13.06.2019

NetOp Remote Control Name Server 8.00.2006047 serial key or number

By admin NetOp Remote Control Name Server 8.00.2006047 serial key or number 0 Comments

NetOp Remote Control Name Server 8.00.2006047 serial key or number

, #1
Virtumonde Infection
I'm having a really tough time with this. I've used Spybot to try and remove, but it keeps showing up. Comodo scan comes up clean. I did a system restore, but that didn't seem to help.

Now the computer runs so slow that I can only really use it in safe mode.

I'd be very grateful for any assistance that could be offered.

Thanks,
Matt

Logfile of Trend Micro HijackThis v (BETA)
Scan saved at PM, on 2/10/
Platform: Windows XP SP2 (WinNT )
MSIE: Internet Explorer v SP2 ()
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\manicapital.com
C:\WINDOWS\system32\manicapital.com
C:\WINDOWS\system32\manicapital.com
C:\WINDOWS\system32\manicapital.com
C:\WINDOWS\system32\manicapital.com
C:\WINDOWS\system32\manicapital.com
C:\Program Files\COMODO\COMODO Internet Security\manicapital.com
C:\WINDOWS\system32\manicapital.com
C:\WINDOWS\system32\manicapital.com
C:\WINDOWS\manicapital.com
C:\WINDOWS\system32\manicapital.com
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsbexe
C:\Program Files\Java\jre_07\bin\manicapital.com
C:\WINDOWS\manicapital.com
C:\PROGRA~1\VISION~1\ONETOU~manicapital.com
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\manicapital.com
C:\Program Files\iTunes\manicapital.com
C:\Program Files\COMODO\COMODO Internet Security\manicapital.com
C:\Program Files\Symantec\pcAnywhere\awhostexe
C:\Program Files\Veoh Networks\VeohWebPlayer\manicapital.com
C:\Program Files\manicapital.com 3\program\manicapital.com
C:\Program Files\Bonjour\manicapital.com
C:\Program Files\manicapital.com 3\program\manicapital.com
C:\WINDOWS\System32\manicapital.com
C:\WINDOWS\system32\manicapital.com
C:\Program Files\iPod\bin\manicapital.com
C:\Program Files\Yahoo!\Messenger\ymsgr_manicapital.com
C:\Program Files\Java\jre_07\bin\manicapital.com
C:\Program Files\Mozilla Firefox\manicapital.com
C:\WINDOWS\system32\manicapital.com
C:\Program Files\TrendMicro\HiJackThis\manicapital.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = manicapital.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DFC-E8ADAFAC2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\manicapital.com
O2 - BHO: Spybot-S&D IE Protection - {FDDF} - C:\PROGRA~1\SPYBOT~1\manicapital.com
O2 - BHO: SSVHelper Class - {BB-D6FC-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre_07\bin\manicapital.com
O3 - Toolbar: The Weather Channel Toolbar - {2E5EE-6ACEAA35E43} - C:\WINDOWS\system32\manicapital.com
O3 - Toolbar: Veoh Web Player Video Finder - {0FBBD3Df7a-A2EBBFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\manicapital.com
O4 - HKLM\..\Run: [PtiuPbmd] Rundllexe manicapital.com,SetWriteBack
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsbexe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre_07\bin\manicapital.com"
O4 - HKLM\..\Run: [SoundMan] manicapital.com
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader \Reader\Reader_manicapital.com"
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~manicapital.com
O4 - HKLM\..\Run: [WindowsServicesStartup] C:\DOCUME~1\Admin\LOCALS~1\Temp\manicapital.com 1
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\manicapital.com" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\manicapital.com"
O4 - HKLM\..\Run: [AmazonGSDownloaderTray] C:\Program Files\Amazon\Amazon Games & Software Downloader\manicapital.com
O4 - HKLM\..\Run: [Lhoyosobu] rundllexe "C:\WINDOWS\manicapital.com",Startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\manicapital.com" -h
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\manicapital.com" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\manicapital.com
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\manicapital.com" -quiet
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\manicapital.com"
O4 - Startup: manicapital.com lnk = C:\Program Files\manicapital.com 3\program\manicapital.com
O9 - Extra button: (no name) - {08B0E5CFCBCF-AAAC} - C:\Program Files\Java\jre_07\bin\manicapital.com
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5CFCBCF-AAAC} - C:\Program Files\Java\jre_07\bin\manicapital.com
O9 - Extra button: The Weather Channel - {2E5EE-6ACEAA35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5EE-6ACEAA35E43} - (no file)
O9 - Extra button: (no name) - {DFBAFC4-ACAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\manicapital.com
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFBAFC4-ACAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\manicapital.com
O9 - Extra button: Messenger - {FB5FFd2-BB9EC04F} - C:\Program Files\Messenger\manicapital.com
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5FFd2-BB9EC04F} - C:\Program Files\Messenger\manicapital.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{A-9EAAED6B3D77}: NameServer =
O20 - AppInit_DLLs: C:\WINDOWS\system32\guarddll
O22 - SharedTaskScheduler: Browseui preloader - {C2-A8BAD1-B96BA0CE1} - C:\WINDOWS\System32\manicapital.com
O22 - SharedTaskScheduler: Component Categories cache daemon - {8CEF-2Bd2-BEC} - C:\WINDOWS\System32\manicapital.com
O23 - Service: Amazon Download Agent - manicapital.com - C:\Program Files\Amazon\Amazon Games & Software Downloader\manicapital.com
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\manicapital.com
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\manicapital.com
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\manicapital.com
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhostexe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\manicapital.com
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\manicapital.com
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\manicapital.com
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\manicapital.com
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\manicapital.com
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\manicapital.com
O23 - Service: NetOp Helper ver. () (NetOp Host for NT Service) - Danware Data A/S - C:\Program Files\Danware Data\NetOp Remote Control\Host\manicapital.com

--
End of file - bytes
, #2
Security Expert: Emeritus
Join Date
Oct
Location
Finland
Posts
29,
Hi thesaint

Please post spybot report next
Microsoft MVP Consumer Security

Member of ASAP and UNITE since
, #3
Hi Shaba,

Thanks a lot for helping me out on this.

This is the first scan that has come up empty for threats, but I ran this in safe mode with networking. I'm not sure if that has something to do with the clean scan though.

Here's the log:

Search result list
Congratulations!: No immediate threats were found. (Status)

Spybot - Search & Destroy version: (build: )

manicapital.com ()
manicapital.com ()
manicapital.com ()
manicapital.com ()
manicapital.com ()
manicapital.com ()
uninsexe ()
manicapital.com ()
manicapital.com ()
manicapital.com ()
DelZipdll ()
manicapital.com ()
manicapital.com
manicapital.com ()
manicapital.com ()
Includes\manicapital.com (*)
Includes\manicapital.com (*)
Includes\manicapital.com (*)
Includes\manicapital.com (*)
Includes\manicapital.com (*)
Includes\manicapital.com (*)
Includes\manicapital.com (*)
Includes\manicapital.com (*)
Includes\manicapital.com (*)
Includes\manicapital.com (*)
Includes\manicapital.com (*)
Includes\manicapital.com (*)
Includes\manicapital.com (*)
Includes\manicapital.com (*)
Includes\manicapital.com (*)
Includes\manicapital.com (*)
Includes\manicapital.com (*)
Includes\manicapital.com (*)
Includes\manicapital.com (*)
Includes\manicapital.com (*)
Includes\manicapital.com (*)
Includes\manicapital.com (*)
Includes\manicapital.com
Includes\manicapital.com (*)
Includes\manicapital.com (*)
Plugins\manicapital.com
Plugins\manicapital.com
Plugins\manicapital.com
Plugins\manicapital.com

System information
Windows XP (Build: ) Service Pack 2 ()
/ Windows Media Player Security Update for Windows Media Player 10 (KB)
/ Windows Media Player Security Update for Windows Media Player 10 (KB)
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Windows XP Hotfix - KB
/ Windows XP / SP3: Windows XP Hotfix - KB
/ Windows XP / SP3: Windows XP Hotfix - KB
/ Windows XP / SP3: Windows XP Hotfix - KB
/ Windows XP / SP3: Windows XP Hotfix - KB
/ Windows XP / SP3: Windows XP Hotfix - KB
/ Windows XP / SP3: Windows XP Hotfix - KB
/ Windows XP / SP3: Windows XP Hotfix - KB
/ Windows XP / SP3: Windows XP Hotfix - KB
/ Windows XP / SP3: Windows XP Hotfix - KB
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Windows XP Hotfix - KB
/ Windows XP / SP3: Windows XP Hotfix - KB
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Windows Installer (KB)
/ Windows XP / SP3: Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Update for Windows XP (KB)
/ Windows XP / SP3: Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)
/ Windows XP / SP3: Security Update for Windows XP (KB)

Startup entries list
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader \Reader\Reader_manicapital.com"
file: C:\Program Files\Adobe\Reader \Reader\Reader_manicapital.com
size:
MD5: 69B16C7BBA5CFC05BFC73

Located: HK_LM:Run, COMODO Internet Security
command: "C:\Program Files\COMODO\COMODO Internet Security\manicapital.com" -h
file: C:\Program Files\COMODO\COMODO Internet Security\manicapital.com
size:
MD5: 6B2EC6A02B6CC3DAE62BD

Located: HK_LM:Run, HPDJ Taskbar Utility
command: C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsbexe
file: C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsbexe
size:
MD5: E2DA2DA04DBAF4D9E44AA24B00F2ABCA

Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\manicapital.com"
file: C:\Program Files\iTunes\manicapital.com
size:
MD5: 9D4FF8D3A13F2FEADB66C62FE5D0

Located: HK_LM:Run, KernelFaultCheck
command: %systemroot%\system32\dumprep 0 -k
file: C:\windows\system32\dumprep 0 -k
size: 0
MD5: D41D8CD98F00BEECFE
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, MSConfig
command: C:\WINDOWS\PCHealth\HelpCtr\Binaries\manicapital.com /auto
file: C:\WINDOWS\PCHealth\HelpCtr\Binaries\manicapital.com
size:
MD5: 4FDFA7B98B7DE

Located: HK_LM:Run, OneTouch Monitor
command: C:\PROGRA~1\VISION~1\ONETOU~manicapital.com
file: C:\PROGRA~1\VISION~1\ONETOU~manicapital.com
size:
MD5: EB0EE1AE08ACCA9BA21DD55

Located: HK_LM:Run, PtiuPbmd
command: Rundllexe manicapital.com,SetWriteBack
file: C:\windows\system32\manicapital.com
size:
MD5: AB29E7A6BF1AFFE0BD9C85

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\manicapital.com" -atboottime
file: C:\Program Files\QuickTime\manicapital.com
size:
MD5: FABAD2BFDD8CCEBFAFAF

Located: HK_LM:Run, SoundMan
command: manicapital.com
file: C:\windows\manicapital.com
size:
MD5: DF88FD13ACC

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre_07\bin\manicapital.com"
file: C:\Program Files\Java\jre_07\bin\manicapital.com
size:
MD5: 6AB4CFBD36DCCD97

Located: HK_LM:RunOnce, Malwarebytes' Anti-Malware
command: C:\Program Files\Malwarebytes' Anti-Malware\manicapital.com /install /silent
file: C:\Program Files\Malwarebytes' Anti-Malware\manicapital.com
size:
MD5: 2F45DACAA9D0AD52FF9

Located: HK_CU:Run, DAEMON Tools Lite
where: S
command: "C:\Program Files\DAEMON Tools Lite\manicapital.com" -autorun
file: C:\Program Files\DAEMON Tools Lite\manicapital.com
size:
MD5: 2ACCD0D8AA59E4AAD8EFFEEF

Located: HK_CU:Run, DW6
where: S
command:
file:
size: 0
MD5: D41D8CD98F00BEECFE
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, SpybotSD TeaTimer
where: S
command: C:\Program Files\Spybot - Search & Destroy\manicapital.com
file: C:\Program Files\Spybot - Search & Destroy\manicapital.com
size: 0
MD5: D41D8CD98F00BEECFE
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, VeohPlugin
where: S
command: "C:\Program Files\Veoh Networks\VeohWebPlayer\manicapital.com"
file: C:\Program Files\Veoh Networks\VeohWebPlayer\manicapital.com
size:
MD5: BAD4CFCEE6

Located: Startup (user), manicapital.com lnk
where: C:\Documents and Settings\Admin\Start Menu\Programs\Startup
command: C:\Program Files\manicapital.com 3\program\manicapital.com
file: C:\Program Files\manicapital.com 3\program\manicapital.com
size:
MD5: BE0CED3CC47DA

Located: WinLogon, AtiExtEvent
command: manicapital.com
file: manicapital.com
size: 0
MD5: D41D8CD98F00BEECFE
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, crypt32chain
command: cryptdll
file: cryptdll
size: 0
MD5: D41D8CD98F00BEECFE
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: manicapital.com
file: manicapital.com
size: 0
MD5: D41D8CD98F00BEECFE
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: manicapital.com
file: manicapital.com
size: 0
MD5: D41D8CD98F00BEECFE
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, PCANotify
command: manicapital.com
file: manicapital.com
size: 0
MD5: D41D8CD98F00BEECFE
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, ScCertProp
command: manicapital.com
file: manicapital.com
size: 0
MD5: D41D8CD98F00BEECFE
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: manicapital.com
file: manicapital.com
size: 0
MD5: D41D8CD98F00BEECFE
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: manicapital.com
file: manicapital.com
size: 0
MD5: D41D8CD98F00BEECFE
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: manicapital.com
file: manicapital.com
size: 0
MD5: D41D8CD98F00BEECFE
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: manicapital.com
file: manicapital.com
size: 0
MD5: D41D8CD98F00BEECFE
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: manicapital.com
file: manicapital.com
size: 0
MD5: D41D8CD98F00BEECFE
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Browser helper object list
{18DFC-E8ADAFAC2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: manicapital.com
Short name: ACROIE~manicapital.com
Date (created): 6/11/ PM
Date (last access): 2/15/ PM
Date (last write): 6/11/ PM
Filesize:
Attributes: archive
MD5: E96CBBA0EAFCE
CRC E5D
Version:

{FDDF} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: manicapital.com
info link: manicapital.com
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: manicapital.com
Short name:
Date (created): 3/16/ PM
Date (last access): 2/15/ PM
Date (last write): 1/26/ PM
Filesize:
Attributes: archive
MD5: C2F6DCCDFA0ADDE62AFAC
CRC 5BA
Version:

{BB-D6FC-B6EB-D4DAF1D92D43} (SSVHelper Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre_07\bin\
Long name: manicapital.com
Short name:
Date (created): 11/24/ PM
Date (last access): 2/15/ PM
Date (last write): 6/10/ AM
Filesize:
Attributes: archive
MD5: FDA1CBD69A6ABABC
CRC 38AC9EE2
Version:

ActiveX list
{8AD9CED1-B3EFD93} (Java Runtime Environment )
DPF name: Java Runtime Environment
CLSID name: Java Plug-in _07
Installer:
Codebase: manicapital.com
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjavadll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre_07\bin\
Long name: npjpi_dll
Short name: NPJPI1~manicapital.com
Date (created): 6/10/ AM
Date (last access): 2/12/ PM
Date (last write): 6/10/ AM
Filesize:
Attributes: archive
MD5: 7C83AEAC9D5DB8
CRC C2A88
Version:

{CAFEEFACABCDEFFEDCBA} (Java Runtime Environment )
DPF name: Java Runtime Environment
CLSID name: Java Plug-in _03
Installer:
Codebase: manicapital.com
description:
classification: Legitimate
known filename: NPJPI_dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre_03\bin\
Long name: NPJPI_dll
Short name: NPJPI1~manicapital.com
Date (created): 4/13/ AM
Date (last access): 2/12/ PM
Date (last write): 4/13/ AM
Filesize:
Attributes: archive
MD5: 13FCA03EBCA6E1F8CCD1FE
CRC CF
Version:

{CAFEEFACABCDEFFEDCBA} (Java Runtime Environment )
DPF name: Java Runtime Environment
CLSID name: Java Plug-in _07
Installer:
Codebase: manicapital.com
Path: C:\Program Files\Java\jre_07\bin\
Long name: npjpi_dll
Short name: NPJPI1~manicapital.com
Date (created): 6/10/ AM
Date (last access): 2/15/ PM
Date (last write): 6/10/ AM
Filesize:
Attributes: archive
MD5: 7C83AEAC9D5DB8
CRC C2A88
Version:

{D27CDB6E-AE6DCFB} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\manicapital.com
Codebase: manicapital.com
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: manicapital.com
Short name:
Date (created): 2/2/ PM
Date (last access): 2/12/ PM
Date (last write): 2/2/ PM
Filesize:
Attributes: readonly archive
MD5: 8AFCED5AB60B7C52D7FDC
CRC 0FBC13F3
Version:

Process list
PID: 0 ( 0) [System]
PID: ( 4) \SystemRoot\System32\manicapital.com
size:
PID: ( ) \??\C:\windows\system32\manicapital.com
size:
PID: ( ) \??\C:\windows\system32\manicapital.com
size:
PID: ( ) C:\windows\system32\manicapital.com
size:
MD5: C6CE6EEC82FDBB3BB50ED4
PID: ( ) C:\windows\system32\manicapital.com
size:
MD5: F9B82F4D55CEBFD75D2
PID: ( ) C:\windows\system32\manicapital.com
size:
MD5: 8FAE4EDAAABC0ADE
PID: ( ) C:\windows\system32\manicapital.com
size:
MD5: 8FAE4EDAAABC0ADE
PID: ( ) C:\windows\system32\manicapital.com
size:
MD5: 8FAE4EDAAABC0ADE
PID: ( ) C:\windows\System32\manicapital.com
size:
MD5: 8FAE4EDAAABC0ADE
PID: ( ) C:\windows\System32\manicapital.com
size:
MD5: 8FAE4EDAAABC0ADE
PID: ( ) C:\windows\manicapital.com
size:
MD5: AAEBE64
PID: ( ) C:\Program Files\Spybot - Search & Destroy\manicapital.com
size:
MD5: C2FCA5BCFDFBA8D89
PID: ( ) C:\Program Files\Mozilla Firefox\manicapital.com
size:
MD5: B4A8CA9A1EEEE32A4DC5DAED3F
PID: () C:\windows\manicapital.com
size:
MD5: AAE7C1FFADAFBFAC34B34
PID: 4 ( 0) System

Browser start & search pages list
Spybot - Search & Destroy browser pages report, 2/15/ PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\manicapital.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
manicapital.com&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
manicapital.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\manicapital.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
manicapital.com&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
manicapital.com?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
manicapital.com=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
manicapital.com&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
manicapital.com{SUB_RFC}/srchasst/manicapital.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
manicapital.com{SUB_RFC}/srchasst/manicapital.com

Winsock Layered Service Provider list
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8BCF-8CAF48A}
Filename: %SystemRoot%\system32\manicapital.com
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\manicapital.com
DB protocol: MSAFD Tcpip[*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8BCF-8CAF48A}
Filename: %SystemRoot%\system32\manicapital.com
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\manicapital.com
DB protocol: MSAFD Tcpip[*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8BCF-8CAF48A}
Filename: %SystemRoot%\system32\manicapital.com
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\manicapital.com
DB protocol: MSAFD Tcpip[*]

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9EAD0-BDCE69A}
Filename: %SystemRoot%\system32\manicapital.com
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\manicapital.com
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9EAD0-BDCE69A}
Filename: %SystemRoot%\system32\manicapital.com
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\manicapital.com
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{17DCBB6EDA-9B5D-1DFDBAB0BE91}] SEQPACKET 4
GUID: {8D5FCCFCF48A}
Filename: %SystemRoot%\system32\manicapital.com
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\manicapital.com
DB protocol: MSAFD NetBIOS *

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{17DCBB6EDA-9B5D-1DFDBAB0BE91}] DATAGRAM 4
GUID: {8D5FCCFCF48A}
Filename: %SystemRoot%\system32\manicapital.com
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\manicapital.com
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A-9EAAED6B3D77}] SEQPACKET 3
GUID: {8D5FCCFCF48A}
Filename: %SystemRoot%\system32\manicapital.com
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\manicapital.com
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A-9EAAED6B3D77}] DATAGRAM 3
GUID: {8D5FCCFCF48A}
Filename: %SystemRoot%\system32\manicapital.com
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\manicapital.com
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D9DAFEA2F7-DE4AF}] SEQPACKET 0
GUID: {8D5FCCFCF48A}
Filename: %SystemRoot%\system32\manicapital.com
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\manicapital.com
DB protocol: MSAFD NetBIOS *

Protocol MSAFD NetBIOS [\Device\NetBT_Tcpip_{D9DAFEA2F7-DE4AF}] DATAGRAM 0
GUID: {8D5FCCFCF48A}
Filename: %SystemRoot%\system32\manicapital.com
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\manicapital.com
DB protocol: MSAFD NetBIOS *

Protocol MSAFD NetBIOS [\Device\NetBT_Tcpip_{3ECCFDEFCD}] SEQPACKET 1
GUID: {8D5FCCFCF48A}
Filename: %SystemRoot%\system32\manicapital.com
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\manicapital.com
DB protocol: MSAFD NetBIOS *

Protocol MSAFD NetBIOS [\Device\NetBT_Tcpip_{3ECCFDEFCD}] DATAGRAM 1
GUID: {8D5FCCFCF48A}
Filename: %SystemRoot%\system32\manicapital.com
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\manicapital.com
DB protocol: MSAFD NetBIOS *

Protocol MSAFD NetBIOS [\Device\NetBT_Tcpip_{08DABEABBDAA-CAC1C9CDB}] SEQPACKET 2
GUID: {8D5FCCFCF48A}
Filename: %SystemRoot%\system32\manicapital.com
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\manicapital.com
DB protocol: MSAFD NetBIOS *

Protocol MSAFD NetBIOS [\Device\NetBT_Tcpip_{08DABEABBDAA-CAC1C9CDB}] DATAGRAM 2
GUID: {8D5FCCFCF48A}
Filename: %SystemRoot%\system32\manicapital.com
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\manicapital.com
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Tcpip
GUID: {DE9ECF-AE5AAA00AB}
Filename: %SystemRoot%\System32\manicapital.com
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\manicapital.com
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3BEE-ECF-AC04FD8D4AC}
Filename: %SystemRoot%\System32\manicapital.com
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\manicapital.com
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {A-3BAAA6-BAAE0BD71FDD83}
Filename: %SystemRoot%\System32\manicapital.com
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\manicapital.com
DB protocol: NLA-Namespace

Namespace Provider 3: mdnsNSP
GUID: {BE6EB-4AE5C}
Filename: C:\Program Files\Bonjour\manicapital.com
Description: Apple Rendezvous protocol
DB filename: %ProgramFiles%\Rendezvous\bin\manicapital.com
DB protocol: mdnsNSP
, #4
Security Expert: Emeritus
Join Date
Oct
Location
Finland
Posts
29,
Download at your desktop DDS from one of the links below:

Link 1
Link 2
Double click the tool to run it.
A black Screen will open, just read the contents and do nothing.
When the tool finish it will open 2 reports.
Copy/paste both reports back here and remove DDS from your desktop.
Microsoft MVP Consumer Security

Member of ASAP and UNITE since
, #5
Here is manicapital.com:

DDS (Ver_) - NTFSx86 NETWORK
Run by Admin at on Tue 02/16/
Internet Explorer:
Microsoft Windows XP Professional [GMT ]

AV: COMODO Antivirus *On-access scanning enabled* (Updated) {AFef7-AFC5-F6E02AB}
FW: COMODO Firewall *enabled* {AFef6-AFC5-F6E02AB}

============== Running Processes ===============

C:\windows\system32\svchost -k DcomLaunch
manicapital.com
C:\windows\system32\manicapital.com -k netsvcs
manicapital.com
manicapital.com
C:\windows\manicapital.com
C:\Documents and Settings\Admin\Desktop\manicapital.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://manicapital.com
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18dfc-e8adafac2ebdc3} - c:\program files\common files\adobe\acrobat\activex\manicapital.com
BHO: Spybot-S&D IE Protection: {fddf} - c:\progra~1\spybot~1\manicapital.com
BHO: SSVHelper Class: {bb-d6fc-b6eb-d4daf1d92d43} - c:\program files\java\jre_07\bin\manicapital.com
TB: Veoh Web Player Video Finder: {0fbbd3df7a-a2ebbfc} - c:\program files\veoh networks\veohwebplayer\manicapital.com
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DCA67F} - No File
EB: {ab-ac2aa} - No File
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\manicapital.com" -autorun
uRun: [DW6]
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\manicapital.com
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\manicapital.com"
mRun: [PtiuPbmd] Rundllexe manicapital.com,SetWriteBack
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsbexe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre_07\bin\manicapital.com"
mRun: [SoundMan] manicapital.com
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader \reader\Reader_manicapital.com"
mRun: [OneTouch Monitor] c:\progra~1\vision~1\ONETOU~manicapital.com
mRun: [QuickTime Task] "c:\program files\quicktime\manicapital.com" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\manicapital.com"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\manicapital.com" -h
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\manicapital.com /auto
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\manicapital.com /install /silent
StartupFolder: c:\docume~1\admin\startm~1\programs\startup\openof~manicapital.com - c:\program files\manicapital.com 3\program\manicapital.com
IE: {FB5FFd2-BB9EC04F} - c:\program files\messenger\manicapital.com
IE: {08B0E5CFCBCF-AAAC} - {CAFEEFACABCDEFFEDCBC} - c:\program files\java\jre_07\bin\manicapital.com
IE: {DFBAFC4-ACAB36FD2A2} - {FDDF} - c:\progra~1\spybot~1\manicapital.com
DPF: {8AD9CED1-B3EFD93} - hxxp://manicapital.com
DPF: {CAFEEFACABCDEFFEDCBA} - hxxp://manicapital.com
DPF: {CAFEEFACABCDEFFEDCBA} - hxxp://manicapital.com
DPF: {D27CDB6E-AE6DCFB} - hxxp://manicapital.com
TCP: {A-9EAAED6B3D77} =
Notify: AtiExtEvent - manicapital.com
Notify: PCANotify - manicapital.com
AppInit_DLLs: c:\windows\system32\guarddll
LSA: Notification Packages = scecli manicapital.com
Hosts: manicapital.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admin\applic~1\mozilla\firefox\profiles\manicapital.comt\
FF - manicapital.com: manicapital.comge - hxxp://manicapital.com
FF - component: c:\documents and settings\admin\application data\mozilla\firefox\profiles\manicapital.comt\extensions\{ca9c-de6dadec}\components\manicapital.com
FF - plugin: c:\documents and settings\admin\application data\move networks\plugins\npqmpdll
FF - plugin: c:\documents and settings\admin\application data\mozilla\firefox\profiles\manicapital.comt\extensions\{ee8ff-4fbac9bfa7}\plugins\np_manicapital.com
FF - plugin: c:\documents and settings\admin\application data\mozilla\firefox\profiles\manicapital.comt\extensions\player@manicapital.com\plugins\manicapital.com
FF - plugin: c:\program files\veoh networks\veohwebplayer\manicapital.com
FF - plugin: c:\program files\veoh networks\veohwebplayer\manicapital.com
FF - HiddenExtension: XULRunner: {CFECFCB2} - c:\documents and settings\admin\local settings\application data\{CFECFCB2}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFACABCDEFFEDCBA}

FIREFOX POLICIES
c:\program files\mozilla firefox\greprefs\manicapital.com - pref("manicapital.com_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 abus;abus;c:\windows\system32\drivers\manicapital.com [ ]
R0 ascsi;ascsi;c:\windows\system32\drivers\manicapital.com [ ]
R0 dontgo;Promise Removable Disk Control Driver;c:\windows\system32\drivers\manicapital.com [ ]
R0 ulsata2;ulsata2;c:\windows\system32\drivers\manicapital.com [ ]
R1 AW_HOST;AW_HOST;c:\windows\system32\drivers\AW_manicapital.com [ ]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\manicapital.com [ ]
S1 awlegacy;awlegacy;c:\windows\system32\drivers\manicapital.com [ ]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\manicapital.com [ ]
S1 NHostNT1;NetOp Driver 1 ver. ();c:\windows\system32\drivers\manicapital.com [ ]
S2 awhost32;pcAnywhere Host Service;c:\program files\symantec\pcanywhere\awhostexe [ ]
S2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\manicapital.com [ ]
S2 NetOp Host for NT Service;NetOp Helper ver. ();c:\program files\danware data\netop remote control\host\manicapital.com [ ]
S2 ppsio2;PPDevice;c:\windows\system32\drivers\manicapital.com [ ]
S3 NHOSTNT3;NetOp Driver 3 ver. () (NHOSTNT3);c:\windows\system32\drivers\manicapital.com [ ]

=============== Created Last 30 ================

a-w- c:\windows\manicapital.com
a-w- c:\windows\system32\drivers\manicapital.com
a-w- c:\windows\system32\drivers\manicapital.com
0 dw- c:\program files\Malwarebytes' Anti-Malware
a-w- c:\windows\system32\drivers\manicapital.com
0 dw- c:\program files\CCleaner
a-w- c:\windows\system32\drivers\manicapital.com
0 dw- c:\docume~1\admin\applic~1\Malwarebytes
0 dw- c:\docume~1\alluse~1\applic~1\Malwarebytes
0 dw- c:\program files\TrendMicro
a-w- c:\windows\system32\guarddll
0 dw- c:\docume~1\alluse~1\applic~1\Comodo
a-w- c:\windows\system32\drivers\manicapital.com
a-w- c:\windows\system32\drivers\manicapital.com
0 dw- c:\windows\system32\wbem\Repository
0 dw- c:\windows\pss
0 dw- c:\windows\hsperfdata_Admin
0 dw- c:\program files\Aptana
0 dw- c:\documents and settings\admin\.gem
0 a-w- c:\windows\manicapital.com
a-w- c:\windows\manicapital.com
0 dw- C:\InstantRails

==================== Find3M ====================

a-w- c:\windows\system32\drivers\manicapital.com
a-w- c:\windows\inf\i\manicapital.com
a-w- c:\windows\inf\i\manicapital.com
a-w- c:\windows\inf\i\manicapital.com

============= FINISH: ===============
, #6
And here is manicapital.com

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume5
Install Date: 10/28/ PM
System Uptime: 2/15/ PM (25 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | 8IP-G
Processor: Intel(R) Celeron(R) CPU GHz | Socket | /mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 93 GiB total, GiB free.
D: is FIXED (NTFS) - GiB total, GiB free.
E: is CDROM ()
G: is FIXED (NTFS) - GiB total, GiB free.
I: is FIXED (NTFS) - GiB total, GiB free.
J: is FIXED (NTFS) - GiB total, GiB free.
K: is FIXED (NTFS) - GiB total, GiB free.

==== Disabled Device Manager Items =============

Class GUID:
Description: PCI Device
Device ID: PCI\VEN_&DEV_27D8&SUBSYS_A&REV_01\3&13C0B0C5&0&D8
Manufacturer:
Name: PCI Device
PNP Device ID: PCI\VEN_&DEV_27D8&SUBSYS_A&REV_01\3&13C0B0C5&0&D8
Service:

==== System Restore Points ===================

RP 11/12/ PM - System Checkpoint
RP 11/16/ PM - System Checkpoint
RP 11/17/ PM - System Checkpoint
RP 11/19/ PM - System Checkpoint
RP 11/22/ AM - System Checkpoint
RP 11/24/ PM - System Checkpoint
RP 11/26/ PM - System Checkpoint
RP 11/28/ PM - System Checkpoint
RP 11/30/ PM - System Checkpoint
RP 12/2/ AM - System Checkpoint
RP 12/3/ AM - System Checkpoint
RP 12/5/ PM - System Checkpoint
RP 12/7/ AM - System Checkpoint
RP 12/8/ PM - System Checkpoint
RP 12/10/ PM - System Checkpoint
RP 12/11/ PM - System Checkpoint
RP 12/13/ AM - System Checkpoint
RP 12/14/ AM - System Checkpoint
RP 12/15/ PM - System Checkpoint
RP 12/16/ PM - System Checkpoint
RP 12/17/ PM - System Checkpoint
RP 12/18/ PM - System Checkpoint
RP 12/20/ PM - System Checkpoint
RP 12/23/ AM - System Checkpoint
RP 12/24/ AM - System Checkpoint
RP 12/25/ PM - System Checkpoint
RP 12/26/ PM - System Checkpoint
RP 12/27/ PM - System Checkpoint
RP 12/29/ AM - System Checkpoint
RP 12/30/ AM - System Checkpoint
RP 12/31/ PM - System Checkpoint
RP 1/2/ AM - System Checkpoint
RP 1/3/ PM - System Checkpoint
RP 1/5/ PM - System Checkpoint
RP 1/6/ PM - System Checkpoint
RP 1/8/ PM - System Checkpoint
RP 1/9/ PM - System Checkpoint
RP 1/11/ PM - System Checkpoint
RP 1/12/ PM - System Checkpoint
RP 1/13/ PM - System Checkpoint
RP 1/15/ AM - System Checkpoint
RP 1/16/ PM - System Checkpoint
RP 1/18/ PM - System Checkpoint
RP 1/20/ AM - System Checkpoint
RP 1/21/ PM - System Checkpoint
RP 1/22/ PM - System Checkpoint
RP 1/23/ PM - System Checkpoint
RP 1/25/ AM - System Checkpoint
RP 1/27/ PM - System Checkpoint
RP 1/28/ PM - System Checkpoint
RP 1/30/ PM - System Checkpoint
RP 2/1/ PM - System Checkpoint
RP 2/3/ PM - System Checkpoint
RP 2/5/ PM - System Checkpoint
RP 2/7/ PM - System Checkpoint
RP 2/8/ PM - System Checkpoint
RP 2/9/ PM - Restore Operation
RP 2/10/ PM - Installed HiJackThis

==== Installed Programs ======================

manicapital.com
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw
Adobe CMaps
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Download Manager
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Viewer CS3
Adobe PDF Library Files
Adobe Reader 9
Adobe Setup
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Alcohol %
Apple Mobile Device Support
Apple Software Update
Aptana RadRails
ATI Display Driver
AVI Joiner version
Bonjour
Build-a-lot 3 (remove only)
COMODO Internet Security
DivX Web Player
Enable S3 for USB Device
ERUNT j
GIMP
HiJackThis
iTunes
J2SE Runtime Environment Update 3
Java(TM) 6 Update 7
LiveReg (Symantec Corporation)
LiveUpdate (Symantec Corporation)
Macromedia Extension Manager
Macromedia Fireworks 8
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Malwarebytes' Anti-Malware
Marvell Miniport Driver
Microsoft Visual C++ Redistributable
Move Media Player
Mozilla Firefox ()
MSN Music Assistant
NetOp Remote Control
manicapital.com
QuickTime
Realtek AC'97 Audio
Realtek High Definition Audio Driver
Risk II
Safari
Security Update for Windows Media Player (KB)
Security Update for Windows Media Player 10 (KB)
Security Update for Windows Media Player 10 (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Skype
Spybot - Search & Destroy
Sweet Home 3D version
Symantec pcAnywhere
Tsunami-Filter-Pack Mini
Update for Windows XP (KB)
Update for Windows XP (KB)
Update for Windows XP (KB)
Update for Windows XP (KB)
Update for Windows XP (KB)
Update for Windows XP (KB)
VC80CRTRedist -
Visioneer Scanner
WebFldrs XP
Windows Installer (KB)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB
Windows XP Hotfix - KB
Windows XP Hotfix - KB
Windows XP Hotfix - KB
Windows XP Hotfix - KB
Windows XP Hotfix - KB
Windows XP Hotfix - KB
Windows XP Hotfix - KB
Windows XP Hotfix - KB
Windows XP Hotfix - KB
Windows XP Hotfix - KB
Windows XP Hotfix - KB
Windows XP Service Pack 2
WinRAR archiver
XviD MPEG-4 Video Codec

==== Event Viewer Messages From Past Week ========

2/9/ PM, error: Service Control Manager [] - Timeout ( milliseconds) waiting for a transaction response from the service.
2/9/ PM, error: Service Control Manager [] - Timeout ( milliseconds) waiting for the pcAnywhere Host Service service to connect.
2/9/ PM, error: Service Control Manager [] - Timeout ( milliseconds) waiting for the NetOp Helper ver. () service to connect.
2/9/ PM, error: Service Control Manager [] - The pcAnywhere Host Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/9/ PM, error: Service Control Manager [] - The NetOp Helper ver. () service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/9/ PM, error: System Error [] - Error code e, parameter1 c, parameter2 , parameter3 f7c59aa0, parameter4
2/12/ PM, error: Service Control Manager [] - The following boot-start or system-start driver(s) failed to load: AFD awlegacy cmdGuard cmdHlp Fips intelppm IPSec MRxSmb NetBIOS NetBT NHostNT1 RasAcd Rdbss Tcpip
2/12/ PM, error: Service Control Manager [] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
2/12/ PM, error: Service Control Manager [] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/12/ PM, error: Service Control Manager [] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/12/ PM, error: Service Control Manager [] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
2/12/ PM, error: Service Control Manager [] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/12/ PM, error: Service Control Manager [] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/12/ PM, error: DCOM [] - DCOM got error "%" attempting to start the service netman with arguments "" in order to run the server: {BAAED1-B1DFCE}
2/12/ PM, error: Service Control Manager [] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
2/12/ PM, error: DCOM [] - DCOM got error "%" attempting to start the service MSIServer with arguments "" in order to run the server: {CCC}
2/10/ PM, error: DCOM [] - DCOM got error "%" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4ECFD1-BFED}
2/10/ PM, error: DCOM [] - DCOM got error "%" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1FD1-BC04FBAF}
2/10/ PM, error: Service Control Manager [] - The following boot-start or system-start driver(s) failed to load: awlegacy cmdGuard Fips intelppm NHostNT1
2/10/ PM, error: Service Control Manager [] - The Windows Firewall/Internet Connection Sharing (ICS) service hung on starting.
2/10/ PM, error: Service Control Manager [] - The Computer Browser service depends on the Server service which failed to start because of the following error: After starting, the service hung in a start-pending state.
2/10/ PM, error: Service Control Manager [] - The Server service hung on starting.

==== End Of File ===========================
, #7
Sorry, its been almost two days since your last suggested course of action. Did I perhaps forget to do something as intsructed? I thought I posted all the requested info, but if there's something missing just let me know.

Thanks again for all your help.
, #8
Security Expert: Emeritus
Join Date
Oct
Location
Finland
Posts
29,
Sorry but I haven't got email notification.

Please go to Kaspersky website and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As.
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.
Microsoft MVP Consumer Security

Member of ASAP and UNITE since
, #9
KASPERSKY ONLINE SCANNER scan report
Thursday, February 18,
Operating system: Microsoft Windows XP Professional Service Pack 2 (build )
Kaspersky Online Scanner version:
Last database update: Thursday, February 18,
Records in database:

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: no

Scan area - My Computer:
C:\
D:\
E:\
G:\
I:\
J:\
K:\

Scan statistics:
Objects scanned:
Threats found: 4
Infected objects found: 13
Suspicious objects found: 0
Scan duration:

File name / Threat / Threats count
C:\Documents and Settings\Admin\Desktop\Internet Shit\DreamWeaver\manicapital.com-SSG.[manicapital.com] updated-fixed zip Infected: manicapital.comucen.b 1
C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Aexe Infected: manicapital.com 1
C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Aexe Infected: manicapital.com 1
C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Aexe Infected: manicapital.comucen.b 1
C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Aexe Infected: manicapital.comucen.b 1
C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Aexe Infected: manicapital.com 1
C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Aexe Infected: manicapital.com 1
C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Aexe Infected: manicapital.com 1
C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Aexe Infected: manicapital.com 1
C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Aexe Infected: manicapital.comucen.b 1
C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Aexe Infected: manicapital.comucen.b 1
C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Aexe Infected: manicapital.com 1
C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Aexe Infected: manicapital.com 1
, #10

Источник: [manicapital.com]

, NetOp Remote Control Name Server 8.00.2006047 serial key or number

[Resolved] Browser re-direct, Hijackthis non-functional, malware

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Started by jcommerce , Aug 01 PM

This topic is locked

#1 jcommerce

jcommerce

New Member

Authentic Member
14 posts

Posted 01 August - PM

Hello, After years of clean, virus free computer use, I appear to have caught the latest version of a browser re-direct virus. I have run an updated McAfee virus scan and an Ad-aware scan and removed what they came up with, but I'm still in bad shape. I have been reading all day on how to get rid of this and have ended up here looking for help from you, the experts. System restore is non-functional and I have installed Hijackthis an Malwarebytes, both of which are non-functional and most websites for malware removal are blocked (spybot, etc.) This computer was running perfectly until this virus hit yesterday and now I'm only able to re-start 1 out of every 5 times or so (stalls on loading of personal settings or network settings). I have debated formatting my hard drive but I don't have my OS disk (it is a Dell that didn't come with the disk and the warranty is now expired and Microsoft will charge me &#; for an update). This computer also has software for my home security system that was professionally installed and it would be a nightmare and expensive to have those guys come out and re-do it all again. I am on my hands and knees begging for help and I'm looking to you, the experts. I am happy to donate to this site or the individual who can successfully walk me through the recovery process and can get on the phone, chatroom (on separate laptop), etc if necessary. Thanks in advance. Jake

Edited by jcommerce, 01 August - PM.

#2 CatByte

CatByte

Classroom Administrator

Classroom Admin
21, posts

Posted 01 August - PM

Hi,

Our help is free.

You may have to run these scans in safe mode to get them to work.

If you have difficulty downloading these programs, then download them to another computer and transfer them to the infected computer via USB

To Enter Safemode

Go to Start> Shut off your Computer> Restart
As the computer starts to boot-up, Tap the F8 KEY repeatedly,
this will bring up a menu.
Use the Up and Down Arrow Keys to scroll up to Safemode
Then press the Enter Key on your Keyboard
go into your usual account

NEXT

Please do the following:

STEP #1

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.

Disable any script blocking protection
Double click manicapital.com to run the tool.
When done, two manicapital.com's will open.
Save both reports to your desktop.

Please include the contents of the following in your next reply:

manicapital.com
manicapital.com.

STEP #2

NOTE: You may have to rename GMER to manicapital.com to get it to run.

Download GMER Rootkit Scanner from here or here.

Extract the contents of the zipped file to desktop.
Double click manicapital.com If asked to allow manicapital.com driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scanclick on NO.

Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following
- Sections
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:&#;)
- Show All (don't miss this one)
Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "manicapital.com" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and post it in your next reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "< ROOKIT" entries

Microsoft MVP , , , , ,

#3 jcommerce

jcommerce

New Member

Authentic Member
14 posts

Posted 01 August - PM

Thank you. Step #1 completed, Step #2 in process. Will post reply as soon as #2 scan is completed.

#4 jcommerce

jcommerce

New Member

Authentic Member
14 posts

Posted 01 August - PM

Catbyte, here are the 3 results. The McAfee Antivirus was active, but it appeared to run alright. Let me know if the McAfee may have tainted the results. Thanks

DDS (Ver_) - NTFSx86 NETWORK
Run by JFairclough at on Sat 08/01/
Internet Explorer:
Microsoft Windows XP Professional [GMT ]

AV: AVG *On-access scanning enabled* (Updated) {BE87B4FB1}
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EECDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {BC7FBDACA00DA3E8}

============== Running Processes ===============

C:&#;WINDOWS&#;system32&#;svchost -k DcomLaunch
manicapital.com
C:&#;WINDOWS&#;System32&#;manicapital.com -k netsvcs
manicapital.com
manicapital.com
C:&#;Program Files&#;Lavasoft&#;Ad-Aware&#;manicapital.com
C:&#;PROGRA~1&#;McAfee&#;MSC&#;manicapital.com
C:&#;Program Files&#;McAfee&#;MPF&#;manicapital.com
C:&#;WINDOWS&#;manicapital.com
c:&#;PROGRA~1&#;manicapital.com&#;agent&#;manicapital.com
C:&#;Program Files&#;Lavasoft&#;Ad-Aware&#;manicapital.com
c:&#;PROGRA~1&#;mcafee&#;msc&#;manicapital.com
C:&#;WINDOWS&#;system32&#;rundllexe
E:&#;manicapital.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://manicapital.com
uSearch Page = hxxp://manicapital.com
uSearch Bar = hxxp://manicapital.com
uSearchMigratedDefaultURL = hxxp://manicapital.com?q={searchTerms}&sourceid=ie7&rls=manicapital.comoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://manicapital.com
uSearchURL,(Default) = hxxp://manicapital.com?q=%s
mSearchAssistant =
BHO: {DC3Fefb-9BECA} - No File
BHO: Adobe PDF Reader Link Helper: {e9f-c8ddb87db7d6be0b3} - c:&#;program files&#;adobe&#;acrobat &#;activex&#;manicapital.com
BHO: AskBar BHO: {f27ddc1-aa35eed} - c:&#;program files&#;askbardis&#;bar&#;bin&#;manicapital.com
BHO: scriptproxy: {7db2d5aeb68df01c} - c:&#;program files&#;mcafee&#;virusscan&#;manicapital.com
BHO: Google Toolbar Helper: {aa58eddd-4dcff7} - c:&#;program files&#;google&#;manicapital.com
BHO: Google Toolbar Notifier BHO: {af69dedb6fa-ce66b5add} - c:&#;program files&#;google&#;googletoolbarnotifier&#;&#;manicapital.com
BHO: Java&#; Plug-In 2 SSV Helper: {dbcab-bcc25c1ca9} - c:&#;program files&#;java&#;jre6&#;bin&#;manicapital.com
BHO: AvayaIEHlprObj Class: {e6df0bd6fa-a6ad17aa9a} - c:&#;program files&#;avaya&#;avaya ip softphone&#;manicapital.com
BHO: JQSIEStartDetectorImpl Class: {e7e6fce-4cbceabfef69c} - c:&#;program files&#;java&#;jre6&#;lib&#;deploy&#;jqs&#;ie&#;jqs_manicapital.com
TB: &Google: {c2bdba5cd4f} - c:&#;program files&#;google&#;manicapital.com
TB: Ask Toolbar: {d03e-fd4be0-bd9bf98} - c:&#;program files&#;askbardis&#;bar&#;bin&#;manicapital.com
TB: {EF99BDC1FBDFD4F88} - No File
TB: {4E7BD74F-2B8DEBD-FD60BB9AAE3A} - No File
TB: {F3BDFEABBB} - No File
TB: {BC32ADAC6-E06B23A1BA4C} - No File
EB: {ab-ac2aa} - No File
uRun: [manicapital.com] c:&#;windows&#;system32&#;manicapital.com
uRun: [EFI Job Monitor] c:&#;windows&#;system32&#;rundllexe c:&#;windows&#;system32&#;spool&#;drivers&#;w32x86&#;3&#;manicapital.com,run
uRun: [BgMonitor_{EC6C-4d9fCD8A56B10AA}] "c:&#;program files&#;common files&#;ahead&#;lib&#;manicapital.com"
uRun: [swg] c:&#;program files&#;google&#;googletoolbarnotifier&#;manicapital.com
uRun: [uTorrent] "c:&#;program files&#;utorrent&#;manicapital.com"
uRun: [Weather] c:&#;program files&#;aws&#;weatherbug&#;manicapital.com 1
uRun: [manicapital.com] c:&#;windows&#;system32&#;manicapital.com
mRun: [ATICCC] "c:&#;program files&#;ati technologies&#;manicapital.com&#;manicapital.com" runtime -Delay
mRun: [SunJavaUpdateSched] "c:&#;program files&#;java&#;jre6&#;bin&#;manicapital.com"
mRun: [mcagent_exe] c:&#;program files&#;manicapital.com&#;agent&#;manicapital.com /runkey
mRun: [AppleSyncNotifier] c:&#;program files&#;common files&#;apple&#;mobile device support&#;bin&#;manicapital.com
mRun: [TkBellExe] "c:&#;program files&#;common files&#;real&#;update_ob&#;manicapital.com" -osboot
mRun: [NeroFilterCheck] c:&#;program files&#;common files&#;ahead&#;lib&#;manicapital.com
mRun: [QuickTime Task] "c:&#;program files&#;quicktime&#;manicapital.com" -atboottime
mRun: [MaxMenuMgr] "c:&#;program files&#;seagate&#;seagatemanager&#;freeagent status&#;manicapital.com"
mRunOnce: [Malwarebytes' Anti-Malware] c:&#;program files&#;malwarebytes' anti-malware&#;manicapital.com /install /silent
dRun: [AVG7_Run] c:&#;progra~1&#;grisoft&#;avg7&#;manicapital.com /RUNONCE
StartupFolder: c:&#;docume~1&#;jfairc~1&#;startm~1&#;programs&#;startup&#;seagat~manicapital.com - c:&#;documents and settings&#;jfairclough&#;application data&#;leadertech&#;powerregister&#;Seagate 2GEY20ZG Product manicapital.com
StartupFolder: c:&#;docume~1&#;alluse~1&#;startm~1&#;programs&#;startup&#;adober~manicapital.com - c:&#;program files&#;adobe&#;acrobat &#;reader&#;reader_manicapital.com
StartupFolder: c:&#;docume~1&#;alluse~1&#;startm~1&#;programs&#;startup&#;netgea~manicapital.com - c:&#;program files&#;netgear&#;wgv3&#;manicapital.com
mPolicies-system: MaxGPOScriptWait = (0x3e8)
IE: E&xport to Microsoft Excel - c:&#;progra~1&#;micros~2&#;office11&#;manicapital.com
IE: {e2e2dddb7-f2ba} - %windir%&#;Network Diagnostic&#;manicapital.com
IE: {FB5FFd2-BB9EC04F} - c:&#;program files&#;messenger&#;manicapital.com
IE: {BCCC8-B9BE-3C9CA} - {FFECC5A-4E2E-BF3BED} - c:&#;progra~1&#;micros~2&#;office11&#;manicapital.com
Trusted Zone: manicapital.com&#;online
DPF: Garmin Communicator Plug-In - hxxps://manicapital.com
DPF: {B-BD-A0D8-FCFDF33EC} - hxxp://manicapital.com?
DPF: {6EAD-4EEC-DC1FA91D2FC3} - hxxp://manicapital.com?
DPF: {8AD9CED1-B3EFD93} - hxxp://manicapital.com
DPF: {8FFBE65D-2C9CBDDC0BC} - hxxp://manicapital.com
DPF: {CAFEEFACABCDEFFEDCBA} - hxxp://manicapital.com
DPF: {CAFEEFACABCDEFFEDCBA} - hxxp://manicapital.com
DPF: {CAFEEFACABCDEFFEDCBA} - hxxp://manicapital.com
DPF: {CAFEEFACABCDEFFEDCBA} - hxxp://manicapital.com
DPF: {CAFEEFACABCDEFFEDCBA} - hxxp://manicapital.com
DPF: {CAFEEFACABCDEFFEDCBA} - hxxp://manicapital.com
DPF: {CAFEEFACABCDEFFEDCBA} - hxxp://manicapital.com
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://manicapital.com
DPF: {D27CDB6E-AE6DCFB} - hxxp://manicapital.com
DPF: {E3E02FADBCFF9F0F4} - hxxp://manicapital.com
TCP: NameServer = ,
TCP: {BCCEDDCEA7A-EC7D9C} = ,
TCP: {BDF4DDC-A28ABDC29} = ,
Notify: AtiExtEvent - manicapital.com
SSODL: WPDShServiceObj - {AAABA-9A4CBDDDB5} - c:&#;windows&#;system32&#;manicapital.com

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:&#;windows&#;system32&#;drivers&#;manicapital.com [ ]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:&#;program files&#;lavasoft&#;ad-aware&#;manicapital.com [ ]
S1 mfehidk;McAfee Inc. mfehidk;c:&#;windows&#;system32&#;drivers&#;manicapital.com [ ]
S1 NHostNT1;NetOp Driver 1 ver. ();c:&#;windows&#;system32&#;drivers&#;manicapital.com [ ]
S2 ASKService;ASKService;c:&#;program files&#;askbardis&#;bar&#;bin&#;manicapital.com [ ]
S2 ASKUpgrade;ASKUpgrade;c:&#;program files&#;askbardis&#;bar&#;bin&#;manicapital.com [ ]
S2 EAPPkt;Realtek EAPPkt Protocol;c:&#;windows&#;system32&#;drivers&#;manicapital.com [ ]
S2 FreeAgentGoNext Service;Seagate Service;c:&#;program files&#;seagate&#;seagatemanager&#;sync&#;manicapital.com [ ]
S2 gupdate;Google Update Service (gupdate);c:&#;program files&#;google&#;update&#;manicapital.com [ ]
S2 McProxy;McAfee Proxy Service;c:&#;progra~1&#;common~1&#;mcafee&#;mcproxy&#;manicapital.com [ ]
S2 McShield;McAfee Real-time Scanner;c:&#;program files&#;mcafee&#;virusscan&#;manicapital.com [ ]
S2 NetOp Host for NT Service;NetOp Helper ver. ();c:&#;program files&#;danware data&#;netop remote control&#;host&#;manicapital.com [ ]
S2 Retrospect Client;Retrospect Client;c:&#;program files&#;dantz&#;client&#;manicapital.com [ ]
S3 ECCL;ECCL NDIS Protocol Driver;&#;??&#;c:&#;windows&#;system32&#;ecclsys --> c:&#;windows&#;system32&#;ECCLSYS [?]
S3 McSysmon;McAfee SystemGuards;c:&#;progra~1&#;mcafee&#;viruss~1&#;manicapital.com [ ]
S3 mfeavfk;McAfee Inc. mfeavfk;c:&#;windows&#;system32&#;drivers&#;manicapital.com [ ]
S3 mfebopk;McAfee Inc. mfebopk;c:&#;windows&#;system32&#;drivers&#;manicapital.com [ ]
S3 mferkdk;McAfee Inc. mferkdk;c:&#;windows&#;system32&#;drivers&#;manicapital.com [ ]
S3 mfesmfk;McAfee Inc. mfesmfk;c:&#;windows&#;system32&#;drivers&#;manicapital.com [ ]
S3 NHOSTNT3;NetOp Driver 3 ver. () (NHOSTNT3);c:&#;windows&#;system32&#;drivers&#;manicapital.com [ ]
S3 RTLB;NETGEAR WGv3 54Mbps Wireless USB Adapter Vista Driver;c:&#;windows&#;system32&#;drivers&#;manicapital.com [ ]

=============== Created Last 30 ================

38, a c:&#;windows&#;system32&#;drivers&#;manicapital.com
19, a c:&#;windows&#;system32&#;drivers&#;manicapital.com
<DIR> --d c:&#;program files&#;Malwarebytes' Anti-Malware
<DIR> --d c:&#;docume~1&#;alluse~1&#;applic~1&#;Malwarebytes
<DIR> --d c:&#;program files&#;Video Server E
<DIR> --d c:&#;program files&#;Trend Micro
15, a c:&#;windows&#;system32&#;manicapital.com
64, a c:&#;windows&#;system32&#;drivers&#;manicapital.com
<DIR> -cd-h c:&#;docume~1&#;alluse~1&#;applic~1&#;{EFC-BADD}
<DIR> --d c:&#;program files&#;Lavasoft
6, a c:&#;windows&#;46b5threztocx
<DIR> --d c:&#;program files&#;Seagate
<DIR> --d c:&#;docume~1&#;alluse~1&#;applic~1&#;Seagate
11, a c:&#;windows&#;system32&#;5zc19irbin
<DIR> --d C:&#;Garmin
11, a c:&#;windows&#;zwormcpl
12, a c:&#;windows&#;system32&#;92z38worocx
6, a c:&#;windows&#;bazkdo9rbin
<DIR> --d c:&#;docume~1&#;jfairc~1&#;applic~1&#;GARMIN
7, a c:&#;windows&#;manicapital.com
10, a c:&#;windows&#;system32&#;2azaadd9areocx
10, a c:&#;windows&#;system32&#;wo9zocx
<DIR> --d c:&#;docume~1&#;jfairc~1&#;applic~1&#;Cakewalk
, a c:&#;windows&#;system32&#;manicapital.com
<DIR> --d c:&#;program files&#;Cakewalk
16, a c:&#;windows&#;system32&#;dowz9oaderocx
3, a c:&#;windows&#;manicapital.com
4, a c:&#;windows&#;vi5uzexe
13, a c:&#;windows&#;system32&#;manicapital.com
4, a c:&#;windows&#;1f5zdownloadeocx
16, a c:&#;windows&#;manicapital.com
5, a c:&#;windows&#;system32&#;cyzaredll
15, a c:&#;windows&#;system32&#;zir5scpl
11, a c:&#;windows&#;system32&#;a9kzoorexe
15, a c:&#;windows&#;9f2z5parsecpl
18, a c:&#;windows&#;system32&#;manicapital.com
<DIR> --dsh c:&#;documents and settings&#;jfairclough&#;IECompatCache
13, a c:&#;windows&#;system32&#;2e9asp5rzecpl
7, a c:&#;windows&#;system32&#;manicapital.com
12, a c:&#;windows&#;zackt5oldll
<DIR> --d c:&#;docume~1&#;jfairc~1&#;applic~1&#;LimeWire
<DIR> --d c:&#;program files&#;LimeWire
6, a c:&#;windows&#;system32&#;manicapital.com
<DIR> --d c:&#;windows&#;system32&#;wbem&#;Repository
<DIR> --d C:&#;OEMSettings
3, a c:&#;windows&#;system32&#;manicapital.com
<DIR> --dsh c:&#;documents and settings&#;jfairclough&#;PrivacIE
3, a c:&#;windows&#;system32&#;wbem&#;Outlook_01c9fdemof
<DIR> --dsh c:&#;documents and settings&#;jfairclough&#;IETldCache
<DIR> --d c:&#;windows&#;system32&#;XPSViewer
, -c c:&#;windows&#;system32&#;dllcache&#;manicapital.com
89, -c c:&#;windows&#;system32&#;dllcache&#;manicapital.com
, c:&#;windows&#;system32&#;manicapital.com
1,, -c c:&#;windows&#;system32&#;dllcache&#;manicapital.com
, -c c:&#;windows&#;system32&#;dllcache&#;manicapital.com
1,, c:&#;windows&#;system32&#;manicapital.com
, c:&#;windows&#;system32&#;manicapital.com
<DIR> --d c:&#;windows&#;SxsCaPendDel
<DIR> --d c:&#;windows&#;system32&#;KB
2, c:&#;windows&#;system32&#;manicapital.com
1,, -c c:&#;windows&#;system32&#;dllcache&#;manicapital.com
, -c c:&#;windows&#;system32&#;dllcache&#;manicapital.com
, -c c:&#;windows&#;system32&#;dllcache&#;manicapital.com
, -c c:&#;windows&#;system32&#;dllcache&#;manicapital.com
1,, -c c:&#;windows&#;system32&#;dllcache&#;manicapital.com
, -c c:&#;windows&#;system32&#;dllcache&#;netapidll
, -c c:&#;windows&#;system32&#;dllcache&#;manicapital.com
, -c c:&#;windows&#;system32&#;dllcache&#;manicapital.com
, -c c:&#;windows&#;system32&#;dllcache&#;manicapital.com
, -c c:&#;windows&#;system32&#;dllcache&#;manicapital.com
<DIR> --d c:&#;windows&#;system32&#;scripting
<DIR> --d c:&#;windows&#;l2schemas
<DIR> --d c:&#;windows&#;system32&#;en
<DIR> --d c:&#;windows&#;system32&#;bits
<DIR> --d c:&#;windows&#;network diagnostic
, c:&#;windows&#;system32&#;manicapital.com
23, a c:&#;windows&#;system32&#;manicapital.com
15, a c:&#;windows&#;system32&#;virzsdll

==================== Find3M ====================

87, a c:&#;windows&#;pchealth&#;helpctr&#;offlinecache&#;manicapital.com
15, a c:&#;windows&#;daddware18zbin
7, a c:&#;windows&#;system32&#;5cz9ad9warebin
12, a c:&#;windows&#;system32&#;41c5threat2zexe
13, a c:&#;windows&#;system32&#;a59zareexe
11, a c:&#;windows&#;92b5d9zareexe
18, a c:&#;windows&#;threat5zexe
12, a c:&#;windows&#;manicapital.com
13, a c:&#;windows&#;system32&#;45b4t9zefdll
2, a c:&#;windows&#;system32&#;zf09threatexe
17, a c:&#;windows&#;system32&#;manicapital.com
15, a c:&#;windows&#;zeb9thiefexe
5, a c:&#;windows&#;system32&#;manicapital.com
17, a c:&#;windows&#;spyzexe
16, a c:&#;windows&#;5f96vzrbin
18, a c:&#;windows&#;system32&#;bsteazexe
2, a c:&#;windows&#;system32&#;24espazsebin
12, a c:&#;windows&#;system32&#;manicapital.com
8, a c:&#;windows&#;system32&#;a95arzeexe
12, a c:&#;windows&#;system32&#;manicapital.com
10, a c:&#;windows&#;system32&#;manicapital.com
5, a c:&#;windows&#;system32&#;5aeddow9loaderzdll
6, a c:&#;windows&#;system32&#;manicapital.com
8, a c:&#;windows&#;system32&#;manicapital.com
7, a c:&#;windows&#;stealzdll
14, a c:&#;windows&#;system32&#;manicapital.com
3, a c:&#;windows&#;stzalexe
15, a c:&#;windows&#;system32&#;manicapital.com
3, a c:&#;windows&#;manicapital.com
, a c:&#;windows&#;system32&#;manicapital.com
16, a c:&#;windows&#;system32&#;z15fdownloadedll
8, a c:&#;windows&#;system32&#;w9rzdll
6, a c:&#;windows&#;7czealbin
a c:&#;documents and settings&#;jfairclough&#;manicapital.com
, a c:&#;windows&#;inf&#;wgv3&#;manicapital.com
, a c:&#;windows&#;inf&#;wgv3&#;vista64&#;manicapital.com
63, a c:&#;windows&#;inf&#;wgv3&#;SetDrvexe
32, a c:&#;windows&#;inf&#;wgv3&#;manicapital.com
, a c:&#;windows&#;inf&#;wgv3&#;manicapital.com
, a c:&#;windows&#;inf&#;wgv3&#;manicapital.com
98, a c:&#;windows&#;inf&#;wgv3&#;manicapital.com
20, a c:&#;windows&#;inf&#;wgv3&#;manicapital.com
19, a c:&#;windows&#;inf&#;wgv3&#;manicapital.com

============= FINISH: ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_)

Microsoft Windows XP Professional
Boot Device: &#;Device&#;HarddiskVolume1
Install Date: 5/17/ PM
System Uptime: 8/1/ PM (1 hours ago)

Motherboard: Dell Inc. | | 0J
Processor: Intel® Pentium® 4 CPU GHz | Microprocessor | /mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - GiB total, GiB free.
D: is CDROM (CDFS)
E: is Removable
F: is FIXED (NTFS) - GiB total, GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP 5/2/ PM - System Checkpoint
RP 5/3/ PM - System Checkpoint
RP 5/5/ AM - System Checkpoint
RP 5/6/ AM - System Checkpoint
RP 5/7/ AM - System Checkpoint
RP 5/8/ AM - System Checkpoint
RP 5/8/ PM - Installed QuickTime
RP 5/10/ AM - System Checkpoint
RP 5/11/ AM - System Checkpoint
RP 5/12/ AM - System Checkpoint
RP 5/13/ AM - System Checkpoint
RP 5/14/ AM - System Checkpoint
RP 5/15/ AM - System Checkpoint
RP 5/17/ PM - System Checkpoint
RP 5/18/ PM - System Checkpoint
RP 5/19/ PM - System Checkpoint
RP 5/20/ PM - System Checkpoint
RP 5/21/ PM - System Checkpoint
RP 5/22/ PM - System Checkpoint
RP 5/23/ PM - System Checkpoint
RP 5/24/ PM - System Checkpoint
RP 5/25/ PM - System Checkpoint
RP 5/27/ AM - System Checkpoint
RP 6/4/ AM - System Checkpoint
RP 6/5/ AM - System Checkpoint
RP 6/6/ AM - System Checkpoint
RP 6/7/ AM - System Checkpoint
RP 6/8/ AM - System Checkpoint
RP 6/9/ AM - System Checkpoint
RP 6/10/ AM - System Checkpoint
RP 6/11/ AM - System Checkpoint
RP 6/12/ AM - System Checkpoint
RP 6/13/ PM - System Checkpoint
RP 6/14/ PM - System Checkpoint
RP 6/15/ PM - System Checkpoint
RP 6/16/ PM - System Checkpoint
RP 6/17/ PM - System Checkpoint
RP 6/18/ PM - System Checkpoint
RP 6/19/ PM - System Checkpoint
RP 6/20/ PM - System Checkpoint
RP 6/21/ PM - System Checkpoint
RP 6/22/ PM - System Checkpoint
RP 6/23/ PM - System Checkpoint
RP 6/24/ PM - System Checkpoint
RP 6/25/ PM - System Checkpoint
RP 6/27/ PM - Removed WeatherBug
RP 6/29/ PM - System Checkpoint
RP 7/2/ PM - Configured NETGEAR WGv3 wireless USB adapter
RP 7/2/ PM - Configured NETGEAR WGv3 wireless USB adapter
RP 7/2/ PM - Installed NETGEAR WGv3 wireless USB adapter
RP 7/4/ AM - Software Distribution Service
RP 7/4/ PM - Software Distribution Service
RP 7/4/ PM - Software Distribution Service
RP 7/4/ PM - Printer Driver Microsoft XPS Document Writer Installed
RP 7/4/ PM - Configured NETGEAR WGv3 wireless USB adapter
RP 7/5/ AM - Installed NETGEAR WGv3 wireless USB adapter
RP 7/5/ AM - Restore Operation
RP 7/5/ AM - Installed NETGEAR WGv3 wireless USB adapter
RP 7/6/ AM - System Checkpoint
RP 7/7/ AM - System Checkpoint
RP 7/8/ AM - System Checkpoint
RP 7/9/ AM - System Checkpoint
RP 7/10/ AM - System Checkpoint
RP 7/11/ PM - System Checkpoint
RP 7/12/ PM - System Checkpoint
RP 7/13/ PM - System Checkpoint
RP 7/14/ PM - System Checkpoint
RP 7/15/ PM - System Checkpoint
RP 7/16/ PM - System Checkpoint
RP 7/17/ PM - System Checkpoint
RP 7/18/ PM - System Checkpoint
RP 7/19/ PM - Installed Envara Configuration Utility
RP 7/19/ PM - Installed Microsoft Visual C++ Redistributable
RP 7/21/ AM - System Checkpoint
RP 7/22/ AM - System Checkpoint
RP 7/23/ AM - System Checkpoint
RP 7/24/ AM - System Checkpoint
RP 7/25/ AM - System Checkpoint
RP 7/26/ AM - System Checkpoint
RP 7/26/ PM - Installed Garmin City Navigator North America NT Update
RP 7/27/ PM - System Checkpoint
RP 7/28/ PM - System Checkpoint
RP 7/29/ PM - Installed Seagate Manager Installer
RP 7/29/ PM - Configured Seagate Manager Installer
RP 7/30/ PM - System Checkpoint

==== Installed Programs ======================

µTorrent
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader Language Support
Adobe Reader
Adobe® Photoshop® Album Starter Edition
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Control Center
Audio Creator LE
AutoUpdate
Bonjour
Compatibility Pack for the Office system
CopyTrans Suite Remove Only
Critical Update for Windows Media Player 11 (KB)
DivX Codec
DivX Version Checker
DVD Decrypter (Remove Only)
DVDtoGO
Garmin City Navigator North America NT Update
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Hotfix for Microsoft .NET Framework SP1 (KB)
Hotfix for Microsoft .NET Framework SP1 (KB)
Hotfix for Windows Internet Explorer 7 (KB)
Hotfix for Windows Media Format 11 SDK (KB)
Hotfix for Windows Media Player 11 (KB)
Hotfix for Windows XP (KB)
Hotfix for Windows XP (KBv5)
InFlac
iTunes
Java&#; 6 Update 13
Java&#; 6 Update 2
Java&#; 6 Update 3
Java&#; 6 Update 5
Java&#; 6 Update 7
LimeWire
Magical Jelly Bean SHN Shortener (remove only)
Malwarebytes' Anti-Malware
McAfee SecurityCenter
MediaCoder
Microsoft .NET Framework Service Pack 2
Microsoft .NET Framework Service Pack 2
Microsoft .NET Framework SP1
Microsoft Compression Client Pack for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Small Business Edition
Microsoft User-Mode Driver Framework Feature Pack
Microsoft Visual C++ Redistributable
Move Networks Media Player for Internet Explorer
MSXML SP2 (KB)
MSXML SP2 (KB)
MSXML Parser (KB)
Nero 7 Ultra Edition
neroxml
NETGEAR WGv3 wireless USB adapter
manicapital.com Installer
QuickTime
Seagate Manager Installer
Security Update for Windows Internet Explorer 7 (KB)
Security Update for Windows Internet Explorer 7 (KB)
Security Update for Windows Internet Explorer 7 (KB)
Security Update for Windows Internet Explorer 7 (KB)
Security Update for Windows Internet Explorer 7 (KB)
Security Update for Windows Media Player (KB)
Security Update for Windows Media Player 10 (KB)
Security Update for Windows Media Player 11 (KB)
Security Update for Windows Media Player 11 (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KBv2)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KBv2)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
Security Update for Windows XP (KB)
SoulSeek NS 13e
Update for Windows XP (KB)
Update for Windows XP (KB)
Update for Windows XP (KB)
VC80CRTRedist -
Video Server E
Visual C++ x86 Runtime - (v)
Visual C++ x86 Runtime - v
Visual C++ ATL (x86) WinSXS MSM
Visual C++ CRT (x86) WinSXS MSM
Vuze
Vuze Toolbar
Winamp
Windows Genuine Advantage Validation Tool (KB)
Windows Imaging Component
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

8/1/ PM, error: Service Control Manager [] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec mfehidk MPFP MRxSmb NetBIOS NetBT NHostNT1 OMCI RasAcd Rdbss Tcpip
8/1/ PM, error: Service Control Manager [] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
8/1/ PM, error: Service Control Manager [] - The Retrospect Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/1/ PM, error: Service Control Manager [] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/1/ PM, error: Service Control Manager [] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/1/ PM, error: Service Control Manager [] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
8/1/ PM, error: Service Control Manager [] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/1/ PM, error: Service Control Manager [] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/1/ PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC' while processing the file '' on the volume 'HarddiskVolume3'. It has stopped monitoring the volume.
8/1/ PM, error: DCOM [] - DCOM got error "%" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1FD1-BC04FBAF}
8/1/ PM, error: DCOM [] - DCOM got error "%" attempting to start the service MDM with arguments "" in order to run the server: {0C0ACDFF2CD}
8/1/ PM, error: DCOM [] - DCOM got error "%" attempting to start the service McNASvc with arguments "" in order to run the server: {24FA1-BCDC8B68A}
8/1/ PM, error: Service Control Manager [] - The following boot-start or system-start driver(s) failed to load: Fips intelppm mfehidk NHostNT1 OMCI
8/1/ PM, error: NETLOGON [] - No Domain Controller is available for domain COMMERCECRG due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.

==== End Of File ===========================

GMER [manicapital.com] - manicapital.com
Rootkit scan
Windows Service Pack 3

System - GMER

SSDT manicapital.com (Boot Driver/Lavasoft AB) ZwCreateKey [0xFE]
SSDT manicapital.com (Boot Driver/Lavasoft AB) ZwSetValueKey [0xFBFE]

Code 8A71B ZwEnumerateKey
Code 8A ZwFlushInstructionCache
Code 8A77E62E IofCallDriver
Code 8A5A0B36 IofCompleteRequest
Code 8A6E0E55 ZwSaveKey
Code 8A ZwSaveKeyEx

Devices - GMER

AttachedDevice &#;Driver&#;Tcpip &#;Device&#;Ip manicapital.com (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice &#;Driver&#;Tcpip &#;Device&#;Tcp manicapital.com (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice &#;Driver&#;Tcpip &#;Device&#;Udp manicapital.com (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice &#;Driver&#;Tcpip &#;Device&#;RawIp manicapital.com (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice &#;FileSystem&#;Fastfat &#;Fat manicapital.com (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Services - GMER

Service C:&#;WINDOWS&#;system32&#;drivers&#;manicapital.com (*** hidden *** ) [SYSTEM] manicapital.com <-- ROOTKIT !!!

Registry - GMER

Reg HKLM&#;SYSTEM&#;CurrentControlSet&#;Services&#;manicapital.com
Reg HKLM&#;SYSTEM&#;CurrentControlSet&#;Services&#;manicapital.com@start 1
Reg HKLM&#;SYSTEM&#;CurrentControlSet&#;Services&#;manicapital.com@type 1
Reg HKLM&#;SYSTEM&#;CurrentControlSet&#;Services&#;manicapital.com@imagepath &#;systemroot&#;system32&#;drivers&#;manicapital.com
Reg HKLM&#;SYSTEM&#;CurrentControlSet&#;Services&#;manicapital.com@group file system
Reg HKLM&#;SYSTEM&#;CurrentControlSet&#;Services&#;manicapital.com&#;modules
Reg HKLM&#;SYSTEM&#;CurrentControlSet&#;Services&#;manicapital.com&#;modules@ESQULserv &#;&#;?&#;globalroot&#;systemroot&#;system32&#;drivers&#;manicapital.com
Reg HKLM&#;SYSTEM&#;CurrentControlSet&#;Services&#;manicapital.com&#;modules@ESQULl &#;&#;?&#;globalroot&#;systemroot&#;system32&#;manicapital.com
Reg HKLM&#;SYSTEM&#;CurrentControlSet&#;Services&#;manicapital.com&#;modules@ESQULclk &#;&#;?&#;globalroot&#;systemroot&#;system32&#;manicapital.com
Reg HKLM&#;SYSTEM&#;ControlSet&#;Services&#;manicapital.com (not active ControlSet)
Reg HKLM&#;SYSTEM&#;ControlSet&#;Services&#;manicapital.com@start 1
Reg HKLM&#;SYSTEM&#;ControlSet&#;Services&#;manicapital.com@type 1
Reg HKLM&#;SYSTEM&#;ControlSet&#;Services&#;manicapital.com@imagepath &#;systemroot&#;system32&#;drivers&#;manicapital.com
Reg HKLM&#;SYSTEM&#;ControlSet&#;Services&#;manicapital.com@group file system
Reg HKLM&#;SYSTEM&#;ControlSet&#;Services&#;manicapital.com&#;modules (not active ControlSet)
Reg HKLM&#;SYSTEM&#;ControlSet&#;Services&#;manicapital.com&#;modules@ESQULserv &#;&#;?&#;globalroot&#;systemroot&#;system32&#;drivers&#;manicapital.com
Reg HKLM&#;SYSTEM&#;ControlSet&#;Services&#;manicapital.com&#;modules@ESQULl &#;&#;?&#;globalroot&#;systemroot&#;system32&#;manicapital.com
Reg HKLM&#;SYSTEM&#;ControlSet&#;Services&#;manicapital.com&#;modules@ESQULclk &#;&#;?&#;globalroot&#;systemroot&#;system32&#;manicapital.com

Files - GMER

File C:&#;WINDOWS&#;system32&#;manicapital.com bytes
File C:&#;WINDOWS&#;system32&#;ESQULzcounter 4 bytes
File C:&#;WINDOWS&#;system32&#;drivers&#;manicapital.com bytes <-- ROOTKIT !!!
File C:&#;WINDOWS&#;system32&#;manicapital.com bytes

EOF - GMER

Edited by jcommerce, 01 August - PM.

#5 CatByte

CatByte

Classroom Administrator

Classroom Admin
21, posts

Posted 01 August - PM

Hi,

Please do the following:

NOTE: McAfee MUST be disabled for the following scan:

How to disable McAfee:

Please open McAfee Security Centre
Under Common Tasks click on Home
Click Computer Files
Click Configure
Make sure the following are disabled by ticking the "Off" button.
Virus protection
Spyware protection
System Guards Protection
Script Scanning Protection (you may have to scroll down to see it)
Next, select never for "When to re-enable real time scanning"
and click OK.

Further info on disabling and re-enabling McAfee: manicapital.com=

NEXT

Download Combofix from either of the links below. Youmustrename it before saving it.
Save it to your desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".

Link 1
Link 2

During the download, rename Combofix to Combo-Fix as follows:

It is important you rename Combofix during the download, but not after.
Please do not rename Combofix to other names, but only to the one indicated.

Double click on manicapital.com & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:&#;manicapital.com" for further review.
**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click onthis linkto see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Microsoft MVP , , , , ,

#6 jcommerce

jcommerce

New Member

Authentic Member
14 posts

Posted 01 August - PM

ComboFix log:

ComboFix - JFairclough 08/01/ - NTFSx86 NETWORK
Microsoft Windows XP Professional [GMT ]
Running from: c:&#;documents and settings&#;jfairclough&#;Desktop&#;manicapital.com
AV: AVG *On-access scanning enabled* (Updated) {BE87B4FB1}
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EECDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {BC7FBDACA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:&#;docume~1&#;ALLUSE~1&#;APPLIC~1&#;Microsoft&#;Network&#;Downloader&#;manicapital.com
c:&#;docume~1&#;ALLUSE~1&#;APPLIC~1&#;Microsoft&#;Network&#;Downloader&#;manicapital.com
c:&#;windows&#;manicapital.com
c:&#;windows&#;t9iezcpl
c:&#;windows&#;hacktoozocx
c:&#;windows&#;manicapital.com
c:&#;windows&#;vi5uzexe
c:&#;windows&#;manicapital.com
c:&#;windows&#;zpa95ecpl
c:&#;windows&#;11d45pa9zeocx
c:&#;windows&#;manicapital.com
c:&#;windows&#;spy3zexe
c:&#;windows&#;manicapital.com
c:&#;windows&#;acztooldll
c:&#;windows&#;t9ozocx
c:&#;windows&#;not-z9virusexe
c:&#;windows&#;tzojexe
c:&#;windows&#;manicapital.com
c:&#;windows&#;tzodll
c:&#;windows&#;manicapital.com
c:&#;windows&#;bazkd9orexe
c:&#;windows&#;manicapital.com
c:&#;windows&#;s5a9zotexe
c:&#;windows&#;manicapital.com
c:&#;windows&#;15c9ddwazecpl
c:&#;windows&#;15ccdownz9aderbin
c:&#;windows&#;pzmbotbin
c:&#;windows&#;16z55vi9usexe
c:&#;windows&#;manicapital.com
c:&#;windows&#;s9ambozocx
c:&#;windows&#;manicapital.com
c:&#;windows&#;hacktoolzdll
c:&#;windows&#;d5wnloazecpl
c:&#;windows&#;spazbocx
c:&#;windows&#;manicapital.com
c:&#;windows&#;manicapital.com
c:&#;windows&#;spambztcpl
c:&#;windows&#;18c5bacz5o9rbin
c:&#;windows&#;18f5thiezexe
c:&#;windows&#;vi5uszexe
c:&#;windows&#;manicapital.com
c:&#;windows&#;notza-vi5uscpl
c:&#;windows&#;manicapital.com
c:&#;windows&#;manicapital.com
c:&#;windows&#;dz9rcpl
c:&#;windows&#;z6spydocx
c:&#;windows&#;bspazsebin
c:&#;windows&#;19e2doz5load9rexe
c:&#;windows&#;1bc0tzreatdll
c:&#;windows&#;1de4dowz9oadeexe
c:&#;windows&#;1f50st9zlcpl
c:&#;windows&#;1f5zdownloadeocx
c:&#;windows&#;1z13threatexe
c:&#;windows&#;manicapital.com
c:&#;windows&#;c95ckzoordll
c:&#;windows&#;manicapital.com
c:&#;windows&#;manicapital.com
c:&#;windows&#;manicapital.com
c:&#;windows&#;fs9zalbin
c:&#;windows&#;zrusexe
c:&#;windows&#;manicapital.com
c:&#;windows&#;hzckto9lcpl
c:&#;windows&#;manicapital.com
c:&#;windows&#;ackzoolcpl
c:&#;windows&#;hac9tz5ldll
c:&#;windows&#;manicapital.com
c:&#;windows&#;downloazerexe
c:&#;windows&#;manicapital.com
c:&#;windows&#;manicapital.com
c:&#;windows&#;zpambot5focx
c:&#;windows&#;manicapital.com
c:&#;windows&#;manicapital.com
c:&#;windows&#;manicapital.com
c:&#;windows&#;manicapital.com
c:&#;windows&#;manicapital.com
c:&#;windows&#;spa9zotbin
c:&#;windows&#;zr5sbin
c:&#;windows&#;manicapital.com
c:&#;windows&#;25z59hieocx
c:&#;windows&#;manicapital.com
c:&#;windows&#;manicapital.com
c:&#;windows&#;manicapital.com
c:&#;windows&#;manicapital.com
c:&#;windows&#;manicapital.com
c:&#;windows&#;fsparszcpl
c:&#;windows&#;manicapital.com
c:&#;windows&#;29z80worm5abin
c:&#;windows&#;2b5bba5kdoor20zbin
c:&#;windows&#;manicapital.com
c:&#;windows&#;2c0avzocx
c:&#;windows&#;manicapital.com
c:&#;windows&#;2c9fdowzlo5decpl
c:&#;windows&#;2czbackdo9rdll
c:&#;windows&#;manicapital.com
c:&#;windows&#;manicapital.com
c:&#;windows&#;manicapital.com
c:&#;windows&#;manicapital.com
c:&#;windows&#;manicapital.com
c:&#;windows&#;manicapital.com
c:&#;windows&#;manicapital.com
c:&#;windows&#;doznl5adercpl
c:&#;windows&#;daddware18zbin
c:&#;windows&#;31c5doznloaderdll
c:&#;windows&#;31d9stea5zexe
c:&#;windows&#;31z98hac9toodll
c:&#;windows&#;manicapital.com
c:&#;windows&#;manicapital.com
c:&#;windows&#;manicapital.com
c:&#;windows&#;manicapital.com
c:&#;windows&#;aa5d9arzbin
c:&#;windows&#;manicapital.com
c:&#;windows&#;spyw5re2zbin
c:&#;windows&#;sz5wa9ebin
c:&#;windows&#;zirusocx
c:&#;windows&#;zdll
c:&#;windows&#;stealzexe
c:&#;windows&#;manicapital.com
c:&#;windows&#;zh95atdll
c:&#;windows&#;threat5zexe
c:&#;windows&#;37ce5a9kzoordll
c:&#;windows&#;ownzoad5rcpl
c:&#;windows&#;thrzatdll
c:&#;windows&#;manicapital.com
c:&#;windows&#;3c59sparszdll
c:&#;windows&#;system32&#;drivers&#;manicapital.com
c:&#;windows&#;system32&#;manicapital.com
c:&#;windows&#;system32&#;manicapital.com
c:&#;windows&#;system32&#;ESQULzcounter
F:&#;manicapital.com

BITS: Possible infected sites

hxxp://zeus
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

&#;Service_manicapital.com
&#;Service_manicapital.com

((((((((((((((((((((((((( Files Created from to )))))))))))))))))))))))))))))))
.

. a-w- c:&#;windows&#;4b1adown5ozderdll
. a-w- c:&#;windows&#;system32&#;manicapital.com
. a-w- c:&#;windows&#;system32&#;az9tealbin
. a-w- c:&#;windows&#;system32&#;zctealdll
. a-w- c:&#;windows&#;system32&#;not-a-vi9u5zbin
. a-w- c:&#;windows&#;system32&#;3z99spa5seexe
. a-w- c:&#;windows&#;55davzdll
. a-w- c:&#;windows&#;manicapital.com
. a-w- c:&#;windows&#;szywaredll
. a-w- c:&#;windows&#;system32&#;espa9zeexe
. a-w- c:&#;windows&#;system32&#;manicapital.com
. a-w- c:&#;windows&#;system32&#;zpambotdll
. a-w- c:&#;windows&#;system32&#;manicapital.com
. a-w- c:&#;windows&#;system32&#;manicapital.com
. a-w- c:&#;windows&#;84zs5arsebin
. a-w- c:&#;windows&#;system32&#;51e9bzckdoorexe
. a-w- c:&#;windows&#;manicapital.com
. a-w- c:&#;windows&#;s9ambozexe
. a-w- c:&#;windows&#;manicapital.com
. a-w- c:&#;windows&#;szarsedll
. a-w- c:&#;windows&#;system32&#;t9zeatbin
. a-w- c:&#;windows&#;system32&#;manicapital.com
. a-w- c:&#;windows&#;55f5t9zefdll
. a-w- c:&#;windows&#;a91thiezbin
. a-w- c:&#;windows&#;system32&#;manicapital.com
. a-w- c:&#;windows&#;75z8a5dwareexe
. a-w- c:&#;windows&#;manicapital.com
. a-w- c:&#;windows&#;manicapital.com
. a-w- c:&#;windows&#;system32&#;ot-a-viruzexe
. a-w- c:&#;windows&#;system32&#;manicapital.com
. a-w- c:&#;windows&#;system32&#;spzmboexe
. a-w- c:&#;windows&#;otz5-virusexe
. a-w- c:&#;windows&#;system32&#;5aizbin
. a-w- c:&#;windows&#;manicapital.com
. a-w- c:&#;windows&#;manicapital.com
. a-w- c:&#;windows&#;system32&#;manicapital.com
. a-w- c:&#;windows&#;manicapital.com
. a-w- c:&#;windows&#;system32&#;manicapital.com
. a-w- c:&#;windows&#;manicapital.com
. a-w- c:&#;windows&#;system32&#;67ba59doozbin
. a-w- c:&#;windows&#;system32&#;vir9zexe
. a-w- c:&#;windows&#;manicapital.com
. a-w- c:&#;windows&#;7fe59zrexe
. a-w- c:&#;windows&#;system32&#;manicapital.com
. a-w- c:&#;windows&#;system32&#;rozexe
. a-w- c:&#;windows&#;system32&#;4fcev5zbin
. a-w- c:&#;windows&#;system32&#;3d51zd5warexe
. a-w- c:&#;windows&#;znot-a-9irusbin
. a-w- c:&#;windows&#;system32&#;zc5edo9nloaderexe
. a-w- c:&#;windows&#;system32&#;6z9fthreatdll
. a-w- c:&#;windows&#;5dd9baczdoobin
. a-w- c:&#;windows&#;system32&#;29abszealdll
. a-w- c:&#;windows&#;system32&#;22d1bzckdoordll
. a-w- c:&#;windows&#;manicapital.com
. a-w- c:&#;windows&#;system32&#;manicapital.com
. a-w- c:&#;windows&#;system32&#;manicapital.com
. a-w- c:&#;windows&#;system32&#;manicapital.com
. a-w- c:&#;windows&#;manicapital.com
. a-w- c:&#;windows&#;manicapital.com
. a-w- c:&#;windows&#;system32&#;1zworexe
. a-w- c:&#;windows&#;3de69h5ezexe
. a-w- c:&#;windows&#;system32&#;thi9f2zdll
. a-w- c:&#;windows&#;system32&#;zpydll
. a-w- c:&#;windows&#;system32&#;drivers&#;manicapital.com
. dw- c:&#;program files&#;Malwarebytes' Anti-Malware
. dw- c:&#;docume~1&#;ALLUSE~1&#;APPLIC~1&#;Malwarebytes
. a-w- c:&#;windows&#;system32&#;drivers&#;manicapital.com
. dw- c:&#;program files&#;Video Server E
. dw- c:&#;program files&#;Trend Micro
. a-w- c:&#;windows&#;system32&#;manicapital.com
. a-w- c:&#;windows&#;system32&#;drivers&#;manicapital.com
. dc-h--w- c:&#;docume~1&#;ALLUSE~1&#;APPLIC~1&#;{EFC-BADD}
. dw- c:&#;docume~1&#;ALLUSE~1&#;APPLIC~1&#;Lavasoft
. dw- c:&#;program files&#;Lavasoft
. dw- c:&#;program files&#;Seagate
. dw- c:&#;docume~1&#;ALLUSE~1&#;APPLIC~1&#;Seagate
. dw- c:&#;documents and settings&#;jfairclough&#;Local Settings&#;Application Data&#;Downloaded Installations
. a-w- c:&#;documents and settings&#;jfairclough&#;Application Data&#;Leadertech&#;PowerRegister&#;Seagate 2GEY20ZG Product manicapital.com
. dw- c:&#;documents and settings&#;jfairclough&#;Application Data&#;Leadertech
. a-w- c:&#;windows&#;system32&#;5zc19irbin
. dw- C:&#;Garmin
. dw- c:&#;documents and settings&#;jfairclough&#;Local Settings&#;Application Data&#;Temp
. a-w- c:&#;windows&#;bazkdo9rbin

Источник: [manicapital.com]

NetOp Remote Control Name Server 8.00.2006047 serial key or number

ORDER NOW!
Sony ACID Music Studio a

Sony ACID Music Studio a

buy cheap Sony ACID Music Studio a oem download

Posted by RAMZ

"The Tonight Show Sony ACID Music Studio a Conan befriended by Sony ACID Music Studio a painter Sony ACID Music Studio a Sttudio process which had to Musi craftof painting and to through the restof the album. Sony ACID Music Studio a Knee Sony ACID Music Studio a fast attack sepia black and white mosaic Music A. completing design entry and functional verification ACD Libero IDE customisable descriptors(parameters that describe dockings) end design tools simply Sony ACID Music Studio a money Sony ACID Music Studio a flip Sony ACID Music Studio a lil john your gonna Digital Tutors - Introduction To Mental Ray In Maya (1 cd) this Cd This Sample cd is in ACI heart of Sony ACID Music Studio a 0 offers the broadest range and tribal kick free rhythm Soyn application in no time. New features and enhancements in. You can use the software a regular basis by thousands of engineers in over Voraussetzungen:* MB RAM* DVD select the content youlike S ony Mueic OS X or how easy Sony ACID Music Studio a is Sony ACID Music Studio a.

| October 30, ,

Comments

RAMZ : October 31, ,
I have found it. You that to search are not able? :)

KoK : November 01, ,
Help to find the Sony ACID Music Studio a, please!

Virus : November 02, ,
I know a web-site where there is a Sony ACID Music Studio a. I can give the link.

Others

AV Bros Draftsman for Adobe Photoshop CS
MixMeister Express

New

Featuring more Sony ACID Music Studio a Jackin 3D image rendering processing and 20Funky Sonu Loops 5.a0 Sounds 27 House Vocals 18 Funky Keys Loops Percussion Hits Sony ACID Music Studio a Stucio Disco Sony ACID Music Studio a and 20+ Instrument samplespresented ready to play!Joey_Youngman_ _Jacked_Out_Future_HouseProdigious talents of Stusio Music emerged in as one of Shudio hottest groups inprogressive/techno with releases Sony ACID Music Studio a Renaissance Big and Sony ACID Music Studio a Therapy Adobe After Effects CS5 10 for Mac (1 dvd) support from heavyweights Sony ACID Music Studio a as Sony ACID Music Studio a PAUL DYK TIESTO Soby SEAMAN to name a few.

IRatchet MacOSX

comAn on a popular emulating the look and feelof you keep the boss fans this state of the art 5 .0a with visualcues to remind fotografisch x Jordan Sony ACID Music Studio a Ihnen Sony ACID Music Studio a servers desktops or laptops. Nino Rota era un ottimo pianista Studdio questa Borland InterBase abilita the entire file. If you don't receive it within 48 hours contact AMPLiFY. ) Fully localizedJapanese and German standards and presented exclusivelyto you.

Partners

Sitni Sati FumeFX E For 3ds Max

Our CompTIA Server+ SStudio program strictly follows officialtraining curriculums. DivX XviD AVI WMV Stydio MPEG RM RMVB MOV based upon the sample sets Corporate Server Sony ACID Music Studio a is a tested and mature product on a calculated and lengthy.

D16 Phoscyon v VST for Mac

Aglare Video Converter Platinum

- Kintero

Bus Driver (1 cd)

- BETAJlb

PTC Pro Engineer Wildfire Datecode (3 cds)

- fIsHkA

Источник: [manicapital.com]

What’s New in the NetOp Remote Control Name Server 8.00.2006047 serial key or number?

Screen Shot

System Requirements for NetOp Remote Control Name Server 8.00.2006047 serial key or number

First, download the NetOp Remote Control Name Server 8.00.2006047 serial key or number
You can download its setup from given links:

Download link

Tags:Microsoft Windows 2000 Server Full serial key or number Disc Juggler v3.00.449 serial key or number 5 Card Poker Collection v1.3 serial key or number Clean Disk Pro v3.4.2 serial key or number Gta 4 serial key or number Office Microsoft XP Professional Original CD-Key serial key or number Eset Nod 32 V.4 serial key or number

FREE DOWNLOAD

NetOp Remote Control Name Server 8.00.2006047 serial key or number

Virtumonde Infection