Likely infected > unable to open or use any applications

Hi all - I am having some major issues with my PC and I think I may be infected.

Problem: Two days ago, suddenly all my programs crash and my windows takes me straight to desktop. Then, I am unable to open any programs (such as chrome, IE, Firefox, Spotify, Far cry, etc. etc.) but I am able to open Word and Outlook.

I then get the below errors every other minute, without doing anything. I also noticed that my ‘control panel’ is shows ‘empty’ (see pictures).

When I try to restart the computer, I am greeted with the first image below everytime on start up. And then I get other errors similar to that showing up every other minute or so.
When I try to restart the computer in SAFEMODE, my taskbar or desktop does not appear – just a black screen with a mouse pointer.
I somehow managed to start the computer in SAFEMODE w/ Command Prompt. This allowed me to run Kaspersky virus removal tool, which managed to remove about 22 threats. But the problem persists. I also ran the Microsoft anti-virus software which managed to find nothing on full scan.
I also somehow managed to run a TrendMicro HijackThis (see below).

So the current problems are: Every time I boot, I am presented with below error messages upon log-on. I am also unable to launch any applications such as Chrome, Firefox, IE, Spotify, any video games, or any of the antivirus programs. This makes things difficult as I cannot run any anti-virus stuff without having to go to SAFEMODE WITH COMMAND PROMPT and try to run it from prompt.

Please help. I use my PC for everything so this is obviously causing me a lot of stress. Thanks very much.

Specs:
Windows 7 x64
Thinkpad X220 laptop
12 GB ram
128 GB SSD hard drive
Intel CPU (don’t remember which one)
I’m a fairly typical user: word processing, internet, some graphic design, some gaming, some mathematical analysis.

HijackThis log:

Code:

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 9:48:53 AM, on 12/4/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17420)
 
