Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Root Repeal results


  • Please log in to reply

#1
kelkay

kelkay

    Member

  • Member
  • PipPipPip
  • 423 posts
I cannot tell from this log whether there are Root Kits on here, or not. But it seems like several things were found, and I just want to make sure about whether the computer is free of root kits or not.

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/05 10:08
Program Version: Version 1.3.3.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF3A50000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B6A000 Size: 8192 File Visible: No Signed: -
Status: -

Name: giveio.sys
Image Path: giveio.sys
Address: 0xF7BF9000 Size: 1664 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB6238000 Size: 49152 File Visible: No Signed: -
Status: -

Name: speedfan.sys
Image Path: speedfan.sys
Address: 0xF7B3A000 Size: 5248 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b3ee60

#: 019 Function Name: NtAssignProcessToJobObject
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b3f5c0

#: 031 Function Name: NtConnectPort
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b3d610

#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b4c0d0

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b4a430

#: 046 Function Name: NtCreatePort
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b3d2c0

#: 047 Function Name: NtCreateProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b3a580

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b3a960

#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b3a060

#: 053 Function Name: NtCreateThread
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b3ba40

#: 057 Function Name: NtDebugActiveProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b3c5a0

#: 062 Function Name: NtDeleteFile
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b4cb50

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b4a9e0

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b4b330

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b3cfe0

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b4c070

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b4c0a0

#: 097 Function Name: NtLoadDriver
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b3e5d0

#: 098 Function Name: NtLoadKey
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b4b780

#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b4c760

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b4ac20

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b3b450

#: 125 Function Name: NtOpenSection
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b3a300

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b3bf00

#: 137 Function Name: NtProtectVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b3f250

#: 145 Function Name: NtQueryDirectoryFile
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b3ea10

#: 160 Function Name: NtQueryKey
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b4c010

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b4c040

#: 180 Function Name: NtQueueApcThread
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b3f740

#: 193 Function Name: NtReplaceKey
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b4bb20

#: 200 Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b3e180

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b4bd80

#: 206 Function Name: NtResumeThread
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b3cc90

#: 207 Function Name: NtSaveKey
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b4bff0

#: 210 Function Name: NtSecureConnectPort
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b3d9d0

#: 213 Function Name: NtSetContextThread
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b3c3c0

#: 224 Function Name: NtSetInformationFile
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b4ce10

#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b3c720

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b4ac40

#: 249 Function Name: NtShutdownSystem
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b3e4d0

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b3ce40

#: 254 Function Name: NtSuspendThread
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b3cac0

#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b3c900

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b3b800

#: 258 Function Name: NtTerminateThread
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b3c1a0

#: 262 Function Name: NtUnloadDriver
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b3e7f0

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b3f400

==EOF==
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP