Am I clean now? A question

I followed the READ & RUN ME successfully and after all the scans, I was clean from the trojan Ad-Aware detected. Thank you all so much.

But before I claim victory, I have a question. I have always had hidden files visible on my computer and I am 100% sure that I didnt have the "RECYCLER" and "System Volume Information" folders on each of my hard drives (two partitions and one external) before.

These folders appeared today after I did a scan with AdAware and "deleted" the offending trojan for the second time (Win32.Worm.Autorun). And I read that they might appear because of malware so I did the READ & RUN ME and it seems Im clean now (scanned with AdAware again, since this was the only program that claimed infection and it turned out nothing).

Is this something I should be worried about? can I delete these folders now that it seems that Im clean? why did they appear out of nowhere?

Attached are my logs, just in case. Thank you all again for the help.

 

Heres the last log.

 

Ok, Ive just learned that some kinds of malware stop the hidden files from being displayed. And Im realizing all kinds of new files now on Windows Explorer (like the ubiquitous "thumbs.db" for picture folders, which wasnt there before). So maybe I didnt have hidden files showing after all. Also, I recently installed SP3 on my computer and maybe that brought the Folder options to a default (not showing hidden files). No? maybe?.

The question now is, why did the hidden files become suddenly visible? They didnt become visible after the first time I deleted the trojan with Ad-Aware, so why now?

Also, I cleaned my register with CCleaner after I read the post here on how to speed up your computer and do maintenance. After I rebooted, I used Hotmail to view my inbox, and when I closed the IE window, I got a pop-up alert about my computer being infected with malware and to install Antivirus 2009. Of course I knew this was malware, so I hit Cancel, but I had never had one of those pop ups before I ran Ccleaner. What gives?

Any help is appreciated. Thanks a lot.

 

Thanks for your reply and your help.

I think you misunderstood something a bit tho. My files became unhidden before I ran MGTools. They became unhidden when I deleted the malware through Ad-Aware for the second time. Before I did the Read & Run Me.

I ran checks with every antispyware I have again and they all came out clean, so I probably dont have the Antivirus 2009 malware I was afraid of.

 

Followed your steps and didnt get any errors during the use of ComboFix or MGtools. It went pretty smoothly, like the first time. I just had to find out how to disable the AVG Resident Shield beforehand but that wasnt too difficult. I havent had any problems since my previous post. I never got the "Antivirus 2009" pop-up asking me to install it anymore while using IE and Ive done some scans with MBAM, Spybot and Ad-Aware, as well as AVG and they have all come up clean as a whistle.

Attached are my logs as requested.

Thanks for the answers to my questions and for all the help. Let me know if theres something else I should do.

One thing I did notice when I rebooted after using ComboFix and MGtools this last time, was that during the boot up process, my computer now flashes that black screen that says something along the lines of "What would you want to do? -start windows with last known good configuration -start windows in safe mode..." etc, before the Windows XP logo. Is this a sign that something went wrong during the use of the cleaning programs? That screen didnt use to flash on boot-up before. Just curious.

 

To answer your question, no, I didnt experience any crashes during the cleanup process. I think it was ComboFix that restarted my computer, but thats it. It all went smoothly (or so I thought).

The black screen is present EVERY time the computer boots up, but it only flashes for less than a second and I cant even read well what it says. I just see theres a few "options" (around two or three of them) on it and one of them says something like "Windows XP Professional" and thats it.

I didnt have any crashes when I did the "Read & Run Me First" either, but after I completed that one, my computer didnt flash the black screen. It only started doing that after this last time you had me run ComboFix and MGtools.

 

Thanks for all the help. I did the last steps, but I confess that for a while I thought about keeping ComboFix and MGtools, just in case I get infected again. Heh.

I had to switch the "Desktop" part in ("%userprofile%\Desktop\combofix" /u) to "Escritorio" since my Windows is in Spanish, but after that it worked perfectly.

I realized that when you enable hidden files, the RECYCLER and System Volume Information dont show, and they only do when you choose to show "protected system files". Good to know that.