Post back a new log.
PS: Sorry Megan, I need to add an additional step.
Message Edited by Midnight Star on 12-24-2004 09:48 PM
Sorry, I got one step ahead of myself - it's getting close to Christmas day! Let's try this first, before running HiJackThis, to make sure that nothing else has returned.
Run DLLCompare again, and post back the results.
Remember not to reboot your system just yet.
Run Killbox again, but this time just copy/paste the following names, one at a time, in the file name to delete field:
then click the red-x to delete these files.
Download and run VX2Finder, then:
1. Click "Restore Policy"
2. Click "User Agent$"
From a command line, run "regedit" then go to the following registry key:
Look for an entry that says:
It's have a randomly named file where the "..." is. Post back the name of that file and close the registry editor, without changing any of the data.
Let me know when your done with that, and post back a new log - let's see if anything is left.
Woops, forgot I wanted to post the VX2 Finder log:
You've done a excellent job! That system had multiple 'infections'!
I'm not sure just yet - it might be, but I doubt it. When you click in the message body, even though you don't see a cursor, did you try typing to see if anything text would show up? Sometimes when IncrediMail tosses up an e-mail notice on my screen, I don't see a cursor either, but it still let's me type text. I'm guessing the cursor is a sprite, and not an actual text charater - we'll figure that out ...
That file looks like what we need. Check and see if this file is present:
Post up a new HiJackThis to review, and i'll see if we have anything left. If your still having problems entering text when posting, just PM me and i'll see if we can work this out while i'm online using an instant messenger.
Message Edited by Midnight Star on 12-28-2004 07:49 AM
You mentioned something about a system restore the other night -- should I create a new system restore point?