Browser redirects after MoneyPak even after scans

I've ran every cleaner there is to run. Malwarebytes, TDSSKiller, FixTDSS, Roguekiller, SuperAntispyware, eset online, MS Defender Offline, MS Malicious full, aVast boot and CD boot, the list goes on. I have removed a host of things like ShopAtHome, checked Process Explorer and Autoruns. Proxy and host checked. TCP stack reloaded.

User had Moneypak. After removal browsers are still redirected. IE will crash on load however will run in Admin mode or after resetting security settings then on next run it crashes again.

MGLogs attached, what else do you need? Darn if I see what's doing the redirection.

 

more

 

JRT running now, will search for Rogue logfile, may have to re-run it. Attached are HitMan and Malwarebytes.

I also ran F-Secure's MBR Root Kit Boot CD, again nothing found. Tried running Hitman Kick but after 6 hours it really just seemed to be sitting there. It said it was still scanning but the drive was only being accessed once every few minutes.

 

JRT found something that may have fixed the bulk of this, still testing. Initial browsing was better however IE still crashes on opening. Run the MS FixIt to reset the browser which turns off Protected Mode and IE runs but let it turn Protected Mode back on and it crashes before a page can load which tells me something is still hooked into it. Running more scans now.

 

Got the machine stable finally however it was returned with a warning that at the level it was infected we do not trust this machine to be either stable or secure going forward and suggest a wipe and load with a low level disk wipe. Up to the end use at this point to make the call.