ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:		2009/08/26 17:43
Program Version:		Version 1.3.5.0
Windows Version:		Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB1AE6000	Size: 98304	File Visible: No	Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBADF0000	Size: 8192	File Visible: No	Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xAF1FD000	Size: 49152	File Visible: No	Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\documents and settings\nedeljko\application data\skype\rodic.nedeljko1947\call256.dbb
Status: Size mismatch (API: 3255, Raw: 3250)

Path: c:\documents and settings\nedeljko\application data\skype\rodic.nedeljko1947\callmember256.dbb
Status: Size mismatch (API: 3256, Raw: 3223)

Path: c:\documents and settings\nedeljko\local settings\temp\temporary internet files\content.ie5\6y8rsbl4\_page_recommend[1].htm
Status: Allocation size mismatch (API: 12288, Raw: 8192)

Path: c:\documents and settings\nedeljko\local settings\temp\temporary internet files\content.ie5\89abcdef\search_google[1].htm
Status: Allocation size mismatch (API: 384, Raw: 296)

Path: c:\documents and settings\nedeljko\local settings\temp\temporary internet files\content.ie5\ab6hude1\cookie[1].htm
Status: Allocation size mismatch (API: 376, Raw: 288)

SSDT
-------------------
#: 025	Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb1bcf6b8

#: 041	Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb1bcf574

#: 065	Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb1bcfa52

#: 068	Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb1bcf14c

#: 119	Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb1bcf64e

#: 122	Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb1bcf08c

#: 128	Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb1bcf0f0

#: 177	Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb1bcf76e

#: 204	Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb1bcf72e

#: 247	Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb1bcf8ae

==EOF==