I am thankful for all of the great minds that are working on this. I appreciate it. Hopefully I am giving you good feedback that you can use to help other people in the future.
The program ran for a while and then just closed. Here is the contents of the log:
SystemLook 04.09.10 by jpshortstuff
Log created at 20:47 on 10/01/2011 by Paul Brown
Administrator - Elevation successful
========== regfind ==========
Searching for "[cmz vmkd]"
Suspecting that the program was killed, and judging that there are two commands, I thought I would try to run them individually. However, when I tried to launch the program, it did not open again. Did not give me the "cannot file file" error though either.
I am suspecting that one of the commands is you wanting to know the registry locations. Therefore, the registry search you had me do previously, I did again Not wanting to try and write them down since reg keys are so messy, I made screen shots of the keys. Since I am in my regular logon (where I have handy screen capture software), I am going to make three pics (each holding two of the 6 key locations) and then open all three pics and make one pic and send that to you. That way, you can see it all in one nice spot.
I cannot recall if you askedpreviously for a registry search on vbma3a2b or if I just did it out of curiosity but I went ahead and searched again for it now. The value is in a lot of places so I will not be able to combine them all in one pic. Instead, there will be a set of 12 pics showing the different registry locations/values.
Sorry I was not clear enough on the last post. I DID try both commands at the same time. That is when/how the screen died.
In hopes of getting a partial log, I was then going to try one command at a time hoping that at least one of the two commands might succeed by itself. For example, perhaps the screen got through the first command and died on the second command so if I could the first one to run, then I could get that part of the log created.
I tried to delete vbma3a2b in the registry but was prevented from doing so. The message it gave was "Unable to delete all specified values"
Safe mode; admin ID (not my ID with Admin auth):
Disabled in device manager.
Still cannot delete in the registry.
Also tried to delete [cmz vmkd] in the registry and could not delete that either.
I started to follow the instructions and a few things are coming up.
1. Back in the beginning, when the problem first started, I did have some Antivirus2010 windows popping up. I cannot recall but they probably had an OK button or something like that on them but I DO know that whatever the content of the window, I DID NOT interact with it. I closed the window with the "X" in the top right or down on the task bar.
2. I then went to control panel and uninstalled AC2010.
3. Yes, I realize that this was probably critical information that I should have put in my original post. My bad. Sorry about that. It is just that is seemed to "uninstall" so easily from control panel and then I had so much trouble with Net Nanny and SB S&D that I lost sight of the AV2010. Since the AV2010 windows never came back up anymore, I forgot all about it by the time I was creating my post.
4. When I started to following the instructions at http://supportforums.sunbeltsoftware...&threadid=6635
there is a point that talks about
us?rinit.exe
I do not have that file (and yes, I tried DIR at the CMD and it did NOT show up.)
5. I wonder if the reason that us?rinit.exe in #4 (the point just above this one) did not show is because of what I did in #2 (further up in the this post) ????
I have
HKLM\System\CurrentControlSet\Services\usbvideo
then
HKLM\System\CurrentControlSet\Services\vbma3a2b
No userinit inbetween them
6. Should I proceed with the instructions just skipping the parts that do not apply?
7. Also, should this be done under my normal login or safe mode/admin or what?
8. I scanned ahead on the instructions.
RE: [Drag each of the files in the list of "failed to open" files onto "inherit.exe" and click "ok" when prompted.]
I am not too sure what that means. Does that mean to launch/install Inherit.exe and some window will open and I drag the files into that window?
9. Of the 4 tools to be downloaded, one references gmer.net but I do not see in the instructions anywhere where that is to be used.
Good Morning, this is a real doozy to remove. Been at this a long time and this junk is getting harder and harder to remove.
Sometimes its best to back up your important data to a CD and reformat the drive and reinstall windows, this guarantees a 100% clean computer, but this is your call if you want to proceed with a reinstall.
The purpose of Inherit is that when a program is dragged into it it resets permissions that malware has reset so the tool will run. Sometimes it works and sometimes no.
GMER is run as a final scan to make sure its gone.
I have a few people looking this over, before we proceed let me look into a few things
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
Hi - I have a question before I proceed with the contents of post #59.
In Post #57, I had a question in point #8
QUOTE from my post, post #57
RE: [Drag each of the files in the list of "failed to open" files onto "inherit.exe" and click "ok" when prompted.]
I am not too sure what that means. Does that mean to launch/install Inherit.exe and some window will open and I drag the files into that window?
END-QUOTE
and in Post #58 you told me the purpose of the program but I was looking for more of a "what am I supposed to see" and "just how am I supposed to do it answer".
QUOTE from your post, post #58
The purpose of Inherit is that when a program is dragged into it it resets permissions that malware has reset so the tool will run. Sometimes it works and sometimes no.
END-QUOTE
My question is about the mechanics of using Inerit.exe. When I get to the part of the instructions that says
[Drag each of the files in the list of "failed to open" files onto "inherit.exe" and click "ok" when prompted.]
Does that mean that I do the install (and then execute) at that time (becuase I do not see any instructions for when to do the install)?
And, when it is running, just what am I dragging into the tool? Am I supposed to open up explorer, navigate to the file reported in Junction's log.txt file and drop it into there as if I were doing a file move?
Or. am I supposed to cut the text out of Junction's Log.txt file and paste it into the Inherit.exe window. And, if I am to do a cut and paste, how much of the text from the log am I to copy in? That is, if the log shows
Failed to open \\?\c:\\path\file: Access is denied.
