I don't know what I have[RESOLVED]
#16
Posted 20 March 2008 - 05:49 PM
#17
Posted 20 March 2008 - 05:55 PM
#18
Posted 20 March 2008 - 06:44 PM
Right click on Repair Desktop and download that file.
Double click on it, and click Yes when it asks you if you want to merge it into the registry. Once that's done, restart your computer.
Now try the procedure that I posted earlier, and see if you can get your background back.
Let me know how it goes.
Regards,
RatHat
#19
Posted 20 March 2008 - 07:12 PM
Does this mean anything to you?? Or did I do something wrong??
Did we get rid of all the other junk?
Edited by calgooda1323, 20 March 2008 - 07:21 PM.
#20
Posted 20 March 2008 - 07:44 PM
Go to Start, then Run, and type in regedit.
It should bring up the windows registry editor. If it does, just close it down.
Let me know what happens.
#21
Posted 20 March 2008 - 07:45 PM
Edited by calgooda1323, 20 March 2008 - 07:48 PM.
#22
Posted 20 March 2008 - 08:01 PM
Can you download Combofix again, and run it for me, then post me the new log:
Download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Please, never rename Combofix unless instructed.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
- Double click on combofix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt" for further review.
#23
Posted 20 March 2008 - 08:22 PM
Attached Files
#24
Posted 20 March 2008 - 08:56 PM
1. Please open Notepad
- Click Start , then Run
- Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:
File:: C:\Documents and Settings\Cortney\Application Data\GDIPFONTCACHEV1.DAT C:\WINDOWS\Fonts\SET5FF.tmp C:\WINDOWS\Fonts\SET50E.tmp C:\WINDOWS\Fonts\SET5FE.tmp C:\WINDOWS\Fonts\SET50D.tmp C:\WINDOWS\Fonts\SET5FD.tmp C:\WINDOWS\Fonts\SET50C.tmp C:\WINDOWS\Fonts\SET5FC.tmp C:\WINDOWS\Fonts\SET50B.tmp C:\WINDOWS\Fonts\SET5FB.tmp C:\WINDOWS\Fonts\SET50A.tmp C:\WINDOWS\Fonts\SET602.tmp C:\WINDOWS\Fonts\SET511.tmp C:\WINDOWS\Fonts\SET601.tmp C:\WINDOWS\Fonts\SET510.tmp C:\WINDOWS\Fonts\SET600.tmp C:\WINDOWS\Fonts\SET50F.tmp
3. Save the above as CFScript.txt
4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
5. After reboot, (in case it asks to reboot), please post Combofix.txt in your next reply. Please don't attach it, as it makes it harder to research files.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Lets run an F-Secure online scan for Viruses, Spyware and RootKits:
- Go to http://support.f-sec.../home/ols.shtml
- Scroll to the bottom of the page and click the Start scanning button. A window will pop up.
- Allow the Active X control to be installed on your computer, then click the Accept button
- Click Full System Scan and allow the components to download and the scan to complete.
- If malware is found, check Submit samples to F-Secure then select Automatic cleaning
- When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
- Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
- When the cleaning option is presented, Uncheck Submit samples to F-Secure
- Click Automatic cleaning
- When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
- Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
