Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CyberNetNews.com_LuxandBlink.exe


  • This topic is locked This topic is locked
2 replies to this topic

#1 mystina

mystina

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 08 January 2011 - 08:53 AM

Hello Wonderful Volunteers!

It installs a program Luxand Blink that won't uninstall or manually delete. It keeps reappearing. ClamWin identified one of its dll files in System32 as a trojan. I deleted that dll. The main file LuxandBlinkTray.exe is still running and RKill did not terminate it. Now I am denied access to the folder Program Files\Luxand I got the program from: hxxp://cybernetnews.com/facial-recognition-login-windows/ where it linked me to their free version here: hxxp://www.mediafire.com/?kwmzlz3ge6mdd4z

Thanks so much for helping me get rid of this. I might have other infections, too...


DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by tina at 8:27:11.35 on Sat 01/08/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3836.1782 [GMT -6:00]

AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: COMODO Defense+ *Enabled/Updated* {DC3D0F8D-B138-AAAA-0339-560EB3387C28}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall *Enabled* {5F676F4C-DD6D-A47C-12D6-C449366C71EE}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Windows\system32\svchost.exe -k bthaudiosvc
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\NetTalk\nettalkl.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\explorer.exe
C:\Program Files\Luxand\Blink!\LuxandBlinkTray.exe
C:\Windows\System32\osk.exe
C:\PortableApps Local\PortableApps\Click-N-Type\Click-N-Type.exe
C:\PortableApps Local\PortableApps\FirefoxPortable\App\Firefox\firefox.exe
C:\PortableApps Local\PortableApps\FirefoxPortable\App\Firefox\plugin-container.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\PortableApps Local\PortableApps\ClamWin\bin\ClamWin.exe
C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe
C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
C:\Program Files (x86)\Trend Micro\Browser Guard 2010\BGUI.exe
C:\Program Files (x86)\Trend Micro\Browser Guard 2010\tmiegsrv.exe
C:\Users\tina\Documents\Downloads\Spybot\BleepingComputer\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://search.juno.com/search?action=minisearch&source=minisearch
uStart Page = hxxp://www.aol.com/
uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv73&r=27360310l135l03c4z125a4852x30p
uWindow Title = Windows Internet Explorer provided by Aeropost
uSearch Bar = hxxp://search.juno.com/search?action=minisearch&source=minisearch
mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv73&r=27360310l135l03c4z125a4852x30p
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv73&r=27360310l135l03c4z125a4852x30p
uInternet Settings,ProxyServer = http=
uSearchURL,(Default) = hxxp://search.juno.com/search?action=minisearch&source=minisearch
uURLSearchHooks: H - No File
mWinlogon: Userinit=C:\Windows\system32\userinit.exe,C:\Program Files (x86)\geswall\gswui.exe,
BHO: IE7Pro BHO: {00011268-e188-40df-a514-835fcd78b1bf} - C:\Program Files (x86)\IEPro\iepro.dll
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {9F3209E2-334B-41E9-B09C-703F398742E7} - No File
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TMIEGBHO Class: {f1ad4a42-ba52-47bc-89df-3f68f24c017f} - C:\Program Files (x86)\Trend Micro\Browser Guard 2010\TMAMS.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - C:\Program Files (x86)\WOT\WOT.dll
TB: FireShot: {6e6e744e-4d20-4ce3-9a7a-26dfffe22f68} -
TB: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
TB: TMBGBAR TOOLBAR: {c8137a8d-415d-450c-a1b1-d0c519d45296} - C:\Program Files (x86)\Trend Micro\Browser Guard 2010\tmieg.dll
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [Trend Micro RUBotted V2.0 Beta] C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
mRun: [Trend Micro Browser Guard v2.0 Beta] "C:\Program Files (x86)\Trend Micro\Browser Guard 2010\BGUI.EXE"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: + Offline &Explorer: Download the link - file://C:\PortableApps Local\PortableApps\Portable Offline Browser\Add_UrlO.htm
IE: + Offline E&xplorer: Download the current page - file://C:\PortableApps Local\PortableApps\Portable Offline Browser\Add_AllO.htm
IE: Add to &Evernote - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll/2000
IE: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download ALL with IDA
IE: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm
IE: Download remotely with IDA
IE: Download with IDA
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Lookup on Merriam Webster - file://C:\Program Files (x86)\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://C:\Program Files (x86)\ieSpell\wikipedia.HTM
IE: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46}
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49}
