![NetOp Remote Control Name Server 8.00.2006047 serial key or number](http://manicapital.com/web/2014/12/dowloads.png?w=300&h=141)
NetOp Remote Control Name Server 8.00.2006047 serial key or number
![NetOp Remote Control Name Server 8.00.2006047 serial key or number NetOp Remote Control Name Server 8.00.2006047 serial key or number](https://image.slideserve.com/50081/multi-protocol-router-l.jpg)
NetOp Remote Control Name Server 8.00.2006047 serial key or number
- , #1
Virtumonde Infection
I'm having a really tough time with this. I've used Spybot to try and remove, but it keeps showing up. Comodo scan comes up clean. I did a system restore, but that didn't seem to help.
Now the computer runs so slow that I can only really use it in safe mode.
I'd be very grateful for any assistance that could be offered.
Thanks,
Matt
Logfile of Trend Micro HijackThis v (BETA)
Scan saved at PM, on 2/10/
Platform: Windows XP SP2 (WinNT )
MSIE: Internet Explorer v SP2 ()
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\manicapital.com
C:\WINDOWS\system32\manicapital.com
C:\WINDOWS\system32\manicapital.com
C:\WINDOWS\system32\manicapital.com
C:\WINDOWS\system32\manicapital.com
C:\WINDOWS\system32\manicapital.com
C:\Program Files\COMODO\COMODO Internet Security\manicapital.com
C:\WINDOWS\system32\manicapital.com
C:\WINDOWS\system32\manicapital.com
C:\WINDOWS\manicapital.com
C:\WINDOWS\system32\manicapital.com
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsbexe
C:\Program Files\Java\jre_07\bin\manicapital.com
C:\WINDOWS\manicapital.com
C:\PROGRA~1\VISION~1\ONETOU~manicapital.com
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\manicapital.com
C:\Program Files\iTunes\manicapital.com
C:\Program Files\COMODO\COMODO Internet Security\manicapital.com
C:\Program Files\Symantec\pcAnywhere\awhostexe
C:\Program Files\Veoh Networks\VeohWebPlayer\manicapital.com
C:\Program Files\manicapital.com 3\program\manicapital.com
C:\Program Files\Bonjour\manicapital.com
C:\Program Files\manicapital.com 3\program\manicapital.com
C:\WINDOWS\System32\manicapital.com
C:\WINDOWS\system32\manicapital.com
C:\Program Files\iPod\bin\manicapital.com
C:\Program Files\Yahoo!\Messenger\ymsgr_manicapital.com
C:\Program Files\Java\jre_07\bin\manicapital.com
C:\Program Files\Mozilla Firefox\manicapital.com
C:\WINDOWS\system32\manicapital.com
C:\Program Files\TrendMicro\HiJackThis\manicapital.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = manicapital.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DFC-E8ADAFAC2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\manicapital.com
O2 - BHO: Spybot-S&D IE Protection - {FDDF} - C:\PROGRA~1\SPYBOT~1\manicapital.com
O2 - BHO: SSVHelper Class - {BB-D6FC-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre_07\bin\manicapital.com
O3 - Toolbar: The Weather Channel Toolbar - {2E5EE-6ACEAA35E43} - C:\WINDOWS\system32\manicapital.com
O3 - Toolbar: Veoh Web Player Video Finder - {0FBBD3Df7a-A2EBBFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\manicapital.com
O4 - HKLM\..\Run: [PtiuPbmd] Rundllexe manicapital.com,SetWriteBack
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsbexe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre_07\bin\manicapital.com"
O4 - HKLM\..\Run: [SoundMan] manicapital.com
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader \Reader\Reader_manicapital.com"
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~manicapital.com
O4 - HKLM\..\Run: [WindowsServicesStartup] C:\DOCUME~1\Admin\LOCALS~1\Temp\manicapital.com 1
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\manicapital.com" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\manicapital.com"
O4 - HKLM\..\Run: [AmazonGSDownloaderTray] C:\Program Files\Amazon\Amazon Games & Software Downloader\manicapital.com
O4 - HKLM\..\Run: [Lhoyosobu] rundllexe "C:\WINDOWS\manicapital.com",Startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\manicapital.com" -h
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\manicapital.com" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\manicapital.com
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\manicapital.com" -quiet
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\manicapital.com"
O4 - Startup: manicapital.com lnk = C:\Program Files\manicapital.com 3\program\manicapital.com
O9 - Extra button: (no name) - {08B0E5CFCBCF-AAAC} - C:\Program Files\Java\jre_07\bin\manicapital.com
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5CFCBCF-AAAC} - C:\Program Files\Java\jre_07\bin\manicapital.com
O9 - Extra button: The Weather Channel - {2E5EE-6ACEAA35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5EE-6ACEAA35E43} - (no file)
O9 - Extra button: (no name) - {DFBAFC4-ACAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\manicapital.com
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFBAFC4-ACAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\manicapital.com
O9 - Extra button: Messenger - {FB5FFd2-BB9EC04F} - C:\Program Files\Messenger\manicapital.com
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5FFd2-BB9EC04F} - C:\Program Files\Messenger\manicapital.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{A-9EAAED6B3D77}: NameServer =
O20 - AppInit_DLLs: C:\WINDOWS\system32\guarddll
O22 - SharedTaskScheduler: Browseui preloader - {C2-A8BAD1-B96BA0CE1} - C:\WINDOWS\System32\manicapital.com
O22 - SharedTaskScheduler: Component Categories cache daemon - {8CEF-2Bd2-BEC} - C:\WINDOWS\System32\manicapital.com
O23 - Service: Amazon Download Agent - manicapital.com - C:\Program Files\Amazon\Amazon Games & Software Downloader\manicapital.com
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\manicapital.com
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\manicapital.com
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\manicapital.com
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhostexe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\manicapital.com
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\manicapital.com
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\manicapital.com
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\manicapital.com
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\manicapital.com
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\manicapital.com
O23 - Service: NetOp Helper ver. () (NetOp Host for NT Service) - Danware Data A/S - C:\Program Files\Danware Data\NetOp Remote Control\Host\manicapital.com
--
End of file - bytes - , #2Security Expert: Emeritus
- Join Date
- Oct
- Location
- Finland
- Posts
- 29,
Hi thesaint
Please post spybot report nextMicrosoft MVP Consumer Security
Member of ASAP and UNITE since - , #3
Hi Shaba,
Thanks a lot for helping me out on this.
This is the first scan that has come up empty for threats, but I ran this in safe mode with networking. I'm not sure if that has something to do with the clean scan though.
Here's the log:
Search result list
Congratulations!: No immediate threats were found. (Status)
Spybot - Search & Destroy version: (build: )
manicapital.com ()
manicapital.com ()
manicapital.com ()
manicapital.com ()
manicapital.com ()
manicapital.com ()
uninsexe ()
manicapital.com ()
manicapital.com ()
manicapital.com ()
DelZipdll ()
manicapital.com ()
manicapital.com
manicapital.com ()
manicapital.com ()
Includes\manicapital.com (*)
Includes\manicapital.com (*)
Includes\manicapital.com (*)
Includes\manicapital.com (*)
Includes\manicapital.com (*)
Includes\manicapital.com (*)
Includes\manicapital.com (*)
Includes\manicapital.com (*)
Includes\manicapital.com (*)
Includes\manicapital.com (*)
Includes\manicapital.com (*)
Includes\manicapital.com (*)
Includes\manicapital.com (*)
Includes\manicapital.com (*)
Includes\manicapital.com (*)
Includes\manicapital.com (*)
Includes\manicapital.com (*)
Includes\manicapital.com (*)
Includes\manicapital.com (*)
Includes\manicapital.com (*)
Includes\manicapital.com (*)
Includes\manicapital.com (*)
Includes\manicapital.com
Includes\manicapital.com (*)
Includes\manicapital.com (*)
Plugins\manicapital.com
Plugins\manicapital.com
Plugins\manicapital.com
Plugins\manicapital.com
System information
Windows XP (Build: ) Service Pack 2 ()
/ Windows Media Player Security Update for Windows Media Player 10 (KB)
/ Windows Media Player Security Update for Windows Media Player 10 (KB)
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Windows XP Hotfix - KB
/ Windows XP / SP3: Windows XP Hotfix - KB
/ Windows XP / SP3: Windows XP Hotfix - KB
/ Windows XP / SP3: Windows XP Hotfix - KB
/ Windows XP / SP3: Windows XP Hotfix - KB
/ Windows XP / SP3: Windows XP Hotfix - KB
/ Windows XP / SP3: Windows XP Hotfix - KB
/ Windows XP / SP3: Windows XP Hotfix - KB
/ Windows XP / SP3: Windows XP Hotfix - KB
/ Windows XP / SP3: Windows XP Hotfix - KB
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Windows XP Hotfix - KB
/ Windows XP / SP3: Windows XP Hotfix - KB
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Windows Installer (KB)
/ Windows XP / SP3: Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Update for Windows XP (KB)
/ Windows XP / SP3: Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
Startup entries list
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader \Reader\Reader_manicapital.com"
file: C:\Program Files\Adobe\Reader \Reader\Reader_manicapital.com
size:
MD5: 69B16C7BBA5CFC05BFC73
Located: HK_LM:Run, COMODO Internet Security
command: "C:\Program Files\COMODO\COMODO Internet Security\manicapital.com" -h
file: C:\Program Files\COMODO\COMODO Internet Security\manicapital.com
size:
MD5: 6B2EC6A02B6CC3DAE62BD
Located: HK_LM:Run, HPDJ Taskbar Utility
command: C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsbexe
file: C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsbexe
size:
MD5: E2DA2DA04DBAF4D9E44AA24B00F2ABCA
Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\manicapital.com"
file: C:\Program Files\iTunes\manicapital.com
size:
MD5: 9D4FF8D3A13F2FEADB66C62FE5D0
Located: HK_LM:Run, KernelFaultCheck
command: %systemroot%\system32\dumprep 0 -k
file: C:\windows\system32\dumprep 0 -k
size: 0
MD5: D41D8CD98F00BEECFE
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, MSConfig
command: C:\WINDOWS\PCHealth\HelpCtr\Binaries\manicapital.com /auto
file: C:\WINDOWS\PCHealth\HelpCtr\Binaries\manicapital.com
size:
MD5: 4FDFA7B98B7DE
Located: HK_LM:Run, OneTouch Monitor
command: C:\PROGRA~1\VISION~1\ONETOU~manicapital.com
file: C:\PROGRA~1\VISION~1\ONETOU~manicapital.com
size:
MD5: EB0EE1AE08ACCA9BA21DD55
Located: HK_LM:Run, PtiuPbmd
command: Rundllexe manicapital.com,SetWriteBack
file: C:\windows\system32\manicapital.com
size:
MD5: AB29E7A6BF1AFFE0BD9C85
Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\manicapital.com" -atboottime
file: C:\Program Files\QuickTime\manicapital.com
size:
MD5: FABAD2BFDD8CCEBFAFAF
Located: HK_LM:Run, SoundMan
command: manicapital.com
file: C:\windows\manicapital.com
size:
MD5: DF88FD13ACC
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre_07\bin\manicapital.com"
file: C:\Program Files\Java\jre_07\bin\manicapital.com
size:
MD5: 6AB4CFBD36DCCD97
Located: HK_LM:RunOnce, Malwarebytes' Anti-Malware
command: C:\Program Files\Malwarebytes' Anti-Malware\manicapital.com /install /silent
file: C:\Program Files\Malwarebytes' Anti-Malware\manicapital.com
size:
MD5: 2F45DACAA9D0AD52FF9
Located: HK_CU:Run, DAEMON Tools Lite
where: S
command: "C:\Program Files\DAEMON Tools Lite\manicapital.com" -autorun
file: C:\Program Files\DAEMON Tools Lite\manicapital.com
size:
MD5: 2ACCD0D8AA59E4AAD8EFFEEF
Located: HK_CU:Run, DW6
where: S
