If you have downloaded it it is on your computer.All I can suggest is that you get someone to help you find it.....we need this program to find the malware you have.

ok, I will try, thanks a lot, talk to you when I can finally resolve this...

Yesssssss!!! The problem was that I was using firefox and when I tried with IE, voila! now it is on my desktop and I will follow instructions now....

Well, I have another problem now, as I said, I downloaded the combofix and saved it to my desktop, but I can't access the user guide but worse is that when I want to open combofix, it says "C:\Documents and Settings\Owner\Desktop\Combofix.exe is not a valid Win32 application" What should I do?

Dont worry about the guide....I will start work on another way to clean you...I see from your first log that you cannot enter safe mode so you may have to do a System Repair later on.

All of this malware have come in via Bearshare an Limewire......



Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.


O2 - BHO: (no name) - {171390BB-7251-41F9-A5ED-7164EDE6ADC1} - C:\WINDOWS\system32\jkhfe.dll (file missing)
O2 - BHO: (no name) - {45C2A50F-8F4A-496E-AF02-D0207525BF5A} - C:\WINDOWS\system32\awtuurp.dll (file missing)
O2 - BHO: {4515cfd6-fb91-1459-13f4-d45068257426} - {62475286-054d-4f31-9541-19bf6dfc5154} - C:\WINDOWS\system32\xausnekk.dll
O9 - Extra button: Casino-On-Net - {3015DB92-158E-4b77-9020-85C8E311FBB5} - C:\PROGRA~1\CASINO~1\casino.exe (file missing)
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (file missing)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (file missing)
O20 - Winlogon Notify: awtuurp - C:\WINDOWS\system32\awtuurp.dll (file missing)
O20 - Winlogon Notify: hjyqezzf - C:\WINDOWS\system32\hjyqezzf.dll (file missing)


Reboot...

==========================================

Download OTMoveit2

http://download.bleepingcomputer.com.../OTMoveIt2.exe

Go to the location where you saved OTMoveIT2 and double click it. (If you're using Vista, right click on it and choose Run as Administrator).
Copy all the information/files found below. Highlight all of it, right click it and choose Copy.


