From: "Teri" <Teri@discussions.microsoft.com>

| Don't ask me what I was thinking, I think I was caught up in the System
| Restore issue.
|
| McAfee
| Scanning C: []
| C:\q735015.exe\q735015.exe ... Found the StartPage-DU trojan !!!
| The file or process has been deleted.
| Scanning C:\*.*
| C:\Documents and Settings\Terri\Local
| Settings\Temp\bar.0\MWSSETUP.EXE\000dc980.EXE ... Found potentially unwanted
| program Adware-MWS.
| The file or process has been deleted.
| The archive has been deleted.
| C:\Recycled\Q330995.exe\Q330995.exe ... Found the StartPage-DU trojan !!!
| The file or process has been deleted.
|
< snip >

>>>> Virus fragment 'W95/Whog-878b' found in file c:\WINDOWS\system32\ActiveScan\pskavs.dll
| Removal successful
| Could not open c:\WINDOWS\system32\config\system.LOG
>>>> Virus 'W32/Codbot-AC' found in file c:\WINDOWS\system32\wuapi.exe

< snip >

Well I see Adware and a startPage Trojan and two true viruses. None of which I see should
affect Windows Management Instrumentation (WMI) from what I see.

W32/Codbot-AC
http://www.sophos.com/virusinfo/anal...2codbotac.html

W95/Whog-878b
http://www.sophos.com/virusinfo/anal...5whog878b.html

StartPage-DU trojan
http://vil.nai.com/vil/content/v_126244.htm

Since adware was found, I suggest the following...

Please download, install and update the following software...

Ad-aware SE v1.06
http://www.lavasoft.de/
http://www.lavasoftusa.com/

SpyBot Search and Destroy v1.4
http://security.kolla.de/

After the software is updated, I suggest scanning the system in Safe Mode.

I also suggest downloading, installing and updating BHODemon for any Browser Helper Objects
that may be on the PC.

BHODemon
http://www.definitivesolutions.com/bhodemon.htm

Did you create and try the FixWMI Batch File ?

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm