my pc wont allow me to open any websites has xp home security alert

My desk top PC operating on XP is not allowing me to go onto any websites, it is being over run by an internet explorer alert page that takes me onto a virus scan page and then onto a pay screen to download an xp home security 2011 virus and malaware removal. I am sending the message from my laptop as i cant access any sites with the desktop. I can still open emails and non internet sites on my desktop. On the page it also says security hole detected attack from 29.40.237.57 port:12564 , attacked port:12093, threat: backdoor.rbot.gen , hope someone can help, thanks

Hello.

Download OTL by OldTimer to your Desktop.

• Close all windows and double click OTL.exe
  
• Click Run Scan and let the program run uninterrupted
  
• It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  
• You may need to use two posts to get it all.
  

Hi there my deskktop wont allow me to click on the link or input it manually to download, it keeps re-directing to the same warning page as detailed above. thanks

Lets try this first.

We need to use the RKill Tool by Grinler

Rkill.com <--- Download site

• Please Download Rkill.com. Save it to your Desktop.
  
• Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  
  
• NOTE: If you are unable to connect to the site to download rkill, then you should download it to a clean computer and copy it to the infected one via a USB flash drive or CDROM.
  
  
• Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with Rogue programs.
  
• Please be patient while the program looks for various malware programs and ends them.
  
• When it has finished, the black window will automatically close and you can continue with the next step.
  

NOTE: If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the rogue program, when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the rogue program. So, please try running Rkill until the malware is no longer running. You will then be able to proceed with the rest of the steps.

If you continue having problems running rkill.com, you can download:
iExplore.exe or eXplorer.exe
which are renamed copies of rkill.com, and try them instead.

Try downloading OTL now.

OTL logfile created on: 08/04/2011 10:55:05 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Usr1\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

895.00 Mb Total Physical Memory | 437.00 Mb Available Physical Memory | 49.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 217.16 Gb Free Space | 93.25% Space Free | Partition Type: NTFS

Computer Name: PC1 | User Name: Usr1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/08 10:54:34 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Usr1\Desktop\OTL.exe
PRC - [2011/04/08 10:19:25 | 000,475,136 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\20176692.exe
PRC - [2011/04/08 10:06:03 | 000,548,864 | ---- | M] (GPA) -- C:\Documents and Settings\All Users\Application Data\aoChCgeHApgo.exe
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/07/03 10:38:24 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 04:42:30 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2008/04/14 04:42:20 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dwwin.exe
PRC - [2008/01/31 17:29:06 | 000,196,608 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2007/12/10 15:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\PixArt\PAC207\Monitor.exe


========== Modules (SafeList) ==========

MOD - [2011/04/08 10:54:34 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Usr1\Desktop\OTL.exe
MOD - [2008/04/14 04:42:52 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)


========== Driver Services (SafeList) ==========

DRV - [2009/01/22 19:12:43 | 000,100,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2008/04/17 15:33:26 | 004,707,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/13 23:11:02 | 000,052,352 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2008/02/13 13:17:26 | 000,618,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PFC027.SYS -- (PAC207)
DRV - [2007/04/16 12:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/08/15 17:08:24 | 000,196,608 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sis163u.sys -- (SIS163u)
DRV - [2006/07/11 19:38:30 | 000,020,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/07/11 19:38:28 | 000,057,856 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/06/19 04:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2001/08/17 13:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 34 C5 37 E4 E5 1F CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://google.com/
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://mirostart.com/?cfg=2-365-0-2ewKc"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.8.0.12304
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=GLSV5&o=10168&locale=en_UK&apn_uid=3AD02587-0FB7-42A6-8DFF-96B801647648&apn_ptnrs=GL&apn_sauid=32A859FD-F6BC-43C6-B1E7-FCDA78F6FE56&apn_dtid=YYYYYYYYGB&q="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/10 13:19:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/30 10:46:20 | 000,000,000 | ---D | M]