command:
file:
size: 0
MD5: D41D8CD98F00BEECFE
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, SpybotSD TeaTimer
where: S
command: C:\Program Files\Spybot - Search & Destroy\manicapital.com
file: C:\Program Files\Spybot - Search & Destroy\manicapital.com
size: 0
MD5: D41D8CD98F00BEECFE
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, VeohPlugin
where: S
command: "C:\Program Files\Veoh Networks\VeohWebPlayer\manicapital.com"
file: C:\Program Files\Veoh Networks\VeohWebPlayer\manicapital.com
size:
MD5: BAD4CFCEE6
Located: Startup (user), manicapital.com lnk
where: C:\Documents and Settings\Admin\Start Menu\Programs\Startup
command: C:\Program Files\manicapital.com 3\program\manicapital.com
file: C:\Program Files\manicapital.com 3\program\manicapital.com
size:
MD5: BE0CED3CC47DA
Located: WinLogon, AtiExtEvent
command: manicapital.com
file: manicapital.com
size: 0
MD5: D41D8CD98F00BEECFE
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, crypt32chain
command: cryptdll
file: cryptdll
size: 0
MD5: D41D8CD98F00BEECFE
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cryptnet
command: manicapital.com
file: manicapital.com
size: 0
MD5: D41D8CD98F00BEECFE
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cscdll
command: manicapital.com
file: manicapital.com
size: 0
MD5: D41D8CD98F00BEECFE
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, PCANotify
command: manicapital.com
file: manicapital.com
size: 0
MD5: D41D8CD98F00BEECFE
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, ScCertProp
command: manicapital.com
file: manicapital.com
size: 0
MD5: D41D8CD98F00BEECFE
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, Schedule
command: manicapital.com
file: manicapital.com
size: 0
MD5: D41D8CD98F00BEECFE
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, sclgntfy
command: manicapital.com
file: manicapital.com
size: 0
MD5: D41D8CD98F00BEECFE
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, SensLogn
command: manicapital.com
file: manicapital.com
size: 0
MD5: D41D8CD98F00BEECFE
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, termsrv
command: manicapital.com
file: manicapital.com
size: 0
MD5: D41D8CD98F00BEECFE
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, wlballoon
command: manicapital.com
file: manicapital.com
size: 0
MD5: D41D8CD98F00BEECFE
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Browser helper object list
{18DFC-E8ADAFAC2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: manicapital.com
Short name: ACROIE~manicapital.com
Date (created): 6/11/ PM
Date (last access): 2/15/ PM
Date (last write): 6/11/ PM
Filesize:
Attributes: archive
MD5: E96CBBA0EAFCE
CRC E5D
Version:
{FDDF} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: manicapital.com
info link: manicapital.com
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: manicapital.com
Short name:
Date (created): 3/16/ PM
Date (last access): 2/15/ PM
Date (last write): 1/26/ PM
Filesize:
Attributes: archive
MD5: C2F6DCCDFA0ADDE62AFAC
CRC 5BA
Version:
{BB-D6FC-B6EB-D4DAF1D92D43} (SSVHelper Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre_07\bin\
Long name: manicapital.com
Short name:
Date (created): 11/24/ PM
Date (last access): 2/15/ PM
Date (last write): 6/10/ AM
Filesize:
Attributes: archive
MD5: FDA1CBD69A6ABABC
CRC 38AC9EE2
Version:
ActiveX list
{8AD9CED1-B3EFD93} (Java Runtime Environment )
DPF name: Java Runtime Environment
CLSID name: Java Plug-in _07
Installer:
Codebase: manicapital.com
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjavadll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre_07\bin\
Long name: npjpi_dll
Short name: NPJPI1~manicapital.com
Date (created): 6/10/ AM
Date (last access): 2/12/ PM
Date (last write): 6/10/ AM
Filesize:
Attributes: archive
MD5: 7C83AEAC9D5DB8
CRC C2A88
Version:
{CAFEEFACABCDEFFEDCBA} (Java Runtime Environment )
DPF name: Java Runtime Environment
CLSID name: Java Plug-in _03
Installer:
Codebase: manicapital.com
description:
classification: Legitimate
known filename: NPJPI_dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre_03\bin\
Long name: NPJPI_dll
Short name: NPJPI1~manicapital.com
Date (created): 4/13/ AM
Date (last access): 2/12/ PM
Date (last write): 4/13/ AM
Filesize:
Attributes: archive
MD5: 13FCA03EBCA6E1F8CCD1FE
CRC CF
Version:
{CAFEEFACABCDEFFEDCBA} (Java Runtime Environment )
DPF name: Java Runtime Environment
CLSID name: Java Plug-in _07
Installer:
Codebase: manicapital.com
Path: C:\Program Files\Java\jre_07\bin\
Long name: npjpi_dll
Short name: NPJPI1~manicapital.com
Date (created): 6/10/ AM
Date (last access): 2/15/ PM
Date (last write): 6/10/ AM
Filesize:
Attributes: archive
MD5: 7C83AEAC9D5DB8
CRC C2A88
Version:
{D27CDB6E-AE6DCFB} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\manicapital.com
Codebase: manicapital.com
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: manicapital.com
Short name:
Date (created): 2/2/ PM
Date (last access): 2/12/ PM
Date (last write): 2/2/ PM
Filesize:
Attributes: readonly archive
MD5: 8AFCED5AB60B7C52D7FDC
CRC 0FBC13F3
Version:
Process list
PID: 0 ( 0) [System]
PID: ( 4) \SystemRoot\System32\manicapital.com
size:
PID: ( ) \??\C:\windows\system32\manicapital.com
size:
PID: ( ) \??\C:\windows\system32\manicapital.com
size:
PID: ( ) C:\windows\system32\manicapital.com
size:
MD5: C6CE6EEC82FDBB3BB50ED4
PID: ( ) C:\windows\system32\manicapital.com
size:
MD5: F9B82F4D55CEBFD75D2
PID: ( ) C:\windows\system32\manicapital.com
size:
MD5: 8FAE4EDAAABC0ADE
PID: ( ) C:\windows\system32\manicapital.com
size:
MD5: 8FAE4EDAAABC0ADE
PID: ( ) C:\windows\system32\manicapital.com
size:
MD5: 8FAE4EDAAABC0ADE
PID: ( ) C:\windows\System32\manicapital.com
size:
MD5: 8FAE4EDAAABC0ADE
PID: ( ) C:\windows\System32\manicapital.com
size:
MD5: 8FAE4EDAAABC0ADE
PID: ( ) C:\windows\manicapital.com
size:
MD5: AAEBE64
PID: ( ) C:\Program Files\Spybot - Search & Destroy\manicapital.com
size:
MD5: C2FCA5BCFDFBA8D89
PID: ( ) C:\Program Files\Mozilla Firefox\manicapital.com
size:
MD5: B4A8CA9A1EEEE32A4DC5DAED3F
PID: () C:\windows\manicapital.com
size:
MD5: AAE7C1FFADAFBFAC34B34
PID: 4 ( 0) System
Browser start & search pages list
Spybot - Search & Destroy browser pages report, 2/15/ PM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\manicapital.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
manicapital.com&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
manicapital.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\manicapital.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
manicapital.com&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
manicapital.com?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
manicapital.com=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
manicapital.com&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
manicapital.com{SUB_RFC}/srchasst/manicapital.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
manicapital.com{SUB_RFC}/srchasst/manicapital.com
Winsock Layered Service Provider list
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8BCF-8CAF48A}
Filename: %SystemRoot%\system32\manicapital.com
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\manicapital.com
DB protocol: MSAFD Tcpip[*]
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8BCF-8CAF48A}
Filename: %SystemRoot%\system32\manicapital.com
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\manicapital.com
DB protocol: MSAFD Tcpip[*]
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8BCF-8CAF48A}
Filename: %SystemRoot%\system32\manicapital.com
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\manicapital.com
DB protocol: MSAFD Tcpip[*]
Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9EAD0-BDCE69A}
Filename: %SystemRoot%\system32\manicapital.com
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\manicapital.com
DB protocol: RSVP * Service Provider
Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9EAD0-BDCE69A}
Filename: %SystemRoot%\system32\manicapital.com
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\manicapital.com
DB protocol: RSVP * Service Provider
Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{17DCBB6EDA-9B5D-1DFDBAB0BE91}] SEQPACKET 4
GUID: {8D5FCCFCF48A}
Filename: %SystemRoot%\system32\manicapital.com
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\manicapital.com
DB protocol: MSAFD NetBIOS *
Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{17DCBB6EDA-9B5D-1DFDBAB0BE91}] DATAGRAM 4
GUID: {8D5FCCFCF48A}
Filename: %SystemRoot%\system32\manicapital.com
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\manicapital.com
DB protocol: MSAFD NetBIOS *
Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A-9EAAED6B3D77}] SEQPACKET 3
GUID: {8D5FCCFCF48A}
Filename: %SystemRoot%\system32\manicapital.com
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\manicapital.com
DB protocol: MSAFD NetBIOS *
Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A-9EAAED6B3D77}] DATAGRAM 3
GUID: {8D5FCCFCF48A}
Filename: %SystemRoot%\system32\manicapital.com
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\manicapital.com
DB protocol: MSAFD NetBIOS *
Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D9DAFEA2F7-DE4AF}] SEQPACKET 0
GUID: {8D5FCCFCF48A}
Filename: %SystemRoot%\system32\manicapital.com
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\manicapital.com
DB protocol: MSAFD NetBIOS *
Protocol MSAFD NetBIOS [\Device\NetBT_Tcpip_{D9DAFEA2F7-DE4AF}] DATAGRAM 0
GUID: {8D5FCCFCF48A}
Filename: %SystemRoot%\system32\manicapital.com
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\manicapital.com
DB protocol: MSAFD NetBIOS *
Protocol MSAFD NetBIOS [\Device\NetBT_Tcpip_{3ECCFDEFCD}] SEQPACKET 1
GUID: {8D5FCCFCF48A}
Filename: %SystemRoot%\system32\manicapital.com
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\manicapital.com
DB protocol: MSAFD NetBIOS *
Protocol MSAFD NetBIOS [\Device\NetBT_Tcpip_{3ECCFDEFCD}] DATAGRAM 1
GUID: {8D5FCCFCF48A}
Filename: %SystemRoot%\system32\manicapital.com
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\manicapital.com
DB protocol: MSAFD NetBIOS *
Protocol MSAFD NetBIOS [\Device\NetBT_Tcpip_{08DABEABBDAA-CAC1C9CDB}] SEQPACKET 2
GUID: {8D5FCCFCF48A}
Filename: %SystemRoot%\system32\manicapital.com
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\manicapital.com
DB protocol: MSAFD NetBIOS *
Protocol MSAFD NetBIOS [\Device\NetBT_Tcpip_{08DABEABBDAA-CAC1C9CDB}] DATAGRAM 2
GUID: {8D5FCCFCF48A}
Filename: %SystemRoot%\system32\manicapital.com
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\manicapital.com
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: Tcpip
GUID: {DE9ECF-AE5AAA00AB}
Filename: %SystemRoot%\System32\manicapital.com
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\manicapital.com
DB protocol: TCP/IP
Namespace Provider 1: NTDS
GUID: {3BEE-ECF-AC04FD8D4AC}
Filename: %SystemRoot%\System32\manicapital.com
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\manicapital.com
DB protocol: NTDS
Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {A-3BAAA6-BAAE0BD71FDD83}
Filename: %SystemRoot%\System32\manicapital.com
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\manicapital.com
DB protocol: NLA-Namespace
Namespace Provider 3: mdnsNSP
GUID: {BE6EB-4AE5C}
Filename: C:\Program Files\Bonjour\manicapital.com
Description: Apple Rendezvous protocol
DB filename: %ProgramFiles%\Rendezvous\bin\manicapital.com
DB protocol: mdnsNSP - , #4Security Expert: Emeritus
- Join Date
- Oct
- Location
- Finland
- Posts
- 29,
Download at your desktop DDS from one of the links below:
Link 1
Link 2- Double click the tool to run it.
