
McAfee(R) Rootkit Detective 1.0 scan report
On 13-08-2007 at 14:36:25
OS-Version 5.0.2195
Service Pack 4.0
====================================

Object-Type: SSDT-hook
Object-Name: ZwClose
Object-Path: C:\WINNT\system32\drivers\Vax347b.sys

Object-Type: SSDT-hook
Object-Name: ZwCreateKey
Object-Path: C:\WINNT\system32\drivers\Vax347b.sys

Object-Type: SSDT-hook
Object-Name: ZwCreatePagingFile
Object-Path: C:\WINNT\system32\drivers\Vax347b.sys

Object-Type: SSDT-hook
Object-Name: ZwEnumerateKey
Object-Path: C:\WINNT\system32\drivers\Vax347b.sys

Object-Type: SSDT-hook
Object-Name: ZwEnumerateValueKey
Object-Path: C:\WINNT\system32\drivers\Vax347b.sys

Object-Type: SSDT-hook
Object-Name: ZwOpenKey
Object-Path: C:\WINNT\system32\drivers\Vax347b.sys

Object-Type: SSDT-hook
Object-Name: ZwQueryKey
Object-Path: C:\WINNT\system32\drivers\Vax347b.sys

Object-Type: SSDT-hook
Object-Name: ZwQueryValueKey
Object-Path: C:\WINNT\system32\drivers\Vax347b.sys

Object-Type: SSDT-hook
Object-Name: ZwSetSystemPowerState
Object-Path: C:\WINNT\system32\drivers\Vax347b.sys

Object-Type: SSDT-hook
Object-Name: ZwSetValueKey
Object-Path: C:\WINNT\system32\drivers\sptd.sys

Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_POWER
Object-Path: 

Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_CLEANUP
Object-Path: 

Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_SHUTDOWN
Object-Path: 

Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_INTERNAL_DEVICE_CONTROL
Object-Path: 

Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_DEVICE_CONTROL
Object-Path: 

Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_FLUSH_BUFFERS
Object-Path: 

Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_WRITE
Object-Path: 

Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_READ
Object-Path: 

Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_CREATE
Object-Path: 

Object-Type: IRP-hook
Object-Name: \Driver\Tcpip->IRP_MJ_SET_QUOTA
Object-Path: \??\C:\PROGRA~1\SPEEDB~1\sbbotdi.sys

Object-Type: IRP-hook
Object-Name: \Driver\Tcpip->IRP_MJ_QUERY_QUOTA
Object-Path: \??\C:\PROGRA~1\SPEEDB~1\sbbotdi.sys

Object-Type: IRP-hook
Object-Name: \Driver\Tcpip->IRP_MJ_DEVICE_CHANGE
Object-Path: \??\C:\PROGRA~1\SPEEDB~1\sbbotdi.sys

Object-Type: IRP-hook
Object-Name: \Driver\Tcpip->IRP_MJ_SYSTEM_CONTROL
Object-Path: \??\C:\PROGRA~1\SPEEDB~1\sbbotdi.sys

Object-Type: IRP-hook
Object-Name: \Driver\Tcpip->IRP_MJ_POWER
Object-Path: \??\C:\PROGRA~1\SPEEDB~1\sbbotdi.sys

Object-Type: IRP-hook
Object-Name: \Driver\Tcpip->IRP_MJ_SET_SECURITY
Object-Path: \??\C:\PROGRA~1\SPEEDB~1\sbbotdi.sys

Object-Type: IRP-hook
Object-Name: \Driver\Tcpip->IRP_MJ_QUERY_SECURITY
Object-Path: \??\C:\PROGRA~1\SPEEDB~1\sbbotdi.sys

Object-Type: IRP-hook
Object-Name: \Driver\Tcpip->IRP_MJ_CREATE_MAILSLOT
Object-Path: \??\C:\PROGRA~1\SPEEDB~1\sbbotdi.sys

Object-Type: IRP-hook
Object-Name: \Driver\Tcpip->IRP_MJ_CLEANUP
Object-Path: \??\C:\PROGRA~1\SPEEDB~1\sbbotdi.sys

Object-Type: IRP-hook
Object-Name: \Driver\Tcpip->IRP_MJ_LOCK_CONTROL
Object-Path: \??\C:\PROGRA~1\SPEEDB~1\sbbotdi.sys

Object-Type: IRP-hook
Object-Name: \Driver\Tcpip->IRP_MJ_SHUTDOWN
Object-Path: \??\C:\PROGRA~1\SPEEDB~1\sbbotdi.sys

Object-Type: IRP-hook
Object-Name: \Driver\Tcpip->IRP_MJ_INTERNAL_DEVICE_CONTROL
Object-Path: \??\C:\PROGRA~1\SPEEDB~1\sbbotdi.sys

Object-Type: IRP-hook
Object-Name: \Driver\Tcpip->IRP_MJ_DEVICE_CONTROL
Object-Path: \??\C:\PROGRA~1\SPEEDB~1\sbbotdi.sys

Object-Type: IRP-hook
Object-Name: \Driver\Tcpip->IRP_MJ_FILE_SYSTEM_CONTROL
Object-Path: \??\C:\PROGRA~1\SPEEDB~1\sbbotdi.sys

Object-Type: IRP-hook
Object-Name: \Driver\Tcpip->IRP_MJ_DIRECTORY_CONTROL
Object-Path: \??\C:\PROGRA~1\SPEEDB~1\sbbotdi.sys

Object-Type: IRP-hook
Object-Name: \Driver\Tcpip->IRP_MJ_SET_VOLUME_INFORMATION
Object-Path: \??\C:\PROGRA~1\SPEEDB~1\sbbotdi.sys

Object-Type: IRP-hook
Object-Name: \Driver\Tcpip->IRP_MJ_QUERY_VOLUME_INFORMATION
Object-Path: \??\C:\PROGRA~1\SPEEDB~1\sbbotdi.sys

Object-Type: IRP-hook
Object-Name: \Driver\Tcpip->IRP_MJ_FLUSH_BUFFERS
Object-Path: \??\C:\PROGRA~1\SPEEDB~1\sbbotdi.sys

Object-Type: IRP-hook
Object-Name: \Driver\Tcpip->IRP_MJ_SET_EA
Object-Path: \??\C:\PROGRA~1\SPEEDB~1\sbbotdi.sys

Object-Type: IRP-hook
Object-Name: \Driver\Tcpip->IRP_MJ_QUERY_EA
Object-Path: \??\C:\PROGRA~1\SPEEDB~1\sbbotdi.sys

Object-Type: IRP-hook
Object-Name: \Driver\Tcpip->IRP_MJ_SET_INFORMATION
Object-Path: \??\C:\PROGRA~1\SPEEDB~1\sbbotdi.sys

Object-Type: IRP-hook
Object-Name: \Driver\Tcpip->IRP_MJ_QUERY_INFORMATION
Object-Path: \??\C:\PROGRA~1\SPEEDB~1\sbbotdi.sys

Object-Type: IRP-hook
Object-Name: \Driver\Tcpip->IRP_MJ_WRITE
Object-Path: \??\C:\PROGRA~1\SPEEDB~1\sbbotdi.sys

Object-Type: IRP-hook
Object-Name: \Driver\Tcpip->IRP_MJ_READ
Object-Path: \??\C:\PROGRA~1\SPEEDB~1\sbbotdi.sys

Object-Type: IRP-hook
Object-Name: \Driver\Tcpip->IRP_MJ_CLOSE
Object-Path: \??\C:\PROGRA~1\SPEEDB~1\sbbotdi.sys

Object-Type: IRP-hook
Object-Name: \Driver\Tcpip->IRP_MJ_CREATE_NAMED_PIPE
Object-Path: \??\C:\PROGRA~1\SPEEDB~1\sbbotdi.sys

