ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:		2009/09/09 08:56
Program Version:		Version 1.3.5.0
Windows Version:		Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: H:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA9519000	Size: 98304	File Visible: No	Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: H:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79D1000	Size: 8192	File Visible: No	Signed: -
Status: -

Name: rootrepeal.sys
Image Path: H:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA84A0000	Size: 49152	File Visible: No	Signed: -
Status: -

SSDT
-------------------
#: 025	Function Name: NtClose
Status: Hooked by "H:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa96d76b8

#: 041	Function Name: NtCreateKey
Status: Hooked by "H:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa96d7574

#: 065	Function Name: NtDeleteValueKey
Status: Hooked by "H:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa96d7a52

#: 068	Function Name: NtDuplicateObject
Status: Hooked by "H:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa96d714c

#: 119	Function Name: NtOpenKey
Status: Hooked by "H:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa96d764e

#: 122	Function Name: NtOpenProcess
Status: Hooked by "H:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa96d708c

#: 128	Function Name: NtOpenThread
Status: Hooked by "H:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa96d70f0

#: 177	Function Name: NtQueryValueKey
Status: Hooked by "H:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa96d776e

#: 204	Function Name: NtRestoreKey
Status: Hooked by "H:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa96d772e

#: 247	Function Name: NtSetValueKey
Status: Hooked by "H:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa96d78ae

#: 257	Function Name: NtTerminateProcess
Status: Hooked by "H:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" at address 0xa97bc0b0

==EOF==