ROOTREPEAL (c) AD, 2007-2009 ================================================== Scan Start Time: 2009/08/16 17:37 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: rootrepeal.sys Image Path: C:\winnt\system32\drivers\rootrepeal.sys Address: 0xEE598000 Size: 49152 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: C:\hiberfil.sys Status: Locked to the Windows API! Path: C:\System Volume Information\_restore{7F615750-12A6-470E-AC4D-5A8477E4272B}\RP732\A0050760.data Status: Visible to the Windows API, but not on disk. SSDT ------------------- #: 066 Function Name: NtDeviceIoControlFile Status: Hooked by "IPVNMon.sys" at address 0xf82ef803 ==EOF==