aswMBR issue

I ran aswMBR twice in regular Windows mode. Each time after about 10 minutes or so I would get a blue screen and memory dump and have to reboot. I booted to Safe Mode with network support, ran it and it ran clean.

I am running Windows 7 Ultimate with Service pack 1.

Any ideas?

Hello rpartain,

Why did you try to run aswMBR? That tool is a bit advanced and you do have nice choice of user-ready tool. E.g, Malwarebytes does have ARK module integrated. Emisoft as well. avast! and other AV does have basic needed ARK module integrated…etc.

aswMBR is an ARK scanner who’s working at the highest possible system privileges. As any other ARK tool, it has power that other tools do not have.
That power is his driver that loads into something that is called kernel space.

Now, aswMBR’s driver can sometime to load unsuccessful (it happends) into kernel space or some other driver from some other powerfull tool or program hooks asw’s driver and in that point BSOD happens. Windows OS creates minidump folder and shows BSOD with error code in attempt to prevent any future damage ot OS.

Plus, aswMBR isn’t updated for some time so …

To aswMBR alternative tool is powerfull TDSSKiller. TDSSKiller has a very wide range of RootKit, Bootkit and hardcoded malware detection. Or you can use MBAR that scans even normal malware as well as RootKit/BootKits.

For start, you can do ARK scan with TDSSKiller to eliminate malware question. Here is how to;

  • Download TDSSKiller and save it to your desktop

    Execute TDSSKiller.exe by doubleclicking on it.
    Confirm “End user Licence Agreement” and “KSN Statement” dialog box by clicking on Accept button.

[*] Press Start Scan
[*] If Suspicious object is detected, the default action will be Skip, click on Continue.
[*] If Malicious objects are found, select Cure.

Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

If BSOD repeated several times ‘without stopping’, this way we will try to check what exactly causes BSOD’s.

Download WhoCrashed from here:
http://www.resplendence.com/download/whocrashedSetup.exe

This program will try to verify the analysis, which is the cause of driver error.
Note: This program requires installation.

Double-click to start the installation, and click Next .

[*] Check I accept the agreement and then the Next .
The program install to that location, and under that name by the program you offer.
[*] Click Next and in the next window, click Next
[*] Check Create a Desktop Icon and then click Next and then Install .

After you’ve installed WhoCrashed program, run it.

Note: If you get message that it look like this:


http://fotkica.com/thumbs2/117539_tmb_59577092_Who%20Crashed%20-%20Debuqqing.jpg

Click Download the requested file from the Microsoft site now and wait for the process to
download additional files and installation is complete.

When the program starts, click Analyze .
When scanning is done,click OK .

[*] Right-click on the area of the page with the report and select Select All, .
[*] Right-click on the area of the page with the report and select copy
[*] Open a new Notepad and select past to copy the contents of the logo in the notepad.

Now you can close the program.

Please attach here notepad with that logreport.

I have a computer running an Asus Z87 Deluxe motherboard with an Intel i7 4790 3.6 GHz processor and with 32 GB of RAM. Though I will occasionally do video editing on this computer I would say that 95% of the time it is JUST used for internet purposes.

Yet pretty much daily I will find incredible slowness and computer lag. I do understand that internet speed is a different issue. I do have high-end AT&T internet, but I am not talking about access speed. I mean that while I do have a browser open, I can go to Microsoft Word or other local programs and I will have VERY NOTICEABLE lag in typing characters. I mean like being able to count 5-10 seconds between typing and having characters appear and often having characters that I type can be skipped totally.

I can pull up task manager and processes and my physical memory usage virtually NEVER exceeds 22% and my CPU usage may spike to 11% or so, but still I have this lag.

I am guilty of having 20+ tabs open in Firefox at times and I will note that the issue does seem to be tied to Firefox and Flashplayer. I would say 95% of the time I have this issue if I kill Firefox and Flashplayer, response goes back to normal. However, even at peaks Firefox is rarely taking up more than possibly 1.5 GB of RAM or exceeding 3% CPU usage and Flashplayer is fairly comparable to that as well. I do keep both of these totally up to date (though I would have to say about half of my time on the computer is dedicated to just running all the absurd updates to these products). The only other occasional resource hog that I see being reported is gzserv which is part of BitDefender.

