ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/05 10:08
Program Version: Version 1.3.3.0
Windows Version: Windows XP Media Center Edition SP3
==================================================
Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF3A50000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B6A000 Size: 8192 File Visible: No Signed: -
Status: -
Name: giveio.sys
Image Path: giveio.sys
Address: 0xF7BF9000 Size: 1664 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB6238000 Size: 49152 File Visible: No Signed: -
Status: -
Name: speedfan.sys
Image Path: speedfan.sys
Address: 0xF7B3A000 Size: 5248 File Visible: No Signed: -
Status: -
SSDT
-------------------
#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b3ee60
#: 019 Function Name: NtAssignProcessToJobObject
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b3f5c0
#: 031 Function Name: NtConnectPort
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b3d610
#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b4c0d0
#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b4a430
#: 046 Function Name: NtCreatePort
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b3d2c0
#: 047 Function Name: NtCreateProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b3a580
#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b3a960
#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b3a060
#: 053 Function Name: NtCreateThread
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b3ba40
#: 057 Function Name: NtDebugActiveProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b3c5a0
#: 062 Function Name: NtDeleteFile
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b4cb50
#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b4a9e0
#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b4b330
#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b3cfe0
#: 071 Function Name: NtEnumerateKey
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b4c070
#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b4c0a0
#: 097 Function Name: NtLoadDriver
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b3e5d0
#: 098 Function Name: NtLoadKey
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b4b780
#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b4c760
#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b4ac20
#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b3b450
#: 125 Function Name: NtOpenSection
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b3a300
#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b3bf00
#: 137 Function Name: NtProtectVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b3f250
#: 145 Function Name: NtQueryDirectoryFile
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b3ea10
#: 160 Function Name: NtQueryKey
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b4c010
#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b4c040
#: 180 Function Name: NtQueueApcThread
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b3f740
#: 193 Function Name: NtReplaceKey
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b4bb20
#: 200 Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b3e180
#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b4bd80
#: 206 Function Name: NtResumeThread
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b3cc90
#: 207 Function Name: NtSaveKey
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b4bff0
#: 210 Function Name: NtSecureConnectPort
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b3d9d0
#: 213 Function Name: NtSetContextThread
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b3c3c0
#: 224 Function Name: NtSetInformationFile
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b4ce10
#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b3c720
#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b4ac40
#: 249 Function Name: NtShutdownSystem
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b3e4d0
#: 253 Function Name: NtSuspendProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b3ce40
#: 254 Function Name: NtSuspendThread
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b3cac0
#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b3c900
#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b3b800
#: 258 Function Name: NtTerminateThread
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b3c1a0
#: 262 Function Name: NtUnloadDriver
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b3e7f0
#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3b3f400
==EOF==