yahoo and google redirect

[lt1bird]

like the title says redirects to yellow superpages or some stuff like that with wierd pop ups wanting me to click on stuff... I just x out. I think I had the issue start after a java update.... I had tryed a few things becasue im frustrated...did combo fix but did not work. Thanks for the help folks
Dan

HJT: Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:30:21 PM, on 10/20/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Norton antivirus\vptray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hot Keyboard Pro1\HotKeyb.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Norton antivirus\defwatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\CoCreate\MEls\MEls32.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
c:\program files\oem\msaspgh\msaspghost.exe
C:\Program Files\Norton antivirus\rtvscan.exe
C:\Program Files\CoCreate\OSDM_Server_2006\SDserver.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dynotunenitrous.com/store...ts/default.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.dynotunenitrous.com"); (C:\Documents and Settings\DAN\Application Data\Mozilla\Profiles\default\hc20xohv.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\DAN\Application Data\Mozilla\Profiles\default\hc20xohv.slt\prefs.js)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [EPSON Stylus CX7800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE /P26 "EPSON Stylus CX7800 Series" /O6 "USB002" /M "Stylus CX7800"
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Citrix\GoToMyPC\g2svc.exe -logon
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\Norton antivirus\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Hot Keyboard] C:\Program Files\Hot Keyboard Pro1\HotKeyb.exe -minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Assign &hot key - C:\Program Files\Hot Keyboard Pro1\IEScript.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.Ricavision.com
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/...?1297737672125
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://wwwimages.adobe.com/www.adobe...bat/nos/gp.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Norton antivirus\defwatch.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MEls - Unknown owner - C:\Program Files\CoCreate\MEls\MEls32.exe
O23 - Service: MSAS Plugin Host Service (MSASPGHost) - OEM - c:\program files\oem\msaspgh\msaspghost.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Norton antivirus\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SDserver2006 - CoCreate Software GmbH - C:\Program Files\CoCreate\OSDM_Server_2006\SDserver.exe

--
End of file - 6872 bytes

[tashi]

Hello lt1bird,

HijackThis v2.0.2 is an outdated version but please revisit the FAQ which may have changed since your last visit.

Instructions for posting preliminary DDS logs for analysis in post #2. "BEFORE You POST"(Please read this Procedure Before Requesting Assistance)

Then start a new topic providing the DDS logs as shown in that sticky and a link back to this thread. A volunteer analyst will advise you when available.

Best regards.