Bad image message pop up every time I tried to run an application

OK. I'm posting but then I'm going to bed.. Im in australia and it's late here. Talk more tomorrow. Thanks for all help.

Kaspersky:

-- Files created between 2007-10-20 and 2007-11-20 -----------------------------

2007-11-20 22:10:37 0 d-------- C:\!KillBox
2007-11-13 15:31:56 0 d-------- C:\WINDOWS\CSC
2007-11-13 03:02:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-13 03:02:39 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-13 02:38:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-13 02:13:32 0 d-------- C:\Program Files\Trend Micro
2007-11-13 01:04:00 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-11-05 19:53:11 0 --a------ C:\WINDOWS\dsn2c3.reg


-- Find3M Report ---------------------------------------------------------------

2007-11-13 02:19:48 0 d-------- C:\Program Files\MSN Messenger
2007-11-13 02:19:30 0 d-------- C:\Program Files\Microsoft Private Folder 1.0
2007-11-13 02:15:01 0 d-------- C:\Program Files\iTunes
2007-11-13 02:12:47 0 d-------- C:\Program Files\Google
2007-11-13 02:12:37 0 d-------- C:\Program Files\fulDC
2007-11-13 02:11:44 0 d-------- C:\Program Files\Common Files\LightScribe
2007-11-13 01:21:29 0 d-------- C:\Program Files\Windows Defender
2007-11-11 04:25:40 0 d-------- C:\Documents and Settings\David Ashman\Application Data\Skype
2007-10-24 20:06:48 0 d-------- C:\Documents and Settings\David Ashman\Application Data\Adobe
2007-10-15 20:00:16 0 d-------- C:\Program Files\EA Sports
2007-10-08 17:55:03 0 d-------- C:\Program Files\iPod
2007-10-08 17:50:55 0 d-------- C:\Program Files\Apple Software Update
2007-10-07 17:51:14 0 d-------- C:\Program Files\AirPort
2007-10-07 17:09:35 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-06 14:51:05 0 d-------- C:\Program Files\Network Stumbler
2007-10-01 15:01:49 0 d-------- C:\Program Files\KONAMI


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [06/08/2005 15:56]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [04/05/2006 16:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 05:00]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [20/07/2006 16:58]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [20/07/2006 16:58]
"nwiz"="nwiz.exe" [20/07/2006 16:58 C:\WINDOWS\system32\nwiz.exe]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [03/06/2006 02:02 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [17/06/2006 16:22]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [20/07/2006 01:14]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [19/06/2006 21:33]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [19/06/2006 20:50]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [11/10/2005 20:23]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 20:50]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [27/10/2006 10:47]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [06/10/2006 08:11]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [18/01/2007 23:09]
"PSDrvCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [28/08/2003 21:47]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [16/02/2005 23:11]
"Net iD"="C:\WINDOWS\system32\iid.exe" [15/03/2007 11:11]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [29/06/2007 07:24]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [04/04/2007 03:00]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [04/04/2007 03:50]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [25/10/2006 10:03]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [04/02/2007 13:02]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [26/09/2007 15:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [16/03/2006 15:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [01/08/2007 10:36]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [15/11/2006 20:49]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [27/01/2007 05:07:42]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 23:05:26]
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [07/03/2007 18:47:27]
HP Pavilion Webcam Tray Icon.lnk - C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [16/12/2006 15:41:36]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [25/09/2005 03:39:30]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5980d068-ab52-11db-b442-001636a48b43}]
AutoRun\command- F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6714813e-a6e0-11db-b432-001636a48b43}]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc117c0e-d382-11db-b490-0018de844ea4}]
AutoRun\command- F:\setupSNK.exe




-- End of Deckard's System Scanner: finished at 2007-11-20 23:43:46 ------------
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:31:40, on 21/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\JackHigher.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [PSDrvCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Net iD] C:\WINDOWS\system32\iid.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5BF56AD2-E297-416E-BC49-000004040507} - https://cve.trust.telia.com/TeliaEleg/iidsetup.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170940117578
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://213.212.12.50/Remote/msrdp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe

--
End of file - 11357 bytes
 
Sorry :) I seem to have been a bit tired last night.

Here's the kaspersky:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, November 21, 2007 2:17:59 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 20/11/2007
Kaspersky Anti-Virus database records: 462229
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
G:\

Scan Statistics:
Total number of scanned objects: 116580
Number of viruses found: 21
Number of infected objects: 99
Number of suspicious objects: 0
Duration of the scan process: 02:09:11

Infected Object Name / Virus Name / Last Action
C:\!KillBox\5Adtd.dll Infected: Email-Worm.Win32.Warezov.ui skipped
C:\!KillBox\dminbtpa.exe Infected: Email-Worm.Win32.Warezov.gen skipped
C:\!KillBox\hypelapr.dll Infected: Email-Worm.Win32.Warezov.sz skipped
C:\!KillBox\icmuwshe.dll Infected: Email-Worm.Win32.Warezov.tc skipped
C:\!KillBox\icmuwshe.dll( 1) Infected: Email-Worm.Win32.Warezov.tc skipped
C:\!KillBox\jobekbdn.exe Infected: Email-Worm.Win32.Warezov.gen skipped
C:\!KillBox\pmspwups.dll Infected: Email-Worm.Win32.Warezov.td skipped
C:\!KillBox\pubnfex.exe Infected: Email-Worm.Win32.Warezov.uh skipped
C:\!KillBox\skt68.exe Infected: IM-Worm.Win32.Agent.ae skipped
C:\!KillBox\sygwin.exe Infected: Email-Worm.Win32.Warezov.ug skipped
C:\!KillBox\winnatkc.dll Infected: Email-Worm.Win32.Warezov.tp skipped
C:\Daweeds\Program Downloads\fulDC-6.78.msi/_5B663934D3150C1A2CE5A602435F38E5/_13B5FCBE8FBD856DA69486A1B60B8AC6 Infected: not-a-virus:Monitor.Win32.NetMon.a skipped
C:\Daweeds\Program Downloads\fulDC-6.78.msi/_5B663934D3150C1A2CE5A602435F38E5 Infected: not-a-virus:Monitor.Win32.NetMon.a skipped
C:\Daweeds\Program Downloads\fulDC-6.78.msi Embedded: infected - 2 skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-01182007-123040.log Object is locked skipped
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp Object is locked skipped
C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped
C:\Documents and Settings\David Ashman\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{5E5A86F6-DC94-40C9-9AA8-C587561B87FA} Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\History\History.IE5\MSHist012007112120071122\index.dat Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Temp\~DFAFC6.tmp Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Temp\~DFB16B.tmp Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Temp\~DFD915.tmp Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\David Ashman\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\David Ashman\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\David Ashman\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP422\A0037106.exe Infected: Email-Worm.Win32.Warezov.tc skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP422\A0037107.exe Infected: Email-Worm.Win32.Warezov.tc skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP422\A0037108.exe Infected: Email-Worm.Win32.Warezov.pk skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP422\A0037109.dll Infected: Email-Worm.Win32.Warezov.ra skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP422\A0037110.exe Infected: Email-Worm.Win32.Warezov.ra skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP422\A0038118.exe Infected: IM-Worm.Win32.Agent.ae skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP422\A0038119.exe Infected: Email-Worm.Win32.Warezov.tb skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP423\A0038127.exe Infected: Email-Worm.Win32.Warezov.td skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP423\A0038128.exe Infected: Email-Worm.Win32.Warezov.ra skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP423\A0038129.exe Infected: Email-Worm.Win32.Warezov.pk skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP423\A0038132.exe Infected: Email-Worm.Win32.Warezov.tp skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP426\A0039127.exe Infected: Email-Worm.Win32.Warezov.pk skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP426\A0039128.exe Infected: Email-Worm.Win32.Warezov.tt skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP426\A0039130.exe Infected: Email-Worm.Win32.Warezov.ra skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP426\A0039133.exe Infected: Email-Worm.Win32.Warezov.tq skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP426\A0039134.exe Infected: Email-Worm.Win32.Warezov.tp skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP426\A0039167.exe Infected: Email-Worm.Win32.Warezov.tq skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP426\A0039168.exe Infected: Email-Worm.Win32.Warezov.tp skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP427\A0039181.exe Infected: Email-Worm.Win32.Warezov.pk skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP427\A0039184.exe Infected: Email-Worm.Win32.Warezov.tq skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP427\A0039185.exe Infected: Email-Worm.Win32.Warezov.tp skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP427\A0039247.exe Infected: Email-Worm.Win32.Warezov.tq skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP427\A0039248.exe Infected: Email-Worm.Win32.Warezov.tp skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP427\A0039277.exe Infected: Email-Worm.Win32.Warezov.tq skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP427\A0039279.exe Infected: Email-Worm.Win32.Warezov.tp skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP427\A0039304.exe Infected: Email-Worm.Win32.Warezov.tq skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP427\A0039305.exe Infected: Email-Worm.Win32.Warezov.tp skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP430\A0039490.exe Infected: Email-Worm.Win32.Warezov.uh skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP430\A0039491.exe Infected: Email-Worm.Win32.Warezov.uh skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP430\A0039494.exe Infected: Email-Worm.Win32.Warezov.tq skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP430\A0039495.exe Infected: Email-Worm.Win32.Warezov.tp skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP430\A0040492.exe Infected: Email-Worm.Win32.Warezov.tq skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP430\A0040493.exe Infected: Email-Worm.Win32.Warezov.tp skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP431\A0040540.exe Infected: Email-Worm.Win32.Warezov.tq skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP431\A0040541.exe Infected: Email-Worm.Win32.Warezov.tp skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP431\A0040562.exe Infected: Email-Worm.Win32.Warezov.tb skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP431\A0041541.exe Infected: Email-Worm.Win32.Warezov.tq skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP431\A0041542.exe Infected: Email-Worm.Win32.Warezov.tp skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP431\A0041574.exe Infected: Email-Worm.Win32.Warezov.ra skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP431\A0041575.exe Infected: Email-Worm.Win32.Warezov.ug skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP431\A0041576.exe Infected: IM-Worm.Win32.Agent.ae skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP432\A0042539.exe Infected: Email-Worm.Win32.Warezov.ra skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP432\A0042542.exe Infected: Email-Worm.Win32.Warezov.tq skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP432\A0042543.exe Infected: Email-Worm.Win32.Warezov.tp skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP432\A0042555.exe Infected: not-a-virus:Monitor.Win32.NetMon.a skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP432\A0043538.dll Infected: Email-Worm.Win32.Warezov.tc skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP432\A0043539.dll Infected: Email-Worm.Win32.Warezov.tc skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP432\A0043540.dll Infected: Email-Worm.Win32.Warezov.sz skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP432\A0043541.dll Infected: Email-Worm.Win32.Warezov.tz skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP432\A0043542.dll Infected: Email-Worm.Win32.Warezov.sz skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP432\A0043543.dll Infected: Email-Worm.Win32.Warezov.sz skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP432\A0043548.exe Infected: Email-Worm.Win32.Warezov.tp skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP432\A0044540.exe Infected: Email-Worm.Win32.Warezov.tp skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP432\A0044560.exe Infected: Email-Worm.Win32.Warezov.tp skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP432\A0045570.exe Infected: Email-Worm.Win32.Warezov.tp skipped
 
