Redirecting problem 8-steps completed

Open Windows Explorer.
Navigate to:
C:\WINDOWS\SYSTEM32\DRIVERS\ETC
You'll see hosts file there.
Open it with Notepad.
Add following line:

Code:

127.0.0.1 http://results.google-analytics.com

Go File>Save

Restart computer.

Check for redirections.

When you click File>Save, it'll save as original file.

Take ownership of "hosts" file first: http://www.howtogeek.com/howto/wind...ership-to-explorer-right-click-menu-in-vista/ and then try again.

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Alternative download: http://majorgeeks.com/Dr.Web_CureIT_d4783.html

• Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in pop-up window to allow scan.
• This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, select Complete scan.
• Click the green arrow at the right, and the scan will start.
• Click Yes to all if it asks if you want to cure/move the file.
• When the scan has finished, in the menu, click File and choose Save report list
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.
• [color=5]Important![/color] Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
• Copy and paste that log in the next reply. You can use Notepad to open the DrWeb.cvs report.

NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Please, download fresh copy of Combofix and post new log.

Are you still out there?

Download Bootkit Remover to your Desktop.

• You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
• After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
• It will show a Black screen with some data on it.
• Right click on the screen and click Select All.
• Press CTRL+C
• Open a Notepad and press CTRL+V
• Post the output back here.

Open Notepad
Copy and paste following text into Notepad:

Code:

@ECHO OFF
START remover.exe fix \\.\PhysicalDrive0
EXIT

Go FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
Then in the FILE NAME box type fix.bat.
Save fix.bat to your Desktop.

Run fix.bat by double clicking.
You may see a black box appear; this is normal.

When done, run remover.exe again and post its output.

Restart computer and check for redirection.

That's odd.
I assume, you copied/pasted my script, instead of typing it manually. I always worry about some "typo".

If you did it correctly, restart computer and try again.
If it still doesn't work, we'll use another way.
I'm glad, we, finally, found very possible culprit.