Object-Type: IRP-hook
Object-Name: \Driver\Tcpip->IRP_MJ_CREATE
Object-Path: \??\C:\PROGRA~1\SPEEDB~1\sbbotdi.sys

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg
Status: Unable to access registry key

Object-Type: Registry-key
Object-Name: 19659239224E364682FA4BAF72C53EA4td\Cfg
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Unable to access registry key

Object-Type: Registry-key
Object-Name: 00000001ontrolSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Status: Unable to access registry key

Object-Type: Registry-key
Object-Name: 0Jf40M\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Status: Unable to access registry key

Object-Type: Registry-value
Object-Name: a0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Status: Hidden

Object-Type: Registry-value
Object-Name: khjeh
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Status: Hidden

Object-Type: Registry-value
Object-Name: p0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Hidden

Object-Type: Registry-value
Object-Name: h0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Hidden

Object-Type: Registry-value
Object-Name: khjeh
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Hidden

Object-Type: Registry-value
Object-Name: s1
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg
Status: Hidden

Object-Type: Registry-value
Object-Name: s2
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg
Status: Hidden

Object-Type: Registry-value
Object-Name: g0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg
Status: Hidden

Object-Type: Registry-value
Object-Name: h0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg
Status: Hidden

Object-Type: Registry-key
Object-Name: 19659239224E364682FA4BAF72C53EA4td\Cfg
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Hidden

Object-Type: Registry-key
Object-Name: 00000001ontrolSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Status: Hidden

Object-Type: Registry-key
Object-Name: 0Jf40M\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg
Status: Unable to access registry key

Object-Type: Registry-key
Object-Name: 19659239224E364682FA4BAF72C53EA4td\Cfg
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Unable to access registry key

Object-Type: Registry-key
Object-Name: 00000001ontrolSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Status: Unable to access registry key

Object-Type: Registry-key
Object-Name: 0Jf40M\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Status: Unable to access registry key

Object-Type: Registry-value
Object-Name: a0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Status: Hidden

Object-Type: Registry-value
Object-Name: khjeh
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Status: Hidden

Object-Type: Registry-value
Object-Name: p0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Hidden

Object-Type: Registry-value
Object-Name: h0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Hidden

Object-Type: Registry-value
Object-Name: khjeh
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Status: Hidden

Object-Type: Registry-value
Object-Name: s1
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg
Status: Hidden

Object-Type: Registry-value
Object-Name: s2
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg
Status: Hidden

Object-Type: Registry-value
Object-Name: g0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg
Status: Hidden

Object-Type: Registry-value
Object-Name: h0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg
Status: Hidden

Object-Type: Registry-value
Object-Name: ProductName
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Installer\Products\32418F9EE1126B64A90E8365B85CFCF6
Status: Registy value-data mismatch

Object-Type: Registry-value
Object-Name: DisplayName
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
Status: Registy value-data mismatch

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : MSI.DLL:KERNEL32.dll!LoadLibraryW Should be : KERNEL32.dll:796F031E But is    : C:\WINNT\system32\shim.dll:7832786F
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : SHELL32.dll:KERNEL32.dll!LoadLibraryW Should be : KERNEL32.dll:796F031E But is    : C:\WINNT\system32\shim.dll:7832786F
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : SHELL32.dll:KERNEL32.dll!LoadLibraryA Should be : KERNEL32.dll:796F026D But is    : C:\WINNT\system32\shim.dll:78327800
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : OLE32.DLL:KERNEL32.dll!LoadLibraryW Should be : KERNEL32.dll:796F031E But is    : C:\WINNT\system32\shim.dll:7832786F
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : OLE32.DLL:KERNEL32.dll!LoadLibraryA Should be : KERNEL32.dll:796F026D But is    : C:\WINNT\system32\shim.dll:78327800
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : NETAPI32.DLL:KERNEL32.dll!LoadLibraryW Should be : KERNEL32.dll:796F031E But is    : C:\WINNT\system32\shim.dll:7832786F
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : CLBCATQ.DLL:KERNEL32.dll!LoadLibraryW Should be : KERNEL32.dll:796F031E But is    : C:\WINNT\system32\shim.dll:7832786F
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : MSVCR71.dll:KERNEL32.dll!LoadLibraryA Should be : KERNEL32.dll:796F026D But is    : C:\WINNT\system32\shim.dll:78327800
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : CRYPT32.dll:KERNEL32.dll!LoadLibraryA Should be : KERNEL32.dll:796F026D But is    : C:\WINNT\system32\shim.dll:78327800
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : MPR.DLL:KERNEL32.dll!LoadLibraryW Should be : KERNEL32.dll:796F031E But is    : C:\WINNT\system32\shim.dll:7832786F
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : Secur32.dll:KERNEL32.DLL!LoadLibraryW Should be : KERNEL32.DLL:796F031E But is    : C:\WINNT\system32\shim.dll:7832786F
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : Secur32.dll:KERNEL32.DLL!LoadLibraryA Should be : KERNEL32.DLL:796F026D But is    : C:\WINNT\system32\shim.dll:78327800
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : ADVAPI32.DLL:KERNEL32.dll!LoadLibraryA Should be : KERNEL32.dll:796F026D But is    : C:\WINNT\system32\shim.dll:78327800
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : ADVAPI32.DLL:KERNEL32.dll!LoadLibraryW Should be : KERNEL32.dll:796F031E But is    : C:\WINNT\system32\shim.dll:7832786F
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : USERENV.DLL:KERNEL32.dll!LoadLibraryA Should be : KERNEL32.dll:796F026D But is    : C:\WINNT\system32\shim.dll:78327800
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : USERENV.DLL:KERNEL32.dll!LoadLibraryW Should be : KERNEL32.dll:796F031E But is    : C:\WINNT\system32\shim.dll:7832786F
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : msvcrt.dll:KERNEL32.dll!LoadLibraryA Should be : KERNEL32.dll:796F026D But is    : C:\WINNT\system32\shim.dll:78327800
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : GDI32.DLL:KERNEL32.dll!LoadLibraryW Should be : KERNEL32.dll:796F031E But is    : C:\WINNT\system32\shim.dll:7832786F
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : GDI32.DLL:KERNEL32.dll!LoadLibraryA Should be : KERNEL32.dll:796F026D But is    : C:\WINNT\system32\shim.dll:78327800
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : USER32.dll:KERNEL32.dll!LoadLibraryW Should be : KERNEL32.dll:796F031E But is    : C:\WINNT\system32\shim.dll:7832786F
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : USER32.dll:KERNEL32.dll!LoadLibraryA Should be : KERNEL32.dll:796F026D But is    : C:\WINNT\system32\shim.dll:78327800
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : NTDSAPI.dll:KERNEL32.DLL!LoadLibraryA Should be : KERNEL32.DLL:796F026D But is    : C:\WINNT\system32\shim.dll:78327800
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : OLEAUT32.dll:KERNEL32.dll!LoadLibraryA Should be : KERNEL32.dll:796F026D But is    : C:\WINNT\system32\shim.dll:78327800
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : DNSAPI.DLL:KERNEL32.dll!LoadLibraryA Should be : KERNEL32.dll:796F026D But is    : C:\WINNT\system32\shim.dll:78327800
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : WLDAP32.DLL:KERNEL32.dll!LoadLibraryA Should be : KERNEL32.dll:796F026D But is    : C:\WINNT\system32\shim.dll:78327800
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : imagehlp.dll:KERNEL32.DLL!LoadLibraryA Should be : KERNEL32.DLL:796F026D But is    : C:\WINNT\system32\shim.dll:78327800