- This scan will only work with Internet Explorer
- You must have administrator rights to run this scan
- This scan can take a while, so please be patient
#25
Posted 20 March 2008 - 09:06 PM
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.138 [GMT -6:00]
Running from: C:\Documents and Settings\Cortney\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Cortney\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\Documents and Settings\Cortney\Application Data\GDIPFONTCACHEV1.DAT
C:\WINDOWS\Fonts\SET50A.tmp
C:\WINDOWS\Fonts\SET50B.tmp
C:\WINDOWS\Fonts\SET50C.tmp
C:\WINDOWS\Fonts\SET50D.tmp
C:\WINDOWS\Fonts\SET50E.tmp
C:\WINDOWS\Fonts\SET50F.tmp
C:\WINDOWS\Fonts\SET510.tmp
C:\WINDOWS\Fonts\SET511.tmp
C:\WINDOWS\Fonts\SET5FB.tmp
C:\WINDOWS\Fonts\SET5FC.tmp
C:\WINDOWS\Fonts\SET5FD.tmp
C:\WINDOWS\Fonts\SET5FE.tmp
C:\WINDOWS\Fonts\SET5FF.tmp
C:\WINDOWS\Fonts\SET600.tmp
C:\WINDOWS\Fonts\SET601.tmp
C:\WINDOWS\Fonts\SET602.tmp
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Cortney\Application Data\GDIPFONTCACHEV1.DAT
C:\WINDOWS\Fonts\SET50A.tmp
C:\WINDOWS\Fonts\SET50B.tmp
C:\WINDOWS\Fonts\SET50C.tmp
C:\WINDOWS\Fonts\SET50D.tmp
C:\WINDOWS\Fonts\SET50E.tmp
C:\WINDOWS\Fonts\SET50F.tmp
C:\WINDOWS\Fonts\SET510.tmp
C:\WINDOWS\Fonts\SET511.tmp
C:\WINDOWS\Fonts\SET5FB.tmp
C:\WINDOWS\Fonts\SET5FC.tmp
C:\WINDOWS\Fonts\SET5FD.tmp
C:\WINDOWS\Fonts\SET5FE.tmp
C:\WINDOWS\Fonts\SET5FF.tmp
C:\WINDOWS\Fonts\SET600.tmp
C:\WINDOWS\Fonts\SET601.tmp
C:\WINDOWS\Fonts\SET602.tmp
.
((((((((((((((((((((((((( Files Created from 2008-02-21 to 2008-03-21 )))))))))))))))))))))))))))))))
.
2008-03-20 20:13 . 2008-03-20 20:13 <DIR> d-------- C:\ComboFix(2)
2008-03-20 17:44 . 2008-03-20 17:44 <DIR> d-------- C:\Documents and Settings\Cortney\Application Data\Malwarebytes
2008-03-20 17:43 . 2008-03-20 17:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-20 17:41 . 2008-03-20 17:41 <DIR> d-------- C:\_OTMoveIt
2008-03-19 22:23 . 2008-03-19 22:23 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-03-14 23:36 . 2008-03-14 23:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-14 21:00 . 2008-03-14 22:26 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-14 21:00 . 2008-03-14 22:27 <DIR> d-------- C:\Documents and Settings\Cortney\Application Data\SUPERAntiSpyware.com
2008-03-14 21:00 . 2008-03-14 21:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-11 10:13 . 2008-03-20 21:04 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-11 10:13 . 2008-03-20 21:02 1,409 --a------ C:\WINDOWS\QTFont.for
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-15 03:59 --------- d-----w C:\Program Files\Trend Micro
2008-03-15 02:18 --------- d-----w C:\Program Files\Java
2008-03-11 15:40 --------- d-----w C:\Program Files\Lx_cats
2008-02-22 15:51 --------- d-----w C:\Program Files\Diet Analysis Plus 8.0
2008-02-19 17:00 --------- d-----r C:\Documents and Settings\All Users\Application Data\SalesMon
2008-02-15 02:24 --------- d-----w C:\Program Files\Roguescanfix
2008-02-15 02:24 --------- d-----w C:\Program Files\Alfa & Ariss
2008-02-04 15:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-04 15:23 --------- d-----w C:\Program Files\Yahoo!
.
