NAPSTAT.exe virus

View previous topic View next topic Go down

NAPSTAT.exe virus

Post by Anthony X2 on 16th December 2014, 11:31 pm

Hello and Greetings! I am hoping you can help me repair my poor comuter which gets hit with CPU overload from malicions subroutines and possible hacking/downloading. The Processes that show up are crazy. Downloaders and weird utilities showing up and maxing the CPU usage. One of the processes that shows up is NAPSTAT.exe and googling that shows some virus warnings with my problems. Do you think you can help me?

Hello and Greetings! I am hoping you can help me repair my poor comuter which gets hit with CPU overload from malicions subroutines and possible hacking/downloading. The Processes that show up are crazy. Downloaders and weird utilities showing up and maxing the CPU usage. One of the processes that shows up is NAPSTAT.exe and googling that shows some virus warnings with my problems. Do you think you can help me?

I tried doing a System Restore to a few days ago before the problem showed up and I ran MBAM, ADW, and Security Check. I can't find the MBAM log but was told no malicious items were found. The other two logs are posted below. This temporarily cured the problem. That is until I opened up the Firefox Browser then it reinitialized itself. Now as soon as I turn on my machine the malware attacks. In other words, the System Restore seemed to help but there is something bad in the browser startup area.

Thanks for any help you can provide!

# AdwCleaner v4.105 - Report created 16/12/2014 at 13:44:20
# Updated 08/12/2014 by Xplode
# Database : 2014-12-13.4 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Anthony X - ANTHONYX
# Running from : E:\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\MRS

***** [ Scheduled Tasks ] *****

Task Deleted : BrowserSafeguard Update Task

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\MFC-7860DW LAN#2\Status Monitor.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\MFC-7860DW LAN\Status Monitor.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\chatango.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\delta.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\st.chatango.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\[You must be registered and logged in to see this link.]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.17183


-\\ Mozilla Firefox v34.0.5 (x86 en-US)


*************************

AdwCleaner[R0].txt - [10194 octets] - [07/06/2014 08:13:39]
AdwCleaner[R1].txt - [915 octets] - [28/06/2014 22:15:52]
AdwCleaner[R2].txt - [1861 octets] - [16/12/2014 13:32:42]
AdwCleaner[S0].txt - [10392 octets] - [07/06/2014 08:32:45]
AdwCleaner[S1].txt - [975 octets] - [28/06/2014 22:24:06]
AdwCleaner[S2].txt - [2042 octets] - [16/12/2014 13:44:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2102 octets] ##########

>>


Results of screen317's Security Check version 0.99.93
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Windows Firewall Disabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 15.0.0.246 Flash Player out of Date!
Adobe Reader 10.1.13 Adobe Reader out of Date!
Mozilla Firefox (34.0.5)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
AVAST Software Avast afwServ.exe
AVAST Software Avast setup instup.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 5%
````````````````````End of Log``````````````````````





Anthony X2
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-12-24
OS OS : Windows Vista
Points Points : 18386
# Likes # Likes : 0

View user profile

Back to top Go down

Re: NAPSTAT.exe virus

Post by Anthony X2 on 17th December 2014, 5:39 pm

is everyone home for the holidays?

Anthony X2
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-12-24
OS OS : Windows Vista
Points Points : 18386
# Likes # Likes : 0

View user profile

Back to top Go down

Re: NAPSTAT.exe virus

Post by Superdave on 17th December 2014, 8:21 pm

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.]
Double Click mbam-setup.exe to install the application.

  • It should update automatically if the computer is connected to the internet.
  • Click on Threat Scan and click on Scan Now.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete make sure all the infections have "quarantine" selected in the Action box.
  • Click on "Apply actions" You may be asked to Restart your computer to completely remove the infections.
  • When disinfection is completed you can click on "Copy to Clipboard".
  • Paste the log in you next reply (CTRL+ V)

*************************************************
Please download [You must be registered and logged in to see this link.] to your desktop.

Warning! Once the scan is complete JRT will shut down your browser with NO warning.

Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click [You must be registered and logged in to see this link.] link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.
*****************************************
Malwarebytes' Anti-Rootkit

Please download [You must be registered and logged in to see this link.] and save it to your desktop.

  • Be sure to print out and follow the instructions provided on that same page for performing a scan.
  • Caution: This is a beta version so also read the disclaimer and [You must be registered and logged in to see this link.] all your data before using.
  • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
  • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
  • Copy and paste the contents of these two log files in your next reply.


Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83201
# Likes # Likes : 0

View user profile

Back to top Go down

Re: NAPSTAT.exe virus

Post by AnthonyX on 18th December 2014, 5:50 am

MBAM ran with no threats found. I couldnt figure out how to get the log to print, sorry.

Here is the JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Home Premium x64
Ran by Anthony X on Wed 12/17/2014 at 21:43:51.77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Anthony X\AppData\Roaming\mozilla\firefox\profiles\rxw6nnwi.default\minidumps [10 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 12/17/2014 at 21:47:02.13
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Running rootkit now

AnthonyX
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2014-12-16
OS OS : Windows 7 Home Premium
Points Points : 7275
# Likes # Likes : 0

View user profile

Back to top Go down

Re: NAPSTAT.exe virus

Post by AnthonyX on 18th December 2014, 6:38 am

i'm trying to post mbar rootkit results log but GeekPolice forum is blocking me for seven days as a new member restriction message or some such. Is this for real?

AnthonyX
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2014-12-16
OS OS : Windows 7 Home Premium
Points Points : 7275
# Likes # Likes : 0

View user profile

Back to top Go down

Re: NAPSTAT.exe virus

Post by AnthonyX on 18th December 2014, 6:41 am

mbar log

AnthonyX
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2014-12-16
OS OS : Windows 7 Home Premium
Points Points : 7275
# Likes # Likes : 0

View user profile

Back to top Go down

Re: NAPSTAT.exe virus

Post by Anthony X2 on 18th December 2014, 5:13 pm

sorry i think i logged in wrong.  here's the mbar report

Malwarebytes Anti-Rootkit BETA 1.08.2.1001
[You must be registered and logged in to see this link.]

Database version: v2014.12.18.01

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 10.0.9200.17183
Anthony X :: ANTHONYX [administrator]

12/17/2014 9:53:45 PM
mbar-log-2014-12-17 (21-53-45).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 363671
Time elapsed: 21 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKU\S-1-5-21-3445987834-2524497394-4225669327-1000_Classes\CLSID\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}\LOCALSERVER32\^ (Trojan.Poweliks) -> Delete on reboot. [094031333448f73f2845847e57a9f40c]

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Anthony X2
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-12-24
OS OS : Windows Vista
Points Points : 18386
# Likes # Likes : 0

View user profile

Back to top Go down

Re: NAPSTAT.exe virus

Post by Anthony X2 on 18th December 2014, 5:48 pm

i ran mbar a second time and said no malware found.
I assure you the problem is still with me.  these processes keep loading themselves whenever i open a browser or do an internet search.

Anthony X2
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-12-24
OS OS : Windows Vista
Points Points : 18386
# Likes # Likes : 0

View user profile

Back to top Go down

Re: NAPSTAT.exe virus

Post by Superdave on 18th December 2014, 6:17 pm

Download Combofix from any of the links below, and save it to your DESKTOP.
If your version of Windows defaults to you download folder you will need to copy it to your desktop.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

To prevent your anti-virus application interfering with ComboFix we need to disable it. See [You must be registered and logged in to see this link.] for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click ComboFix.exe to run it.

    You will see the following image:



Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83201
# Likes # Likes : 0

View user profile

Back to top Go down

Re: NAPSTAT.exe virus

Post by Anthony X2 on 19th December 2014, 4:46 pm

Thanks for your help.  Here's the CF log file:

ComboFix 14-12-14.01 - Anthony X 12/19/2014   8:10.3.8 - x64 MINIMAL
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8086.6997 [GMT -8:00]
Running from: c:\users\Anthony X\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2014-11-19 to 2014-12-19  )))))))))))))))))))))))))))))))
.
.
2014-12-19 16:26 . 2014-12-19 16:26    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-12-17 00:05 . 2014-11-02 04:20    11632448    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{D226F813-A52F-47D0-AA88-BC2110595EE4}\mpengine.dll
2014-12-16 02:46 . 2014-12-16 02:46    --------    d-----w-    c:\users\Anthony X\AppData\Roaming\Roxio Log Files
2014-12-10 08:52 . 2014-12-10 08:52    --------    d-----w-    c:\windows\system32\appraiser
2014-12-10 08:41 . 2014-10-18 02:05    4121600    ----a-w-    c:\windows\system32\mf.dll
2014-12-10 08:41 . 2014-10-18 01:33    3209728    ----a-w-    c:\windows\SysWow64\mf.dll
2014-12-03 18:06 . 2014-12-03 18:06    188304    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2014-11-25 22:24 . 2014-11-25 22:24    24294072    ----a-w-    c:\program files\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
2014-11-25 21:59 . 2014-11-25 21:59    18638520    ----a-w-    c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
2014-11-21 04:46 . 2014-12-18 17:16    135384    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-21 04:45 . 2014-11-21 14:23    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-11-21 04:45 . 2014-12-18 04:49    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-18 17:15 . 2014-06-08 02:51    96472    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-12-15 16:28 . 2014-09-01 16:15    163504    ----a-w-    c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-12-10 08:42 . 2012-05-06 14:51    112710672    ----a-w-    c:\windows\system32\MRT.exe
2014-12-10 02:38 . 2012-04-29 16:02    701104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-12-10 02:38 . 2011-10-09 02:31    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-21 19:26 . 2012-05-13 23:36    1041168    ----a-w-    c:\windows\system32\drivers\aswsnx.sys
2014-11-21 14:23 . 2013-08-21 00:07    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-11-19 12:26 . 2014-11-19 12:26    1614504    ----a-w-    c:\windows\system32\FM20.DLL
2014-11-11 03:08 . 2014-11-19 15:14    241152    ----a-w-    c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-19 15:14    728064    ----a-w-    c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-11-19 15:14    186880    ----a-w-    c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-19 15:14    550912    ----a-w-    c:\windows\SysWow64\kerberos.dll
2014-11-04 22:30 . 2010-11-21 03:27    275080    ----a-w-    c:\windows\system32\MpSigStub.exe
2014-10-25 01:57 . 2014-11-12 17:56    77824    ----a-w-    c:\windows\system32\packager.dll
2014-10-25 01:32 . 2014-11-12 17:56    67584    ----a-w-    c:\windows\SysWow64\packager.dll
2014-10-18 02:05 . 2014-11-12 17:55    861696    ----a-w-    c:\windows\system32\oleaut32.dll
2014-10-18 01:33 . 2014-11-12 17:55    571904    ----a-w-    c:\windows\SysWow64\oleaut32.dll
2014-10-14 02:16 . 2014-11-12 17:58    155064    ----a-w-    c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 02:13 . 2014-11-12 17:58    683520    ----a-w-    c:\windows\system32\termsrv.dll
2014-10-14 02:13 . 2014-11-12 17:56    3241984    ----a-w-    c:\windows\system32\msi.dll
2014-10-14 02:12 . 2014-11-12 17:58    1460736    ----a-w-    c:\windows\system32\lsasrv.dll
2014-10-14 02:09 . 2014-11-12 17:58    146432    ----a-w-    c:\windows\system32\msaudite.dll
2014-10-14 02:07 . 2014-11-12 17:58    681984    ----a-w-    c:\windows\system32\adtschema.dll
2014-10-14 01:50 . 2014-11-12 17:58    22016    ----a-w-    c:\windows\SysWow64\secur32.dll
2014-10-14 01:50 . 2014-11-12 17:56    2363904    ----a-w-    c:\windows\SysWow64\msi.dll
2014-10-14 01:49 . 2014-11-12 17:58    96768    ----a-w-    c:\windows\SysWow64\sspicli.dll
2014-10-14 01:47 . 2014-11-12 17:58    146432    ----a-w-    c:\windows\SysWow64\msaudite.dll
2014-10-14 01:46 . 2014-11-12 17:58    681984    ----a-w-    c:\windows\SysWow64\adtschema.dll
2014-10-10 00:57 . 2014-11-12 17:56    3198976    ----a-w-    c:\windows\system32\win32k.sys
2014-10-03 02:12 . 2014-11-12 17:58    500224    ----a-w-    c:\windows\system32\AUDIOKSE.dll
2014-10-03 02:11 . 2014-11-12 17:58    284672    ----a-w-    c:\windows\system32\EncDump.dll
2014-10-03 02:11 . 2014-11-12 17:58    680960    ----a-w-    c:\windows\system32\audiosrv.dll
2014-10-03 02:11 . 2014-11-12 17:58    440832    ----a-w-    c:\windows\system32\AudioEng.dll
2014-10-03 02:11 . 2014-11-12 17:58    296448    ----a-w-    c:\windows\system32\AudioSes.dll
2014-10-03 01:44 . 2014-11-12 17:58    442880    ----a-w-    c:\windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44 . 2014-11-12 17:58    374784    ----a-w-    c:\windows\SysWow64\AudioEng.dll
2014-10-03 01:44 . 2014-11-12 17:58    195584    ----a-w-    c:\windows\SysWow64\AudioSes.dll
