?
Solved

Can someone look at this Combofix log?  Machine still very slow

Posted on 2009-06-29
6
Medium Priority
?
512 Views
Last Modified: 2013-11-22
I have a Windows Vista laptop I'm trying to help with.  It's running VERY slow lately.  Granted the laptop only has 768 MB of ram and it's running Vista, but it still was quicker than this up until recently.  The user never had an issue with basic tasks, now lately opening My Computer can cause it to hang at times.  

I've run Combofix and it removed a lot, but it also mentioned some files it "coudl not find.'  Would someone mind looking over the log and see if a script is needed?

Thanks!
ComboFix.txt
0
Comment
Question by:Jsmply
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 27

Accepted Solution

by:
David-Howard earned 800 total points
ID: 24741087
First off I would remove the Mywebsearch toolbar.
Directions on the removal as well as using HiJackThis can be found here.
http://www.pchell.com/support/mywebsearch.shtml
On next boot, right click any open area on your task bar and select Task Manager. Click the Performance tab. If your systems performance (CPU usage) is high, then click the Processes tab. From there you can get an idea of which program is using the most memory.
You  might also try running Malwarebytes.
It's free and you can get it free from www.Malwarebytes.org
There is also a trusted and free utility that shows you what programs are configured to run during system bootup or login, and shows you the entries in the order Windows processes them. These programs include ones in your startup folder, Run, RunOnce, and other Registry keys. This is handy if you are receiving rundll errors or pop ups when you log on.
AutoRuns for Windows
http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
If after running any of the suites above you find that your internet connection fails (is broken) please perform the following steps.
Restart your computer and test your internet connection.
If it does not work, then click Start ->Settings and Control Panel.
Select Network connections. Locate your connection and right click on it.
In the menu click the Repair option. When the repair proccess has finished, your connection should be working again. Reboot to test.
If you have any questions concerning a file on your system that may be a threat you can use this site for testing.
http://www.virustotal.com/ 
David
0
 

Author Comment

by:Jsmply
ID: 24741366
Okay, I finished Malwarebytes, it found a lot of stuff, most of it being the MyWebsearch toolbar so I guess Combofix didn't get it all.  Here is the MBAM log after it ran.

Does this look like it got it all?  I also see things such as Trojan-Vundo, etc.  Do I need a custom script for Combofix or is MBAM able to remove this?
mbam-log-2009-06-29--20-25-25-.txt
0
 
LVL 15

Assisted Solution

by:xmachine
xmachine earned 600 total points
ID: 24743611
1) Download & run CCleaner to clean your system (including registry) from junk files/registry keys

http://www.ccleaner.com/download

JUNK LINK REMOVED - VEE_MOD

3) Download & run GMER (rootkit scanner) from (http://www2.gmer.net/gmer.zip)

Start GMER, select all options on the right side, after scanning is finished, click on save. Attach the log file here

4) Download reglooks.exe to your Desktop. Doubleclick on it to run it and when it has finished scanning, a log named result.txt will open in Notepad. Copy the log and post it in this thread.

http://users.telenet.be/marcvn/tools/reglooks.exe

5) Download & run injecteddll

(http://www.nirsoft.net/utils/injecteddll.zip)

select all items, then click on the save button to export a log file, attach it here as well
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
LVL 1

Assisted Solution

by:GIMLI
GIMLI earned 600 total points
ID: 24745304
did you try to disk cleanup & disk defragmenter?

or you can follow the instruction on this link

http://www.howtodothings.com/computers/a3415-how-to-make-your-computer-faster.html
0
 
LVL 27

Expert Comment

by:David-Howard
ID: 24745647
Combofix should have removed Vundo. However, in some instances you need to rename Combofix BEFORE you download it to your system. If not, and you are infected Combofix may not run properly. You may also need to run your antimalware applications in Safe Mode (If all else fails).
To enter Safe Mode, reboot and select F8 at startup, log on as usual and then run your scans.
Symantec states to disable System Restore for the Vundo infection. This also allows proper detection and removal.
Directions can be found here:
http://support.microsoft.com/kb/310405
Symantec also offers a free Vundo removal tool.
http://www.symantec.com/security_response/writeup.jsp?docid=2004-112210-3747-99

0
 

Author Closing Comment

by:Jsmply
ID: 31598137
Thx!
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question