((((((((((((((((((((((((((((( snapshot@2008-03-20_10.59.57.43 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-20 16:48:27 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT
+ 2008-03-21 02:15:03 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 05:24 65536]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2003-03-31 06:00 13312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-04-07 02:19 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 02:07 114688]
"AGRSMMSG"="AGRSMMSG.exe" [2003-04-18 13:20 88363 C:\WINDOWS\agrsmmsg.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-07-17 19:38 159744]
"TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" [2003-01-21 20:00 126976]
"PadTouch"="C:\Program Files\TOSHIBA\PadTouch\PadExe.exe" [2003-10-31 17:01 1019904]
"TPSMain"="TPSMain.exe" [2003-11-19 23:15 278528 C:\WINDOWS\system32\TPSMain.exe]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2003-10-20 11:39 159744]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-01-02 18:16 172032]
"00THotkey"="C:\WINDOWS\System32\00THotkey.exe" [2003-04-15 22:01 258048]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 12:29 40960]
"TFNF5"="TFNF5.exe" [2003-10-15 18:03 73728 C:\WINDOWS\system32\TFNF5.exe]
"TFncKy"="TFncKy.exe" []
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2003-11-20 19:24 26112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2003-11-20 19:25 77824]
"Lexmark 5200 series"="C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe" [2004-03-25 07:30 57344]
"000StTHK"="000StTHK.exe" [2001-06-23 22:28 24576 C:\WINDOWS\system32\000StTHK.exe]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 12:42 69632]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-05-06 23:56 188416]
"LXBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll" [2004-03-17 10:30 65536]
"IntelliPoint"="c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-11-21 19:09 842584]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2003-08-06 15:23:32 51776]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-12 23:01:04 83360]
Trend Micro Anti-Spyware.lnk - C:\Program Files\Trend Micro\Tmas\Tmas.exe [2006-03-07 19:42:20 1306624]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"= C:\Program Files\Trend Micro\Tmas\sshook.dll [2006-05-26 16:17 77824]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli
R0 BsStor;B.H.A Storage Helper Driver;C:\WINDOWS\System32\drivers\BsStor.sys [2002-06-06 03:07]
S3 pciSd;pciSd;C:\WINDOWS\System32\DRIVERS\tossdpci.sys [2003-02-12 11:03]
S3 tsdhd;TOSHIBA SD Card Host Controller Driver;C:\WINDOWS\System32\DRIVERS\tsdhd.sys [2003-05-14 19:38]
.
Contents of the 'Scheduled Tasks' folder
"2006-12-14 07:45:35 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job"
- c:\Program Files\Microsoft IntelliPoint\ipoint.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-20 21:04:37
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Lexmark 5200 series\lxbtbmon.exe
C:\WINDOWS\System32\TPSBattM.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Completion time: 2008-03-20 21:06:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-21 03:06:21
ComboFix2.txt 2008-03-21 02:22:47
ComboFix3.txt 2008-03-20 17:00:39
#26
Posted 20 March 2008 - 09:10 PM
#27
Posted 20 March 2008 - 09:51 PM
Thursday, March 20, 2008 21:10:52 - 21:51:27
Computer name: TOSHIBA-USER
Scanning type: Scan system for malware, rootkits
Target: C:\
Result: 16 malware found
Trojan-Downloader.Win32.Agent.kvv (virus)
* C:\_OTMOVEIT\MOVEDFILES\03202008_174132\DOCUMENTS AND SETTINGS\CORTNEY\DESKTOP\OTSCANIT\MOVEDFILES\03202008_134456\WINDOWS\MROFINU1000106.EXE (Renamed & Submitted)
Trojan-Downloader.Win32.Agent.lbx (virus)
* C:\_OTMOVEIT\MOVEDFILES\03202008_174132\DOCUMENTS AND SETTINGS\CORTNEY\DESKTOP\OTSCANIT\MOVEDFILES\03202008_134456\WINDOWS\MROFINU572.EXE (Renamed & Submitted)
Trojan-Downloader.Win32.Busky.gen (virus)
* C:\_OTMOVEIT\MOVEDFILES\03202008_174132\WINDOWS\SYSTEM32\4E3807EE.EXE (Renamed & Submitted)
* C:\_OTMOVEIT\MOVEDFILES\03202008_174132\WINDOWS\DOWNLOADED PROGRAM FILES\GDNUS2335.EXE (Renamed & Submitted)
* C:\_OTMOVEIT\MOVEDFILES\03202008_174132\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\GDNUS2335.EXE (Renamed & Submitted)
Trojan-Downloader.Win32.Small.cxg (virus)
* C:\_OTMOVEIT\MOVEDFILES\03202008_174132\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.2\GDNUS2335.EXE (Renamed & Submitted)