2014-10-02 22:23 . 2014-10-02 22:23    94208    ----a-w-    c:\windows\SysWow64\QuickTimeVR.qtx
2014-10-02 22:23 . 2014-10-02 22:23    69632    ----a-w-    c:\windows\SysWow64\QuickTime.qts
2014-09-25 02:08 . 2014-09-30 17:09    371712    ----a-w-    c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-09-30 17:09    519680    ----a-w-    c:\windows\SysWow64\qdvd.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Anthony X\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Anthony X\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Anthony X\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2014-10-15 911032]
"TouchFreeze"="c:\users\Anthony X\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe" [2012-07-25 40960]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2014-10-17 43816]
"AppleIEDAV"="c:\program files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe" [2014-08-05 1080104]
"Amazon Music"="c:\users\Anthony X\AppData\Local\Amazon Music\Amazon Music Helper.exe" [2014-10-15 6281024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2014-12-03 40336]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]
"Act.Outlook.Service"="c:\program files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe" [2011-11-16 18432]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\ActSage.exe" [2011-11-16 337224]
"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2011-04-21 139264]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"sendmng"="c:\program files (x86)\OneSuiteFax\Client\SendMng.exe" [2008-03-31 520192]
"IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2010-03-09 46368]
"PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2010-03-09 29984]
"PPort12reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
"PDFHook"="c:\program files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-06 636192]
"PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-06 62752]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2014-09-04 41360]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2014-09-04 840592]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2012-11-28 739936]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-11-20 1021128]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-07 4085896]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888]
.
c:\users\Anthony X\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Anthony X\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-11-12 35419192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Sage ACT! Integration.lnk - c:\program files (x86)\ACT\Act for Windows\Sage.ACT.Integration.exe D [2011-11-15 97792]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
R0 aswRvrt;avast! Revert; [x]
R0 aswVmm;avast! VM Monitor; [x]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
R2 ActService;ACT! Service Host;c:\program files (x86)\ACT\Act for Windows\Act.Server.Host.exe;c:\program files (x86)\ACT\Act for Windows\Act.Server.Host.exe [x]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe;c:\windows\SysWOW64\atashost.exe [x]
R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe;c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe [x]
R2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [x]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 Sage ACT! Scheduler;Sage ACT! Scheduler;c:\program files (x86)\ACT\Act for Windows\Act.Scheduler.exe;c:\program files (x86)\ACT\Act for Windows\Act.Scheduler.exe [x]
R2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 SQLAgent$ACT7;SQL Server Agent (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE [x]
R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe [x]
R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrUsbSIb.sys [x]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys;c:\windows\SYSNATIVE\drivers\btmaud.sys [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe [x]
R4 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
R4 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
R4 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0150.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-12-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 02:38]
.
2014-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-18 04:20]
.
2014-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-18 04:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-08-07 17:51    634872    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Anthony X\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Anthony X\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Anthony X\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Anthony X\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391512]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 415064]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-12 609144]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-05-19 10365952]
"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-09-16 497648]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = [You must be registered and logged in to see this link.]
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>
Trusted Zone: dell.com
Trusted Zone: msn.com\zone
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Anthony X\AppData\Roaming\Mozilla\Firefox\Profiles\rxw6nnwi.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run- - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3445987834-2524497394-4225669327-1000_Classes\CLSID]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-12-19  08:29:42
ComboFix-quarantined-files.txt  2014-12-19 16:29
ComboFix2.txt  2014-12-17 07:57
.
Pre-Run: 566,792,744,960 bytes free
Post-Run: 567,575,191,552 bytes free
.
- - End Of File - - 12A0885887CB2FD8B11EB314E69E54EF

Anthony X2
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-12-24