continued..

C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP432\A0045592.exe Infected: Email-Worm.Win32.Warezov.tp skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP433\A0045659.exe Infected: Email-Worm.Win32.Warezov.tp skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP434\A0046659.exe Infected: Email-Worm.Win32.Warezov.tp skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP434\A0047659.exe Infected: Email-Worm.Win32.Warezov.tp skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP434\A0047782.exe Infected: Email-Worm.Win32.Warezov.tp skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP437\A0047897.exe Infected: Email-Worm.Win32.Warezov.tp skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP439\A0047937.exe Infected: Email-Worm.Win32.Warezov.tp skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP439\A0047950.dll Infected: Email-Worm.Win32.Warezov.tc skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP439\A0047953.exe Infected: Email-Worm.Win32.Warezov.tp skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP439\A0047971.dll Infected: Email-Worm.Win32.Warezov.tp skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP439\A0047975.dll Infected: Email-Worm.Win32.Warezov.td skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP439\A0047976.exe Infected: Email-Worm.Win32.Warezov.gen skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP439\A0047977.dll Infected: Email-Worm.Win32.Warezov.ui skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP439\A0047978.exe Infected: Email-Worm.Win32.Warezov.ug skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP439\A0047979.exe Infected: IM-Worm.Win32.Agent.ae skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP439\A0047981.dll Infected: Email-Worm.Win32.Warezov.sz skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP439\A0047982.exe Infected: Email-Worm.Win32.Warezov.gen skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP439\A0047996.exe Infected: Email-Worm.Win32.Warezov.uh skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP439\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{9D3CF3FD-8E37-4387-88CC-D4DCEFEA145C}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\atapi.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\MsDtc\MSDTC.LOG Object is locked skipped
C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log Object is locked skipped
C:\WINDOWS\system32\msmq\storage\QMLog Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\stk70.exe Infected: IM-Worm.Win32.Agent.ae skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\sygmp3.exe Infected: Email-Worm.Win32.Warezov.tx skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\ksdmgr32.dll Infected: Email-Worm.Win32.Warezov.ua skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\netuencd.exe Infected: Email-Worm.Win32.Warezov.gen skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\onksd.dll Infected: Email-Worm.Win32.Warezov.ty skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\perfex.exe Infected: Email-Worm.Win32.Warezov.tv skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\prfex32.dll Infected: Email-Worm.Win32.Warezov.uh skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\SJ04B4FYv.dll Infected: Email-Worm.Win32.Warezov.ui skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\statex.dll Infected: Email-Worm.Win32.Warezov.qf skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\vbscsysi.exe Infected: Email-Worm.Win32.Warezov.tq skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\wanpsysi.dll Infected: Email-Worm.Win32.Warezov.sz skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\winnatkc.exe Infected: Email-Worm.Win32.Warezov.tp skipped