Trojan-Downloader.Win32.Small.czm (virus)
* C:\_OTMOVEIT\MOVEDFILES\03202008_174132\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.6\GDNUS2335.EXE (Renamed & Submitted)
* C:\_OTMOVEIT\MOVEDFILES\03202008_174132\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.5\GDNUS2335.EXE (Renamed & Submitted)
* C:\_OTMOVEIT\MOVEDFILES\03202008_174132\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.4\GDNUS2335.EXE (Renamed & Submitted)
* C:\_OTMOVEIT\MOVEDFILES\03202008_174132\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.3\GDNUS2335.EXE (Renamed & Submitted)
Trojan-Downloader.Win32.Small.czw (virus)
* C:\_OTMOVEIT\MOVEDFILES\03202008_174132\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.7\GDNUS2335.EXE (Renamed & Submitted)
Trojan.Win32.Runner.j (virus)
* C:\_OTMOVEIT\MOVEDFILES\03202008_174132\WINDOWS\SYSTEM32\ETMT2.EXE (Renamed & Submitted)
Trojan.Win32.Scapur.k (virus)
* C:\_OTMOVEIT\MOVEDFILES\03202008_174132\PROGRAM FILES\COMMON FILES\YAZZLE1281OINADMIN.EXE (Renamed & Submitted)
Trojan.Win32.Small.ev (virus)
* C:\_OTMOVEIT\MOVEDFILES\03202008_174132\PJ.EXE (Renamed & Submitted)
Vundo.gen38 (virus)
* C:\DOCUMENTS AND SETTINGS\CORTNEY\DESKTOP\OTSCANIT\MOVEDFILES\03202008_134456\WINDOWS\SYSTEM32\JQXDCVEB.INI (Submitted)
Vundo.gen84 (virus)
* C:\_OTMOVEIT\MOVEDFILES\03202008_174132\DOCUMENTS AND SETTINGS\CORTNEY\DESKTOP\OTSCANIT\MOVEDFILES\03202008_134456\WINDOWS\SYSTEM32\LEJBYAGV.DLL (Submitted)
Statistics
Scanned:
* Files: 27012
* System: 3600
* Not scanned: 11
Actions:
* Disinfected: 0
* Renamed: 14
* Deleted: 0
* None: 2
* Submitted: 16
Files not scanned:
* C:\HIBERFIL.SYS
* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\WINDOWS\$NTUNINSTALLKB828035$\MSGSVC.DLL
* C:\WINDOWS\$NTUNINSTALLKB828035$\WKSSVC.DLL
* C:\WINDOWS\$NTUNINSTALLKB824141$\USER32.DLL
* C:\WINDOWS\$NTUNINSTALLKB824141$\WIN32K.SYS
Options
Scanning engines:
* F-Secure USS: 2.30.0
* F-Secure Hydra: 2.8.8110, 2008-03-21
* F-Secure AVP: 7.0.171, 2008-03-20
* F-Secure Pegasus: 1.20.0, 2008-02-20
* F-Secure Blacklight: 1.0.64
Scanning options:
* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use Advanced heuristics
#28
Posted 20 March 2008 - 09:55 PM
I have tried changing it several times, and like you said I used the desktops images already on the computer.
Also I have this pop-up when I boot up... does this mean anything?
On the first page of the attachment is what pops up immediately when loaded. then if you scroll down to the second word page it shows what happens when I click ok. I have never had this pop up until I started having these problems. I just didn't know if this might be part of the problem. OR how do I clear it?
Attached Files
Edited by calgooda1323, 20 March 2008 - 09:59 PM.
#29
Posted 20 March 2008 - 10:14 PM
#30
Posted 21 March 2008 - 10:07 AM
Please download and unzip Icesword to its own folder.
If you get a lot of "red entries" in an IceSword log, don't worry, most of them will be legitimate.
Step 1 : Close all windows and run IceSword. Click the Processes tab and watch for processes displayed in red color. A red colored process in this list indicates that it's hidden. Write down the PathName of any processes in red color. Then click on LOG at the top left. It will prompt you to save the log, call this Processes and save it to your desktop.
Step 2 : Click the Win32 Services tab and look out for red colored entries in the services list. Write down the Module name of any services in red color, you will need to expand out the Module tab to see the full name. Then click on LOG. It will prompt you to save the log, call this Services and save it to your desktop.
Step 3 : Click the Startup tab and look out for red colored entries in the startup list. Write down the Path of any startup entries in red color. Then click on LOG. It will prompt you to save the log, call this Startup and save it to your desktop.
Step 4 : Click the SSDT tab and check for red colored entries. If there are any, write down the KModule name.
Step 5 : Click the Message Hooks tab and check for any entries that are underneath Type and labelled WH_KEYBOARD. Write down the Process Path of these entries if present.
Now post all of the data collected under the headings for :
- Processes
- Win32 Services
- Startup
- SSDT
- Message Hooks
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users