IE: {724d43aa-0d85-11d4-9908-00400523e39a}
IE: {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C}
IE: {000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - C:\Program Files (x86)\IEPro\iepro.dll
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - {B119EB0C-C021-46CF-85B0-34A760E0D5FE} - C:\Program Files (x86)\IEPro\iepro.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://support.gateway.com/support/profiler/PCPitStop.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_07-windows-i586.cab
DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {32C18848-947B-4F17-B330-002A6A2AEEEE} = 8.8.8.8,8.8.4.4
TCP: 2456C6B696E6F554E68616E6365646F575962756C6563737F5547363636464 = 8.8.8.8,8.8.4.4
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
SEH: GeSWall Shell Extension: {f6acc71c-420b-4a95-905c-c7534706813c} - C:\Program Files (x86)\geswall\gswshext.dll
BHO-X64: AutorunsDisabled - No File
BHO-X64: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: {9F3209E2-334B-41E9-B09C-703F398742E7} - No File
BHO-X64: IEGBH0 - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
BHO-X64: BrowserHelper Class: {EDF48A39-1442-463F-9F4E-F376A78D034A} - C:\Program Files (x86)\Livedrive\LivedriveExplorerExtensions.dll
BHO-X64: TMIEGBHO Class: {F1AD4A42-BA52-47BC-89DF-3F68F24C017F} - C:\Program Files (x86)\Trend Micro\Browser Guard 2010\X64\TMAMS64.dll
BHO-X64: TMIEGBHO - No File
BHO-X64: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No File
TB-X64: TMBGBAR TOOLBAR: {C8137A8D-415D-450C-A1B1-D0C519D45296} - C:\Program Files (x86)\Trend Micro\Browser Guard 2010\X64\tmieg64.dll
TB-X64: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB-X64: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
mRun-x64: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-4-13 55856]
R1 CbFs;CbFs;C:\Windows\System32\drivers\cbfs.sys [2010-4-2 191960]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdGuard.sys [2010-4-9 249496]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2010-4-9 33208]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-3-25 173984]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-11-2 203264]
R2 HFGService;Handsfree Headset Service;C:\Windows\system32\svchost.exe -k bthaudiosvc [2009-7-13 27136]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 27136]
R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2010-12-9 139840]
R2 NetTalkUsrLaunchService;NetTalkUsrLaunchService;C:\Program Files (x86)\NetTalk\nettalkl.exe --service --> C:\Program Files (x86)\NetTalk\nettalkl.exe --service [?]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-5-16 583640]
R2 RUBotSrv;Trend Micro RUBotted Service;C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [2011-1-8 439632]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-4-14 1153368]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2009-11-2 292864]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-11-2 317480]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-3-25 40832]
R3 nettalkdMP;nettalkdMP;C:\Windows\System32\drivers\nettalkd.sys [2010-10-26 34376]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-3-17 34872]
S0 PCGenFAM;PCGenFAM;C:\Windows\System32\drivers\PCGenFAM.sys [2010-10-21 198600]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gswserv;GeSWall service;C:\Program Files (x86)\geswall\gswserv.exe [2009-7-29 970752]
S2 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [2010-10-12 330784]
S3 BthAudioHF;BthAudioHF Service;C:\Windows\System32\drivers\BthAudioHF.sys [2010-9-23 32128]
S3 bthav;Bluetooth AV Profile;C:\Windows\System32\drivers\bthav.sys [2010-9-23 41472]
S3 BthAvrcp;Bluetooth AVRCP Profile;C:\Windows\System32\drivers\BthAvrcp.sys [2010-9-23 15872]
S3 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-11-2 844320]
S3 nettalkd;NetTalk Service;C:\Windows\System32\drivers\nettalkd.sys [2010-10-26 34376]
S3 NetTalkUsrService;NetTalkUsrService;C:\Program Files (x86)\NetTalk\nettalkd.exe --service --> C:\Program Files (x86)\NetTalk\nettalkd.exe --service [?]
S3 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-9-24 62720]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-11-2 225280]
S3 TridVid;USB TV Tuner;C:\Windows\System32\drivers\tridvid6010.sys [2010-7-13 404352]
S3 U6000ALL;U6000 TV Box(ALL);C:\Windows\System32\drivers\U6000ALL.sys [2010-9-17 276480]
S3 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-11-2 240160]
S3 usbrndis6;USB RNDIS6 Adapter;C:\Windows\System32\drivers\usb80236.sys [2009-7-13 19968]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-13 1255736]
S4 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-28 1150496]
S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-13 135664]
S4 Partner Service;Partner Service;C:\ProgramData\Partner\Partner.exe [2009-11-2 332272]
S4 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2010-5-23 19544]

