ROOTREPEAL (c) AD, 2007-2009 ================================================== Scan Start Time: 2009/09/17 22:49 Program Version: Version 1.3.5.0 Windows Version: Windows Vista SP2 ================================================== Drivers ------------------- Name: rootrepeal.sys Image Path: C:\Windows\system32\drivers\rootrepeal.sys Address: 0xAF949000 Size: 49152 File Visible: No Signed: - Status: - Processes ------------------- Path: System PID: 4 Status: Locked to the Windows API! Path: C:\Windows\System32\audiodg.exe PID: 1180 Status: Locked to the Windows API! SSDT ------------------- #: 078 Function Name: NtCreateThread Status: Hooked by "" at address 0xa7ea0a3c #: 194 Function Name: NtOpenProcess Status: Hooked by "" at address 0xa7ea0a28 #: 201 Function Name: NtOpenThread Status: Hooked by "" at address 0xa7ea0a2d #: 334 Function Name: NtTerminateProcess Status: Hooked by "" at address 0xa7ea0a37 ==EOF==