- A black Screen will open, just read the contents and do nothing.
- When the tool finish it will open 2 reports.
- Copy/paste both reports back here and remove DDS from your desktop.
Microsoft MVP Consumer Security
Member of ASAP and UNITE since - , #5
Here is manicapital.com:
DDS (Ver_) - NTFSx86 NETWORK
Run by Admin at on Tue 02/16/
Internet Explorer:
Microsoft Windows XP Professional [GMT ]
AV: COMODO Antivirus *On-access scanning enabled* (Updated) {AFef7-AFC5-F6E02AB}
FW: COMODO Firewall *enabled* {AFef6-AFC5-F6E02AB}
============== Running Processes ===============
C:\windows\system32\svchost -k DcomLaunch
manicapital.com
C:\windows\system32\manicapital.com -k netsvcs
manicapital.com
manicapital.com
C:\windows\manicapital.com
C:\Documents and Settings\Admin\Desktop\manicapital.com
============== Pseudo HJT Report ===============
uStart Page = hxxp://manicapital.com
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18dfc-e8adafac2ebdc3} - c:\program files\common files\adobe\acrobat\activex\manicapital.com
BHO: Spybot-S&D IE Protection: {fddf} - c:\progra~1\spybot~1\manicapital.com
BHO: SSVHelper Class: {bb-d6fc-b6eb-d4daf1d92d43} - c:\program files\java\jre_07\bin\manicapital.com
TB: Veoh Web Player Video Finder: {0fbbd3df7a-a2ebbfc} - c:\program files\veoh networks\veohwebplayer\manicapital.com
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DCA67F} - No File
EB: {ab-ac2aa} - No File
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\manicapital.com" -autorun
uRun: [DW6]
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\manicapital.com
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\manicapital.com"
mRun: [PtiuPbmd] Rundllexe manicapital.com,SetWriteBack
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsbexe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre_07\bin\manicapital.com"
mRun: [SoundMan] manicapital.com
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader \reader\Reader_manicapital.com"
mRun: [OneTouch Monitor] c:\progra~1\vision~1\ONETOU~manicapital.com
mRun: [QuickTime Task] "c:\program files\quicktime\manicapital.com" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\manicapital.com"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\manicapital.com" -h
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\manicapital.com /auto
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\manicapital.com /install /silent
StartupFolder: c:\docume~1\admin\startm~1\programs\startup\openof~manicapital.com - c:\program files\manicapital.com 3\program\manicapital.com
IE: {FB5FFd2-BB9EC04F} - c:\program files\messenger\manicapital.com
IE: {08B0E5CFCBCF-AAAC} - {CAFEEFACABCDEFFEDCBC} - c:\program files\java\jre_07\bin\manicapital.com
IE: {DFBAFC4-ACAB36FD2A2} - {FDDF} - c:\progra~1\spybot~1\manicapital.com
DPF: {8AD9CED1-B3EFD93} - hxxp://manicapital.com
DPF: {CAFEEFACABCDEFFEDCBA} - hxxp://manicapital.com
DPF: {CAFEEFACABCDEFFEDCBA} - hxxp://manicapital.com
DPF: {D27CDB6E-AE6DCFB} - hxxp://manicapital.com
TCP: {A-9EAAED6B3D77} =
Notify: AtiExtEvent - manicapital.com
Notify: PCANotify - manicapital.com
AppInit_DLLs: c:\windows\system32\guarddll
LSA: Notification Packages = scecli manicapital.com
Hosts: manicapital.com
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\admin\applic~1\mozilla\firefox\profiles\manicapital.comt\
FF - manicapital.com: manicapital.comge - hxxp://manicapital.com
FF - component: c:\documents and settings\admin\application data\mozilla\firefox\profiles\manicapital.comt\extensions\{ca9c-de6dadec}\components\manicapital.com
FF - plugin: c:\documents and settings\admin\application data\move networks\plugins\npqmpdll
FF - plugin: c:\documents and settings\admin\application data\mozilla\firefox\profiles\manicapital.comt\extensions\{ee8ff-4fbac9bfa7}\plugins\np_manicapital.com
FF - plugin: c:\documents and settings\admin\application data\mozilla\firefox\profiles\manicapital.comt\extensions\player@manicapital.com\plugins\manicapital.com
FF - plugin: c:\program files\veoh networks\veohwebplayer\manicapital.com
FF - plugin: c:\program files\veoh networks\veohwebplayer\manicapital.com
FF - HiddenExtension: XULRunner: {CFECFCB2} - c:\documents and settings\admin\local settings\application data\{CFECFCB2}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFACABCDEFFEDCBA}
FIREFOX POLICIES
c:\program files\mozilla firefox\greprefs\manicapital.com - pref("manicapital.com_seed_sha", true);
============= SERVICES / DRIVERS ===============
R0 abus;abus;c:\windows\system32\drivers\manicapital.com [ ]
R0 ascsi;ascsi;c:\windows\system32\drivers\manicapital.com [ ]
R0 dontgo;Promise Removable Disk Control Driver;c:\windows\system32\drivers\manicapital.com [ ]
R0 ulsata2;ulsata2;c:\windows\system32\drivers\manicapital.com [ ]
R1 AW_HOST;AW_HOST;c:\windows\system32\drivers\AW_manicapital.com [ ]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\manicapital.com [ ]
S1 awlegacy;awlegacy;c:\windows\system32\drivers\manicapital.com [ ]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\manicapital.com [ ]
S1 NHostNT1;NetOp Driver 1 ver. ();c:\windows\system32\drivers\manicapital.com [ ]
S2 awhost32;pcAnywhere Host Service;c:\program files\symantec\pcanywhere\awhostexe [ ]
S2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\manicapital.com [ ]
S2 NetOp Host for NT Service;NetOp Helper ver. ();c:\program files\danware data\netop remote control\host\manicapital.com [ ]
S2 ppsio2;PPDevice;c:\windows\system32\drivers\manicapital.com [ ]
S3 NHOSTNT3;NetOp Driver 3 ver. () (NHOSTNT3);c:\windows\system32\drivers\manicapital.com [ ]
=============== Created Last 30 ================
a-w- c:\windows\manicapital.com
a-w- c:\windows\system32\drivers\manicapital.com
a-w- c:\windows\system32\drivers\manicapital.com
0 dw- c:\program files\Malwarebytes' Anti-Malware
a-w- c:\windows\system32\drivers\manicapital.com
0 dw- c:\program files\CCleaner
a-w- c:\windows\system32\drivers\manicapital.com
0 dw- c:\docume~1\admin\applic~1\Malwarebytes
0 dw- c:\docume~1\alluse~1\applic~1\Malwarebytes
0 dw- c:\program files\TrendMicro
a-w- c:\windows\system32\guarddll
0 dw- c:\docume~1\alluse~1\applic~1\Comodo
a-w- c:\windows\system32\drivers\manicapital.com
a-w- c:\windows\system32\drivers\manicapital.com
0 dw- c:\windows\system32\wbem\Repository
0 dw- c:\windows\pss
0 dw- c:\windows\hsperfdata_Admin
0 dw- c:\program files\Aptana
0 dw- c:\documents and settings\admin\.gem
0 a-w- c:\windows\manicapital.com
a-w- c:\windows\manicapital.com
0 dw- C:\InstantRails
==================== Find3M ====================
a-w- c:\windows\system32\drivers\manicapital.com
a-w- c:\windows\inf\i\manicapital.com
a-w- c:\windows\inf\i\manicapital.com
a-w- c:\windows\inf\i\manicapital.com
============= FINISH: =============== - , #6
And here is manicapital.com
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume5
Install Date: 10/28/ PM
System Uptime: 2/15/ PM (25 hours ago)
Motherboard: Gigabyte Technology Co., Ltd. | | 8IP-G
Processor: Intel(R) Celeron(R) CPU GHz | Socket | /mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 93 GiB total, GiB free.
D: is FIXED (NTFS) - GiB total, GiB free.
E: is CDROM ()
G: is FIXED (NTFS) - GiB total, GiB free.
I: is FIXED (NTFS) - GiB total, GiB free.
J: is FIXED (NTFS) - GiB total, GiB free.
K: is FIXED (NTFS) - GiB total, GiB free.
==== Disabled Device Manager Items =============
Class GUID:
Description: PCI Device
Device ID: PCI\VEN_&DEV_27D8&SUBSYS_A&REV_01\3&13C0B0C5&0&D8
Manufacturer:
Name: PCI Device
PNP Device ID: PCI\VEN_&DEV_27D8&SUBSYS_A&REV_01\3&13C0B0C5&0&D8
Service:
==== System Restore Points ===================
RP 11/12/ PM - System Checkpoint
RP 11/16/ PM - System Checkpoint
RP 11/17/ PM - System Checkpoint
RP 11/19/ PM - System Checkpoint
RP 11/22/ AM - System Checkpoint
RP 11/24/ PM - System Checkpoint
RP 11/26/ PM - System Checkpoint
RP 11/28/ PM - System Checkpoint
RP 11/30/ PM - System Checkpoint
RP 12/2/ AM - System Checkpoint
RP 12/3/ AM - System Checkpoint
RP 12/5/ PM - System Checkpoint
RP 12/7/ AM - System Checkpoint
RP 12/8/ PM - System Checkpoint
RP 12/10/ PM - System Checkpoint
RP 12/11/ PM - System Checkpoint
RP 12/13/ AM - System Checkpoint
RP 12/14/ AM - System Checkpoint
RP 12/15/ PM - System Checkpoint
RP 12/16/ PM - System Checkpoint
RP 12/17/ PM - System Checkpoint
RP 12/18/ PM - System Checkpoint
RP 12/20/ PM - System Checkpoint
RP 12/23/ AM - System Checkpoint
RP 12/24/ AM - System Checkpoint
RP 12/25/ PM - System Checkpoint
RP 12/26/ PM - System Checkpoint
RP 12/27/ PM - System Checkpoint
RP 12/29/ AM - System Checkpoint
RP 12/30/ AM - System Checkpoint
RP 12/31/ PM - System Checkpoint
RP 1/2/ AM - System Checkpoint
RP 1/3/ PM - System Checkpoint
RP 1/5/ PM - System Checkpoint
RP 1/6/ PM - System Checkpoint
RP 1/8/ PM - System Checkpoint
RP 1/9/ PM - System Checkpoint
RP 1/11/ PM - System Checkpoint
RP 1/12/ PM - System Checkpoint
RP 1/13/ PM - System Checkpoint
RP 1/15/ AM - System Checkpoint
RP 1/16/ PM - System Checkpoint
RP 1/18/ PM - System Checkpoint
RP 1/20/ AM - System Checkpoint
RP 1/21/ PM - System Checkpoint
RP 1/22/ PM - System Checkpoint
RP 1/23/ PM - System Checkpoint
RP 1/25/ AM - System Checkpoint
RP 1/27/ PM - System Checkpoint
RP 1/28/ PM - System Checkpoint
RP 1/30/ PM - System Checkpoint
RP 2/1/ PM - System Checkpoint
RP 2/3/ PM - System Checkpoint
RP 2/5/ PM - System Checkpoint
RP 2/7/ PM - System Checkpoint
RP 2/8/ PM - System Checkpoint
RP 2/9/ PM - Restore Operation
RP 2/10/ PM - Installed HiJackThis
==== Installed Programs ======================
manicapital.com
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw
Adobe CMaps
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Download Manager
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Viewer CS3
Adobe PDF Library Files
Adobe Reader 9
Adobe Setup
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Alcohol %
Apple Mobile Device Support
Apple Software Update
Aptana RadRails
ATI Display Driver
AVI Joiner version
Bonjour
Build-a-lot 3 (remove only)
COMODO Internet Security
DivX Web Player
Enable S3 for USB Device
ERUNT j
GIMP
HiJackThis
iTunes
J2SE Runtime Environment Update 3
Java(TM) 6 Update 7
LiveReg (Symantec Corporation)
LiveUpdate (Symantec Corporation)
Macromedia Extension Manager
Macromedia Fireworks 8
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Malwarebytes' Anti-Malware
Marvell Miniport Driver
Microsoft Visual C++ Redistributable
Move Media Player
Mozilla Firefox ()
MSN Music Assistant
NetOp Remote Control
manicapital.com
QuickTime
Realtek AC'97 Audio
Realtek High Definition Audio Driver
Risk II
Safari
Security Update for Windows Media Player (KB)
Security Update for Windows Media Player 10 (KB)
Security Update for Windows Media Player 10 (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Skype
Spybot - Search & Destroy
Sweet Home 3D version
Symantec pcAnywhere
Tsunami-Filter-Pack Mini
Update for Windows XP (KB)
Update for Windows XP (KB)
Update for Windows XP (KB)
Update for Windows XP (KB)
Update for Windows XP (KB)
Update for Windows XP (KB)
VC80CRTRedist -
Visioneer Scanner
WebFldrs XP
Windows Installer (KB)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB
Windows XP Hotfix - KB
Windows XP Hotfix - KB
Windows XP Hotfix - KB
Windows XP Hotfix - KB
Windows XP Hotfix - KB
Windows XP Hotfix - KB
Windows XP Hotfix - KB
Windows XP Hotfix - KB
Windows XP Hotfix - KB
Windows XP Hotfix - KB
Windows XP Hotfix - KB
Windows XP Service Pack 2
WinRAR archiver
XviD MPEG-4 Video Codec
==== Event Viewer Messages From Past Week ========
2/9/ PM, error: Service Control Manager [] - Timeout ( milliseconds) waiting for a transaction response from the service.
2/9/ PM, error: Service Control Manager [] - Timeout ( milliseconds) waiting for the pcAnywhere Host Service service to connect.
2/9/ PM, error: Service Control Manager [] - Timeout ( milliseconds) waiting for the NetOp Helper ver. () service to connect.
2/9/ PM, error: Service Control Manager [] - The pcAnywhere Host Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/9/ PM, error: Service Control Manager [] - The NetOp Helper ver. () service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/9/ PM, error: System Error [] - Error code e, parameter1 c, parameter2 , parameter3 f7c59aa0, parameter4
2/12/ PM, error: Service Control Manager [] - The following boot-start or system-start driver(s) failed to load: AFD awlegacy cmdGuard cmdHlp Fips intelppm IPSec MRxSmb NetBIOS NetBT NHostNT1 RasAcd Rdbss Tcpip
2/12/ PM, error: Service Control Manager [] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
2/12/ PM, error: Service Control Manager [] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/12/ PM, error: Service Control Manager [] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/12/ PM, error: Service Control Manager [] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
2/12/ PM, error: Service Control Manager [] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/12/ PM, error: Service Control Manager [] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/12/ PM, error: DCOM [] - DCOM got error "%" attempting to start the service netman with arguments "" in order to run the server: {BAAED1-B1DFCE}
2/12/ PM, error: Service Control Manager [] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
2/12/ PM, error: DCOM [] - DCOM got error "%" attempting to start the service MSIServer with arguments "" in order to run the server: {CCC}
2/10/ PM, error: DCOM [] - DCOM got error "%" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4ECFD1-BFED}
2/10/ PM, error: DCOM [] - DCOM got error "%" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1FD1-BC04FBAF}
2/10/ PM, error: Service Control Manager [] - The following boot-start or system-start driver(s) failed to load: awlegacy cmdGuard Fips intelppm NHostNT1
2/10/ PM, error: Service Control Manager [] - The Windows Firewall/Internet Connection Sharing (ICS) service hung on starting.
2/10/ PM, error: Service Control Manager [] - The Computer Browser service depends on the Server service which failed to start because of the following error: After starting, the service hung in a start-pending state.
2/10/ PM, error: Service Control Manager [] - The Server service hung on starting.
==== End Of File =========================== - , #7
Sorry, its been almost two days since your last suggested course of action. Did I perhaps forget to do something as intsructed? I thought I posted all the requested info, but if there's something missing just let me know.
Thanks again for all your help. - , #8Security Expert: Emeritus
- Join Date
- Oct
- Location
- Finland
- Posts
- 29,
Sorry but I haven't got email notification.
Please go to Kaspersky website and perform an online antivirus scan.- Read through the requirements and privacy statement and click on Accept button.
- It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
- When the downloads have finished, click on Settings.
- Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
- Spyware, Adware, Dialers, and other potentially dangerous programs
- Click on My Computer under Scan.
- Once the scan is complete, it will display the results. Click on View Scan Report.
- You will see a list of infected items there. Click on Save Report As.
- Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
- Please post this log in your next reply along with a fresh HijackThis log.
Microsoft MVP Consumer Security
Member of ASAP and UNITE since - , #9
KASPERSKY ONLINE SCANNER scan report
Thursday, February 18,
Operating system: Microsoft Windows XP Professional Service Pack 2 (build )
Kaspersky Online Scanner version:
Last database update: Thursday, February 18,
Records in database:
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: no
Scan area - My Computer:
C:\
D:\
E:\
G:\
I:\
J:\
K:\
Scan statistics:
Objects scanned:
Threats found: 4
Infected objects found: 13
Suspicious objects found: 0
Scan duration:
File name / Threat / Threats count
C:\Documents and Settings\Admin\Desktop\Internet Shit\DreamWeaver\manicapital.com-SSG.[manicapital.com] updated-fixed zip Infected: manicapital.comucen.b 1
C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Aexe Infected: manicapital.com 1
C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Aexe Infected: manicapital.com 1
C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Aexe Infected: manicapital.comucen.b 1
C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Aexe Infected: manicapital.comucen.b 1
C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Aexe Infected: manicapital.com 1
C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Aexe Infected: manicapital.com 1
C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Aexe Infected: manicapital.com 1
C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Aexe Infected: manicapital.com 1
C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Aexe Infected: manicapital.comucen.b 1
C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Aexe Infected: manicapital.comucen.b 1
C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Aexe Infected: manicapital.com 1
C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Aexe Infected: manicapital.com 1 - , #10
[Resolved] Browser re-direct, Hijackthis non-functional, malware
WE'RE SURE THAT YOU'LL LOVE US!
Hey there! Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love.
Join other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
This topic is locked
#1
jcommerce
- Authentic Member
- 14 posts
New Member
Posted 01 August - PM
Edited by jcommerce, 01 August - PM.
#2
CatByte
- Classroom Admin
- 21, posts
Classroom Administrator
Posted 01 August - PM
Our help is free.
You may have to run these scans in safe mode to get them to work.
If you have difficulty downloading these programs, then download them to another computer and transfer them to the infected computer via USB
To Enter Safemode
- Go to Start> Shut off your Computer> Restart
- As the computer starts to boot-up, Tap the F8 KEY repeatedly,
- this will bring up a menu.
- Use the Up and Down Arrow Keys to scroll up to Safemode
- Then press the Enter Key on your Keyboard
- go into your usual account
NEXT
Please do the following:
STEP #1
Please download DDS from either of these links
LINK 1
LINK 2
and save it to your desktop.
- Disable any script blocking protection
- Double click manicapital.com to run the tool.
- When done, two manicapital.com's will open.
- Save both reports to your desktop.
Please include the contents of the following in your next reply:
manicapital.com
manicapital.com.
STEP #2
NOTE: You may have to rename GMER to manicapital.com to get it to run.
Download GMER Rootkit Scanner from here or here.
- Extract the contents of the zipped file to desktop.
- Double click manicapital.com If asked to allow manicapital.com driver to load, please consent .
- If it gives you a warning about rootkit activity and asks if you want to run scanclick on NO.
Click the image to enlarge it - In the right panel, you will see several boxes that have been checked. Uncheck the following
- Sections
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:)
- Show All (don't miss this one)
- Then click the Scan button & wait for it to finish.
- Once done click on the [Save..] button, and in the File name area, type in "manicapital.com" or it will save as a .log file which cannot be uploaded to your post.
- Save it where you can easily find it, such as your desktop, and post it in your next reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "< ROOKIT" entries
Microsoft MVP , , , , ,
#3
jcommerce
- Authentic Member
- 14 posts
New Member
Posted 01 August - PM
#4
jcommerce
- Authentic Member
- 14 posts
New Member
Posted 01 August - PM
DDS (Ver_) - NTFSx86 NETWORK
Run by JFairclough at on Sat 08/01/
Internet Explorer:
Microsoft Windows XP Professional [GMT ]
AV: AVG *On-access scanning enabled* (Updated) {BE87B4FB1}
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EECDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {BC7FBDACA00DA3E8}
============== Running Processes ===============
C:WINDOWSsystem32svchost -k DcomLaunch
manicapital.com
C:WINDOWSSystem32manicapital.com -k netsvcs
manicapital.com
manicapital.com
C:Program FilesLavasoftAd-Awaremanicapital.com
C:PROGRA~1McAfeeMSCmanicapital.com
C:Program FilesMcAfeeMPFmanicapital.com
C:WINDOWSmanicapital.com
c:PROGRA~1manicapital.comagentmanicapital.com
C:Program FilesLavasoftAd-Awaremanicapital.com
c:PROGRA~1mcafeemscmanicapital.com
C:WINDOWSsystem32rundllexe
E:manicapital.com
============== Pseudo HJT Report ===============
uStart Page = hxxp://manicapital.com
uSearch Page = hxxp://manicapital.com
uSearch Bar = hxxp://manicapital.com
uSearchMigratedDefaultURL = hxxp://manicapital.com?q={searchTerms}&sourceid=ie7&rls=manicapital.comoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://manicapital.com
uSearchURL,(Default) = hxxp://manicapital.com?q=%s
mSearchAssistant =
BHO: {DC3Fefb-9BECA} - No File
BHO: Adobe PDF Reader Link Helper: {e9f-c8ddb87db7d6be0b3} - c:program filesadobeacrobat activexmanicapital.com
BHO: AskBar BHO: {f27ddc1-aa35eed} - c:program filesaskbardisbarbinmanicapital.com
BHO: scriptproxy: {7db2d5aeb68df01c} - c:program filesmcafeevirusscanmanicapital.com
BHO: Google Toolbar Helper: {aa58eddd-4dcff7} - c:program filesgooglemanicapital.com
BHO: Google Toolbar Notifier BHO: {af69dedb6fa-ce66b5add} - c:program filesgooglegoogletoolbarnotifiermanicapital.com
BHO: Java Plug-In 2 SSV Helper: {dbcab-bcc25c1ca9} - c:program filesjavajre6binmanicapital.com
BHO: AvayaIEHlprObj Class: {e6df0bd6fa-a6ad17aa9a} - c:program filesavayaavaya ip softphonemanicapital.com
BHO: JQSIEStartDetectorImpl Class: {e7e6fce-4cbceabfef69c} - c:program filesjavajre6libdeployjqsiejqs_manicapital.com
TB: &Google: {c2bdba5cd4f} - c:program filesgooglemanicapital.com
TB: Ask Toolbar: {d03e-fd4be0-bd9bf98} - c:program filesaskbardisbarbinmanicapital.com
TB: {EF99BDC1FBDFD4F88} - No File
TB: {4E7BD74F-2B8DEBD-FD60BB9AAE3A} - No File
TB: {F3BDFEABBB} - No File
TB: {BC32ADAC6-E06B23A1BA4C} - No File
EB: {ab-ac2aa} - No File
uRun: [manicapital.com] c:windowssystem32manicapital.com
uRun: [EFI Job Monitor] c:windowssystem32rundllexe c:windowssystem32spooldriversw32x863manicapital.com,run
uRun: [BgMonitor_{EC6C-4d9fCD8A56B10AA}] "c:program filescommon filesaheadlibmanicapital.com"
uRun: [swg] c:program filesgooglegoogletoolbarnotifiermanicapital.com
uRun: [uTorrent] "c:program filesutorrentmanicapital.com"
uRun: [Weather] c:program filesawsweatherbugmanicapital.com 1
uRun: [manicapital.com] c:windowssystem32manicapital.com
mRun: [ATICCC] "c:program filesati technologiesmanicapital.commanicapital.com" runtime -Delay
mRun: [SunJavaUpdateSched] "c:program filesjavajre6binmanicapital.com"
mRun: [mcagent_exe] c:program filesmanicapital.comagentmanicapital.com /runkey
mRun: [AppleSyncNotifier] c:program filescommon filesapplemobile device supportbinmanicapital.com
mRun: [TkBellExe] "c:program filescommon filesrealupdate_obmanicapital.com" -osboot
mRun: [NeroFilterCheck] c:program filescommon filesaheadlibmanicapital.com
mRun: [QuickTime Task] "c:program filesquicktimemanicapital.com" -atboottime
mRun: [MaxMenuMgr] "c:program filesseagateseagatemanagerfreeagent statusmanicapital.com"
mRunOnce: [Malwarebytes' Anti-Malware] c:program filesmalwarebytes' anti-malwaremanicapital.com /install /silent
dRun: [AVG7_Run] c:progra~1grisoftavg7manicapital.com /RUNONCE
StartupFolder: c:docume~1jfairc~1startm~1programsstartupseagat~manicapital.com - c:documents and settingsjfaircloughapplication dataleadertechpowerregisterSeagate 2GEY20ZG Product manicapital.com
StartupFolder: c:docume~1alluse~1startm~1programsstartupadober~manicapital.com - c:program filesadobeacrobat readerreader_manicapital.com
StartupFolder: c:docume~1alluse~1startm~1programsstartupnetgea~manicapital.com - c:program filesnetgearwgv3manicapital.com
mPolicies-system: MaxGPOScriptWait = (0x3e8)
IE: E&xport to Microsoft Excel - c:progra~1micros~2office11manicapital.com
IE: {e2e2dddb7-f2ba} - %windir%Network Diagnosticmanicapital.com
IE: {FB5FFd2-BB9EC04F} - c:program filesmessengermanicapital.com
IE: {BCCC8-B9BE-3C9CA} - {FFECC5A-4E2E-BF3BED} - c:progra~1micros~2office11manicapital.com
Trusted Zone: manicapital.comonline
DPF: Garmin Communicator Plug-In - hxxps://manicapital.com
DPF: {B-BD-A0D8-FCFDF33EC} - hxxp://manicapital.com?
DPF: {6EAD-4EEC-DC1FA91D2FC3} - hxxp://manicapital.com?
DPF: {8AD9CED1-B3EFD93} - hxxp://manicapital.com
DPF: {8FFBE65D-2C9CBDDC0BC} - hxxp://manicapital.com
DPF: {CAFEEFACABCDEFFEDCBA} - hxxp://manicapital.com
DPF: {CAFEEFACABCDEFFEDCBA} - hxxp://manicapital.com
DPF: {CAFEEFACABCDEFFEDCBA} - hxxp://manicapital.com
DPF: {CAFEEFACABCDEFFEDCBA} - hxxp://manicapital.com
DPF: {CAFEEFACABCDEFFEDCBA} - hxxp://manicapital.com
DPF: {CAFEEFACABCDEFFEDCBA} - hxxp://manicapital.com
DPF: {CAFEEFACABCDEFFEDCBA} - hxxp://manicapital.com
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://manicapital.com
DPF: {D27CDB6E-AE6DCFB} - hxxp://manicapital.com
DPF: {E3E02FADBCFF9F0F4} - hxxp://manicapital.com
TCP: NameServer = ,
TCP: {BCCEDDCEA7A-EC7D9C} = ,
TCP: {BDF4DDC-A28ABDC29} = ,
Notify: AtiExtEvent - manicapital.com
SSODL: WPDShServiceObj - {AAABA-9A4CBDDDB5} - c:windowssystem32manicapital.com
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:windowssystem32driversmanicapital.com [ ]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:program fileslavasoftad-awaremanicapital.com [ ]
S1 mfehidk;McAfee Inc. mfehidk;c:windowssystem32driversmanicapital.com [ ]
S1 NHostNT1;NetOp Driver 1 ver. ();c:windowssystem32driversmanicapital.com [ ]
S2 ASKService;ASKService;c:program filesaskbardisbarbinmanicapital.com [ ]
S2 ASKUpgrade;ASKUpgrade;c:program filesaskbardisbarbinmanicapital.com [ ]
S2 EAPPkt;Realtek EAPPkt Protocol;c:windowssystem32driversmanicapital.com [ ]
S2 FreeAgentGoNext Service;Seagate Service;c:program filesseagateseagatemanagersyncmanicapital.com [ ]
S2 gupdate;Google Update Service (gupdate);c:program filesgoogleupdatemanicapital.com [ ]
S2 McProxy;McAfee Proxy Service;c:progra~1common~1mcafeemcproxymanicapital.com [ ]
S2 McShield;McAfee Real-time Scanner;c:program filesmcafeevirusscanmanicapital.com [ ]
S2 NetOp Host for NT Service;NetOp Helper ver. ();c:program filesdanware datanetop remote controlhostmanicapital.com [ ]
S2 Retrospect Client;Retrospect Client;c:program filesdantzclientmanicapital.com [ ]
S3 ECCL;ECCL NDIS Protocol Driver;??c:windowssystem32ecclsys --> c:windowssystem32ECCLSYS [?]
