Posted 02 December 2012 - 11:50 AM
So this started maybe a month and a half ago when I ran a program (I can link to the download I think I used if anyone wants it) that froze my computer when it started and I was forced to reboot. I ran a bunch of scans that turned up nothing, but still wasn't satisfied, so I eventually backed up my stuff and formatted one of my HDDs and reinstalled Windows 7. Still unhappy, I posted on here and was told I was clean. Since then, I've wiped my drives and reinstalled several times, but I'm still worried.
I've noticed a few things and I'm unsure if they're related or if I'm just correlating them and blowing things out of proportion. I'll list them, though there are some things I'm sure are nothing.
The big one: sometime after my computer froze trying to run that program and one of my reinstalls, I noticed that my overclock had been reset, but the rest of my BIOS settings stayed the same. I'd heard of BIOS rootkits before and started thinking that the program could have run, messed with my BIOS and forced me to reboot so that the changes were applied. I don't know if that would reset only the OC, and it's possible that I did it accidentally (I don't remember doing it and I'm pretty careful in there), but I'd really like to know if that sounds like anything to worry about. I've got an ASRock P67 Fatal1ty Performance motherboard, and most of the BIOS-related threats I've read about targeted prebuilts with a more generic BIOS, but I want to be sure.
What are the chances of a BIOS infection, or maybe even something hiding on my mouse (Logitech G9x) or keyboard (MS sidewinder x4)? Those last two are pushing it, I know, but at least the mouse has onboard memory for different profiles. That sort of thing would require writing custom code, though, right? So it's pretty unlikely anyone would go though the effort?
Secondly, I started monitoring my router's security log and noticed that it blocked a few UDP floods. I don't know how common that is, and they all only lasted for a few seconds, so maybe it's a website that got stuck loading, or possibly even a worm probing for new targets. They all came from different addresses and some were aimed at my IP, while others had a destination of some internal address, but not one assigned to devices on my network (I think it was like 22.214.171.124 or something). Is it common to have these occur and are they anything to be concerned about?
I've noticed my mouse moving a bit by itself. Just small movements that don't seem to go anywhere in particular, but there's not anything actually moving the mouse. I do have Setpoint installed (came with the mouse and lets me change DPI, etc) snd I didn't use it on my last few installs so maybe it's just some slight bug with the software? I've got the sensitivity relatively high, as well.
A few days ago, I restarted my computer, and later when I went to put it into Hibernate mode, I noticed that the power button on the start menu was changed from Hibernate to Shut Down. I looked in the Power Options and found that Hybrid Sleep had been enabled (thus disabling Hibernation). I changed it back and it hasn't changed since, but that's never happened before and I'm curious about why it would have changed.
Also, yesterday when I powered on and logged in, Spybot opened itself which, again, has never happened. I took a look at the Task Scheduler and noticed Spybot was set to check for updates at login. I thought it was weird that it opened, and even weirder when it opened again after a few minutes. It hasn't done it today, though.
A couple of other things: when installing windows this last time, I noticed my speakers making some noise, and if I turn them up (using the knob, not the software volume) while the computer is on they make random noises that seem to intensify with CPU/network activity. I think this is normal, but I've never noticed it before and don't do it if the PC is off, or I connect them to my iPod, so maybe my PC is just 'noisy'.
My mouse cursor also briefly changes to two horizontal black bars when moving from links to text, but I think that's a problem with my graphics driver (it didn't do it before I updated it, so I'm not too worried about this).
Everything I've run (Avast!, Malwarebytes, TDSSkiller, Spybot) comes back clean, the logs I've posted on here were ok, I don't see anything that concerned me in TCPView or Netstat, none of my accounts have been accessed as far as I can tell, and I've checked for alternate data streams and not found anything. I'm still worried about the things I listed above though, so if anyone could tell me whether or not there's cause for concern, I'd be grateful.
Sorry for that ridiculous wall of text, as well. Thanks!