how clean is it now?

i was having some problems with my work computer in the first week i got it. IE or FF would lock up when you tried to load a new page. found out they forgot to install a virus protection program. i installed antivir and found malware (TR/HM.Agent). removed it but the problem was still there. i followed the "windows xp cleaning" procedures on this website and got through combofix, which seems to have fixed all my issues so far. ironically i ran mbytes last night and that also seemed to fix things, for the next 12 hours until they returned this morning (and this morning i ran combofix and now everything is running very smoothly).

i figured i'd complete steps 4 and 5, so i tried to run rootrepeal, but it gives me the error that i do not have disk access. i presume this is due to my laptop being owned by my company and me not having the rights to the disk. things are working fine at this point, but i wonder if it's REALLY clean, especially if i can't finish RR and MGTools? i was on myfico.com this morning and typed in my SSN and was about to hit enter when i thought, "wait a second, what if there is still malware on this PC? that would be dumb to load a webpage with your SSN on it," so i cancelled the webpage.

BUT, i can't have that fear forever. thoughts? is it really fixed?

 

thanks tim. our IT department got involved because i put in a ticket earlier and they called me back. they install mcafee virus scan and caught a virus and malware. however the problem is back again. in the process of trying to fix the problem they also removed all of the previous programs i had run, and i can not find the log for mbytes and super anti-spyware. should i run them again? i did have an extra copy of the combofix log and they ran a hijackthis log as well. i have posted those but if i need to run the other programs again please let me know (in the instructions for cleaning xp it says only run the programs once so i don't want to screw anything up...besides i'm not sure if they would catch the problems again). mcafee virus scan did pick up and remove a virus called "pink slip trojan," but like i said the symptoms of delayed and non-responsive IE and Firefox are back.

 

tim,

i'm sorry i can't edit my original post. i was able to retrieve the super anti-spyware and the mbytes log files as well. there were 2 mbytes log files because the IT department also ran this program on their own even though i told them i did it already. i wish i had just let you guys help me rather than deal with them as they screwed up this process. here are all the files again, minus the hijackthis file. here is the order they were run:

super anti-spyware
8.19 mbytes
(combofix log in previous post, but it was run in between mbytes sessions)
8.20 mbytes
(hijackthis log now, file below)

please let me know what else you need from me. thanks for the help.

 

sorry i wish i am able to edit posts and i would not be posting over myself so many times, but i forgot to mention that MGTools wasn't run because the IT department has locked McAfee virus scan so that it can never be disabled. if there is a way around this, i will run MGTools and then post the log, but that is why i did not post that log so far.

again, sorry for the multiple posts. please let me know if the 5 attachments i have provided thus far are helpful enough for you.

 

tim,

i attached the document.

looked for zfoola6 and it is not found, also not a hidden folder either. it must have been removed from the computer by the mcafee scan or the later mbytes scan that was done by the IT department. is it possible the file is still there and i can't see it?

 

thanks for the help. since i did not do combofix from the desktop, is there any harm in it not being uninstalled? rather, is there a way to uninstall it otherwise? i google'd this and saw to type combofix /uninstall but that returned a "combofix could not be found," probably only because i deleted the file before the IT guys worked on my PC, since i didn't really want them knowing that i was trying to solve the problem on my own and get in trouble with it.

 

whoops, i did not know that. sorry, i will be more careful next time.

i pasted what you said in there and i guess it didn't find the file because i deleted it. i downloaded the file to that spot again, and when i tried to uninstall, it tried to reinstall and start all over, so i just clicked "no" when it asked me if i accepted the disclaimer at the start. then i just deleted the file again. i won't worry about it not being officially uninstalled.

also...last question i promise, every time my pc boots it pauses briefly on the "start windows xp or start windows recovery console," and i guess this is because combofix installed windows recovery console. is there a way to remove windows recovery console to avoid this screen when it boots?

thanks again, i appreciate it.