ROOTREPEAL (c) AD, 2007-2009 ================================================== Scan Start Time: 2009/12/24 09:23 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xF4EB1000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF7AD6000 Size: 8192 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xF26CC000 Size: 49152 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: C:\hiberfil.sys Status: Locked to the Windows API! Path: c:\windows\temp\perflib_perfdata_608.dat Status: Allocation size mismatch (API: 16384, Raw: 0) SSDT ------------------- #: 031 Function Name: NtConnectPort Status: Hooked by "" at address 0x850b7bd0 ==EOF==