Attending Mark Russinovich great sessions at TechEd Europe is always a good reminder of the powerful Sysinternals Tools from Windows Sysinternals (http://technet.microsoft.com/en-us/sysinternals/bb896649.aspx)
So when a customer called me telling me all the programs crashing on startup, I thought it would be a nice opportunity to troubleshoot with Sysinternals Tools. This was a old PC (with Windows XP, and had not been reinstalled on a long time).
The applications only crashed when a non-privileged account logged on. When opening programs as administrator programs started.
When standard user logs on – all programs crashing:
As Mark told me: When in doubt, run process monitor. Did not find any special there (but I am not an expert at this tools), but I started Autoruns and there I found a RUN registry starting an odd program
I found the file in explorer:
Tried to jump to the entry in registry:
When I disabled the registry, and restarted. Everything started to work normal.
I also uploaded this file to virustotal.com – and it was not many who identified this as malware