Jump to content
B-Rye

Need help finding source of trouble.

Recommended Posts

Have a weird issue with my laptop that has not happened before. I do regular scans and have not had a problem before, but I suspect there is something I'm missing. My computer if left alone for a while 15+ will be very slow when I come back to it. Power settings are set to sleep, but sometimes it does not sleep. Folders either do not load on click or when they do it takes a long time a freezes. I am forced to reboot and the startup time has been very long lately. High disk and CPU usage is common. I have scanned multiple times with different software and they both come back clean. (Malewarebytes, Windows Defender). This happens mostly when I am connected to internet via WiFi or Ethernet.  If left alone with WiFi turned off or on airplane mode it usually does not happen. I have downloaded sketchy software before so that may be the culprit however I have scanned nearly everything.

Here's my system

HP 15-n210dx

CPU: amd-a8-4555M 1.6Ghz

RAM: 6gb

System: Windows 8.1 64bit

 

 

 

 

Share this post


Link to post
Share on other sites

Hello B-Rye,

Whilst I check your logs can you do the following and post the result URL...

Upload a File to Virustotal

Go to http://www.virustotal.com/
 
  • Click the Choose file button
  • Navigate to the file C:\Windows\system32\Drivers\abkekxo.sys
  • Click the Scan it tab
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Copy and paste the URL address back here please.

Thanks,

Kevin...

Share this post


Link to post
Share on other sites

That URL address lists the file name as qgyf.sys the file in question has a different name...? 

Edited by kevinf80

Share this post


Link to post
Share on other sites

mmm, very odd. continue as follows:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Please download Zemana AntiMalware and save it to your Desktop.
 
  • Install the program and once the installation is complete it will start automatically.
  • Without changing any options, press Scan to begin.
  • After the short scan is finished, if threats are detected press Next to remove them.
    Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please re-boot your computer manually.
     
  • Open Zemana AntiMalware again.
  • Click on user posted image icon and double click the latest report.
  • Now click File > Save As and choose your Desktop before pressing Save.
  • Attach saved report in your next message.

Let me see those logs in your reply....

Kevin.

 

 

 

fixlist.txt

Share this post


Link to post
Share on other sites

Hello B-Rye

What is the current status of your system, does it boot up/down ok, any odd or unexpected behaviour. Is your browser behaving as expected, is there any odd behaviour, redirects etc...

Thank you,

Kevin

Share this post


Link to post
Share on other sites

No redirects, but there is random hang ups and when the computer is woke from sleeping its pretty much useless and I'm forced to reboot. System restore doesn't complete successfully and there is high cpu usage and disk usage. 

Share this post


Link to post
Share on other sites

ok, thanks for the update, run the following and post the produced log...

Download RogueKiller and save it on your desktop, ensure to download correct version..

RogueKiller (X86)

RogueKiller (x64)
 
  • Exit all running applications.
  • Double-click on RogueKiller.exe to launch the tool. On its first execution, RogueKiller will disply the software license (EULA), click on "Accept" to continue.
  • If RogueKiller is unable to load, do not hesitate to try launching it several times or rename it winlogon.
  • Click "Start Scan" to begin the analysis. This may take some time.
  • Once the scan is complete, click the "Open TXT" button to display the scan report.
  • Copy/Paste it's content in your next reply.



Do not use the delete option until i`ve had a look at the log..

Thanks,

Kevin

 

Share this post


Link to post
Share on other sites

Run RogueKiller again

  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Checkmark all found entries then click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply....

Next,

Download Norton Power Eraser from here: https://security.symantec.com/nbrt/npe.aspx? and save direct to your Desktop.
 
  • Double click on NPE.exe to start the tool. Vista, Windows 7/8/8.1/10 right click, select "Run as Administrator" accept UAC.

    user posted image

     
  • The EULA will open, accept that to move on...

    user posted image

     
  • The tool will check for updates/latest version

    user posted image

     
  • The GUI will open, select "Scan for Risks"

    user posted image

     
  • Rootkit scan alert will open, select "Restart"

    user posted image

     
  • Rootkit scan preparations will time out and Reboot the system.

    user posted image

     
  • Tool will will restart and check for update, do nothing.

    user posted image

     
  • System scan will start, do nothing.

    user posted image

     
  • If infections are found a list will be produced, make sure to checkmark "Create System Restore Point" then select "Fix Now" if nothing is found select "Exit" to close out the tool.

    user posted image

     
  • To remove "found entries" the system will need to restart, select that option.

    user posted image

     
  • If applicable select "Locate Log" attach to reply. Select "Done" when complete....

Let me see those logs, also let me know if there are any remaining issues or concerns...

Thank you,

Kevin....

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.