OS OS : Windows Vista
Points Points : 18386
# Likes # Likes : 0

View user profile

Back to top Go down

Re: NAPSTAT.exe virus

Post by Anthony X2 on 19th December 2014, 6:17 pm

it says antivirus enabled but i shut it all down "turned off" all features and ended the process of avast! when running combofix.

Anthony X2
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-12-24
OS OS : Windows Vista
Points Points : 18386
# Likes # Likes : 0

View user profile

Back to top Go down

Re: NAPSTAT.exe virus

Post by Superdave on 19th December 2014, 10:36 pm

What happens when you use IE?

Internet Explorer's security is based upon a set of zones. Each zone has different security in terms of what scripts and applications can be run from a site that is in that zone. There is a security zone called the Trusted Zone. This zone has the lowest security and allows scripts and applications from sites in this zone to run without your knowledge. It is therefore a popular setting for malware sites to use so that future infections can be easily done on your computer without your knowledge as these sites will be in the Trusted Zone. Therefore, I recommend that nothing be allowed in the trusted zone. If you agree, please do the following.

Re-running ComboFix to remove infections:


  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:

    KillAll::

    DDS::
    Trusted Zone: dell.com
    Trusted Zone: msn.com\zone

  • Save this as CFScript.txt, in the same location as ComboFix.exe



  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • I don't need to see the log from this action.

*********************************************
these processes keep loading themselves whenever i open a browser or do an internet search..
I'm not seeing very many infections on this computer. Could you provide a screenshot of these processes?

[You must be registered and logged in to see this link.]

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83201
# Likes # Likes : 0

View user profile

Back to top Go down

Re: NAPSTAT.exe virus

Post by Anthony X2 on 20th December 2014, 12:53 am

First of all, it felt really good to type "killall" to some bugs in my system, thank you!  Really enjoyed that.

Second, after running the script i am not seeing the Processes going bananas anymore, so hopefully a solid fix with no more scum on the way. 

Just some notes: I have used the "Trusted Zone" while monkeying with the settings playing on the MSN Games site but this was probably a year ago. 
About six months ago I started getting twenty junk email a day like clockwork to one of my email addresses.  I tried to write rules to stop them but they kept coming no matter what I did.  Now I try to just ignore and work around them.  Finally, I started getting calls from a thick accented boiler room operator wanting to help me "fix my computer" and I entertained them a little to see how far they would go in their instructions to help my machine.  They said they were from Microsoft but were very cagey in answering questions.  I thought of them as pure internet scam artists and kind of fkd with them a little, you know what I mean?  Anyway, I don't know if one or any of these data points explain anything but just saying.

Anthony X2
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-12-24
OS OS : Windows Vista
Points Points : 18386
# Likes # Likes : 0

View user profile

Back to top Go down

Re: NAPSTAT.exe virus

Post by Anthony X2 on 20th December 2014, 12:55 am

Do you think its okay for me to try to play in MSN Games anymore as long as I don't go into the "Trusted Zone"? 

How perfect is that, by the way, for best misnomers of all time?  

Who's behind all this, what are they gaining, and should I assume all my computer data has been transmitted to an outside party?

Anthony X2
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-12-24
OS OS : Windows Vista
Points Points : 18386
# Likes # Likes : 0

View user profile

Back to top Go down

Re: NAPSTAT.exe virus

Post by Anthony X2 on 20th December 2014, 1:01 am

should i change all my passwords, online banking, etc....?

Anthony X2
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-12-24
OS OS : Windows Vista
Points Points : 18386
# Likes # Likes : 0

View user profile

Back to top Go down

Re: NAPSTAT.exe virus

Post by Superdave on 20th December 2014, 1:35 am

About six months ago I started getting twenty junk email a day like clockwork to one of my email addresses. I tried to write rules to stop them but they kept coming no matter what I did. Now I try to just ignore and work around them.
I use Mailwasher [You must be registered and logged in to see this link.]to cut down on e-mails that I don't wish to receive. If it's unsolicited, I just bounce it. You should try it. You can choose the messages you wish to receive and delete the rest.
Who's behind all this, what are they gaining, and should I assume all my computer data has been transmitted to an outside party?.
Most of them are after your personal information such as your SIN and bank account information. The telephone scammers try to fool you into believing the your computer is infected and they will help you clean it. The want access to your computer where they can find all your personal data.
should i change all my passwords, online banking, etc....?.
Only if you feel it's necessary but I really didn't find anything to indicate that your computer was comprimised. They are some experts that say you should change passwords every six months.
Let's do some cleanup.


Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.



Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.



This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
********************************************
* Click START then RUN - Vista users press the Windows Key and the R keys together for the Run box.
* Now type Combofix /uninstall in the runbox
* Make sure there's a space between Combofix and /Uninstall
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.
*******************************************
This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download [You must be registered and logged in to see this link.] to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create Registry backup
  • Purge System Restore Points
  • Re-set system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.
******************************************
I suggest using [You must be registered and logged in to see this link.]. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

Check out [You must be registered and logged in to see this link.] for tips and free tools to help keep you safe in the future.

Also see [You must be registered and logged in to see this link.] for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83201
# Likes # Likes : 0

View user profile

Back to top Go down

Re: NAPSTAT.exe virus

Post by Anthony X2 on 20th December 2014, 6:03 pm

Now my computer won't connect to the internet. For a while after our cleanup everything was working fine. After doing a reboot and allowing Microsoft to do some updates and a startup repair....now it won't connect. I use a cable modem with a wireless router. My other devices are able to connect to the internet so it seems to be local to the machine we've been working on. I'm wondering if maybe we needed the Dell.com in the Trusted zone whereas the MSN Games was the culprit?

Anthony X2
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-12-24
OS OS : Windows Vista
Points Points : 18386
# Likes # Likes : 0

View user profile

Back to top Go down

Re: NAPSTAT.exe virus

Post by Anthony X2 on 20th December 2014, 6:39 pm

I tried disk cleanup but operation aborted with error message about toaster.exe. This has to do with the Dell datasafe backup. Perhaps the Dell.com needs to be in the trusted zone? Anyway, I have a diskette containing original Dell drivers and utilities...do you think I should try reinstalling these?

Anthony X2
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-12-24
OS OS : Windows Vista
Points Points : 18386
# Likes # Likes : 0

View user profile

Back to top Go down

Re: NAPSTAT.exe virus

Post by Superdave on 20th December 2014, 11:20 pm

I have a diskette containing original Dell drivers and utilities...do you think I should try reinstalling these?.
Not now. Let's check the internet connection.

Please download [You must be registered and logged in to see this link.] to Desktop and run it.



Checkmark the following boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • List content of Hosts
  • List IP Configuration
  • Lst Last 10 Event Viewer Errors
  • List Users, Partitions and Memory Size

Click Go and copy/paste the log (Result.txt) into your next post.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83201
# Likes # Likes : 0

View user profile

Back to top Go down

Re: NAPSTAT.exe virus

Post by Anthony X2 on 21st December 2014, 12:55 am

MiniToolBox by Farbar Version: 23-01-2014
Ran by Anthony X (administrator) on 20-12-2014 at 15:51:13
Running from "C:\Users\Anthony X\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Network
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel(R) Centrino(R) Wireless-N 1030 = Wireless Network Connection (Connected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : AnthonyX
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
Physical Address. . . . . . . . . : AC-72-89-CE-5D-7F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) Centrino(R) Wireless-N 1030
Physical Address. . . . . . . . . : AC-72-89-CE-5D-7E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::bd52:2270:887b:a82b%11(Preferred)
Autoconfiguration IPv4 Address. . : 169.254.168.43(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 195850889
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-22-DA-9D-84-8F-69-AF-5D-F0
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{7CA31B18-EC31-4835-8970-972A18C04374}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{8B16F82D-82FE-4BFA-AE2C-3F40ABEB0CB6}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{504F77BE-5DA8-48DC-8F23-9A96FC2BBA70}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 14:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{BED4DF89-5FDF-4938-A0BB-2D57B1F0FAEE}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: fec0:0:0:ffff::1

Ping request could not find host google.com. Please check the name and try again.
Server: UnKnown
Address: fec0:0:0:ffff::1

Ping request could not find host yahoo.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:
General failure.
General failure.

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
===========================================================================
Interface List
17...ac 72 89 ce 5d 7f ......Microsoft Virtual WiFi Miniport Adapter #2
11...ac 72 89 ce 5d 7e ......Intel(R) Centrino(R) Wireless-N 1030
1...........................Software Loopback Interface 1
22...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
24...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
25...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
26...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
27...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 169.254.168.43 281
169.254.168.43 255.255.255.255 On-link 169.254.168.43 281
169.254.255.255 255.255.255.255 On-link 169.254.168.43 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 169.254.168.43 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 169.254.168.43 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 281 fe80::/64 On-link
