Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Likely infected > unable to open or use any applications

04 Dec 2014   #1
bonoz

Microsoft Windows 7 Professional 64-bit 7601 Multiprocessor Free Service Pack 1
 
 
Likely infected > unable to open or use any applications

Hi all - I am having some major issues with my PC and I think I may be infected.

Problem: Two days ago, suddenly all my programs crash and my windows takes me straight to desktop. Then, I am unable to open any programs (such as chrome, IE, Firefox, Spotify, Far cry, etc. etc.) but I am able to open Word and Outlook.

I then get the below errors every other minute, without doing anything. I also noticed that my ‘control panel’ is shows ‘empty’ (see pictures).

When I try to restart the computer, I am greeted with the first image below everytime on start up. And then I get other errors similar to that showing up every other minute or so.
When I try to restart the computer in SAFEMODE, my taskbar or desktop does not appear – just a black screen with a mouse pointer.
I somehow managed to start the computer in SAFEMODE w/ Command Prompt. This allowed me to run Kaspersky virus removal tool, which managed to remove about 22 threats. But the problem persists. I also ran the Microsoft anti-virus software which managed to find nothing on full scan.
I also somehow managed to run a TrendMicro HijackThis (see below).

So the current problems are: Every time I boot, I am presented with below error messages upon log-on. I am also unable to launch any applications such as Chrome, Firefox, IE, Spotify, any video games, or any of the antivirus programs. This makes things difficult as I cannot run any anti-virus stuff without having to go to SAFEMODE WITH COMMAND PROMPT and try to run it from prompt.

Please help. I use my PC for everything so this is obviously causing me a lot of stress. Thanks very much.

Specs:
Windows 7 x64
Thinkpad X220 laptop
12 GB ram
128 GB SSD hard drive
Intel CPU (don’t remember which one)
I’m a fairly typical user: word processing, internet, some graphic design, some gaming, some mathematical analysis.

HijackThis log:

Code:
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 9:48:53 AM, on 12/4/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17420)
 
FIREFOX: 32.0.1 (x86 en-US)
Boot mode: Safe mode
 
Running processes:
F:\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = msn
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = msn
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O1 - Hosts: 195.162.68.60 Google Analytics Official Website .
O1 - Hosts: 195.162.68.60 google-analytics.com.
O1 - Hosts: 195.162.68.60 connect.facebook.net.
O1 - Hosts: 192.95.55.228 Google Analytics Official Website .
O1 - Hosts: 192.95.55.228 google-analytics.com.
O1 - Hosts: 192.95.55.228 connect.facebook.net.
O1 - Hosts: 192.99.206.114 Google Analytics Official Website .
O1 - Hosts: 192.99.206.114 google-analytics.com.
O1 - Hosts: 192.99.206.114 connect.facebook.net.
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [BrowserPlugInHelper] C:\Program Files (x86)\Wondershare\Video Converter Ultimate\BrowserPlugInHelper.exe
O4 - HKLM\..\Run: [Syncios device service] C:\Program Files (x86)\Syncios\SynciosDeviceService.exe
O4 - HKLM\..\Run: [PWMTRV] rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [C:\Program Files (x86)\Shutter\Shutter.exe] C:\Program Files (x86)\Shutter\Shutter.exe
O4 - HKLM\..\Run: [TSMResident] "C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMRESIDENT.EXE" /r
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Lights-Out Client.lnk = C:\Program Files\Windows Server\Bin\LightsOutClientGui.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{104BF5F1-4EE4-408F-98FA-E1EC46E52D3A}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{7980EDBB-5526-4983-AF96-936F7AC77B4D}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D05486C-1F75-4D1A-8DEA-4B46A06710F8}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1BB2938-61B5-447D-A1DA-09A1EAB4CD29}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5A407C7-6E26-4CFB-93C6-B2E407785A26}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD102EFB-86FC-4C19-BF94-5D2D8536F565}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2024E1F-B7CD-46F2-96C1-F9E72293ED7A}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{104BF5F1-4EE4-408F-98FA-E1EC46E52D3A}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{104BF5F1-4EE4-408F-98FA-E1EC46E52D3A}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Unknown owner - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASR Service (ASRSVC) - Lenovo Group Limited - C:\Program Files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @C:\Program Files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_core.dll,-101 (chromoting) - Google Inc. - C:\Program Files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @C:\Windows\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\Windows\system32\CxAudMsg64.exe (file missing)
O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Lenovo PM Service (IBMPMSVC) - Unknown owner - C:\Windows\system32\ibmpmsvc.exe (file missing)
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Lights-Out Client Service (LoClntService) - AxoNet Software GmbH - C:\Program Files\Windows Server\bin\LightsOutClientService.exe
O23 - Service: LSCWinService - Unknown owner - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
O23 - Service: lxeeCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\x64\3\\lxeeserv.exe
O23 - Service: lxee_device - - C:\Windows\system32\lxeecoms.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: moodleApache - Unknown owner - C:\BitNami\MOODLE~1.1-0\apache2\bin\httpd.exe (file missing)
O23 - Service: moodleMySQL - Unknown owner - C:\BitNami\moodle-2.6.1-0\mysql\bin\mysqld.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\NLSSRV32.EXE
O23 - Service: Power Manager Service (Power Manager DBC Service) - Lenovo - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cisco EnergyWise Enabler (PwmEWSvc) - Lenovo Group Limited - C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\Windows\system32\SAsrv.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Screen Reading Optimizer Service Program (SROSVC) - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
O23 - Service: System Update (SUService) - Unknown owner - C:\Program Files (x86)\Lenovo\System Update\SUService.exe
O23 - Service: TabletServiceISD - Wacom Technology, Corp. - C:\Program Files\Tablet\ISD\ISD_Tablet.exe
O23 - Service: TABLET Service (TabletSVC) - Lenovo Group Limited - C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: Wacom ISD Touch Service (TouchServiceISD) - Wacom Technology, Corp. - C:\Program Files\Tablet\ISD\ISD_TouchService.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Unknown owner - C:\Windows\System32\TPHDEXLG64.exe (file missing)
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 16586 bytes


