runtime error latest updates
- Thread starter kinos
- Start date
its been 4 days now please help.
esp since its been sujested this is a virus.
http://forums.spybot.info/showthread.php?p=325783&posted=1#post325783
btw i have done the obvious like un installing,re installing,running checkdisk,online scanner.
esp since its been sujested this is a virus.
http://forums.spybot.info/showthread.php?p=325783&posted=1#post325783
btw i have done the obvious like un installing,re installing,running checkdisk,online scanner.
Last edited:
spybotsandra
New member
Hello,
This problem you experience may be caused by an infection. Just to make sure you are not infected with a rootkit, please run a scan for rootkits. Rootkits are a technology that is more and more often used by malware to hide themselves on system level, making themselves invisible to standard tools. Our RootAlyzer shows you anything that uses certain rootkit technologies, even if it's not in Spybot-S&Ds detection database.
The RootAlyzer is a single tool which goes through the file system, the registry and process related lists. When you start RootAlyzer, it performs a very quick scan of a few important places, taking about a second on modern machines. To check the full system, you have the possibility of choosing a Deep Scan.
Currently, the RootAlyzer is a work in progress (with a new project tools category in our forum to track bugs and feature requests), but it's already helping to easily locate most of the current malware rootkits. It is compatible with Windows NT/2000/XP/2k3 and Vista. If you like to check out the new RootAlyzer you will find it in our forum: http://forums.spybot.info/showthread.php?t=24185
Here is also the direct download link.
Please set your computer to show all files.
* Double-click My Computer.
* Click the Tools menu, and then click Folder Options.
* Click the View tab.
* Clear "Hide file extensions for known file types."
* Under the "Hidden files" folder, select "Show hidden files and folders."
* Clear "Hide protected operating system files."
* Click Apply, and then click OK.
Please select the tab 'deep scan' and let it fully scan your Pc. The scan will take a moment, please be patient. After the scan is done please click on 'pack suspicious files' which is located right at the bottom. This will create a .cab file on your desktop which contains the log and the suspicious files the scan has found. Please send us an e-mail (with this .cab file as attachment) to: detections(at)spybot.info .
Please also download gmer: www.gmer.net and let it do a full scan on your Pc. Subsequent you will be allowed to save the log created during the scan. Please also send us this log.
Thanks!
Best regards
Sandra
Team Spybot
This problem you experience may be caused by an infection. Just to make sure you are not infected with a rootkit, please run a scan for rootkits. Rootkits are a technology that is more and more often used by malware to hide themselves on system level, making themselves invisible to standard tools. Our RootAlyzer shows you anything that uses certain rootkit technologies, even if it's not in Spybot-S&Ds detection database.
The RootAlyzer is a single tool which goes through the file system, the registry and process related lists. When you start RootAlyzer, it performs a very quick scan of a few important places, taking about a second on modern machines. To check the full system, you have the possibility of choosing a Deep Scan.
Currently, the RootAlyzer is a work in progress (with a new project tools category in our forum to track bugs and feature requests), but it's already helping to easily locate most of the current malware rootkits. It is compatible with Windows NT/2000/XP/2k3 and Vista. If you like to check out the new RootAlyzer you will find it in our forum: http://forums.spybot.info/showthread.php?t=24185
Here is also the direct download link.
Please set your computer to show all files.
* Double-click My Computer.
* Click the Tools menu, and then click Folder Options.
* Click the View tab.
* Clear "Hide file extensions for known file types."
* Under the "Hidden files" folder, select "Show hidden files and folders."
* Clear "Hide protected operating system files."
* Click Apply, and then click OK.
Please select the tab 'deep scan' and let it fully scan your Pc. The scan will take a moment, please be patient. After the scan is done please click on 'pack suspicious files' which is located right at the bottom. This will create a .cab file on your desktop which contains the log and the suspicious files the scan has found. Please send us an e-mail (with this .cab file as attachment) to: detections(at)spybot.info .
Please also download gmer: www.gmer.net and let it do a full scan on your Pc. Subsequent you will be allowed to save the log created during the scan. Please also send us this log.
Thanks!
Best regards
Sandra
Team Spybot
I sent the RootAlyzer .cab results - it's 30MB! Maybe I should have asked first. :sad:
Also ran GMER. got this error:
hw6jckkj.exe has generated errors & will be closed by Win.
U will need to restart prog. An error log is being created. OK.
Can't find the error log, and will try to re-run GMER later. Wife just called, "Supper's ready!" So I better go.
:Thanks to you techs for helping!
hi spybotsandra.
hope the days good to you.
(dugie it mabye best to start your own thread,no offence at all,one iota,its just going to make hard work for the helper if theres multiple logs from various pps,and you will get better help that way,best wishes,as said,deff no offence ment)
save the chit chat alought i certaily appreciate your help (and wish you the best dugie)
i did get infected by the Bck/IRCBot.CPW Virus.
found on a online scan,delted.also my hi-jack this log (not inc.) looks clean.i also checked my ports to see if any where open came up as true stealth (none open)
i had unistaled spybot btw so it wont show up in any logs.
re-installed after i ran sfc scandisk.
also the log is after running sfc scandisk.
first log;:: RootAlyzer Results
File:"No admin in ACL","C:\WINDOWS\Temp\ZLT0456a.TMP"
File:"No admin in ACL","C:\WINDOWS\Temp\ZLT0462e.TMP"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\fwdbglog.txt"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\fwpktlog.txt"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\IAMDB.RDB"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\installer_040809105910.log"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\installer_040909231505.log"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\installer_04100900745.log"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\SWAN-4C3J4J62S4.ldb"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\tvDebug.log"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\tvDebug.Zip"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\vsmon_2nd_2009_05_30_01_06_56_small.dmp.zip"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\vsmon_2nd_2009_06_11_02_31_43_small.dmp.zip"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\vsmon_2nd_2009_08_02_09_50_51_small.dmp.zip"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\vsmon_on_demand_thread_2009_07_30_02_03_49_full.dmp.zip"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\xDB1.tmp"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\xDB2.tmp"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\xDB3.tmp"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\xDB4.tmp"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\xDB5.tmp"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\ZALog.txt"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\ZALog2009.04.08.txt"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\ZALog2009.04.09.txt"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\ZALog2009.04.10.txt"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\ZALog2009.04.11.txt"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\ZALog2009.04.12.txt"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\ZALog2009.04.13.txt"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\ZALog2009.04.14.txt"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\ZALog2009.04.15.txt"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\ZALog2009.04.16.txt"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\ZALog2009.04.17.txt"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\ZALog2009.04.18.txt"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\ZALog2009.04.19.txt"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\ZALog2009.04.20.txt"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\ZALog2009.04.21.txt"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\ZALog2009.05.06.txt"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\ZALog2009.05.07.txt"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\ZALog2009.05.08.txt"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\ZALog2009.05.09.txt"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\ZALog2009.05.10.txt"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\ZALog2009.05.11.txt"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\ZALog2009.05.12.txt"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\ZALog2009.05.13.txt"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\ZALog2009.05.14.txt"
Directory:"No admin in ACL","C:\WINDOWS\Internet Logs"
Directory:"No admin in ACL","C:\Program Files\NOS"
Directory:"No admin in ACL","C:\Documents and Settings\All Users\Application Data\NOS"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\","NOS"
2nd log (this one is when i opened the gmer and it auto scanned)
GMER 1.0.15.15011 [ni0secuj.exe] - http://www.gmer.net
Rootkit scan 2009-08-05 01:49:16
Windows 5.1.2600 Service Pack 3
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
AttachedDevice \FileSystem\Fastfat \Fat ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Ip 85A83660
Device \Driver\Tcpip \Device\Ip 85B55DF0
Device \Driver\Tcpip \Device\Ip 8573A568
Device \Driver\Tcpip \Device\Ip 856FA568
Device \Driver\Tcpip \Device\Ip 859D2910
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp 85A83660
Device \Driver\Tcpip \Device\Tcp 85B55DF0
Device \Driver\Tcpip \Device\Tcp 8573A568
Device \Driver\Tcpip \Device\Tcp 856FA568
Device \Driver\Tcpip \Device\Tcp 859D2910
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Udp 85A83660
Device \Driver\Tcpip \Device\Udp 85B55DF0
Device \Driver\Tcpip \Device\Udp 8573A568
Device \Driver\Tcpip \Device\Udp 856FA568
Device \Driver\Tcpip \Device\Udp 859D2910
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp 85A83660
Device \Driver\Tcpip \Device\RawIp 85B55DF0
Device \Driver\Tcpip \Device\RawIp 8573A568
Device \Driver\Tcpip \Device\RawIp 856FA568
Device \Driver\Tcpip \Device\RawIp 859D2910
---- EOF - GMER 1.0.15 ----
3rd log; (scan for rootkits/malware)
GMER 1.0.15.15011 [ni0secuj.exe] - http://www.gmer.net
Rootkit scan 2009-08-05 03:25:38
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
SSDT 85B9B990 ZwAllocateVirtualMemory
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xF4B2BFC0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xF4B28C80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateKey [0xF4B43170]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xF4B2C580]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xF4B40900]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xF4B40B10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xF4B44B10]