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : SETUPAPI.DLL:KERNEL32.DLL!LoadLibraryW Should be : KERNEL32.DLL:796F031E But is    : C:\WINNT\system32\shim.dll:7832786F
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : SETUPAPI.DLL:KERNEL32.DLL!LoadLibraryA Should be : KERNEL32.DLL:796F026D But is    : C:\WINNT\system32\shim.dll:78327800
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : cscui.dll:KERNEL32.DLL!LoadLibraryA Should be : KERNEL32.DLL:796F026D But is    : C:\WINNT\system32\shim.dll:78327800
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : cscui.dll:KERNEL32.DLL!LoadLibraryW Should be : KERNEL32.DLL:796F031E But is    : C:\WINNT\system32\shim.dll:7832786F
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : RTUTILS.DLL:KERNEL32.DLL!LoadLibraryW Should be : KERNEL32.DLL:796F031E But is    : C:\WINNT\system32\shim.dll:7832786F
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : RTUTILS.DLL:KERNEL32.DLL!LoadLibraryA Should be : KERNEL32.DLL:796F026D But is    : C:\WINNT\system32\shim.dll:78327800
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : VERSION.dll:KERNEL32.DLL!LoadLibraryW Should be : KERNEL32.DLL:796F031E But is    : C:\WINNT\system32\shim.dll:7832786F
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : rasadhlp.dll:KERNEL32.dll!LoadLibraryW Should be : KERNEL32.dll:796F031E But is    : C:\WINNT\system32\shim.dll:7832786F
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : WINMM.DLL:KERNEL32.DLL!LoadLibraryW Should be : KERNEL32.DLL:796F031E But is    : C:\WINNT\system32\shim.dll:7832786F
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : WINMM.DLL:KERNEL32.DLL!LoadLibraryA Should be : KERNEL32.DLL:796F026D But is    : C:\WINNT\system32\shim.dll:78327800
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : wdmaud.drv:KERNEL32.dll!LoadLibraryW Should be : KERNEL32.dll:796F031E But is    : C:\WINNT\system32\shim.dll:7832786F
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : TAPI32.dll:KERNEL32.DLL!LoadLibraryW Should be : KERNEL32.DLL:796F031E But is    : C:\WINNT\system32\shim.dll:7832786F
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : ICMP.dll:KERNEL32.dll!LoadLibraryA Should be : KERNEL32.dll:796F026D But is    : C:\WINNT\system32\shim.dll:78327800
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : RASAPI32.DLL:KERNEL32.dll!LoadLibraryW Should be : KERNEL32.dll:796F031E But is    : C:\WINNT\system32\shim.dll:7832786F
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : RASAPI32.DLL:KERNEL32.dll!LoadLibraryA Should be : KERNEL32.dll:796F026D But is    : C:\WINNT\system32\shim.dll:78327800
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : rasman.dll:KERNEL32.dll!LoadLibraryW Should be : KERNEL32.dll:796F031E But is    : C:\WINNT\system32\shim.dll:7832786F
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : rasman.dll:KERNEL32.dll!LoadLibraryA Should be : KERNEL32.dll:796F026D But is    : C:\WINNT\system32\shim.dll:78327800
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : MSASN1.dll:KERNEL32.dll!LoadLibraryA Should be : KERNEL32.dll:796F026D But is    : C:\WINNT\system32\shim.dll:78327800
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : ATL.DLL:KERNEL32.dll!LoadLibraryA Should be : KERNEL32.dll:796F026D But is    : C:\WINNT\system32\shim.dll:78327800
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : ATL.DLL:KERNEL32.dll!LoadLibraryW Should be : KERNEL32.dll:796F031E But is    : C:\WINNT\system32\shim.dll:7832786F
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : ACTIVEDS.DLL:KERNEL32.DLL!LoadLibraryW Should be : KERNEL32.DLL:796F031E But is    : C:\WINNT\system32\shim.dll:7832786F
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : ADSLDPC.DLL:KERNEL32.dll!LoadLibraryW Should be : KERNEL32.dll:796F031E But is    : C:\WINNT\system32\shim.dll:7832786F
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : DHCPCSVC.DLL:KERNEL32.dll!LoadLibraryA Should be : KERNEL32.dll:796F026D But is    : C:\WINNT\system32\shim.dll:78327800
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : DHCPCSVC.DLL:KERNEL32.dll!LoadLibraryW Should be : KERNEL32.dll:796F031E But is    : C:\WINNT\system32\shim.dll:7832786F
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : iphlpapi.dll:KERNEL32.dll!LoadLibraryA Should be : KERNEL32.dll:796F026D But is    : C:\WINNT\system32\shim.dll:78327800
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : MPRAPI.dll:KERNEL32.DLL!LoadLibraryW Should be : KERNEL32.DLL:796F031E But is    : C:\WINNT\system32\shim.dll:7832786F
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : RPCRT4.dll:KERNEL32.dll!LoadLibraryA Should be : KERNEL32.dll:796F026D But is    : C:\WINNT\system32\shim.dll:78327800
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : RPCRT4.dll:KERNEL32.dll!LoadLibraryW Should be : KERNEL32.dll:796F031E But is    : C:\WINNT\system32\shim.dll:7832786F
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : CSCDLL.DLL:KERNEL32.dll!LoadLibraryA Should be : KERNEL32.dll:796F026D But is    : C:\WINNT\system32\shim.dll:78327800
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : CSCDLL.DLL:KERNEL32.dll!LoadLibraryW Should be : KERNEL32.dll:796F031E But is    : C:\WINNT\system32\shim.dll:7832786F
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : ntshrui.dll:KERNEL32.DLL!LoadLibraryW Should be : KERNEL32.DLL:796F031E But is    : C:\WINNT\system32\shim.dll:7832786F
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : NETSHELL.dll:KERNEL32.DLL!LoadLibraryW Should be : KERNEL32.DLL:796F031E But is    : C:\WINNT\system32\shim.dll:7832786F
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : NETSHELL.dll:KERNEL32.DLL!LoadLibraryA Should be : KERNEL32.DLL:796F026D But is    : C:\WINNT\system32\shim.dll:78327800
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : mydocs.dll:KERNEL32.DLL!LoadLibraryA Should be : KERNEL32.DLL:796F026D But is    : C:\WINNT\system32\shim.dll:78327800
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : mydocs.dll:KERNEL32.DLL!LoadLibraryW Should be : KERNEL32.DLL:796F031E But is    : C:\WINNT\system32\shim.dll:7832786F
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : WINTRUST.dll:KERNEL32.dll!LoadLibraryA Should be : KERNEL32.dll:796F026D But is    : C:\WINNT\system32\shim.dll:78327800
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : WINTRUST.dll:KERNEL32.dll!LoadLibraryW Should be : KERNEL32.dll:796F031E But is    : C:\WINNT\system32\shim.dll:7832786F
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : LINKINFO.DLL:KERNEL32.dll!LoadLibraryA Should be : KERNEL32.dll:796F026D But is    : C:\WINNT\system32\shim.dll:78327800
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : LINKINFO.DLL:KERNEL32.dll!LoadLibraryW Should be : KERNEL32.dll:796F031E But is    : C:\WINNT\system32\shim.dll:7832786F
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : POWRPROF.DLL:KERNEL32.DLL!LoadLibraryW Should be : KERNEL32.DLL:796F031E But is    : C:\WINNT\system32\shim.dll:7832786F
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : stobject.dll:KERNEL32.DLL!LoadLibraryW Should be : KERNEL32.DLL:796F031E But is    : C:\WINNT\system32\shim.dll:7832786F
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : es.dll:KERNEL32.dll!LoadLibraryW Should be : KERNEL32.dll:796F031E But is    : C:\WINNT\system32\shim.dll:7832786F
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : IMM32.DLL:KERNEL32.DLL!LoadLibraryW Should be : KERNEL32.DLL:796F031E But is    : C:\WINNT\system32\shim.dll:7832786F
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : NETUI0.dll:KERNEL32.DLL!LoadLibraryW Should be : KERNEL32.DLL:796F031E But is    : C:\WINNT\system32\shim.dll:7832786F
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : WS2_32.DLL:KERNEL32.DLL!LoadLibraryA Should be : KERNEL32.DLL:796F026D But is    : C:\WINNT\system32\shim.dll:78327800
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : WS2HELP.DLL:KERNEL32.DLL!LoadLibraryA Should be : KERNEL32.DLL:796F026D But is    : C:\WINNT\system32\shim.dll:78327800
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : TxfAux.Dll:KERNEL32.dll!LoadLibraryA Should be : KERNEL32.dll:796F026D But is    : C:\WINNT\system32\shim.dll:78327800
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : TxfAux.Dll:KERNEL32.dll!LoadLibraryW Should be : KERNEL32.dll:796F031E But is    : C:\WINNT\system32\shim.dll:7832786F
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : docprop2.dll:KERNEL32.DLL!LoadLibraryA Should be : KERNEL32.DLL:796F026D But is    : C:\WINNT\system32\shim.dll:78327800
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : docprop2.dll:KERNEL32.DLL!LoadLibraryW Should be : KERNEL32.DLL:796F031E But is    : C:\WINNT\system32\shim.dll:7832786F
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : COMCTL32.DLL:KERNEL32.dll!LoadLibraryW Should be : KERNEL32.dll:796F031E But is    : C:\WINNT\system32\shim.dll:7832786F
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : browseui.dll:KERNEL32.dll!LoadLibraryA Should be : KERNEL32.dll:796F026D But is    : C:\WINNT\system32\shim.dll:78327800
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : browseui.dll:KERNEL32.dll!LoadLibraryW Should be : KERNEL32.dll:796F031E But is    : C:\WINNT\system32\shim.dll:7832786F
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : mshtmled.dll:KERNEL32.dll!LoadLibraryA Should be : KERNEL32.dll:796F026D But is    : C:\WINNT\system32\shim.dll:78327800
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : SHLWAPI.DLL:KERNEL32.dll!LoadLibraryA Should be : KERNEL32.dll:796F026D But is    : C:\WINNT\system32\shim.dll:78327800
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : SHLWAPI.DLL:KERNEL32.dll!LoadLibraryW Should be : KERNEL32.dll:796F031E But is    : C:\WINNT\system32\shim.dll:7832786F
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : imgutil.dll:KERNEL32.dll!LoadLibraryA Should be : KERNEL32.dll:796F026D But is    : C:\WINNT\system32\shim.dll:78327800
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : mlang.dll:KERNEL32.dll!LoadLibraryA Should be : KERNEL32.dll:796F026D But is    : C:\WINNT\system32\shim.dll:78327800
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : mlang.dll:KERNEL32.dll!LoadLibraryW Should be : KERNEL32.dll:796F031E But is    : C:\WINNT\system32\shim.dll:7832786F
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : webcheck.dll:KERNEL32.dll!LoadLibraryA Should be : KERNEL32.dll:796F026D But is    : C:\WINNT\system32\shim.dll:78327800
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : webcheck.dll:KERNEL32.dll!LoadLibraryW Should be : KERNEL32.dll:796F031E But is    : C:\WINNT\system32\shim.dll:7832786F
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : MSVFW32.DLL:KERNEL32.dll!LoadLibraryA Should be : KERNEL32.dll:796F026D But is    : C:\WINNT\system32\shim.dll:78327800
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : MSVFW32.DLL:KERNEL32.dll!LoadLibraryW Should be : KERNEL32.dll:796F031E But is    : C:\WINNT\system32\shim.dll:7832786F
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : thumbvw.dll:KERNEL32.dll!LoadLibraryA Should be : KERNEL32.dll:796F026D But is    : C:\WINNT\system32\shim.dll:78327800
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : USP10.DLL:KERNEL32.dll!LoadLibraryA Should be : KERNEL32.dll:796F026D But is    : C:\WINNT\system32\shim.dll:78327800
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : mshtml.dll:KERNEL32.dll!LoadLibraryA Should be : KERNEL32.dll:796F026D But is    : C:\WINNT\system32\shim.dll:78327800
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : WININET.DLL:KERNEL32.dll!LoadLibraryA Should be : KERNEL32.dll:796F026D But is    : C:\WINNT\system32\shim.dll:78327800
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : WININET.DLL:KERNEL32.dll!LoadLibraryW Should be : KERNEL32.dll:796F031E But is    : C:\WINNT\system32\shim.dll:7832786F
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : URLMON.DLL:KERNEL32.dll!LoadLibraryW Should be : KERNEL32.dll:796F031E But is    : C:\WINNT\system32\shim.dll:7832786F
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : URLMON.DLL:KERNEL32.dll!LoadLibraryA Should be : KERNEL32.dll:796F026D But is    : C:\WINNT\system32\shim.dll:78327800
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : WhoRU.dll:KERNEL32.dll!LoadLibraryA Should be : KERNEL32.dll:796F026D But is    : C:\WINNT\system32\shim.dll:78327800
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : PDFShell.dll:KERNEL32.dll!LoadLibraryA Should be : KERNEL32.dll:796F026D But is    : C:\WINNT\system32\shim.dll:78327800
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : PDFShell.dll:KERNEL32.dll!LoadLibraryW Should be : KERNEL32.dll:796F031E But is    : C:\WINNT\system32\shim.dll:7832786F
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : SHDOCVW.DLL:KERNEL32.dll!LoadLibraryA Should be : KERNEL32.dll:796F026D But is    : C:\WINNT\system32\shim.dll:78327800
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : SHDOCVW.DLL:KERNEL32.dll!LoadLibraryW Should be : KERNEL32.dll:796F031E But is    : C:\WINNT\system32\shim.dll:7832786F
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : Explorer.EXE:KERNEL32.DLL!LoadLibraryA Should be : KERNEL32.DLL:796F026D But is    : C:\WINNT\system32\shim.dll:78327800
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1180
Details: Import : Function  : Explorer.EXE:KERNEL32.DLL!LoadLibraryW Should be : KERNEL32.DLL:796F031E But is    : C:\WINNT\system32\shim.dll:7832786F
Object-Path: C:\WINNT\system32\shim.dll
Status: Hooked

