Persistant Infomash Redirect

Hello, Geeks!

I am experiencing a persistant Infomash redirect issue on Firefox only.
Attached are my Goored and MBR logs.
TDSS found nothing.

Thank you so much!

- Jay

 

Here are the remaining logs from the full clean.

 

Welcome to MajorGeeks, Jay

Please attach the log from MBAM and HitmanPro before proceeding with the below:



http://img205.imageshack.us/img205/1894/otl.gif Please download OTL by OldTimer.

• Save it to your desktop.
• Right mouse click on the OTL icon on your desktop and select Run as Administrator
• Check the "Scan All Users" checkbox.
• Check the "Standard Output".
• Change the setting of "Drivers" and "Services" to "All"
• Copy the text in the code box below and paste it into the http://img14.imageshack.us/img14/66/otlcustomfix.png text-field.
  
  Code:

  activex
  netsvcs
  

• Now click the http://img171.imageshack.us/img171/2405/runscanotl.png button.
• One report will be created:
  • OTL.txt <-- Will be opened
• Attach OTL.txt to your next message. (How to attach)

 

Hello, Thisisu!

Thank you for your response.
Here are my logs from Mbam and Hitmanpro.
I am proceeding with your further instructions.
I appreciate your time and brain.

- Jay

 

Hello, Thisisu!

Here is my OTL log.

Thank you!

-Jay

 

http://img850.imageshack.us/img850/4746/programsandfeatureswin7.gif From Programs and Features (via Control Panel), please uninstall the below:

• Java(TM) 6 Update 32

http://img205.imageshack.us/img205/1894/otl.gif Fix items using OTL by OldTimer

Double-click OTL.exe to run. (Vista/7 right-click and select Run as Administrator)
Shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
Copy the text in the code box below and paste it into the http://img14.imageshack.us/img14/66/otlcustomfix.png text-field.

Code:

[COLOR="DarkRed"]:processes[/COLOR]
killallprocesses
[COLOR="DarkRed"]:otl[/COLOR]
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2304157
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
FF - prefs.js..extensions.enabledItems: radiobar@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: gamebox@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
[2009/11/04 09:56:29 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2012/06/04 22:44:31 | 000,000,000 | ---D | M] (ShopToWin18) -- C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\2bxc9wyy.default\extensions\{fb320179-bf62-4606-9d75-5e82785ed1bf}
[2010/04/10 21:19:59 | 000,000,000 | ---D | M] (GameBox) -- C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\2bxc9wyy.default\extensions\gamebox@toolbar
[2010/04/10 21:19:59 | 000,000,000 | ---D | M] (RadioBar Toolbar) -- C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\2bxc9wyy.default\extensions\radiobar@toolbar
[2010/04/10 21:20:03 | 000,001,589 | ---- | M] () -- C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\2bxc9wyy.default\searchplugins\web-search.xml
[2012/03/29 15:27:44 | 000,004,733 | ---- | M] () (No name found) -- C:\USERS\JAY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2BXC9WYY.DEFAULT\EXTENSIONS\QXNWFGJOSF@QXNWFGJOSF.ORG.XPI
O2 - BHO: (no name) - {99E00A4C-D35E-11DD-BA95-9B6A56D89593} - No CLSID value found.
[2012/06/23 17:13:02 | 000,000,020 | ---- | M] () -- C:\Windows\Üú+
[2012/07/14 18:04:22 | 000,356,352 | ---- | C] () -- C:\Users\Jay\AppData\Local\ilecjphw.exe
[2012/03/03 16:05:53 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2010/04/09 16:23:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[COLOR="DarkRed"]:files[/COLOR]
type C:\rkill.log /c
C:\Users\Jay\AppData\Local\ilecjphw.exe
[COLOR="DarkRed"]:reg[/COLOR]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]
[COLOR="DarkRed"]:commands[/COLOR]
[clearallrestorepoints]
[resethosts]

Now click the http://img3.imageshack.us/img3/407/otlrunfix.png button.
If the fix needed a reboot please do it.
Click the OK button (upon reboot).
When OTL is finished, Notepad will open. Close Notepad.
A log file will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
Attach this log to your next message. (How to attach)

__

http://img17.imageshack.us/img17/3214/baticonvista7.gif Now run C:\MGtools\GetLogs.bat by right-mouse clicking it and then selecting Run as Administrator
This updates all of the logs inside MGlogs.zip.
When it is finished, attach C:\MGlogs.zip to your next message. (How to attach)

__

Let me know what problems remain after you have completed these steps.

 

Hello, Thisisu!

The requested logs have been attached.
I will alert you to any further issues I have.

Thank you!

-Jay

 

Your latest logs are clean
But as previously mentioned, let me know if are still experiencing redirects/problems whenever you get a chance.