Links from search engine being redirected along with a few more things.

I have already ran malawarebyte but I'll post up the logs soon.

Okay, standing by.

sorry for the long reply to this, but here's the log from Malawarebytes performed with a full scan.

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3932

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

4/8/2010 10:45:32 PM
mbam-log-2010-04-08 (22-45-32).txt

Scan type: Full scan (C:\|)
Objects scanned: 193992
Time elapsed: 20 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hello.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

Java(TM) 6 Update 4
LimeWire 5.1.2

Next,

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  O1 - Hosts: 74.125.45.100 4-open-davinci.com
  O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
  O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
  O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
  O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
  O1 - Hosts: 74.125.45.100 secure-plus-payments.com
  O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
  O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
  O1 - Hosts: 74.125.45.100 www.getavplusnow.com
  O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
  O1 - Hosts: 74.125.45.100 urs.microsoft.com
  O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
  O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
  O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
  O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

How is the machine running now?

The machine is running much better now, no pop ups coming or search sites being redirected. I have also tried to select those files and tried to fix, but they just come right back. Avira recognizes them also I believe, but says the same thing about not being able to modify the hosts file.

As for limewire is concerned I am aware of that and have made a nite of that in my first post here. The user barely uses it, and I have taught him how to use it properly. Most of this stuff he claim to have caught after he accessed a link looking for UFC stuff (aka male porn lol) .

Either way, I still wouldn't use Limewire, and wouldn't advise you to use it neither.

Now open a new notepad file.
Input this into the notepad file:

@echo off
dir "C:\Windows\system32\drivers\etc" >> log.txt
start notepad log.txt
del look.bat
exit

Save this as look.bat, save it to your desktop.
Double click look.bat and the black cmd window will open and close, this is normal.

This is the text that this file exerted:

Volume in drive C has no label.
Volume Serial Number is 487F-6AC0
Directory of C:\Windows\system32\drivers\etc
04/06/2010 03:02 PM .
04/06/2010 03:02 PM ..
04/06/2010 01:59 PM 618 hosts
03/30/2010 01:50 AM 2,799 hosts.20100330-020010.backup
03/30/2010 01:50 AM 2,799 hosts.20100330-020011.backup
03/30/2010 01:50 AM 2,799 hosts.20100330-020012.backup
03/30/2010 01:50 AM 2,799 hosts.20100330-020013.backup
03/30/2010 01:50 AM 2,799 hosts.20100330-020014.backup
03/30/2010 01:50 AM 2,799 hosts.20100330-020015.backup
03/30/2010 01:50 AM 2,799 hosts.20100330-020016.backup
03/30/2010 01:50 AM 2,799 hosts.20100330-022656.backup
03/30/2010 01:50 AM 2,799 hosts.20100330-022658.backup
03/30/2010 01:50 AM 2,799 hosts.20100330-022659.backup
03/30/2010 01:50 AM 2,799 hosts.20100330-022700.backup
03/30/2010 01:50 AM 2,799 hosts.20100330-022701.backup
03/30/2010 01:50 AM 2,799 hosts.20100330-022702.backup
03/30/2010 01:50 AM 2,799 hosts.20100330-022703.backup
03/30/2010 01:50 AM 2,799 hosts.20100330-022704.backup
03/30/2010 01:50 AM 2,799 hosts.20100330-022705.backup
03/30/2010 01:50 AM 2,799 hosts.20100330-022706.backup
04/06/2010 01:59 PM 618 hosts.20100406-150149.backup
04/06/2010 01:59 PM 618 hosts.20100406-150154.backup
04/06/2010 01:59 PM 618 hosts.20100406-150155.backup
04/06/2010 01:59 PM 618 hosts.20100406-150156.backup
04/06/2010 01:59 PM 618 hosts.20100406-150157.backup
04/06/2010 01:59 PM 618 hosts.20100406-150158.backup
04/06/2010 01:59 PM 618 hosts.20100406-150159.backup
04/06/2010 01:59 PM 618 hosts.20100406-150200.backup
04/06/2010 01:59 PM 618 hosts.20100406-150219.backup
04/06/2010 01:59 PM 618 hosts.20100406-150220.backup
04/06/2010 01:59 PM 618 hosts.20100406-150221.backup
04/06/2010 01:59 PM 618 hosts.20100406-150222.backup
04/06/2010 01:59 PM 618 hosts.20100406-150223.backup
04/06/2010 01:59 PM 618 hosts.20100406-150227.backup
04/06/2010 01:59 PM 618 hosts.20100406-150228.backup
04/06/2010 01:59 PM 618 hosts.20100406-150229.backup
04/06/2010 01:59 PM 618 hosts.20100406-150230.backup
04/06/2010 02:03 PM 0 hosts.new
06/20/2003 08:00 AM 3,683 lmhosts.sam
06/20/2003 08:00 AM 407 networks
06/20/2003 08:00 AM 799 protocol
06/20/2003 08:00 AM 7,116 services
40 File(s) 70,712 bytes
2 Dir(s) 237,645,103,104 bytes free

Please download the OTMoveIt by OldTimer.

• Save it to your desktop.
  
• Please double-click OTM.exe to run it.
  
• Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :files
  hosts.*.backup
  hosts.new
  
  
  
• Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  
• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTMoveIt
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.