can't get rid of win32.zbot

Hello,
I am new to this forum but am very glad I found it. I had no anti-virus on my computer & noticed it started to run very slow & acting funny. I downloaded spy bot & ran it & it said it found two things that it couldn't seem to remove. One was win32.agent.pz & the other was win32.zbot. It seemed to clean everything else it found. If my computer makes it through this I plan on allways using an anti-virus program for now. I read your read this first thread & followed all of your instructions. I didn't seem to have any problems running the 5 things you told me too. I did remove the spy bot program before hand because I didn't want anything to interfere with your scans. I am attaching the logs from all the scans as instructed for you to look at. I don't know if I am clean yet or not because I haven't done anything since the scans except come here first to see what my next step should be. I've already learned alot just by coming to this site. Not that I knew much to begin with. Thanks in advance for all your help. Please let me know what you think I should do next & if I am now clean what free anti-virus or set of programs should I download to try & stay clean for now on.
Thanks again,
Ken

 

Last Log

 

Hello Tim & thanks in advance for your help.

I hope this doesn't cause any problems but I needed to do a couple of things on the computer before you had time to get back to me.

Following is what I have done since the original message:

Since spybot found the original error I downloaded it again & ran it & it came up clean this time.

Since it came up clean I followed the following removal procedure:


If you are not having any other malware problems, it is time to do our final steps:

We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They are useful as backup scanners. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)

Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
"%userprofile%\Desktop\combofix" /u

Notes: The space between the combofix" and the /u, it must be there.
This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

Delete the C:\combofix folder from combofix (if it exists)

Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
Go to add/remove programs and uninstall HijackThis.
You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
If you are running Vista, Windows XP or Windows ME, do the below:

Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
Then reboot and Enable System Restore to create a new clean Restore Point.


I then loaded what was recommended: one AV program (Avast), kept CCleaner, kept SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware, loaded spyware blaster & set spybot with immunize & SDHelper but not TeaTimer.

I still want to make sure everything looks ok to you now.
I'm not sure how to find the files you were wanting me to find & delete.
Should I copy & paste them in start, search for files & folders?
Do you still want me to do this step or have I made things harder now.
As stated above I had a couple of things I had to access & didn't want to do anything on the computer without being protected. Thus I did the best I could to follow your sites protection recommendations.

Let me know what is the easiest way for you to still evaluate my system.

Thanks again.

 

I looked for the files the way you said to but was unable to locate the files you had told be to delete. I don't know if they were removed by some other means since i originally ran everything. Also since I had removed MGTools I had to re-download it & then re-ran it. Attached are the logs you requested.
Thanks,
Ken

 

Ok I found the files you were talking about & removed them along with the MGtools. Everything seems to be working fine now. I want to thank you & this website for all your help. There is no way I could have gotten it clean without you. I have learned alot just from the little time i've been on here.
Thanks again,
Ken