[Cipoletti32]

When I my girlfriends laptop boots up before it even gets to the windows screen it says that it has to scan the c:/drive to check for consistancy which is weird since its relitively new...

After that you get passed the windows screen and to her desktop where the image attached pops up

She recently had her facebook and email hacked from someone other than herself. I download MSE (security essentials) and ran the quick scan which came up empty. If anyone has any ideas about the startup issue and about the pop-up upon getting to the desktop, we would apreciate it..


Thank you

 

[Cipoletti32]

bigger picture

 

[Fred Garvin]

If you aren't still infected with a virus or malware, then something is left over and wasn't completely removed. I would re-run a full scan with MSE or Malwarebytes. If you need help with removing a virus, click this link and create a new post in the virus forum.

 

[Fred Garvin]

I noticed you have an open thread in the virus forum. Since someone took the time to help you there, why don't you follow up with that thread and make sure everything has been removed. If the virus was removed, then we can help you remove the pop up problem here.

 

[Cipoletti32]

This is on a different computer not mine that I posted there, and I didnt post it in the virus forum because I don't know if is a virus or just a startup issue, plus that forum increases in volume everyday with people asking for help so I didnt want to just put this in there if its not in the "virus" category. But I will if you think thats the reasonable thing to do I just didnt want to break any forum rules

 

[Fred Garvin]

OK, that's my mistake. I thought you had started a dupe thread then left it unresolved.

That popup message is from an entry in your registry set to automatically start a program located in your temporary files directory. The only time a program is run like that from a temp directory is usually when it's some type of malware. So, I would either re-scan with MSE if you have it installed, or start a new thread for this issue and have someone analyze your PC for viruses again. I'd hate to tell you how to eliminate the pop up if you still have malware on your PC.

 

[sjpritch25]

Welcome to TSF

Download Combofix from this webpage: A guide and tutorial on using ComboFix

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt" .

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

 

[Cipoletti32]

I will run this later today ... thank you

 

[Cipoletti32]