C:\WINDOWS\system32\xausnekk.dll
C:\WINDOWS\system32\tnlfsoyq.dll
C:\WINDOWS\system32\xausnekk.dll
C:\WINDOWS\system32\uokkermm.dll
C:\WINDOWS\system32\hsyvuure.dll
C:\WINDOWS\system32\atuofqhv.dll
C:\WINDOWS\system32\cpomqlhl.dll
C:\WINDOWS\system32\rdlbgfnv.dll
C:\WINDOWS\system32\vbnnepee.dll
C:\WINDOWS\system32\ittsqyej.dll
C:\WINDOWS\system32\yqhrmqjt.dll
C:\WINDOWS\system32\jlcimtdn.dll
C:\WINDOWS\system32\icbinqcc.dll
C:\WINDOWS\system32\srgaejrq.dll
C:\WINDOWS\system32\nplydwaj.dll
C:\WINDOWS\system32\dopqrsfj.dll
C:\WINDOWS\system32\tghyxqrx.dll
C:\WINDOWS\system32\aymuhqyo.dll
C:\WINDOWS\system32\kaaskuip.dll
C:\WINDOWS\system32\iqafropx.dll
C:\WINDOWS\system32\uoyycnrb.dll
C:\WINDOWS\system32\tevibgui.dll
C:\WINDOWS\system32\gmqapivj.dll
C:\WINDOWS\system32\euktvlqk.dll
C:\WINDOWS\system32\pxnyxvvh.dll
C:\WINDOWS\system32\sxtgcehu.dll
C:\WINDOWS\system32\kxwsmsqa.dll
C:\WINDOWS\system32\tlubopas.dll
C:\WINDOWS\system32\phygcxhv.dll
C:\Documents and Settings\All Users\Application Data\great coal love default
C:\WINDOWS\system32\efhkj.ini2
C:\WINDOWS\b148.exe
C:\WINDOWS\system32\sydwkfsn.dll
C:\WINDOWS\system32\wwlnpavm.dll
C:\WINDOWS\system32\hswojmlw.dll
C:\WINDOWS\system32\mlxfroku.dll
C:\WINDOWS\system32\clqrespd.dll
C:\WINDOWS\system32\epycclrr.dll
C:\WINDOWS\system32\oyubsgog.dll
C:\WINDOWS\system32\kahxntrh.dll
C:\WINDOWS\system32\shdhmqkl.dll
C:\WINDOWS\system32\ljbfylww.dll
C:\WINDOWS\system32\rxngwexn.dll
C:\WINDOWS\system32\kgaadvfv.dll
C:\WINDOWS\system32\koltexkg.dll
C:\WINDOWS\system32\usyottdj.dll
C:\WINDOWS\system32\pbrxauoo.dll
C:\WINDOWS\system32\uhrlvigp.dll
C:\WINDOWS\system32\rsitcjrg.dll
C:\WINDOWS\system32\trfaicej.dll
C:\WINDOWS\system32\wgmfywdx.dll
C:\WINDOWS\system32\flwiypcu.dll
C:\WINDOWS\system32\whqigmjc.dll
C:\WINDOWS\system32\speovnsm.dll
C:\WINDOWS\system32\spxtxqdj.dll
C:\WINDOWS\system32\ymwrrmjo.dll
C:\WINDOWS\system32\gwnbjpoj.dll
C:\WINDOWS\system32\jrmmmvvx.dll
C:\WINDOWS\system32\vabagdko.dll
C:\WINDOWS\system32\dmkraciu.dll
C:\WINDOWS\system32\ucxqqxtr.dll
C:\WINDOWS\system32\yfhsvecr.dll
C:\WINDOWS\system32\gmgggucp.dll
C:\WINDOWS\system32\ugijgaoe.dll
C:\WINDOWS\system32\bgswxfhs.dll
C:\WINDOWS\system32\xwhuustl.dll
C:\WINDOWS\system32\iofgycuc.dll
C:\WINDOWS\system32\hivjbcdc.dll
C:\WINDOWS\system32\slklimcc.dll
C:\WINDOWS\system32\mldlibuh.dll
C:\WINDOWS\system32\hinjhcic.dll
C:\WINDOWS\system32\tjmyepgi.dll
C:\WINDOWS\system32\ilppccen.dll
C:\WINDOWS\system32\ikmoqvoj.dll
C:\WINDOWS\system32\dektiugx.dll
C:\WINDOWS\system32\wvngvyas.dll
C:\WINDOWS\system32\ktpbqiwt.dll
C:\WINDOWS\system32\snecfvvx.dll
C:\WINDOWS\system32\vagirnet.dll
C:\WINDOWS\system32\axnpcgka.dll
C:\WINDOWS\system32\vdvxpika.dll
C:\WINDOWS\system32\rieogeaa.dll
C:\WINDOWS\system32\fdmcekoa.dll
C:\WINDOWS\system32\emlugtin.dll
C:\WINDOWS\system32\bvbcwuuf.dll
C:\WINDOWS\system32\famshyni.dll
C:\WINDOWS\system32\kgpptlfq.dll
C:\WINDOWS\system32\uedttebg.dll
C:\WINDOWS\system32\rjjpqldk.dll
C:\WINDOWS\system32\yborbnoc.dll
C:\WINDOWS\system32\eagjuohd.dll
C:\WINDOWS\system32\osyldmlx.dll
C:\WINDOWS\system32\jhmrvjfk.dll
C:\WINDOWS\system32\nhondwmn.dll
C:\WINDOWS\system32\bnvcdafv.dll
C:\WINDOWS\system32\vsjurfvm.dll
C:\WINDOWS\system32\ksppgumj.dll
C:\WINDOWS\system32\lmdbllja.dll
C:\WINDOWS\system32\erdckcyf.dll
C:\WINDOWS\system32\adlbjdbs.dll
C:\WINDOWS\system32\rgimmbhf.dll
C:\WINDOWS\system32\fgiuhuul.dll
C:\WINDOWS\system32\phqbrnuc.dll
C:\WINDOWS\system32\mxywbeiy.dll
C:\WINDOWS\system32\fwbxmiso.dll
C:\WINDOWS\system32\qfokcyiu.dll
C:\WINDOWS\system32\aymuhqyo.dll
C:\WINDOWS\system32\jkhfe.dll
Next, return to OTMoveIt2 and right click in the "Paste List of Files/Patterns to Search For and Move" window.
Important: Paste only into the bottom input panel (under the yellow bar). The top panel will not help you. Then just right click and choose Paste.
Now, click the red MoveIt button and wait several minutes. When it's finished, look in the large right hand panel that says Results. You should see that at least the principal infector files were deleted and whichever applicable registry changes were made. (They may not all apply in your case). Close OTMoveIt2 when it has finished.
Note: If a file or folder cannot be moved immediately, you may be asked to reboot your computer to finish the move process. If you're asked to reboot, simply choose Yes.
Now, double click and open OTMoveIt2 again. Click the green Clean Up! button at the top. (Note: It will need to access the Internet to download a small script file, so please allow your firewall to do so).
When it finishes, it will have deleted all of its quarantines, as well as, the OTMoveIt2 program and all the folders it created. Then just reboot your computer to finish up.


================================================== ==

Copy the text the in the code box to notepad. Save it as fixreg.reg to your desktop.
Be sure the "Save as" type is set to "all files"
Once you have saved it double click it and allow it to merge with the registry.




After a reboot please run Deckard again and post the log.

When I started the prework I was using firefox and I could not download hijackthis, so Deckard's scanner used a clone; now I am using IE and I could download it but when I try to open it the same like with combofix happens, it says it is not a valid Win32 application...