ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:		2010/10/31 23:27
Program Version:		Version 1.3.5.0
Windows Version:		Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB0B39000	Size: 98304	File Visible: No	Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xB85C2000	Size: 8192	File Visible: No	Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB05C9000	Size: 49152	File Visible: No	Signed: -
Status: -

SSDT
-------------------
#: 025	Function Name: NtClose
Status: Hooked by "C:\WINDOWS\system32\drivers\HookCentre.sys" at address 0xb83f1376

#: 041	Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\drivers\HookCentre.sys" at address 0xb83f2420

#: 063	Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\system32\drivers\HookCentre.sys" at address 0xb83f255c

#: 065	Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\drivers\HookCentre.sys" at address 0xb83f257e

#: 119	Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\system32\drivers\HookCentre.sys" at address 0xb83f24b4

#: 122	Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\HookCentre.sys" at address 0xb83f22fe

#: 247	Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\drivers\HookCentre.sys" at address 0xb83f252e

==EOF==