Scan process completed.
 
Hi

Empty these folders:

C:\_OTMoveIt\MovedFiles\
C:\!KillBox\

Empty Recycle Bin

All other viruses are in system restore and inactive.

I give you later instructions how to empty it.

Other than that, any problems left?
 
Thanks so much for all the help!


Problems since malware:
-My windows update doesn't want to be turned on.
-Windows defender can't update.
-NOD32 is not working as I mentioned before.

I have a folder in c: called qoobox that I don't know what it is.

That's it I think.

Thanks again
 
Hi

"-My windows update doesn't want to be turned on."

Download this (right-click, choose save as or save target as).

Doubleclick updaterestore.reg, click yes and ok.

"-Windows defender can't update."

Uninstall & re-install it; that should do the trick.

"-NOD32 is not working as I mentioned before."

Try same as above.

"I have a folder in c: called qoobox that I don't know what it is."

There are ComboFix backups, feel free to delete that.

Post back if those helped :)
 
My windows update is still not working.. question. Is it suppose to start working immediately after I did that registry thing? If so, it's not.

I don't know how to re-install Windows defender. I don't have it on CD. I think it just came with the computer or with XP.
 
Hi

"My windows update is still not working.. question. Is it suppose to start working immediately after I did that registry thing? If so, it's not."

Well it depends on what makes windows update not to work. Try this
next.

"
I don't know how to re-install Windows defender. I don't have it on CD. I think it just came with the computer or with XP."

It can be found here
 
Ok. So now I know. There's not a problem with Defender, it's just since my Windows update is not working, defender can't update.

I click on the red icon, that looks like a shield on the bar in the bottom of my XP. There it says that my windows update is turned off. There's a button that I can click to to turned it on. When I click on it says that windows security center couldn't turn it on, but I can try to manual turn it on by going to control panel. I go there but that doesn't work. When I then go to windows update homepage a ask it install the latest updates an error message occur and it says that they couldn't continue to install the updates. I've looked but I haven't found the solution. The problem is that my windows update doesn't want to be turned on. Everything else works. Active X works.. so the site you recommended wasn't really for my problem. What do you think I should do?

Thanks again!
 
They asked me to read the log file for windows update. Here's an abstract of it:

2007-11-23 19:30:49:135 3808 88c Misc =========== Logging initialized (build: 7.0.6000.381, tz: +1100) ===========
2007-11-23 19:30:49:135 3808 88c Misc = Process: C:\WINDOWS\system32\rundll32.exe
2007-11-23 19:30:49:135 3808 88c Misc = Module: C:\WINDOWS\system32\wuapi.dll
2007-11-23 19:30:49:135 3808 88c ARP Connected to update session.
2007-11-23 19:30:49:135 3808 88c ARP User is allowed to install published content.
2007-11-23 19:30:49:166 3808 88c COMAPI FATAL: Unable to connect to the service (hr=80070424)
2007-11-23 19:30:49:166 3808 88c COMAPI WARNING: Unable to establish connection to the service. (hr=80070424)
2007-11-23 19:34:25:336 296 5c8 Misc =========== Logging initialized (build: 7.0.6000.381, tz: +1100) ===========
2007-11-23 19:34:25:336 296 5c8 Misc = Process: C:\Program Files\Windows Defender\MSASCui.exe
2007-11-23 19:34:25:336 296 5c8 Misc = Module: C:\WINDOWS\system32\wuapi.dll
2007-11-23 19:34:25:336 296 5c8 COMAPI -------------
2007-11-23 19:34:25:336 296 5c8 COMAPI -- START -- COMAPI: Search [ClientId = Windows Defender]
2007-11-23 19:34:25:336 296 5c8 COMAPI ---------
2007-11-23 19:34:25:367 296 5c8 COMAPI FATAL: Unable to connect to the service (hr=80070424)
2007-11-23 19:34:25:367 296 5c8 COMAPI WARNING: Unable to establish connection to the service. (hr=80070424)
2007-11-23 19:34:25:382 296 5c8 COMAPI - WARNING: Exit code = 0x80070424
2007-11-23 19:34:25:382 296 5c8 COMAPI ---------
2007-11-23 19:34:25:382 296 5c8 COMAPI -- END -- COMAPI: Search [ClientId = <NULL>]
2007-11-23 19:34:25:382 296 5c8 COMAPI -------------
2007-11-23 19:34:25:382 296 5c8 COMAPI FATAL: Unable to initiate asynchronous search, hr=80070424
2007-11-23 19:34:25:382 296 5c8 COMAPI FATAL: Unable to connect to the service (hr=80070424)
2007-11-23 19:34:25:382 296 5c8 COMAPI WARNING: Unable to establish connection to the service. (hr=80070424)
2007-11-23 19:34:58:449 296 434 COMAPI -------------
2007-11-23 19:34:58:449 296 434 COMAPI -- START -- COMAPI: Search [ClientId = Windows Defender]
2007-11-23 19:34:58:449 296 434 COMAPI ---------
2007-11-23 19:34:58:449 296 434 COMAPI FATAL: Unable to connect to the service (hr=80070424)
2007-11-23 19:34:58:449 296 434 COMAPI WARNING: Unable to establish connection to the service. (hr=80070424)
2007-11-23 19:34:58:449 296 434 COMAPI - WARNING: Exit code = 0x80070424
2007-11-23 19:34:58:449 296 434 COMAPI ---------
2007-11-23 19:34:58:449 296 434 COMAPI -- END -- COMAPI: Search [ClientId = <NULL>]
2007-11-23 19:34:58:449 296 434 COMAPI -------------
2007-11-23 19:34:58:449 296 434 COMAPI FATAL: Unable to initiate asynchronous search, hr=80070424
2007-11-23 19:34:58:465 296 434 COMAPI FATAL: Unable to connect to the service (hr=80070424)
2007-11-23 19:34:58:465 296 434 COMAPI WARNING: Unable to establish connection to the service. (hr=80070424)
2007-11-23 19:37:01:981 2012 55c Misc =========== Logging initialized (build: 7.0.6000.381, tz: +1100) ===========
2007-11-23 19:37:01:981 2012 55c Misc = Process: C:\Program Files\Internet Explorer\IEXPLORE.EXE
2007-11-23 19:37:01:981 2012 55c Misc = Module: C:\WINDOWS\system32\wuapi.dll
2007-11-23 19:37:01:981 2012 55c COMAPI FATAL: Unable to connect to the service (hr=80070424)
2007-11-23 19:37:01:981 2012 55c COMAPI WARNING: Unable to establish connection to the service. (hr=80070424)
2007-11-23 19:37:06:248 2012 55c Misc =========== Logging initialized (build: 7.0.6000.381, tz: +1100) ===========
2007-11-23 19:37:06:248 2012 55c Misc = Process: C:\Program Files\Internet Explorer\IEXPLORE.EXE
2007-11-23 19:37:06:248 2012 55c Misc = Module: C:\WINDOWS\system32\wuweb.dll
2007-11-23 19:37:06:248 2012 55c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\wuredir.cab:
2007-11-23 19:37:06:248 2012 55c Misc Microsoft signed: Yes
2007-11-23 19:37:06:373 2012 55c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\wuredir.cab:
2007-11-23 19:37:06:388 2012 55c Misc Microsoft signed: Yes
2007-11-23 19:37:06:451 2012 55c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2007-11-23 19:37:06:482 2012 55c Misc Microsoft signed: Yes
2007-11-23 19:37:06:670 2012 55c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2007-11-23 19:37:06:685 2012 55c Misc Microsoft signed: Yes
2007-11-23 19:37:06:951 2012 55c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wsus3setup.cab:
2007-11-23 19:37:06:951 2012 55c Misc Microsoft signed: Yes
2007-11-23 19:37:06:998 2012 55c Setup *********** Setup: Checking whether self-update is required ***********
2007-11-23 19:37:06:998 2012 55c Setup * Inf file: C:\WINDOWS\SoftwareDistribution\WebSetup\wsus3setup.inf
2007-11-23 19:37:07:045 2012 55c Setup Update NOT required for C:\WINDOWS\system32\cdm.dll: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:37:07:045 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wuapi.dll: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:37:07:060 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wuapi.dll.mui: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:37:07:076 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wuauclt.exe: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:37:07:091 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wuaucpl.cpl: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:37:07:091 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wuaucpl.cpl.mui: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:37:07:091 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wuaueng.dll: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:37:07:123 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wuaueng.dll.mui: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:37:07:185 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wucltui.dll: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:37:07:201 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wucltui.dll.mui: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:37:07:201 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wups.dll: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:37:07:248 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wups2.dll: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:37:07:248 2012 55c Setup * IsUpdateRequired = No
