About 160 changes to Windows 7 files or registry on reboot
I recently noticed what looked like dialog informing me of about 160 registry changes being made on a reboot of my computer ? Was there a recent update that could have caused this ?
January 28th, 2011 3:51pm

Something other than a Windows update is responsible. I have never seen any notification from a Microsoft update that stated a quantity of registry changes. This sounds more like a virus/malware has taken control of your computer!Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
January 28th, 2011 4:32pm

Thanks for the reply. What's funnier is unless i'm tripping, i'm sure I noticed the dialog before my bios even posted although i'm obviously very sure i'm wrong about that.
January 28th, 2011 4:38pm

If your observation is true, then that's an almost aboslute guarantee you computer has been taken hostage by rogue malware!Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
January 28th, 2011 6:30pm

I agree with Rick. What antivirus are you using? If this was helpful, please vote by clicking the green triangle. If it solves the issue, click Propose as Answer. Thanks!
January 28th, 2011 11:34pm

I'm sorry about the delay in coming back and thank you both for the help. I am using Avast Home Edition. All shields are on. A full scan with Malwarebytes returns nothing and a rootkit/bootkit scan with Kaspersky's own tdsskiller program also returns nothing. I will run a full scan with my Avast tonight and post my results. Windows ran autochk on boot tonight and found nothing. I cannot find a system event for that but I have 3 system event logs for last night (ID 55) on device/harddiskvolume 2. I only have one drive installed (confirmed as volume 1) by system information so I can only assume volume 2 refers to the 100 mb system reserved partition.
Free Windows Admin Tool Kit Click here and download it now
January 29th, 2011 6:18pm

I've heard of those programs, and I do believe they are just fine... but I'm not familiar with them deeply enough to know: is it possible that one of those programs was the one giving you the alert about registry changes? If so, it could be a legitimate (but bizarrely specific) notice, although I'm at a loss as to what action they expect you to take after seeing the alert. If this was helpful, please vote by clicking the green triangle. If it solves the issue, click Propose as Answer. Thanks!
January 30th, 2011 12:14am

Thanks for the reply. Malwarebytes scanner is only and on-demand scanner and so is tdsskiller. Not sure about how deep Avast sytem access is though as i'm not a Windows professional of course. Is it even possible that such changes can be made pre bios post ? I haven't heard much about these so-called boot-kits (if that what it was) and even less about the possibility of Bios level infections or exploits. Could something in RAM or VRAM have that kind of early system access ? Anyhow, I ran the Boot-Time scan with Avast (Heuristics level is High, Scan archives and PUP's enabled). It found a few problems with Java. 16 infected files found (Trojans and exploits) but with Avast's Heuristics set to High, these could have been false positives. I'll use my Revo Uninstaller and uninstall Java and then re-install it. Problem is my Computer is starting to take quite a while to fully boot into the desktop from log in. All I can do is run Avast (or something you suggest) once Windows is up and running and run something like PerfectDisk to see if this fixes my increasingly sluggish windows install.
Free Windows Admin Tool Kit Click here and download it now
January 30th, 2011 10:58am

I know there can be rootkits that load before the OS and therefore can pretty much intercept anything and keep you infected (in some cases even across formatting your disk if it's in memory). Although modifying the registry prior to loading the OS seems pretty tough, because some OS, at some level, would have to be running for that rootkit/virus/whatever to search for, find, and edit the registry. That's something I'm pretty confident that wouldn't be possible prior to the OS loading. However some PCs these days do indeed have small OS's that load directly from the CMOS chip for instant access, so it could be possible. I'm just afraid I'm at a loss to suggest a next step. It can be incredibly painstaking work to determine if you have a rootkit installed. If this was helpful, please vote by clicking the green triangle. If it solves the issue, click Propose as Answer. Thanks!
January 30th, 2011 11:28am

I have run the very thorough GMER as a last resort to look for rootkits and nothing was found. If PerfectDisk doesn't solve the sluggishness, i'll run Western Digital's Diagnostics on my Raptor Drive, run Memtest from floppy to test and more importantly overwrite all of my ram and then reinstall Windows 7 Ultimate to see if the issue re-occurs. I know bios level infections are possible (http://blogs.microsoft.nl/blogs/tonykrijnen/archive/2007/05/20/11720.aspx) so I may re-flash my bios if the problem/s occur after all other options have been explored. If you have nothing more to add I will consider this issue closed and once again thank you both for your help.
Free Windows Admin Tool Kit Click here and download it now
January 30th, 2011 12:13pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics