0

Hi guys, the computers in my office had been infected with this malware 'Surabaya is my birthday' and is annoying.

Anybody here have encounter the same problem and actually managed to solve it?

I tried scanned using anti-malware programme but the message still keep on appearing at the start of my pc.

Please help.

3
Contributors
13
Replies
14
Views
8 Years
Discussion Span
Last Post by Takuniku
0

Download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.
Post back here with that log and a HiJackThis full system scan log.
Judy

0

Download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.
Post back here with that log and a HiJackThis full system scan log.
Judy

Hi johlland, below is the MBA-M and HiJackThis log as requested.

MBA-M Log:

Malwarebytes' Anti-Malware 1.31
Database version: 1524
Windows 5.1.2600 Service Pack 2

12/22/2008 12:09:44 PM
mbam-log-2008-12-22 (12-09-43).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 162505
Time elapsed: 1 hour(s), 37 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


HiJackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:20:56 PM, on 12/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Microsoft Office\Office\EXCEL.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Tourconn\Desktop\HiJackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C43 Series" /O5 "LPT1:" /M "Stylus C43"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Media Manager.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://mailcentral7.sp.edu.sg/iNotes6W.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://spring1.ura.gov.sg/mapguide6/mgaxctrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168831694015
O16 - DPF: {F6676623-8BBD-479C-A51B-05868728708C} (DigitalDM) - http://www.leonardotravelebooks.com/ebooks/DIGITALDM2.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 6575 bytes

0

Can you pls update MBA-M under the update tab.

Then Follow jholland's instructions again.

Thanks,

Cohen

0

This is the updated log:

Malwarebytes' Anti-Malware 1.31
Database version: 1533
Windows 5.1.2600 Service Pack 2

12/23/2008 10:45:20 AM
mbam-log-2008-12-23 (10-45-20).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 165734
Time elapsed: 1 hour(s), 44 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:47 AM, on 12/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Documents and Settings\Tourconn\Desktop\HiJackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C43 Series" /O5 "LPT1:" /M "Stylus C43"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Media Manager.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://mailcentral7.sp.edu.sg/iNotes6W.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://spring1.ura.gov.sg/mapguide6/mgaxctrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168831694015
O16 - DPF: {F6676623-8BBD-479C-A51B-05868728708C} (DigitalDM) - http://www.leonardotravelebooks.com/ebooks/DIGITALDM2.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 6629 bytes

0

Awesome

Alright a few things

==============

Your Java Runtime Environment is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update:
Updating Java:

Reboot your Computer

=====================

Then, Run HJT, Select System Scan Only and mark a check next the following

O4 - Startup: Media Manager.lnk = ?
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Then Click Fix
Reboot your Computer
Run HJT again, and scan and save the log
Post the log in a reply.

============

Also, how is your PC going now?? still having problems??

Thanks,

Cohen

0

MBA-M removed one item, your HJT log looks ok.
Are you still getting the "birthday" message?
If so, try a scan with ESET Scanner
# You will need to use Internet Explorer to to complete this scan.
# You will need to temporarily Disable your current Anti-virus program.
# Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
# When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log

0

Awesome

Alright a few things

==============

Your Java Runtime Environment is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update:
Updating Java:

Reboot your Computer

=====================

Then, Run HJT, Select System Scan Only and mark a check next the following

O4 - Startup: Media Manager.lnk = ?
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Then Click Fix
Reboot your Computer
Run HJT again, and scan and save the log
Post the log in a reply.

============

Also, how is your PC going now?? still having problems??

Thanks,

Cohen

Hi Cohen

Thanks for your concern, my pc still have the message and everytime when I want to open my thumb or C drive it will say open with another programme. I will just click 'explore'.

This is the HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:32:22 PM, on 12/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\update\update.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Tourconn\Desktop\HiJackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C43 Series" /O5 "LPT1:" /M "Stylus C43"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://mailcentral7.sp.edu.sg/iNotes6W.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://spring1.ura.gov.sg/mapguide6/mgaxctrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168831694015
O16 - DPF: {F6676623-8BBD-479C-A51B-05868728708C} (DigitalDM) - http://www.leonardotravelebooks.com/ebooks/DIGITALDM2.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 6472 bytes

0

MBA-M removed one item, your HJT log looks ok.
Are you still getting the "birthday" message?
If so, try a scan with ESET Scanner
# You will need to use Internet Explorer to to complete this scan.
# You will need to temporarily Disable your current Anti-virus program.
# Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
# When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log

Hi Judy

I restarted my computer after I finished the scanning and removed the virus but the 'Surabaya is my birthday' message is still there.

