Free Malware Removal Forum

[thodoras]

Hi,
i m new at this forum. I have a PC with Win Xp 32 bit and it is infected by trojans.
c:\windows\system32\sens.dll win32/patched.NAA
c:\windows\system32\spools.exe win32/agent.OOD
I keep trying by downloading antimalware programs to get rid of these infections but i saw no results. I saw a post at malware removal and so i dowloaded highjackthis and my log is:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:45:03, on 9/9/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\nMtsk.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZScanner.exe
C:\Program Files\STOPzilla!\SZOptions.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.genco.gr/cms/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NS_SPlashScreen] C:\Program Files\NS_SplashScreen\NS_SplashScreen.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [nMTaskBarService] nMtsk.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: ID_Γρήγορη_εκκίνηση_πινακοθήκης_HP_ell.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Λήψη όλων με το FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Λήψη με χρήση του FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Ε&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Έρευνα - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4769162906
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Προφορτωτής Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Δαίμονας cache κατηγοριών στοιχείων - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 7759 bytes



Also, i want to add the scan log from eset smart security 4:
Scan Log
Version of virus signature database: 5433 (20100908)
Date: 8/9/2010 Time: 1:50:11 μμ
Scanned disks, folders and files: Operating memory;A:\Boot sector;A:\;C:\Boot sector;C:\;D:\Boot sector;D:\;E:\Boot sector;E:\
c:\windows\system32\sens.dll - Win32/Patched.NAA trojan - action selection postponed until scan completion
Boot sector of disk A: - error opening [4]
A:\ - error opening [4]
C:\pagefile.sys - error opening [4]
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet files\Content.IE5\6JYVK7OV\x86__LMIprinter.dll[1].cab » CAB » x86__LMIprinter.dll - archive damaged - the file could not be extracted.
C:\Documents and Settings\Papakostas\Local Settings\Application Data\Identities\{660C260E-3EDF-4AE7-9226-3167FD6A755B}\Microsoft\Outlook Express\Εισερχόμενα.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Papakostas\Local Settings\Temp\orz.exe - Win32/Agent.OOD trojan - cleaned by deleting - quarantined [1]
C:\Documents and Settings\Papakostas\Local Settings\Temporary Internet files\Content.IE5\28YIQF6R\ifl[1].htm - JS/TrojanDownloader.SWFlash.NAZ trojan - cleaned by deleting - quarantined [1]
C:\Documents and Settings\Papakostas\Local Settings\Temporary Internet files\Content.IE5\FDQ0DR1R\i115[1].swf - probably a variant of Win32/Agent.EFPAHQT trojan - cleaned by deleting - quarantined [1]
C:\Documents and Settings\Papakostas\Local Settings\Temporary Internet files\Content.IE5\MD9X57VR\1[1].exe - Win32/Agent.OOD trojan - cleaned by deleting - quarantined [1]
C:\Documents and Settings\Papakostas\Local Settings\Temporary Internet files\Content.IE5\S5GPEBU1\konaImagesRM[1].mht » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Papakostas\Local Settings\Temporary Internet files\Content.IE5\V63OZ1PO\iefix[1].js - probably a variant of Win32/Agent.KDTYTOH trojan - cleaned by deleting - quarantined [1]
C:\Program Files\7-Zip\Uninstall.exe » NSIS - incorrect CRC checksum, the file may be damaged
C:\Program Files\Ahead\Nero\CDI\CDI_VCD.CFG » MIME - is OK (internal scanning not performed)
C:\RECYCLER\S-1-5-21-1645522239-1035525444-725345543-1004\Dc430.rar » RAR » Disney Ta Zouzounia-greek.avi - next archive volume not found
C:\WINDOWS\$NtServicePackUninstall$\sens.dll - Win32/Patched.NAA trojan - action selection postponed until scan completion
C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe - Win32/Patched.N trojan - action selection postponed until scan completion
