Ok I found some suspicious files in combofix log and no information is available on them so you got some work to do.

I need you to scan these from a place that scans single files and it will tell you whether they are infected or not, sorry but that is the only way to do it.



Go here to learn how to show hidden files/folders:

http://www.xtra.co.nz/help/0,,4155-1916458,00.html#5

Re-hide after we are done





Go to next site:
http://www.virustotal.com/en/indexf.html
On top you'll find 'Browse'
Click the browse button and browse to next file:One at a time



C:\WINDOWS\system32\htjycqrr.exe
C:\WINDOWS\system32\j0291032.dll
C:\WINDOWS\system32\behcljuo.exe
C:\WINDOWS\system32\j4201536.dll
C:\WINDOWS\system32\cifkgdsx.exe
C:\WINDOWS\system32\j4291733.dll
C:\WINDOWS\system32\evcxydnw.exe
C:\WINDOWS\system32\j2291831.dll
C:\WINDOWS\system32\pdlyfkpv.exe
:\WINDOWS\system32\j6201038.dll
C:\WINDOWS\system32\FAB3C8B792.sys
C:\WINDOWS\system32\swqembbr.exe
C:\WINDOWS\system32\hiqcuusn.exe
C:\WINDOWS\system32\crumvydh.exe
C:\WINDOWS\system32\j9271335.dll
C:\WINDOWS\system32\j7211435.dll
C:\WINDOWS\system32\krkfvxnr.exe
C:\WINDOWS\system32\j1281438.dll
C:\WINDOWS\system32\dfeqscrb.exe
C:\WINDOWS\system32\j5291739.dll
C:\WINDOWS\system32\brigvtlt.dll
C:\WINDOWS\system32\tkpibaae.dll
C:\WINDOWS\system32\pajafuhd.dll
C:\WINDOWS\system32\uhlrgtocma.dat
C:\WINDOWS\system32\uhlrgtocma.exe
C:\WINDOWS\system32\uhlrgtocma_navps.dat
C:\WINDOWS\system32\uhlrgtocma_nav.dat
C:\Documents and Settings\laura\5126.bat
C:\DOCUME~1\laura\5126.bat
C:\Temp\gorPEURO.exe
C:\WINDOWS\system32\5914.bat




Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results as well in your next reply.


If that one is to busy here is another option:


http://virusscan.jotti.org

And

http://www.kaspersky.com/scanforvirus.html


They all look bad to me, after scan reports come back then we will procede killing them when we find out what type of infection they are.

Ok will do get back soon as i can thanx

OK will be looking for you.

Sorry for taking so long its been a busy old day! I'm half way down the list. This is gonna be a huge list!!

Do it in two different posts right here if nessicary

I've attached a txt-file of my results. For a computer thats actually running so well as mines is, it's surprizing what is lurking about in the background! I'm shocked!! So I'll leave it with you. Thanx again for help,

Thanks for all your hard work on that. Most of them were infected, now let's kill them.



Please download the OTMoveIt by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt.exe to run it.
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
  
  
  C:\WINDOWS\system32\j5291739.dll
  C:\WINDOWS\system32\dfeqscrb.exe
  C:\WINDOWS\system32\j1281438.dll
  C:\WINDOWS\system32\krkfvxnr.exe
  C:\WINDOWS\system32\j7211435.dll
  C:\WINDOWS\system32\j9271335.dll
  :\WINDOWS\system32\crumvydh.exe
  C:\WINDOWS\system32\hiqcuusn.exe
  C:\WINDOWS\system32\swqembbr.exe
  C:\WINDOWS\system32\j6201038.dll
  C:\WINDOWS\system32\pdlyfkpv.exe
  C:\WINDOWS\system32\j2291831.dll
  C:\WINDOWS\system32\evcxydnw.exe
  C:\WINDOWS\system32\j4291733.dll
  C:\WINDOWS\system32\cifkgdsx.exe
  C:\WINDOWS\system32\j4201536.dll
  C:\WINDOWS\system32\behcljuo.exe
  C:\WINDOWS\system32\j0291032.dll
  C:\WINDOWS\system32\htjycqrr.exe
  C:\WINDOWS\system32\j5291739.dll
  C:\WINDOWS\system32\brigvtlt.dll
  C:\WINDOWS\system32\tkpibaae.dll
  C:\WINDOWS\system32\pajafuhd.dll
  C:\Temp\gorPEURO.exe
  
  
  
  
• Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
• Click the red Moveit! button.
• Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
• Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


New hijackthis log please

Here you go,

C:\WINDOWS\system32\j6201038.dll moved successfully.
C:\WINDOWS\system32\pdlyfkpv.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\j2291831.dll
C:\WINDOWS\system32\j2291831.dll NOT unregistered.
C:\WINDOWS\system32\j2291831.dll moved successfully.
C:\WINDOWS\system32\evcxydnw.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\j4291733.dll
C:\WINDOWS\system32\j4291733.dll NOT unregistered.
C:\WINDOWS\system32\j4291733.dll moved successfully.
C:\WINDOWS\system32\cifkgdsx.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\j4201536.dll
C:\WINDOWS\system32\j4201536.dll NOT unregistered.
C:\WINDOWS\system32\j4201536.dll moved successfully.
C:\WINDOWS\system32\behcljuo.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\j0291032.dll
C:\WINDOWS\system32\j0291032.dll NOT unregistered.
C:\WINDOWS\system32\j0291032.dll moved successfully.
C:\WINDOWS\system32\htjycqrr.exe moved successfully.
File/Folder C:\WINDOWS\system32\j5291739.dll not found.
C:\WINDOWS\system32\brigvtlt.dll unregistered successfully.
C:\WINDOWS\system32\brigvtlt.dll moved successfully.
C:\WINDOWS\system32\tkpibaae.dll unregistered successfully.
C:\WINDOWS\system32\tkpibaae.dll moved successfully.
C:\WINDOWS\system32\pajafuhd.dll unregistered successfully.
C:\WINDOWS\system32\pajafuhd.dll moved successfully.
C:\Temp\gorPEURO.exe moved successfully.

Created on 06-08-2007 01:33:19

How are things now?