Posted 17 May 2011 - 04:50 AM
I am using a desktop running Windows XP SP3 with 2GB RAM.
Very recently I was infected by a trojan(s) and that got cleared up via a thread in “Am I Infected.”
Oddly when coming to my computer in the morning I have found a notice that the computer (which I leave on overnight) is in use and had been locked. I just reboot and off we go.
This morning I had the same message but in addition a few error messages: “Unable to relaunch restart.exe.”
Another ERF which said that my Avira antivirus “ccwkrlib.dll cannot be found or has been modified or destroyed.” The Avira system tray icon was missing.
Could not read from file Qualcomm\Eudora\Out.mbx (Eudora is my email program).
I did a hard reboot, which was fine and I looked at Event Viewer - which showed 2 system errors at about 4.00 am UK time.
One was “Unable to start DCOM Server”(Event10000) and it said there was insuffienct resource when carrying out C:\Windows\system32\wbem\wmiprvse.exe - Embedding.”
Later 4 or 5 “SidebySide” error (Event 59): “Resolve Partial Assembly failed for Micosoft VC90.CRT. Reason, again, insufficient resources.
These insuffient resources are a real mystery as I always leave my computer with just Windows Explorer open plus minor stuff like firewalls.
Anyway, I just did a (short) Malwarebytes scan, plus a Spybot scan - both showing clear. I see that on 14th May I had done a full Avira scan - which was also clear.
The only other bit of information, which I do not understand is an Application Event about 3 days ago from WinMgmt event 63 saying “a provider, OffProv11, has been registered in the WMI namespace. Root \MSAPS11 to use the local system account.” and it may cause security violations....
I am not sure where to go from here. The coming to my computer to find a message that it has been locked is not new - has been happening about once a week for a month.
Be grateful for any advice from the more computer literate!