GeekPolice Tech TutorialsLog in

 

NAPSTAT.exe virus

Share

descriptionRe: NAPSTAT.exe virus

more_horiz
it says antivirus enabled but i shut it all down "turned off" all features and ended the process of avast! when running combofix.

descriptionRe: NAPSTAT.exe virus

more_horiz
What happens when you use IE?

Internet Explorer's security is based upon a set of zones. Each zone has different security in terms of what scripts and applications can be run from a site that is in that zone. There is a security zone called the Trusted Zone. This zone has the lowest security and allows scripts and applications from sites in this zone to run without your knowledge. It is therefore a popular setting for malware sites to use so that future infections can be easily done on your computer without your knowledge as these sites will be in the Trusted Zone. Therefore, I recommend that nothing be allowed in the trusted zone. If you agree, please do the following.

Re-running ComboFix to remove infections:


  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:

    KillAll::

    DDS::
    Trusted Zone: dell.com
    Trusted Zone: msn.com\zone


  • Save this as CFScript.txt, in the same location as ComboFix.exe



  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • I don't need to see the log from this action.

*********************************************
these processes keep loading themselves whenever i open a browser or do an internet search..

I'm not seeing very many infections on this computer. Could you provide a screenshot of these processes?

How to post screenshots or images

descriptionRe: NAPSTAT.exe virus

more_horiz
First of all, it felt really good to type "killall" to some bugs in my system, thank you!  Really enjoyed that.

Second, after running the script i am not seeing the Processes going bananas anymore, so hopefully a solid fix with no more scum on the way. 

Just some notes: I have used the "Trusted Zone" while monkeying with the settings playing on the MSN Games site but this was probably a year ago. 
About six months ago I started getting twenty junk email a day like clockwork to one of my email addresses.  I tried to write rules to stop them but they kept coming no matter what I did.  Now I try to just ignore and work around them.  Finally, I started getting calls from a thick accented boiler room operator wanting to help me "fix my computer" and I entertained them a little to see how far they would go in their instructions to help my machine.  They said they were from Microsoft but were very cagey in answering questions.  I thought of them as pure internet scam artists and kind of fkd with them a little, you know what I mean?  Anyway, I don't know if one or any of these data points explain anything but just saying.

descriptionRe: NAPSTAT.exe virus

more_horiz
Do you think its okay for me to try to play in MSN Games anymore as long as I don't go into the "Trusted Zone"? 

How perfect is that, by the way, for best misnomers of all time?  

Who's behind all this, what are they gaining, and should I assume all my computer data has been transmitted to an outside party?

descriptionRe: NAPSTAT.exe virus

more_horiz
should i change all my passwords, online banking, etc....?

descriptionRe: NAPSTAT.exe virus

more_horiz
About six months ago I started getting twenty junk email a day like clockwork to one of my email addresses. I tried to write rules to stop them but they kept coming no matter what I did. Now I try to just ignore and work around them.

I use Mailwasher here to cut down on e-mails that I don't wish to receive. If it's unsolicited, I just bounce it. You should try it. You can choose the messages you wish to receive and delete the rest.
Who's behind all this, what are they gaining, and should I assume all my computer data has been transmitted to an outside party?.

Most of them are after your personal information such as your SIN and bank account information. The telephone scammers try to fool you into believing the your computer is infected and they will help you clean it. The want access to your computer where they can find all your personal data.
should i change all my passwords, online banking, etc....?.

Only if you feel it's necessary but I really didn't find anything to indicate that your computer was comprimised. They are some experts that say you should change passwords every six months.
Let's do some cleanup.


Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.



Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.



This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
********************************************
* Click START then RUN - Vista users press the Windows Key and the R keys together for the Run box.
* Now type Combofix /uninstall in the runbox
* Make sure there's a space between Combofix and /Uninstall
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.
*******************************************
This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create Registry backup
  • Purge System Restore Points
  • Re-set system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.
******************************************
I suggest using WOT - Web of Trust . WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

descriptionRe: NAPSTAT.exe virus

more_horiz
Now my computer won't connect to the internet. For a while after our cleanup everything was working fine. After doing a reboot and allowing Microsoft to do some updates and a startup repair....now it won't connect. I use a cable modem with a wireless router. My other devices are able to connect to the internet so it seems to be local to the machine we've been working on. I'm wondering if maybe we needed the Dell.com in the Trusted zone whereas the MSN Games was the culprit?

descriptionRe: NAPSTAT.exe virus

more_horiz
I tried disk cleanup but operation aborted with error message about toaster.exe. This has to do with the Dell datasafe backup. Perhaps the Dell.com needs to be in the trusted zone? Anyway, I have a diskette containing original Dell drivers and utilities...do you think I should try reinstalling these?

descriptionRe: NAPSTAT.exe virus

more_horiz
I have a diskette containing original Dell drivers and utilities...do you think I should try reinstalling these?.

