I'm not sure which topic this would best fit, so mods, go ahead and move if in wrong section...
ok, so heres the problem...I d/l a connection booster (TCPOptimizer I believe is the name of the program) and right after running it, my laptop won't let me log in to normal mode. I can boot up in safe mode, (edit) but everytime I try to login to Normal Mode and I click my user (it's set to admin too), it reads loading settings, then my desktop bg flashes, and it then says saving settings and logging off. So essentially, it logs in and logs off immediately...I've done the following with no luck:
ran these programs:
- McAffee Quick Clean Lite (7-pass cleaner)
- CCleaner (clean and reg fix)
- AVG Free Anti-Virus
- Ewido Anti-Malware
- Spybot Search & Destroy
- Ad-Aware SE Personal
- Disspy
- SpyCatcher Express
- CWShredder
- Abexo Free Registry Cleaner
logs for the following are at the end of this post:
- HJT
- Event Viewer
- Silent Runners
I've also disabled all startup programs to see if it was a bad line in one of those programs, but even with all disabled, I still cant log in to normal mode. My initial reasoning was this problem was due to that program I d/l, so I restored the settings and deleted the program, again with no luck. There is however one file left in C:\WINDOWS\Prefetch\TCPOPTIMIZER.EXE-00AFC21B.pf (which I just deleted in DOS)
I ran system restore to the day before I installed that program, and that did not help either.
What is wrong...I surely don't know...
Thanks in advance
Ryan
HJT Log:
Please do not post hijack this logs in any other forum than the malware forum as it will incourage others to do so as well. Your log has been removed and re-attached as a text file
Event Viewer Log:
I'm getting this same pattern of error/warning messages repeatedly
Event Type: Error
Event Source: LoadPerf
Event Category: None
Event ID: 3001
Date: 4/3/2006
Time: 12:17:40 PM
User: N/A
Computer: RY
Description:
The performance counter name string value in the registry is incorrectly formatted. The bogus string is 4836, the bogus index value is the first DWORD in Data section while the last valid index values are the second and third DWORD in Data section.
For more information, see Help and Support Center at http://go.microsoft....link/events.asp.
Data:
0000: e4 12 00 00 e2 12 00 00 ä...â...
0008: e3 12 00 00 97 02 00 00 ã...?...
Event Type: Warning
Event Source: LoadPerf
Event Category: None
Event ID: 2006
Date: 4/3/2006
Time: 12:17:40 PM
User: N/A
Computer: RY
Description:
LastCounter and LastHelp values of performance registry is corrupted and needs to be updated. The first and second DWORDs in Data Section are the original values while the third and forth DWORDs in Data Section are the updated new values.
For more information, see Help and Support Center at http://go.microsoft....link/events.asp.
Data:
0000: e2 12 00 00 e3 12 00 00 â...ã...
0008: 08 13 00 00 09 13 00 00 ........
Event Type: Error
Event Source: LoadPerf
Event Category: None
Event ID: 3011
Date: 4/3/2006
Time: 12:17:37 PM
User: N/A
Computer: RY
Description:
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The Error code is the first DWORD in Data section.
For more information, see Help and Support Center at http://go.microsoft....link/events.asp.
Data:
0000: f2 03 00 00 3b 07 00 00 ò...;...
Event Type: Error
Event Source: LoadPerf
Event Category: None
Event ID: 3001
Date: 4/3/2006
Time: 12:17:37 PM
User: N/A
Computer: RY
Description:
The performance counter name string value in the registry is incorrectly formatted. The bogus string is 4836, the bogus index value is the first DWORD in Data section while the last valid index values are the second and third DWORD in Data section.
For more information, see Help and Support Center at http://go.microsoft....link/events.asp.
Data:
0000: e4 12 00 00 e2 12 00 00 ä...â...
0008: e3 12 00 00 cf 01 00 00 ã...Ï...
Silent Runners log:
edited out silent runners log...also attatched as a .txt file