Application error on most executables after startup

After removing a spyware, on startup I get multiple error messages like:
Application Error: The instruction at "....." referenced memory at "....". The memory could not be "read".
This happens on most executables, including explorer.exe, msconfig.exe, sfc.exe... here is a list of some executables, with the instruction address and the memory address:

verclsid   0x0040a54b   0x000a6000
explorer   0x0040a54b  0x000aa000
sfc   0x0040a54b   0x000a9000
skype   0x0014a54b   0x001b7000
firefox   0x0014a54b   0x001a7000
regedit   0x0040a54b   0x00b9000

Strangely, this does not happen on some executable if they are launched early, but only after some time into the startup: for example: skype starts normally when at startup, but if I close and reopen it, it won't start and give me the error.
Some programs start normally at startup, ZoneAlarm Antivirus is among these.

This happened after I have removed a malware infection:
this morning at startup I had a popup in the lower right corner, telling that my pc was infected and i needed an antispyware. I have ZoneAlarm Antivirus and Firewall installed, but ZoneAlarm's TrueVector service had been disabled by this malicious software, and Spybot would not start either. ZoneAlarm Antivirus' update did not work. This malicious software autonomously downloaded and installed a so-called antispyware named XPSecurityCenter, which is surely spyware itself.
I had some Windows automatic updates left pending, and I installed them: among them there was the Windows Malware Removal Tool.
After rebooting, the popup was gone, and i saw a brief message stating that some malware had been removed (I think the windows removal tool removed this spyware, but I'm not sure). ZoneAlarm started working again.
I rebooted again and this time all those messages started to show up.

At this time, I can't run quite anything on my PC. Can somebody please help me?

Thank you
Who is Participating?

Improve company productivity with a Business Account.Sign Up

IndiGenusConnect With a Mentor Commented:
Download and Run ComboFix (by sUBs) from one of the links below. You must run it directly from your Desktop.

Disable your Anti-virus and any real-time Anti-spyware monitors that are running.
Then double click Combofix.exe & follow the prompts.
When finished, it will produce a log for you. Upload that log in your next reply with a new HijackThis log.  

Please do not post the log into the comment window. Use "Attach File" under the comment window to post the log.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall.
Note 2: Remember to re-enable your Anti-virus and Anti-spyware.

NOTE: If you have issues connecting to your network or internet after running combofix you can either simply reboot, or do the following:
* Going to Control Panel > Network Connections.
* Right click on their Network icons & select "Repair"
Alternately, if the Network icon appears in the notification area in the lower right corner of Desktop, right-click it, and then click Repair from the shortcut menu.

PLEASE ALSO NOTE: Combofix will typically fix most and sometimes all Malware entries but many times a script is also needed to finish cleaning up. So please keep CF until advised whether you need the script or not.

francescobaAuthor Commented:
P.S. I noticed that many instruction adresses are the same, this makes me think that there are a few core executables or dlls who cause this problem
Download memtest from and run the tool to test your memory.
Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

It would help if we could see what was going on with your computer. I suggest that you download, run, and upload a HijackThis log from the link below.

Click on "Do a system scan and save a log file" button. Post the text from the log file. Do not have HJT fix anything at this point.

Please do not post the log into the comment window. Use "Attach File" under the comment window to post the log.
francescobaAuthor Commented:
Thank you for your replies, I'm trying to test your solutions: I have the additional problem that my CD drive is not working, so I'll have to obtain an external CD or floppy drive in order to run memtest86. I'll post the results when i've done it.

Regarding Hijackthis: this morning I tried to run HJTInstall, and it didn't go, giving the same error as the other executables, then after some minuten ZoneAlarm reported a virus (in aspimgr.exe), and put it in quarantine.
After the virus was put in quarantine, all the executables start normally, including Hijackthis, so I run it.
During the scan, Hijackthis gave me an error, that I am attaching to this post together with the log.

Also, I forgot to mention one thing yesterday: after the initial infection I got a windows message stating that some system files had been replaced by different versions, and I should restore them from the windows CD (I could not do this because the cd drive is not working)
Marc ZCommented:
While IndiGenus helps you get cleaned up, I might suggest backing up ANY important files, getting them off that machine and getting ready for a system format and reinstall.  Sounds also like you may have some hardware issues as well, if you have lost your CD drive and now your Memory is showing issues.
francescobaAuthor Commented:
Thank you all for your help, now I got ComboFix and I scanned my PC, and I am posting the log here, with a new Hijackthis log. After the ComboFix scan my PC began to work normally. I also did a scan with Spybot and with ZoneAlarm Antivirus. I have been using it for some days now without problems. As for the backup, I had already done that, thank you. I am going to check the RAM too, as soon as I get a working Cd drive. I always thought that the cd drive problem is due to mechanical damage, since I transport my laptop by car a lot, for work, and sometimes it got some hits. Anyway, how could I check that?

Marc ZCommented:
"Anyway, how could I check that?"
Do you have a replacement you could test it out with?  Perhaps if you could burn a LiveCD of a Linux distro you could insert that and boot to it and see if it runs.  But what error do you get currently when you insert a disk to it?
Marc ZCommented:
Do you have ANY idea what these are ?
O4 - Startup: Script.ahk
O4 - Startup: Start.vbs

In Hijack This, fix these.
       F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
       O4 - Global Startup: Snippy.lnk = C:\Programmi\Snippy\Snippy.exe
O9 - Extra button: LookWAYup - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - (file missing)
       O9 - Extra 'Tools' menuitem: LookWAYup - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - (file missing)

Check these and see if you know them. If not Fix in HIJackthis
      O8 - Extra context menu item: LookWAYup -

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) -
O16 - DPF: {A8680DA2-873A-11D4-928C-0050DAC7E112} (CTI_RECORDER) -
O16 - DPF: {B7039D87-D648-4431-BA87-C3A04E6111DA} (wodTelnetDLX Class) -
francescobaAuthor Commented:
The F2 entry is due to a virus, but it is not present anymore, I think it was removed in the antivirus scans I did after ComboFix. The other entries are all legitimate programs.
The cd drive has mechanical issues: no boot possible (I checked with the bootable memtest86+ iso).
Anyway, since I had no more memory errors after the ComboFix scan, I assume that my RAM is ok and I'll give up the memtest86 scan: the errors were given by the viruses, which were removed by ComboFix.

Thank you all for helping me to solve this problem!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.