Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Problems with reconfigured network and Zinkwink malware.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Problems with reconfigured network and Zinkwink malware.

Unread postby Malware N00b » January 18th, 2012, 5:04 am

Hi, I have been directed here from: viewtopic.php?f=198&t=58919 I have a Belkin F5D9230-4 and the wired connections and a laptop I run through WIFI work fine, but one of my machines requires a G+ F5D7051 adapter. I have had it working, but the speed is very slow (I'm no more than 20 feet away from the router) and even then it is very temperamental. I know for a fact I have Zinkwink issues and have tried numerous remedies for that. Spybot cleared out a load of trackers last night and Malwarebytes did a full scan of the C drive this morning and found nothing. I have Netlimiter installed and use that to block most out going traffic. I'd like to get my WIFI adapter working and remove any malware, thanks.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29
Run by XXX at 8:23:38 on 2012-01-18
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.24567.13814 [GMT 0:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe
C:\Program Files\NetLimiter 3\nlsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\Pen_Tablet.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe
C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe
C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Program Files\Adobe\Adobe After Effects CS5.5\Support Files\AfterFX.exe
C:\Program Files (x86)\Common Files\Adobe\dynamiclink\CS5.5\dynamiclinkmanager.exe
C:\Program Files\Adobe\Adobe After Effects CS5.5\Support Files\32\Adobe QT32 Server.exe
C:\Program Files\Adobe\Adobe After Effects CS5.5\Support Files\AfterFX.exe
C:\Program Files\Adobe\Adobe After Effects CS5.5\Support Files\AfterFX.exe
C:\Program Files\Adobe\Adobe After Effects CS5.5\Support Files\AfterFX.exe
C:\Program Files\Adobe\Adobe After Effects CS5.5\Support Files\AfterFX.exe
C:\Program Files\Adobe\Adobe After Effects CS5.5\Support Files\AfterFX.exe
C:\Program Files\Adobe\Adobe After Effects CS5.5\Support Files\AfterFX.exe
C:\Program Files\Adobe\Adobe After Effects CS5.5\Support Files\AfterFX.exe
C:\Program Files\Adobe\Adobe After Effects CS5.5\Support Files\AfterFX.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\XXX\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\XXX\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\XXX\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\XXX\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\XXX\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\XXX\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\XXX\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\XXX\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\XXX\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mWinlogon: Userinit=userinit.exe,
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin

\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - C:\Program Files (x86)\FlashGet\jccatch.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live

\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - C:\Program Files (x86)\FlashGet\getflash.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
uRun: [AdobeBridge]
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun: [MRUTray] C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe
mRun: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe"
mRun: [Cpu Level Up help] "C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &Download All with FlashGet - C:\PROGRA~2\FlashGet\jc_all.htm
IE: &Download with FlashGet - C:\PROGRA~2\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office

\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: Interfaces\{2C853087-42E9-4DEF-94DC-56DC381649B8}\2456C6B696E6F574F505C65737F5D494D4F4F5138303137303 : DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{2C853087-42E9-4DEF-94DC-56DC381649B8}\2456C6B696E6F574F505C65737F5D494D4F4F5141453343453 : DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{2C853087-42E9-4DEF-94DC-56DC381649B8}\355434255445 : DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{2C853087-42E9-4DEF-94DC-56DC381649B8}\375636275647 : DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{45B37C61-8442-4276-93C9-76A7E3C66E45} : NameServer = 194.168.4.100,194.168.8.100
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin

\contributeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: FGCatchUrl: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll
BHO-X64: flashget urlcatch - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live

\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: FlashGet GetFlash Class: {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin

\contributeieplugin.dll
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun-x64: [MRUTray] C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe
mRun-x64: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe"
mRun-x64: [Cpu Level Up help] "C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe"
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 http://www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\06tzx32e.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://zinkwink.com/?tmp=redir_bho_bing ... &keywords=
FF - prefs.js: network.proxy.http - 220.227.90.238
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\XXX\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: keyword.URL - hxxp://zinkwink.com/?tmp=redir_bho_bing ... &keywords=
FF - user.js: keyword.enabled - 1
.
============= SERVICES / DRIVERS ===============
.
R0 mv91cons;Marvell 91xx Config Device Driver;C:\Windows\system32\DRIVERS\mv91cons.sys --> C:\Windows\system32\DRIVERS\mv91cons.sys [?]
R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 nltdi;nltdi;C:\Program Files\NetLimiter 3\nltdi.sys [2011-3-21 88200]
R1 nm3;Microsoft Network Monitor 3 Driver;C:\Windows\system32\DRIVERS\nm3.sys --> C:\Windows\system32\DRIVERS\nm3.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe [2011-1-23 90112]
R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 Marvell RAID;Marvell RAID Event Agent;C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe [2010-2-9 235560]
R2 MRUWebService;MRU Web Service;C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe [2008-6-12 24635]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-7 378984]
R2 TabletServicePen;TabletServicePen;C:\Windows\system32\Pen_Tablet.exe --> C:\Windows\system32\Pen_Tablet.exe [?]
R3 dhdusb.NTamd64;Belkin Wireless G Plus USB Network Adapter Service;C:\Windows\system32\DRIVERS\bcmusbdhdlh64.sys --> C:\Windows\system32\DRIVERS

\bcmusbdhdlh64.sys [?]
R3 NLNdisMP;NLNdisMP;C:\Windows\system32\DRIVERS\nlndis.sys --> C:\Windows\system32\DRIVERS\nlndis.sys [?]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-10

4925184]
R3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys

[?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18

138576]
S2 KMService;KMService; [x]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe

[2011-8-23 1431888]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE

[2010-1-22 30963576]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 NLNdisPT;NetLimiter Ndis Protocol Service;C:\Windows\system32\DRIVERS\nlndis.sys --> C:\Windows\system32\DRIVERS\nlndis.sys [?]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers

\rdpvideominiport.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 ZTEusbvoice;ZTE VoUSB Port;C:\Windows\system32\DRIVERS\ZTEusbvoice.sys --> C:\Windows\system32\DRIVERS\ZTEusbvoice.sys [?]
S3 ZTEusbwwan;ZTE MBN Miniport;C:\Windows\system32\DRIVERS\ZTEusbwwan.sys --> C:\Windows\system32\DRIVERS\ZTEusbwwan.sys [?]
S4 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-2-2 18656]
S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-7 136176]
S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-7 136176]
S4 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;C:\Program Files\Autodesk\3ds Max 2012\mentalimages

\satellite\raysat_3dsmax2012_64server.exe [2011-2-22 86016]
S4 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-4 2214504]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2012-01-18 06:08:33 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{08814FCD-2242-4D7D-A671-

39F284FF96A2}\offreg.dll
2012-01-17 21:10:21 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{08814FCD-2242-4D7D-A671-

