ROOTREPEAL (c) AD, 2007-2009 ================================================== Scan Start Time: 2011/11/14 10:45 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xA876A000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xBA61C000 Size: 8192 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xA7C44000 Size: 49152 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: C:\RRbackups Status: Locked to the Windows API! Path: C:\minint Status: Locked to the Windows API! Path: C:\preboot Status: Locked to the Windows API! Path: \\?\C:\RRbackups\* Status: Could not enumerate files with the Windows API (0x00000005)! Path: C:\RRbackups\C Status: Invisible to the Windows API! Path: C:\RRbackups\common Status: Invisible to the Windows API! Path: C:\RRbackups\Documents and Settings Status: Invisible to the Windows API! Path: C:\RRbackups\FR Status: Invisible to the Windows API! Path: C:\RRbackups\SIS Status: Invisible to the Windows API! Path: \\?\C:\minint\* Status: Could not enumerate files with the Windows API (0x00000005)! Path: C:\minint\biosinfo.inf Status: Invisible to the Windows API! Path: C:\minint\bootfix.nib Status: Invisible to the Windows API! Path: C:\minint\debug Status: Invisible to the Windows API! Path: C:\minint\FBA Status: Invisible to the Windows API! Path: C:\minint\Fonts Status: Invisible to the Windows API! Path: C:\minint\help Status: Invisible to the Windows API! Path: C:\minint\inf Status: Invisible to the Windows API! Path: C:\minint\msagent Status: Invisible to the Windows API! Path: C:\minint\ntdetect.com Status: Invisible to the Windows API! Path: C:\minint\NTLDR.zip Status: Invisible to the Windows API! Path: C:\minint\pdalang.txt Status: Invisible to the Windows API! Path: C:\minint\pdaversion.txt Status: Invisible to the Windows API! Path: C:\minint\setupact.log Status: Invisible to the Windows API! Path: C:\minint\setupapi.log Status: Invisible to the Windows API! Path: C:\minint\setuperr.log Status: Invisible to the Windows API! Path: C:\minint\setupldr.bin Status: Invisible to the Windows API! Path: C:\minint\spcmdcon.sys Status: Invisible to the Windows API! Path: C:\minint\system32 Status: Invisible to the Windows API! Path: C:\minint\txtsetup.sif Status: Invisible to the Windows API! Path: C:\minint\winbom.ini Status: Invisible to the Windows API! Path: C:\minint\WinSxS Status: Invisible to the Windows API! Path: C:\minint\Z088Z.pdt Status: Invisible to the Windows API! Path: C:\minint\Z089Z.pdt Status: Invisible to the Windows API! Path: C:\minint\Z480Z.pdt Status: Invisible to the Windows API! Path: C:\minint\Z501ZEXE.pdt Status: Invisible to the Windows API! Path: \\?\C:\preboot\* Status: Could not enumerate files with the Windows API (0x00000005)! Path: C:\preboot\helps Status: Invisible to the Windows API! Path: C:\preboot\opera Status: Invisible to the Windows API! Path: C:\preboot\operafav Status: Invisible to the Windows API! Path: C:\preboot\pdalang.txt Status: Invisible to the Windows API! Path: C:\preboot\pdaversion.txt Status: Invisible to the Windows API! Path: C:\preboot\python24 Status: Invisible to the Windows API! Path: C:\preboot\Recovery Status: Invisible to the Windows API! Path: C:\preboot\rr Status: Invisible to the Windows API! Path: C:\preboot\Startup Status: Invisible to the Windows API! Path: C:\preboot\swwork Status: Invisible to the Windows API! Path: C:\preboot\sysinfo Status: Invisible to the Windows API! Path: C:\preboot\usrintfc Status: Invisible to the Windows API! Path: C:\preboot\utils Status: Invisible to the Windows API! Path: C:\preboot\warnt Status: Invisible to the Windows API! Path: \\?\C:\RRbackups\C\* Status: Could not enumerate files with the Windows API (0x00000005)! Path: C:\RRbackups\C\0 Status: Invisible to the Windows API! Path: C:\RRbackups\C\1 Status: Invisible to the Windows API! Path: C:\RRbackups\C\2 Status: Invisible to the Windows API! Path: C:\RRbackups\C\3 Status: Invisible to the Windows API! Path: C:\RRbackups\C\4 Status: Invisible to the Windows API! Path: \\?\C:\RRbackups\common\* Status: Could not enumerate files with the Windows API (0x00000005)! Path: C:\RRbackups\common\backups.dat Status: Invisible to the Windows API! Path: C:\RRbackups\common\bt0.dat Status: Invisible to the Windows API! Path: C:\RRbackups\common\bt1.dat Status: Invisible to the Windows API! Path: C:\RRbackups\common\bt2.dat Status: Invisible to the Windows API! Path: C:\RRbackups\common\bt3.dat Status: Invisible to the Windows API! Path: C:\RRbackups\common\bt4.dat Status: Invisible to the Windows API! Path: C:\RRbackups\common\css.dat Status: Invisible to the Windows API! Path: C:\RRbackups\common\hints.dat Status: Invisible to the Windows API! Path: C:\RRbackups\common\mnd.dat Status: Invisible to the Windows API! Path: C:\RRbackups\common\regcerts.dat Status: Invisible to the Windows API! Path: C:\RRbackups\common\restore.log Status: Invisible to the Windows API! Path: C:\RRbackups\common\rr.log Status: Invisible to the Windows API! Path: C:\RRbackups\common\SAM Status: Invisible to the Windows API! Path: C:\RRbackups\common\seccache.dat Status: Invisible to the Windows API! Path: C:\RRbackups\common\secpolicy.dat Status: Invisible to the Windows API! Path: C:\RRbackups\common\settings.dat Status: Invisible to the Windows API! Path: C:\RRbackups\common\system.dat Status: Invisible to the Windows API! Path: C:\RRbackups\common\tvtcmn.dat Status: Invisible to the Windows API! Path: C:\RRbackups\common\tvtns.bin Status: Invisible to the Windows API! Path: C:\RRbackups\common\usersids.dat Status: Invisible to the Windows API! Path: \\?\C:\RRbackups\Documents and Settings\* Status: Could not enumerate files with the Windows API (0x00000005)! Path: C:\RRbackups\Documents and Settings\acolatar Status: Invisible to the Windows API! Path: C:\RRbackups\Documents and Settings\Administrator Status: Invisible to the Windows API! Path: C:\RRbackups\Documents and Settings\Administrator.GOVERNME-ECDFB5 Status: Invisible to the Windows API! Path: C:\RRbackups\Documents and Settings\Administrator.LKLDZL4 Status: Invisible to the Windows API! Path: C:\RRbackups\Documents and Settings\All Users Status: Invisible to the Windows API! Path: C:\RRbackups\Documents and Settings\bigdog Status: Invisible to the Windows API! Path: C:\RRbackups\Documents and Settings\cowles Status: Invisible to the Windows API! Path: C:\RRbackups\Documents and Settings\Default User Status: Invisible to the Windows API! Path: C:\RRbackups\Documents and Settings\helpme Status: Invisible to the Windows API! Path: C:\RRbackups\Documents and Settings\hope Status: Invisible to the Windows API! Path: C:\RRbackups\Documents and Settings\LocalService Status: Invisible to the Windows API! Path: C:\RRbackups\Documents and Settings\NetworkService Status: Invisible to the Windows API! Path: C:\RRbackups\Documents and Settings\test Status: Invisible to the Windows API! Path: C:\RRbackups\Documents and Settings\test5 Status: Invisible to the Windows API! Path: C:\RRbackups\Documents and Settings\test56 Status: Invisible to the Windows API! Path: C:\RRbackups\Documents and Settings\testid Status: Invisible to the Windows API! Path: C:\RRbackups\Documents and Settings\TestXP Status: Invisible to the Windows API! Path: \\?\C:\RRbackups\FR\* Status: Could not enumerate files with the Windows API (0x00000005)! Path: C:\RRbackups\FR\KernelFileDigest.dat Status: Invisible to the Windows API! Path: C:\RRbackups\FR\UF Status: Invisible to the Windows API! Path: C:\RRbackups\FR\UpdatingFiles.dat Status: Invisible to the Windows API! Path: \\?\C:\RRbackups\SIS\* Status: Could not enumerate files with the Windows API (0x00000005)! Path: C:\RRbackups\SIS\C Status: Invisible to the Windows API! Path: C:\RRbackups\SIS\X Status: Invisible to the Windows API! Path: \\?\C:\minint\debug\* Status: Could not enumerate files with the Windows API (0x00000005)! Path: C:\minint\debug\NetSetup.LOG Status: Invisible to the Windows API! Path: C:\minint\debug\PASSWD.LOG Status: Invisible to the Windows API! Path: \\?\C:\minint\FBA\* Status: Could not enumerate files with the Windows API (0x00000005)! Path: C:\minint\FBA\FBALOG.TXT Status: Invisible to the Windows API! Path: \\?\C:\minint\Fonts\* Status: Could not enumerate files with the Windows API (0x00000005)! Path: C:\minint\Fonts\8514fix.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\8514fixe.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\8514fixg.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\8514fixr.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\8514fixt.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\8514oem.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\8514oeme.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\8514oemg.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\8514oemr.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\8514oemt.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\8514sys.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\8514syse.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\8514sysg.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\8514sysr.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\8514syst.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\85855.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\85f1255.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\85f1256.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\85s1255.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\85s1256.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\85s874.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\ahronbd.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\andlso.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\ANGSA.TTF Status: Invisible to the Windows API! Path: C:\minint\Fonts\ANGSAB.TTF Status: Invisible to the Windows API! Path: C:\minint\Fonts\ANGSAI.TTF Status: Invisible to the Windows API! Path: C:\minint\Fonts\ANGSAU.TTF Status: Invisible to the Windows API! Path: C:\minint\Fonts\ANGSAUB.TTF Status: Invisible to the Windows API! Path: C:\minint\Fonts\ANGSAUI.TTF Status: Invisible to the Windows API! Path: C:\minint\Fonts\ANGSAUZ.TTF Status: Invisible to the Windows API! Path: C:\minint\Fonts\ANGSAZ.TTF Status: Invisible to the Windows API! Path: C:\minint\Fonts\app850.