Posts by kylethedarkn

Looks like you got infected with quite a few trojans as well as Virtuomondo. Ok lets get started.

First run HJT and place a checkmark next to the following.

O2 - BHO: (no name) - {3E8EC2D9-806B-4C7F-AE7F-F44AD4ABE8B5} - C:\WINDOWS\system32\mljhged.dll
O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - C:\WINDOWS\system32\ydwqjduj.dll
O2 - BHO: (no name) - {C505491A-8BDB-992A-8A0F-F8ADD9BC72C0} - C:\WINDOWS\system32\gkrygjl.dll
O2 - BHO: (no name) - {E3C6619C-38DD-4842-AFD2-D13798274921} - C:\WINDOWS\system32\ddccd.dll
O4 - HKLM\..\Run: [{ZN}] C:\Documents and Settings\gabby\Local Settings\Temp\TICHD003.exe CHD003
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\craewuwa.dll",realset
O4 - HKCU\..\Run: [Sen] "C:\WINDOWS\system32\ASKS~1\wuauclt.exe" -vt yazb
O4 - HKCU\..\Run: [Vkplrjx] "C:\Program Files\?asks\?hkntfs.exe"
O4 - Startup: TA_Start.lnk = C:\Documents and Settings\gabby\Local Settings\Temp\TICHD003.exe
O20 - Winlogon Notify: ddccd - C:\WINDOWS\system32\ddccd.dll
O20 - Winlogon Notify: mljhged - C:\WINDOWS\SYSTEM32\mljhged.dll

Now click fix checked.

Now Please download VundoFix.exe to your desktop.

• Double-click VundoFix.exe to run it.
• Put a check next to Run VundoFix as a task.
• You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
• When VundoFix re-opens, click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will shutdown your computer, click OK.
• Turn your computer back on.

Well seeing as Neither HJT or the AVG scan showed any signs of it i'm pretty sure its gone. As for the scan results it could be something falty in the Yahoo anti-virus program. When it shows up in the scan dows it say what file it is and where its located? If it does then check if that file is there. If it isnt than yahoo is buggy, and if it is delete it.

I also want you to run CrapCleaner. It will get rid of some uneeded junk on your comp and will improve the speed.

Begin by downloading CCleaner, and specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files". 9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your computer is configured to show all …

Hello. I wan't you to do a quick scan to start things off.

Please download and install ewido anti-spyware tool(Now called AVG Anti-spyware)

• Close all other Applications Select language click Ok
• Click I Agree
• Click next
• Click Install
• Click Finish
• Wait Ewido will open main screen automatically.
• Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
• This in very important to get updates
• When updating has finished. Close Ewido.

If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.

• Next, please reboot your computer in Safe Mode by doing the following:
• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Instead of Windows loading as normal, a menu should appear use arrow up to highlight
• Select the first option, to run Windows in Safe Mode hit enter.
• For additional help in booting into Safe Mode, see the following site: HERE

  You MUST manage to get into Safe Mode for the fix to work.

Make sure to close all open windows/programs/folders. Have nothing else open while ewido performs its scan!

• Open Ewido
• Click on scanner top of Ewido sceen
• Click on Settings
• Under How to Act click on Recommended Action …

I can't find any evidence that I Search is still there. Are you actually having problems or is it just the alert that keeps popping up. If your actually having problems still could you describe them in detail please. Thx.

There are 2 things you could do. You could completely reformat the computer and you would lose all the programs and information on it, but it would be like you just bought it from the store.

Or this might be because of malware. In that case you should download HJT. Look at the stickies of this forum to see how to do that.

I would recommend the second choice, but it is up to you.

Well I don't consider noron to be very helpful. I think it causes more problems then it solves. I would get a different Anti-virus program such as McAfee or AVG. Anyways I want you to do two things.

First Run HJT and place a checkmark next to the following.

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 222.231.6.240:8080 (Did you set this proxy? if not then put a check by it.)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O1 - Hosts: 69.5.88.72 www.megaupload.com
O13 - Gopher Prefix:

Now click fix checked.

Now i want you to install and run the following scanner.

Please download and install ewido anti-spyware tool(Now called AVG Anti-spyware)

• Close all other Applications Select language click Ok
• Click I Agree
• Click next
• Click Install
• Click Finish
• Wait Ewido will open main screen automatically.
• Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
• This in very important to get updates
• When updating has finished. Close Ewido.

If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.

• Next, please reboot your computer in Safe Mode by doing the following:
• Restart your computer
• After hearing your …

Your log shows you do have the valid rundll32.exe running in your C:\Windows\System32\ folder. The one in the C:\ drive is most likely some sort of malware. The reason your probably not able to find the real rundll is that you have it set that it blocks hidden files/folders, or you have it set that it hides protected system files. Gettting back to the rundll in the C:\ drive. I want to make sure its malicious before I tell you to delete it so go here and upload and scan the rundll32.exe in the C drive. If it comes up as infected go into safemode again and delete the file. If not then post the results of the scan here.

I want you to do two things. First in want you to install and run the following scanner.

Please download and install ewido anti-spyware tool(Now called AVG anti-spyware)

• Close all other Applications Select language click Ok
• Click I Agree
• Click next
• Click Install
• Click Finish
• Wait Ewido will open main screen automatically.
• Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
• This in very important to get updates
• When updating has finished. Close Ewido.

If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.

• Next, please reboot your computer in Safe Mode by doing the following:
• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Instead of Windows loading as normal, a menu should appear use arrow up to highlight
• Select the first option, to run Windows in Safe Mode hit enter.
• For additional help in booting into Safe Mode, see the following site: HERE

  You MUST manage to get into Safe Mode for the fix to work.

Make sure to close all open windows/programs/folders. Have nothing else open while ewido performs its scan!

• Open Ewido
• Click on scanner top of Ewido sceen
• Click on Settings
• Under How to Act click on Recommended Action choose Quarantine
• Under …

It found alot of tracking cookies, but nothing else. I want you to try something to see whether the error is happening because of something with Internet Explorer or because the computer is infected.

Go here and download and install Mozilla Firefox.
Go on the KIDS side of the comp and open Mozilla firefox.

Tell me in your next post if you were able to access the internet without getting the error.

where are stickes

Go to the main Viruses and other nasties forum and look at the top.

Theres a pretty good site i found called tigerdirect.com. It sells everything factory direct and has tons of memory chips that you could get pretty cheap. I would recommend you get 512mb to 1G or ram. 1G would make your computer extremely fast. On tiger direct you can get a Gig for around 50-60 dollars.

Hmm.. I'm not familiar with the most recent windows update so i don't know why it causes the laggyness. Some easy ways to increase computer speed though is to clean the temp, Manually clean out your C:\ drive of unwanted programs/files, and to run as few startup processes as possible.

An easy way to the clean the temp in with a porgram called crapcleaner. Here the download instructions.

Begin by downloading CCleaner, and specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files". 9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.

Now, install the program. Open it, and choose the 'Options' tab. Inside, hit the 'Custom' tab, and add the following folders (Note: Not all of these files …

Yup. It was a combonation of Virtumondo, Look2Me, and the RapidBlaster parasite.

Looks fine to me too. Could you be more specific about what is wrong with your computer. "funny" could be anything. Thx.

Machine # 2 apears to be clean. But # 1 has a trojan.

First run HJT and place a checkmark next to the following.

O1 - Hosts: 213.239.0.226 www.crackspider.com
O9 - Extra button: Search cracks at CrackSpider.NET - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - http://crackspider.net/ie/btn.php (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Search cracks at CrackSpider.NET - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - http://crackspider.net/ie/btn.php (file missing) (HKCU)
O16 - DPF: {10954C80-4F0F-11D3-B17C-00C0DFE39736} - http://hot.thebugs.ws/fav.exe
O24 - Desktop Component 1: Background - http://www.****.com/background/index.html

Now click Fix Checked.

Now use My Computer to navagate to the following files/folders and delete them if present.
%WINDIR%\crcspider.ico(Windir is probably C:\Windows\ or C:\Windows\System32\. Check them both)

In your next post include a new HJT along with any problems your still having. This trojan was probably picked up from using those torrent and crack sites to get illegal software and other things.

If its possible i would log on normally and use task manager to open IE or Firefox via File>New Task in task manager and type either iexplorer.exe or firefox.exe. Then use that to download and run HJT.(look in stickies) After you scan with that it will open up a notepad files automatically. Copy and paste the contents of that notepad files here in your next post. Also if you can download AVG antispyware and run it. You can download that here. Post the AVG log too if you can. And be sure to set AVG to delete the files not ignore them.