FIREFOX: 32.0.1 (x86 en-US)
Boot mode: Safe mode
 
Running processes:
F:\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = msn
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = msn
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O1 - Hosts: 195.162.68.60 Google Analytics Official Website â.
O1 - Hosts: 195.162.68.60 google-analytics.com.
O1 - Hosts: 195.162.68.60 connect.facebook.net.
O1 - Hosts: 192.95.55.228 Google Analytics Official Website â.
O1 - Hosts: 192.95.55.228 google-analytics.com.
O1 - Hosts: 192.95.55.228 connect.facebook.net.
O1 - Hosts: 192.99.206.114 Google Analytics Official Website â.
O1 - Hosts: 192.99.206.114 google-analytics.com.
O1 - Hosts: 192.99.206.114 connect.facebook.net.
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [BrowserPlugInHelper] C:\Program Files (x86)\Wondershare\Video Converter Ultimate\BrowserPlugInHelper.exe
O4 - HKLM\..\Run: [Syncios device service] C:\Program Files (x86)\Syncios\SynciosDeviceService.exe
O4 - HKLM\..\Run: [PWMTRV] rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [C:\Program Files (x86)\Shutter\Shutter.exe] C:\Program Files (x86)\Shutter\Shutter.exe
O4 - HKLM\..\Run: [TSMResident] "C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMRESIDENT.EXE" /r
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Lights-Out Client.lnk = C:\Program Files\Windows Server\Bin\LightsOutClientGui.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{104BF5F1-4EE4-408F-98FA-E1EC46E52D3A}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{7980EDBB-5526-4983-AF96-936F7AC77B4D}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D05486C-1F75-4D1A-8DEA-4B46A06710F8}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1BB2938-61B5-447D-A1DA-09A1EAB4CD29}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5A407C7-6E26-4CFB-93C6-B2E407785A26}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD102EFB-86FC-4C19-BF94-5D2D8536F565}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2024E1F-B7CD-46F2-96C1-F9E72293ED7A}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{104BF5F1-4EE4-408F-98FA-E1EC46E52D3A}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{104BF5F1-4EE4-408F-98FA-E1EC46E52D3A}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Unknown owner - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASR Service (ASRSVC) - Lenovo Group Limited - C:\Program Files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @C:\Program Files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_core.dll,-101 (chromoting) - Google Inc. - C:\Program Files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @C:\Windows\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\Windows\system32\CxAudMsg64.exe (file missing)
O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Lenovo PM Service (IBMPMSVC) - Unknown owner - C:\Windows\system32\ibmpmsvc.exe (file missing)
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Lights-Out Client Service (LoClntService) - AxoNet Software GmbH - C:\Program Files\Windows Server\bin\LightsOutClientService.exe
O23 - Service: LSCWinService - Unknown owner - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
O23 - Service: lxeeCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\x64\3\\lxeeserv.exe
O23 - Service: lxee_device - - C:\Windows\system32\lxeecoms.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: moodleApache - Unknown owner - C:\BitNami\MOODLE~1.1-0\apache2\bin\httpd.exe (file missing)
O23 - Service: moodleMySQL - Unknown owner - C:\BitNami\moodle-2.6.1-0\mysql\bin\mysqld.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\NLSSRV32.EXE
O23 - Service: Power Manager Service (Power Manager DBC Service) - Lenovo - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cisco EnergyWise Enabler (PwmEWSvc) - Lenovo Group Limited - C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\Windows\system32\SAsrv.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Screen Reading Optimizer Service Program (SROSVC) - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
O23 - Service: System Update (SUService) - Unknown owner - C:\Program Files (x86)\Lenovo\System Update\SUService.exe
O23 - Service: TabletServiceISD - Wacom Technology, Corp. - C:\Program Files\Tablet\ISD\ISD_Tablet.exe
O23 - Service: TABLET Service (TabletSVC) - Lenovo Group Limited - C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: Wacom ISD Touch Service (TouchServiceISD) - Wacom Technology, Corp. - C:\Program Files\Tablet\ISD\ISD_TouchService.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Unknown owner - C:\Windows\System32\TPHDEXLG64.exe (file missing)
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 16586 bytes

Images of errors and issues:

Hi Boboz,

Can you boot into Safe Mode and see if the problems still persist?

One of my previous posts would explain why only Safe mode with command prompt works:

Safe Mode doesn't process the Run and RunOnce registry keys. One additional startup method is the Winlogon Shell, but that is also skipped if you choose Safe Mode with Command Prompt. So that's the safest Safe Mode option, but requires the user to know how to start an application.

Since you seem to have a problem with exe files I'm guessing your PC might have been modified to run an additional program every time you try to run an exe file. You can run these commands to check:
reg query "HKLM\Software\Classes\exefile\shell\open\command"
reg query "HKCR\exefile\shell\open\command"
A normal value should be "%1" %* (at the end of the printed lines)

Mine shows:

C:\>reg query "HKLM\Software\Classes\exefile\shell\open\command"

HKEY_LOCAL_MACHINE\Software\Classes\exefile\shell\open\command
(Default) REG_SZ "%1" %*
IsolatedCommand REG_SZ "%1" %*


C:\>reg query "HKCR\exefile\shell\open\command"

HKEY_CLASSES_ROOT\exefile\shell\open\command
(Default) REG_SZ "%1" %*
IsolatedCommand REG_SZ "%1" %*

If you find anything else there you could use regedit to change the value back to the default value, but it's probably a better idea boot with a USB Flash drive containing malware cleaning software like for example Windows Defender Offline and others, which you'll have to create on a clean computer.

bonoz,

There are some strange IP addresses showing there...seem to be originating in Russia.
Malware may be a player in what is going on.

See if you can do the following...

You may want to print these instructions so you can have access to them.
Also, you may want to read them once before you apply them.

Please plug in a USB pen drive into a clean working computer.

Go to the Farbar Recovery Scan Tool Download
Farbar Recovery Scan Tool Download
Select the download that applies to your system: 64-bit
Save the program to the >> USB pen drive.
Remove USB pen drive when done.