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\app852.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\app855.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\app857.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\app866.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\arial.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\arialbi.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\ariali.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\ariblk.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\artrbdo.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\artro.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\BROWA.TTF Status: Invisible to the Windows API! Path: C:\minint\Fonts\BROWAB.TTF Status: Invisible to the Windows API! Path: C:\minint\Fonts\BROWAI.TTF Status: Invisible to the Windows API! Path: C:\minint\Fonts\BROWAU.TTF Status: Invisible to the Windows API! Path: C:\minint\Fonts\BROWAUB.TTF Status: Invisible to the Windows API! Path: C:\minint\Fonts\BROWAUI.TTF Status: Invisible to the Windows API! Path: C:\minint\Fonts\BROWAUZ.TTF Status: Invisible to the Windows API! Path: C:\minint\Fonts\BROWAZ.TTF Status: Invisible to the Windows API! Path: C:\minint\Fonts\cga40737.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\cga40850.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\cga40852.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\cga40857.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\cga40866.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\cga40woa.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\cga80737.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\cga80850.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\cga80852.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\cga80857.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\cga80866.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\cga80869.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\cga80woa.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\comic.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\comicbd.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\CORDIA.TTF Status: Invisible to the Windows API! Path: C:\minint\Fonts\CORDIAB.TTF Status: Invisible to the Windows API! Path: C:\minint\Fonts\CORDIAI.TTF Status: Invisible to the Windows API! Path: C:\minint\Fonts\CORDIAU.TTF Status: Invisible to the Windows API! Path: C:\minint\Fonts\CORDIAUB.TTF Status: Invisible to the Windows API! Path: C:\minint\Fonts\CORDIAUI.TTF Status: Invisible to the Windows API! Path: C:\minint\Fonts\CORDIAUZ.TTF Status: Invisible to the Windows API! Path: C:\minint\Fonts\CORDIAZ.TTF Status: Invisible to the Windows API! Path: C:\minint\Fonts\coue1256.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\couf1255.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\couf1256.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\cour.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\courbd.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\courbi.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\coure.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\couree.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\coureg.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\courer.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\couret.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\courf.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\courfe.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\courfg.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\courfr.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\courft.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\couri.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\david.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\davidtr.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\dos737.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\dosapp.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\ega40737.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\ega40850.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\ega40852.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\ega40857.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\ega40866.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\ega40869.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\ega40woa.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\ega80737.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\ega80850.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\ega80852.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\ega80857.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\ega80866.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\ega80869.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\ega80woa.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\estre.