ComboFix 11-03-31.01 - Courtney 03/31/2011 15:20:54.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3894.2284 [GMT -4:00]
Running from: c:\users\Courtney\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Norton 360 *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton 360 *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Norton 360 *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Courtney\AppData\Local\{BB6DB2F7-56CE-427B-AED7-B87B6F7FD783}
c:\users\Courtney\AppData\Local\{BB6DB2F7-56CE-427B-AED7-B87B6F7FD783}\chrome.manifest
c:\users\Courtney\AppData\Local\{BB6DB2F7-56CE-427B-AED7-B87B6F7FD783}\chrome\content\_cfg.js
c:\users\Courtney\AppData\Local\{BB6DB2F7-56CE-427B-AED7-B87B6F7FD783}\chrome\content\overlay.xul
c:\users\Courtney\AppData\Local\{BB6DB2F7-56CE-427B-AED7-B87B6F7FD783}\install.rdf
c:\users\Courtney\AppData\Roaming\Adobe\AdobeUpdate .exe
c:\users\Courtney\AppData\Roaming\Adobe\plugs
c:\users\Courtney\AppData\Roaming\Adobe\plugs\KB930275598.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-31 )))))))))))))))))))))))))))))))
.
.
2011-03-31 19:25 . 2011-03-31 19:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-31 18:50 . 2011-03-23 14:11 8424784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-31 18:50 . 2011-03-23 14:11 8424784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{28B7B984-3514-4B91-A893-2A007677A3ED}\mpengine.dll
2011-03-30 03:58 . 2011-03-30 03:58 -------- d-----w- c:\windows\en
2011-03-30 03:57 . 2011-03-30 03:57 -------- d-----w- c:\program files\Windows Live
2011-03-30 03:56 . 2009-09-04 21:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll
2011-03-30 03:56 . 2009-09-04 21:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
2011-03-30 03:56 . 2009-09-04 21:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2011-03-30 03:56 . 2009-09-04 21:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-03-30 03:35 . 2010-11-30 15:43 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ACF270E9-4B94-4DD0-98B6-45E8CA4763C0}\gapaengine.dll
2011-03-30 03:35 . 2011-03-30 03:36 -------- d-----w- C:\42a96b62d1a88dee86d93d
2011-03-30 03:27 . 2011-03-30 03:27 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-03-30 03:27 . 2011-03-30 03:27 -------- d-----w- c:\program files\Microsoft Security Client
2011-03-30 03:26 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2011-03-24 19:51 . 2011-03-24 19:51 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\d427e7fe1cbea5c21\MeshBetaRemover.exe
2011-03-24 19:51 . 2011-03-24 19:51 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\cd29dd301cbea5c1a\DSETUP.dll
2011-03-24 19:51 . 2011-03-24 19:51 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\cd29dd301cbea5c1a\DXSETUP.exe
2011-03-24 19:51 . 2011-03-24 19:51 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\cd29dd301cbea5c1a\dsetup32.dll
2011-03-24 19:51 . 2011-03-24 19:51 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\cc74f49b1cbea5c19\DSETUP.dll
2011-03-24 19:51 . 2011-03-24 19:51 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\cc74f49b1cbea5c19\DXSETUP.exe
2011-03-24 19:51 . 2011-03-24 19:51 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\cc74f49b1cbea5c19\dsetup32.dll
2011-03-24 19:50 . 2011-03-31 02:17 -------- d-----w- c:\users\Courtney\AppData\Local\Windows Live
2011-03-24 19:09 . 2011-03-24 19:09 -------- d-----w- c:\users\Courtney\AppData\Roaming\Tific
2011-03-14 20:15 . 2011-03-14 20:15 -------- d-----w- c:\program files\iTunes
2011-03-14 20:15 . 2011-03-14 20:15 -------- d-----w- c:\program files (x86)\iTunes
2011-03-14 20:15 . 2011-03-14 20:15 -------- d-----w- c:\program files\iPod
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-18 20:36 . 2011-02-18 20:36 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2011-02-18 20:36 . 2011-02-18 20:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-10 14:46 . 2010-11-23 00:41 0 ----a-w- c:\users\Courtney\AppData\Local\Gxapilapeyamol.bin
2011-01-26 06:53 . 2011-02-09 14:11 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-26 06:53 . 2011-02-09 14:11 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-01-26 06:31 . 2011-02-09 14:11 144384 ----a-w- c:\windows\system32\cdd.dll
2011-01-26 05:47 . 2011-01-26 05:47 287232 ----a-w- c:\windows\system32\drivers\IntcDAud.sys
2011-01-26 05:47 . 2011-01-26 05:47 14848 ----a-w- c:\windows\system32\IntcDAuC.dll
2011-01-26 05:47 . 2011-01-26 05:47 92672 ----a-w- c:\windows\system32\igfxCoIn_v2189.dll
2011-01-26 05:47 . 2011-01-26 05:47 104796 ----a-w- c:\windows\system32\igfcg575m.bin
2011-01-26 05:46 . 2011-01-26 05:46 515584 ----a-w- c:\windows\system32\drivers\stwrt64.sys
2011-01-26 05:46 . 2010-07-30 03:38 489472 ----a-w- c:\windows\sttray64.exe
2011-01-26 05:46 . 2011-01-26 05:46 651264 ------w- c:\windows\system32\stapi64.dll
2011-01-26 05:46 . 2011-01-26 05:46 431616 ----a-w- c:\windows\system32\stcplx64.dll
2011-01-26 05:46 . 2011-01-26 05:46 1484288 ----a-w- c:\windows\system32\stapo64.dll
2011-01-26 05:46 . 2010-07-30 03:38 220672 ----a-w- c:\windows\system32\HPToneCtrls64.dll
2011-01-26 05:46 . 2010-07-30 03:38 564224 ----a-w- c:\windows\system32\idt64mp1.exe
2011-01-26 05:46 . 2010-07-30 03:38 1952256 ----a-w- c:\windows\system32\stlang64.dll
2011-01-26 05:46 . 2010-07-30 03:38 12861952 ----a-w- c:\windows\system32\idtcpl64.cpl
2011-01-26 05:46 . 2010-07-30 03:37 219648 ----a-w- c:\windows\system32\staco64.dll
2011-01-26 05:46 . 2010-07-30 03:38 68608 ----a-w- c:\windows\system32\AESTAR64.dll
2011-01-26 05:46 . 2010-07-30 03:38 442368 ----a-w- c:\windows\system32\AESTEC64.dll
2011-01-26 05:46 . 2010-07-30 03:38 162304 ----a-w- c:\windows\system32\AESTAC64.dll
2011-01-26 05:46 . 2010-07-30 03:38 90624 ----a-w- c:\windows\system32\AESTCo64.dll
2011-01-07 08:07 . 2011-02-22 21:23 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-07 08:07 . 2011-02-22 21:23 475648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-07 08:06 . 2011-02-09 14:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 07:31 . 2011-02-22 21:23 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-01-07 07:31 . 2011-02-22 21:23 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-01-07 07:27 . 2011-02-09 14:11 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-01-07 05:49 . 2011-02-09 14:11 366080 ----a-w- c:\windows\system32\atmfd.dll
2011-01-07 05:33 . 2011-02-09 14:11 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-01-05 06:20 . 2011-02-09 14:11 612352 ----a-w- c:\windows\system32\vbscript.dll
2011-01-05 05:37 . 2011-02-09 14:11 428032 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-01-05 04:00 . 2011-02-09 14:11 3127808 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110309.001\BHDrvx64.sys [2011-02-25 1124472]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360x64\0403000.005\ccHPx64.sys [x]
S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-01-26 89600]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-02-26 127984]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-04-01 338168]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-30 c:\windows\Tasks\HPCeeScheduleForCourtney.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-08-17 323072]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2009-12-16 8192]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-26 489472]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{08DB3902-2CE0-474D-BCE3-0177766CE9F1} - c:\program files (x86)\InstallShield Installation Information\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-03-31 15:28:12
ComboFix-quarantined-files.txt 2011-03-31 19:28
.
Pre-Run: 428,125,466,624 bytes free
Post-Run: 427,758,772,224 bytes free
.
- - End Of File - - 9F935D386463CB89E3F6EBE6DAF33B20

 

[sjpritch25]

are you still receiving the popup at bootup?

 

[Cipoletti32]

no the popup is gone, However, it still checks the consistency of the c:/drive prior to the windows screen, is this a safewall for Hp computers? I have a dell so I never seen this before and am not sure if its un-ordinary.