I can see why it was being so slow. All those processes running with only 192 MegaBytes of RAM. If you want you can mark this thread as solved.(Theres a link under most current post)

Glad to see its working. About the geedb.dll. Check if it is actually still in the windows folder still. If it is youll will probably be able to delete it normally or with killbox now that the main infection is gone. You can mark this thread as solved now.(Theres a link under this post)

Look like you have a trojan and a couple of worms on your computer that could be stealing informaton from your computer. Untill we get this fixed up i would advise that you not go to any online banking sites or anything where you enter personal information.

Ok First run HJT and place a checkmark next to the following.

F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\SYSTEM32\winmgd.win
F1 - win.ini: run=C:\WINDOWS\SYSTEM32\mouse_configurator.win
O2 - BHO: Zango Search Assistant Helper /fleok=1D8A83A5C0E4197F91AB75760EA83FA5EF80752B94E2DF7E5B7E472D37C3 - {56F1D444-11BF-4879-A12B-79CF0177F038} - c:\program files\zango\zangohook.dll (file missing)
O4 - HKLM\..\RunServices: [WinProfile] sndcfg16.exe
O4 - HKLM\..\RunServices: [RDLL] RunDll16.exe

Now click fix checked.

You might want to print out the following instructions as you will not be able to access the internet from safe mode.

Reboot your computer and while it is loading continuously tap F8 until a menu pops up. Use the arrows key to select safe mode and then hit enter.

Once in safe mode use My Computer to locate and delete the following folders/files.
C:\WINDOWS\SYSTEM32\winmgd.win
C:\WINDOWS\SYSTEM32\mouse_configurator.win
c:\program files\zango\

The last two files you'll have to find they are either in the C:\Windows\ directory or C:\Windows\System\ or C:\Windows\System32\ directory. Those are the following files.

sndcfg16.exe
RunDll16.exe

Now reboot back to normal.

Post a new HJT log along with any problems your still having in your next post.

First of all look at the stickies to see how to install HiJack This. Post the HiJack this log in your next post.

Glad to hear that. Please mark this thread as solved then.(Theres a link under this post)

Thank you Kyle, I was out of town and came home today.

No problem, glad to see you are back.

I guess i'll take over Rahina must be busy or something. Ok i'm gonna have you run a quick scan.

Please download and install ewido anti-spyware tool(Now called AVG anti-spyware)

• Close all other Applications Select language click Ok
• Click I Agree
• Click next
• Click Install
• Click Finish
• Wait Ewido will open main screen automatically.
• Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
• This in very important to get updates
• When updating has finished. Close Ewido.

If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.

• Next, please reboot your computer in Safe Mode by doing the following:
• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Instead of Windows loading as normal, a menu should appear use arrow up to highlight
• Select the first option, to run Windows in Safe Mode hit enter.
• For additional help in booting into Safe Mode, see the following site: HERE

  You MUST manage to get into Safe Mode for the fix to work.

Make sure to close all open windows/programs/folders. Have nothing else open while ewido performs its scan!

• Open Ewido
• Click on scanner top of Ewido sceen
• Click on …

Nelly please don't grave dig threads from years ago. If your having the same problem as someone please make a new thread with the problem and then post your HJT log in it. Thx.

Ok lets get started.

First run HJT and place a checkmark next to the following.

O4 - HKLM\..\Run: [ftutil2] "rundll32.exe" ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [0g640iv8.dll] "RUNDLL32.EXE" 0g640iv8.dll,b 287968

Now click fix checked.

Now you have to delete a couple files. Use the search option in Windows Explorer and search for the following and delete them.

ftutil2.dll
0g640iv8.dll

They are most likely in the C:\Windows\ folder or the C:\Windows\System32\ folder.

Tell me if this works in your next post.

Woah the AVG log shows that you have alot more on you computer then i thought. Ok i'm gonna have you run two programs to make sure two of the infections are completely gone.

First Please download VundoFix.exe to your desktop.

• Double-click VundoFix.exe to run it.
• When VundoFix re-opens, click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will reboot your computer, click OK.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the
Scan for Vundo button." when VundoFix appears at reboot.

After that Please download Look2Me-Destroyer.exe to your desktop.

• Close all windows before continuing.
• Double-click Look2Me-Destroyer.exe to run it.
• Put a check next to Run this program as a task.
• You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 minute. Click OK
• When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
• Once it's done scanning, click the Remove L2M button.
• You will receive a Done Scanning message, click OK.
• When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will …

There is only one thing in your log that is malicious and it is the 013
entry. Have you noticed that when you type something into the address bar(in IE at least) that if you don't put http:// it will change it to something else. Because thats what the 013 is doing.

To get rid of that run HJT and put a checkmark next to the following.
O13 - Gopher Prefix:

Now click fix checked.