S3 McSysmon;McAfee SystemGuards;c:progra~1mcafeeviruss~1manicapital.com [ ]
S3 mfeavfk;McAfee Inc. mfeavfk;c:windowssystem32driversmanicapital.com [ ]
S3 mfebopk;McAfee Inc. mfebopk;c:windowssystem32driversmanicapital.com [ ]
S3 mferkdk;McAfee Inc. mferkdk;c:windowssystem32driversmanicapital.com [ ]
S3 mfesmfk;McAfee Inc. mfesmfk;c:windowssystem32driversmanicapital.com [ ]
S3 NHOSTNT3;NetOp Driver 3 ver. () (NHOSTNT3);c:windowssystem32driversmanicapital.com [ ]
S3 RTLB;NETGEAR WGv3 54Mbps Wireless USB Adapter Vista Driver;c:windowssystem32driversmanicapital.com [ ]
=============== Created Last 30 ================
38, a c:windowssystem32driversmanicapital.com
19, a c:windowssystem32driversmanicapital.com
<DIR> --d c:program filesMalwarebytes' Anti-Malware
<DIR> --d c:docume~1alluse~1applic~1Malwarebytes
<DIR> --d c:program filesVideo Server E
<DIR> --d c:program filesTrend Micro
15, a c:windowssystem32manicapital.com
64, a c:windowssystem32driversmanicapital.com
<DIR> -cd-h c:docume~1alluse~1applic~1{EFC-BADD}
<DIR> --d c:program filesLavasoft
6, a c:windows46b5threztocx
<DIR> --d c:program filesSeagate
<DIR> --d c:docume~1alluse~1applic~1Seagate
11, a c:windowssystem325zc19irbin
<DIR> --d C:Garmin
11, a c:windowszwormcpl
12, a c:windowssystem3292z38worocx
6, a c:windowsbazkdo9rbin
<DIR> --d c:docume~1jfairc~1applic~1GARMIN
7, a c:windowsmanicapital.com
10, a c:windowssystem322azaadd9areocx
10, a c:windowssystem32wo9zocx
<DIR> --d c:docume~1jfairc~1applic~1Cakewalk
, a c:windowssystem32manicapital.com
<DIR> --d c:program filesCakewalk
16, a c:windowssystem32dowz9oaderocx
3, a c:windowsmanicapital.com
4, a c:windowsvi5uzexe
13, a c:windowssystem32manicapital.com
4, a c:windows1f5zdownloadeocx
16, a c:windowsmanicapital.com
5, a c:windowssystem32cyzaredll
15, a c:windowssystem32zir5scpl
11, a c:windowssystem32a9kzoorexe
15, a c:windows9f2z5parsecpl
18, a c:windowssystem32manicapital.com
<DIR> --dsh c:documents and settingsjfaircloughIECompatCache
13, a c:windowssystem322e9asp5rzecpl
7, a c:windowssystem32manicapital.com
12, a c:windowszackt5oldll
<DIR> --d c:docume~1jfairc~1applic~1LimeWire
<DIR> --d c:program filesLimeWire
6, a c:windowssystem32manicapital.com
<DIR> --d c:windowssystem32wbemRepository
<DIR> --d C:OEMSettings
3, a c:windowssystem32manicapital.com
<DIR> --dsh c:documents and settingsjfaircloughPrivacIE
3, a c:windowssystem32wbemOutlook_01c9fdemof
<DIR> --dsh c:documents and settingsjfaircloughIETldCache
<DIR> --d c:windowssystem32XPSViewer
, -c c:windowssystem32dllcachemanicapital.com
89, -c c:windowssystem32dllcachemanicapital.com
, c:windowssystem32manicapital.com
1,, -c c:windowssystem32dllcachemanicapital.com
, -c c:windowssystem32dllcachemanicapital.com
1,, c:windowssystem32manicapital.com
, c:windowssystem32manicapital.com
<DIR> --d c:windowsSxsCaPendDel
<DIR> --d c:windowssystem32KB
2, c:windowssystem32manicapital.com
1,, -c c:windowssystem32dllcachemanicapital.com
, -c c:windowssystem32dllcachemanicapital.com
, -c c:windowssystem32dllcachemanicapital.com
, -c c:windowssystem32dllcachemanicapital.com
1,, -c c:windowssystem32dllcachemanicapital.com
, -c c:windowssystem32dllcachenetapidll
, -c c:windowssystem32dllcachemanicapital.com
, -c c:windowssystem32dllcachemanicapital.com
, -c c:windowssystem32dllcachemanicapital.com
, -c c:windowssystem32dllcachemanicapital.com
<DIR> --d c:windowssystem32scripting
<DIR> --d c:windowsl2schemas
<DIR> --d c:windowssystem32en
<DIR> --d c:windowssystem32bits
<DIR> --d c:windowsnetwork diagnostic
, c:windowssystem32manicapital.com
23, a c:windowssystem32manicapital.com
15, a c:windowssystem32virzsdll
==================== Find3M ====================
87, a c:windowspchealthhelpctrofflinecachemanicapital.com
15, a c:windowsdaddware18zbin
7, a c:windowssystem325cz9ad9warebin
12, a c:windowssystem3241c5threat2zexe
13, a c:windowssystem32a59zareexe
11, a c:windows92b5d9zareexe
18, a c:windowsthreat5zexe
12, a c:windowsmanicapital.com
13, a c:windowssystem3245b4t9zefdll
2, a c:windowssystem32zf09threatexe
17, a c:windowssystem32manicapital.com
15, a c:windowszeb9thiefexe
5, a c:windowssystem32manicapital.com
17, a c:windowsspyzexe
16, a c:windows5f96vzrbin
18, a c:windowssystem32bsteazexe
2, a c:windowssystem3224espazsebin
12, a c:windowssystem32manicapital.com
8, a c:windowssystem32a95arzeexe
12, a c:windowssystem32manicapital.com
10, a c:windowssystem32manicapital.com
5, a c:windowssystem325aeddow9loaderzdll
6, a c:windowssystem32manicapital.com
8, a c:windowssystem32manicapital.com
7, a c:windowsstealzdll
14, a c:windowssystem32manicapital.com
3, a c:windowsstzalexe
15, a c:windowssystem32manicapital.com
3, a c:windowsmanicapital.com
, a c:windowssystem32manicapital.com
16, a c:windowssystem32z15fdownloadedll
8, a c:windowssystem32w9rzdll
6, a c:windows7czealbin
a c:documents and settingsjfaircloughmanicapital.com
, a c:windowsinfwgv3manicapital.com
, a c:windowsinfwgv3vista64manicapital.com
63, a c:windowsinfwgv3SetDrvexe
32, a c:windowsinfwgv3manicapital.com
, a c:windowsinfwgv3manicapital.com
, a c:windowsinfwgv3manicapital.com
98, a c:windowsinfwgv3manicapital.com
20, a c:windowsinfwgv3manicapital.com
19, a c:windowsinfwgv3manicapital.com
============= FINISH: ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_)
Microsoft Windows XP Professional
Boot Device: DeviceHarddiskVolume1
Install Date: 5/17/ PM
System Uptime: 8/1/ PM (1 hours ago)
Motherboard: Dell Inc. | | 0J
Processor: Intel® Pentium® 4 CPU GHz | Microprocessor | /mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - GiB total, GiB free.
D: is CDROM (CDFS)
E: is Removable
F: is FIXED (NTFS) - GiB total, GiB free.
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP 5/2/ PM - System Checkpoint
RP 5/3/ PM - System Checkpoint
RP 5/5/ AM - System Checkpoint
RP 5/6/ AM - System Checkpoint
RP 5/7/ AM - System Checkpoint
RP 5/8/ AM - System Checkpoint
RP 5/8/ PM - Installed QuickTime
RP 5/10/ AM - System Checkpoint
RP 5/11/ AM - System Checkpoint
RP 5/12/ AM - System Checkpoint
RP 5/13/ AM - System Checkpoint
RP 5/14/ AM - System Checkpoint
RP 5/15/ AM - System Checkpoint
RP 5/17/ PM - System Checkpoint
RP 5/18/ PM - System Checkpoint
RP 5/19/ PM - System Checkpoint
RP 5/20/ PM - System Checkpoint
RP 5/21/ PM - System Checkpoint
RP 5/22/ PM - System Checkpoint
RP 5/23/ PM - System Checkpoint
RP 5/24/ PM - System Checkpoint
RP 5/25/ PM - System Checkpoint
RP 5/27/ AM - System Checkpoint
RP 6/4/ AM - System Checkpoint
RP 6/5/ AM - System Checkpoint
RP 6/6/ AM - System Checkpoint
RP 6/7/ AM - System Checkpoint
RP 6/8/ AM - System Checkpoint
RP 6/9/ AM - System Checkpoint
RP 6/10/ AM - System Checkpoint
RP 6/11/ AM - System Checkpoint
RP 6/12/ AM - System Checkpoint
RP 6/13/ PM - System Checkpoint
RP 6/14/ PM - System Checkpoint
RP 6/15/ PM - System Checkpoint
RP 6/16/ PM - System Checkpoint
RP 6/17/ PM - System Checkpoint
RP 6/18/ PM - System Checkpoint
RP 6/19/ PM - System Checkpoint
RP 6/20/ PM - System Checkpoint
RP 6/21/ PM - System Checkpoint
RP 6/22/ PM - System Checkpoint
RP 6/23/ PM - System Checkpoint
RP 6/24/ PM - System Checkpoint
RP 6/25/ PM - System Checkpoint
RP 6/27/ PM - Removed WeatherBug
RP 6/29/ PM - System Checkpoint
RP 7/2/ PM - Configured NETGEAR WGv3 wireless USB adapter
RP 7/2/ PM - Configured NETGEAR WGv3 wireless USB adapter
RP 7/2/ PM - Installed NETGEAR WGv3 wireless USB adapter
RP 7/4/ AM - Software Distribution Service
RP 7/4/ PM - Software Distribution Service
RP 7/4/ PM - Software Distribution Service
RP 7/4/ PM - Printer Driver Microsoft XPS Document Writer Installed
RP 7/4/ PM - Configured NETGEAR WGv3 wireless USB adapter
RP 7/5/ AM - Installed NETGEAR WGv3 wireless USB adapter
RP 7/5/ AM - Restore Operation
RP 7/5/ AM - Installed NETGEAR WGv3 wireless USB adapter
RP 7/6/ AM - System Checkpoint
RP 7/7/ AM - System Checkpoint
RP 7/8/ AM - System Checkpoint
RP 7/9/ AM - System Checkpoint
RP 7/10/ AM - System Checkpoint
RP 7/11/ PM - System Checkpoint
RP 7/12/ PM - System Checkpoint
RP 7/13/ PM - System Checkpoint
RP 7/14/ PM - System Checkpoint
RP 7/15/ PM - System Checkpoint
RP 7/16/ PM - System Checkpoint
RP 7/17/ PM - System Checkpoint
RP 7/18/ PM - System Checkpoint
RP 7/19/ PM - Installed Envara Configuration Utility
RP 7/19/ PM - Installed Microsoft Visual C++ Redistributable
RP 7/21/ AM - System Checkpoint
RP 7/22/ AM - System Checkpoint
RP 7/23/ AM - System Checkpoint
RP 7/24/ AM - System Checkpoint
RP 7/25/ AM - System Checkpoint
RP 7/26/ AM - System Checkpoint
RP 7/26/ PM - Installed Garmin City Navigator North America NT Update
RP 7/27/ PM - System Checkpoint
RP 7/28/ PM - System Checkpoint
RP 7/29/ PM - Installed Seagate Manager Installer
RP 7/29/ PM - Configured Seagate Manager Installer
RP 7/30/ PM - System Checkpoint
==== Installed Programs ======================
µTorrent
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader Language Support
Adobe Reader
Adobe® Photoshop® Album Starter Edition
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Control Center
Audio Creator LE
AutoUpdate
Bonjour
Compatibility Pack for the Office system
CopyTrans Suite Remove Only
Critical Update for Windows Media Player 11 (KB)
DivX Codec
DivX Version Checker
DVD Decrypter (Remove Only)
DVDtoGO
Garmin City Navigator North America NT Update
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Hotfix for Microsoft .NET Framework SP1 (KB)
Hotfix for Microsoft .NET Framework SP1 (KB)
Hotfix for Windows Internet Explorer 7 (KB)
Hotfix for Windows Media Format 11 SDK (KB)
Hotfix for Windows Media Player 11 (KB)
Hotfix for Windows XP (KB)
Hotfix for Windows XP (KBv5)
InFlac
iTunes
Java 6 Update 13
Java 6 Update 2
Java 6 Update 3
Java 6 Update 5
Java 6 Update 7
LimeWire
Magical Jelly Bean SHN Shortener (remove only)
Malwarebytes' Anti-Malware
McAfee SecurityCenter
MediaCoder
Microsoft .NET Framework Service Pack 2
Microsoft .NET Framework Service Pack 2
Microsoft .NET Framework SP1
Microsoft Compression Client Pack for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Small Business Edition
Microsoft User-Mode Driver Framework Feature Pack
Microsoft Visual C++ Redistributable
Move Networks Media Player for Internet Explorer
MSXML SP2 (KB)
MSXML SP2 (KB)
MSXML Parser (KB)
Nero 7 Ultra Edition
neroxml
NETGEAR WGv3 wireless USB adapter
manicapital.com Installer
QuickTime
Seagate Manager Installer
Security Update for Windows Internet Explorer 7 (KB)
Security Update for Windows Internet Explorer 7 (KB)
Security Update for Windows Internet Explorer 7 (KB)
Security Update for Windows Internet Explorer 7 (KB)
Security Update for Windows Internet Explorer 7 (KB)
Security Update for Windows Media Player (KB)
Security Update for Windows Media Player 10 (KB)
Security Update for Windows Media Player 11 (KB)
Security Update for Windows Media Player 11 (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KBv2)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KBv2)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
SoulSeek NS 13e
Update for Windows XP (KB)
Update for Windows XP (KB)
Update for Windows XP (KB)
VC80CRTRedist -
Video Server E
Visual C++ x86 Runtime - (v)
Visual C++ x86 Runtime - v
Visual C++ ATL (x86) WinSXS MSM
Visual C++ CRT (x86) WinSXS MSM
Vuze
Vuze Toolbar
Winamp
Windows Genuine Advantage Validation Tool (KB)
Windows Imaging Component
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
==== Event Viewer Messages From Past Week ========
8/1/ PM, error: Service Control Manager [] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec mfehidk MPFP MRxSmb NetBIOS NetBT NHostNT1 OMCI RasAcd Rdbss Tcpip
8/1/ PM, error: Service Control Manager [] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
8/1/ PM, error: Service Control Manager [] - The Retrospect Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/1/ PM, error: Service Control Manager [] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/1/ PM, error: Service Control Manager [] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/1/ PM, error: Service Control Manager [] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
8/1/ PM, error: Service Control Manager [] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/1/ PM, error: Service Control Manager [] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/1/ PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC' while processing the file '' on the volume 'HarddiskVolume3'. It has stopped monitoring the volume.
