Re: Strange behaviour by my system . .

[NTxLS]

As requested by Pondus and DavidR,

Not sure if my original long winded explanation is required . . the logs are as follows:

[NTxLS]

OK, so I may not attach two files on the same message, well not found a method yet so here is the ASWMBR.TXT file:

Also did not do any more than those because nothing has been found, except my systems strange behavior.  I stopped at the "Specific Infection Logs."

[NTxLS]

Just to add to these logs, here is a copy of my original:

After looking over this board, my problem is nothing like these.  Here they have some known infection or their detection system has alerted them.

Mine has worked just fine for over two years without any difficulties until about 3 weeks to a month ago.  Input to the Google search box, in FireFox v13.0.1, and pressed enter, every thing froze for about a half minute, checked the Status Bar of FF and there it showed, 'Looking up google.com' why(?) when it has run just fine for over 2 years.  (My thoughts turned to DNS Changer which I had checked for on the FBI test site and shown as clean.)  Being of 'dual-noids' (also known as paranoid) the ON/OFF function was set to OFF.  I awaited about 4/5 minutes then returned to the ON setting, pressing the F8 to enter the safe mode where I learned that Avast is not accessible from there, but; Superantispyware is and ran that scan, clean, no problem.  Re-boot to normal mode and ran Microsoft Security Client Full scan, Avast! Free Full Scan, Spybot Search and Destroy/w Tea Timer, all came back clean nothing found.  Still having problems, not often, with my screen freezing, drive light showing much activity (full on/not flashing) some times the mouse will not move.  This freezing takes place from 30 sec to 4 minutes.  When the drive light finally goes out my mouse and anything clicked to advance to on the screen will then take place.

Windows has done some re-boots to a repair function and has done several restores (about three) to an earlier time yet this strange activity still takes place, not as often as before.

Am presently running Intel Dual Core Processor 2.13GHz, acts like a quad, 4GigRAM, Win7 SP1 AutoUpdates 64bit, FireFox v13.0.1, Avast! Internet Security [Trial] v7.0.x, Malwarebytes Anti Malware [MBAM] v1.62.0.1300 [Trial], Superantispyware Free, Spybot Search & Destroy/w Tea Timer.

About a week ago I used the Avast! cleansweep and removed that Free version and downloaded the Internet Security Trial and Malwarebytes Anti Malware Trial adding them to my system.  Since doing this my freezings have plummeted to not very often and all scans are coming back clean.

I am just a little concerned this could be a rootkit that just has not been given any instructions as to what to do, yet.  How good are those rootkits at hiding from GMER type software?  I had used GMER for a very long time until Avast started to use it in their scanner when I started using Avast.

There are more entries to be made if need be, just getting tooooo loonnngg.

[DavidR]

A malware removal specialist has been informed of your topic.

[essexboy]

Hi not a lot showing there, I will remove some BHO's and reset your Host file...  With IE9 the Spybot Host file is redundant and may sometimes cause problems
What are your main problems at the moment ?


Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  

  :OTL
  O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
  O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
  O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
  O3 - HKU\S-1-5-21-3199266029-3030257956-3919604128-1001\..\Toolbar\WebBrowser: (no name) - {C5AF4D9B-0B55-4BAC-9486-218EA2C6BC3E} - No CLSID value found.
  O4 - HKU\S-1-5-21-3199266029-3030257956-3919604128-1001..\Run: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun File not found
  O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Reg Error: Value error. (Reg Error: Key error.)
  O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
  O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
  
  :Files
  ipconfig /flushdns /c
  
  :Commands
  [resethosts]
  [emptytemp]
  [CREATERESTOREPOINT]
  [Reboot]
• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[NTxLS]

Only problem is the strange behavior, long wait for mouse to move some times, click on link may take 30 sec to maybe 1-2 minutes to do the process.  The HD light is usually very active, lit continuously for the period before my control is available.  This has just happened in the last 3 - 4 weeks.  Have also run many scans by Avast FREE, now changed to Internet Security, including Boot-time scans 2 or 3 per day or more along with the other programs I have installed and available for use or scanning.

I have used this type of setup for over 2 years without this type of activity that is what is so strange.  Being a "Dual-Noid" (Paranoid) user and all of this talk about the DNS Changer and other rootkits, it is getting to be a concern.

I wish to thank you for taking this time to look over my system and give some assistance.  I have reviewed those TXT files before posting and am a little concerned about Kaspersky's visibility as I use Revo Uninstaller to remove programs when they are not of any use any longer.  Plus several entries that show 'file not found' which are mostly in the Registry, right?

I am somewhat of a CPU Knutt all I know is from the school-of-hard-knocks which means do a job, make errors, CRASH, regain the high ground and work again.  With out any assistance, well 90-99% of the time it is completely on my own.

Will do the FIX you have so graciously provided as soon as this is posted,

[NTxLS]

Have done the final OTL Quick Scan with the report attached:

[NTxLS]

I see 'essexboy' nor 'DavidR' are online any longer, maybe tomorrow will be a better day for them, to one and all that have reviewed this, THANK YOU one and all.

[essexboy]

Back again the wife has rescinded the computer for a bit 

The file not found entries are not a problem, all systems have them and they do not have an adverse affect on the system

I see you also have MSES as well as Avast they will between them use resources as they both try to analyse a file so I would recommend the removal of MSES

As it stands I can see no problem but I can look deeper if you wish

[NTxLS]

"essexboy"

A very large THANK YOU goes with this for what you have done and if my strange behavior goes away then all will be well again.  With your help and know how to do this has been an experience that I shall not ever forget, to you it is just an everyday happening.  Should I purge those programs from my system or keep them for future references if they be needed?

One last question, I also have a USB 320Gig HD that is partitioned to keep back-ups or image files, have not done any of that yet have been working on learning other things first.  I plan on formatting and repartitioning it later, could any PUPs or other programs hide on it as well?

[NTxLS]

"essexboy"

That means this is "OT" for what the title references, you are LUCKY to have your Wife with you.  Mine of 48 and half years passed on Mother's Day this year.  Cherish those episodes with her and keep her HAPPY.

I do miss mine . .  but that is what the living has to go on with and without . . Love her and take good care

OFF TOPIC Ended

[essexboy]

I would use the USB drive to take an image of your computer, then if you do have problems it does not take long to recover

If there is anything when you image the drive then yes it will be carried over, so I would recommend an Avast boot scan and a full Malwarebytes scan prior to doing the image... 

As for the programmes you have used, then yes they should be removed as they are continually updated

So run OTL and hit the cleanup button, just delete aswMBR from the desktop 

[NTxLS]

Essexboy,

DONE, OTL cleaned things even the aswMBR.exe disappeared.

A very Large THANK YOU! for the work you have put into this project for me.

Remember to respect your Spouses demands and keep her happy.

[essexboy]

Remember to respect your Spouses demands and keep her happy.

She never lets me forget 

[NTxLS]

One last parting message, after your so GREAT job and proving to me that all is well, some farther investigations have shown another possible/probable cause.  Either a temperature sensor problem on the Intel Processor or maybe a circulating/cooling fan not functioning as should.  There seems to be some low air discharge from said fan, but; when doing stressful operations requiring additional work the fan never KICKS into High Gear.  Farther testing is required when time will allow.  Could be the voltage is not up to par as well, just thought of this.