C:\WINDOWS\system32\even32.dll - Win32/TrojanDownloader.Agent.KHJ trojan - cleaned by deleting - quarantined [1]
C:\WINDOWS\system32\mspush.dll - a variant of Win32/TrojanDownloader.Agent.AHEP trojan - cleaned by deleting - quarantined [1]
C:\WINDOWS\system32\msxmle.dll - a variant of Win32/TrojanDownloader.Agent.AHEP trojan - cleaned by deleting - quarantined [1]
C:\WINDOWS\system32\sens.dll - Win32/Patched.NAA trojan - action selection postponed until scan completion
C:\WINDOWS\system32\spoolsv.exe - Win32/Agent.OOD trojan - unable to clean
C:\WINDOWS\Temp\ED.exe - Win32/Agent.OOD trojan - cleaned by deleting - quarantined [1]
D:\ - error opening [4]
E:\Documents and Settings\papakostas\Application Data\ESET\ESET Smart Security\Antispam\scwh.tmpa03332 » GZIP » scwh.tmpa03332 - archive damaged
E:\Documents and Settings\papakostas\Cookies\papakostas@alicecafe[1].txt » MIME - is OK (internal scanning not performed)
E:\Documents and Settings\papakostas\Cookies\papakostas@www.bubblebox[1].txt » MIME - is OK (internal scanning not performed)
E:\Documents and Settings\papakostas\Cookies\papakostas@www.carrefour[1].txt » MIME - is OK (internal scanning not performed)
E:\Documents and Settings\papakostas\Local Settings\Application Data\Identities\{13B4C2E3-1EBA-4400-8CFE-503D5770E98B}\Microsoft\Outlook Express\Εισερχόμενα.dbx » DBX - is OK (internal scanning not performed)
E:\Documents and Settings\papakostas\Local Settings\Temp\GLB1746.tmp » WISE » WISE0132.DLL - archive damaged
E:\Documents and Settings\papakostas\Local Settings\Temp\GLB1809.tmp » WISE » WISE0132.DLL - archive damaged
E:\Documents and Settings\papakostas\Local Settings\Temp\GLB18BA.tmp » WISE » WISE0132.DLL - archive damaged
E:\Documents and Settings\papakostas\Local Settings\Temp\GLB191C.tmp » WISE » WISE0132.DLL - archive damaged
E:\Documents and Settings\papakostas\Local Settings\Temp\jar_cache3607503970769787266.tmp » ZIP » CustomClass.class - a variant of Java/Rowindal.A trojan
E:\Documents and Settings\papakostas\Local Settings\Temp\jar_cache3607503970769787266.tmp » ZIP » dostuff.class - a variant of Java/Rowindal.A trojan
E:\Documents and Settings\papakostas\Local Settings\Temp\jar_cache3607503970769787266.tmp » ZIP » evilPolicy.class - a variant of Java/Rowindal.A trojan
E:\Documents and Settings\papakostas\Local Settings\Temp\jar_cache3607503970769787266.tmp » ZIP » SiteError.class - a variant of Java/Exploit.CVE-2010-0094.A trojan
E:\Documents and Settings\papakostas\Local Settings\Temporary Internet files\Content.IE5\W5WGKGSF\aa9ed5b98642a5486fecd0e925bd9141[1].js - JS/TrojanDownloader.HackLoad.AE trojan - cleaned by deleting - quarantined [1]
E:\Documents and Settings\papakostas\Start Menu\Προγράμματα\Εκκίνηση\updpxe32.exe - a variant of Win32/Kryptik.FXT trojan - cleaned by deleting - quarantined [1]
E:\Program Files\Ahead\Nero\CDI\CDI_VCD.CFG » MIME - is OK (internal scanning not performed)
E:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht.A1FFBB52_4F2E_44F1_8614_5D66C2EF43F0 » MIME - is OK (internal scanning not performed)
E:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht.03A77D79_488A_445D_B528_0E0089E3FCB3 » MIME - is OK (internal scanning not performed)
E:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht.D495C848_F235_46BF_A9A0_77D7C2120E3B » MIME - is OK (internal scanning not performed)
E:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht.445237FC_7259_4EAD_ACEF_7ED7A95D32D7 » MIME - is OK (internal scanning not performed)
E:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht.79A89863_540B_470E_9C71_D57F22BFA44D » MIME - is OK (internal scanning not performed)
E:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht.5ACB9F6A_C06C_4121_B854_7133C2ED29A8 » MIME - is OK (internal scanning not performed)
E:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht.15989D71_6BEB_424A_88DF_78A882081F91 » MIME - is OK (internal scanning not performed)
E:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht.1C571119_9D2B_4542_84BD_0CD3AA24E739 » MIME - is OK (internal scanning not performed)
E:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht.C4EB4D09_95BA_4DC2_9551_B6E637DA2230 » MIME - is OK (internal scanning not performed)
E:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht.C39C5B26_ED03_4B04_9CFD_166FDC7523D1 » MIME - is OK (internal scanning not performed)
E:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht.C05C46CB_E961_4BBA_86BE_4FE1A4426A32 » MIME - is OK (internal scanning not performed)
E:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht.87E45AFF_C0E7_4B6E_8E37_52EEB71BF5B7 » MIME - is OK (internal scanning not performed)
E:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht.E34CAC5A_4546_4E3A_BFFA_CE28E0CED140 » MIME - is OK (internal scanning not performed)
E:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht.14AFC4D4_5454_4AD5_B7FC_10D4FAB85CF3 » MIME - is OK (internal scanning not performed)
E:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht.B4924446_617C_4229_8C33_089CD780544D » MIME - is OK (internal scanning not performed)
E:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht.F02247A4_BA3B_4A1D_B7EA_2CB2F17490B7 » MIME - is OK (internal scanning not performed)
E:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht.0F75E4D6_4C58_47F6_B626_BA408BA6F03B » MIME - is OK (internal scanning not performed)
E:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht.B3E4ACDE_961E_474B_87CC_22A67A5E77CB » MIME - is OK (internal scanning not performed)
E:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht.D8256176_51D5_41D4_B965_C7B0BC9E4A27 » MIME - is OK (internal scanning not performed)
E:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht.D073AD43_9C5B_4759_A404_ED1717BEEAD7 » MIME - is OK (internal scanning not performed)
E:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht » MIME - is OK (internal scanning not performed)
E:\Program Files\Common Files\LightScribe\Content\Getting Started.mht » MIME - is OK (internal scanning not performed)
E:\Program Files\Epson Software\Easy Photo Print\Readme\ReadMe.def » MIME - is OK (internal scanning not performed)
E:\Program Files\Epson Software\Easy Photo Print\Readme\ReadMe_de.def » MIME - is OK (internal scanning not performed)
E:\Program Files\Epson Software\Easy Photo Print\Readme\ReadMe_en.def » MIME - is OK (internal scanning not performed)
E:\Program Files\Epson Software\Easy Photo Print\Readme\ReadMe_es.def » MIME - is OK (internal scanning not performed)
E:\Program Files\Epson Software\Easy Photo Print\Readme\ReadMe_fr.def » MIME - is OK (internal scanning not performed)
E:\Program Files\Epson Software\Easy Photo Print\Readme\ReadMe_it.def » MIME - is OK (internal scanning not performed)
E:\Program Files\Epson Software\Easy Photo Print\Readme\ReadMe_nl.def » MIME - is OK (internal scanning not performed)
E:\Program Files\Epson Software\Easy Photo Print\Readme\ReadMe_pt.def » MIME - is OK (internal scanning not performed)
E:\Program Files\Epson Software\Easy Photo Print\Readme\ReadMe_ru.def » MIME - is OK (internal scanning not performed)
E:\Program Files\Epson Software\Event Manager\Assistants\Attach To Email\ReadMe\ReadMe.def » MIME - is OK (internal scanning not performed)
E:\Program Files\Epson Software\Event Manager\Assistants\Attach To Email\ReadMe\ReadMe_de.def » MIME - is OK (internal scanning not performed)
E:\Program Files\Epson Software\Event Manager\Assistants\Attach To Email\ReadMe\ReadMe_en.def » MIME - is OK (internal scanning not performed)
E:\Program Files\Epson Software\Event Manager\Assistants\Attach To Email\ReadMe\ReadMe_en_US.def » MIME - is OK (internal scanning not performed)
E:\Program Files\Epson Software\Event Manager\Assistants\Attach To Email\ReadMe\ReadMe_es.def » MIME - is OK (internal scanning not performed)
E:\Program Files\Epson Software\Event Manager\Assistants\Attach To Email\ReadMe\ReadMe_fr.def » MIME - is OK (internal scanning not performed)
E:\Program Files\Epson Software\Event Manager\Assistants\Attach To Email\ReadMe\ReadMe_it.def » MIME - is OK (internal scanning not performed)
E:\Program Files\Epson Software\Event Manager\Assistants\Attach To Email\ReadMe\ReadMe_ja_jp.def » MIME - is OK (internal scanning not performed)
E:\Program Files\Epson Software\Event Manager\Assistants\Attach To Email\ReadMe\ReadMe_ko.def » MIME - is OK (internal scanning not performed)
E:\Program Files\Epson Software\Event Manager\Assistants\Attach To Email\ReadMe\ReadMe_nl.def » MIME - is OK (internal scanning not performed)
E:\Program Files\Epson Software\Event Manager\Assistants\Attach To Email\ReadMe\ReadMe_pt.def » MIME - is OK (internal scanning not performed)
E:\Program Files\Epson Software\Event Manager\Assistants\Attach To Email\ReadMe\ReadMe_ru.def » MIME - is OK (internal scanning not performed)
E:\Program Files\Epson Software\Event Manager\Assistants\Attach To Email\ReadMe\ReadMe_zh.def » MIME - is OK (internal scanning not performed)
E:\Program Files\Epson Software\Event Manager\Assistants\Attach To Email\ReadMe\ReadMe_zh_TW.def » MIME - is OK (internal scanning not performed)
E:\Program Files\Java\jre6\lib\resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
E:\Program Files\Java\jre6\lib\resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
E:\Program Files\Java\jre6\lib\resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
E:\Program Files\Java\jre6\lib\deploy\ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
E:\Program Files\Java\jre6\lib\deploy\jqs\ff\chrome.manifest » MIME - is OK (internal scanning not performed)
E:\RECYCLER\S-1-5-21-2052111302-1035525444-682003330-1004\De227.bak » DBX - is OK (internal scanning not performed)
E:\RECYCLER\S-1-5-21-2052111302-1035525444-682003330-1004\De231.bak » DBX - is OK (internal scanning not performed)
E:\RECYCLER\S-1-5-21-2052111302-1035525444-682003330-1004\De3.bak » DBX - is OK (internal scanning not performed)
E:\RECYCLER\S-1-5-21-2052111302-1035525444-682003330-1004\De41.bak » DBX - is OK (internal scanning not performed)
E:\RECYCLER\S-1-5-21-2052111302-1035525444-682003330-1004\De44.bak » DBX - is OK (internal scanning not performed)
E:\RECYCLER\S-1-5-21-2052111302-1035525444-682003330-1004\De65.bak » DBX - is OK (internal scanning not performed)
E:\WINDOWS\Installer\$PatchCache$\Managed\26DDC2EC4210AC63483DF9D4FCC5B59D\3.5.30729\Chrome_manifest.3643236F_FC70_11D3_A536_0090278A1BB8 » MIME - is OK (internal scanning not performed)
E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\chrome.manifest » MIME - is OK (internal scanning not performed)
E:\WINDOWS\system32\drivers\aec.sys - Win32/Bubnix.AU trojan - cleaned by deleting - quarantined [1]
c:\windows\system32\sens.dll - Win32/Patched.NAA trojan - unable to clean
C:\WINDOWS\$NtServicePackUninstall$\sens.dll - Win32/Patched.NAA trojan - deleted - quarantined
C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe - Win32/Patched.N trojan - deleted - quarantined
C:\WINDOWS\system32\sens.dll - Win32/Patched.NAA trojan - unable to clean
E:\Documents and Settings\papakostas\Local Settings\Temp\jar_cache3607503970769787266.tmp » ZIP » CustomClass.class - a variant of Java/Rowindal.A trojan - was a part of the deleted object
E:\Documents and Settings\papakostas\Local Settings\Temp\jar_cache3607503970769787266.tmp » ZIP » dostuff.class - a variant of Java/Rowindal.A trojan - was a part of the deleted object
E:\Documents and Settings\papakostas\Local Settings\Temp\jar_cache3607503970769787266.tmp » ZIP » evilPolicy.class - a variant of Java/Rowindal.A trojan - was a part of the deleted object
E:\Documents and Settings\papakostas\Local Settings\Temp\jar_cache3607503970769787266.tmp » ZIP » SiteError.class - a variant of Java/Exploit.CVE-2010-0094.A trojan - was a part of the deleted object
Number of scanned objects: 505221
Number of threats found: 21
Number of cleaned objects: 18
Time of completion: 3:16:30 μμ Total scanning time: 5179 sec (01:26:19)

Notes:
[1] Object has been deleted as it only contained the virus body.
[4] Object cannot be opened. It may be in use by another application or operating system.

Hope to hear soon from u.

[jmw3]

Hello & Welcome to Malware Removal

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this ensure Notify me when a reply is posted is ticked on the POST A REPLY page.

In the meantime please note the following:

• Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.
• Any recommendations made are for your computer problems only and should NOT be used on any other computer.
• Please DO NOT run any scans/tools or other fixes unless I ask you to. This is very important for several reasons. Here are just two of them:
  1. The tools that we use are very powerful and can cause >>irreparable damage<< to your computer if not used correctly.
  2. Commercial scanners, for the most part can not completely remove some of the more "resistant" infections. This makes it much more difficult to get rid of completely.
• If you get stuck or are unsure of something please ask for a further explanation, do not guess.
• It will require more than one round to properly clean your system. Continue to respond to this thread until I give you the All Clean! even if symptoms seemingly abate.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.
If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave & if there is no contact for that amount of time I will have to assume you have abandoned your topic.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Thanks

DDS
Download DDS.scr by sUBs from one of the following links & save it to your desktop.
Link 1
Link 2

• Double-Click on dds.scr and a command window will appear. This is normal
• Shortly after two logs will appear, DDS.txt & Attach.txt
• A window will open instructing you save & post the logs
• Save the logs to a convenient place such as your desktop
• Copy the contents of both logs & post in your next reply

Gmer
Download GMER Rootkit Scanner from here & save it to your desktop.

• Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
• If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  
  
  Click the image to enlarge it
  
• In the right panel, you will see several boxes that have been checked. Uncheck the following ...
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
• Then click the Scan button & wait for it to finish
• Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
• Save it where you can easily find it, such as your desktop, and post it in reply

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Do not run any programs while Gmer is running.

NOTE: If you cannot run GMER as indicated above, save a scan from the initial startup scan.

• Before scanning, make sure all other running programs are closed & no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan
• Double click the gmer.exe file
• The program will begin to run & perform an initial scan. If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No
• After the "initial scan" is complete, click on the Save button, save the log file to your desktop & post it in your reply

To post in next reply:
Contents of DDS log
Contents of Attach.txt
Contents of Gmer log

[jmw3]

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.