Help! Can not remove Zlob Downloader.vcd

We also need the C:\MGLogs.zip...from running the C:\MGTools.exe.

 

That is not what I asked for ...in order to remove the infections, I need the C:\MGLogs.zip...not just the HJT log. Please attach the requested log.

You can re-run HJT and have it fix these items (after disabling your anti-virus and spyware programs while you do this):
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O21 - SSODL: btrklfr - {304ABBDC-E0FC-4C88-98F2-697C6959682E} - (no file)
O21 - SSODL: apdqnxp - {A2384D4D-CB6D-4A0D-8D6D-01B26B6BFC93} - C:\WINDOWS\apdqnxp.dll
After checking fix, just exit HJT.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file!

 

Good...things aren't so bad.

Please disable all anti-virus and anti-spyware programs while we do the following:

Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

After clicking Fix, exit HJT.

Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Now download The Avenger by Swandog469, and save it to your Desktop.
* Extract avenger.exe from the Zip file and save it to your desktop
* Run avenger.exe by double-clicking on it.
* Do not change any check box options!!
* Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

* Now click the Execute button.
* Click Yes to the prompt to confirm you want to execute.
* Click Yes to the Reboot now? question that will appear when Avenger finishes running.
* Your PC should reboot, if not, reboot it yourself.
* A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.


Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger.

Be sure to tell us how things are running.

 

Please disable all anti-virus and anti-spyware programs while we do the following:

Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

After clicking Fix, exit HJT.

Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

* Run avenger.exe by double-clicking on it.
* Do not change any check box options!!
* Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

* Now click the Execute button.
* Click Yes to the prompt to confirm you want to execute.
* Click Yes to the Reboot now? question that will appear when Avenger finishes running.
* Your PC should reboot, if not, reboot it yourself.
* A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.


Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger.

Be aware that Norton could be slowing you up....and have you deleted all of your temp files?

Be sure to tell us how things are running.

 

Looking good....Is Norton a paid subscription? (Yes, it is a resource hog and will slow thing down when on the internet).

Let's just do some cleaning for your startup items:
Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Are you having any other issues? If not: it is time to do our final steps:

1. If we used ComboFix then UNINSTALL COMBOFIX (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
2.
* Click START then RUN
* Now type combofix /u in the runbox and click OK.
* Note: The space between the X and the /U, it must be there.
3. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
4. If you are running Windows XP or Windows ME, do the below:
* Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
* Then reboot and Enable System Restore to create a new clean Restore Point.
5. After doing the above, you should work thru the below link:
How to Protect yourself from malware!

 

MGTools is very out of date, you need to delete it and download the latest version form the Read and Run First instructions. Have you updated the virus definitions for SAS and MBAM?

Use windows explorer to find and delete:
C:\WINDOWS\system32\TDSSrppe.dat

Now attach the new log from running the new version of MGTools and see if either SAS or MBAM will run.

 

Some times it is hard to tell the difference between malware and overheating.., but in your case, it looks like you had both.

You still need to disable the guest account in user accounts and Run this: Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

You may wish to use a Startup Manager

 

You are most welcome...safe surfing.