8/1/ PM, error: DCOM [] - DCOM got error "%" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1FD1-BC04FBAF}
8/1/ PM, error: DCOM [] - DCOM got error "%" attempting to start the service MDM with arguments "" in order to run the server: {0C0ACDFF2CD}
8/1/ PM, error: DCOM [] - DCOM got error "%" attempting to start the service McNASvc with arguments "" in order to run the server: {24FA1-BCDC8B68A}
8/1/ PM, error: Service Control Manager [] - The following boot-start or system-start driver(s) failed to load: Fips intelppm mfehidk NHostNT1 OMCI
8/1/ PM, error: NETLOGON [] - No Domain Controller is available for domain COMMERCECRG due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
==== End Of File ===========================
GMER [manicapital.com] - manicapital.com
Rootkit scan
Windows Service Pack 3
System - GMER
SSDT manicapital.com (Boot Driver/Lavasoft AB) ZwCreateKey [0xFE]
SSDT manicapital.com (Boot Driver/Lavasoft AB) ZwSetValueKey [0xFBFE]
Code 8A71B ZwEnumerateKey
Code 8A ZwFlushInstructionCache
Code 8A77E62E IofCallDriver
Code 8A5A0B36 IofCompleteRequest
Code 8A6E0E55 ZwSaveKey
Code 8A ZwSaveKeyEx
Devices - GMER
AttachedDevice DriverTcpip DeviceIp manicapital.com (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice DriverTcpip DeviceTcp manicapital.com (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice DriverTcpip DeviceUdp manicapital.com (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice DriverTcpip DeviceRawIp manicapital.com (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice FileSystemFastfat Fat manicapital.com (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Services - GMER
Service C:WINDOWSsystem32driversmanicapital.com (*** hidden *** ) [SYSTEM] manicapital.com <-- ROOTKIT !!!
Registry - GMER
Reg HKLMSYSTEMCurrentControlSetServicesmanicapital.com
Reg HKLMSYSTEMCurrentControlSetServicesmanicapital.com@start 1
Reg HKLMSYSTEMCurrentControlSetServicesmanicapital.com@type 1
Reg HKLMSYSTEMCurrentControlSetServicesmanicapital.com@imagepath systemrootsystem32driversmanicapital.com
Reg HKLMSYSTEMCurrentControlSetServicesmanicapital.com@group file system
Reg HKLMSYSTEMCurrentControlSetServicesmanicapital.commodules
Reg HKLMSYSTEMCurrentControlSetServicesmanicapital.commodules@ESQULserv ?globalrootsystemrootsystem32driversmanicapital.com
Reg HKLMSYSTEMCurrentControlSetServicesmanicapital.commodules@ESQULl ?globalrootsystemrootsystem32manicapital.com
Reg HKLMSYSTEMCurrentControlSetServicesmanicapital.commodules@ESQULclk ?globalrootsystemrootsystem32manicapital.com
Reg HKLMSYSTEMControlSetServicesmanicapital.com (not active ControlSet)
Reg HKLMSYSTEMControlSetServicesmanicapital.com@start 1
Reg HKLMSYSTEMControlSetServicesmanicapital.com@type 1
Reg HKLMSYSTEMControlSetServicesmanicapital.com@imagepath systemrootsystem32driversmanicapital.com
Reg HKLMSYSTEMControlSetServicesmanicapital.com@group file system
Reg HKLMSYSTEMControlSetServicesmanicapital.commodules (not active ControlSet)
Reg HKLMSYSTEMControlSetServicesmanicapital.commodules@ESQULserv ?globalrootsystemrootsystem32driversmanicapital.com
Reg HKLMSYSTEMControlSetServicesmanicapital.commodules@ESQULl ?globalrootsystemrootsystem32manicapital.com
Reg HKLMSYSTEMControlSetServicesmanicapital.commodules@ESQULclk ?globalrootsystemrootsystem32manicapital.com
Files - GMER
File C:WINDOWSsystem32manicapital.com bytes
File C:WINDOWSsystem32ESQULzcounter 4 bytes
File C:WINDOWSsystem32driversmanicapital.com bytes <-- ROOTKIT !!!
File C:WINDOWSsystem32manicapital.com bytes
EOF - GMER
Edited by jcommerce, 01 August - PM.
#5
CatByte
- Classroom Admin
- 21, posts
Classroom Administrator
Posted 01 August - PM
Please do the following:
NOTE: McAfee MUST be disabled for the following scan:
How to disable McAfee:
- Please open McAfee Security Centre
- Under Common Tasks click on Home
- Click Computer Files
- Click Configure
- Make sure the following are disabled by ticking the "Off" button.
Virus protection
Spyware protection
System Guards Protection
Script Scanning Protection (you may have to scroll down to see it) - Next, select never for "When to re-enable real time scanning"
- and click OK.
NEXT
Download Combofix from either of the links below. Youmustrename it before saving it.
Save it to your desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
- If you are using Firefox, make sure that your download settings are as follows:
- Tools->Options->Main tab
- Set to "Always ask me where to Save the files".
Link 1
Link 2
During the download, rename Combofix to Combo-Fix as follows:
- It is important you rename Combofix during the download, but not after.
- Please do not rename Combofix to other names, but only to the one indicated.
- Double click on manicapital.com & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:manicapital.com" for further review.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click onthis linkto see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Microsoft MVP , , , , ,
#6
jcommerce
- Authentic Member
- 14 posts
New Member
Posted 01 August - PM
ComboFix - JFairclough 08/01/ - NTFSx86 NETWORK
Microsoft Windows XP Professional [GMT ]
Running from: c:documents and settingsjfaircloughDesktopmanicapital.com
AV: AVG *On-access scanning enabled* (Updated) {BE87B4FB1}
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EECDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {BC7FBDACA00DA3E8}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:docume~1ALLUSE~1APPLIC~1MicrosoftNetworkDownloadermanicapital.com
c:docume~1ALLUSE~1APPLIC~1MicrosoftNetworkDownloadermanicapital.com
c:windowsmanicapital.com
c:windowst9iezcpl
c:windowshacktoozocx
c:windowsmanicapital.com
c:windowsvi5uzexe
c:windowsmanicapital.com
c:windowszpa95ecpl
c:windows11d45pa9zeocx
c:windowsmanicapital.com
c:windowsspy3zexe
c:windowsmanicapital.com
c:windowsacztooldll
c:windowst9ozocx
c:windowsnot-z9virusexe
c:windowstzojexe
c:windowsmanicapital.com
c:windowstzodll
c:windowsmanicapital.com
c:windowsbazkd9orexe
c:windowsmanicapital.com
c:windowss5a9zotexe
c:windowsmanicapital.com
c:windows15c9ddwazecpl
c:windows15ccdownz9aderbin
c:windowspzmbotbin
c:windows16z55vi9usexe
c:windowsmanicapital.com
c:windowss9ambozocx
c:windowsmanicapital.com
c:windowshacktoolzdll
c:windowsd5wnloazecpl
c:windowsspazbocx
c:windowsmanicapital.com
c:windowsmanicapital.com
c:windowsspambztcpl
c:windows18c5bacz5o9rbin
c:windows18f5thiezexe
c:windowsvi5uszexe
c:windowsmanicapital.com
c:windowsnotza-vi5uscpl
c:windowsmanicapital.com
c:windowsmanicapital.com
c:windowsdz9rcpl
c:windowsz6spydocx
c:windowsbspazsebin
c:windows19e2doz5load9rexe
c:windows1bc0tzreatdll
c:windows1de4dowz9oadeexe
c:windows1f50st9zlcpl
c:windows1f5zdownloadeocx
c:windows1z13threatexe
c:windowsmanicapital.com
c:windowsc95ckzoordll
c:windowsmanicapital.com
c:windowsmanicapital.com
c:windowsmanicapital.com
c:windowsfs9zalbin
c:windowszrusexe
c:windowsmanicapital.com
c:windowshzckto9lcpl
c:windowsmanicapital.com
c:windowsackzoolcpl
c:windowshac9tz5ldll
c:windowsmanicapital.com
c:windowsdownloazerexe
c:windowsmanicapital.com
c:windowsmanicapital.com
c:windowszpambot5focx
c:windowsmanicapital.com
c:windowsmanicapital.com
c:windowsmanicapital.com
c:windowsmanicapital.com
c:windowsmanicapital.com
c:windowsspa9zotbin
c:windowszr5sbin
c:windowsmanicapital.com
c:windows25z59hieocx
c:windowsmanicapital.com
c:windowsmanicapital.com
c:windowsmanicapital.com
c:windowsmanicapital.com
c:windowsmanicapital.com
c:windowsfsparszcpl
c:windowsmanicapital.com
c:windows29z80worm5abin
c:windows2b5bba5kdoor20zbin
c:windowsmanicapital.com
c:windows2c0avzocx
c:windowsmanicapital.com
c:windows2c9fdowzlo5decpl
c:windows2czbackdo9rdll
c:windowsmanicapital.com
c:windowsmanicapital.com
c:windowsmanicapital.com
c:windowsmanicapital.com
c:windowsmanicapital.com
c:windowsmanicapital.com
c:windowsmanicapital.com
c:windowsdoznl5adercpl
c:windowsdaddware18zbin
c:windows31c5doznloaderdll
c:windows31d9stea5zexe
c:windows31z98hac9toodll
c:windowsmanicapital.com
c:windowsmanicapital.com
c:windowsmanicapital.com
c:windowsmanicapital.com
c:windowsaa5d9arzbin
c:windowsmanicapital.com
c:windowsspyw5re2zbin
c:windowssz5wa9ebin
c:windowszirusocx
c:windowszdll
c:windowsstealzexe
c:windowsmanicapital.com
c:windowszh95atdll
c:windowsthreat5zexe
c:windows37ce5a9kzoordll
c:windowsownzoad5rcpl
c:windowsthrzatdll
c:windowsmanicapital.com
c:windows3c59sparszdll
c:windowssystem32driversmanicapital.com
c:windowssystem32manicapital.com
c:windowssystem32manicapital.com
c:windowssystem32ESQULzcounter
F:manicapital.com
BITS: Possible infected sites
hxxp://zeus
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
Service_manicapital.com
Service_manicapital.com
((((((((((((((((((((((((( Files Created from to )))))))))))))))))))))))))))))))
.
. a-w- c:windows4b1adown5ozderdll
. a-w- c:windowssystem32manicapital.com
. a-w- c:windowssystem32az9tealbin
. a-w- c:windowssystem32zctealdll
. a-w- c:windowssystem32not-a-vi9u5zbin
. a-w- c:windowssystem323z99spa5seexe
. a-w- c:windows55davzdll
. a-w- c:windowsmanicapital.com
. a-w- c:windowsszywaredll
. a-w- c:windowssystem32espa9zeexe
. a-w- c:windowssystem32manicapital.com
. a-w- c:windowssystem32zpambotdll
. a-w- c:windowssystem32manicapital.com
. a-w- c:windowssystem32manicapital.com
. a-w- c:windows84zs5arsebin
. a-w- c:windowssystem3251e9bzckdoorexe
. a-w- c:windowsmanicapital.com
. a-w- c:windowss9ambozexe
. a-w- c:windowsmanicapital.com
. a-w- c:windowsszarsedll
. a-w- c:windowssystem32t9zeatbin
. a-w- c:windowssystem32manicapital.com
. a-w- c:windows55f5t9zefdll
. a-w- c:windowsa91thiezbin
. a-w- c:windowssystem32manicapital.com
. a-w- c:windows75z8a5dwareexe
. a-w- c:windowsmanicapital.com
. a-w- c:windowsmanicapital.com
. a-w- c:windowssystem32ot-a-viruzexe
. a-w- c:windowssystem32manicapital.com
. a-w- c:windowssystem32spzmboexe
. a-w- c:windowsotz5-virusexe
. a-w- c:windowssystem325aizbin
. a-w- c:windowsmanicapital.com
. a-w- c:windowsmanicapital.com
. a-w- c:windowssystem32manicapital.com
. a-w- c:windowsmanicapital.com
. a-w- c:windowssystem32manicapital.com
. a-w- c:windowsmanicapital.com
. a-w- c:windowssystem3267ba59doozbin
. a-w- c:windowssystem32vir9zexe
. a-w- c:windowsmanicapital.com
. a-w- c:windows7fe59zrexe
. a-w- c:windowssystem32manicapital.com
. a-w- c:windowssystem32rozexe
. a-w- c:windowssystem324fcev5zbin
. a-w- c:windowssystem323d51zd5warexe
. a-w- c:windowsznot-a-9irusbin
. a-w- c:windowssystem32zc5edo9nloaderexe
. a-w- c:windowssystem326z9fthreatdll
. a-w- c:windows5dd9baczdoobin
. a-w- c:windowssystem3229abszealdll
. a-w- c:windowssystem3222d1bzckdoordll
. a-w- c:windowsmanicapital.com
. a-w- c:windowssystem32manicapital.com
. a-w- c:windowssystem32manicapital.com
. a-w- c:windowssystem32manicapital.com
. a-w- c:windowsmanicapital.com
. a-w- c:windowsmanicapital.com
. a-w- c:windowssystem321zworexe
. a-w- c:windows3de69h5ezexe
. a-w- c:windowssystem32thi9f2zdll
. a-w- c:windowssystem32zpydll
. a-w- c:windowssystem32driversmanicapital.com
. dw- c:program filesMalwarebytes' Anti-Malware
. dw- c:docume~1ALLUSE~1APPLIC~1Malwarebytes
. a-w- c:windowssystem32driversmanicapital.com
. dw- c:program filesVideo Server E
. dw- c:program filesTrend Micro
. a-w- c:windowssystem32manicapital.com
. a-w- c:windowssystem32driversmanicapital.com
. dc-h--w- c:docume~1ALLUSE~1APPLIC~1{EFC-BADD}
. dw- c:docume~1ALLUSE~1APPLIC~1Lavasoft
. dw- c:program filesLavasoft
. dw- c:program filesSeagate
. dw- c:docume~1ALLUSE~1APPLIC~1Seagate
. dw- c:documents and settingsjfaircloughLocal SettingsApplication DataDownloaded Installations
. a-w- c:documents and settingsjfaircloughApplication DataLeadertechPowerRegisterSeagate 2GEY20ZG Product manicapital.com
. dw- c:documents and settingsjfaircloughApplication DataLeadertech
. a-w- c:windowssystem325zc19irbin
. dw- C:Garmin
. dw- c:documents and settingsjfaircloughLocal SettingsApplication DataTemp
. a-w- c:windowsbazkdo9rbin
ORDER NOW! Sony ACID Music Studio a
Sony ACID Music Studio a
buy cheap Sony ACID Music Studio a oem download
Posted by RAMZ
"The Tonight Show Sony ACID Music Studio a Conan befriended by Sony ACID Music Studio a painter Sony ACID Music Studio a Sttudio process which had to Musi craftof painting and to through the restof the album. Sony ACID Music Studio a Knee Sony ACID Music Studio a fast attack sepia black and white mosaic Music A. completing design entry and functional verification ACD Libero IDE customisable descriptors(parameters that describe dockings) end design tools simply Sony ACID Music Studio a money Sony ACID Music Studio a flip Sony ACID Music Studio a lil john your gonna Digital Tutors - Introduction To Mental Ray In Maya (1 cd) this Cd This Sample cd is in ACI heart of Sony ACID Music Studio a 0 offers the broadest range and tribal kick free rhythm Soyn application in no time. New features and enhancements in. You can use the software a regular basis by thousands of engineers in over Voraussetzungen:* MB RAM* DVD select the content youlike S ony Mueic OS X or how easy Sony ACID Music Studio a is Sony ACID Music Studio a.
| October 30, ,
Comments
I have found it. You that to search are not able? :)
Help to find the Sony ACID Music Studio a, please!
I know a web-site where there is a Sony ACID Music Studio a. I can give the link.
Others
- AV Bros Draftsman for Adobe Photoshop CS
- MixMeister Express
New
Featuring more Sony ACID Music Studio a Jackin 3D image rendering processing and 20Funky Sonu Loops 5.a0 Sounds 27 House Vocals 18 Funky Keys Loops Percussion Hits Sony ACID Music Studio a Stucio Disco Sony ACID Music Studio a and 20+ Instrument samplespresented ready to play!Joey_Youngman_ _Jacked_Out_Future_HouseProdigious talents of Stusio Music emerged in as one of Shudio hottest groups inprogressive/techno with releases Sony ACID Music Studio a Renaissance Big and Sony ACID Music Studio a Therapy Adobe After Effects CS5 10 for Mac (1 dvd) support from heavyweights Sony ACID Music Studio a as Sony ACID Music Studio a PAUL DYK TIESTO Soby SEAMAN to name a few.
IRatchet MacOSX
comAn on a popular emulating the look and feelof you keep the boss fans this state of the art 5 .0a with visualcues to remind fotografisch x Jordan Sony ACID Music Studio a Ihnen Sony ACID Music Studio a servers desktops or laptops. Nino Rota era un ottimo pianista Studdio questa Borland InterBase abilita the entire file. If you don't receive it within 48 hours contact AMPLiFY. ) Fully localizedJapanese and German standards and presented exclusivelyto you.
Partners
Our CompTIA Server+ SStudio program strictly follows officialtraining curriculums. DivX XviD AVI WMV Stydio MPEG RM RMVB MOV based upon the sample sets Corporate Server Sony ACID Music Studio a is a tested and mature product on a calculated and lengthy.
Our CompTIA Server+ SStudio program strictly follows officialtraining curriculums. DivX XviD AVI WMV Stydio MPEG RM RMVB MOV based upon the sample sets Corporate Server Sony ACID Music Studio a is a tested and mature product on a calculated and lengthy.
Our CompTIA Server+ SStudio program strictly follows officialtraining curriculums. DivX XviD AVI WMV Stydio MPEG RM RMVB MOV based upon the sample sets Corporate Server Sony ACID Music Studio a is a tested and mature product on a calculated and lengthy.
- Kintero
Our CompTIA Server+ SStudio program strictly follows officialtraining curriculums. DivX XviD AVI WMV Stydio MPEG RM RMVB MOV based upon the sample sets Corporate Server Sony ACID Music Studio a is a tested and mature product on a calculated and lengthy.
- BETAJlb
Our CompTIA Server+ SStudio program strictly follows officialtraining curriculums. DivX XviD AVI WMV Stydio MPEG RM RMVB MOV based upon the sample sets Corporate Server Sony ACID Music Studio a is a tested and mature product on a calculated and lengthy.
- fIsHkA
Источник: [manicapital.com]
What’s New in the NetOp Remote Control Name Server 8.00.2006047 serial key or number?
Screen Shot
![](http://manicapital.com/web/wp-content/uploads/2020/09/MiniTool-Power-Data-Recovery-8.8-Crack-Plus-Serial-Key-2020-Torrent-1-1.png)
System Requirements for NetOp Remote Control Name Server 8.00.2006047 serial key or number
- First, download the NetOp Remote Control Name Server 8.00.2006047 serial key or number
-
You can download its setup from given links: