Well, if avz does not help, then “a powerful weapon that hits right on target” will help - run ComboFix on the patient - www.bleepingcomputer.com/combofix/how-to-use-combofix
if it does not help even after a couple of launches (wait for the output check report in Notepad), then only search with pens (compiling a report in avz and sending it to virus total or the like) or rearrange.
I can also recommend checking your computer with this antivirus - it specializes more in trojans and other nasty things - www.malwarebytes.org/
Download the free version, install and run a check, for example, of the entire C: drive.
Paid differs only in the resident module.

Check the registry key

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\DataBasePath

%SystemRoot%\system32\drivers\etc\hosts

Try to go through another AVZ - z-oleg.com/secur/avz/download.php . Helped out a couple of times when cureit didn't find anything. True, the bases there are not the freshest now.

well, it is logical that either crap is written in the hosts file or the addresses of the dns servers have been changed.

Oh, maybe the problem is not on the computer, but, for example, on an infected DNS server in LAN? Or an infected router? Or is the infected neighbor computer spoofing DNS responses? Can you nslookup google.com 8.8.8.8 from the infected computer? This is sending a DNS query directly to Google. It should return something like this:
Server: google-public-dns-a.google.com
Address: 8.8.8.8
Non-authoritative answer:
Name: google.com
Addresses: 173.194.71.100, 173.194.71.102, 173.194.71.113 , 173.194.71.101
173.194.71.139, 173.194.71.138

Treated this the other day with DrWev Cureit

Try the file C:\Windows\system32\rpcss.dll to check for virustotal. If infected, replace with the same system.

HijackThis and smoke logs…

By the way, the IP 74.125.232.225 you received really belongs to Google. Could it be a proxy issue?

support.microsoft.com/kb/972034/en