Suspicious files ssqolih.dll, rqonl.dll, lnoqr.ini, and lnoqr.ini2

Unknown

Hello,
I have some suspicious files in the C:\Windows\System32 folder:
ssqolih.dll
rqonl.dll
lnoqr.ini
lnoqr.ini2

The DLL files are being called by WinLogon and therefore cannot be deleted because they are in use. Furthermore, when I use HJT, I'll click on the Delete file after Reboot button, and HJT crashes.

When using IE, popups do generate.

Any help would be greatly appreciated.

Thanks.

e92phreak

The popups tend to be from setthetrend(dot)com, registrydefender(dot)com, or to some sports sites.

markamus

Hi e92phreak,

For future reference, our helpers look for logs with zero replies. This could be why your log has gone unanswered.

We apologize for the delay here. Our helpers have been quite busy. Are you still needing assistance? If so, please post a fresh HijackThis log for me to review. A lot can happen in a few days time so we need to see exactly what's going on with this PC right now. Here's the instructions for downloading/running HijackThis:

Please download HJT Installer from Here to your desktop.
If not available use this alternate link: Here

• Double click on the HJTInstall.exe.
  at the next window Select Install.
  It will be installed by default here: C:\Program Files\Trend Micro\HijackThis.
  A shortcut to the application will also be placed on your Desktop.
  The program will open automatically after installation.
  Select "Do a system scan and save logfile"
  It will open in Notepad. save it to your Desktop
  Before closing HJT, please click on the AnalyzeThis button. "Analyze This" is for use by TrendMicro, and DOES NOT mean "Analyze My Log". You will need to post your log on the Hijackthis Board.
  Close the web page that appears and then close the program.
  Open the Hijackthis log you saved to your desktop and copy and paste the results as a reply to this thread.
  Use the Hijackthis shortcut to run future scans.

Thanks,

markamus