The computer has been scanned with multiple programs for viruses and malware, nothing found. I am a retired computer science professor and I am almost paranoid about such things so I do not go to sites or click on links and emails that might cause these to be a problem. I have run hard drive tests, all passed.

I am running Windows 7 Ultimate 64 bit with Service Pack 1.

I am checking for possible rootkit problems.  I have run Malware Antimalbytes, SuperAntispyware, Microsoft MRT Full scan, TDSSKiller, McAfee RootKit Remover, and GMER. Nothing found so far.  

I suppose my primary question is this. If, indeed, my CPU utilization is no more than like 10-15%, and my RAM utilization is more like 20-22% where it should not be necessary to be swapping to virtual memory, why would my computer be reacting so slowly that I even get keyboard lag. I do not recall having keyboard lag since standard RAM went to even 4 GB. 

I am a retired computer science professor, CNA, CNE, CNI, MCSE, CCNP, A+ and PhD in computer science, though I have been retired a few years. I am fairly paranoid about malware so I never go to suspect sites or click on links in emails and such, still this does have the markings of that type of activity.

Obviously I suspect that some hidden process is sucking up cycles.

I have never used aswMBR before so I was asking people who have to see if they had any idea why it would run clean in Safe Mode but consistently reboot in standard Windows.

Do you have any ideas why I would be having response issues if my RAM usage and CPU usage are never particularly high?

See instructions here >> https://forum.avast.com/index.php?topic=194892.0
scroll down to second picture > Farbar Recovery Scan Tool run as instructed and attach the two diagnostic logs

magna86 will then take a look when back online :wink:

Here are the attachments you requested.

Yet pretty much daily I will find incredible slowness and computer lag
Is the lag also there if you boot in safe mode with networking enabled ?

Well no but not sure it is great comparison. In the safe mode and am never doing the same things because of lost of video resolution and such. So I have never noticed lag in safe mode, and I also have never had the same resource use there.

I was asking because I see you got a lot of things loading at boot-time and am wondering it one or more of them are causing it as there are several that aren’t needed to load at boot-time and always run in the background.

I understand and agree. I have gone through msconfig many times and killed some of the programs loading, but several programs that I use occasionally, if you run them ONCE, they automatically put themselves back in your Startup, like CCleaner and Eraser. I run CCleaner maybe once a month and Eraser even more rarely. However if you run them even once they put themselves back into your startup. It is annoying but I am cheap enough that I will most anytime use a free program over the software today that companies basically expect you to lease and pay for year after year.

@rpartain

Follow my instructions for WhoCrashed app, post the results.

The results for WhoCrashed.

Posted FRST seems to shows no active malware. And I am guessing that TDSSKiller didn’t show malware as well.
You do have one marked & installed PUP software so you might wanna uninstall this.
-WinCleaner DataZapper Pro Version 12

EventLog shows no clear BSOD issue. WhoCrashed does lists bugcheck (code 0x109… + error code) that highlights kernel space error (or with other words, just as I sad in first post, driver fail). So I think we do know the cause.

Don’t use outdated aswMBR anymore and things should be fine.

Similar to you, no input lag until I start running online games through any browser that utilizes Flashplayer. Albeit, I don’t have a 5-10s response time, normally never goes past 2s. Once Firefox has been closed, no more issues.

You’ve identified your problem already! You seem to have pretty decent knowledge on how to keep safe. I haven’t bothered outside a scan or two with MBAM every couple months. So long as you’re aware what’s going on, no need for the paranoia.

I do suspect the problem lies in those two and most likely FlashPlayer, however I do not know of any legit substitute for Flashplayer for what it does. Believe me if knew of one I would be using it. I would say that about 3 of the sites I visit most often on the internet require Flashplayer to function. News and sports sites with video require it.

Still the fact that neither Firefox or Flashplayer ever seem to be using enough resources to CAUSE the lag. I mean I know those 2 vendors are unlikely to hide their processes for any reason, though I guess anything is possible. Probably the main reason I maxed out at 32 GB of RAM is not wanting to be bothered about resource issues. I am not exceeding 22-25% utilization EVER.