I did as instructed, still being redirected. When I rebooted, windows defender came up and said that "Trojan:win/32/Alureon.ct" was detected. I removed it.

The reason it ran twice was because a few days ago I ran it in an amateurish attempt at fixing this myself.

I also tried to run anti-spyware and nothing came up

I'm curious about this one:

Please navigate to the file in bold below and upload it here for analysis and let us know what you find ---> http://virusscan.jotti.org/
c:\windows\system32\windrv.sys

I'd also suggest a GMER run, if crunchie concurs...

PP


EDIT: You can get deldomains here without registering:
http://www.mvps.org/winhelp2002/restricted.htm

Please Run the ESET Online Scanner and post the ScanLog with your post for assistance.

• You will need to use Internet Explorer to complete this scan.
• You will need to temporarily Disable your current Anti-virus program.
• Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
• When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

NOTE: If you are unable to complete the ESET scan, please try another from the list below:

• Kaspersky Online Scanner

• Panda Active Scan

• Trend Micro HouseCall

• F-Secure Online Virus Scanner

This is a DNS changer / cache poisoner in the TDSS family. You guys might want to have a look in that direction....

Cheers
PP

I didn't see your 1st post PP. I am not sure thar deletedomains works with Vista. Thats why I deleted my post.
MBA-M could also be updated and run to see if it picks anything up.

Gmer can be run too .

ESET found nothing. The log:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

Also, I dont know if this is of any consequence, but running IE starts an internet security warning to appear saying a website wants to open web content using this program on your computer. Then has a button for "allow" and "Don't allow" There are two publishers that alternated: either AOL LLC or Adobe Flash player...these continually pop up even after saying "don't allow"....might not be relevant, but I thought i'd mention it...don't know how long this has been happening, since I rarely use IE.

Not the full ESET log, but if nothing found, it doesn't matter.
Have you run Gmer as PP suggested?

Not sure about those warnings. Programs appear to be legit.

Running it now...that was all that was in the log file for ESET...is there a log I need to post, or might this just clear up the redirect?