Jump to content

Please help I think i am infected weird things in taskeng.exe


Recommended Posts

I opened task manager to check the processes . Next to taskeng.exe in the command line are weird numbers and letters. also in my user temp file i found a file named atishoukatis when i opened it there was a text file called mantras in it.

I ran the windows live safety scanner today and for the first time it found 30 objects it could not scan. It did not tell me which objects they were.

Here is my antimalwarebytes log:

Malwarebytes' Anti-Malware 1.34

Database version: 1891

Windows 6.0.6001 Service Pack 1

3/24/2009 12:28:11 PM

mbam-log-2009-03-24 (12-28-11).txt

Scan type: Quick Scan

Objects scanned: 58165

Time elapsed: 3 minute(s), 58 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

I will now post the hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:30:00 PM, on 3/24/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe

C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...rio&pf=cndt

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://compaq-desktop.aol.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...rio&pf=cndt

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...rio&pf=cndt

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O1 - Hosts: ::1 localhost

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"

O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"

O4 - HKLM\..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl

O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O13 - Gopher Prefix:

O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/...s/wlscctrl2.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe

O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe

O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe

O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe

O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe

O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe

O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 6299 bytes

Link to post
Share on other sites

  • Root Admin

Nothing obvious seen in the logs. Did you fully remove all the scanner tools from your box?

Try clearing all cache, %temp% files, System Restore points and create a new one, clear all Quarantine areas from all security Tools.

Then download and run the DDS tool again. I don't think you're infected, but we'll take another look for you.

Download
DDS
and save it to your desktop

Disable any script blocker if your Anti-Virus/Anti-Malware has it.

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click
dds.scr
to run the tool.

When done, the
DDS.txt
will open.

Click Yes at the next prompt for Optional Scan.
    When done, DDS will open two (2) logs:

  1. DDS.txt
  2. Attach.txt

  • Save both reports to your desktop
  • Please include the following logs in your next reply:
    DDS.txt
    and
    Attach.txt

Link to post
Share on other sites

The scans were fine until this morning. I am having trouble updating malwarebytes. The update is going very slowly. I checked my speed and it is 13000.Is there something wrong with the site today? I cancelled the update.THen I restarted malwarebytes and itsaid it could not find the database. Did I want to find anupdated database.I said yes and now it seems to be stuck on 746/1621 kb.I cancelled again. When I restarted it got stuck on 270/1621.So I cant run malwarebytes. What should I do?

Link to post
Share on other sites

I uninstalled and reinstalled malwarebytes. I had the same thing with the update. I then uninstalled and reinstalled and ran without the update. It was clean. But I am worried about not being able to update malwarebytes. I updated ca today without any problem.

Link to post
Share on other sites

i HAVE THE SAME THING HAPPENING WITH MALWAREBYTES THAT i CANT UPDATE AGAIN. ALSO I FOUND AN EMPTY LOGGER FILE IN MY TEMP.

I looked at setupappi.app for today and found something very weird.

>>> [DIF_PROPERTYCHANGE - PCI\VEN_10DE&DEV_03EF&SUBSYS_2A6C103C&REV_A2\3&2411E6FE&0&38]

>>> Section start 2009/03/30 10:06:58.397

cmd: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

dvi: Using exported function 'NetClassInstaller' in module 'C:\Windows\system32\NetCfgx.dll'.

dvi: Class installer == NetCfgx.dll,NetClassInstaller

dvi: Using exported function 'NciDeviceInstall' in module 'C:\Windows\system32\nci.dll'.

dvi: CoInstaller 1 == nci.dll,NciDeviceInstall

dvi: Using exported function 'WlanDeviceClassCoInstaller' in module 'C:\Windows\system32\wlaninst.dll'.

dvi: CoInstaller 2 == wlaninst.dll,WlanDeviceClassCoInstaller

dvi: Using exported function 'FDCoInstaller' in module 'C:\Windows\system32\fdco2.dll'.

dvi: CoInstaller 3 == fdco2.dll,FDCoInstaller

dvi: Using exported function 'NVCoInstaller' in module 'C:\Windows\system32\nvconrm.dll'.

