Jump to content

MBAM won't open. IE 32-bit won't open


Recommended Posts

Good morning all,

I'm having the exact same issue as this, http://forums.malwarebytes.org/index.php?showtopic=67946

HP Pavilion laptop, 4GB RAM

Vista SP2 64-bit (all latest updates)

Norton Security Suite

I've tried following directions in the above link but I'm still having issues. So here's the story. I downloaded and ran an exe and immediately had issues. I uninstalled the app, then went to run Malwarebytes, which was already on the laptop. I received a "vbaccelerator sgrid II control, run-time error 0" when trying to open it. I was unable to open in safe-mode as well.

I tried opening IE 32-bit and it just blinked. I opened Task Manager to see if iexplore.exe was running but it was not. When I launch IE, it will show in Task Manager very briefly then disappear. I am able to run IE 64-bit and Firefox without issue.

From IE 64-bit I was able to install Malwarebytes again, although it has some sort of class instance error when installing, however it did install and I was able to update. I ran the following:

Dr. CureIT - Found and killed C:\Windows\SysWOW64\Process.exe (Tool.Killproc.3)

Malwarebytes - found 2 Trojan.Agents and 1 Trojan.Dropper and removed.

Spybot - Found nothing other than cookies

ComboFix - Successfully repaired userinit.exe, Found C:\Install.exe and C:\Windows\system32\jespertb.dll

I ran Norton and it hung about 10 seconds after starting a comprehensive scan.

I ran Registry Mechanic - Found 9 issues, but nothing pressing. Odd thing though. I am usually able to see the details of the scan. The bottom half of the Reg Mech screen was blank. It was fine before installing the app/virus. (Maybe a permissions issue?)

I cannot install the Rootkit Unhooker. It will not install. It returns an instance error at the end. It shows in All Programs, but no files are found. It says (empty) and does not show up in my Programs list.

I also tried a system restores from 1/2, 1/3 1/4. After the reboots, they all stated that they could not be completed and no changes were made to my system.

I ran Junction.exe and it returned this.

Junction v1.06 - Windows junction creator and reparse point viewer

Copyright © 2000-2010 Mark Russinovich

Sysinternals - www.sysinternals.com

\\?\c:\\Documents and Settings: JUNCTION

Print Name : c:\Users

Substitute Name: c:\Users

Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.

..\\?\c:\\ProgramData\Application Data: JUNCTION

Print Name : c:\ProgramData

Substitute Name: c:\ProgramData

\\?\c:\\ProgramData\Desktop: JUNCTION

Print Name : c:\Users\Public\Desktop

Substitute Name: c:\Users\Public\Desktop

\\?\c:\\ProgramData\Documents: JUNCTION

Print Name : c:\Users\Public\Documents

Substitute Name: c:\Users\Public\Documents

\\?\c:\\ProgramData\Favorites: JUNCTION

Print Name : c:\Users\Public\Favorites

Substitute Name: c:\Users\Public\Favorites

\\?\c:\\ProgramData\Start Menu: JUNCTION

Print Name : c:\ProgramData\Microsoft\Windows\Start Menu

Substitute Name: c:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\ProgramData\Templates: JUNCTION

Print Name : c:\ProgramData\Microsoft\Windows\Templates

Substitute Name: c:\ProgramData\Microsoft\Windows\Templates

Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\37ec3c5ff6fbd5657fb72005731fda1f_ce77dc83-de32-43ca-aa74-a9a14c494dc2: Access is denied.

Failed to open \\?\c:\\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp: Access is denied.

Failed to open \\?\c:\\Qoobox\BackEnv: Access is denied.

Failed to open \\?\c:\\System Volume Information\{20d58015-187d-11e0-9f7e-001eecf8e776}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.

Failed to open \\?\c:\\System Volume Information\{32fb981f-1942-11e0-9bee-001eecf8e776}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.

Failed to open \\?\c:\\System Volume Information\{32fb9823-1942-11e0-9bee-001eecf8e776}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.

Failed to open \\?\c:\\System Volume Information\{32fb9838-1942-11e0-9bee-001eecf8e776}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.

Failed to open \\?\c:\\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.

Failed to open \\?\c:\\System Volume Information\{5094f1b9-16d8-11e0-9be2-001eecf8e776}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.

Failed to open \\?\c:\\System Volume Information\{63e05fce-1880-11e0-816e-001eecf8e776}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.

Failed to open \\?\c:\\System Volume Information\{be3c6506-1165-11e0-81c9-001eecf8e776}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.

Failed to open \\?\c:\\System Volume Information\{be3c652f-1165-11e0-81c9-001eecf8e776}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.

Failed to open \\?\c:\\System Volume Information\{f1c1437f-16ef-11e0-9e8e-001eecf8e776}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.

Failed to open \\?\c:\\System Volume Information\{f1c143f1-16ef-11e0-9e8e-001eecf8e776}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.

Failed to open \\?\c:\\System Volume Information\{f5989ecf-1879-11e0-8197-001eecf8e776}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.

Failed to open \\?\c:\\System Volume Information\SystemRestore\System Volume Information: Access is denied.

\\?\c:\\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\config\systemprofile\Cookies: JUNCTION

Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies

Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies

.\\?\c:\\Users\All Users: SYMBOLIC LINK

Print Name : c:\ProgramData

Substitute Name: \??\c:\ProgramData

\\?\c:\\Users\Default User: JUNCTION

Print Name : c:\Users\Default

Substitute Name: c:\Users\Default

\\?\c:\\Users\All Users\Application Data: JUNCTION

Print Name : c:\ProgramData

Substitute Name: c:\ProgramData

\\?\c:\\Users\All Users\Desktop: JUNCTION

Print Name : c:\Users\Public\Desktop

Substitute Name: c:\Users\Public\Desktop

\\?\c:\\Users\All Users\Documents: JUNCTION

Print Name : c:\Users\Public\Documents

Substitute Name: c:\Users\Public\Documents

\\?\c:\\Users\All Users\Favorites: JUNCTION

Print Name : c:\Users\Public\Favorites

Substitute Name: c:\Users\Public\Favorites

\\?\c:\\Users\All Users\Start Menu: JUNCTION

Print Name : c:\ProgramData\Microsoft\Windows\Start Menu

Substitute Name: c:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\Users\All Users\Templates: JUNCTION

Print Name : c:\ProgramData\Microsoft\Windows\Templates

Substitute Name: c:\ProgramData\Microsoft\Windows\Templates

Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\37ec3c5ff6fbd5657fb72005731fda1f_ce77dc83-de32-43ca-aa74-a9a14c494dc2: Access is denied.

Failed to open \\?\c:\\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp: Access is denied.

..\\?\c:\\Users\Default\Application Data: JUNCTION

Print Name : c:\Users\Default\AppData\Roaming

Substitute Name: c:\Users\Default\AppData\Roaming

\\?\c:\\Users\Default\Local Settings: JUNCTION

Print Name : c:\Users\Default\AppData\Local

Substitute Name: c:\Users\Default\AppData\Local

\\?\c:\\Users\Default\My Documents: JUNCTION

Print Name : c:\Users\Default\Documents

Substitute Name: c:\Users\Default\Documents

\\?\c:\\Users\Default\NetHood: JUNCTION

Print Name : c:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts

Substitute Name: c:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts

\\?\c:\\Users\Default\PrintHood: JUNCTION

Print Name : c:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

Substitute Name: c:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\c:\\Users\Default\Recent: JUNCTION

Print Name : c:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent

Substitute Name: c:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent

\\?\c:\\Users\Default\SendTo: JUNCTION

Print Name : c:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo

Substitute Name: c:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo

\\?\c:\\Users\Default\Start Menu: JUNCTION

Print Name : c:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu

Substitute Name: c:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\c:\\Users\Default\Templates: JUNCTION

Print Name : c:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates

Substitute Name: c:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates

\\?\c:\\Users\Default\AppData\Local\Application Data: JUNCTION

Print Name : c:\Users\Default\AppData\Local

Substitute Name: c:\Users\Default\AppData\Local

\\?\c:\\Users\Default\AppData\Local\History: JUNCTION

Print Name : c:\Users\Default\AppData\Local\Microsoft\Windows\History

Substitute Name: c:\Users\Default\AppData\Local\Microsoft\Windows\History

.\\?\c:\\Users\Default\AppData\Local\Temporary Internet Files: JUNCTION

Print Name : c:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files

Substitute Name: c:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files

\\?\c:\\Users\Default\Documents\My Music: JUNCTION

Print Name : c:\Users\Default\Music

Substitute Name: c:\Users\Default\Music

\\?\c:\\Users\Default\Documents\My Pictures: JUNCTION

Print Name : c:\Users\Default\Pictures

Substitute Name: c:\Users\Default\Pictures

\\?\c:\\Users\Default\Documents\My Videos: JUNCTION

Print Name : c:\Users\Default\Videos

Substitute Name: c:\Users\Default\Videos

\\?\c:\\Users\Mcx1\Application Data: JUNCTION

Print Name : C:\Users\Mcx1\AppData\Roaming

Substitute Name: C:\Users\Mcx1\AppData\Roaming

\\?\c:\\Users\Mcx1\Cookies: JUNCTION

Print Name : C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Cookies

Substitute Name: C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Cookies

\\?\c:\\Users\Mcx1\Local Settings: JUNCTION

Print Name : C:\Users\Mcx1\AppData\Local

Substitute Name: C:\Users\Mcx1\AppData\Local

\\?\c:\\Users\Mcx1\My Documents: JUNCTION

Print Name : C:\Users\Mcx1\Documents

Substitute Name: C:\Users\Mcx1\Documents

\\?\c:\\Users\Mcx1\NetHood: JUNCTION

Print Name : C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Network Shortcuts

Substitute Name: C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Network Shortcuts

\\?\c:\\Users\Mcx1\PrintHood: JUNCTION

Print Name : C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

Substitute Name: C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\c:\\Users\Mcx1\Recent: JUNCTION

Print Name : C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Recent

Substitute Name: C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Recent

\\?\c:\\Users\Mcx1\SendTo: JUNCTION

Print Name : C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\SendTo

Substitute Name: C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\SendTo

\\?\c:\\Users\Mcx1\Start Menu: JUNCTION

Print Name : C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu

Substitute Name: C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\c:\\Users\Mcx1\Templates: JUNCTION

Print Name : C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Templates

Substitute Name: C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Templates

\\?\c:\\Users\Mcx1\AppData\Local\Application Data: JUNCTION

Print Name : C:\Users\Mcx1\AppData\Local

Substitute Name: C:\Users\Mcx1\AppData\Local

\\?\c:\\Users\Mcx1\AppData\Local\History: JUNCTION

Print Name : C:\Users\Mcx1\AppData\Local\Microsoft\Windows\History

Substitute Name: C:\Users\Mcx1\AppData\Local\Microsoft\Windows\History

\\?\c:\\Users\Mcx1\AppData\Local\Temporary Internet Files: JUNCTION

Print Name : C:\Users\Mcx1\AppData\Local\Microsoft\Windows\Temporary Internet Files

Substitute Name: C:\Users\Mcx1\AppData\Local\Microsoft\Windows\Temporary Internet Files

\\?\c:\\Users\Mcx1\Documents\My Music: JUNCTION

Print Name : C:\Users\Mcx1\Music

Substitute Name: C:\Users\Mcx1\Music

\\?\c:\\Users\Mcx1\Documents\My Pictures: JUNCTION

Print Name : C:\Users\Mcx1\Pictures

Substitute Name: C:\Users\Mcx1\Pictures

\\?\c:\\Users\Mcx1\Documents\My Videos: JUNCTION

Print Name : C:\Users\Mcx1\Videos

Substitute Name: C:\Users\Mcx1\Videos

\\?\c:\\Users\Mcx2\Application Data: JUNCTION

Print Name : C:\Users\Mcx2\AppData\Roaming

Substitute Name: C:\Users\Mcx2\AppData\Roaming

\\?\c:\\Users\Mcx2\Cookies: JUNCTION

Print Name : C:\Users\Mcx2\AppData\Roaming\Microsoft\Windows\Cookies

Substitute Name: C:\Users\Mcx2\AppData\Roaming\Microsoft\Windows\Cookies

\\?\c:\\Users\Mcx2\Local Settings: JUNCTION

Print Name : C:\Users\Mcx2\AppData\Local

Substitute Name: C:\Users\Mcx2\AppData\Local

\\?\c:\\Users\Mcx2\My Documents: JUNCTION

Print Name : C:\Users\Mcx2\Documents

Substitute Name: C:\Users\Mcx2\Documents

\\?\c:\\Users\Mcx2\NetHood: JUNCTION

Print Name : C:\Users\Mcx2\AppData\Roaming\Microsoft\Windows\Network Shortcuts

Substitute Name: C:\Users\Mcx2\AppData\Roaming\Microsoft\Windows\Network Shortcuts

