Hello can someone check my rootrepeal log? Thanks.
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2011/01/19 21:49
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xEE703000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79B5000 Size: 8192 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xED54F000 Size: 49152 File Visible: No Signed: -
Status: -
SSDT
-------------------
#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "dwprot.sys" at address 0xf73ac088
#: 053 Function Name: NtCreateThread
Status: Hooked by "dwprot.sys" at address 0xf73ad1e0
#: 083 Function Name: NtFreeVirtualMemory
Status: Hooked by "dwprot.sys" at address 0xf73ac306
#: 125 Function Name: NtOpenSection
Status: Hooked by "dwprot.sys" at address 0xf73abed2
#: 180 Function Name: NtQueueApcThread
Status: Hooked by "dwprot.sys" at address 0xf73ad2e2
#: 213 Function Name: NtSetContextThread
Status: Hooked by "dwprot.sys" at address 0xf73ad32e
#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "dwprot.sys" at address 0xf73abe00
#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS" at address 0xee7c0620
#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "dwprot.sys" at address 0xf73ac416
Shadow SSDT
-------------------
#: 460 Function Name: NtUserMessageCall
Status: Hooked by "dwprot.sys" at address 0xf73ad02c
#: 475 Function Name: NtUserPostMessage
Status: Hooked by "dwprot.sys" at address 0xf73acfa0
#: 476 Function Name: NtUserPostThreadMessage
Status: Hooked by "dwprot.sys" at address 0xf73ab950
#: 483 Function Name: NtUserQueryWindow
Status: Hooked by "dwprot.sys" at address 0xf73ab878
#: 558 Function Name: NtUserSwitchDesktop
Status: Hooked by "dwprot.sys" at address 0xf73ab814
==EOF==
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2011/01/19 21:49
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xEE703000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79B5000 Size: 8192 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xED54F000 Size: 49152 File Visible: No Signed: -
Status: -
SSDT
-------------------
#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "dwprot.sys" at address 0xf73ac088
#: 053 Function Name: NtCreateThread
Status: Hooked by "dwprot.sys" at address 0xf73ad1e0
#: 083 Function Name: NtFreeVirtualMemory
Status: Hooked by "dwprot.sys" at address 0xf73ac306
#: 125 Function Name: NtOpenSection
Status: Hooked by "dwprot.sys" at address 0xf73abed2
#: 180 Function Name: NtQueueApcThread
Status: Hooked by "dwprot.sys" at address 0xf73ad2e2
#: 213 Function Name: NtSetContextThread
Status: Hooked by "dwprot.sys" at address 0xf73ad32e
#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "dwprot.sys" at address 0xf73abe00
#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS" at address 0xee7c0620
#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "dwprot.sys" at address 0xf73ac416
Shadow SSDT
-------------------
#: 460 Function Name: NtUserMessageCall
Status: Hooked by "dwprot.sys" at address 0xf73ad02c
#: 475 Function Name: NtUserPostMessage
Status: Hooked by "dwprot.sys" at address 0xf73acfa0
#: 476 Function Name: NtUserPostThreadMessage
Status: Hooked by "dwprot.sys" at address 0xf73ab950
#: 483 Function Name: NtUserQueryWindow
Status: Hooked by "dwprot.sys" at address 0xf73ab878
#: 558 Function Name: NtUserSwitchDesktop
Status: Hooked by "dwprot.sys" at address 0xf73ab814
==EOF==