There you go your all clean.

Thats okay, but you'll have to email the instructions that i give you to her as well, or you could have her use your name to log onto daniweb on her computer as well.

Hmm. I'm not familiar with this new virus, but since i don't see the folder you were talking about in your log i'm guessing it hides itself from HJT. I did find some other trojans on your computer though, so lets get started with those, but first move HJT to its own folder in a permanent folder like C:/HJT/.

After doing that run HJT and place a checkmark next to the following.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [hldrrr] C:\WINDOWS\system32\hldrrr.exe
O4 - HKCU\..\Run: [Evidence Eliminator] C:\Program Files\Evidence Eliminator\ee.exe /m
O4 - HKCU\..\Run: [hldrrr] C:\WINDOWS\system32\hldrrr.exe(yes there is a second one)

Now click fix checked.

You might want to print out the folloiwng instructions because you wont be able to access the internet from safe mode.

First boot into safe mode by restarting you computer and then tapping F8. When the menu pops up use the arrow keys to select safe mode and then hit enter.

Now open My Computer and use it to the delete the following files/folders.
C:\WINDOWS\system32\hldrrr.exe
C:\Program Files\Evidence Eliminator\
C:\Windows\exefld\

Now reboot back to normal mode. Go to where ever you put HJT and rename it to something else like "hello" or something else random. Now do another scan after the name change and post the new log here. Tell me if you still having problems after this.

Ok run HJT and put a check mark next to the following.

O2 - BHO: (no name) - C78D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - ?n - (no file)
O2 - BHO: (no name) - rsion - (no file)
O2 - BHO: (no name) - XCB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: (no name) - ØB07962-6F74-2D53-2644-206D7942484F} - (no file)

Now click fix checked.

Tell me if your still having problems after this.

Nothing Malicious in the log. I'm guessing the laggyness is just from too many process running at once or too much space is taking up by uneeded programs.

Heres a couple things you can do to help with that.

Go to the start menu and then run. Type "msconfig"(without the quotes) into the box. Now go to the startup tab. Uncheck any boxes that have programs next to them that dont need to load when you first turn the computer on, such as QuickTime Task, or microsoft office. This will make the computer turn on faster.

Now i would like you to download and install the following program to delete temp files and folder you don't need.

Begin by downloading CCleaner, and specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files". 9. Press the …

Please look at the stickies to find out how to download and run HiJack This. Post the log from your moms computer here. Thx.

Well in that case just delete the folder
C:Windows/System32/Sys32/
That should get rid of that keylogger, but i would still like a HJT log to make sure nothing else got infected.

Hmm I don't see anything that jumps out at so i want you to run the following scan.

Please download and install ewido anti-spyware tool(Now called AVG anti-spyware

• Close all other Applications Select language click Ok
• Click I Agree
• Click next
• Click Install
• Click Finish
• Wait Ewido will open main screen automatically.
• Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
• This in very important to get updates
• When updating has finished. Close Ewido.

If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.

• Next, please reboot your computer in Safe Mode by doing the following:
• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Instead of Windows loading as normal, a menu should appear use arrow up to highlight
• Select the first option, to run Windows in Safe Mode hit enter.
• For additional help in booting into Safe Mode, see the following site: HERE

  You MUST manage to get into Safe Mode for the fix to work.

Make sure to close all open windows/programs/folders. Have nothing else open while ewido performs its scan!

• Open Ewido
• Click on scanner top of Ewido sceen
• Click on Settings
• Under …

Ok my bad. I forget to tell you to also check the 020 infected entries in HJT along with the BHO entries. (only the ones with qomlljk.dll and geedb.dll) First i want you to run task manager and then click file new task and type "explorer.exe" (without the quotes). If that works then do the following.

Please download and install ewido anti-spyware tool(Now AVG Anti-spyware)

• Close all other Applications Select language click Ok
• Click I Agree
• Click next
• Click Install
• Click Finish
• Wait Ewido will open main screen automatically.
• Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
• This in very important to get updates
• When updating has finished. Close Ewido.

If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.

• Next, please reboot your computer in Safe Mode by doing the following:
• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Instead of Windows loading as normal, a menu should appear use arrow up to highlight
• Select the first option, to run Windows in Safe Mode hit enter.
• For additional help in booting into Safe Mode, see the following site: HERE

  You MUST manage to get into Safe Mode …

Glad to see the scans worked for you. If any problems come back let us know.

