Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

infected with A0013013.exe & A0013067.exe Win32: Trojan-Gen

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

infected with A0013013.exe & A0013067.exe Win32: Trojan-Gen

Unread postby desmoducman » February 6th, 2012, 7:18 am

after an online update of webcam software from the installation cd (logitech webcam pro 9000 v2.0) & reboot i received small grey box warning: widows security has blocked LexBce.exe (lexmark printer) i immediately logged off without clicking anything, & after logging back on avast anti-virus blocked the two aforementioned subject line files: A0013013.exe Win32: Trojan-gen & A0013067.exe Win32:Trojan-gen my dds scan is as follows:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by alan strom at 4:31:22 on 2012-02-06
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1669 [GMT -6:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [NWEReboot]
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/wind ... 5577440437
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 24.196.64.53 68.113.206.10 24.178.162.3
TCP: Interfaces\{6F46F7FA-5D0F-4122-8584-BEB1CB15FDCA} : DhcpNameServer = 24.196.64.53 68.113.206.10 24.178.162.3
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-3 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-1-3 314456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-1-3 20568]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-1-3 44768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-02-05 08:53:48 -------- d-----w- c:\program files\common files\LWS
2012-02-04 12:59:31 -------- d-----w- c:\program files\Sony Setup
2012-02-03 10:10:37 -------- d-----w- c:\documents and settings\alan strom\local settings\application data\Proxure
2012-02-03 10:10:07 -------- d-----w- c:\documents and settings\all users\application data\ClubSanDisk
2012-01-30 08:59:02 -------- d-----w- c:\documents and settings\alan strom\local settings\application data\LogiShrd
2012-01-26 12:46:55 -------- d-----w- c:\documents and settings\all users\application data\dvdfab
2012-01-26 12:46:29 -------- d-----w- c:\program files\DVDFab 8 Qt
2012-01-25 11:54:49 -------- d-----w- c:\documents and settings\alan strom\local settings\application data\Ahead
2012-01-25 11:50:13 -------- d-----w- c:\program files\Nero
2012-01-25 11:31:48 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2012-01-25 11:31:48 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2012-01-25 11:31:48 -------- d-----w- c:\program files\Lexmark X74-X75
2012-01-25 11:31:40 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2012-01-25 11:31:40 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
2012-01-25 11:31:27 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2012-01-25 11:31:27 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2012-01-25 11:30:27 299520 ----a-w- c:\windows\uninst.exe
2012-01-25 11:30:25 -------- d-----w- c:\documents and settings\alan strom\WINDOWS
2012-01-25 11:30:15 -------- d-----w- C:\Lxkx75
2012-01-23 12:39:33 -------- d-----w- c:\program files\Windows Media Connect 2
2012-01-23 12:37:47 -------- d-----w- c:\windows\system32\LogFiles
2012-01-23 12:20:13 -------- d-----w- c:\documents and settings\alan strom\local settings\application data\Temp
2012-01-22 12:56:38 -------- d-----w- c:\windows\system32\appmgmt
2012-01-22 12:38:44 -------- d-----w- c:\documents and settings\all users\application data\Canneverbe Limited
2012-01-22 12:38:44 -------- d-----w- c:\documents and settings\alan strom\application data\Canneverbe Limited
2012-01-22 09:08:33 221184 ----a-w- c:\windows\system32\wmpns.dll
2012-01-22 08:34:21 -------- d-----w- c:\program files\Blaze Media Pro
2012-01-22 08:34:05 -------- d-----w- c:\documents and settings\alan strom\local settings\application data\{CFAB4006-0AE0-414D-866A-DCB2C46553CF}
2012-01-22 08:33:28 -------- d-----w- c:\documents and settings\alan strom\local settings\application data\Seven Zip
2012-01-15 12:19:33 175616 ----a-w- c:\windows\system32\unrar.dll
2012-01-15 12:19:21 839680 ----a-w- c:\windows\system32\lameACM.acm
2012-01-15 12:19:14 650752 ----a-w- c:\windows\system32\xvidcore.dll
2012-01-15 12:19:14 243200 ----a-w- c:\windows\system32\xvidvfw.dll
2012-01-15 12:19:14 151552 ----a-w- c:\windows\system32\ac3acm.acm
2012-01-15 12:19:13 79360 ----a-w- c:\windows\system32\ff_vfw.dll
2012-01-15 12:19:08 -------- d-----w- c:\program files\K-Lite Codec Pack
2012-01-10 12:31:43 -------- d-----w- c:\documents and settings\alan strom\local settings\application data\WMTools Downloaded Files
2012-01-10 12:27:58 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2012-01-10 12:27:58 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-01-09 12:24:25 -------- d-----w- c:\windows\system32\XPSViewer
2012-01-09 12:23:52 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-01-09 12:23:38 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2012-01-09 12:23:38 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2012-01-09 12:23:38 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2012-01-09 12:23:38 117760 ------w- c:\windows\system32\prntvpt.dll
2012-01-09 12:23:37 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2012-01-09 12:23:37 575488 ------w- c:\windows\system32\xpsshhdr.dll
2012-01-09 12:23:37 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2012-01-09 12:23:37 1676288 ------w- c:\windows\system32\xpssvcs.dll
2012-01-09 12:23:37 -------- d-----w- C:\c392381211e8f2cd4ba4f2b0
.
==================== Find3M ====================
.
2012-01-04 12:35:19 87608 ----a-w- c:\documents and settings\alan strom\application data\inst.exe
2012-01-04 12:35:19 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2012-01-04 12:35:19 47360 ----a-w- c:\documents and settings\alan strom\application data\pcouffin.sys
2012-01-03 09:03:58 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-03 08:59:26 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-01-03 08:59:26 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-28 18:01:25 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 17:53:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll
.
============= FINISH: 4:32:03.34 ===============


attach.txt is as follows:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by alan strom at 4:31:22 on 2012-02-06
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1669 [GMT -6:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [NWEReboot]
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/wind ... 5577440437
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 24.196.64.53 68.113.206.10 24.178.162.3
TCP: Interfaces\{6F46F7FA-5D0F-4122-8584-BEB1CB15FDCA} : DhcpNameServer = 24.196.64.53 68.113.206.10 24.178.162.3
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-3 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-1-3 314456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-1-3 20568]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-1-3 44768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-02-05 08:53:48 -------- d-----w- c:\program files\common files\LWS
2012-02-04 12:59:31 -------- d-----w- c:\program files\Sony Setup
2012-02-03 10:10:37 -------- d-----w- c:\documents and settings\alan strom\local settings\application data\Proxure
2012-02-03 10:10:07 -------- d-----w- c:\documents and settings\all users\application data\ClubSanDisk
2012-01-30 08:59:02 -------- d-----w- c:\documents and settings\alan strom\local settings\application data\LogiShrd
2012-01-26 12:46:55 -------- d-----w- c:\documents and settings\all users\application data\dvdfab
2012-01-26 12:46:29 -------- d-----w- c:\program files\DVDFab 8 Qt
2012-01-25 11:54:49 -------- d-----w- c:\documents and settings\alan strom\local settings\application data\Ahead
2012-01-25 11:50:13 -------- d-----w- c:\program files\Nero
2012-01-25 11:31:48 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2012-01-25 11:31:48 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2012-01-25 11:31:48 -------- d-----w- c:\program files\Lexmark X74-X75
2012-01-25 11:31:40 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2012-01-25 11:31:40 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
2012-01-25 11:31:27 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2012-01-25 11:31:27 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2012-01-25 11:30:27 299520 ----a-w- c:\windows\uninst.exe
2012-01-25 11:30:25 -------- d-----w- c:\documents and settings\alan strom\WINDOWS
2012-01-25 11:30:15 -------- d-----w- C:\Lxkx75
2012-01-23 12:39:33 -------- d-----w- c:\program files\Windows Media Connect 2
2012-01-23 12:37:47 -------- d-----w- c:\windows\system32\LogFiles
2012-01-23 12:20:13 -------- d-----w- c:\documents and settings\alan strom\local settings\application data\Temp
2012-01-22 12:56:38 -------- d-----w- c:\windows\system32\appmgmt
2012-01-22 12:38:44 -------- d-----w- c:\documents and settings\all users\application data\Canneverbe Limited
2012-01-22 12:38:44 -------- d-----w- c:\documents and settings\alan strom\application data\Canneverbe Limited
2012-01-22 09:08:33 221184 ----a-w- c:\windows\system32\wmpns.dll
2012-01-22 08:34:21 -------- d-----w- c:\program files\Blaze Media Pro
2012-01-22 08:34:05 -------- d-----w- c:\documents and settings\alan strom\local settings\application data\{CFAB4006-0AE0-414D-866A-DCB2C46553CF}
2012-01-22 08:33:28 -------- d-----w- c:\documents and settings\alan strom\local settings\application data\Seven Zip
2012-01-15 12:19:33 175616 ----a-w- c:\windows\system32\unrar.dll
2012-01-15 12:19:21 839680 ----a-w- c:\windows\system32\lameACM.acm
2012-01-15 12:19:14 650752 ----a-w- c:\windows\system32\xvidcore.dll
2012-01-15 12:19:14 243200 ----a-w- c:\windows\system32\xvidvfw.dll
2012-01-15 12:19:14 151552 ----a-w- c:\windows\system32\ac3acm.acm
2012-01-15 12:19:13 79360 ----a-w- c:\windows\system32\ff_vfw.dll
2012-01-15 12:19:08 -------- d-----w- c:\program files\K-Lite Codec Pack
2012-01-10 12:31:43 -------- d-----w- c:\documents and settings\alan strom\local settings\application data\WMTools Downloaded Files
2012-01-10 12:27:58 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2012-01-10 12:27:58 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-01-09 12:24:25 -------- d-----w- c:\windows\system32\XPSViewer
2012-01-09 12:23:52 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-01-09 12:23:38 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2012-01-09 12:23:38 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2012-01-09 12:23:38 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2012-01-09 12:23:38 117760 ------w- c:\windows\system32\prntvpt.dll
2012-01-09 12:23:37 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2012-01-09 12:23:37 575488 ------w- c:\windows\system32\xpsshhdr.dll
2012-01-09 12:23:37 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2012-01-09 12:23:37 1676288 ------w- c:\windows\system32\xpssvcs.dll
2012-01-09 12:23:37 -------- d-----w- C:\c392381211e8f2cd4ba4f2b0
.
==================== Find3M ====================
.
2012-01-04 12:35:19 87608 ----a-w- c:\documents and settings\alan strom\application data\inst.exe
2012-01-04 12:35:19 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2012-01-04 12:35:19 47360 ----a-w- c:\documents and settings\alan strom\application data\pcouffin.sys
2012-01-03 09:03:58 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-03 08:59:26 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-01-03 08:59:26 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-28 18:01:25 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 17:53:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll
.
============= FINISH: 4:32:03.34 ===============
desmoducman
Active Member
 
Posts: 1
Joined: February 6th, 2012, 6:16 am
Advertisement
Register to Remove

Re: infected with A0013013.exe & A0013067.exe Win32: Trojan-

Unread postby Cypher » February 6th, 2012, 8:34 am

Hi and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Malwarebytes' Anti-Malware

If you already have this application installed, skip the download/install part.

Please download Malwarebytes' Anti-Malware and save to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Next.

Please download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Standard Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.


Logs/Information to Post in your Next Reply

  • Malwarebytes log.
  • OTL.txt and Extra.txt contents.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: infected with A0013013.exe & A0013067.exe Win32: Trojan-

Unread postby Cypher » February 9th, 2012, 2:47 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 112 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware