Jump to content

mchInjDrv.sys???


Recommended Posts

I ran a root kit scan just because I got the same old "e-mail" from my own e-mail address and the last time that happened I had some hidden driver on my system. So i ran the scan and saw an entry that said mchInjDrv.sys could not be located or something like that. Just hoping if someone can help me make sense of this log as there is also a whole lot of txt. files too. After a short search mchInjDrv.sys it said it was a legit code injector but also used by malware.

I recently did a clean re-install and have Avira, MBAM, Spybot, SpywareBlaster, Threat fire, and Sygate Fire wall and have not seen any evidence of any type of infection. Also, just recently uninstalled Zone Alarm suite after it caused a bit a grief and finally it had some kind of error after trying to auto update. Thanks for any help here.

Sorry I don't think I can attach it here.So I'll keep it short and post the whole log if requested.

GMER 1.0.15.14972 - http://www.gmer.net

Rootkit scan 2009-05-26 21:02:14

Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwAllocateVirtualMemory [0xF6E89B30]

SSDT F7C7446E ZwCreateKey

SSDT F7C74464 ZwCreateThread

SSDT F7C74473 ZwDeleteKey

SSDT F7C7447D ZwDeleteValueKey

SSDT F7C74482 ZwLoadKey

SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwMapViewOfSection [0xF6E89470]

SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwOpenKey [0xF76F2CF4]

SSDT F7C74450 ZwOpenProcess

SSDT F7C74455 ZwOpenThread

SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwProtectVirtualMemory [0xF6E89C50]

SSDT F7C7448C ZwReplaceKey

SSDT F7C74487 ZwRestoreKey

SSDT F7C74478 ZwSetValueKey

SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwShutdownSystem [0xF6E89990]

SSDT F7C7445F ZwTerminateProcess

SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwWriteVirtualMemory [0xF6E89D60]

---- Kernel code sections - GMER 1.0.15 ----

.text wanarp.sys F7893402 2 Bytes [90, 90] {NOP ; NOP }

? C:\WINDOWS\system32\Drivers\mchInjDrv.sys The system cannot find the file specified. !

(Then there are a lot of entries like the following)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\dllhost.exe[220] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\dllhost.exe[220] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}

.text C:\WINDOWS\system32\dllhost.exe[220] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\dllhost.exe[220] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]

.text C:\WINDOWS\system32\dllhost.exe[220] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F670F5A

.text C:\WINDOWS\system32\dllhost.exe[220] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F700F5A

.text C:\WINDOWS\system32\dllhost.exe[220] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A

.text C:\WINDOWS\system32\dllhost.exe[220] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A

.text C:\WINDOWS\system32\dllhost.exe[220] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A

.text C:\WINDOWS\system32\dllhost.exe[220] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A

.text C:\WINDOWS\system32\dllhost.exe[220] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A

.text C:\WINDOWS\system32\dllhost.exe[220] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A

.text C:\WINDOWS\system32\dllhost.exe[220] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5F7C0F5A

.text C:\WINDOWS\system32\dllhost.exe[220] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F550F5A

.text C:\WINDOWS\system32\dllhost.exe[220] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A

.text C:\WINDOWS\system32\dllhost.exe[220] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\dllhost.exe[220] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]

.text C:\WINDOWS\system32\dllhost.exe[220] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F6D0F5A

.text C:\WINDOWS\system32\dllhost.exe[220] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F640F5A

.text C:\WINDOWS\system32\dllhost.exe[220] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A

.text C:\WINDOWS\system32\dllhost.exe[220] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F580F5A

.text C:\WINDOWS\system32\dllhost.exe[220] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A

.text C:\WINDOWS\system32\dllhost.exe[220] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A

.text C:\WINDOWS\system32\dllhost.exe[220] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F6A0F5A

.text C:\WINDOWS\system32\dllhost.exe[220] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F5E0F5A

.text C:\WINDOWS\system32\dllhost.exe[220] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 5F5B0F5A

.text C:\WINDOWS\system32\dllhost.exe[220] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F610F5A

.text C:\WINDOWS\system32\dllhost.exe[220] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\dllhost.exe[220] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [74, 5F] {JZ 0x61}

.text C:\WINDOWS\system32\dllhost.exe[220] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS\system32\dllhost.exe[220] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F4C0F5A

.text C:\WINDOWS\system32\dllhost.exe[220] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A

.text C:\WINDOWS\system32\dllhost.exe[220] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A

.text C:\WINDOWS\system32\dllhost.exe[220] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A

.text C:\WINDOWS\system32\dllhost.exe[220] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\dllhost.exe[220] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [7A, 5F] {JP 0x61}

.text C:\WINDOWS\system32\dllhost.exe[220] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A

.text C:\WINDOWS\system32\dllhost.exe[220] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F4F0F5A

.text C:\WINDOWS\system32\dllhost.exe[220] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F760F5A

.text C:\WINDOWS\system32\dllhost.exe[220] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A

.text C:\WINDOWS\system32\dllhost.exe[220] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A

.text C:\WINDOWS\system32\dllhost.exe[220] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\dllhost.exe[220] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [53, 5F] {PUSH EBX; POP EDI}

.text C:\WINDOWS\system32\dllhost.exe[220] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A

.text C:\WINDOWS\system32\dllhost.exe[220] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A

.text C:\WINDOWS\system32\dllhost.exe[220] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A

.text C:\WINDOWS\system32\dllhost.exe[220] SHELL32.dll!ShellExecuteW

.text C:\WINDOWS\system32\rundll32.exe[1884] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\rundll32.exe[1884] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}

.text C:\WINDOWS\system32\rundll32.exe[1884] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\rundll32.exe[1884] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]

.text C:\WINDOWS\system32\rundll32.exe[1884] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F670F5A

.text C:\WINDOWS\system32\rundll32.exe[1884] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F700F5A

.text C:\WINDOWS\system32\rundll32.exe[1884] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A

.text C:\WINDOWS\system32\rundll32.exe[1884] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A

.text C:\WINDOWS\system32\rundll32.exe[1884] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A

.text C:\WINDOWS\system32\rundll32.exe[1884] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A

.text C:\WINDOWS\system32\rundll32.exe[1884] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A

.text C:\WINDOWS\system32\rundll32.exe[1884] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A

.text C:\WINDOWS\system32\rundll32.exe[1884] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5F7C0F5A

.text C:\WINDOWS\system32\rundll32.exe[1884] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F550F5A

.text C:\WINDOWS\system32\rundll32.exe[1884] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A

.text C:\WINDOWS\system32\rundll32.exe[1884] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\rundll32.exe[1884] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]

.text C:\WINDOWS\system32\rundll32.exe[1884] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F6D0F5A

.text C:\WINDOWS\system32\rundll32.exe[1884] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F640F5A

.text C:\WINDOWS\system32\rundll32.exe[1884] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A

.text C:\WINDOWS\system32\rundll32.exe[1884] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F580F5A

.text C:\WINDOWS\system32\rundll32.exe[1884] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A

.text C:\WINDOWS\system32\rundll32.exe[1884] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A

.text C:\WINDOWS\system32\rundll32.exe[1884] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F6A0F5A

.text C:\WINDOWS\system32\rundll32.exe[1884] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A

.text C:\WINDOWS\system32\rundll32.exe[1884] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A

.text C:\WINDOWS\system32\rundll32.exe[1884] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A

.text C:\WINDOWS\system32\rundll32.exe[1884] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\rundll32.exe[1884] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [7A, 5F] {JP 0x61}

.text C:\WINDOWS\system32\rundll32.exe[1884] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A

.text C:\WINDOWS\system32\rundll32.exe[1884] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F4F0F5A

.text C:\WINDOWS\system32\rundll32.exe[1884] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F760F5A

.text C:\WINDOWS\system32\rundll32.exe[1884] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A

.text C:\WINDOWS\system32\rundll32.exe[1884] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A

.text C:\WINDOWS\system32\rundll32.exe[1884] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\rundll32.exe[1884] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [53, 5F] {PUSH EBX; POP EDI}

.text C:\WINDOWS\system32\rundll32.exe[1884] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F5E0F5A

.text C:\WINDOWS\system32\rundll32.exe[1884] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 5F5B0F5A

.text C:\WINDOWS\system32\rundll32.exe[1884] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F610F5A

.text C:\WINDOWS\system32\rundll32.exe[1884] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]

.text C:\WINDOWS\system32\rundll32.exe[1884] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [74, 5F] {JZ 0x61}

.text C:\WINDOWS\system32\rundll32.exe[1884] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS\system32\rundll32.exe[1884] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F4C0F5A

.text C:\WINDOWS\system32\rundll32.exe[1884] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A

.text C:\WINDOWS\system32\rundll32.exe[1884] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A

.text C:\WINDOWS\system32\rundll32.exe[1884] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A

.text C:\WINDOWS\system32\rundll32.exe[1884] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A

.text C:\Program Files\Java\jre6\bin\jqs.exe[1916] ntdll.dll!NtLoadDriver

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F7347C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F7347BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F7347B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F73478E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F73478E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F7347BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F7347C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F7347B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F7347B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F73478E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F7347BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F7347C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F73478E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F7347B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F7347C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F7347BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F7347C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F7347BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F73478E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F7347B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F73478E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F7347BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F7347C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F73478E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F7347B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F7347C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F7347BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)

AttachedDevice \Driver\Tcpip \Device\Tcp TfNetMon.sys (ThreatFire Network Monitor/PC Tools)

Device \Driver\Tcpip \Device\Udp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)

Device \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)

Device \Driver\Tcpip \Device\IPMULTICAST wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)

AttachedDevice \FileSystem\Fastfat \Fat TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016cedff850

Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0016cedff850

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

Greetings.

To get you fixed up please follow the instructions here:

I'm infected - What do I do now?

And post your logs in a new topic here:

Malware Removal - HijackThis Logs

Please be sure not to install any software or use any removal or scanning tools exept those that you are

instructed to by the expert who will be assisting you as doing so can make their job much more difficult.

note: if for some reason you are unable to run some or any of the tools in the first link, then skip that step and move on to the next one.

If you can't even run HijackThis, then just post here: Malware Removal - HijackThis Logs describing your issues and an expert will reply with further instructions.

I hope I was helpful. Good luck and safe surfing. ;)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.