Hmm... Thats a good question. You might be able to find out some more info on Kontiki's Home page which is here. But for now it isn't doing any harm. If any sudden symptoms appear though you should let us know.

Your log is a little jumbled. I think you have wordwrap on in notepad. Since you cant get in safe mode well have to do this a little diferently.

First run HJT and check the two BHO that were still there.

Now downlaod Pocket Killbox from here.

1. Install and Run it.
2. Now check the box that says delete on reboot.
3. Now click on the folder icon and select all of the files i told u to delete in safe mode in my last post.
4. Now click on all files which is right next to single file.
5. Click the kill button(Red circle with white X) and let it restart your computer.

Now scan again and post a new HJT log. Be sure to uncheck wordwrap in notepad and just copy and paste the text.

Glad to hear everything is working now.

Download Tweak Xp from here. It is a program that lets you easily change windows settings you should be able to do whatever using that program. Its pretty self explainitory how to use it.(It also comes with a help menu though)

Yeah thats what it is.

Ok lets get started. First of all run HJT and place a checkmark next to the following.

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {182B90A3-F372-438A-800C-6814B4DE417B} - C:\WINDOWS\system32\qomlljk.dll
O2 - BHO: (no name) - {27692646-4D6A-4D33-96D9-163C09D77466} - C:\WINDOWS\system32\ddcyv.dll
O2 - BHO: (no name) - {2FBCC941-5176-4C96-8EF1-CAD8BF678C33} - C:\WINDOWS\system32\mljgh.dll
O2 - BHO: (no name) - {567FAD27-92A2-43A3-87F2-34310F55C9EF} - C:\WINDOWS\system32\ssttt.dll
O2 - BHO: (no name) - {D549F7B8-C806-4059-A34A-66C2720FADB9} - C:\WINDOWS\system32\qlrvsbnw.dll (file missing)
O2 - BHO: (no name) - {E2EE5C44-C66D-499d-BEAE-A2A79189A63A} - C:\WINDOWS\system32\karkmtyv.dll
O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\xmoesxvh.dll",realset
O4 - Global Startup: Trust 730S LCD PowerC@M ZOOM Monitor.lnk = ?
O20 - Winlogon Notify: geedb - C:\WINDOWS\system32\geedb.dll
O20 - Winlogon Notify: qomlljk - C:\WINDOWS\SYSTEM32\qomlljk.dll

Now click fix chekced.

You might want to print out the next section as you will not be able to connect to the internet for the most of it.

Restart your computer and while its restarted keep tapping F8 during startup. A menu should pop up. Use the arrow keys and enter to select Safe Mode.

Now use My Computer to navagate to the following files/folders and delete them.

C:\WINDOWS\system32\qomlljk.dll
C:\WINDOWS\system32\geedb.dll
C:\WINDOWS\system32\qlrvsbnw.dll
C:\WINDOWS\system32\karkmtyv.dll
C:\Program Files\Trust\

Restart your computer normally. Now Run HJT this again and post a new log here along with any problems that your still expiriencing.

Please post the log from the first infected computer. Thx.

Nevermind i got it back to normal. If anyone else has this problem all you have to do is download tweak XP and uncheck and then recheck drop shadows under desktop effects.

You do know your on a Novell network right? You don't have administrative privileges, and if i told you hold to ungrey the browse button or get the gpedit to work that would be hacking, which i think is illegal....yup it is. BTW the log is completely clean.

So a long time ago I had tons of malware on my computer and I came here and got it removed. Every since then i haven't been able to change my desktop background back to transparents which means all my icons have a solid color behind the text instead of my chosen background. Does anybody know how to fix this, cuz its really been getting annoying. Thx in advance.

Also you should include a HJT log from that computer. (see stickies)

Well first of all look at the stickies and get your HJT log posted here. Second IE probably has the worst security i've ever seen so i would recommend Mozilla Firefox or Opera. Once you post the HJT we should be able to clear out your computer of all the malware in it.

Your log is cleans except for two little things that aren't really malware, bun anyways run HJT and put checkmarks next to the following.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

Then click fix checked.

You said you were on here before? Was that because your explorer.exe wasn't working properly or was it because it was being used by malware. The system restore thing might have been target some previous infection you had. Other that that there's no evidence in your log that would lead me to believe this is because of malware of any kind.

Your log is clean, but i'm pretty sure i found the upload culprit.
C:\WINDOWS\kdx\KHost.exe

This belongs to a program that uploads images and other things to secured servers for later downloads. This is most likely the reason for the unexplained uploads. No reason to worry.