ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:		2009/08/25 03:35
Program Version:		Version 1.3.5.0
Windows Version:		Windows XP SP3
==================================================

Drivers
-------------------
Name: rootrepeal.sys
Image Path: J:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xAE343000	Size: 49152	File Visible: No	Signed: -
Status: -

Name: srescan.sys
Image Path: srescan.sys
Address: 0xB7DE5000	Size: 81920	File Visible: No	Signed: -
Status: -

SSDT
-------------------
#: 031	Function Name: NtConnectPort
Status: Hooked by "J:\WINDOWS\System32\vsdatant.sys" at address 0xb0920fc0

#: 037	Function Name: NtCreateFile
Status: Hooked by "J:\WINDOWS\System32\vsdatant.sys" at address 0xb091dc80

#: 041	Function Name: NtCreateKey
Status: Hooked by "J:\WINDOWS\System32\vsdatant.sys" at address 0xb0938170

#: 046	Function Name: NtCreatePort
Status: Hooked by "J:\WINDOWS\System32\vsdatant.sys" at address 0xb0921580

#: 047	Function Name: NtCreateProcess
Status: Hooked by "J:\WINDOWS\System32\vsdatant.sys" at address 0xb0935900

#: 048	Function Name: NtCreateProcessEx
Status: Hooked by "J:\WINDOWS\System32\vsdatant.sys" at address 0xb0935b10

#: 050	Function Name: NtCreateSection
Status: Hooked by "J:\WINDOWS\System32\vsdatant.sys" at address 0xb0939b10

#: 056	Function Name: NtCreateWaitablePort
Status: Hooked by "J:\WINDOWS\System32\vsdatant.sys" at address 0xb0921670

#: 062	Function Name: NtDeleteFile
Status: Hooked by "J:\WINDOWS\System32\vsdatant.sys" at address 0xb091e210

#: 063	Function Name: NtDeleteKey
Status: Hooked by "J:\WINDOWS\System32\vsdatant.sys" at address 0xb09389f0

#: 065	Function Name: NtDeleteValueKey
Status: Hooked by "J:\WINDOWS\System32\vsdatant.sys" at address 0xb09387a0

#: 068	Function Name: NtDuplicateObject
Status: Hooked by "J:\WINDOWS\System32\vsdatant.sys" at address 0xb0935280

#: 098	Function Name: NtLoadKey
Status: Hooked by "J:\WINDOWS\System32\vsdatant.sys" at address 0xb0938f10

#: 099	Function Name: NtLoadKey2
Status: Hooked by "J:\WINDOWS\System32\vsdatant.sys" at address 0xb0938f90

#: 116	Function Name: NtOpenFile
Status: Hooked by "J:\WINDOWS\System32\vsdatant.sys" at address 0xb091e070

#: 122	Function Name: NtOpenProcess
Status: Hooked by "J:\WINDOWS\System32\vsdatant.sys" at address 0xb0937180

#: 128	Function Name: NtOpenThread
Status: Hooked by "J:\WINDOWS\System32\vsdatant.sys" at address 0xb0936f40

#: 192	Function Name: NtRenameKey
Status: Hooked by "J:\WINDOWS\System32\vsdatant.sys" at address 0xb09396f0

#: 193	Function Name: NtReplaceKey
Status: Hooked by "J:\WINDOWS\System32\vsdatant.sys" at address 0xb0939150

#: 200	Function Name: NtRequestWaitReplyPort
Status: Hooked by "J:\WINDOWS\System32\vsdatant.sys" at address 0xb0920be0

#: 204	Function Name: NtRestoreKey
Status: Hooked by "J:\WINDOWS\System32\vsdatant.sys" at address 0xb0939540

#: 210	Function Name: NtSecureConnectPort
Status: Hooked by "J:\WINDOWS\System32\vsdatant.sys" at address 0xb0921190

#: 224	Function Name: NtSetInformationFile
Status: Hooked by "J:\WINDOWS\System32\vsdatant.sys" at address 0xb091e440

#: 247	Function Name: NtSetValueKey
Status: Hooked by "J:\WINDOWS\System32\vsdatant.sys" at address 0xb09384e0

#: 255	Function Name: NtSystemDebugControl
Status: Hooked by "J:\WINDOWS\System32\vsdatant.sys" at address 0xb0936200

#: 257	Function Name: NtTerminateProcess
Status: Hooked by "J:\WINDOWS\System32\vsdatant.sys" at address 0xb0936080

==EOF==