Not now. Let's check the internet connection.

Please download MiniToolBox to Desktop and run it.



Checkmark the following boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • List content of Hosts
  • List IP Configuration
  • Lst Last 10 Event Viewer Errors
  • List Users, Partitions and Memory Size

Click Go and copy/paste the log (Result.txt) into your next post.

descriptionRe: NAPSTAT.exe virus

more_horiz
MiniToolBox by Farbar Version: 23-01-2014
Ran by Anthony X (administrator) on 20-12-2014 at 15:51:13
Running from "C:\Users\Anthony X\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Network
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel(R) Centrino(R) Wireless-N 1030 = Wireless Network Connection (Connected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : AnthonyX
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
Physical Address. . . . . . . . . : AC-72-89-CE-5D-7F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) Centrino(R) Wireless-N 1030
Physical Address. . . . . . . . . : AC-72-89-CE-5D-7E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::bd52:2270:887b:a82b%11(Preferred)
Autoconfiguration IPv4 Address. . : 169.254.168.43(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 195850889
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-22-DA-9D-84-8F-69-AF-5D-F0
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{7CA31B18-EC31-4835-8970-972A18C04374}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{8B16F82D-82FE-4BFA-AE2C-3F40ABEB0CB6}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{504F77BE-5DA8-48DC-8F23-9A96FC2BBA70}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 14:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{BED4DF89-5FDF-4938-A0BB-2D57B1F0FAEE}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: fec0:0:0:ffff::1

Ping request could not find host google.com. Please check the name and try again.
Server: UnKnown
Address: fec0:0:0:ffff::1

Ping request could not find host yahoo.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:
General failure.
General failure.

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
===========================================================================
Interface List
17...ac 72 89 ce 5d 7f ......Microsoft Virtual WiFi Miniport Adapter #2
11...ac 72 89 ce 5d 7e ......Intel(R) Centrino(R) Wireless-N 1030
1...........................Software Loopback Interface 1
22...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
24...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
25...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
26...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
27...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 169.254.168.43 281
169.254.168.43 255.255.255.255 On-link 169.254.168.43 281
169.254.255.255 255.255.255.255 On-link 169.254.168.43 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 169.254.168.43 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 169.254.168.43 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 281 fe80::/64 On-link
11 281 fe80::bd52:2270:887b:a82b/128
On-link
1 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/20/2014 03:50:13 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Professional Plus 2010; Error = 0x8007043c).

Error: (12/20/2014 03:49:37 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Professional Plus 2010; Error = 0x8007043c).

Error: (12/20/2014 03:47:40 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/20/2014 09:32:37 AM) (Source: Microsoft-Windows-RestartManager) (User: AnthonyX)
Description: Application or service 'AccuWeather.com desktop weather widget' could not be shut down.

Error: (12/20/2014 09:32:07 AM) (Source: Microsoft-Windows-RestartManager) (User: AnthonyX)
Description: Application or service 'Dell DataSafe Local Backup' could not be shut down.

Error: (12/20/2014 09:32:07 AM) (Source: Microsoft-Windows-RestartManager) (User: AnthonyX)
Description: Application or service 'AccuWeather.com desktop weather widget' could not be shut down.

Error: (12/20/2014 09:24:41 AM) (Source: Desktop Window Manager) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x8007000e)

Error: (12/20/2014 09:19:52 AM) (Source: Desktop Window Manager) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x80070008)

Error: (12/20/2014 09:19:45 AM) (Source: TOASTER.EXE) (User: )
Description: An Unhandled Exception occured.
Exception of type 'System.OutOfMemoryException' was thrown.
at System.Diagnostics.NtProcessInfoHelper.GetProcessInfos()
at System.Diagnostics.ProcessManager.GetProcessInfos(String machineName)
at System.Diagnostics.Process.GetProcesses(String machineName)
at System.Diagnostics.Process.GetProcessesByName(String processName, String machineName)
at System.Diagnostics.Process.GetProcessesByName(String processName)
at Toaster.Helper.DataSafeAlreadyLaunched()
at Toaster.Helper.DataSafeAvailable()
at Toaster.Notifications.Upgrade.UpgradeHelper.CheckReminder()
at Toaster.Helper.CheckReminders(ObservableCollection`1 notificationHelpers)
at Toaster.MainWindowViewModel.NotificationsTimerTick(Object sender, EventArgs e)
at System.Windows.Threading.DispatcherTimer.FireTick(Object unused)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Boolean isSingleParameter)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)

Error: (12/20/2014 09:19:43 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.


System errors:
=============
Error: (12/20/2014 03:51:25 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/20/2014 03:51:25 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/20/2014 03:51:25 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/20/2014 03:51:25 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/20/2014 03:51:25 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/20/2014 03:51:25 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/20/2014 03:51:25 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/20/2014 03:51:25 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/20/2014 03:51:25 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/20/2014 03:51:25 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (12/20/2014 03:50:13 PM) (Source: System Restore)(User: )
Description: C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Professional Plus 20100x8007043c

Error: (12/20/2014 03:49:37 PM) (Source: System Restore)(User: )
Description: C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Professional Plus 20100x8007043c

Error: (12/20/2014 03:47:40 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/20/2014 09:32:37 AM) (Source: Microsoft-Windows-RestartManager)(User: AnthonyX)
Description: 1C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exeAccuWeather.com desktop weather widget0111729520

Error: (12/20/2014 09:32:07 AM) (Source: Microsoft-Windows-RestartManager)(User: AnthonyX)
Description: 1C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exeDell DataSafe Local Backup0111726600

Error: (12/20/2014 09:32:07 AM) (Source: Microsoft-Windows-RestartManager)(User: AnthonyX)
Description: 1C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exeAccuWeather.com desktop weather widget0111729520

Error: (12/20/2014 09:24:41 AM) (Source: Desktop Window Manager)(User: )
Description: 0x8007000e

Error: (12/20/2014 09:19:52 AM) (Source: Desktop Window Manager)(User: )
Description: 0x80070008

Error: (12/20/2014 09:19:45 AM) (Source: TOASTER.EXE)(User: )
Description: An Unhandled Exception occured.
Exception of type 'System.OutOfMemoryException' was thrown.
at System.Diagnostics.NtProcessInfoHelper.GetProcessInfos()
at System.Diagnostics.ProcessManager.GetProcessInfos(String machineName)
at System.Diagnostics.Process.GetProcesses(String machineName)
at System.Diagnostics.Process.GetProcessesByName(String processName, String machineName)
at System.Diagnostics.Process.GetProcessesByName(String processName)
at Toaster.Helper.DataSafeAlreadyLaunched()
at Toaster.Helper.DataSafeAvailable()
at Toaster.Notifications.Upgrade.UpgradeHelper.CheckReminder()
at Toaster.Helper.CheckReminders(ObservableCollection`1 notificationHelpers)
at Toaster.MainWindowViewModel.NotificationsTimerTick(Object sender, EventArgs e)
at System.Windows.Threading.DispatcherTimer.FireTick(Object unused)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Boolean isSingleParameter)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)

Error: (12/20/2014 09:19:43 AM) (Source: SideBySide)(User: )
Description: C:\Windows\System32\cleanmgr.exeC:\Windows\System32\cleanmgr.exe0


CodeIntegrity Errors:
===================================
Date: 2014-12-19 16:00:14.479
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-12-19 16:00:14.432
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-12-19 16:00:14.385
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-12-19 16:00:14.354
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-12-16 23:52:52.109
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-12-16 23:52:52.062
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


========================= Memory info: ===================================

Percentage of memory in use: 12%
Total physical RAM: 8086.17 MB
Available physical RAM: 7075.62 MB
Total Pagefile: 16170.52 MB
Available Pagefile: 15200.93 MB
Total Virtual: 4095.88 MB
Available Virtual: 3983.45 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:679 GB) (Free:529.8 GB) NTFS
3 Drive e: (Lexar) (Removable) (Total:3.73 GB) (Free:2.32 GB) FAT32

========================= Users: ========================================

User accounts for \\ANTHONYX

Administrator Anthony X Guest


**** End of log ****

descriptionRe: NAPSTAT.exe virus

more_horiz
Did you reset your modem? Please go to your Device manager and check if there are any yellow Warning icons.

descriptionRe: NAPSTAT.exe virus

more_horiz
I went into Device Manager through Control Panel. I don't see anything with a warning. Not sure I'm in the right place.

descriptionRe: NAPSTAT.exe virus

more_horiz
any thoughts on how to resolve the issue at this point?

descriptionRe: NAPSTAT.exe virus

more_horiz
I'm sorry for not getting back to you sooner. I'm really at a loss at this point. There is only so much I can do on-line. I would have to be sitting at your computer to be of any more help.

descriptionRe: NAPSTAT.exe virus

more_horiz
ok, well thanks for your help.  I did a system restore to an earlier point in time and now can connect to the internet.   I did some scans and things seem to be ok for the time being. 

What is the recommended method of donation to the site now?
Permissions in this forum:
You cannot reply to topics in this forum