SSDT 85B9BC60 ZwCreateThread
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xF4B2C670]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xF4B29210]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xF4B439F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xF4B437A0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xF4B40280]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey [0xF4B43F10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xF4B43F90]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xF4B29070]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xF4B42180]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0xF4B41F40]
SSDT 85B9BA08 ZwQueueApcThread
SSDT 85B9B8A0 ZwReadVirtualMemory
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xF4B446F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xF4B44150]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xF4B2BBE0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xF4B44540]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xF4B2C190]
SSDT 85B9BAF8 ZwSetContextThread
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xF4B29440]
SSDT 85B9B020 ZwSetInformationKey
SSDT 85B9BD50 ZwSetInformationProcess
SSDT 85B9BB70 ZwSetInformationThread
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xF4B434E0]
SSDT 85B9BCD8 ZwSuspendProcess
SSDT 85B9BA80 ZwSuspendThread
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xF4B41200]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF4ACBDF0]
SSDT 85B9BBE8 ZwTerminateThread
SSDT 85B9B918 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!_abnormal_termination + 104 804E2760 12 Bytes [80, C5, B2, F4, 00, 09, B4, ...] {ADD CH, 0xb2; HLT ; ADD [ECX], CL; MOV AH, 0xf4; ADC [EBX], CL; MOV AH, 0xf4}
.text ntoskrnl.exe!_abnormal_termination + 440 804E2A9C 12 Bytes [D8, BC, B9, 85, 80, BA, B9, ...]
? srescan.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe[1932] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 00450771 C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Spy Sweeper Client Executable/Webroot Software, Inc.)
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[2272] ntdll.dll!KiUserExceptionDispatcher + 9 7C90E485 5 Bytes JMP 00017DB0 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[2272] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00016000 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[2272] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 000169B0 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[2272] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00016000 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[2272] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00016960 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[2272] kernel32.dll!VirtualFree 7C809B84 5 Bytes JMP 00016990 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] 85B9B730
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] 85B9B828
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F4B30B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F4B30930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F4B31260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F4B2EE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F4B2EE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F4B30B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F4B30930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F4B31260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F4B30B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F4B2EE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F4B31260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F4B30930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F4B31260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F4B30930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F4B30B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [F4B49B30] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F4B2EE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F4B30B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F4B30930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F4B31260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F4B30B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F4B2EE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F4B31260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F4B30930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [F4B298D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [F4B29A80] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [F4B295E0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile] [F4B29980] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Ip 85A83660
Device \Driver\Tcpip \Device\Ip 85B55DF0
Device \Driver\Tcpip \Device\Ip 8573A568
Device \Driver\Tcpip \Device\Ip 856FA568
Device \Driver\Tcpip \Device\Ip 859D2910
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp 85A83660
Device \Driver\Tcpip \Device\Tcp 85B55DF0
Device \Driver\Tcpip \Device\Tcp 8573A568
Device \Driver\Tcpip \Device\Tcp 856FA568
Device \Driver\Tcpip \Device\Tcp 859D2910
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Udp 85A83660
Device \Driver\Tcpip \Device\Udp 85B55DF0
Device \Driver\Tcpip \Device\Udp 8573A568
Device \Driver\Tcpip \Device\Udp 856FA568
Device \Driver\Tcpip \Device\Udp 859D2910
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp 85A83660
Device \Driver\Tcpip \Device\RawIp 85B55DF0
Device \Driver\Tcpip \Device\RawIp 8573A568
Device \Driver\Tcpip \Device\RawIp 856FA568
Device \Driver\Tcpip \Device\RawIp 859D2910
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST 85A83660
Device \Driver\Tcpip \Device\IPMULTICAST 85B55DF0
Device \Driver\Tcpip \Device\IPMULTICAST 8573A568
Device \Driver\Tcpip \Device\IPMULTICAST 856FA568
Device \Driver\Tcpip \Device\IPMULTICAST 859D2910
AttachedDevice \FileSystem\Fastfat \Fat ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
---- EOF - GMER 1.0.15 ----
hope the days good to you.
(dugie it mabye best to start your own thread,no offence at all,one iota,its just going to make hard work for the helper if theres multiple logs from various pps,and you will get better help that way,best wishes,as said,deff no offence ment)
save the chit chat alought i certaily appreciate your help (and wish you the best dugie)
i did get infected by the Bck/IRCBot.CPW Virus.
found on a online scan,delted.also my hi-jack this log (not inc.) looks clean.i also checked my ports to see if any where open came up as true stealth (none open)
i had unistaled spybot btw so it wont show up in any logs.
re-installed after i ran sfc scandisk.
also the log is after running sfc scandisk.
first log;:: RootAlyzer Results
File:"No admin in ACL","C:\WINDOWS\Temp\ZLT0456a.TMP"
File:"No admin in ACL","C:\WINDOWS\Temp\ZLT0462e.TMP"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\fwdbglog.txt"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\fwpktlog.txt"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\IAMDB.RDB"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\installer_040809105910.log"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\installer_040909231505.log"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\installer_04100900745.log"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\SWAN-4C3J4J62S4.ldb"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\tvDebug.log"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\tvDebug.Zip"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\vsmon_2nd_2009_05_30_01_06_56_small.dmp.zip"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\vsmon_2nd_2009_06_11_02_31_43_small.dmp.zip"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\vsmon_2nd_2009_08_02_09_50_51_small.dmp.zip"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\vsmon_on_demand_thread_2009_07_30_02_03_49_full.dmp.zip"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\xDB1.tmp"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\xDB2.tmp"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\xDB3.tmp"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\xDB4.tmp"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\xDB5.tmp"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\ZALog.txt"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\ZALog2009.04.08.txt"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\ZALog2009.04.09.txt"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\ZALog2009.04.10.txt"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\ZALog2009.04.11.txt"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\ZALog2009.04.12.txt"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\ZALog2009.04.13.txt"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\ZALog2009.04.14.txt"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\ZALog2009.04.15.txt"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\ZALog2009.04.16.txt"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\ZALog2009.04.17.txt"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\ZALog2009.04.18.txt"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\ZALog2009.04.19.txt"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\ZALog2009.04.20.txt"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\ZALog2009.04.21.txt"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\ZALog2009.05.06.txt"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\ZALog2009.05.07.txt"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\ZALog2009.05.08.txt"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\ZALog2009.05.09.txt"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\ZALog2009.05.10.txt"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\ZALog2009.05.11.txt"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\ZALog2009.05.12.txt"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\ZALog2009.05.13.txt"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\ZALog2009.05.14.txt"
Directory:"No admin in ACL","C:\WINDOWS\Internet Logs"
Directory:"No admin in ACL","C:\Program Files\NOS"
Directory:"No admin in ACL","C:\Documents and Settings\All Users\Application Data\NOS"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\","NOS"
2nd log (this one is when i opened the gmer and it auto scanned)
GMER 1.0.15.15011 [ni0secuj.exe] - http://www.gmer.net
Rootkit scan 2009-08-05 01:49:16
Windows 5.1.2600 Service Pack 3
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
AttachedDevice \FileSystem\Fastfat \Fat ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Ip 85A83660
Device \Driver\Tcpip \Device\Ip 85B55DF0
Device \Driver\Tcpip \Device\Ip 8573A568
Device \Driver\Tcpip \Device\Ip 856FA568
Device \Driver\Tcpip \Device\Ip 859D2910
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp 85A83660
Device \Driver\Tcpip \Device\Tcp 85B55DF0
Device \Driver\Tcpip \Device\Tcp 8573A568
Device \Driver\Tcpip \Device\Tcp 856FA568
Device \Driver\Tcpip \Device\Tcp 859D2910
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Udp 85A83660
Device \Driver\Tcpip \Device\Udp 85B55DF0
Device \Driver\Tcpip \Device\Udp 8573A568
Device \Driver\Tcpip \Device\Udp 856FA568
Device \Driver\Tcpip \Device\Udp 859D2910
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp 85A83660
Device \Driver\Tcpip \Device\RawIp 85B55DF0
Device \Driver\Tcpip \Device\RawIp 8573A568
Device \Driver\Tcpip \Device\RawIp 856FA568
Device \Driver\Tcpip \Device\RawIp 859D2910
---- EOF - GMER 1.0.15 ----
3rd log; (scan for rootkits/malware)
GMER 1.0.15.15011 [ni0secuj.exe] - http://www.gmer.net
Rootkit scan 2009-08-05 03:25:38
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
SSDT 85B9B990 ZwAllocateVirtualMemory
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xF4B2BFC0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xF4B28C80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateKey [0xF4B43170]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xF4B2C580]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xF4B40900]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xF4B40B10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xF4B44B10]
SSDT 85B9BC60 ZwCreateThread
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xF4B2C670]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xF4B29210]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xF4B439F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xF4B437A0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xF4B40280]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey [0xF4B43F10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xF4B43F90]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xF4B29070]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xF4B42180]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0xF4B41F40]
SSDT 85B9BA08 ZwQueueApcThread
SSDT 85B9B8A0 ZwReadVirtualMemory
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xF4B446F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xF4B44150]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xF4B2BBE0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xF4B44540]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xF4B2C190]
SSDT 85B9BAF8 ZwSetContextThread
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xF4B29440]
SSDT 85B9B020 ZwSetInformationKey
SSDT 85B9BD50 ZwSetInformationProcess
SSDT 85B9BB70 ZwSetInformationThread
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xF4B434E0]
SSDT 85B9BCD8 ZwSuspendProcess
SSDT 85B9BA80 ZwSuspendThread
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xF4B41200]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF4ACBDF0]
SSDT 85B9BBE8 ZwTerminateThread
SSDT 85B9B918 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!_abnormal_termination + 104 804E2760 12 Bytes [80, C5, B2, F4, 00, 09, B4, ...] {ADD CH, 0xb2; HLT ; ADD [ECX], CL; MOV AH, 0xf4; ADC [EBX], CL; MOV AH, 0xf4}
.text ntoskrnl.exe!_abnormal_termination + 440 804E2A9C 12 Bytes [D8, BC, B9, 85, 80, BA, B9, ...]
? srescan.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe[1932] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 00450771 C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Spy Sweeper Client Executable/Webroot Software, Inc.)
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[2272] ntdll.dll!KiUserExceptionDispatcher + 9 7C90E485 5 Bytes JMP 00017DB0 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[2272] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00016000 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[2272] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 000169B0 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[2272] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00016000 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[2272] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00016960 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[2272] kernel32.dll!VirtualFree 7C809B84 5 Bytes JMP 00016990 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] 85B9B730
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] 85B9B828
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F4B30B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F4B30930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F4B31260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F4B2EE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F4B2EE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F4B30B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F4B30930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F4B31260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F4B30B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F4B2EE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F4B31260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F4B30930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F4B31260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F4B30930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F4B30B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [F4B49B30] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F4B2EE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F4B30B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F4B30930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F4B31260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F4B30B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F4B2EE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F4B31260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F4B30930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [F4B298D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [F4B29A80] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [F4B295E0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile] [F4B29980] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Ip 85A83660
Device \Driver\Tcpip \Device\Ip 85B55DF0
Device \Driver\Tcpip \Device\Ip 8573A568
Device \Driver\Tcpip \Device\Ip 856FA568
Device \Driver\Tcpip \Device\Ip 859D2910
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp 85A83660
Device \Driver\Tcpip \Device\Tcp 85B55DF0
Device \Driver\Tcpip \Device\Tcp 8573A568
Device \Driver\Tcpip \Device\Tcp 856FA568
Device \Driver\Tcpip \Device\Tcp 859D2910
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Udp 85A83660
Device \Driver\Tcpip \Device\Udp 85B55DF0
Device \Driver\Tcpip \Device\Udp 8573A568
Device \Driver\Tcpip \Device\Udp 856FA568
Device \Driver\Tcpip \Device\Udp 859D2910
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp 85A83660
Device \Driver\Tcpip \Device\RawIp 85B55DF0
Device \Driver\Tcpip \Device\RawIp 8573A568
Device \Driver\Tcpip \Device\RawIp 856FA568
Device \Driver\Tcpip \Device\RawIp 859D2910
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST 85A83660
Device \Driver\Tcpip \Device\IPMULTICAST 85B55DF0
Device \Driver\Tcpip \Device\IPMULTICAST 8573A568
Device \Driver\Tcpip \Device\IPMULTICAST 856FA568
Device \Driver\Tcpip \Device\IPMULTICAST 859D2910
AttachedDevice \FileSystem\Fastfat \Fat ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
---- EOF - GMER 1.0.15 ----
Last edited:
No offense taken, thanks for the suggestion.
There are so many threads, I am not sure where to post.