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\85f874.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\arialbd.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\cga40869.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\coue1255.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\davidbd.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\framd.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\mangal.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\sere1255.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\smae1256.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\sserife.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\trado.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\UPCIBI.TTF Status: Invisible to the Windows API! Path: C:\minint\Fonts\vga737.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\framdit.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\frank.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\Gautami.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\georgia.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\georgiab.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\georgiai.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\georgiaz.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\impact.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\Kartika.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\latha.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\lsans.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\lsansd.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\lsansdi.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\lsansi.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\lucon.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\lvnm.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\lvnmbd.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\l_10646.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\marlett.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\micross.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\modern.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\mriam.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\mriamc.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\mriamfx.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\mriamtr.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\msdlg874.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\mvboli.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\nrkis.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\pala.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\palab.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\palabi.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\palai.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\Raavi.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\rod.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\rodtr.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\roman.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\script.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\sere1256.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\serf1255.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\serf1256.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\serife.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\serifee.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\serifeg.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\serifer.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\serifet.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\seriff.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\seriffe.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\seriffg.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\seriffr.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\serifft.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\Shruti.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\simpbdo.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\simpfxo.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\simpo.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\smae1255.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\smaf1255.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\smaf1256.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\smalle.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\smallee.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\smalleg.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\smaller.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\smallet.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\smallf.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\smallfe.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\smallfg.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\smallfr.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\smallft.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\ssee1255.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\ssee1256.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\ssee874.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\ssef1255.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\ssef1256.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\ssef874.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\sserifee.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\sserifeg.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\sserifer.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\sserifet.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\sseriff.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\sseriffe.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\sseriffg.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\sseriffr.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\sserifft.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\sylfaen.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\symbol.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\tahoma.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\tahomabd.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\times.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\timesbd.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\timesbi.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\timesi.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\tradbdo.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\trebuc.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\trebucbd.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\trebucbi.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\trebucit.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\Tunga.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\UPCDB.TTF Status: Invisible to the Windows API! Path: C:\minint\Fonts\UPCDBI.TTF Status: Invisible to the Windows API! Path: C:\minint\Fonts\UPCDI.TTF Status: Invisible to the Windows API! Path: C:\minint\Fonts\UPCDL.TTF Status: Invisible to the Windows API! Path: C:\minint\Fonts\UPCEB.TTF Status: Invisible to the Windows API! Path: C:\minint\Fonts\UPCEBI.TTF Status: Invisible to the Windows API! Path: C:\minint\Fonts\UPCEI.TTF Status: Invisible to the Windows API! Path: C:\minint\Fonts\UPCEL.TTF Status: Invisible to the Windows API! Path: C:\minint\Fonts\UPCFB.TTF Status: Invisible to the Windows API! Path: C:\minint\Fonts\UPCFBI.TTF Status: Invisible to the Windows API! Path: C:\minint\Fonts\UPCFI.TTF Status: Invisible to the Windows API! Path: C:\minint\Fonts\UPCFL.TTF Status: Invisible to the Windows API! Path: C:\minint\Fonts\UPCIB.TTF Status: Invisible to the Windows API! Path: C:\minint\Fonts\UPCII.TTF Status: Invisible to the Windows API! Path: C:\minint\Fonts\UPCIL.TTF Status: Invisible to the Windows API! Path: C:\minint\Fonts\UPCJB.TTF Status: Invisible to the Windows API! Path: C:\minint\Fonts\UPCJBI.TTF Status: Invisible to the Windows API! Path: C:\minint\Fonts\UPCJI.TTF Status: Invisible to the Windows API! Path: C:\minint\Fonts\UPCJL.TTF Status: Invisible to the Windows API! Path: C:\minint\Fonts\UPCKB.TTF Status: Invisible to the Windows API! Path: C:\minint\Fonts\UPCKBI.TTF Status: Invisible to the Windows API! Path: C:\minint\Fonts\UPCKI.TTF Status: Invisible to the Windows API! Path: C:\minint\Fonts\UPCKL.TTF Status: Invisible to the Windows API! Path: C:\minint\Fonts\UPCLB.TTF Status: Invisible to the Windows API! Path: C:\minint\Fonts\UPCLBI.TTF Status: Invisible to the Windows API! Path: C:\minint\Fonts\UPCLI.TTF Status: Invisible to the Windows API! Path: C:\minint\Fonts\UPCLL.TTF Status: Invisible to the Windows API! Path: C:\minint\Fonts\verdana.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\verdanab.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\verdanai.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\verdanaz.ttf Status: Invisible to the Windows API! Path: C:\minint\Fonts\vga850.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\vga852.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\vga855.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\vga857.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\vga860.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\vga863.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\vga865.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\vga866.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\vga869.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\vgaf1255.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\vgaf1256.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\vgaf874.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\vgafix.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\vgafixe.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\vgafixg.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\vgafixr.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\vgafixt.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\vgaoem.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\vgas1255.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\vgas1256.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\vgas874.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\vgasys.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\vgasyse.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\vgasysg.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\vgasysr.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\vgasyst.fon Status: Invisible to the Windows API! Path: C:\minint\Fonts\Vrinda.ttf Status: SSDT ------------------- #: 017 Function Name: NtAllocateVirtualMemory Status: Hooked by "" at address 0x8a77c1a8 #: 031 Function Name: NtConnectPort Status: Hooked by "" at address 0x89fed568 #: 041 Function Name: NtCreateKey Status: Hooked by "" at address 0x8a794fa8 #: 047 Function Name: NtCreateProcess Status: Hooked by "" at address 0x8a709fa8 #: 048 Function Name: NtCreateProcessEx Status: Hooked by "" at address 0x8a722db8 #: 053 Function Name: NtCreateThread Status: Hooked by "" at address 0x8a709558 #: 063 Function Name: NtDeleteKey Status: Hooked by "" at address 0x8a794f30 #: 065 Function Name: NtDeleteValueKey Status: Hooked by "C:\Program Files\Symantec\SYMEVENT.SYS" at address 0xa8933350 #: 180 Function Name: NtQueueApcThread Status: Hooked by "" at address 0x8a73cba8 #: 186 Function Name: NtReadVirtualMemory Status: Hooked by "" at address 0x8a739e10 #: 192 Function Name: NtRenameKey Status: Hooked by "" at address 0x8a709900 #: 213 Function Name: NtSetContextThread Status: Hooked by "" at address 0x8a79bf20 #: 226 Function Name: NtSetInformationKey Status: Hooked by "" at address 0x8a709698 #: 228 Function Name: NtSetInformationProcess Status: Hooked by "" at address 0x8a709208 #: 229 Function Name: NtSetInformationThread Status: Hooked by "" at address 0x8a739cd8 #: 247 Function Name: NtSetValueKey Status: Hooked by "C:\Program Files\Symantec\SYMEVENT.SYS" at address 0xa8933580 #: 253 Function Name: NtSuspendProcess Status: Hooked by "" at address 0x8a7546b0 #: 254 Function Name: NtSuspendThread Status: Hooked by "" at address 0x8a7916d0 #: 257 Function Name: NtTerminateProcess Status: Hooked by "" at address 0x8a751ee0 #: 258 Function Name: NtTerminateThread Status: Hooked by "" at address 0x8a709868 #: 277 Function Name: NtWriteVirtualMemory Status: Hooked by "" at address 0x8a7228c0 Stealth Objects ------------------- Object: Hidden Code [Driver: Tcpip, IRP_MJ_CREATE] Process: System Address: 0x8a54f678 Size: 1659 Object: Hidden Code [Driver: Tcpip, IRP_MJ_CREATE_NAMED_PIPE] Process: System Address: 0x8a575648 Size: 2488 Object: Hidden Code [Driver: Tcpip, IRP_MJ_CLOSE] Process: System Address: 0x8a38da50 Size: 287 Object: Hidden Code [Driver: Tcpip, IRP_MJ_READ] Process: System Address: 0x8a32f680 Size: 146 Object: Hidden Code [Driver: Tcpip, IRP_MJ_WRITE] Process: System Address: 0x8a3360c0 Size: 999 Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x8a305c60 Size: 929 Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_INFORMATION] Process: System Address: 0x8a3b4128 Size: 1123 Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_EA] Process: System Address: 0x8a340a58 Size: 128 Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_EA] Process: System Address: 0x8a311778 Size: 2184 Object: Hidden Code [Driver: Tcpip, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8a0919f8 Size: 1544 Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x8a01b0b0 Size: 2094 Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x8a5480b0 Size: 683 Object: Hidden Code [Driver: Tcpip, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x8a3af0b0 Size: 752 Object: Hidden Code [Driver: Tcpip, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x89e89130 Size: 140 Object: Hidden Code [Driver: Tcpip, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89e8b130 Size: 3131 Object: Hidden Code [Driver: Tcpip, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x89e98130 Size: 140 Object: Hidden Code [Driver: Tcpip, IRP_MJ_SHUTDOWN] Process: System Address: 0x8a00c130 Size: 2766 Object: Hidden Code [Driver: Tcpip, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x8a004130 Size: 430 Object: Hidden Code [Driver: Tcpip, IRP_MJ_CLEANUP] Process: System Address: 0x89fff130 Size: 3793 Object: Hidden Code [Driver: Tcpip, IRP_MJ_CREATE_MAILSLOT] Process: System Address: 0x8a0713f8 Size: 3080 Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x89e84130 Size: 3793 Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_SECURITY] Process: System Address: 0x8a024130 Size: 939 Object: Hidden Code [Driver: Tcpip, IRP_MJ_POWER] Process: System Address: 0x8a07a130 Size: 1373 Object: Hidden Code [Driver: Tcpip, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8a028130 Size: 1044 Object: Hidden Code [Driver: Tcpip, IRP_MJ_DEVICE_CHANGE] Process: System Address: 0x8a036130 Size: 3793 Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x8a03d130 Size: 110 Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_QUOTA] Process: System Address: 0x89ffa130 Size: 2533 Object: Hidden Code [Driver: Tcpip, IRP_MJ_PNP] Process: System Address: 0x8a01c130 Size: 1811 ==EOF==