Ran "Read & Run" Still have issues - HELP

Last week I had downloaded Utorrent and then began downloaded some software. After attempting to install Deamon tools I began having trouble. My Desktop turned blue and a message stating that I had spyware on my computer showed up. I also started getting popups every 30 minutes or so directing me to a website to purchase PCclean Pro. I ran the "Read & Run Me First" procedure, which helped. I got rid of the desk top message and the pop ups became less frequent. But the pop ups remain. I also have noticed that a search in internet explorer is being taken over and redirects me to inaccurate pages. The infection seems to redirect my web searches more often if I am searching for solutions to malware or spyware solutions.

Can any one help? Let me know if you need more info.

Thank you in advance to anyone willing to offer assistance.

 

MG Tools Logs

 

I need the ComboFix log and the file named MGLogs.zip. Attach both those files, please.

 

MGlogs.zip attached. I can't find combofix log so I'm running it again.

 

And here's the combofix log

 

Download
- Pocket Killbox to your Desktop
- ExplorerXP

Install ExplorerXP

Run HijackThis, choose "Open the Misc Tools Section", choose "Process Manager", Highlight:

Choose Kill Process. Click on the "Back" Button. Click the 'Scan' button.

Place a checkmark in the box next to the following lines:

Code:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A2BB7EA9-7BD6-480A-9440-168C9A81F1F9} - (no file)
O4 - HKCU\..\Run: [tbqlasht] C:\WINDOWS\system32\wzmzubcd.exe
O21 - SSODL: comapiset - {5D51AD7E-A446-B5BE-4D76-0A2F39FF6649} - C:\Program Files\ecxqfhd\comapiset.dll

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click Delete Selected Temp Files
Then after it deletes the files click the Exit (Save Settings) button.

NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue..

Select:

• Delete on Reboot
• then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open ExplorerXP navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:

Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it.

Then attach the below log:
[*]C:\MGlogs.zip

Make sure you tell me how things are working now!

 

I ran these processes. Mglogs.zip attached. The only trouble I ran into:

In first step I did not find “C:\WINDOWS\system32\wzmzubcd.exe” and so I could not follow the instructions to “Kill process”.

In the Next step I could not find these two lines:

O2 - BHO: (no name) - {A2BB7EA9-7BD6-480A-9440-168C9A81F1F9} - (no file)
O4 - HKCU\..\Run: [tbqlasht] C:\WINDOWS\system32\wzmzubcd.exe

So these didn’t get fixed (since they weren’t there).

Everything else went well. So far I’ve had no more trouble, I’ll keep an eye out.

Final issues:
1. My recycle bin is gone. I can’t see it on the desk top and I can’t navigate to it. Doesn’t show up if I search for it.

2. My system time is still in military time. I believe the combo fix process changes it and I thought when it was done it was supposed to change it back, but it didn’t.


Thanks so much for your help this far. I would appreciate advice on the two final issues if you have any. God bless you!

 

In the Control Panel, click-on 'Regional and Language Options'.

Click-on the 'customize' button and then select the Time tab and changed the time format to 'h:mm:ss tt'.

Click-on 'OK'

Click-on 'OK'

Exit the Control Panel

Right-click Replace/Repair the Recycle Bin in Windows XP, from Kelly's Korner, 'Save As restorerecyclebin.reg to your Desktop.

Locate restorerecyclebin.reg on your Desktop. Double-click on it and answer 'Yes' when asked if you want to merge with the registry.

If you are not having any other malware problems, it is time to do our final steps:

1. You can uninstall SUPERAntiSpyware now.
2. We recommed you keep Malwarebytes Anti-Malware as a scanner. It uses no resources except a little disk space until you run a scan.
3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop & renamed it like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combo-fix /u"
     • Notes: The space between the cf and the /u, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
   • Delete the C:\cf folder from combofix.
4. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
5. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
6. Go to add/remove programs and uninstall HijackThis.
7. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
8. If you are running Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
9. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!

 

ALl your suggestions worked for my remaining problems. I've followed all of your other suggestions, too.

THank you so Much!