.08

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Cyber :: CYBER-PC [administrator]

8/2/2012 4:24:28 PM
mbam-log-2012-08-02 (16-24-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 194967
Time elapsed: 4 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

----------------------------------------------------------------------------------------------------------------------------------------

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-02 16:29:47
-----------------------------
16:29:47.223 OS Version: Windows x64 6.1.7600
16:29:47.223 Number of processors: 2 586 0x602
16:29:47.224 ComputerName: CYBER-PC UserName: Cyber
16:29:52.042 Initialize success
16:49:42.041 AVAST engine defs: 12080201
00:54:42.793 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000067
00:54:42.797 Disk 0 Vendor: ST375052 CC44 Size: 715404MB BusType: 3
00:54:42.808 Disk 0 MBR read successfully
00:54:42.810 Disk 0 MBR scan
00:54:42.816 Disk 0 Windows 7 default MBR code
00:54:42.824 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 14000 MB offset 2048
00:54:42.840 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 100 MB offset 28674048
00:54:42.853 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 701302 MB offset 28878848
00:54:42.912 Disk 0 scanning C:\Windows\system32\drivers
00:54:52.858 Service scanning
00:55:10.742 Modules scanning
00:55:10.760 Disk 0 trace - called modules:
00:55:10.786 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80049db2c0]<<spfo.sys storport.sys hal.dll nvstor64.sys
00:55:10.801 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004cc1730]
00:55:10.813 3 CLASSPNP.SYS[fffff8800127543f] -> nt!IofCallDriver -> [0xfffffa80056ff6a0]
00:55:10.825 5 ACPI.sys[fffff880011ad781] -> nt!IofCallDriver -> \Device\00000067[0xfffffa8004aff060]
00:55:10.835 \Driver\nvstor64[0xfffffa8004ada9e0] -> IRP_MJ_CREATE -> 0xfffffa80049db2c0
00:55:11.951 AVAST engine scan C:\Windows
00:55:15.392 AVAST engine scan C:\Windows\system32
00:59:11.814 AVAST engine scan C:\Windows\system32\drivers
00:59:27.303 AVAST engine scan C:\Users\Cyber
02:31:51.032 AVAST engine scan C:\ProgramData
02:33:40.209 Scan finished successfully
11:58:11.132 Disk 0 MBR has been saved successfully to "C:\Users\Cyber\Desktop\MBR.dat"
11:58:11.137 The log file has been saved successfully to "C:\Users\Cyber\Desktop\aswMBR.txt"

Please check if IE is affected as well.

IE is not affected

Uninstall Firefox completely using this guide: http://kb.mozillazine.org/Uninstalling_Firefox
Install fresh copy and see how it goes.

still does it ...fixed for a few days then back to the same redirects

Firefox only?

yes only firefox

Well...

Uninstall Firefox completely using this guide: http://kb.mozillazine.org/Uninstalling_Firefox
Install fresh copy and see how it goes.

i did and still there

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

just posted in the appropriate section and here is the link to the new thread http://www.bleepingcomputer.com/forums/topic465420.html thanks for all help...lets hope i can get rid of it