Images of errors and issues:
Likely infected > unable to open or use any applications-1.jpg
Likely infected > unable to open or use any applications-2.jpg
Likely infected > unable to open or use any applications-3.jpg
Likely infected > unable to open or use any applications-4.jpg




My System SpecsSystem Spec
.
04 Dec 2014   #2
Gator

Dual Boot: Windows 8.1 & Server 2012r2 VMs: Kali Linux, Backbox, Matriux, Windows 8.1
 
 

Hi Boboz,

Can you boot into Safe Mode and see if the problems still persist?
My System SpecsSystem Spec
04 Dec 2014   #3
bonoz

Microsoft Windows 7 Professional 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Quote   Quote: Originally Posted by Gator View Post
Hi Boboz,

Can you boot into Safe Mode and see if the problems still persist?
Thanks for your message. When I boot into safe mode, I don't get the error messages and I am able to launch applocations that would otherwise not work in normal startup. However, this is only with the command prompt one. Regular safe mode doesn't give me a start menu or a taskbar.
My System SpecsSystem Spec
.

04 Dec 2014   #4
Tookeri

Windows 7 Pro 32
 
 

One of my previous posts would explain why only Safe mode with command prompt works:

Quote:
Safe Mode doesn't process the Run and RunOnce registry keys. One additional startup method is the Winlogon Shell, but that is also skipped if you choose Safe Mode with Command Prompt. So that's the safest Safe Mode option, but requires the user to know how to start an application.
Since you seem to have a problem with exe files I'm guessing your PC might have been modified to run an additional program every time you try to run an exe file. You can run these commands to check:
reg query "HKLM\Software\Classes\exefile\shell\open\command"
reg query "HKCR\exefile\shell\open\command"
A normal value should be "%1" %* (at the end of the printed lines)

Mine shows:
C:\>reg query "HKLM\Software\Classes\exefile\shell\open\command"

HKEY_LOCAL_MACHINE\Software\Classes\exefile\shell\open\command
(Default) REG_SZ "%1" %*
IsolatedCommand REG_SZ "%1" %*


C:\>reg query "HKCR\exefile\shell\open\command"

HKEY_CLASSES_ROOT\exefile\shell\open\command
(Default) REG_SZ "%1" %*
IsolatedCommand REG_SZ "%1" %*

If you find anything else there you could use regedit to change the value back to the default value, but it's probably a better idea boot with a USB Flash drive containing malware cleaning software like for example Windows Defender Offline and others, which you'll have to create on a clean computer.
My System SpecsSystem Spec
04 Dec 2014   #5
bonoz