dvi: CoInstaller 4 == nvconrm.dll,NVCoInstaller

dvi: CoInstaller 1: Enter 10:06:58.585

dvi: CoInstaller 1: Exit

dvi: CoInstaller 2: Enter 10:06:58.585

dvi: CoInstaller 2: Exit

dvi: CoInstaller 3: Enter 10:06:58.585

dvi: CoInstaller 3: Exit

dvi: CoInstaller 4: Enter 10:06:58.663

dvi: CoInstaller 4: Exit

dvi: Class installer: Enter 10:06:58.678

dvi: Class installer: Exit

dvi: Default installer: Enter 10:06:58.678

dvi: {Change State}

dvi: Device Instance = 'PCI\VEN_10DE&DEV_03EF&SUBSYS_2A6C103C&REV_A2\3&2411E6FE&0&38'.

dvi: {DICS_ENABLE, DICS_FLAG_GLOBAL}

dvi: {Change State - exit}

dvi: Default installer: Exit

<<< Section end 2009/03/30 10:07:00.675

<<< [Exit status: SUCCESS]

>>> [DIF_PROPERTYCHANGE - PCI\VEN_10DE&DEV_03EF&SUBSYS_2A6C103C&REV_A2\3&2411E6FE&0&38]

>>> Section start 2009/03/30 10:07:00.675

cmd: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

dvi: CoInstaller 1: Enter 10:07:00.691

dvi: CoInstaller 1: Exit

dvi: CoInstaller 2: Enter 10:07:00.691

dvi: CoInstaller 2: Exit

dvi: CoInstaller 3: Enter 10:07:00.706

dvi: CoInstaller 3: Exit

dvi: CoInstaller 4: Enter 10:07:00.784

dvi: CoInstaller 4: Exit

dvi: Class installer: Enter 10:07:00.784

dvi: Class installer: Exit

dvi: Default installer: Enter 10:07:00.784

dvi: {Change State}

dvi: Device Instance = 'PCI\VEN_10DE&DEV_03EF&SUBSYS_2A6C103C&REV_A2\3&2411E6FE&0&38'.

dvi: {DICS_ENABLE, DICS_FLAG_CONFIGSPECIFIC}

dvi: {Change State - exit}

dvi: Default installer: Exit

<<< Section end 2009/03/30 10:07:00.800

<<< [Exit status: SUCCESS]

>>> [DIF_DESTROYPRIVATEDATA - PCI\VEN_10DE&DEV_03EF&SUBSYS_2A6C103C&REV_A2\3&2411E6FE&0&38]

>>> Section start 2009/03/30 10:07:00.956

cmd: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

dvi: CoInstaller 1: Enter 10:07:00.956

dvi: CoInstaller 1: Exit

dvi: CoInstaller 2: Enter 10:07:00.956

dvi: CoInstaller 2: Exit

dvi: CoInstaller 3: Enter 10:07:00.956

dvi: CoInstaller 3: Exit

dvi: CoInstaller 4: Enter 10:07:00.971

dvi: CoInstaller 4: Exit

dvi: Class installer: Enter 10:07:00.987

dvi: Class installer: Exit

<<< Section end 2009/03/30 10:07:00.987

<<< [Exit status: SUCCESS]

>>> [DIF_PROPERTYCHANGE - PCI\VEN_10DE&DEV_03EF&SUBSYS_2A6C103C&REV_A2\3&2411E6FE&0&38]

>>> Section start 2009/03/30 10:07:32.971

cmd: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

dvi: Using exported function 'NetClassInstaller' in module 'C:\Windows\system32\NetCfgx.dll'.

dvi: Class installer == NetCfgx.dll,NetClassInstaller

dvi: Using exported function 'NciDeviceInstall' in module 'C:\Windows\system32\nci.dll'.

dvi: CoInstaller 1 == nci.dll,NciDeviceInstall

dvi: Using exported function 'WlanDeviceClassCoInstaller' in module 'C:\Windows\system32\wlaninst.dll'.

dvi: CoInstaller 2 == wlaninst.dll,WlanDeviceClassCoInstaller

dvi: Using exported function 'FDCoInstaller' in module 'C:\Windows\system32\fdco2.dll'.

dvi: CoInstaller 3 == fdco2.dll,FDCoInstaller

dvi: Using exported function 'NVCoInstaller' in module 'C:\Windows\system32\nvconrm.dll'.

dvi: CoInstaller 4 == nvconrm.dll,NVCoInstaller

dvi: CoInstaller 1: Enter 10:07:33.096

dvi: CoInstaller 1: Exit

dvi: CoInstaller 2: Enter 10:07:33.111

dvi: CoInstaller 2: Exit

dvi: CoInstaller 3: Enter 10:07:33.111

dvi: CoInstaller 3: Exit

dvi: CoInstaller 4: Enter 10:07:33.189

dvi: CoInstaller 4: Exit

dvi: Class installer: Enter 10:07:33.189

dvi: Class installer: Exit

dvi: Default installer: Enter 10:07:33.189

dvi: {Change State}

dvi: Device Instance = 'PCI\VEN_10DE&DEV_03EF&SUBSYS_2A6C103C&REV_A2\3&2411E6FE&0&38'.

dvi: {DICS_ENABLE, DICS_FLAG_GLOBAL}

dvi: {Change State - exit}

dvi: Default installer: Exit

<<< Section end 2009/03/30 10:07:35.139

<<< [Exit status: SUCCESS]

>>> [DIF_PROPERTYCHANGE - PCI\VEN_10DE&DEV_03EF&SUBSYS_2A6C103C&REV_A2\3&2411E6FE&0&38]

>>> Section start 2009/03/30 10:07:35.139

cmd: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

dvi: CoInstaller 1: Enter 10:07:35.202

dvi: CoInstaller 1: Exit

dvi: CoInstaller 2: Enter 10:07:35.217

dvi: CoInstaller 2: Exit

dvi: CoInstaller 3: Enter 10:07:35.233

dvi: CoInstaller 3: Exit

dvi: CoInstaller 4: Enter 10:07:35.373

dvi: CoInstaller 4: Exit

dvi: Class installer: Enter 10:07:35.389

dvi: Class installer: Exit

dvi: Default installer: Enter 10:07:35.405

dvi: {Change State}

dvi: Device Instance = 'PCI\VEN_10DE&DEV_03EF&SUBSYS_2A6C103C&REV_A2\3&2411E6FE&0&38'.

dvi: {DICS_ENABLE, DICS_FLAG_CONFIGSPECIFIC}

dvi: {Change State - exit}

dvi: Default installer: Exit

<<< Section end 2009/03/30 10:07:35.436

<<< [Exit status: SUCCESS]

>>> [DIF_DESTROYPRIVATEDATA - PCI\VEN_10DE&DEV_03EF&SUBSYS_2A6C103C&REV_A2\3&2411E6FE&0&38]

>>> Section start 2009/03/30 10:07:35.654

cmd: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

dvi: CoInstaller 1: Enter 10:07:35.654

dvi: CoInstaller 1: Exit

dvi: CoInstaller 2: Enter 10:07:35.654

dvi: CoInstaller 2: Exit

dvi: CoInstaller 3: Enter 10:07:35.670

dvi: CoInstaller 3: Exit

dvi: CoInstaller 4: Enter 10:07:35.685

dvi: CoInstaller 4: Exit

dvi: Class installer: Enter 10:07:35.685

dvi: Class installer: Exit

<<< Section end 2009/03/30 10:07:35.685

<<< [Exit status: SUCCESS]

cci: NCI: 6to4svc.dll asking for write lock.

cci: NCI: 6to4svc.dll acquired write lock.

cci: NCI: Write lock released.

flq: {SPFILENOTIFY_CABINETINFO}

flq: {SPFILENOTIFY_CABINETINFO - exit(0x00000000)}

flq: {SPFILENOTIFY_FILEEXTRACTED}

flq: {SPFILENOTIFY_FILEEXTRACTED - exit(0x00000000)}

flq: {SPFILENOTIFY_CABINETINFO}

flq: {SPFILENOTIFY_CABINETINFO - exit(0x00000000)}

flq: {SPFILENOTIFY_FILEEXTRACTED}

flq: {SPFILENOTIFY_FILEEXTRACTED - exit(0x00000000)}

flq: {SPFILENOTIFY_CABINETINFO}

flq: {SPFILENOTIFY_CABINETINFO - exit(0x00000000)}

flq: {SPFILENOTIFY_FILEEXTRACTED}

flq: {SPFILENOTIFY_FILEEXTRACTED - exit(0x00000000)}

cci: NCI: 6to4svc.dll asking for write lock.

cci: NCI: 6to4svc.dll acquired write lock.

cci: NCI: Write lock released.

