Erratical behavior on my system
- Thread starter zrules
- Start date
- Status
Please Disable System Restore (howto)
Then download Move On Boot from h e r e
Once installed click on Start--> All Programs -->GiPo@Utilities-->MoveOnBoot
Paste this exactly in the white area: C:\WINDOWS\SYSTEM32\rqRIXoLf.dll
Click next, and then select Delete select Start
Restart
Confirm C:\WINDOWS\SYSTEM32\rqRIXoLf.dll has in fact been deleted
If it has gone, please re-enable System Restore
Reply back with the result
Then download Move On Boot from h e r e
Once installed click on Start--> All Programs -->GiPo@Utilities-->MoveOnBoot
Paste this exactly in the white area: C:\WINDOWS\SYSTEM32\rqRIXoLf.dll
Click next, and then select Delete select Start
Restart
Confirm C:\WINDOWS\SYSTEM32\rqRIXoLf.dll has in fact been deleted
If it has gone, please re-enable System Restore
Reply back with the result
Well it's still there 
You will need to go through Viruses/Spyware/Malware, preliminary removal instructions
You will need to go through Viruses/Spyware/Malware, preliminary removal instructions
Blind Dragon
Posts: 3,774 +4
Did you install the longhorn clock and vista theme yourself, its weird that this is the 2nd log i read tonight with both those in it.
Remove bad HijackThis entries
---------------------------------------------------------------------------
Please download the Killbox by Option^Explicit.
Note: In the event you already have Killbox, this is a new version that I need you to download.
If your computer does not restart automatically, please restart it manually.
If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.
------------------------------------------------------------------------
Go to control panel -> add/remove programs and uninstall Viewpoint Manager Service
Then navigate to and delete C:\program files\Viewpoint
--------------------------------------------------------------------------
Malwarebytes' Anti-Malware
After that run a fresh scan with hijackthis to attach here with mbam log
Remove bad HijackThis entries
- Run HijackThis
- Click on the System Scan Only button
- Put a check beside all of the items listed below (if present):
O2 - BHO: (no name) - {16474325-4211-4ACF-A1B3-07C784B9D33F} - C:\WINDOWS\system32\vtUonkiI.dll (file missing)
O2 - BHO: (no name) - {35F7D4A9-6E01-49E4-9E82-F5C16A7247C6} - C:\WINDOWS\system32\geBssstQ.dll (file missing)
O2 - BHO: {21b352c0-027c-1649-bd14-e6b641803c34} - {43c30814-6b6e-41db-9461-c7200c253b12} - C:\WINDOWS\system32\sqfuekku.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [145df383] rundll32.exe "C:\WINDOWS\system32\urqkyswd.dll",b
O4 - HKLM\..\Run: [BM176ec01f] Rundll32.exe "C:\WINDOWS\system32\hkxwxbsr.dll",s
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
- Close all open windows and browsers/email, etc...
- Click on the "Fix Checked" button
- When completed, close the application.
---------------------------------------------------------------------------
Please download the Killbox by Option^Explicit.
Note: In the event you already have Killbox, this is a new version that I need you to download.
- Save it to your desktop.
- Please double-click Killbox.exe to run it.
- Select:
- Delete on Reboot
- then Click on the All Files button.
- Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\WINDOWS\system32\vtUonkiI.dll
C:\WINDOWS\system32\geBssstQ.dll
C:\WINDOWS\system32\sqfuekku.dll
C:\WINDOWS\system32\urqkyswd.dll
C:\WINDOWS\system32\hkxwxbsr.dll
- Return to Killbox, go to the File menu, and choose Paste from Clipboard.
- Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt.
If your computer does not restart automatically, please restart it manually.
If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.
------------------------------------------------------------------------
Go to control panel -> add/remove programs and uninstall Viewpoint Manager Service
Then navigate to and delete C:\program files\Viewpoint
--------------------------------------------------------------------------
Malwarebytes' Anti-Malware
- Please download Malwarebytes' Anti-Malware to your desktop.
- Double-click mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to
- Update Malwarebytes' Anti-Malware
- and Launch Malwarebytes' Anti-Malware
- then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select Perform full scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected.
- When completed, a log will open in Notepad. please attach this log with your reply
- If you accidently close it, the log file is saved here and will be named like this:
- C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
After that run a fresh scan with hijackthis to attach here with mbam log
Blind Dragon
Posts: 3,774 +4
Install an antivirus
Anti-Virus
AVG 8 Free
Avast Free
Avira Free <- My recommendation
-----------------------------------------------------------------
Install a Firewall - I would suggest Zone Alarm
Firewalls
Here are some firewalls which are free for personal use and most commonly used:
Comodo <-Vista Compatible
Kerio
Online Armor
Zonealarm <-Vista Compatible
--------------------------------------------------------------------
Download and Run ATF Cleaner
Download ATF Cleaner by Atribune to your desktop.
Double-click ATF Cleaner.exe to open it.
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
Firefox or Opera:
Click Firefox or Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
--------------------------------------------------------------
Run Kaspersky Online AV Scanner
Order to use it you have to use Internet Explorer.
Go to Kaspersky and click the Accept button at the end of the page.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
Anti-Virus
AVG 8 Free
Avast Free
Avira Free <- My recommendation
-----------------------------------------------------------------
Install a Firewall - I would suggest Zone Alarm
Firewalls
Here are some firewalls which are free for personal use and most commonly used:
Comodo <-Vista Compatible
Kerio
Online Armor
Zonealarm <-Vista Compatible
--------------------------------------------------------------------
Download and Run ATF Cleaner
Download ATF Cleaner by Atribune to your desktop.
Double-click ATF Cleaner.exe to open it.
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
Firefox or Opera:
Click Firefox or Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
--------------------------------------------------------------
Run Kaspersky Online AV Scanner
Order to use it you have to use Internet Explorer.
Go to Kaspersky and click the Accept button at the end of the page.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
- Read the Requirements and limitations before you click Accept.
- Allow the ActiveX download if necessary.
- Once the database has downloaded, click Next.
- Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
- Click on "My Computer"
- When the scan has completed, click Save Report As...
- Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
- Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
Blind Dragon
Posts: 3,774 +4
Combofix
Combofix will automatically save the log file to C:\combofix.txt
- Download Combofix to your desktop.
- Double click combofix.exe & follow the prompts.
- A window will open with a warning.
- When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.
Combofix will automatically save the log file to C:\combofix.txt
Blind Dragon
Posts: 3,774 +4
do you recognize this folder created yesterday - I will assume you do and leave it be, but please let me know if you don't
C:\ijji
-----------------------------------------------------------------------
Open notepad and copy and paste next bold in it:
reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon" >> C:\look.txt
Save this as look.bat , choose to save as *all files and place it on your desktop.
It should look like this on your desktop:
Doubleclick look.bat
Notepad will open with some txt in it. Copy and paste the contents in your next reply.
-------------------------------------------------------------------------
Disable Teatimer
-------------------------------------------------------------------------
Run CFScript
Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..
Pay particular attention to this :-
Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Save this as CFScript.txt
Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.
C:\ijji
-----------------------------------------------------------------------
Open notepad and copy and paste next bold in it:
reg query "HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon" >> C:\look.txt
Save this as look.bat , choose to save as *all files and place it on your desktop.
It should look like this on your desktop:
Doubleclick look.bat
Notepad will open with some txt in it. Copy and paste the contents in your next reply.
-------------------------------------------------------------------------
Disable Teatimer
- Right click the Spybot -SD Resident Icon located in your system tray, Select Exit Spybot - S&D Resident
- Open Spybot S&D
- Click on Mode at the top and make sure that Advanced is checked
- Expand the Tools tab in the left pane
- Single click on the Resident Icon also in the left pane
- Uncheck Resident "TeaTimer" (Protection of over-all system settings) Active
- Close spybot
-------------------------------------------------------------------------
Run CFScript
Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..
Pay particular attention to this :-
Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Save this as CFScript.txt
Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.
- Status
Similar threads