This is the post:

Scan Log
Version of virus signature database: 3231 (20080701)
Date: 12/24/2008 Time: 9:28:38 AM
Scanned disks, folders and files: C:\;D:\
C:\hiberfil.sys - error opening [4]
C:\pagefile.sys - error opening [4]
C:\Documents and Settings\LocalService\NTUSER.DAT - error opening [4]
C:\Documents and Settings\LocalService\ntuser.dat.LOG - error opening [4]
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening [4]
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening [4]
C:\Documents and Settings\NetworkService\NTUSER.DAT - error opening [4]
C:\Documents and Settings\NetworkService\ntuser.dat.LOG - error opening [4]
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening [4]
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening [4]
C:\Documents and Settings\Tourconn\ntuser.dat - error opening [4]
C:\Documents and Settings\Tourconn\NTUSER.DAT.LOG - error opening [4]
C:\Documents and Settings\Tourconn\.housecall6.6\win32.zip.transfer » ZIP » patch.exe - archive damaged
C:\Documents and Settings\Tourconn\Application Data\Skype\jooookie\call256.dbb - error opening [4]
C:\Documents and Settings\Tourconn\Application Data\Skype\jooookie\callmember256.dbb - error opening [4]
C:\Documents and Settings\Tourconn\Application Data\Skype\jooookie\chat512.dbb - error opening [4]
C:\Documents and Settings\Tourconn\Application Data\Skype\jooookie\chatmember256.dbb - error opening [4]
C:\Documents and Settings\Tourconn\Application Data\Skype\jooookie\chatmsg256.dbb - error opening [4]
C:\Documents and Settings\Tourconn\Application Data\Skype\jooookie\chatmsg512.dbb - error opening [4]
C:\Documents and Settings\Tourconn\Application Data\Skype\jooookie\contactgroup256.dbb - error opening [4]
C:\Documents and Settings\Tourconn\Application Data\Skype\jooookie\index2.dat - error opening [4]
C:\Documents and Settings\Tourconn\Application Data\Skype\jooookie\main.lock - error opening [4]
C:\Documents and Settings\Tourconn\Application Data\Skype\jooookie\profile256.dbb - error opening [4]
C:\Documents and Settings\Tourconn\Application Data\Skype\jooookie\user1024.dbb - error opening [4]
C:\Documents and Settings\Tourconn\Application Data\Skype\jooookie\user16384.dbb - error opening [4]
C:\Documents and Settings\Tourconn\Application Data\Skype\jooookie\user4096.dbb - error opening [4]
C:\Documents and Settings\Tourconn\Application Data\Skype\jooookie\voicemail256.dbb - error opening [4]
C:\Documents and Settings\Tourconn\Cookies\tourconn@ethnic_quarters[1].txt » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Cookies\tourconn@ethnic_quarters[2].txt » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Cookies\tourconn@landmarks_and_memorials[2].txt » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Cookies\tourconn@special_interest_tours[1].txt » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Cookies\tourconn@special_interest_tours[2].txt » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Cookies\tourconn@themed___other_attractions[2].txt » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Cookies\tourconn@tours_in_singapore[1].txt » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Cookies\tourconn@travelerdigest[2].txt » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Cookies\tourconn@walking_tours[1].txt » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Cookies\tourconn@www.visitdenmark[2].txt » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Accommodation.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Agent.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\airfare (ga promo).dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\airfare (mi promo).dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Anphong Tourist.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Argentina.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Australia.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Bali.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Bangalore (1).dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Bangalore (2).dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Bangalore.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Bangkok.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Batam.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Bayview Hotel.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Beijing (1).dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Beijing.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Bintan.bak » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Bintan.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Brisbane.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Brunei.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Cambodia.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Canberra.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Car Rental.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Chennai.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Chiang Mai.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\China.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Civil Defend Heritage.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Czech.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Deleted Items.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Drafts.bak » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Drafts.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Dubai.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Egypt.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Europq.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Ferry.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\France.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Genting.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Germany.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Goa.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Greece.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\guangdong.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Guangzhou.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Guilin.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Hard Rock Hotel Bali.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\HCM.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Hong Kong (1).dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Hotel KimBerly.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Hotel Legoland.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Hotel Thirty Three New Delhi.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Hyderabad.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Inbox.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\India (1).dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\India.bak » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\India.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Indochina.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Indonesia.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Italy.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Jakarta.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Japan.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Jogjakarta.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Johor.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Kim Lien Travel.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Kim Lien.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Konsortium Express.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\kota kinabalu.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Kuala Lumpur.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Kuantan.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Laos.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Liaoning.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Lydia.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Macau (1).dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Macau.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Malacca.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Malaysia Coach Company.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\malaysia-east coast.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Malaysia.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Maldives.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Mint Toy Museum Singapore.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\MOE.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Monchua.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Ne water.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Negeri Sembilan.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Nepal.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\New Delhi (1).dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\New Delhi.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\New Orient Tours (1).dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\New Shan (1).dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Night Safari, Zoo, JBP.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Padang.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Pahang.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Penang.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Perth.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Philippines.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Phnom Penh.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Phuket.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Pulau Semakau.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\RMIT University Saigon, Vietnam.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Royal Brunei.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Sabah.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Sarawak.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\School Tours.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Science Centre.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Search Folder (1).dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Search Folder.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Selangor.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Sent Items.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Shanghai.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Siem Reap.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Sikkim.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Singapore Discovery Centre.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Singapore.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\South Africa.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Surabaya.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Syuan Hotel Ipoh.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Taiwan.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Taman Negera.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Tan Minh Investment Trading & Tourism.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Tea Chapter.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Thailand.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\The Mira Hong Kong.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Thi Hoang.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Tibet.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Tour guide.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Turkey.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\United Arab Emirates.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Vietnam Airline.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Vietnam Open Tour.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Vietnam.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Identities\{97225526-475E-40B3-9581-BBA012565297}\Microsoft\Outlook Express\Zone International.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening [4]
C:\Documents and Settings\Tourconn\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening [4]
C:\Documents and Settings\Tourconn\Local Settings\Temp\flaFD.tmp - error opening [4]
C:\Documents and Settings\Tourconn\Local Settings\Temporary Internet Files\Content.IE5\310KO3NJ\wbk3FA.tmp » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Temporary Internet Files\Content.IE5\310KO3NJ\wbk3FE.tmp » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Temporary Internet Files\Content.IE5\8D6F8DIB\wbk70.tmp » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Temporary Internet Files\Content.IE5\8D6F8DIB\wbk72.tmp » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Temporary Internet Files\Content.IE5\8D6F8DIB\wbk86.tmp » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Temporary Internet Files\Content.IE5\O7SNI54V\wbk5E7.tmp » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Temporary Internet Files\Content.IE5\O7SNI54V\wbk855.tmp » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Temporary Internet Files\Content.IE5\O7SNI54V\wbk86D.tmp » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Temporary Internet Files\Content.IE5\PGVYRN1V\wbk133E.tmp » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Temporary Internet Files\Content.IE5\PGVYRN1V\wbk1394.tmp » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\Local Settings\Temporary Internet Files\Content.IE5\PGVYRN1V\wbkB0D.tmp » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\My Documents\Doc\Overseas\ChangMai\Changmai Tour Programe In Northern Thailand.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\My Documents\Korea\Seoul (7D6N).eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\My Documents\Korea\Seoul.Icheon (7D6N).eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\My Documents\others\BKK\BKK Asia package cooperation.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\My Documents\others\BKK\BKK Fw_ www_asiaexplorer_net.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\My Documents\others\BKK\BKK Quotation from Kok Thai Travel.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\My Documents\others\BKK\BKK Tourist Information in Thailand.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\My Documents\others\BKK\BKK TRIANGLE FARES & BKKspcl.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\My Documents\others\Endau Rompin\Endau Rompin Tour.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\My Documents\others\Endau Rompin\Endau Rompin.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\My Documents\others\Endau Rompin\Re_ Endau Rompin Tour.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\My Documents\others\Endau Rompin\Student Package to Endau Rompin Pahang.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\My Documents\others\Johore Bahru\Kahang Organic Rice Eco Farm.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\My Documents\others\Johore Bahru\Organic Rice Eco Farm.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\My Documents\others\Phuket\Phiket booking apt_htl_apt transfers + half day tour.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Tourconn\My Documents\others\Phuket\Phuket Situation.eml » MIME - is OK (internal scanning not performed)