=============== Created Last 30 ================

2011-01-08 13:26:03 -------- d-----w- C:\Users\tina\AppData\Local\Browser Guard 2010
2011-01-08 13:15:21 -------- d-----w- C:\Program Files (x86)\WinPcap
2011-01-08 13:09:57 189520 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys
2011-01-08 13:00:34 388096 ----a-r- C:\Users\tina\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-08 13:00:33 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-01-08 12:11:13 -------- d-----w- C:\Program Files (x86)\VirusTotalUploader2
2011-01-08 02:19:48 8199504 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{24950639-559F-4B30-83AD-F89C44124797}\mpengine.dll
2011-01-05 15:15:46 69632 ----a-r- C:\Users\tina\AppData\Roaming\Microsoft\Installer\{84A78614-0E4B-4A4E-BA8C-2B0A05A08E4E}\NewShortcut4_838BDC75346D4F49BD1D5328F986CD86.exe
2011-01-05 15:15:46 413696 ----a-r- C:\Users\tina\AppData\Roaming\Microsoft\Installer\{84A78614-0E4B-4A4E-BA8C-2B0A05A08E4E}\NewShortcut2_5B2EDCAA303A43629DACC3FFFABD0901.exe
2011-01-05 15:15:46 413696 ----a-r- C:\Users\tina\AppData\Roaming\Microsoft\Installer\{84A78614-0E4B-4A4E-BA8C-2B0A05A08E4E}\NewShortcut1_9F9ABBA94B874F449DBFBD7EB1332F16.exe
2011-01-05 15:15:46 413696 ----a-r- C:\Users\tina\AppData\Roaming\Microsoft\Installer\{84A78614-0E4B-4A4E-BA8C-2B0A05A08E4E}\ARPPRODUCTICON.exe
2011-01-05 15:15:08 -------- d-----w- C:\PROGRA~3\Research In Motion
2011-01-05 14:21:59 -------- d-----w- C:\Users\tina\My Music
2011-01-02 05:42:32 395776 ----a-w- C:\Windows\System32\webio.dll
2011-01-02 05:42:32 314368 ----a-w- C:\Windows\SysWow64\webio.dll
2011-01-02 05:40:59 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-01-02 05:38:56 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-01-02 05:38:55 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-01-02 05:36:59 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2011-01-02 05:36:59 285696 ----a-w- C:\Windows\System32\schtasks.exe
2011-01-02 05:36:59 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
2011-01-02 05:36:59 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
2011-01-02 05:36:52 3124224 ----a-w- C:\Windows\System32\win32k.sys
2011-01-02 05:36:48 112000 ----a-w- C:\Windows\System32\consent.exe
2011-01-02 05:17:51 -------- d-----w- C:\Program Files (x86)\Veetle
2011-01-02 05:13:00 -------- d-----w- C:\Program Files (x86)\vShare
2011-01-01 22:22:46 -------- d-----w- C:\Program Files (x86)\NetTalk
2010-12-31 19:32:35 -------- d-----w- C:\Users\tina\Tracing
2010-12-29 16:07:35 229487 ----a-w- C:\Windows\SysWow64\jpicpl32.cpl
2010-12-29 16:06:47 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2010-12-29 16:06:47 32768 ------w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2010-12-29 16:06:47 176128 ------w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2010-12-29 16:06:44 602244 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2010-12-20 12:38:19 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2010-12-20 12:31:52 -------- d-----w- C:\Program Files\Microsoft Security Client
2010-12-19 15:45:31 -------- d-----w- C:\Users\tina\AppData\Local\Eraser 6
2010-12-18 14:16:50 -------- d-----w- C:\PROGRA~3\Livedrive
2010-12-13 20:01:49 -------- d-----w- C:\Program Files (x86)\Internet Download Manager
2010-12-09 19:54:41 -------- d-----w- C:\Users\tina\AppData\Roaming\Luxand

==================== Find3M ====================

2010-12-21 00:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-12-09 05:40:38 139840 ----a-w- C:\Windows\System32\drivers\idmwfp.sys
2010-11-20 13:45:22 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-11-18 03:04:44 521448 ----a-w- C:\Windows\System32\deployJava1.dll
2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll
2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec
2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll
2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll
2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe
2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
2010-10-27 05:00:56 34376 ----a-w- C:\Windows\System32\drivers\nettalkd.sys
2010-10-20 05:20:01 46080 ----a-w- C:\Windows\System32\atmlib.dll
2010-10-20 04:54:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2010-10-20 03:05:46 367104 ----a-w- C:\Windows\System32\atmfd.dll
2010-10-20 02:58:41 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2010-10-19 20:51:33 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-10-14 07:36:52 15451288 ----a-w- C:\Windows\SysWow64\xlive.dll
2010-10-14 07:36:50 13642904 ----a-w- C:\Windows\SysWow64\xlivefnt.dll
2010-10-12 18:41:54 198600 ----a-r- C:\Windows\System32\drivers\PCGenFAM.sys

============= FINISH: 8:29:24.87 ===============

Attached Files


Edited by Orange Blossom, 08 January 2011 - 09:55 PM.
Deactivate links. ~ OB


BC AdBot (Login to Remove)

 


#2 mystina

mystina
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 11 January 2011 - 11:21 AM

This virus disabled my OSK (on screen keyboard) and changed my Comodo Firewall settings. I used Virus Total and no problem was found. I tried a number of scanners, and Sophos Anti-Rootkit was the only one that caught it. Then my laptop froze up and I had to pull the battery. In Safe Mode, I was able to delete all the Luxand files and folders. So, I this problem has been solved, and I am using 3 different rescue disks to find the other problems.

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,807 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:12:23 AM

Posted 12 January 2011 - 06:09 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users