ROOTREPEAL (c) AD, 2007-2009 ================================================== Scan Start Time: 2009/12/01 13:26 Program Version: Version 1.3.5.0 Windows Version: Windows Vista SP2 ================================================== Drivers ------------------- Name: rootrepeal.sys Image Path: C:\Windows\system32\drivers\rootrepeal.sys Address: 0xA1775000 Size: 49152 File Visible: No Signed: - Status: - Processes ------------------- Path: System PID: 4 Status: Locked to the Windows API! Path: C:\Windows\System32\audiodg.exe PID: 1544 Status: Locked to the Windows API! SSDT ------------------- #: 078 Function Name: NtCreateThread Status: Hooked by "" at address 0x81a49f14 #: 194 Function Name: NtOpenProcess Status: Hooked by "" at address 0x81a49f00 #: 201 Function Name: NtOpenThread Status: Hooked by "" at address 0x81a49f05 #: 334 Function Name: NtTerminateProcess Status: Hooked by "" at address 0x81a49f0f ==EOF==