Slow downs and crashes

[Simplelies]

Hello there,

I am having consistent shut down and slowing down problems. I have ran the 8 step program yet continue to have these problems, here are are my logs.

Thanks in advance.

Can somebody help please?

 

[rf6647]

It appears that updating MBAM & SAS should be done. Definitions are updated several times daily.

You were not clear if you followed the message in the MBAM log regarding "reboot".

So with the updates in hand, let's repeat the scans. The step for file deletion will inform us if the infection is protecting itself in some fashion.

Restart the computer.

Scan with HJT; tick the following; click Fix; re-scan; save log; exit

O2 - BHO: (no name) - {799FA50F-FE27-4B70-BC09-A1DEABA1B24D} - C:\WINDOWS\system32\jkkLBTmn.dll (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O20 - Winlogon Notify: jkkLBTmn - jkkLBTmn.dll (file missing)

Scan with MBAM, inspect the log for “Delete on reboot”; record filenames with that designation.

Restart the computer.

File deletion - Instructions for FileAssassin
Start MBAM - don't scan
> Select tab > More Tools > click >Run Tool
> “File Name” > Type or paste “ c:\windows\system32 “ into the box > click open.
> select file from the list (see below) > click open > confirm choice
Repeat for other files

Delete files with “jibberish”, such as the following listed in the MBAM log
C:\WINDOWS\system32\khfFxVNg.dll
C:\WINDOWS\system32\khfFxVNg.dll
C:\WINDOWS\system32\gNVxFfhk.ini
Pattern for names ‘Ng’; ‘VNg’ ; ‘fhk’ ; ‘khf’;
Infection may generate a new pattern.

Scan with MBAM & SAS & HJT

Post logs. Report progress & state the current symptoms.

Crashes & reboots may be due to corrupted drivers, and not a immediate action of the infection.

 

[Simplelies]

Thanks for the response Rf6647, I followed the steps that you asked me to and have posted fresh logs. The symptoms are that the computer will sometimes just randomly lockup and and is continuously doing disc checks. As well as the internet has been running sluggish the last few days. Yesterday the screen kept "flickering" as well, but that has seemed to stop. And I guess you can't really call this an infection problem but I have a lot more processes running then I used to. I am running about 34-36 on a regular basis rather than the 22-24 I used to be at a while back.

Anyways, thanks for the help so far and I'm waiting for your update on the situation.

 

[rf6647]

Thank you for repeating the scans. They indicate the infection has been cleaned. I am FireFox illiterate, and cookies are ordinarily ignored. The SAS log cleans out cookies for a profile with a strange-sounding name. Post back if you feel it should be pursued.

This frees you to post a thread about 'crashes & reboots'. In that description indicate you took steps removing the infection here. Another post may have been withdrawn in favor of pursuing this thread. I recall a symptom involving 'pagefile'. Others have good insight for these problems. I can only relate that running 'chkdsk' from the installation CD (command console) helped for a recent crash of my laptop, with a symptom it had lost its OS. Preceding this was a report of the 'pagefile size' & 'chdsk' on restart. That installation CD has miraculous powers, I guess.

Error reports in the events logs may inform what is frequently occuring. Often this substitutes for the minidump. If using the clipboard from the events viewer, trim off the data portion since the text portion is sufficient. Only one of each type of event is needed for analysis.

 

[Bobbye]

A small assists re Firefox Cookies. They too can be reset as follows:

Open Firefox> Tools> Options> Privacy section> Cookies> CHECK 'Allow Cookies'> UNCHECK 'allow third party Cookies'. That should cut down dramatically on the Tracking Cookies.

To have SAS remove the Tracking Cookies: Check the lower left image on this page- click to enlarge> check for removal as shown:
http://superantispyware.en.softonic.com/images

Since I use Firefox, I though this might help.

And allow me to add to the Event Viewer info. It is an invaluable tool:
Start> Run> cmd> type in eventvwr

Do this on each the System and the Applications logs:
1. Click to open the log>
2. Look for the Error>
3 .Right click on the Error> Properties>
4. Click on Copy button, top right, below the down arrow
5. Paste here (Ctrl V)

Ignore Warnings and Information Events.

Okay rf6647?

 

[rf6647]

Bobbye, thanks for the assist. I wish I could develop a technique to capture sticky quotes such as yours. Thus far, recording links & pasting these into a text file still taxes my brain. I believe that Simplelies will pursue the 'computer crashing' aspect of this problem equipped to trim the data for the sake of brevity.

I've been to those screenshots before and I just now realize that opening any of them links to the graphics immediately preceding or following. It is interesting that FF organizes cookies better than IE with the use of profiles.

 

[Bobbye]

You're welcome rf6647. Lots of different 'stuff' out there! To do the 'sticky quotes:
Click on spot where you want it to go in the message> click on Quote icon (last one to the right)> then Paste the text between. Like this: I'm using parentheses() instead of brackets here but you'll see brackets[]:
You'll see (QUOTE)and (/QUOTE) They will be right together. I put the word 'and' where you paste the copy.

I've introduced so many Windows XP users to the Event Viewer that I made my own 'sticky'. (Vista has it also- path is slightly different) It's not 'stuck' anywhere on this board, but please feel free to use it any time. Here is the entire post:

Unfortunately, many Windows XP (and Vista) users aren't aware of the Event Viewer, what it is, where it is, how it can help with a problem:
Start> Run> cmd> type in eventvwr
Description of the Event Viewer:
The Event Viewer has logs for everything that happens on the computer. There are three sets of logs: System, Applications and Security. By opening the first two to display the Events, you can look for Errors that correspond to the time of the problem- in your case, the crash.

There are three types of Events in the System and Apps logs:
1. Information (white circle w/blue i): this is just basic documentation of the normal working of the System or Apps.
2. Warnings (yellow triangle w/black exclamation mark) noting some problem at that moment. Warnings usually resolve on their own. If they do not, they become>>>
3. Errors (red circle w/white X- they document something that didn't work or isn't happening as it should. Each Errors has three parts: an ID#, a Source and a Description. By doing a right click> Properties, the Error will open to a screen that can be copied. These three parts taken together can usually lead to cause and resolution.
Do this on each the System and the Applications logs:
1. Click to open the log>
2. Look for the Error>
3 .Right click on the Error> Properties>
4. Click on Copy button, top right, below the down arrow
5. Paste here (Ctrl V)

You can ignore the Categories 1 and 2. If you have a recurring Error with same ID#, same Source and same Description, only one copy is needed. You don't need to include the lines of code in the box below the Description, if any.
Please do not copy the entire Event log.

Vista path can be followed here:
http://www.windowsnetworking.com/articles_tutorials/Monitoring-Event-Logs-Windows-Vista.html