Microsoft Windows 7 Professional 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Quote   Quote: Originally Posted by Tookeri View Post
One of my previous posts would explain why only Safe mode with command prompt works:

Quote:
Safe Mode doesn't process the Run and RunOnce registry keys. One additional startup method is the Winlogon Shell, but that is also skipped if you choose Safe Mode with Command Prompt. So that's the safest Safe Mode option, but requires the user to know how to start an application.
Since you seem to have a problem with exe files I'm guessing your PC might have been modified to run an additional program every time you try to run an exe file. You can run these commands to check:
reg query "HKLM\Software\Classes\exefile\shell\open\command"
reg query "HKCR\exefile\shell\open\command"
A normal value should be "%1" %* (at the end of the printed lines)

Mine shows:
C:\>reg query "HKLM\Software\Classes\exefile\shell\open\command"

HKEY_LOCAL_MACHINE\Software\Classes\exefile\shell\open\command
(Default) REG_SZ "%1" %*
IsolatedCommand REG_SZ "%1" %*


C:\>reg query "HKCR\exefile\shell\open\command"

HKEY_CLASSES_ROOT\exefile\shell\open\command
(Default) REG_SZ "%1" %*
IsolatedCommand REG_SZ "%1" %*

If you find anything else there you could use regedit to change the value back to the default value, but it's probably a better idea boot with a USB Flash drive containing malware cleaning software like for example Windows Defender Offline and others, which you'll have to create on a clean computer.
Thanks for your response. My registry entries are all normal (i.e., what you posted).

Any other thoughts?

I am in the process of booting my PC with Hitman Pro.
My System SpecsSystem Spec
04 Dec 2014   #6
cottonball

Windows 7 Home Premium
 
 

bonoz,

There are some strange IP addresses showing there...seem to be originating in Russia.
Malware may be a player in what is going on.

See if you can do the following...

You may want to print these instructions so you can have access to them.
Also, you may want to read them once before you apply them.

Please plug in a USB pen drive into a clean working computer.

Go to the Farbar Recovery Scan Tool Download
Farbar Recovery Scan Tool Download
Select the download that applies to your system: 64-bit
Save the program to the >> USB pen drive.
Remove USB pen drive when done.

Now, go to the problem computer.
Plug in the USB pen drive which has FRST64.

Start the computer, and tap the F8 key until you get to the Advanced Boot Options
Use the arrow keys to select the Repair your computer menu item

From there...
Select your language settings, and click: Next
Select your User account and click: OK (If you did not set a password, leave blank.)

On the System Recovery Options you get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Scan your computer's memory for errors
Command Prompt

Select: Command Prompt

In the Command Prompt window, at the blinking cursor type notepad and press: Enter
In Notepad, under the File menu select: Open
Double-click the Computer icon on the left.
Find the pen drive letter, remember what letter it is, click on it, and press: Open
Close out of Notepad.

Click the Command Prompt window
Type x:\frst64.exe, and press: Enter
Note: Replace the drive letter x with the drive letter of your pen drive!

FRST starts, and prepares to run. Follow the prompts.
Click Yes to the Disclaimer.

Press the Scan button.

The scan runs, and, the program saves the FRST.txt, on the pen drive.

When done, click the Command Prompt window, type exit, and press: Enter

Back at the System Recovery Options, press: Shutdown
Remove the USB pen drive.

Please plug the USB pen drive in the working computer, and please provide the FRST.txt in your reply.


Thanks!


.
My System SpecsSystem Spec
04 Dec 2014   #7
bonoz

Microsoft Windows 7 Professional 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Thanks for your response. I was able to run FRST. Here you go.

I had to post it online somewhere because it was too much text for this response apparently:

http://m.uploadedit.com/b043/1417708333529.txt
My System SpecsSystem Spec
04 Dec 2014   #8
RogerR

7 x64 Ultimate
 
 

Can you run chkdsk from safe mode?