39F284FF96A2}\mpengine.dll
2012-01-16 20:56:28 -------- d-----w- C:\Program Files (x86)\Belkin
2011-12-30 14:20:32 -------- d-----w- C:\Users\XXX\AppData\Roaming\Mobipocket
2011-12-30 14:18:47 -------- d-----w- C:\Program Files (x86)\Mobipocket.com
2011-12-25 11:53:38 -------- d-----w- C:\Users\XXX\AppData\Roaming\FlashGet
2011-12-25 11:53:34 -------- d-----w- C:\Program Files (x86)\FlashGet
2011-12-24 09:26:31 -------- d-----w- C:\ProgramData\SecTaskMan
2011-12-24 09:26:28 -------- d-----w- C:\Program Files (x86)\Security Task Manager
.
==================== Find3M ====================
.
2011-12-02 21:03:28 33019 ----a-w- C:\Windows\SysWow64\CoreAAC-uninstall.exe
2011-11-29 14:20:14 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-02 15:35:22 19025408 ----a-w- C:\Windows\System32\FEC6_AE_16Bit.dll
2011-11-02 15:35:22 18998784 ----a-w- C:\Windows\System32\FEC6_AE_8Bit.dll
2011-10-19 17:04:48 20480 ----a-w- C:\Program Files (x86)\DragDropFileList.exe
2007-07-17 11:13:45 61440 ----a-w- C:\Program Files (x86)\RGSGrowBounds.aex
.
============= FINISH: 8:23:57.19 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 23/01/2011 22:18:46
System Uptime: 18/01/2012 06:07:58 (2 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P6X58D-E
Processor: Intel(R) Core(TM) i7 CPU 950 @ 3.07GHz | LGA1366 | 3068/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 245.08 GiB free.
D: is FIXED (NTFS) - 1863 GiB total, 406.795 GiB free.
E: is FIXED (NTFS) - 1863 GiB total, 278.347 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: Renesas Electronics USB 3.0 Root Hub
Device ID: NUSB3\ROOT_HUB30\5&B235176&0
Manufacturer: Renesas Electronics
Name: Renesas Electronics USB 3.0 Root Hub
PNP Device ID: NUSB3\ROOT_HUB30\5&B235176&0
Service: nusb3hub
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
AC3Filter 1.63b
Acrobat.com
Adobe After Effects CS5 Third Party Content
Adobe After Effects CS5 Third Party Royalty Content
Adobe AIR
Adobe Audition 3.0
Adobe Community Help
Adobe Content Viewer
Adobe Creative Suite 5 Master Collection
Adobe Creative Suite 5.5 Master Collection
Adobe Download Assistant
Adobe Flash Player 10 ActiveX
Adobe Media Encoder CS5 Dolby X64
Adobe Media Encoder CS5 PCI X64
Adobe Media Player
Adobe OnLocation CS5 Royalty Content
Adobe Premiere Pro CS5 Third Party Royalty Content
Adobe Reader X (10.1.0)
Adobe Soundbooth CS5 Codecs
Adobe Soundbooth CS5 Royalty Codecs
Adobe Story
Adobe Widget Browser
Advanced Port Scanner v1.3
AI Suite
Apple Application Support
Apple Software Update
ASIO4ALL
ASUSUpdate
µTorrent
Audacity 1.3.13 (Unicode)
Autodesk Backburner 2012.0.0
Autodesk Content Service
Autodesk Design Review 2012
Autodesk Material Library 2012
Autodesk Material Library Base Resolution Image Library 2012
Autodesk Material Library Medium Resolution Image Library 2012
Avi2Dvd 0.6.4
AviSynth 2.5
Badaboom 1.2.1.74
Belkin Wireless G Plus USB Network Adapter Setup
Browser Configuration Utility
Camtasia Studio 7
Celtx (2.7)
Chinese Simplified Fonts Support For Adobe Reader 9
Composite Wizard
CoreAAC Audio Decoder (remove only)
CrystalDiskInfo 4.0.2
Cycore FX 1.0.1 for After Effects
CycoreFX HD 1.6 for After Effects
D3DX10
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DivX Setup
Duplicate Cleaner 2.0.6
EPU-6 Engine
FARO LS 1.1.406.58
ffdshow [rev 3299] [2010-03-03]
FL Studio 9
FlashGet 1.9.6.1073
FontExpert 2010
Google Chrome
Google Earth Pro
Google Update Helper
Haali Media Splitter
Hardcore
HASP HL Device Driver
HP Deskjet 1050 J410 series Help
IL Download Manager
Java Auto Updater
Java(TM) 6 Update 29
Juicer 3.85
Keying Suite 64-bit
LAME v3.98.3 for Audacity
Luxology modo 501 64-bit build 40017
Magic Bullet Colorista
Magic Bullet Looks
Magic Bullet Looks PPro
Magic Bullet Looks Vegas
Magic Bullet LooksBuilder
Magic Bullet Mojo Vegas
Magic Bullet Suite 64-bit
Malwarebytes' Anti-Malware
marvell 91xx driver
Marvell Miniport Driver
Marvell MRU V4
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mobipocket Reader 6.2
modo 501 content
Mozilla Firefox 5.0 (x86 en-GB)
MSVCRT
NEC Electronics USB 3.0 Host Controller Driver
Nero 7 Essentials
Nmap 5.51
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Opera 11.60
PandoraRecovery (Remove Only)
particleIllusion 3.0.4
PC Probe II
PDF Settings CS5
Pen Tablet
PFTrack V5.0
PoiZone
PxMergeModule
QuickTime
Realtek High Definition Audio Driver
REAPER
Recover Files 3.27
Red Giant PlaneSpace 64 bit
Red Giant Psunami
Red Giant Text Anarchy
RegAlyzer
Safari
Sawer
Security Task Manager 1.8d
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Skype Click to Call
Skype™ 5.5
Spybot - Search & Destroy
Total Video2Dvd 3.30
Toxic Biohazard
Trapcode EchoSpace
Trapcode Horizon
Trapcode Lux
Trapcode Particular
Trapcode SoundKeys
Trapcode Suite 64-bit
Trojan Remover 6.8.2
TurboV
Uniblue DriverScanner
Uniblue RegistryBooster
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553092)
VC80CRTRedist - 8.0.50727.6195
Vertus Fluid Mask 3 3.0.10
Vicon boujou 5.0
VirtualCloneDrive
VLC media player 1.1.11
VNC Free Edition 4.1.3
Vtune 7.13
Windows Installer Clean Up
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
WinPcap 4.1.2
WinRAR 4.01 (32-bit)
Xvid 1.2.2 final uninstall
.
==== Event Viewer Messages From Past Week ========
.
18/01/2012 08:04:15, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with

service-specific error %%-2147023143.
18/01/2012 06:08:44, Error: Service Control Manager [7000] - The KMService service failed to start due to the

following error: The system cannot find the path specified.
18/01/2012 06:08:43, Error: Service Control Manager [7000] - The Hardlock service failed to start due to the

following error: This driver has been blocked from loading
18/01/2012 06:08:43, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\Hardlock.SYS has been

blocked from loading due to incompatibility with this system. Please contact your software vendor for a

compatible version of the driver.
17/01/2012 21:04:23, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error

trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2979.0

Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com

Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version:

Previous Engine Version: 1.1.7903.0 Error code: 0x8024402c Error description: An unexpected

problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help

and Support.
15/01/2012 17:13:30, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error

state is 10.
.
==== End Of File ===========================
Malware N00b
Active Member
 
Posts: 5
Joined: January 17th, 2012, 7:59 pm
Advertisement
Register to Remove

Re: Problems with reconfigured network and Zinkwink malware.

Unread postby deltalima » January 18th, 2012, 5:21 pm

Microsoft Office Professional Plus 2010 is not available to home users and so this computer must be considered as business use, we do not work on business computers.

We can offer no further help.

This topic is now closed
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 282 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware