ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:		2009/12/07 15:40
Program Version:		Version 1.3.5.0
Windows Version:		Windows Vista SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x8FB79000	Size: 32768	File Visible: No	Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8FB6E000	Size: 45056	File Visible: No	Signed: -
Status: -

Name: dump_dumpfve.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpfve.sys
Address: 0x8FB81000	Size: 69632	File Visible: No	Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xBF243000	Size: 49152	File Visible: No	Signed: -
Status: -

Processes
-------------------
Path: System
PID: 4	Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1300	Status: Locked to the Windows API!

SSDT
-------------------
#: 018	Function Name: NtAllocateVirtualMemory
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8fa5ce60

#: 021	Function Name: NtAlpcConnectPort
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8fa5bda0

#: 022	Function Name: NtAlpcCreatePort
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8fa5b460

#: 042	Function Name: NtAssignProcessToJobObject
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8fa5d5c0

#: 054	Function Name: NtConnectPort
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8fa5b610

#: 060	Function Name: NtCreateFile
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8fa6a0d0

#: 064	Function Name: NtCreateKey
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8fa68430

#: 071	Function Name: NtCreatePort
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8fa5b2c0

#: 072	Function Name: NtCreateProcess
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8fa58580

#: 073	Function Name: NtCreateProcessEx
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8fa58960

#: 075	Function Name: NtCreateSection
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8fa58060

#: 078	Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x9b530d2c

#: 116	Function Name: NtDebugActiveProcess
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8fa5a5a0

#: 122	Function Name: NtDeleteFile
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8fa6ab50

#: 123	Function Name: NtDeleteKey
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8fa689e0

#: 126	Function Name: NtDeleteValueKey
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8fa69330

#: 129	Function Name: NtDuplicateObject
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8fa5afe0

#: 133	Function Name: NtEnumerateKey
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8fa6a070

#: 136	Function Name: NtEnumerateValueKey
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8fa6a0a0

#: 165	Function Name: NtLoadDriver
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8fa5c5d0

#: 166	Function Name: NtLoadKey
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8fa69780

#: 186	Function Name: NtOpenFile
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8fa6a760

#: 189	Function Name: NtOpenKey
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8fa68c20

#: 194	Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0x9b530d18

#: 197	Function Name: NtOpenSection
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8fa58300

#: 201	Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0x9b530d1d

#: 210	Function Name: NtProtectVirtualMemory
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8fa5d250

#: 218	Function Name: NtQueryDirectoryFile
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8fa5ca10

#: 234	Function Name: NtQueryKey
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8fa6a010

#: 252	Function Name: NtQueryValueKey
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8fa6a040

#: 255	Function Name: NtQueueApcThread
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8fa5d740

#: 268	Function Name: NtReplaceKey
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8fa69b20

#: 276	Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8fa5c180

#: 280	Function Name: NtRestoreKey
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8fa69d80

#: 282	Function Name: NtResumeThread
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8fa5ac90

#: 283	Function Name: NtSaveKey
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8fa69ff0

#: 286	Function Name: NtSecureConnectPort
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8fa5b9d0

#: 289	Function Name: NtSetContextThread
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8fa5a3c0

#: 301	Function Name: NtSetInformationFile
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8fa6ae10

#: 317	Function Name: NtSetSystemInformation
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8fa5a720

#: 324	Function Name: NtSetValueKey
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8fa68c40

#: 326	Function Name: NtShutdownSystem
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8fa5c4d0

#: 330	Function Name: NtSuspendProcess
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8fa5ae40

#: 331	Function Name: NtSuspendThread
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8fa5aac0

#: 332	Function Name: NtSystemDebugControl
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8fa5a900

#: 334	Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x9b530d27

#: 335	Function Name: NtTerminateThread
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8fa5a1a0

#: 342	Function Name: NtUnloadDriver
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8fa5c7f0

#: 358	Function Name: NtWriteVirtualMemory
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8fa5d400

#: 382	Function Name: NtCreateThreadEx
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8fa59c80

#: 383	Function Name: NtCreateUserProcess
Status: Hooked by "C:\Windows\system32\drivers\OADriver.sys" at address 0x8fa58e60

==EOF==