ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:		2009/11/08 21:23
Program Version:		Version 1.3.5.0
Windows Version:		Windows XP SP3
==================================================

Drivers
-------------------
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB51D6000	Size: 49152	File Visible: No	Signed: -
Status: -

SSDT
-------------------
#: 012	Function Name: NtAlertResumeThread
Status: Hooked by "<unknown>" at address 0x8ac09270

#: 013	Function Name: NtAlertThread
Status: Hooked by "<unknown>" at address 0x8abb9d80

#: 017	Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x8ac56350

#: 031	Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0x8aa25818

#: 043	Function Name: NtCreateMutant
Status: Hooked by "<unknown>" at address 0x8ace40c8

#: 053	Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x8acdd2f8

#: 065	Function Name: NtDeleteValueKey
Status: Hooked by "C:\Program Files\Symantec\SYMEVENT.SYS" at address 0xb7e4acc0

#: 083	Function Name: NtFreeVirtualMemory
Status: Hooked by "<unknown>" at address 0x8ab8d0b0

#: 089	Function Name: NtImpersonateAnonymousToken
Status: Hooked by "<unknown>" at address 0x8ac59aa0

#: 091	Function Name: NtImpersonateThread
Status: Hooked by "<unknown>" at address 0x8ac0c108

#: 108	Function Name: NtMapViewOfSection
Status: Hooked by "<unknown>" at address 0x8ad86910

#: 114	Function Name: NtOpenEvent
Status: Hooked by "<unknown>" at address 0x8ad8abb0

#: 123	Function Name: NtOpenProcessToken
Status: Hooked by "<unknown>" at address 0x8ab89670

#: 129	Function Name: NtOpenThreadToken
Status: Hooked by "<unknown>" at address 0x8aa51a80

#: 177	Function Name: NtQueryValueKey
Status: Hooked by "<unknown>" at address 0x8ad0b250

#: 206	Function Name: NtResumeThread
Status: Hooked by "<unknown>" at address 0x8ab56008

#: 213	Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x8aa5cb18

#: 228	Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x8aa281a8

#: 229	Function Name: NtSetInformationThread
Status: Hooked by "<unknown>" at address 0x8aa3e7d0

#: 247	Function Name: NtSetValueKey
Status: Hooked by "C:\Program Files\Symantec\SYMEVENT.SYS" at address 0xb7e4af20

#: 253	Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x8ae0a1d8

#: 254	Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x8abb9810

#: 257	Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x8ac44100

#: 258	Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x8aa3e3b0

#: 267	Function Name: NtUnmapViewOfSection
Status: Hooked by "<unknown>" at address 0x8aa34a08

#: 277	Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x8acd09f0

==EOF==