ROOTREPEAL (c) AD, 2007-2009 ================================================== Scan Start Time: 2011/05/20 15:13 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xB4412000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xB8610000 Size: 8192 File Visible: No Signed: - Status: - Name: PCI_PNP6970 Image Path: \Driver\PCI_PNP6970 Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xB309C000 Size: 49152 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: c:\windows\temp\perflib_perfdata_80.dat Status: Allocation size mismatch (API: 16384, Raw: 0) Path: c:\ynk\rohan_blood_feud_hero\gameguard\npgl.erl Status: Allocation size mismatch (API: 32768, Raw: 8192) Path: c:\ynk\rohan_blood_feud_hero\gameguard\npgm.erl Status: Allocation size mismatch (API: 131072, Raw: 4096) Path: c:\ynk\rohan_blood_feud_hero\gameguard\npsc.erl Status: Allocation size mismatch (API: 65536, Raw: 0) SSDT ------------------- #: 009 Function Name: NtAddBootEntry Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xb44a59ca #: 017 Function Name: NtAllocateVirtualMemory Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb44faa68 #: 025 Function Name: NtClose Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xb44c5af5 #: 035 Function Name: NtCreateEvent Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xb44a7eac #: 036 Function Name: NtCreateEventPair Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xb44a7f04 #: 038 Function Name: NtCreateIoCompletion Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xb44a801a #: 041 Function Name: NtCreateKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xb44c54a9 #: 043 Function Name: NtCreateMutant Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xb44a7e02 #: 050 Function Name: NtCreateSection Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xb44a7f54 #: 051 Function Name: NtCreateSemaphore Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xb44a7e56 #: 054 Function Name: NtCreateTimer Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xb44a7fc8 #: 061 Function Name: NtDeleteBootEntry Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xb44a59ee #: 063 Function Name: NtDeleteKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xb44c61bb #: 065 Function Name: NtDeleteValueKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xb44c6471 #: 068 Function Name: NtDuplicateObject Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xb44a829e #: 071 Function Name: NtEnumerateKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xb44c6026 #: 073 Function Name: NtEnumerateValueKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xb44c5e91 #: 083 Function Name: NtFreeVirtualMemory Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb44fab18 #: 097 Function Name: NtLoadDriver Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xb44a57b8 #: 109 Function Name: NtModifyBootEntry Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xb44a5a12 #: 111 Function Name: NtNotifyChangeKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xb44a8412 #: 112 Function Name: NtNotifyChangeMultipleKeys Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xb44a64aa #: 114 Function Name: NtOpenEvent Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xb44a7edc #: 115 Function Name: NtOpenEventPair Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xb44a7f2c #: 117 Function Name: NtOpenIoCompletion Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xb44a8044 #: 119 Function Name: NtOpenKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xb44c5805 #: 120 Function Name: NtOpenMutant Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xb44a7e2e #: 122 Function Name: NtOpenProcess Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xb44a80d6 #: 125 Function Name: NtOpenSection Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xb44a7f94 #: 126 Function Name: NtOpenSemaphore Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xb44a7e84 #: 128 Function Name: NtOpenThread Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xb44a81ba #: 131 Function Name: NtOpenTimer Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xb44a7ff2 #: 137 Function Name: NtProtectVirtualMemory Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb44fabb0 #: 160 Function Name: NtQueryKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xb44c5d0c #: 163 Function Name: NtQueryObject Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xb44a6370 #: 177 Function Name: NtQueryValueKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xb44c5b5e #: 192 Function Name: NtRenameKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb4502e26 #: 204 Function Name: NtRestoreKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xb44c4b1c #: 211 Function Name: NtSetBootEntryOrder Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xb44a5a36 #: 212 Function Name: NtSetBootOptions Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xb44a5a5a #: 240 Function Name: NtSetSystemInformation Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xb44a5812 #: 241 Function Name: NtSetSystemPowerState Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xb44a594e #: 247 Function Name: NtSetValueKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xb44c62c2 #: 249 Function Name: NtShutdownSystem Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xb44a592a #: 255 Function Name: NtSystemDebugControl Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xb44a5972 #: 268 Function Name: NtVdmControl Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xb44a5a7e Stealth Objects ------------------- Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ] Process: System Address: 0x89a9d1e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x89a9d1e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA] Process: System Address: 0x89a9d1e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA] Process: System Address: 0x89a9d1e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x89a9d1e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x89a9d1e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x89a9d1e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x89a9d1e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x89a9d1e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89a9d1e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN] Process: System Address: 0x89a9d1e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x89a9d1e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x89a9d1e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY] Process: System Address: 0x89a9d1e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x89a9d1e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA] Process: System Address: 0x89a9d1e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP] Process: System Address: 0x89a9d1e8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE] Process: System Address: 0x89825430 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE] Process: System Address: 0x89825430 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ] Process: System Address: 0x89825430 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE] Process: System Address: 0x89825430 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x89825430 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89825430 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x89825430 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN] Process: System Address: 0x89825430 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER] Process: System Address: 0x89825430 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x89825430 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP] Process: System Address: 0x89825430 Size: 121 Object: Hidden Code [Driver: prodrv06ȅఊ祓譐 挸, IRP_MJ_CREATE] Process: System Address: 0xe18276e8 Size: 1607 Object: Hidden Code [Driver: prodrv06ȅఊ祓譐 挸, IRP_MJ_CLOSE] Process: System Address: 0xe18276e8 Size: 1607 Object: Hidden Code [Driver: prodrv06ȅఊ祓譐 挸, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0xe18276e8 Size: 1607 Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE] Process: System Address: 0x8982a430 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE] Process: System Address: 0x8982a430 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8982a430 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8982a430 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER] Process: System Address: 0x8982a430 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8982a430 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP] Process: System Address: 0x8982a430 Size: 121 Object: Hidden Code [Driver: prohlp02, IRP_MJ_CREATE] Process: System Address: 0xe153d0d8 Size: 186 Object: Hidden Code [Driver: prohlp02, IRP_MJ_CLOSE] Process: System Address: 0xe153d0d8 Size: 186 Object: Hidden Code [Driver: prohlp02, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0xe153d0d8 Size: 186 Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE] Process: System Address: 0x89868430 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE] Process: System Address: 0x89868430 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89868430 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x89868430 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP] Process: System Address: 0x89868430 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP] Process: System Address: 0x89868430 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE] Process: System Address: 0x89829430 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE] Process: System Address: 0x89829430 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89829430 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x89829430 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER] Process: System Address: 0x89829430 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x89829430 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP] Process: System Address: 0x89829430 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE] Process: System Address: 0x8980e430 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE] Process: System Address: 0x8980e430 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE] Process: System Address: 0x8980e430 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ] Process: System Address: 0x8980e430 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE] Process: System Address: 0x8980e430 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x8980e430 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION] Process: System Address: 0x8980e430 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA] Process: System Address: 0x8980e430 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA] Process: System Address: 0x8980e430 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8980e430 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x8980e430 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x8980e430 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x8980e430 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x8980e430 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8980e430 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8980e430 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN] Process: System Address: 0x8980e430 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x8980e430 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP] Process: System Address: 0x8980e430 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT] Process: System Address: 0x8980e430 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x8980e430 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY] Process: System Address: 0x8980e430 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER] Process: System Address: 0x8980e430 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8980e430 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE] Process: System Address: 0x8980e430 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x8980e430 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA] Process: System Address: 0x8980e430 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP] Process: System Address: 0x8980e430 Size: 121 Object: Hidden Code [Driver: Cdfs؅ఞ扏济HDAUDIO#FUNC, IRP_MJ_CREATE] Process: System Address: 0x88c201e8 Size: 121 Object: Hidden Code [Driver: Cdfs؅ఞ扏济HDAUDIO#FUNC, IRP_MJ_CLOSE] Process: System Address: 0x88c201e8 Size: 121 Object: Hidden Code [Driver: Cdfs؅ఞ扏济HDAUDIO#FUNC, IRP_MJ_READ] Process: System Address: 0x88c201e8 Size: 121 Object: Hidden Code [Driver: Cdfs؅ఞ扏济HDAUDIO#FUNC, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x88c201e8 Size: 121 Object: Hidden Code [Driver: Cdfs؅ఞ扏济HDAUDIO#FUNC, IRP_MJ_SET_INFORMATION] Process: System Address: 0x88c201e8 Size: 121 Object: Hidden Code [Driver: Cdfs؅ఞ扏济HDAUDIO#FUNC, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x88c201e8 Size: 121 Object: Hidden Code [Driver: Cdfs؅ఞ扏济HDAUDIO#FUNC, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x88c201e8 Size: 121 Object: Hidden Code [Driver: Cdfs؅ఞ扏济HDAUDIO#FUNC, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x88c201e8 Size: 121 Object: Hidden Code [Driver: Cdfs؅ఞ扏济HDAUDIO#FUNC, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x88c201e8 Size: 121 Object: Hidden Code [Driver: Cdfs؅ఞ扏济HDAUDIO#FUNC, IRP_MJ_SHUTDOWN] Process: System Address: 0x88c201e8 Size: 121 Object: Hidden Code [Driver: Cdfs؅ఞ扏济HDAUDIO#FUNC, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x88c201e8 Size: 121 Object: Hidden Code [Driver: Cdfs؅ఞ扏济HDAUDIO#FUNC, IRP_MJ_CLEANUP] Process: System Address: 0x88c201e8 Size: 121 Object: Hidden Code [Driver: Cdfs؅ఞ扏济HDAUDIO#FUNC, IRP_MJ_PNP] Process: System Address: 0x88c201e8 Size: 121 Shadow SSDT ------------------- #: 007 Function Name: NtGdiAlphaBlend Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xb44a6a88 #: 013 Function Name: NtGdiBitBlt Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xb44a6a2e #: 122 Function Name: NtGdiDeleteObjectApp Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xb44a84ca #: 191 Function Name: NtGdiGetPixel Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xb44a6a1c #: 227 Function Name: NtGdiMaskBlt Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xb44a6a52 #: 233 Function Name: NtGdiOpenDCW Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xb44a8448 #: 237 Function Name: NtGdiPlgBlt Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xb44a6a64 #: 292 Function Name: NtGdiStretchBlt Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xb44a6a40 #: 298 Function Name: NtGdiTransparentBlt Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xb44a6a76 #: 310 Function Name: NtUserBlockInput Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xb44a6960 #: 319 Function Name: NtUserCallHwndParamLock Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xb44a68b0 #: 355 Function Name: NtUserDestroyWindow Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xb44a6908 #: 502 Function Name: NtUserSendInput Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xb44a6990 #: 509 Function Name: NtUserSetClipboardViewer Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xb44a69f2 #: 535 Function Name: NtUserSetSysColors Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xb44a6884 #: 549 Function Name: NtUserSetWindowsHookEx Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xb44a6804 #: 552 Function Name: NtUserSetWinEventHook Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xb44a673e #: 559 Function Name: NtUserSystemParametersInfo Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xb44a6816 ==EOF==