[2010/09/10 13:19:36 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Usr1\Application Data\Mozilla\Extensions
[2011/03/01 16:24:36 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Usr1\Application Data\Mozilla\Firefox\Profiles\fmfx2skq.default\extensions
[2011/03/01 16:24:33 | 000,000,000 | -H-D | M] ("Ask Toolbar") -- C:\Documents and Settings\Usr1\Application Data\Mozilla\Firefox\Profiles\fmfx2skq.default\extensions\toolbar@ask.com
[2011/03/01 16:24:30 | 000,002,570 | -H-- | M] () -- C:\Documents and Settings\Usr1\Application Data\Mozilla\Firefox\Profiles\fmfx2skq.default\searchplugins\askcom.xml
[2010/09/10 13:19:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/03 16:49:54 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/08/25 01:24:53 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/08/25 01:24:53 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/08/25 01:24:53 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/08/25 01:24:53 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/09/01 10:54:30 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKCU..\Run: [{20620091-0B0C-E5E4-915E-DECC148346A2}] C:\Documents and Settings\Usr1\Application Data\Ibnyi\obid.exe ()
O4 - HKCU..\Run: [aoChCgeHApgo] C:\Documents and Settings\All Users\Application Data\aoChCgeHApgo.exe (GPA)
O4 - Startup: C:\Documents and Settings\Usr1\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} http://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.128,93.188.161.218
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Usr1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Usr1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/10 11:17:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/08 10:55:37 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Usr1\Recent
[2011/04/08 10:54:49 | 000,580,608 | -H-- | C] (OldTimer Tools) -- C:\Documents and Settings\Usr1\Desktop\OTL.exe
[2011/04/08 10:19:29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Usr1\Start Menu\Programs\Windows Restore
[2011/04/08 10:06:10 | 000,548,864 | ---- | C] (GPA) -- C:\Documents and Settings\All Users\Application Data\aoChCgeHApgo.exe
[2011/04/04 11:17:18 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Usr1\Application Data\Ibnyi
[2011/04/04 11:17:18 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Usr1\Application Data\Coal
[2011/03/30 10:46:01 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/03/22 13:02:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2011/03/22 12:34:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/03/21 12:37:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Help
[2011/03/21 12:37:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Help
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/08 10:54:34 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Documents and Settings\Usr1\Desktop\OTL.exe
[2011/04/08 10:50:46 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~20176692r
[2011/04/08 10:50:46 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~20176692
[2011/04/08 10:50:36 | 000,200,819 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/04/08 10:50:34 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/08 10:50:34 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2011/04/08 10:50:32 | 000,000,278 | -H-- | M] () -- C:\WINDOWS\tasks\da2dd8df.job
[2011/04/08 10:50:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/08 10:50:27 | 938,790,912 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/08 10:49:14 | 001,006,778 | -H-- | M] () -- C:\Documents and Settings\Usr1\Desktop\rkill.com
[2011/04/08 10:45:51 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/08 10:37:27 | 000,000,384 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\20176692
[2011/04/08 10:34:02 | 000,000,972 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1085031214-1417001333-1003UA.job
[2011/04/08 10:34:01 | 000,000,920 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1085031214-1417001333-1003Core.job
[2011/04/08 10:19:29 | 000,000,811 | -H-- | M] () -- C:\Documents and Settings\Usr1\Desktop\Windows Restore.lnk
[2011/04/08 10:19:25 | 000,475,136 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\20176692.exe
[2011/04/08 10:06:03 | 000,548,864 | ---- | M] (GPA) -- C:\Documents and Settings\All Users\Application Data\aoChCgeHApgo.exe
[2011/04/08 09:34:52 | 000,010,376 | -HS- | M] () -- C:\Documents and Settings\Usr1\Local Settings\Application Data\l8h6k22165o6e645bt4xcs1558h
[2011/04/08 09:34:52 | 000,010,376 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\l8h6k22165o6e645bt4xcs1558h
[2011/04/06 14:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/04/04 15:08:37 | 000,227,545 | -HS- | M] () -- C:\Documents and Settings\Usr1\Local Settings\Application Data\byb.exe
[2011/04/04 15:08:36 | 000,227,545 | -HS- | M] () -- C:\Documents and Settings\Usr1\Local Settings\Application Data\gmw.exe
[2011/03/30 10:46:20 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/03/28 09:36:51 | 000,312,378 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/28 09:36:51 | 000,040,448 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/19 13:06:55 | 000,128,219 | -H-- | M] () -- C:\Documents and Settings\Usr1\My Documents\mixed_6.jpg
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/08 10:43:08 | 001,006,778 | -H-- | C] () -- C:\Documents and Settings\Usr1\Desktop\rkill.com
[2011/04/08 10:19:30 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~20176692r
[2011/04/08 10:19:30 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~20176692
[2011/04/08 10:19:29 | 000,000,811 | -H-- | C] () -- C:\Documents and Settings\Usr1\Desktop\Windows Restore.lnk
[2011/04/08 10:19:26 | 000,000,384 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\20176692
[2011/04/08 10:19:25 | 000,475,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\20176692.exe
[2011/04/04 15:08:56 | 000,010,376 | -HS- | C] () -- C:\Documents and Settings\Usr1\Local Settings\Application Data\l8h6k22165o6e645bt4xcs1558h
[2011/04/04 15:08:56 | 000,010,376 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\l8h6k22165o6e645bt4xcs1558h
[2011/04/04 15:08:37 | 000,227,545 | -HS- | C] () -- C:\Documents and Settings\Usr1\Local Settings\Application Data\byb.exe
[2011/04/04 15:08:36 | 000,227,545 | -HS- | C] () -- C:\Documents and Settings\Usr1\Local Settings\Application Data\gmw.exe
[2011/03/19 13:07:36 | 000,128,219 | -H-- | C] () -- C:\Documents and Settings\Usr1\My Documents\mixed_6.jpg
[2010/09/22 17:05:39 | 000,001,000 | ---- | C] () -- C:\WINDOWS\posteriza[1].INI
[2010/09/17 14:43:30 | 000,000,215 | ---- | C] () -- C:\WINDOWS\POSTER.INI
[2010/09/14 12:03:52 | 000,000,913 | ---- | C] () -- C:\WINDOWS\_isenv31.ini
[2010/09/14 12:03:52 | 000,000,521 | ---- | C] () -- C:\WINDOWS\_iserr31.ini
[2010/09/10 13:19:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/05 10:19:42 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2010/08/05 10:19:42 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2010/08/05 10:19:42 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2010/08/05 10:19:42 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2010/08/05 10:19:42 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2010/08/05 10:19:41 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2010/08/05 10:19:41 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2010/08/05 10:19:41 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2010/08/03 09:50:50 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/02 19:29:50 | 000,075,776 | RHS- | C] () -- C:\WINDOWS\System32\msutbz.dll
[2010/05/27 15:31:57 | 000,000,003 | ---- | C] () -- C:\WINDOWS\treeskp.sys
[2010/05/27 15:31:57 | 000,000,003 | ---- | C] () -- C:\WINDOWS\sbacknt.bin
[2009/09/08 14:54:51 | 000,005,632 | -H-- | C] () -- C:\Documents and Settings\Usr1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/24 15:05:09 | 000,000,038 | -H-- | C] () -- C:\Documents and Settings\Usr1\Application Data\burnaware.ini
[2009/06/22 16:49:34 | 000,000,399 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2009/06/22 16:49:32 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP207.ini
[2009/06/22 15:54:33 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\ptql5f.dll
[2009/06/22 15:49:37 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/06/22 15:49:37 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/06/22 15:48:39 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf08b.dat
[2009/06/22 15:47:25 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/04/10 12:00:05 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/04/10 11:59:09 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\unwlsdrv.exe
[2009/04/10 11:55:36 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2009/04/10 11:54:51 | 000,151,584 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/10 11:22:16 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/04/10 11:14:56 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/01/14 13:21:13 | 000,000,284 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/11/24 03:57:27 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\FontReg.exe
[2008/04/14 04:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 04:41:56 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2008/04/14 04:41:56 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2008/04/14 04:41:56 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2008/04/14 04:41:56 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2008/04/14 04:41:56 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2008/04/13 23:11:02 | 000,052,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\volsnap.sys
[2006/12/31 06:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/09/13 01:00:00 | 000,046,592 | -H-- | C] () -- C:\Documents and Settings\Usr1\Application Data\da2dd8df.exe
[2004/11/18 09:16:42 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\nktwab.dll
[2004/01/20 01:00:00 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\ernel32.dll
[2003/07/07 11:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/07/07 11:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/07/07 11:00:00 | 000,312,378 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/07/07 11:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/07/07 11:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/07/07 11:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/07/07 11:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/07/07 11:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/07/07 11:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/07/07 11:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1998/03/22 13:50:02 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

