Qoologic.AZ, Malware, IE Popups [HJT - Log]

Same problem as before with the fixme.reg file.

On reboot after using Killbus, I got two command prompts that opened, one was for PIQH.EXE and another was for an NT something or other. They opened, closed and then that was that. I just checked and regedit.exe is in the correct directory. (Start>Run>regedit now works for me where as before, it wouldn't open the registry editor)
 
Hi

Have hijackthis fix these two items
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\ykoiai.exe reg_run
O4 - Global Startup: PIQH.EXE
-----------------------------

Then restart the pc, let us know if either of those two return or if they dont after a few hours please
 
Neither of them are listed anymore, however I am still getting a popup from my OneCare Live anti-virus about a file named A0032628.dll in C:\System Volume Information\_restore{202550A8-...\ I believe there is more to the location however the window doesn't expand to show it. It is from the Virus: TrojanDownloader:Win32/Qoologic.AZ .......Is this a problem or just something I can ignore?
 
Hi

Not to worry about items in system restore (C:\System Volume Information)

If the pc is ok after a week or so disable reboot then re-enable system restore
Purge System Restore
Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Then Reboot. < Dont skip that step.
Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
Click to expand...

Post back in a couple days and let us know of any problems
 
Im Glad we could help
Since the problems are solved Im going to close the topic now, this keeps others with similar problems from posting there logs/question here, they should start a new topic.
If you should need to post another log for the same PC let Me or Tashi know.
 
You must log in or register to reply here.
Back
Top