Disk Check tutorial
My System SpecsSystem Spec
04 Dec 2014   #9
cottonball

Windows 7 Home Premium
 
 

bonoz,

There are some 01 and 017 entries showing in the HijackThis log posted earlier.
Ignore these if you knowingly placed these entries in your Hosts file. Some of them point to a Canadian IP, others to Russian IP:

O1 - Hosts: ::1 localhost
O1 - Hosts: 195.162.68.60 Google Analytics Official Website .
O1 - Hosts: 195.162.68.60 google-analytics.com.
O1 - Hosts: 195.162.68.60 connect.facebook.net.
O1 - Hosts: 192.95.55.228 Google Analytics Official Website .
O1 - Hosts: 192.95.55.228 google-analytics.com.
O1 - Hosts: 192.95.55.228 connect.facebook.net.
O1 - Hosts: 192.99.206.114 Google Analytics Official Website .
O1 - Hosts: 192.99.206.114 google-analytics.com.
O1 - Hosts: 192.99.206.114 connect.facebook.net.

If you did not place these entries in your Hosts file, then, run HijckThis, Scan, check box for the entries above, and select: Fix checked


On the 017 entries, they look like Google Public DNS. Is that the case?

O17 - HKLM\System\CCS\Services\Tcpip\..\{104BF5F1-4EE4-408F-98FA-E1EC46E52D3A}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{7980EDBB-5526-4983-AF96-936F7AC77B4D}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8. 8.8,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D05486C-1F75-4D1A-8DEA-4B46A06710F8}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8. 8.8,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1BB2938-61B5-447D-A1DA-09A1EAB4CD29}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8. 8.8,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5A407C7-6E26-4CFB-93C6-B2E407785A26}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8. 8.8,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD102EFB-86FC-4C19-BF94-5D2D8536F565}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8. 8.8,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2024E1F-B7CD-46F2-96C1-F9E72293ED7A}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8. 8.8,8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{104BF5F1-4EE4-408F-98FA-E1EC46E52D3A}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{104BF5F1-4EE4-408F-98FA-E1EC46E52D3A}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

In this section HijackThis checks various keys in Registry hive [HKEY LOCAL MACHINE] for specific values which help windows to resolve domain names into IP addresses. Hijacking these values can cause the programs which uses the Internet to be redirected to malicious sites. Some versions of malware use this
methodology.

However, these entries may be used by your ISP, your company network, and other legit entities. If that is the case, removing a needed 017 entry may break Internet connectivity.

Is there any reason why you started a new topic?
My System SpecsSystem Spec
04 Dec 2014   #10
cottonball

Windows 7 Home Premium
 
 

On the above (chkdsk), tap the F8 key when the PC starts until the Advanced Boot Options appears

Select: Safe Mode with Command Prompt




Would also consider running System File Checker.

It will run in Safe Mode with Command Prompt also.


Type: sfc/scannow


My System SpecsSystem Spec
Reply

 Likely infected > unable to open or use any applications




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Unable to open applications, also have no sound...
I have a serious problem with my computer. It all happened around the time of a routine Windows Update... As of this morning I am unable to open most applications. For instance, if I attempt to open Microsoft Office I receive a popup: "preparing to install..", then: "error 1719- The Windows...
General Discussion
Some programs, functions and applications unable to run
I am using a Windows 7 64-bit laptop. I have been facing this problem for quite some time now, but did not bother to solve it. When I click on some of my programs and stuff, they do not start up, but instead the black command box pops up briefly and disappears, and nothing else happens. This has...
General Discussion
MSE unable to detect infection on an infected usb flash
I just ran a scan of my wife's infected flash (she gave it to a friend at work to copy her movie) using an up-to-date MSE on Win7 Home Premium 64-bit and it DID NOT detect anything at all. When I opened the flash I see duplicates of its original contents that have their icon's edge sort of blurry...
System Security
Some applications open too late
Hi, I am using windows 7 professional 64 bit. Recently some programs such as iTunes and VLC player open 15 minutes later after i double click their icons and iTunes works really slow. But other applications like chrome opens normally or winamp. Any idea about how to fix this problem? Thanks
Software
Open all applications at once?
In Mac OS X, I can simply select all of the applications that I'd like to start, right-click>Open, and they'll all open. In Windows, I can only open a few at a time it seems... I've been relying on manually making a batch file to run a set number of applications. The reason I'm doing this is to see...
Software
Unable to start certain applications on different user
Hey there, Guess this is going to be my first asking post ^^ I've been having problems with installing certain applications, e.g Autocad LT 2006 I was able to have it running under both compatibility mode and w7 mode using both local and domain administrator. However I am unable to run...
Software


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 13:15.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App