< End of report >

Hi there i managed to download OTl, but only pop up log appeared i cant find the other one on my desktop, same happened when i tried to download rkill onto desktop, so have pasted the one log, thanks

Hello.

Please run OTL.exe.

• Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :OTL
  PRC - [2011/04/08 10:19:25 | 000,475,136 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\20176692.exe
  PRC - [2011/04/08 10:06:03 | 000,548,864 | ---- | M] (GPA) -- C:\Documents and Settings\All Users\Application Data\aoChCgeHApgo.exe
  O4 - HKCU..\Run: [{20620091-0B0C-E5E4-915E-DECC148346A2}] C:\Documents and Settings\Usr1\Application Data\Ibnyi\obid.exe ()
  O4 - HKCU..\Run: [aoChCgeHApgo] C:\Documents and Settings\All Users\Application Data\aoChCgeHApgo.exe (GPA)
  [2011/04/08 10:19:29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Usr1\Start Menu\Programs\Windows Restore
  [2011/04/08 10:06:10 | 000,548,864 | ---- | C] (GPA) -- C:\Documents and Settings\All Users\Application Data\aoChCgeHApgo.exe
  [2011/04/04 11:17:18 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Usr1\Application Data\Ibnyi
  [2011/04/04 11:17:18 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Usr1\Application Data\Coal
  [2011/04/08 10:50:46 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~20176692r
  [2011/04/08 10:50:46 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~20176692
  [2011/04/08 10:50:32 | 000,000,278 | -H-- | M] () -- C:\WINDOWS\tasks\da2dd8df.job
  [2011/04/08 10:37:27 | 000,000,384 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\20176692
  [2011/04/08 10:19:29 | 000,000,811 | -H-- | M] () -- C:\Documents and Settings\Usr1\Desktop\Windows Restore.lnk
  [2011/04/08 10:19:25 | 000,475,136 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\20176692.exe
  [2011/04/08 10:06:03 | 000,548,864 | ---- | M] (GPA) -- C:\Documents and Settings\All Users\Application Data\aoChCgeHApgo.exe
  [2011/04/08 09:34:52 | 000,010,376 | -HS- | M] () -- C:\Documents and Settings\Usr1\Local Settings\Application Data\l8h6k22165o6e645bt4xcs1558h
  [2011/04/08 09:34:52 | 000,010,376 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\l8h6k22165o6e645bt4xcs1558h
  [2011/04/04 15:08:37 | 000,227,545 | -HS- | M] () -- C:\Documents and Settings\Usr1\Local Settings\Application Data\byb.exe
  [2011/04/04 15:08:36 | 000,227,545 | -HS- | M] () -- C:\Documents and Settings\Usr1\Local Settings\Application Data\gmw.exe
  
  :commands
  [emptytemp]
  [reboot]
  
  
  
• Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  
  
• Click the red Run Fix button.
  
• A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTL.exe
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.