removed ultimate defender but computer slow

Discussion in 'Malware Help (A Specialist Will Reply)' started by Hydralisk, Oct 26, 2007.

  1. Hydralisk

    Hydralisk Private E-2

    Hi,

    I had a problem with the "ultimate defender" spy/adware on my son's computer. Messages popped up every three minutes (minimum) with bogus warnings about spyware and directing the user to the Ultimate Defender website. Curiously, it seemed to block loading the Major Geeks web page - a "server not found message" was always received, even though all other web sites were accessible. Slimy!

    I followed your "Read and do this first" procedures. By the end, the spyware popups had disappeared. The problem now is that the computer is still running very slowly, e.g. sometimes 20 - 30 seconds to open an explorer window. The task manager doesn't show a lot of CPU activity, but the hard disk seems to be running constantly, even when no applications are running. So I'm attaching the logs that I recorded in the hope that you can give us some assistance.
     
    Hydralisk, Oct 26, 2007
    #1
  2. Hydralisk

    Hydralisk Private E-2

    And here are the other three logs.
     

    Attached Files:

    Hydralisk, Oct 26, 2007
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Why didn't you attach the other requested logs from CounterSpy, BitDefender, and PandaActiveScan?

    Uninstall the Sunbelt CounterSpy trial program now since we are finished with it.

    Download this file - combofix.exe
    1. Double click combofix.exe & follow the prompts.
    2. When finished, it will produce a log ( C:\combofix.txt ) for you. Attach this log to your next reply See: HOW TO: Attach Items To Your Post
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Now run HijackThis (select Do a system scan only) and select the following lines (if they still exist) but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: MSVPS System - {3ADCBC16-19FA-4C59-9C22-E17C71B5FD7A} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: The netadv - {ABF529BE-6245-465A-BBD4-238C4EAB0F0A} - (no file)
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O21 - SSODL: msvb - {415D383F-F6AA-47DC-B7C1-F6379F7F8A7F} - C:\WINDOWS\msvb.dll
    O21 - SSODL: sysdx - {AD744312-AB84-47DD-8F2A-13CF8DE7CDD9} - C:\WINDOWS\sysdx.dll

    After clicking Fix, exit HJT.

    Now delete the below folders if found:
    C:\Documents and Settings\HP_Administrator\Application Data\PrivacyProtector Free
    C:\Documents and Settings\HP_Administrator\Application Data\Sunbelt Software
    C:\Documents and Settings\All Users\Application Data\Sunbelt Software
    C:\Program Files\Sunbelt Software


    Now please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

    NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All
    • Click the Empty Selected button.
    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
    • Click the Empty Selected button.
      • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All
    • Click the Empty Selected button.
      • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main ATF Cleaner menu to close the program.

    Now attach the below new logs and tell me how the above steps went.

    1. GetRunKey
    2. ShowNew
    3. HJT
    4. the ComboFix log
    Make sure you tell me how things are working now!
     
    chaslang, Oct 27, 2007
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds