It sure sounds like the same malware I was dealing with (TDSS.y Rootkit). I was getting redirected via the same server you mentioned, r9237242.cn. In my case, it turned out to be a single infected driver file, ATAPI.SYS.
After trying at least 25 different malware solutions over several hellish days with no success, here's how I finally got rid of it:
* Download Esage Labs' Rootkit.Win32.TDSS remover from here
and run it.
* The program should detect the infected ATAPI.SYS file, and will then offer to let you restore the file from the \i386 folder of your original Windows CD.
Unfortunately, when I tried to do this last step, I kept getting a "file version" error - probably because I'm running SP3 and my original CD is SP2. If you're running XP and you encounter the same problem (or you don't have access to your original CD) , here's the workaround for that:
1) Your WINDOWS\ServicePackFiles\i386 folder should contain a clean (uninfected) copy of ATAPI.SYS. Copy this clean version of ATAPI.SYS to both \system32\drivers and \system32\dllcache (overwriting the infected ones).
2) Before rebooting, probably a good idea to check your Hosts file & clean it out if necessary. Also, probably a good idea to clear your DNS cache.
3) Reboot & you should be good to go: hopefully no more redirects!
Let me know if this works for you.