Lately, I have known some strange activity going on with my Windows Xp. Firstly, when I ran an application that worked all the time, it suddenly gave me "The Application failed to initiliaze cx0005" error. Of what I know of this is caused by errors in my operating system. I was trying to figure out why this had happened on this program i use all the time. On another clean windows, I tested programs such as rootkit unhooker, process explorer and process monitor and others like Malware bytes. Malware bytes could not pick up anything, nor did any other antivirus programs.
On process monitor, on the infected PC, i noticed something strange. Winlogon was using the index.dat file in system32/config/ file somewhere that wouldn't of happened on a normal PC. It also pointed to an unknown stack when i looked in the properties of the file. Another thing is that the service Shared Access has been added with the "/??/C:/Windows/system32/winlogon.exe" key as approved for the firewall.It seems like winlogon has probably been infected by a virus (but not the file itself. the file has not being modified.).
I tested GMER, a utility to detect rootkits and as it was analysing my PC crashed with the bluescreen. On safe mode it did the same but it picked up some results before crashing. I saved it in a log file (i may post it later).
I forgot to mention I used system restore to reverse changes but the errors persisted.
Can someone please reply so that I can fix this error, and so if it happens in the future, i'll know what to do to fix it.
Edited by hamluis, 03 June 2013 - 10:18 AM.
Moved from XP to Am I Infected - Hamluis.