11 281 fe80::bd52:2270:887b:a82b/128
On-link
1 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/20/2014 03:50:13 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Professional Plus 2010; Error = 0x8007043c).

Error: (12/20/2014 03:49:37 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Professional Plus 2010; Error = 0x8007043c).

Error: (12/20/2014 03:47:40 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/20/2014 09:32:37 AM) (Source: Microsoft-Windows-RestartManager) (User: AnthonyX)
Description: Application or service 'AccuWeather.com desktop weather widget' could not be shut down.

Error: (12/20/2014 09:32:07 AM) (Source: Microsoft-Windows-RestartManager) (User: AnthonyX)
Description: Application or service 'Dell DataSafe Local Backup' could not be shut down.

Error: (12/20/2014 09:32:07 AM) (Source: Microsoft-Windows-RestartManager) (User: AnthonyX)
Description: Application or service 'AccuWeather.com desktop weather widget' could not be shut down.

Error: (12/20/2014 09:24:41 AM) (Source: Desktop Window Manager) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x8007000e)

Error: (12/20/2014 09:19:52 AM) (Source: Desktop Window Manager) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x80070008)

Error: (12/20/2014 09:19:45 AM) (Source: TOASTER.EXE) (User: )
Description: An Unhandled Exception occured.
Exception of type 'System.OutOfMemoryException' was thrown.
at System.Diagnostics.NtProcessInfoHelper.GetProcessInfos()
at System.Diagnostics.ProcessManager.GetProcessInfos(String machineName)
at System.Diagnostics.Process.GetProcesses(String machineName)
at System.Diagnostics.Process.GetProcessesByName(String processName, String machineName)
at System.Diagnostics.Process.GetProcessesByName(String processName)
at Toaster.Helper.DataSafeAlreadyLaunched()
at Toaster.Helper.DataSafeAvailable()
at Toaster.Notifications.Upgrade.UpgradeHelper.CheckReminder()
at Toaster.Helper.CheckReminders(ObservableCollection`1 notificationHelpers)
at Toaster.MainWindowViewModel.NotificationsTimerTick(Object sender, EventArgs e)
at System.Windows.Threading.DispatcherTimer.FireTick(Object unused)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Boolean isSingleParameter)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)

Error: (12/20/2014 09:19:43 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.


System errors:
=============
Error: (12/20/2014 03:51:25 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/20/2014 03:51:25 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/20/2014 03:51:25 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/20/2014 03:51:25 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/20/2014 03:51:25 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/20/2014 03:51:25 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/20/2014 03:51:25 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/20/2014 03:51:25 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/20/2014 03:51:25 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/20/2014 03:51:25 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (12/20/2014 03:50:13 PM) (Source: System Restore)(User: )
Description: C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Professional Plus 20100x8007043c

Error: (12/20/2014 03:49:37 PM) (Source: System Restore)(User: )
Description: C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Professional Plus 20100x8007043c

Error: (12/20/2014 03:47:40 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/20/2014 09:32:37 AM) (Source: Microsoft-Windows-RestartManager)(User: AnthonyX)
Description: 1C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exeAccuWeather.com desktop weather widget0111729520

Error: (12/20/2014 09:32:07 AM) (Source: Microsoft-Windows-RestartManager)(User: AnthonyX)
Description: 1C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exeDell DataSafe Local Backup0111726600

Error: (12/20/2014 09:32:07 AM) (Source: Microsoft-Windows-RestartManager)(User: AnthonyX)
Description: 1C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exeAccuWeather.com desktop weather widget0111729520

Error: (12/20/2014 09:24:41 AM) (Source: Desktop Window Manager)(User: )
Description: 0x8007000e

Error: (12/20/2014 09:19:52 AM) (Source: Desktop Window Manager)(User: )
Description: 0x80070008

Error: (12/20/2014 09:19:45 AM) (Source: TOASTER.EXE)(User: )
Description: An Unhandled Exception occured.
Exception of type 'System.OutOfMemoryException' was thrown.
at System.Diagnostics.NtProcessInfoHelper.GetProcessInfos()
at System.Diagnostics.ProcessManager.GetProcessInfos(String machineName)
at System.Diagnostics.Process.GetProcesses(String machineName)
at System.Diagnostics.Process.GetProcessesByName(String processName, String machineName)
at System.Diagnostics.Process.GetProcessesByName(String processName)
at Toaster.Helper.DataSafeAlreadyLaunched()
at Toaster.Helper.DataSafeAvailable()
at Toaster.Notifications.Upgrade.UpgradeHelper.CheckReminder()
at Toaster.Helper.CheckReminders(ObservableCollection`1 notificationHelpers)
at Toaster.MainWindowViewModel.NotificationsTimerTick(Object sender, EventArgs e)
at System.Windows.Threading.DispatcherTimer.FireTick(Object unused)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Boolean isSingleParameter)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)

Error: (12/20/2014 09:19:43 AM) (Source: SideBySide)(User: )
Description: C:\Windows\System32\cleanmgr.exeC:\Windows\System32\cleanmgr.exe0


CodeIntegrity Errors:
===================================
Date: 2014-12-19 16:00:14.479
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-12-19 16:00:14.432
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-12-19 16:00:14.385
