Spread the love! TechSpot Tech Gift Shortlist 2017

Results of Update 8 Steps Viruses/Spyware/Malware

By Wind777 · 13 replies
Oct 19, 2008
  1. Hi! Here are some of the logs from trying to rid my computer of several viruses that McAfee allowed access to my computer. I was very disapointed in there support and let them know I thought they should have a free tech chat the way they have it for accounts. I should not be made to pay twice for what I had already paid for. Since then I downloaded the AVG antivirus. I have used it on another computer and have been completely satisfied with its performance.

    On the attachments, I am having a problem locating the Super antispyware logs. Please give me some help. Unable to find them in programs under SuperAntiSpyware. No logs even though I saved.

    The symptoms I was having to my computer. OS Windows XP Prof. SP3 Lots of ads. Freezing programs including task manager. McAfee updates turned off. Windows updates disabled and unable to enable. Windows Defender updates turned off. My Linsky connector would say it was connected when it was unpluged and would try to link with other routers. It would not close, the tray icon would not turn grey. Unable to connect to internet until I used Windows Internet Explorer with no add ons and in Profiles I used the edit button and re-entered the password several times. Rundll Error -Systems32/udgyjfmy.dll would pop everytime I would start after trying scans with several antivirus, spyware. regit programs. I would disable one antivirus while I ran another. Active X files I had disabled would be enabled again. :)

    View attachment 36764

    View attachment 36765

    View attachment 36766

    Please let me know if you have anymore info. or processes I need to take to ensure the viruses have been removed. Thank you for posting the steps I needed to take. Most information is very vague. Hopefully in the future I will be able to help some one else by recommending your site. --W777
  2. momok

    momok TS Rookie Posts: 2,265

    Hi, have you gone through the SuperAntispyware scan?
    Also, your MBAM log shows "no action taken" for all items in them. Please rescan your system with MBAM and fix them. Post fresh logs when you are done as attachments.
  3. rf6647

    rf6647 TS Maniac Posts: 829

    Based on a weak assumption on the appearance of O20 item, I think this calls for combofix.

    O20 - AppInit_DLLs: emlfqv.dll {legit item omitted}
    O20 - Winlogon Notify: yaywvwXr - C:\WINDOWS\

    Questionable; can user identify this? Otherwise HJT- fix check
    O2 - BHO: (no name) - {4A3FC397-4073-48FE-B201-0C932F68764A} - C:\WINDOWS\system32\opnkiHaa.dll (file missing)

    All "no action" findings point to the system restore copy.

    Follow this post to obtain combofix
    combofix –momok
  4. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Disable AVG realtime protection before running combofix by right clicking it in the system tray and unchecking the real time monitoring

    • Download Combofix to your desktop.
    • Double click combofix.exe & follow the prompts.
    • A window will open with a warning.
    • When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.
    Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

    Combofix will automatically save the log file to C:\combofix.txt
    Also attach a fresh hijackthis scan ran afterwards
  5. Wind777

    Wind777 TS Rookie Topic Starter Posts: 17

    Virus removal-Second time hopefully is the charm.

    Sorry it took awhile to get back to you. I appreciate all your input. Attached are more recent log files in the order I ran the programs: MBam ( Note: I saved the file before I got rid of the checked items and removed them. I must not of saved the file after they were removed), SUPERantispyware (still unable to find the log files, but everything showed 0),, AVG, Combofix, and Hijack This files. The two missing legit files are files I deleted out of desperation before I found your web site. How can I replace them and what are they used for?

    Thank you again,

    Attached Files:

  6. Wind777

    Wind777 TS Rookie Topic Starter Posts: 17

    Has anybody reviewed my new posted logs?

    Hi !

    Nobody has posted any new posts to my latest logs. Is my computer virus free? My computer seems to be running good except the windows Security Update for Microsoft XML Core Services 4.0 Service Pack 2( Kb936181) never seems to install, even though it says it does and then the update shield appears again with the same update needing to be installed.
    During this procedure I loaded and removed several programs? How many of these programs should I leave on my computer running? Should I have just an antivirus and a firewall running? Why is a software package firewall better than the XP Pro firewall?There is so much information out there it is confusing.
    Thank you
  7. Wind777

    Wind777 TS Rookie Topic Starter Posts: 17

    Please post some feedback


    Has anybody got any feed back for me. Has the infection on my computer been irradiated.
    I changed my anti-virus to Avast Home Edition. It is presently scanning. Is it all right to leave all the programs on my computer recommended for virus removal. I take it they only run when you purposely start them. I still have Avast! Antivirus, CCleaner, HijackThis 2.0.2, Malwarebytes" Anti-Malware, RegCure1.5.0.1, Restrospect 6.5, SUPERAntiSpyware Free Edition, Windows Defender, WinPatrol 2008, and ZoneAlarm.
    The only ones I know that are running are ZoneAlarm, Windows Defender, and Avast Home Edition. Should I turn on the WinPatrol for extra protection?
  8. kimsland

    kimsland Ex-TechSpotter Posts: 14,523


    Actually uninstall all you can

    Realistically you just need AntiVirus (Hmm That's about it !)

    If you want extra protection, keep the firewall

    If you want to run regular cleanups, keep CCleaner

    If you want to run a good malware scan , one day, keep Malwarebytes

    All the rest can go, or just keep AntiVirus

    Why worry?
    If you had some of these things before, and you got infected, well uninstall them, they didn't help
  9. Wind777

    Wind777 TS Rookie Topic Starter Posts: 17

    Thank you!

    Thank you for clearing up the program issue. Are you able to tell if my computer is virus free. As far as the Security update for windows, I found my answer at http://support.microsoft.com/kb/941729/.
    Actually I did not have all of those programs on my computer when I got infected. I had McAfee Virus protection only.
    Recently I used the information to make my XP Professional more secure. I was unable to do Step 5 Protect your guest account. It would not recognize it as a valid command. I noticed when I went to rename administrator the guest account was disabled. Is this referring to the same guest account.
  10. kimsland

    kimsland Ex-TechSpotter Posts: 14,523

    Yes, there's only one Guest account
    And it's best to have it disabled

    Actually there's a whole range of steps to secure your Xp better on the web

    But listen, I'm right into Virus\Spyware removal
    I can spend hours on sourcing information and logs, and programs
    Let alone all the wonderous tools; Services; Registry entries
    And generally "Safe surfing"

    But when it really comes down to it, here's the best advice you'll get

    Always save user data to external media (ie CD or DVD or other)
    Always run a good Antiirus (presently Avira is right up there, followed closely by, the bit slower, Avast)
    Always make sure your Antivirus is up to date
    And when receiving emails, don't open suspect ones (or unknown ones)
    When surfing, don't just click willy nilly on anything
    That's about it
    All the rest, is just too much!

    Lets face it privacy has gone from the vocabulary
    And Virus and Spyware infection is just a re-install to clean ! (actually I re-image it's quicker ;) )

    That's all
  11. Wind777

    Wind777 TS Rookie Topic Starter Posts: 17

    From my last posted logs is my computer Virus free?

    Hi, I will save my files to my external hard drives from now on. But I still have the question from my last logs posted. Does it look like my computer has been cleaned of viruses?
  12. kimsland

    kimsland Ex-TechSpotter Posts: 14,523

    Please re-run HJT and tick and fix these two:
    Before restarting, also run the --> Norton Removal Tool

    Regarding AVG AntiVirus:
    If you would prefer a less resource heavy antivirus try Avira instead
    To do this you will need to Un-install AVG, then at last restart, then install Avira

    If you were very vigilent, you could then update Avira, and run a full scan (in some cases Avira can find threats that AVG missed)
  13. Wind777

    Wind777 TS Rookie Topic Starter Posts: 17

    Hijack this unable to remove one of the items

    Hi Kimsland,

    I followed your instructions, but Hijack this did not remove:
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing), Every time I checked the box and asked it to remove or fix it would come up with a blank box. I do not seem to have any symptons of my computer being infected anymore though.
    Thank you for all of your help.:D

  14. kimsland

    kimsland Ex-TechSpotter Posts: 14,523

    Hi Wind777, thanks for the update :grinthumb

    The "O23" item can be found in Services (Start->Run->Services.msc)
    In there you will find the Kodac startup, which can be disabled (by double clicking on it)

    Note: It would probably be better to uninstall Kodac software, but I would suggest backing up first all your pictures

    I find Kodac software to be very annoying, and always avoid using it.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...