Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by forka

  1. Still no go. In the "Event Viewer" this is the Error that appears: ______________ Faulting application qbw32.exe, version 17.0.4001.1077, time stamp 0x4746a34b, faulting module MSVCR80.dll, version 8.0.50727.1434, time stamp 0x4757746d, exception code 0xc000000d, fault offset 0x00047780, process id 0x13d4, application start time 0x01c950c2d1884cd0. ______________ I tried to do a search on it but no clear solutions...
  2. Hey, thanks I ran that software. Seems it helped with the Illustrator registry warning, but no change for QuickBooks.
  3. I actually did, but a little too late it seems. When I went into it there were only 7 restore points, which were all after the fact. When I tried uninstalling the new Windows updates and installing them again it created new restore points for each overwriting everything prior. I guess I didn't have enough disk space to keep more. Unless there is a way a retrieve earlier points?
  4. Thanks for reviewing the log and confirming it. I did do a reboot and even reinstalled the program a couple of times but it simply refuses to behave as it did. It would start loading and crash just as the splash screen comes on. Unfortunately I don't get any helpful errors either, just the standard "program stopped working" I know the program worked just before I got the virus ( I've used it in the morning of that day ). So I'm thinking either the virus or SAS changed something that was important to it. Incidentally Windows also had to install updates the same night, so lots of factors came in at once. I tried uninstalling those updates, but didn't make a difference. I imagine this will be hard to track now. I've tried various searches on Google and people do report similar issues with those programs but in completely different scenarios that don't necessarily involve malware. Anyhow, I wanted to rule out the quarantined items, which I did now. So I'll have to dig into something to resolve the crashing. cheers
  5. Thank you for the response. I just wasn't sure if this was the right place to post logs. Here it is below. I simply want to verify if this is all bad stuff I can remove permanently or some of it got there by mistake. I can't run QuickBooks right now. And I get a warning when launching Illustrator CS3 that registry was not found in the expected state but at least the app seems to run. This may very well have to do with something else. But since I just did this clean-up and started having issues, I figured something might have interfered. ++++++++++++++++++ SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 11/26/2008 at 00:58 AM Application Version : 4.22.1014 Core Rules Database Version : 3653 Trace Rules Database Version: 1635 Scan type : Complete Scan Total Scan Time : 01:13:03 Memory items scanned : 309 Memory threats detected : 1 Registry items scanned : 5851 Registry threats detected : 11 File items scanned : 53624 File threats detected : 20 Trojan.Dropper/Gen C:\USERS\ANNA\APPDATA\LOCAL\TEMP\WINLOGGN.EXE C:\USERS\ANNA\APPDATA\LOCAL\TEMP\WINLOGGN.EXE [xsjfn83jkemfofght] C:\USERS\ANNA\APPDATA\LOCAL\TEMP\WINLOGGN.EXE [xsjfn83jkemfofght] C:\USERS\ANNA\APPDATA\LOCAL\TEMP\WINLOGGN.EXE HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5BF49A2-94F1-42BD-F434-3604812C807D} HKCR\CLSID\{D5BF49A2-94F1-42BD-F434-3604812C807D} HKCR\CLSID\{D5BF49A2-94F1-42BD-F434-3604812C807D} HKCR\CLSID\{D5BF49A2-94F1-42BD-F434-3604812C807D}#ThreadingModel HKCR\CLSID\{D5BF49A2-94F1-42BD-F434-3604812C807D}\InProcServer32 HKCR\CLSID\{D5BF49A2-94F1-42BD-F434-3604812C807D}\InProcServer32#ThreadingModel C:\WINDOWS\SYSWOW64\JHSRF832JBNEFE.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{D5BF49A2-94F1-42BD-F434-3604812C807D} HKU\S-1-5-21-1117240473-2580913285-1194660769-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D5BF49A2-94F1-42BD-F434-3604812C807D} C:\USERS\ANNA\APPDATA\LOCAL\TEMP\LOW\3301011664.EXE C:\USERS\ANNA\APPDATA\LOCAL\TEMP\LOW\3330700048.EXE C:\USERS\ANNA\APPDATA\LOCAL\TEMP\UPDATER.EXE C:\Windows\Prefetch\3330700048.EXE-D66E40A2.pf C:\Windows\Prefetch\UPDATER.EXE-1072ACC9.pf Trojan.Csrssc/Systemc-B [Jnskdfmf9eldfd] C:\USERS\ANNA\APPDATA\LOCAL\TEMP\CSRSSC.EXE C:\USERS\ANNA\APPDATA\LOCAL\TEMP\CSRSSC.EXE C:\USERS\ANNA\APPDATA\LOCAL\TEMP\LOW\CSRSSC.EXE C:\Windows\Prefetch\CSRSSC.EXE-A5EE2DF3.pf C:\Windows\Prefetch\CSRSSC.EXE-D1572C55.pf Trojan.DNSChanger-Codec C:\Users\anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\homeview C:\Users\anna\Start Menu\Programs\homeview Trojan.SystemDriver C:\COMBOFIX\CREG.DAT Trojan.Dropper/Gen-Stub C:\USERS\ANNA\APPDATA\LOCAL\TEMP\CODEC.EXE C:\USERS\ANNA\APPDATA\LOCAL\TEMP\IS162815.EXE Trojan.Zlob/Media-Codec C:\USERS\ANNA\APPDATA\LOCAL\TEMP\MEDIACODEC.EXE Trojan.BotNet/Dropper C:\USERS\ANNA\APPDATA\LOCAL\TEMP\TMP51A9.TMP Trojan.Unclassified/GadCom C:\USERS\ANNA\APPDATA\ROAMING\GADCOM\GADCOM.EXE Trojan.System32 C:\WINDOWS\SYSTEM32.EXE
  6. Hi, I just got SAS and run my first scan because I knew I got infected. My previous AntiSpyware couldn't get rid of it but SAS detected a bunch of stuff and I quarantined all of it. However, some of my apps won't start now or there'd be a warning saying that the registry was not found in the expected state or something. The registry was in fact disabled by something ( not sure if it was by SAS or by the malware ) but I have enabled it after the clean-up. Still having issues though. I'm wondering if there's anyone in the support team or otherwise that can review my log and tell me if some of the files that were quarantined are benign. For example "System32.exe" got quarantined, though to me it sounds like a legit file... I'm on Vista. Thanks
  • Create New...