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-12-19 16:00:14.354
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-12-16 23:52:52.109
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-12-16 23:52:52.062
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


========================= Memory info: ===================================

Percentage of memory in use: 12%
Total physical RAM: 8086.17 MB
Available physical RAM: 7075.62 MB
Total Pagefile: 16170.52 MB
Available Pagefile: 15200.93 MB
Total Virtual: 4095.88 MB
Available Virtual: 3983.45 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:679 GB) (Free:529.8 GB) NTFS
3 Drive e: (Lexar) (Removable) (Total:3.73 GB) (Free:2.32 GB) FAT32

========================= Users: ========================================

User accounts for \\ANTHONYX

Administrator Anthony X Guest


**** End of log ****

Anthony X2
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-12-24
OS OS : Windows Vista
Points Points : 18386
# Likes # Likes : 0

View user profile

Back to top Go down

Re: NAPSTAT.exe virus

Post by Superdave on 21st December 2014, 7:29 pm

Did you reset your modem? Please go to your Device manager and check if there are any yellow Warning icons.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83201
# Likes # Likes : 0

View user profile

Back to top Go down

Re: NAPSTAT.exe virus

Post by Anthony X2 on 22nd December 2014, 12:22 am

I went into Device Manager through Control Panel. I don't see anything with a warning. Not sure I'm in the right place.

Anthony X2
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-12-24
OS OS : Windows Vista
Points Points : 18386
# Likes # Likes : 0

View user profile

Back to top Go down

Re: NAPSTAT.exe virus

Post by Anthony X2 on 22nd December 2014, 7:24 pm

any thoughts on how to resolve the issue at this point?

Anthony X2
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-12-24
OS OS : Windows Vista
Points Points : 18386
# Likes # Likes : 0

View user profile

Back to top Go down

Re: NAPSTAT.exe virus

Post by Superdave on 25th December 2014, 8:28 pm

I'm sorry for not getting back to you sooner. I'm really at a loss at this point. There is only so much I can do on-line. I would have to be sitting at your computer to be of any more help.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83201
# Likes # Likes : 0

View user profile

Back to top Go down

Re: NAPSTAT.exe virus

Post by Anthony X2 on 28th December 2014, 5:49 am

ok, well thanks for your help.  I did a system restore to an earlier point in time and now can connect to the internet.   I did some scans and things seem to be ok for the time being. 

What is the recommended method of donation to the site now?

Anthony X2
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-12-24
OS OS : Windows Vista
Points Points : 18386
# Likes # Likes : 0

View user profile

Back to top Go down

Re: NAPSTAT.exe virus

Post by Superdave on 28th December 2014, 6:49 pm

We do not take donations at this site. We only ask that you do something similar for someone else.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83201
# Likes # Likes : 0

View user profile

Back to top Go down

Re: NAPSTAT.exe virus

Post by Anthony X2 on 30th December 2014, 9:14 am

I did some research and believe I have the Poweliks virus.  Its quite interesting, you should check it out.  It doesn't download any files so that traditional virus searches can't see it.  It also uses non ASCII characters and encoding to hide itself.  It remains only in the registry key area and stays 'file less'.  There is an eset poweliks tool that seems to have fixed my issue.  For now.  I feel like its going to pop up at any moment again but for now all looks good.

Anthony X2
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-12-24
OS OS : Windows Vista
Points Points : 18386
# Likes # Likes : 0

View user profile

Back to top Go down

Re: NAPSTAT.exe virus

Post by Superdave on 30th December 2014, 5:36 pm

I seriously doubt that you have that trojan. MBAM didn't pick up anything. You can keep MBAM on your computer and run it as many times as you wish.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83201
# Likes # Likes : 0

View user profile

Back to top Go down

Re: NAPSTAT.exe virus

Post by Anthony X2 on 30th December 2014, 9:16 pm

maybe youre right.  i'm just saying that it fits the profile with symptoms and undetectability with virus scanning because of its non file creation nature.  when i ran eset powerlik scanner it confirmed the presence and cleaned it.  if i have any more virus now i am unaware of any symptoms.  i am afraid that since i have been compromised there may be back doors in to my computer for hackers if they already have all my system info.  not sure if i should just scrape this thing to be sure.

Anthony X2
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-12-24
OS OS : Windows Vista
Points Points : 18386
# Likes # Likes : 0

View user profile

Back to top Go down

Re: NAPSTAT.exe virus

Post by Superdave on 30th December 2014, 11:17 pm

There was no evidence of an backdoor activity. If you wish to be completely safe, you can reformat and re-install the OS.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83201
# Likes # Likes : 0

View user profile

Back to top Go down

Re: NAPSTAT.exe virus

Post by Anthony X2 on 30th December 2014, 11:29 pm

Thanks for your help with this stuff, SuperDave!

Anthony X2
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-12-24
OS OS : Windows Vista
Points Points : 18386
# Likes # Likes : 0

View user profile

Back to top Go down

Re: NAPSTAT.exe virus

Post by Superdave on 30th December 2014, 11:38 pm

You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83201
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum