i m new at this forum. I have a PC with Win Xp 32 bit and it is infected by trojans.
c:\windows\system32\sens.dll win32/patched.NAA
c:\windows\system32\spools.exe win32/agent.OOD
I keep trying by downloading antimalware programs to get rid of these infections but i saw no results. I saw a post at malware removal and so i dowloaded highjackthis and my log is:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:45:03, on 9/9/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\nMtsk.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZScanner.exe
C:\Program Files\STOPzilla!\SZOptions.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.genco.gr/cms/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NS_SPlashScreen] C:\Program Files\NS_SplashScreen\NS_SplashScreen.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [nMTaskBarService] nMtsk.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: ID_Γρήγορη_εκκίνηση_πινακοθήκης_HP_ell.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Λήψη όλων με το FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Λήψη με χρήση του FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Ε&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Έρευνα - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4769162906
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Προφορτωτής Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Δαίμονας cache κατηγοριών στοιχείων - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
--
End of file - 7759 bytes
Also, i want to add the scan log from eset smart security 4:
Scan Log
Version of virus signature database: 5433 (20100908)
Date: 8/9/2010 Time: 1:50:11 μμ
Scanned disks, folders and files: Operating memory;A:\Boot sector;A:\;C:\Boot sector;C:\;D:\Boot sector;D:\;E:\Boot sector;E:\
c:\windows\system32\sens.dll - Win32/Patched.NAA trojan - action selection postponed until scan completion
Boot sector of disk A: - error opening [4]
A:\ - error opening [4]
C:\pagefile.sys - error opening [4]
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet files\Content.IE5\6JYVK7OV\x86__LMIprinter.dll[1].cab » CAB » x86__LMIprinter.dll - archive damaged - the file could not be extracted.
C:\Documents and Settings\Papakostas\Local Settings\Application Data\Identities\{660C260E-3EDF-4AE7-9226-3167FD6A755B}\Microsoft\Outlook Express\Εισερχόμενα.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Papakostas\Local Settings\Temp\orz.exe - Win32/Agent.OOD trojan - cleaned by deleting - quarantined [1]
C:\Documents and Settings\Papakostas\Local Settings\Temporary Internet files\Content.IE5\28YIQF6R\ifl[1].htm - JS/TrojanDownloader.SWFlash.NAZ trojan - cleaned by deleting - quarantined [1]
C:\Documents and Settings\Papakostas\Local Settings\Temporary Internet files\Content.IE5\FDQ0DR1R\i115[1].swf - probably a variant of Win32/Agent.EFPAHQT trojan - cleaned by deleting - quarantined [1]
C:\Documents and Settings\Papakostas\Local Settings\Temporary Internet files\Content.IE5\MD9X57VR\1[1].exe - Win32/Agent.OOD trojan - cleaned by deleting - quarantined [1]
C:\Documents and Settings\Papakostas\Local Settings\Temporary Internet files\Content.IE5\S5GPEBU1\konaImagesRM[1].mht » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Papakostas\Local Settings\Temporary Internet files\Content.IE5\V63OZ1PO\iefix[1].js - probably a variant of Win32/Agent.KDTYTOH trojan - cleaned by deleting - quarantined [1]
C:\Program Files\7-Zip\Uninstall.exe » NSIS - incorrect CRC checksum, the file may be damaged
C:\Program Files\Ahead\Nero\CDI\CDI_VCD.CFG » MIME - is OK (internal scanning not performed)
C:\RECYCLER\S-1-5-21-1645522239-1035525444-725345543-1004\Dc430.rar » RAR » Disney Ta Zouzounia-greek.avi - next archive volume not found
C:\WINDOWS\$NtServicePackUninstall$\sens.dll - Win32/Patched.NAA trojan - action selection postponed until scan completion
C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe - Win32/Patched.N trojan - action selection postponed until scan completion
C:\WINDOWS\system32\even32.dll - Win32/TrojanDownloader.Agent.KHJ trojan - cleaned by deleting - quarantined [1]
C:\WINDOWS\system32\mspush.dll - a variant of Win32/TrojanDownloader.Agent.AHEP trojan - cleaned by deleting - quarantined [1]
C:\WINDOWS\system32\msxmle.dll - a variant of Win32/TrojanDownloader.Agent.AHEP trojan - cleaned by deleting - quarantined [1]
C:\WINDOWS\system32\sens.dll - Win32/Patched.NAA trojan - action selection postponed until scan completion
C:\WINDOWS\system32\spoolsv.exe - Win32/Agent.OOD trojan - unable to clean
C:\WINDOWS\Temp\ED.exe - Win32/Agent.OOD trojan - cleaned by deleting - quarantined [1]
D:\ - error opening [4]
E:\Documents and Settings\papakostas\Application Data\ESET\ESET Smart Security\Antispam\scwh.tmpa03332 » GZIP » scwh.tmpa03332 - archive damaged
E:\Documents and Settings\papakostas\Cookies\papakostas@alicecafe[1].txt » MIME - is OK (internal scanning not performed)
E:\Documents and Settings\papakostas\Cookies\papakostas@www.bubblebox[1].txt » MIME - is OK (internal scanning not performed)
E:\Documents and Settings\papakostas\Cookies\papakostas@www.carrefour[1].txt » MIME - is OK (internal scanning not performed)
E:\Documents and Settings\papakostas\Local Settings\Application Data\Identities\{13B4C2E3-1EBA-4400-8CFE-503D5770E98B}\Microsoft\Outlook Express\Εισερχόμενα.dbx » DBX - is OK (internal scanning not performed)
E:\Documents and Settings\papakostas\Local Settings\Temp\GLB1746.tmp » WISE » WISE0132.DLL - archive damaged
E:\Documents and Settings\papakostas\Local Settings\Temp\GLB1809.tmp » WISE » WISE0132.DLL - archive damaged
E:\Documents and Settings\papakostas\Local Settings\Temp\GLB18BA.tmp » WISE » WISE0132.DLL - archive damaged
E:\Documents and Settings\papakostas\Local Settings\Temp\GLB191C.tmp » WISE » WISE0132.DLL - archive damaged
E:\Documents and Settings\papakostas\Local Settings\Temp\jar_cache3607503970769787266.tmp » ZIP » CustomClass.class - a variant of Java/Rowindal.A trojan
E:\Documents and Settings\papakostas\Local Settings\Temp\jar_cache3607503970769787266.tmp » ZIP » dostuff.class - a variant of Java/Rowindal.A trojan
E:\Documents and Settings\papakostas\Local Settings\Temp\jar_cache3607503970769787266.tmp » ZIP » evilPolicy.class - a variant of Java/Rowindal.A trojan
E:\Documents and Settings\papakostas\Local Settings\Temp\jar_cache3607503970769787266.tmp » ZIP » SiteError.class - a variant of Java/Exploit.CVE-2010-0094.A trojan
E:\Documents and Settings\papakostas\Local Settings\Temporary Internet files\Content.IE5\W5WGKGSF\aa9ed5b98642a5486fecd0e925bd9141[1].js - JS/TrojanDownloader.HackLoad.AE trojan - cleaned by deleting - quarantined [1]
E:\Documents and Settings\papakostas\Start Menu\Προγράμματα\Εκκίνηση\updpxe32.exe - a variant of Win32/Kryptik.FXT trojan - cleaned by deleting - quarantined [1]
E:\Program Files\Ahead\Nero\CDI\CDI_VCD.CFG » MIME - is OK (internal scanning not performed)
E:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht.A1FFBB52_4F2E_44F1_8614_5D66C2EF43F0 » MIME - is OK (internal scanning not performed)
E:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht.03A77D79_488A_445D_B528_0E0089E3FCB3 » MIME - is OK (internal scanning not performed)
E:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht.D495C848_F235_46BF_A9A0_77D7C2120E3B » MIME - is OK (internal scanning not performed)
E:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht.445237FC_7259_4EAD_ACEF_7ED7A95D32D7 » MIME - is OK (internal scanning not performed)
E:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht.79A89863_540B_470E_9C71_D57F22BFA44D » MIME - is OK (internal scanning not performed)
E:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht.5ACB9F6A_C06C_4121_B854_7133C2ED29A8 » MIME - is OK (internal scanning not performed)
E:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht.15989D71_6BEB_424A_88DF_78A882081F91 » MIME - is OK (internal scanning not performed)
E:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht.1C571119_9D2B_4542_84BD_0CD3AA24E739 » MIME - is OK (internal scanning not performed)
E:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht.C4EB4D09_95BA_4DC2_9551_B6E637DA2230 » MIME - is OK (internal scanning not performed)
E:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht.C39C5B26_ED03_4B04_9CFD_166FDC7523D1 » MIME - is OK (internal scanning not performed)
E:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht.C05C46CB_E961_4BBA_86BE_4FE1A4426A32 » MIME - is OK (internal scanning not performed)
E:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht.87E45AFF_C0E7_4B6E_8E37_52EEB71BF5B7 » MIME - is OK (internal scanning not performed)
E:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht.E34CAC5A_4546_4E3A_BFFA_CE28E0CED140 » MIME - is OK (internal scanning not performed)
E:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht.14AFC4D4_5454_4AD5_B7FC_10D4FAB85CF3 » MIME - is OK (internal scanning not performed)
E:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht.B4924446_617C_4229_8C33_089CD780544D » MIME - is OK (internal scanning not performed)
E:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht.F02247A4_BA3B_4A1D_B7EA_2CB2F17490B7 » MIME - is OK (internal scanning not performed)
E:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht.0F75E4D6_4C58_47F6_B626_BA408BA6F03B » MIME - is OK (internal scanning not performed)
E:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht.B3E4ACDE_961E_474B_87CC_22A67A5E77CB » MIME - is OK (internal scanning not performed)
E:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht.D8256176_51D5_41D4_B965_C7B0BC9E4A27 » MIME - is OK (internal scanning not performed)
E:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht.D073AD43_9C5B_4759_A404_ED1717BEEAD7 » MIME - is OK (internal scanning not performed)
E:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht » MIME - is OK (internal scanning not performed)
E:\Program Files\Common Files\LightScribe\Content\Getting Started.mht » MIME - is OK (internal scanning not performed)
E:\Program Files\Epson Software\Easy Photo Print\Readme\ReadMe.def » MIME - is OK (internal scanning not performed)
E:\Program Files\Epson Software\Easy Photo Print\Readme\ReadMe_de.def » MIME - is OK (internal scanning not performed)
E:\Program Files\Epson Software\Easy Photo Print\Readme\ReadMe_en.def » MIME - is OK (internal scanning not performed)
E:\Program Files\Epson Software\Easy Photo Print\Readme\ReadMe_es.def » MIME - is OK (internal scanning not performed)
E:\Program Files\Epson Software\Easy Photo Print\Readme\ReadMe_fr.def » MIME - is OK (internal scanning not performed)
E:\Program Files\Epson Software\Easy Photo Print\Readme\ReadMe_it.def » MIME - is OK (internal scanning not performed)
E:\Program Files\Epson Software\Easy Photo Print\Readme\ReadMe_nl.def » MIME - is OK (internal scanning not performed)
E:\Program Files\Epson Software\Easy Photo Print\Readme\ReadMe_pt.def » MIME - is OK (internal scanning not performed)
E:\Program Files\Epson Software\Easy Photo Print\Readme\ReadMe_ru.def » MIME - is OK (internal scanning not performed)
E:\Program Files\Epson Software\Event Manager\Assistants\Attach To Email\ReadMe\ReadMe.def » MIME - is OK (internal scanning not performed)
E:\Program Files\Epson Software\Event Manager\Assistants\Attach To Email\ReadMe\ReadMe_de.def » MIME - is OK (internal scanning not performed)
E:\Program Files\Epson Software\Event Manager\Assistants\Attach To Email\ReadMe\ReadMe_en.def » MIME - is OK (internal scanning not performed)
E:\Program Files\Epson Software\Event Manager\Assistants\Attach To Email\ReadMe\ReadMe_en_US.def » MIME - is OK (internal scanning not performed)
E:\Program Files\Epson Software\Event Manager\Assistants\Attach To Email\ReadMe\ReadMe_es.def » MIME - is OK (internal scanning not performed)
E:\Program Files\Epson Software\Event Manager\Assistants\Attach To Email\ReadMe\ReadMe_fr.def » MIME - is OK (internal scanning not performed)
E:\Program Files\Epson Software\Event Manager\Assistants\Attach To Email\ReadMe\ReadMe_it.def » MIME - is OK (internal scanning not performed)
E:\Program Files\Epson Software\Event Manager\Assistants\Attach To Email\ReadMe\ReadMe_ja_jp.def » MIME - is OK (internal scanning not performed)
E:\Program Files\Epson Software\Event Manager\Assistants\Attach To Email\ReadMe\ReadMe_ko.def » MIME - is OK (internal scanning not performed)
E:\Program Files\Epson Software\Event Manager\Assistants\Attach To Email\ReadMe\ReadMe_nl.def » MIME - is OK (internal scanning not performed)
E:\Program Files\Epson Software\Event Manager\Assistants\Attach To Email\ReadMe\ReadMe_pt.def » MIME - is OK (internal scanning not performed)
E:\Program Files\Epson Software\Event Manager\Assistants\Attach To Email\ReadMe\ReadMe_ru.def » MIME - is OK (internal scanning not performed)
E:\Program Files\Epson Software\Event Manager\Assistants\Attach To Email\ReadMe\ReadMe_zh.def » MIME - is OK (internal scanning not performed)
E:\Program Files\Epson Software\Event Manager\Assistants\Attach To Email\ReadMe\ReadMe_zh_TW.def » MIME - is OK (internal scanning not performed)
E:\Program Files\Java\jre6\lib\resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
E:\Program Files\Java\jre6\lib\resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
E:\Program Files\Java\jre6\lib\resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
E:\Program Files\Java\jre6\lib\deploy\ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
E:\Program Files\Java\jre6\lib\deploy\jqs\ff\chrome.manifest » MIME - is OK (internal scanning not performed)
E:\RECYCLER\S-1-5-21-2052111302-1035525444-682003330-1004\De227.bak » DBX - is OK (internal scanning not performed)
E:\RECYCLER\S-1-5-21-2052111302-1035525444-682003330-1004\De231.bak » DBX - is OK (internal scanning not performed)
E:\RECYCLER\S-1-5-21-2052111302-1035525444-682003330-1004\De3.bak » DBX - is OK (internal scanning not performed)
E:\RECYCLER\S-1-5-21-2052111302-1035525444-682003330-1004\De41.bak » DBX - is OK (internal scanning not performed)
E:\RECYCLER\S-1-5-21-2052111302-1035525444-682003330-1004\De44.bak » DBX - is OK (internal scanning not performed)
E:\RECYCLER\S-1-5-21-2052111302-1035525444-682003330-1004\De65.bak » DBX - is OK (internal scanning not performed)
E:\WINDOWS\Installer\$PatchCache$\Managed\26DDC2EC4210AC63483DF9D4FCC5B59D\3.5.30729\Chrome_manifest.3643236F_FC70_11D3_A536_0090278A1BB8 » MIME - is OK (internal scanning not performed)
E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\chrome.manifest » MIME - is OK (internal scanning not performed)
E:\WINDOWS\system32\drivers\aec.sys - Win32/Bubnix.AU trojan - cleaned by deleting - quarantined [1]
c:\windows\system32\sens.dll - Win32/Patched.NAA trojan - unable to clean
C:\WINDOWS\$NtServicePackUninstall$\sens.dll - Win32/Patched.NAA trojan - deleted - quarantined
C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe - Win32/Patched.N trojan - deleted - quarantined
C:\WINDOWS\system32\sens.dll - Win32/Patched.NAA trojan - unable to clean
E:\Documents and Settings\papakostas\Local Settings\Temp\jar_cache3607503970769787266.tmp » ZIP » CustomClass.class - a variant of Java/Rowindal.A trojan - was a part of the deleted object
E:\Documents and Settings\papakostas\Local Settings\Temp\jar_cache3607503970769787266.tmp » ZIP » dostuff.class - a variant of Java/Rowindal.A trojan - was a part of the deleted object
E:\Documents and Settings\papakostas\Local Settings\Temp\jar_cache3607503970769787266.tmp » ZIP » evilPolicy.class - a variant of Java/Rowindal.A trojan - was a part of the deleted object
E:\Documents and Settings\papakostas\Local Settings\Temp\jar_cache3607503970769787266.tmp » ZIP » SiteError.class - a variant of Java/Exploit.CVE-2010-0094.A trojan - was a part of the deleted object
Number of scanned objects: 505221
Number of threats found: 21
Number of cleaned objects: 18
Time of completion: 3:16:30 μμ Total scanning time: 5179 sec (01:26:19)
Notes:
[1] Object has been deleted as it only contained the virus body.
[4] Object cannot be opened. It may be in use by another application or operating system.
Hope to hear soon from u.