Browser Hijacker, Can't Run ComboFix or MGTools

A few days ago, when I signed onto my computer in the morning, my initial problem was just that MSN messenger was crashing. It seemed like nothing at the time (and is now working as it should), but when I tried to start Winamp, it also would not load properly, and still won't, even after a complete uninstall/reinstall. I hadn't changed anything in Winamp the night before so I really don't know what the issue is there. When I did a search for problems with it, clicking on the result redirected my browser so I began searching for a malware problem. The logs are showing nothing though and ComboFix and MGTools now refuse to run properly. ComboFix will run its small loading window, but will not open the prompt. MGTools will run until it does the .COM search and then does not go past that point, but it has created a zip so I included it. I am also unable to run the DisableUAC.reg and GetLogs.bat files. Both cause all items on my desktop and the taskbar to disappear until I logout or restart. I also tried to run one of the alternative scans, Panda ActiveScan, which was showing 12 results at 17% but my browser crashed around that time and that was also 5 hours of scanning later so I have not attempted to run it again.

 

Thank-you for your reply, Tim. The AZCNQHOB folder was deleted and attached is the combofix text.

 

Same =/ Still being redirected, mgtools/combofix won't run properly, and winamp is still getting an error. I'm also noticing that at times I need to click things twice for the click to register at all, for instance the Run buttons before mgtools/combofix, and links as well.

 

Sorry for the re-reply. I'm sleepy and I don't see an edit button. I've noticed that the redirects sometimes contain the word "clickshield" in them D= I'm afraid this probably has to do with a codec I have since winamp has been killed in the process. I don't want to do anything else without instruction though. Thanks again!

 

I have to apologize again for another post on my part, but I felt my logs were lacking due to the problems with running two of the tools so I have run a scan with a-squared now and wanted to include the results it gave me. It found something called Dc1.exe and a few other things that look strange. I could only get a screenshot.

Sorry again for another reply.. :hammer

 

Hi Tim, thanks again. First of all, I'm happy to report that I haven't experienced any redirecting for about 24-36 hours! I don't know what changed because I've only done scans and no removals since you asked me to remove that folder. As well, Winamp is working again, as are ComboFix and MGTools, so I did go ahead and do some scans with them after finishing with BitDefender, and have attached all of those logs. I also re-did the scan with a-squared after all that just to see if it still picked up anything and it is still showing one of the results: Virus.Win32.Agent.DDN in C:\System Volume Information\_restore{77175A35-3D26-4847-AF63-85D7EBC210B6}\RP85\A0035006.dll.

Thank-you!

 

I think it's all clear now, but just out of curiosity, I've been tracking other threads that sounded a lot like my problem, particularly http://forums.majorgeeks.com/showthread.php?t=183542 and http://forums.majorgeeks.com/showthread.php?t=183386. In the second, the user was asked to check the size of cmd.exe, so I decided to do this as well and mine is exactly the same size as theirs, which chaslang said is not right. Guess I'd just like to know if this could signify that there is still a problem, or if it is nothing to worry about?

 

Okay, thank-you once again for your help, and especially your patience =)