\\?\c:\\Users\Mcx2\PrintHood: JUNCTION

Print Name : C:\Users\Mcx2\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

Substitute Name: C:\Users\Mcx2\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\c:\\Users\Mcx2\Recent: JUNCTION

Print Name : C:\Users\Mcx2\AppData\Roaming\Microsoft\Windows\Recent

Substitute Name: C:\Users\Mcx2\AppData\Roaming\Microsoft\Windows\Recent

\\?\c:\\Users\Mcx2\SendTo: JUNCTION

Print Name : C:\Users\Mcx2\AppData\Roaming\Microsoft\Windows\SendTo

Substitute Name: C:\Users\Mcx2\AppData\Roaming\Microsoft\Windows\SendTo

\\?\c:\\Users\Mcx2\Start Menu: JUNCTION

Print Name : C:\Users\Mcx2\AppData\Roaming\Microsoft\Windows\Start Menu

Substitute Name: C:\Users\Mcx2\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\c:\\Users\Mcx2\Templates: JUNCTION

Print Name : C:\Users\Mcx2\AppData\Roaming\Microsoft\Windows\Templates

Substitute Name: C:\Users\Mcx2\AppData\Roaming\Microsoft\Windows\Templates

\\?\c:\\Users\Mcx2\AppData\Local\Application Data: JUNCTION

Print Name : C:\Users\Mcx2\AppData\Local

Substitute Name: C:\Users\Mcx2\AppData\Local

\\?\c:\\Users\Mcx2\AppData\Local\History: JUNCTION

Print Name : C:\Users\Mcx2\AppData\Local\Microsoft\Windows\History

Substitute Name: C:\Users\Mcx2\AppData\Local\Microsoft\Windows\History

\\?\c:\\Users\Mcx2\AppData\Local\Temporary Internet Files: JUNCTION

Print Name : C:\Users\Mcx2\AppData\Local\Microsoft\Windows\Temporary Internet Files

Substitute Name: C:\Users\Mcx2\AppData\Local\Microsoft\Windows\Temporary Internet Files

\\?\c:\\Users\Mcx2\Documents\My Music: JUNCTION

Print Name : C:\Users\Mcx2\Music

Substitute Name: C:\Users\Mcx2\Music

\\?\c:\\Users\Mcx2\Documents\My Pictures: JUNCTION

Print Name : C:\Users\Mcx2\Pictures

Substitute Name: C:\Users\Mcx2\Pictures

\\?\c:\\Users\Mcx2\Documents\My Videos: JUNCTION

Print Name : C:\Users\Mcx2\Videos

Substitute Name: C:\Users\Mcx2\Videos

\\?\c:\\Users\Owner\Application Data: JUNCTION

Print Name : C:\Users\Owner\AppData\Roaming

Substitute Name: C:\Users\Owner\AppData\Roaming

\\?\c:\\Users\Owner\Cookies: JUNCTION

Print Name : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies

Substitute Name: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies

\\?\c:\\Users\Owner\Local Settings: JUNCTION

Print Name : C:\Users\Owner\AppData\Local

Substitute Name: C:\Users\Owner\AppData\Local

\\?\c:\\Users\Owner\My Documents: JUNCTION

Print Name : C:\Users\Owner\Documents

Substitute Name: C:\Users\Owner\Documents

\\?\c:\\Users\Owner\NetHood: JUNCTION

Print Name : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Network Shortcuts

Substitute Name: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Network Shortcuts

\\?\c:\\Users\Owner\PrintHood: JUNCTION

Print Name : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

Substitute Name: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\c:\\Users\Owner\Recent: JUNCTION

Print Name : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Recent

Substitute Name: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Recent

\\?\c:\\Users\Owner\SendTo: JUNCTION

Print Name : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\SendTo

Substitute Name: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\SendTo

\\?\c:\\Users\Owner\Start Menu: JUNCTION

Print Name : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu

Substitute Name: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\c:\\Users\Owner\Templates: JUNCTION

Print Name : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Templates

Substitute Name: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Templates

\\?\c:\\Users\Owner\AppData\Local\Application Data: JUNCTION

Print Name : C:\Users\Owner\AppData\Local

Substitute Name: C:\Users\Owner\AppData\Local

\\?\c:\\Users\Owner\AppData\Local\History: JUNCTION

Print Name : C:\Users\Owner\AppData\Local\Microsoft\Windows\History

Substitute Name: C:\Users\Owner\AppData\Local\Microsoft\Windows\History

\\?\c:\\Users\Owner\AppData\Local\Temporary Internet Files: JUNCTION

Print Name : C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files

Substitute Name: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files

...\\?\c:\\Users\Owner\Documents\My Music: JUNCTION

Print Name : C:\Users\Owner\Music

Substitute Name: C:\Users\Owner\Music

\\?\c:\\Users\Owner\Documents\My Pictures: JUNCTION

Print Name : C:\Users\Owner\Pictures

Substitute Name: C:\Users\Owner\Pictures

\\?\c:\\Users\Owner\Documents\My Videos: JUNCTION

Print Name : C:\Users\Owner\Videos

Substitute Name: C:\Users\Owner\Videos

Failed to open \\?\c:\\Windows\System32\LogFiles\WMI\RtBackup: Access is denied.

.\\?\c:\\Windows\SysWOW64\config\systemprofile\Application Data: JUNCTION

Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming

Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming

\\?\c:\\Windows\SysWOW64\config\systemprofile\Local Settings: JUNCTION

Print Name : C:\Windows\system32\config\systemprofile\AppData\Local

Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local

\\?\c:\\Windows\SysWOW64\config\systemprofile\My Documents: JUNCTION

Print Name : C:\Windows\system32\config\systemprofile\Documents

Substitute Name: C:\Windows\system32\config\systemprofile\Documents

\\?\c:\\Windows\SysWOW64\config\systemprofile\NetHood: JUNCTION

Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts

Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts

\\?\c:\\Windows\SysWOW64\config\systemprofile\PrintHood: JUNCTION

Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\c:\\Windows\SysWOW64\config\systemprofile\Recent: JUNCTION

Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent

Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent

\\?\c:\\Windows\SysWOW64\config\systemprofile\SendTo: JUNCTION

Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo

Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo

\\?\c:\\Windows\SysWOW64\config\systemprofile\Start Menu: JUNCTION

Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu

Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\c:\\Windows\SysWOW64\config\systemprofile\Templates: JUNCTION

Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates

Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates

\\?\c:\\Windows\SysWOW64\config\systemprofile\AppData\Local\Application Data: JUNCTION

Print Name : C:\Windows\system32\config\systemprofile\AppData\Local

Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local

\\?\c:\\Windows\SysWOW64\config\systemprofile\AppData\Local\History: JUNCTION

Print Name : C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History

Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History

\\?\c:\\Windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files: JUNCTION

Print Name : C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files

Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files

..\\?\c:\\Windows\SysWOW64\config\systemprofile\Documents\My Music: JUNCTION

Print Name : C:\Windows\system32\config\systemprofile\Music

Substitute Name: C:\Windows\system32\config\systemprofile\Music

\\?\c:\\Windows\SysWOW64\config\systemprofile\Documents\My Pictures: JUNCTION

Print Name : C:\Windows\system32\config\systemprofile\Pictures

Substitute Name: C:\Windows\system32\config\systemprofile\Pictures

\\?\c:\\Windows\SysWOW64\config\systemprofile\Documents\My Videos: JUNCTION

Print Name : C:\Windows\system32\config\systemprofile\Videos

Substitute Name: C:\Windows\system32\config\systemprofile\Videos

I ran inherit.exe on C:\Windows, C:\Users, C:\ProgramData, C:\Program Files (x86).

After all of this, I'm still having this issue. I cannot open IE 32-bit, but I can open 64-bit and Firefox. Programs don't install correctly, and show up as (empty) in the All Programs list. I'm not sure which virus/spyware/malware has infected my laptop. I'm pretty sure something is still on my laptop, so I don't want to use those browsers as a workaround. I'd hate to have to reload Vista. It would take me days. Anyway, if someone has heard of this and can steer me in the right direction, that would be great. I think it may just be a permissions issue now, since most of the scans are clean, but I'm not sure. Any help is appreciated! Thanks for your help!

Link to post
Share on other sites

Hi,

Please download DDS and save it to your desktop.

  • Disable any script blocking protection.
  • Double click dds.com to run the tool..
  • When done, DDS will open two logs (DDS.txt and Attach.txt).
  • Save both reports to your desktop.

Please include the contents of DDS.txt in your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download Rootkit Unhooker and save it to your Desktop

  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop

Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

Link to post
Share on other sites

  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.