ROOTREPEAL (c) AD, 2007-2009 ================================================== Scan Start Time: 2012/06/24 14:19 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xB5966000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xBA63C000 Size: 8192 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xB3086000 Size: 49152 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\Interop.IWshRuntimeLibrary.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\Interop.IWshRuntimeLibrary.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\stdole.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\stdole.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\Xceed.Compression.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\Xceed.Compression.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\DellDriverDownloadManager.exe.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\DellDriverDownloadManager.exe.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\DellDriverDownloadManager.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\DellDriverDownloadManager.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\Dell.eSupport.DownloadManager.Core.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\Dell.eSupport.DownloadManager.Core.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\Dell.eSupport.DownloadManager.ISOImage.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\Dell.eSupport.DownloadManager.ISOImage.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\Dell.eSupport.DownloadManager.Localization.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Wojtek\Ustawienia lokalne\Apps\2.0\PG902RER.ZGV\8GBTV1Y5.6RN\manifests\Dell.eSupport.DownloadManager.Localization.manifest Status: Locked to the Windows API! SSDT ------------------- #: 019 Function Name: NtAssignProcessToJobObject Status: Hooked by "" at address 0x8a816c90 #: 057 Function Name: NtDebugActiveProcess Status: Hooked by "" at address 0x8a817200 #: 068 Function Name: NtDuplicateObject Status: Hooked by "" at address 0x8a8172f0 #: 122 Function Name: NtOpenProcess Status: Hooked by "" at address 0x8a816590 #: 128 Function Name: NtOpenThread Status: Hooked by "" at address 0x8a816800 #: 137 Function Name: NtProtectVirtualMemory Status: Hooked by "" at address 0x8a816fd0 #: 180 Function Name: NtQueueApcThread Status: Hooked by "" at address 0x8a8170e0 #: 213 Function Name: NtSetContextThread Status: Hooked by "" at address 0x8a816ec0 #: 229 Function Name: NtSetInformationThread Status: Hooked by "" at address 0x8a816d90 #: 237 Function Name: NtSetSecurityObject Status: Hooked by "" at address 0x8a813da0 #: 253 Function Name: NtSuspendProcess Status: Hooked by "" at address 0x8a816b90 #: 254 Function Name: NtSuspendThread Status: Hooked by "" at address 0x8a816a80 #: 257 Function Name: NtTerminateProcess Status: Hooked by "" at address 0x8a8166e0 #: 258 Function Name: NtTerminateThread Status: Hooked by "" at address 0x8a816a50 #: 277 Function Name: NtWriteVirtualMemory Status: Hooked by "" at address 0x8a8176d0 ==EOF==