ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:		2009/11/09 22:03
Program Version:		Version 1.3.5.0
Windows Version:		Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF6298000	Size: 98304	File Visible: No	Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8AD1000	Size: 8192	File Visible: No	Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB986D000	Size: 49152	File Visible: No	Signed: -
Status: -

SSDT
-------------------
#: 025	Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf63952a0

#: 031	Function Name: NtConnectPort
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf639334e

#: 047	Function Name: NtCreateProcess
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf6394fd0

#: 048	Function Name: NtCreateProcessEx
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf6395140

#: 050	Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf6395e10

#: 052	Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf63958ae

#: 053	Function Name: NtCreateThread
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf63967d0

#: 068	Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf6395450

#: 097	Function Name: NtLoadDriver
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf6392ea0

#: 116	Function Name: NtOpenFile
Status: Hooked by "kl1.sys" at address 0xf82e2030

#: 122	Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf6394dc0

#: 125	Function Name: NtOpenSection
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf6395c3e

#: 173	Function Name: NtQuerySystemInformation
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf6396436

#: 200	Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf6393930

#: 206	Function Name: NtResumeThread
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf6396740

#: 213	Function Name: NtSetContextThread
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf6396b00

#: 224	Function Name: NtSetInformationFile
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf63970c0

#: 237	Function Name: NtSetSecurityObject
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf6391af0

#: 240	Function Name: NtSetSystemInformation
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf6395a90

#: 254	Function Name: NtSuspendThread
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf63966f0

#: 255	Function Name: NtSystemDebugControl
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf63931b0

#: 257	Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf63962ab

#: 277	Function Name: NtWriteVirtualMemory
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xf6395310

==EOF====EOF==