Now, go to the problem computer.
Plug in the USB pen drive which has FRST64.

Start the computer, and tap the F8 key until you get to the Advanced Boot Options
Use the arrow keys to select the Repair your computer menu item

From there...
Select your language settings, and click: Next
Select your User account and click: OK (If you did not set a password, leave blank.)

On the System Recovery Options you get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Scan your computer's memory for errors
Command Prompt

Select: Command Prompt

In the Command Prompt window, at the blinking cursor type notepad and press: Enter
In Notepad, under the File menu select: Open
Double-click the Computer icon on the left.
Find the pen drive letter, remember what letter it is, click on it, and press: Open
Close out of Notepad.

Click the Command Prompt window
Type x:\frst64.exe, and press: Enter
Note: Replace the drive letter x with the drive letter of your pen drive!

FRST starts, and prepares to run. Follow the prompts.
Click Yes to the Disclaimer.

Press the Scan button.

The scan runs, and, the program saves the FRST.txt, on the pen drive.

When done, click the Command Prompt window, type exit, and press: Enter

Back at the System Recovery Options, press: Shutdown
Remove the USB pen drive.

Please plug the USB pen drive in the working computer, and please provide the FRST.txt in your reply.


Thanks!


.

bonoz,

There are some 01 and 017 entries showing in the HijackThis log posted earlier.
Ignore these if you knowingly placed these entries in your Hosts file. Some of them point to a Canadian IP, others to Russian IP:

O1 - Hosts: ::1 localhost
O1 - Hosts: 195.162.68.60 Google Analytics Official Website â.
O1 - Hosts: 195.162.68.60 google-analytics.com.
O1 - Hosts: 195.162.68.60 connect.facebook.net.
O1 - Hosts: 192.95.55.228 Google Analytics Official Website â.
O1 - Hosts: 192.95.55.228 google-analytics.com.
O1 - Hosts: 192.95.55.228 connect.facebook.net.
O1 - Hosts: 192.99.206.114 Google Analytics Official Website â.
O1 - Hosts: 192.99.206.114 google-analytics.com.
O1 - Hosts: 192.99.206.114 connect.facebook.net.

If you did not place these entries in your Hosts file, then, run HijckThis, Scan, check box for the entries above, and select: Fix checked


On the 017 entries, they look like Google Public DNS. Is that the case?

O17 - HKLM\System\CCS\Services\Tcpip\..\{104BF5F1-4EE4-408F-98FA-E1EC46E52D3A}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{7980EDBB-5526-4983-AF96-936F7AC77B4D}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8. 8.8,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D05486C-1F75-4D1A-8DEA-4B46A06710F8}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8. 8.8,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1BB2938-61B5-447D-A1DA-09A1EAB4CD29}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8. 8.8,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5A407C7-6E26-4CFB-93C6-B2E407785A26}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8. 8.8,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD102EFB-86FC-4C19-BF94-5D2D8536F565}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8. 8.8,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2024E1F-B7CD-46F2-96C1-F9E72293ED7A}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8. 8.8,8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{104BF5F1-4EE4-408F-98FA-E1EC46E52D3A}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{104BF5F1-4EE4-408F-98FA-E1EC46E52D3A}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

In this section HijackThis checks various keys in Registry hive [HKEY LOCAL MACHINE] for specific values which help windows to resolve domain names into IP addresses. Hijacking these values can cause the programs which uses the Internet to be redirected to malicious sites. Some versions of malware use this
methodology.

However, these entries may be used by your ISP, your company network, and other legit entities. If that is the case, removing a needed 017 entry may break Internet connectivity.

Is there any reason why you started a new topic?

On the above (chkdsk), tap the F8 key when the PC starts until the Advanced Boot Options appears

Select: Safe Mode with Command Prompt




Would also consider running System File Checker.

It will run in Safe Mode with Command Prompt also.


Type: sfc/scannow