ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:		2010/09/07 07:49
Program Version:		Version 1.3.5.0
Windows Version:		Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys
Address: 0xADC2C000	Size: 786432	File Visible: No	Signed: -
Status: -

Name: giveio.sys
Image Path: giveio.sys
Address: 0xF7A50000	Size: 1664	File Visible: No	Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xACB79000	Size: 49152	File Visible: No	Signed: -
Status: -

Name: speedfan.sys
Image Path: speedfan.sys
Address: 0xF798D000	Size: 5248	File Visible: No	Signed: -
Status: -

Name: uphcleanhlp.sys
Image Path: C:\WINDOWS\system32\Drivers\uphcleanhlp.sys
Address: 0xACF8A000	Size: 8960	File Visible: No	Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\Documents and Settings\lukasz\Ustawienia lokalne\Apps\2.0\V2V546N2.NTQ\DDRCO4ZO.NCV\manifests\BugSplat.Net.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\lukasz\Ustawienia lokalne\Apps\2.0\V2V546N2.NTQ\DDRCO4ZO.NCV\manifests\BugSplat.Net.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\lukasz\Ustawienia lokalne\Apps\2.0\V2V546N2.NTQ\DDRCO4ZO.NCV\manifests\CoHOLauncher.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\lukasz\Ustawienia lokalne\Apps\2.0\V2V546N2.NTQ\DDRCO4ZO.NCV\manifests\CoHOLauncher.exe.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\lukasz\Ustawienia lokalne\Apps\2.0\V2V546N2.NTQ\DDRCO4ZO.NCV\manifests\CoHOLauncher.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\lukasz\Ustawienia lokalne\Apps\2.0\V2V546N2.NTQ\DDRCO4ZO.NCV\manifests\CoHOLauncher.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\lukasz\Ustawienia lokalne\Apps\2.0\V2V546N2.NTQ\DDRCO4ZO.NCV\manifests\CoHOPatcherCore.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\lukasz\Ustawienia lokalne\Apps\2.0\V2V546N2.NTQ\DDRCO4ZO.NCV\manifests\CoHOPatcherCore.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\lukasz\Ustawienia lokalne\Apps\2.0\V2V546N2.NTQ\DDRCO4ZO.NCV\manifests\LibTorrentWrapper.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\lukasz\Ustawienia lokalne\Apps\2.0\V2V546N2.NTQ\DDRCO4ZO.NCV\manifests\LibTorrentWrapper.manifest
Status: Locked to the Windows API!

SSDT
-------------------
#: 263	Function Name: NtUnloadKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\uphcleanhlp.sys" at address 0xacf8a6d0

Stealth Objects
-------------------
Object: Hidden Code [Driver: prodrv06؅ఉ䵃慖, IRP_MJ_CREATE]
Process: System	Address: 0xe1b189c8	Size: 1592

Object: Hidden Code [Driver: prodrv06؅ఉ䵃慖, IRP_MJ_CLOSE]
Process: System	Address: 0xe1b189c8	Size: 1592

Object: Hidden Code [Driver: prodrv06؅ఉ䵃慖, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0xe1b189c8	Size: 1592

Object: Hidden Code [Driver: prohlp02, IRP_MJ_CREATE]
Process: System	Address: 0xe157d858	Size: 1961

Object: Hidden Code [Driver: prohlp02, IRP_MJ_CLOSE]
Process: System	Address: 0xe157d858	Size: 1961

Object: Hidden Code [Driver: prohlp02, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0xe157d858	Size: 1961

==EOF==