>>> [DIF_PROPERTYCHANGE - PCI\VEN_10DE&DEV_03EF&SUBSYS_2A6C103C&REV_A2\3&2411E6FE&0&38]

>>> Section start 2009/03/30 14:35:48.904

cmd: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

dvi: Using exported function 'NetClassInstaller' in module 'C:\Windows\system32\NetCfgx.dll'.

dvi: Class installer == NetCfgx.dll,NetClassInstaller

dvi: Using exported function 'NciDeviceInstall' in module 'C:\Windows\system32\nci.dll'.

dvi: CoInstaller 1 == nci.dll,NciDeviceInstall

dvi: Using exported function 'WlanDeviceClassCoInstaller' in module 'C:\Windows\system32\wlaninst.dll'.

dvi: CoInstaller 2 == wlaninst.dll,WlanDeviceClassCoInstaller

dvi: Using exported function 'FDCoInstaller' in module 'C:\Windows\system32\fdco2.dll'.

dvi: CoInstaller 3 == fdco2.dll,FDCoInstaller

dvi: Using exported function 'NVCoInstaller' in module 'C:\Windows\system32\nvconrm.dll'.

dvi: CoInstaller 4 == nvconrm.dll,NVCoInstaller

dvi: CoInstaller 1: Enter 14:35:49.124

dvi: CoInstaller 1: Exit

dvi: CoInstaller 2: Enter 14:35:49.132

dvi: CoInstaller 2: Exit

dvi: CoInstaller 3: Enter 14:35:49.139

dvi: CoInstaller 3: Exit

dvi: CoInstaller 4: Enter 14:35:49.230

dvi: CoInstaller 4: Exit

dvi: Class installer: Enter 14:35:49.237

dvi: Class installer: Exit

dvi: Default installer: Enter 14:35:49.244

dvi: {Change State}

dvi: Device Instance = 'PCI\VEN_10DE&DEV_03EF&SUBSYS_2A6C103C&REV_A2\3&2411E6FE&0&38'.

dvi: {DICS_ENABLE, DICS_FLAG_GLOBAL}

dvi: {Change State - exit}

dvi: Default installer: Exit

<<< Section end 2009/03/30 14:35:50.437

<<< [Exit status: SUCCESS]

>>> [DIF_PROPERTYCHANGE - PCI\VEN_10DE&DEV_03EF&SUBSYS_2A6C103C&REV_A2\3&2411E6FE&0&38]

>>> Section start 2009/03/30 14:35:50.441

cmd: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

dvi: CoInstaller 1: Enter 14:35:50.466

dvi: CoInstaller 1: Exit

dvi: CoInstaller 2: Enter 14:35:50.481

dvi: CoInstaller 2: Exit

dvi: CoInstaller 3: Enter 14:35:50.488

dvi: CoInstaller 3: Exit

dvi: CoInstaller 4: Enter 14:35:50.595

dvi: CoInstaller 4: Exit

dvi: Class installer: Enter 14:35:50.604

dvi: Class installer: Exit

dvi: Default installer: Enter 14:35:50.615

dvi: {Change State}

dvi: Device Instance = 'PCI\VEN_10DE&DEV_03EF&SUBSYS_2A6C103C&REV_A2\3&2411E6FE&0&38'.

dvi: {DICS_ENABLE, DICS_FLAG_CONFIGSPECIFIC}

dvi: {Change State - exit}

dvi: Default installer: Exit

<<< Section end 2009/03/30 14:35:50.641

<<< [Exit status: SUCCESS]

>>> [DIF_DESTROYPRIVATEDATA - PCI\VEN_10DE&DEV_03EF&SUBSYS_2A6C103C&REV_A2\3&2411E6FE&0&38]

>>> Section start 2009/03/30 14:35:50.809

cmd: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

dvi: CoInstaller 1: Enter 14:35:50.812

dvi: CoInstaller 1: Exit

dvi: CoInstaller 2: Enter 14:35:50.826

dvi: CoInstaller 2: Exit

dvi: CoInstaller 3: Enter 14:35:50.834

dvi: CoInstaller 3: Exit

dvi: CoInstaller 4: Enter 14:35:50.850

dvi: CoInstaller 4: Exit

dvi: Class installer: Enter 14:35:50.856

dvi: Class installer: Exit

<<< Section end 2009/03/30 14:35:50.867

<<< [Exit status: SUCCESS]

>>> [DIF_PROPERTYCHANGE - PCI\VEN_10DE&DEV_03EF&SUBSYS_2A6C103C&REV_A2\3&2411E6FE&0&38]

>>> Section start 2009/03/30 14:39:39.425

cmd: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

dvi: Using exported function 'NetClassInstaller' in module 'C:\Windows\system32\NetCfgx.dll'.

dvi: Class installer == NetCfgx.dll,NetClassInstaller

dvi: Using exported function 'NciDeviceInstall' in module 'C:\Windows\system32\nci.dll'.

dvi: CoInstaller 1 == nci.dll,NciDeviceInstall

dvi: Using exported function 'WlanDeviceClassCoInstaller' in module 'C:\Windows\system32\wlaninst.dll'.

dvi: CoInstaller 2 == wlaninst.dll,WlanDeviceClassCoInstaller

dvi: Using exported function 'FDCoInstaller' in module 'C:\Windows\system32\fdco2.dll'.

dvi: CoInstaller 3 == fdco2.dll,FDCoInstaller

dvi: Using exported function 'NVCoInstaller' in module 'C:\Windows\system32\nvconrm.dll'.

dvi: CoInstaller 4 == nvconrm.dll,NVCoInstaller

dvi: CoInstaller 1: Enter 14:39:39.565

dvi: CoInstaller 1: Exit

dvi: CoInstaller 2: Enter 14:39:39.572

dvi: CoInstaller 2: Exit

dvi: CoInstaller 3: Enter 14:39:39.579

dvi: CoInstaller 3: Exit

dvi: CoInstaller 4: Enter 14:39:39.670

dvi: CoInstaller 4: Exit

dvi: Class installer: Enter 14:39:39.679

dvi: Class installer: Exit

dvi: Default installer: Enter 14:39:39.693

dvi: {Change State}

dvi: Device Instance = 'PCI\VEN_10DE&DEV_03EF&SUBSYS_2A6C103C&REV_A2\3&2411E6FE&0&38'.

dvi: {DICS_ENABLE, DICS_FLAG_GLOBAL}

dvi: {Change State - exit}

dvi: Default installer: Exit

<<< Section end 2009/03/30 14:39:41.438

<<< [Exit status: SUCCESS]

>>> [DIF_PROPERTYCHANGE - PCI\VEN_10DE&DEV_03EF&SUBSYS_2A6C103C&REV_A2\3&2411E6FE&0&38]

>>> Section start 2009/03/30 14:39:41.445

cmd: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

dvi: CoInstaller 1: Enter 14:39:41.479

dvi: CoInstaller 1: Exit

dvi: CoInstaller 2: Enter 14:39:41.495

dvi: CoInstaller 2: Exit

dvi: CoInstaller 3: Enter 14:39:41.505

dvi: CoInstaller 3: Exit

dvi: CoInstaller 4: Enter 14:39:41.798

dvi: CoInstaller 4: Exit

dvi: Class installer: Enter 14:39:41.823

dvi: Class installer: Exit

dvi: Default installer: Enter 14:39:41.854

dvi: {Change State}

dvi: Device Instance = 'PCI\VEN_10DE&DEV_03EF&SUBSYS_2A6C103C&REV_A2\3&2411E6FE&0&38'.

dvi: {DICS_ENABLE, DICS_FLAG_CONFIGSPECIFIC}

dvi: {Change State - exit}

dvi: Default installer: Exit

<<< Section end 2009/03/30 14:39:41.960

<<< [Exit status: SUCCESS]

>>> [DIF_DESTROYPRIVATEDATA - PCI\VEN_10DE&DEV_03EF&SUBSYS_2A6C103C&REV_A2\3&2411E6FE&0&38]

>>> Section start 2009/03/30 14:39:42.646

cmd: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

dvi: CoInstaller 1: Enter 14:39:42.662

dvi: CoInstaller 1: Exit

dvi: CoInstaller 2: Enter 14:39:42.696

dvi: CoInstaller 2: Exit

dvi: CoInstaller 3: Enter 14:39:42.720

dvi: CoInstaller 3: Exit

dvi: CoInstaller 4: Enter 14:39:42.765

dvi: CoInstaller 4: Exit

dvi: Class installer: Enter 14:39:42.795

dvi: Class installer: Exit

<<< Section end 2009/03/30 14:39:42.810

<<< [Exit status: SUCCESS]

cci: NCI: 6to4svc.dll asking for write lock.

cci: NCI: 6to4svc.dll acquired write lock.

cci: NCI: Write lock released.

cci: NCI: 6to4svc.dll asking for write lock.

cci: NCI: 6to4svc.dll acquired write lock.

cci: NCI: Write lock released.

Link to post
Share on other sites

  • Root Admin

Please just empty your System Restore as shown before. Empty the MBAM and CA quarantine areas.

Maybe run the CCleaner again and reboot, then run an MBAM and CA scan to ensure it finds nothing still.

Then make sure you have all the latest Microsoft Windows CRITICAL UPDATES installed on the system..

Then review again the details for some of the software that can potentially help prevent infections.

Link to post
Share on other sites

  • Root Admin

We can probably do a manual removal but please take a look at these posting to see if it helps at all first.

Make sure you backup your Registry and System Files before making changes though.

NOTE I have not tried these fixes, so you you need to make sure you do backup stuff first.

Flash Player Installed -Status Unknown

How to remove {8FFBE65D-2C9C-4669-84BD-5829D

Link to post
Share on other sites

Before I do anything. I have to tellyou what I found now. Temp1_vista_tools_icons.zip in my user temp file. All tools are in there. Is someone accessing my computer?

I cannot find this C:\Windows\Downloaded Program Files\*erma.inf

I ran windows live one care safety cleaner Should I still run cc cleaner? I delete my user temp and windows temp files daily.

Link to post
Share on other sites

  • Root Admin

Yes please go ahead and run the CCleaner as shown. When you say your user temp folder what is the FULL path to that?

It could just be a left over file from some installer or updater. As I mentioned to you before it's normal for the %temp% folder to add/remove files as you use the computer and in most cases your file settings should be set to hidden which then doesn't show some of that activity. Some like it some don't so up to you to hide or not.

Are you using a Router and if so is it connected to other computers as well?

Link to post
Share on other sites

C RONNI APPDATA LOCAL TEMP is the user temp

YES I am using a router with other computers on it. But they are running xp and no body was on the computer but me yesterday.

Today I found a folder which was empty called ppcrlui_1724_2.ui' Also a folder called 0x6CEBF7E8. the file I found yesterday was created yesterday.

Link to post
Share on other sites

Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.

this was in my event log.Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. This was also in my event log.

There are also may other things.

Link to post
Share on other sites

  • Root Admin

WMI can potentially be a very complex issue to resolve if it's not working correctly.

In general as I said I don't think you're infected right now. You might have been at one time and many tidbits of data could have been left behind from the cleanup process from different applications.

No you don't have to run CCleaner if you don't want to.

I would highly suggest using ERUNT though. Excellent tool for backups of the Registry.

Then use another online scanner like NOD32 or Kaspersky, or Panda. You could also use the Dr Web CureIt and let them all check the system too to help alleviate any concerns you may have.

Thanks.

Link to post
Share on other sites

  • Root Admin

Topic closed. System does not appear to be infected.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.