C:\Program Files\Ahead\Nero\CDI\CDI_VCD.CFG » MIME - is OK (internal scanning not performed)
C:\Program Files\AVG\AVG8\avgmwdef_us.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core3.zip » ZIP » lib/deploy/ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core3.zip » ZIP » lib/resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core3.zip » ZIP » lib/resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core3.zip » ZIP » lib/resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_05\lib\resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_05\lib\resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_05\lib\resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_05\lib\deploy\ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_07\lib\resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_07\lib\resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_07\lib\resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_07\lib\deploy\ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\deploy\ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\deploy\jqs\ff\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask » ZIP » arrow1.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask » ZIP » arrow2.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask » ZIP » bck1.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask » ZIP » bck2.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask » ZIP » bt11.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask » ZIP » bt12.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask » ZIP » bt13.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask » ZIP » bt21.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask » ZIP » bt22.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask » ZIP » bt23.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask » ZIP » bt31.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask » ZIP » bt32.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask » ZIP » bt33.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask » ZIP » bt41.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask » ZIP » bt42.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask » ZIP » bt43.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask » ZIP » bt51.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask » ZIP » bt52.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask » ZIP » bt53.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask » ZIP » bt61.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask » ZIP » bt62.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask » ZIP » checkbox1.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask » ZIP » checkbox2.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask » ZIP » checkbox3.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask » ZIP » checkbox4.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask » ZIP » default.skn - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask » ZIP » defbtn1.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask » ZIP » defbtn2.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask » ZIP » defbtn3.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask » ZIP » glyph1.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask » ZIP » glyph2.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask » ZIP » glyph3.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask » ZIP » glyph4.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask » ZIP » glyph5.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask » ZIP » glyph6.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask » ZIP » glyph7.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask » ZIP » main.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask » ZIP » preview.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask » ZIP » sprite1.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask » ZIP » tab1.bmp - error - password-protected file
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask » ZIP » tab2.bmp - error - password-protected file
C:\Program Files\Macromedia\Dreamweaver 8\Configuration\Objects\Common\_folderinfo.txt » MIME - is OK (internal scanning not performed)
C:\Program Files\Macromedia\Dreamweaver 8\Configuration\Snippets\Accessible\Content_Tables\_folderinfo.txt » MIME - is OK (internal scanning not performed)
C:\Program Files\Macromedia\Dreamweaver 8\Configuration\Snippets\Comments\_folderinfo.txt » MIME - is OK (internal scanning not performed)
C:\Program Files\Macromedia\Dreamweaver 8\Configuration\Snippets\Content_Tables\_folderinfo.txt » MIME - is OK (internal scanning not performed)
C:\Program Files\Macromedia\Dreamweaver 8\Configuration\Snippets\~Deprecated\Accessible\Content_Tables\_folderinfo.txt » MIME - is OK (internal scanning not performed)
C:\Program Files\Macromedia\Dreamweaver 8\Configuration\Snippets\~Deprecated\Content_Tables\_folderinfo.txt » MIME - is OK (internal scanning not performed)
C:\Program Files\Macromedia\Dreamweaver 8\Configuration\Third Party Source Code\JavaScript Interpreter\javascript15.zip » ZIP » JavaScript/jslocko.asm » MIME - is OK (internal scanning not performed)
C:\WINDOWS\Thumbs .db - Win32/AutoRun.WD worm - cleaned by deleting - quarantined [1]
C:\WINDOWS\system32\CatRoot2\edb.log - error opening [4]
C:\WINDOWS\system32\CatRoot2\tmp.edb - error opening [4]
C:\WINDOWS\system32\config\default - error opening [4]
C:\WINDOWS\system32\config\default.LOG - error opening [4]
C:\WINDOWS\system32\config\SAM - error opening [4]
C:\WINDOWS\system32\config\SAM.LOG - error opening [4]
C:\WINDOWS\system32\config\SECURITY - error opening [4]
C:\WINDOWS\system32\config\SECURITY.LOG - error opening [4]
C:\WINDOWS\system32\config\software - error opening [4]
C:\WINDOWS\system32\config\software.LOG - error opening [4]
C:\WINDOWS\system32\config\system - error opening [4]
C:\WINDOWS\system32\config\system.LOG - error opening [4]
D:\Autorun.inf - Win32/AutoRun.WD worm - cleaned by deleting - quarantined [1]
D:\Thumbs .db - Win32/AutoRun.WD worm - cleaned by deleting - quarantined [1]
Number of scanned objects: 282337
Number of threats found: 3
Number of cleaned objects: 3
Time of completion: 11:28:48 AM Total scanning time: 7210 sec (02:00:10)

Notes:
[1] Object has been deleted as it only contained the virus body.
[4] Object cannot be opened. It may be in use by another application or operating system.

0

Takuniku - Can you pls run that, in safe mode, with networking.

Thanks,

Cohen

Hi Cohen

How to run my computer in safe mood? I don't know how to bring up the command to run in safe mood.

Networking mean run it with internet connection right?

0

Networking meaning yes, network / internet connection

To get into safe mode, when you hear the beep on your computer, keep pressing F8, and it should load in safe mode.

Cohen

0

Networking meaning yes, network / internet connection

To get into safe mode, when you hear the beep on your computer, keep pressing F8, and it should load in safe mode.

Cohen

I tried the command but it doesn't work.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.