2007-11-23 19:37:12:561 2012 55c COMAPI -------------
2007-11-23 19:37:12:561 2012 55c COMAPI -- START -- COMAPI: Search [ClientId = WindowsUpdate]
2007-11-23 19:37:12:561 2012 55c COMAPI ---------
2007-11-23 19:37:12:576 2012 55c COMAPI FATAL: Unable to connect to the service (hr=80070424)
2007-11-23 19:37:12:576 2012 55c COMAPI WARNING: Unable to establish connection to the service. (hr=80070424)
2007-11-23 19:37:12:576 2012 55c COMAPI - WARNING: Exit code = 0x80070424
2007-11-23 19:37:12:576 2012 55c COMAPI ---------
2007-11-23 19:37:12:576 2012 55c COMAPI -- END -- COMAPI: Search [ClientId = <NULL>]
2007-11-23 19:37:12:576 2012 55c COMAPI -------------
2007-11-23 19:37:12:576 2012 55c COMAPI FATAL: Unable to initiate asynchronous search, hr=80070424
2007-11-23 19:38:58:776 2012 55c COMAPI FATAL: Unable to connect to the service (hr=80070424)
2007-11-23 19:38:58:776 2012 55c COMAPI WARNING: Unable to establish connection to the service. (hr=80070424)
2007-11-23 19:39:04:824 2012 55c COMAPI FATAL: Unable to connect to the service (hr=80070424)
2007-11-23 19:39:04:824 2012 55c COMAPI WARNING: Unable to establish connection to the service. (hr=80070424)
2007-11-23 19:39:07:574 2012 55c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\wuredir.cab:
2007-11-23 19:39:07:574 2012 55c Misc Microsoft signed: Yes
2007-11-23 19:39:07:699 2012 55c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\wuredir.cab:
2007-11-23 19:39:07:699 2012 55c Misc Microsoft signed: Yes
2007-11-23 19:39:07:715 2012 55c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2007-11-23 19:39:07:715 2012 55c Misc Microsoft signed: Yes
2007-11-23 19:39:07:965 2012 55c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2007-11-23 19:39:07:980 2012 55c Misc Microsoft signed: Yes
2007-11-23 19:39:08:230 2012 55c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wsus3setup.cab:
2007-11-23 19:39:08:230 2012 55c Misc Microsoft signed: Yes
2007-11-23 19:39:08:262 2012 55c Setup *********** Setup: Checking whether self-update is required ***********
2007-11-23 19:39:08:262 2012 55c Setup * Inf file: C:\WINDOWS\SoftwareDistribution\WebSetup\wsus3setup.inf
2007-11-23 19:39:08:262 2012 55c Setup Update NOT required for C:\WINDOWS\system32\cdm.dll: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:39:08:262 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wuapi.dll: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:39:08:262 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wuapi.dll.mui: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:39:08:262 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wuauclt.exe: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:39:08:262 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wuaucpl.cpl: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:39:08:262 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wuaucpl.cpl.mui: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:39:08:262 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wuaueng.dll: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:39:08:262 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wuaueng.dll.mui: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:39:08:262 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wucltui.dll: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:39:08:277 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wucltui.dll.mui: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:39:08:277 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wups.dll: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:39:08:277 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wups2.dll: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:39:08:277 2012 55c Setup * IsUpdateRequired = No
2007-11-23 19:39:21:326 4060 ae0 Misc =========== Logging initialized (build: 7.0.6000.381, tz: +1100) ===========
2007-11-23 19:39:21:326 4060 ae0 Misc = Process: C:\WINDOWS\system32\wuauclt.exe
2007-11-23 19:39:21:326 4060 ae0 Misc = Module: C:\WINDOWS\system32\wucltui.dll
2007-11-23 19:39:21:326 4060 ae0 CltUI FATAL: Failed to get agent interface pointers, hr=80070424
2007-11-23 19:39:25:811 3372 530 Misc =========== Logging initialized (build: 7.0.6000.381, tz: +1100) ===========
2007-11-23 19:39:25:811 3372 530 Misc = Process: C:\WINDOWS\system32\wuauclt.exe
2007-11-23 19:39:25:811 3372 530 Misc = Module: C:\WINDOWS\system32\wucltui.dll
2007-11-23 19:39:25:811 3372 530 CltUI FATAL: Failed to get agent interface pointers, hr=80070424
2007-11-23 19:39:28:186 2012 55c COMAPI FATAL: Unable to connect to the service (hr=80070424)
2007-11-23 19:39:28:186 2012 55c COMAPI WARNING: Unable to establish connection to the service. (hr=80070424)
2007-11-23 19:39:30:624 2012 55c COMAPI FATAL: Unable to connect to the service (hr=80070424)
2007-11-23 19:39:30:624 2012 55c COMAPI WARNING: Unable to establish connection to the service. (hr=80070424)
2007-11-23 19:39:53:079 2012 55c COMAPI FATAL: Unable to connect to the service (hr=80070424)
2007-11-23 19:39:53:079 2012 55c COMAPI WARNING: Unable to establish connection to the service. (hr=80070424)
2007-11-23 19:39:57:314 2012 55c Misc =========== Logging initialized (build: 7.0.6000.381, tz: +1100) ===========
2007-11-23 19:39:57:314 2012 55c Misc = Process: C:\Program Files\Internet Explorer\IEXPLORE.EXE
2007-11-23 19:39:57:314 2012 55c Misc = Module: C:\WINDOWS\system32\muweb.dll
2007-11-23 19:39:57:314 2012 55c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\wuredir.cab:
2007-11-23 19:39:57:330 2012 55c Misc Microsoft signed: Yes
2007-11-23 19:39:57:502 2012 55c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\wuredir.cab:
2007-11-23 19:39:57:517 2012 55c Misc Microsoft signed: Yes
2007-11-23 19:39:57:533 2012 55c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2007-11-23 19:39:57:533 2012 55c Misc Microsoft signed: Yes
2007-11-23 19:39:57:799 2012 55c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2007-11-23 19:39:57:799 2012 55c Misc Microsoft signed: Yes
2007-11-23 19:39:57:877 2012 55c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wsus3setup.cab:
2007-11-23 19:39:57:892 2012 55c Misc Microsoft signed: Yes
2007-11-23 19:39:57:908 2012 55c Setup *********** Setup: Checking whether self-update is required ***********
2007-11-23 19:39:57:908 2012 55c Setup * Inf file: C:\WINDOWS\SoftwareDistribution\WebSetup\wsus3setup.inf
2007-11-23 19:39:57:908 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wuweb.dll: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:39:57:908 2012 55c Setup * IsUpdateRequired = No
2007-11-23 19:39:57:924 2012 55c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\wuredir.cab:
2007-11-23 19:39:57:939 2012 55c Misc Microsoft signed: Yes
2007-11-23 19:39:58:002 2012 55c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\wuredir.cab:
2007-11-23 19:39:58:017 2012 55c Misc Microsoft signed: Yes
2007-11-23 19:39:58:033 2012 55c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2007-11-23 19:39:58:049 2012 55c Misc Microsoft signed: Yes
2007-11-23 19:39:58:299 2012 55c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab:
2007-11-23 19:39:58:314 2012 55c Misc Microsoft signed: Yes
2007-11-23 19:39:58:314 2012 55c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wsus3setup.cab:
2007-11-23 19:39:58:330 2012 55c Misc Microsoft signed: Yes
2007-11-23 19:39:58:392 2012 55c Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WebSetup\wsus3setup.cab:
2007-11-23 19:39:58:408 2012 55c Misc Microsoft signed: Yes
2007-11-23 19:39:58:424 2012 55c Setup *********** Setup: Checking whether self-update is required ***********
2007-11-23 19:39:58:424 2012 55c Setup * Inf file: C:\WINDOWS\SoftwareDistribution\WebSetup\wsus3setup.inf
2007-11-23 19:39:58:424 2012 55c Setup Update NOT required for C:\WINDOWS\system32\cdm.dll: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:39:58:424 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wuapi.dll: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:39:58:439 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wuapi.dll.mui: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:39:58:439 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wuauclt.exe: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:39:58:439 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wuaucpl.cpl: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:39:58:439 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wuaucpl.cpl.mui: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:39:58:439 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wuaueng.dll: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:39:58:439 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wuaueng.dll.mui: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:39:58:439 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wucltui.dll: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:39:58:439 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wucltui.dll.mui: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:39:58:439 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wups.dll: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:39:58:439 2012 55c Setup Update NOT required for C:\WINDOWS\system32\wups2.dll: target version = 7.0.6000.381, required version = 7.0.6000.381
2007-11-23 19:39:58:439 2012 55c Setup * IsUpdateRequired = No
2007-11-23 19:39:59:549 2012 55c COMAPI ----------- COMAPI: IUpdateServiceManager::AddService -----------
2007-11-23 19:39:59:549 2012 55c COMAPI - ServiceId = {7971f918-a847-4430-9279-4a52d1efe18d}
2007-11-23 19:39:59:549 2012 55c COMAPI - AuthorizationCabPath = C:\WINDOWS\SoftwareDistribution\AuthCabs\muauth.cab
2007-11-23 19:39:59:564 2012 55c COMAPI FATAL: Unable to connect to the service (hr=80070424)
2007-11-23 19:39:59:564 2012 55c COMAPI WARNING: Unable to establish connection to the service. (hr=80070424)
2007-11-23 19:39:59:564 2012 55c COMAPI - Exit code = 0x80070424
2007-11-23 19:39:59:564 2012 55c COMAPI FATAL: Unable to connect to the service (hr=80070424)
2007-11-23 19:39:59:564 2012 55c COMAPI WARNING: Unable to establish connection to the service. (hr=80070424)
2007-11-23 19:40:39:257 3732 d54 Misc =========== Logging initialized (build: 7.0.6000.381, tz: +1100) ===========
2007-11-23 19:40:39:257 3732 d54 Misc = Process: C:\WINDOWS\system32\rundll32.exe
2007-11-23 19:40:39:257 3732 d54 Misc = Module: C:\WINDOWS\system32\wuapi.dll
2007-11-23 19:40:39:257 3732 d54 ARP Connected to update session.
2007-11-23 19:40:39:257 3732 d54 ARP User is allowed to install published content.
2007-11-23 19:40:39:257 3732 d54 COMAPI FATAL: Unable to connect to the service (hr=80070424)
2007-11-23 19:40:39:257 3732 d54 COMAPI WARNING: Unable to establish connection to the service. (hr=80070424)
 
Hi

Please click Start > Run and type in: services.msc
Click OK
In the Services window find: Automatic updates
Select/highlight and right click the entry, and choose: Properties
On the General tab, under Service Status click the Stop button
Beside: Startup Type, in the drop menu, select: Automatic
Click Apply, then OK

Did it help?
 
Hi

"In the Services window find: Automatic updates"

I don't have that in m services window, neither something close to that. Couldn't find antything. sorry...

maybe that's part of the problem?
 
Hi

I think that method 2 could have worked, but I get promted for the CD and it doesn't work to type the path, I still get prompted for the CD which I don't have.. Windows was installed when I bought my computer.

Is there some way to get around that?
 
I figured it out.. It's fixed now. Thanks!

One more thing.. you said something about showing me how to remove stuff from system restore. What is that?
 
Hi

Then you're clean!

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Looking over your log, it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:

1) Antivir PersonalEdition Classic - Free anti-virus software for Windows. Detects and removes more than 50,000 viruses. Free support.
2) avast! 4 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition - Free edition of the AVG anti-virus program for Windows.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.

Looking over your log, it seems you don't have any evidence of a third party firewall.

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:

1) Comodo
2) Sunbelt/Kerio
3) Agnitum
4) ZoneAlarm

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 3 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6u3...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Read the License Agreement and then check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u3-windows-i586-p.exe to install the newest version.


Next we remove all used tools.

Please download OTMoveIt and save it to desktop.
  • Double-click OTMoveIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet, please allow it to do so.

  • Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

    You can find instructions on how to enable and re-enable system restore here:

    Windows XP System Restore Guide

Re-enable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Ad-Aware - Install and download Ad-Aware. You should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware 2007 to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety

  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
  • Comodo BOCLEAN <= Stop identity thieves from getting personal information. Instantly detects well over 1,000,000 unique, variant and repack malware in total. And it's free.
  • Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
    Using Winpatrol to protect your computer from malicious software

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean!
 
You must log in or register to reply here.
Back
Top