Object-Type: Process
Object-Name: svchost.exe
Pid: 464
Object-Path: C:\WINNT\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: jusched.exe
Pid: 1332
Object-Path: C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
Status: Visible

Object-Type: Process
Object-Name: `1H€
Pid: 0
Object-Path: 
Status: Visible

Object-Type: Process
Object-Name: AdskScSrv.exe
Pid: 652
Object-Path: C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
Status: Visible

Object-Type: Process
Object-Name: hidserv.exe
Pid: 684
Object-Path: C:\WINNT\system32\hidserv.exe
Status: Visible

Object-Type: Process
Object-Name: explorer.exe
Pid: 1180
Object-Path: C:\WINNT\Explorer.EXE
Status: Visible

Object-Type: Process
Object-Name: aawservice.exe
Pid: 624
Object-Path: C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
Status: Visible

Object-Type: Process
Object-Name: notepad.exe
Pid: 1616
Object-Path: C:\WINNT\system32\NOTEPAD.EXE
Status: Visible

Object-Type: Process
Object-Name: LSASS.EXE
Pid: 316
Object-Path: C:\WINNT\system32\lsass.exe
Status: Visible

Object-Type: Process
Object-Name: rundll32.exe
Pid: 1308
Object-Path: C:\WINNT\system32\RUNDLL32.EXE
Status: Visible

Object-Type: Process
Object-Name: ActualTitleButt
Pid: 1464
Object-Path: C:\Program Files\Actual Title Buttons\ActualTitleButtonsCenter.exe
Status: Visible

Object-Type: Process
Object-Name: System
Pid: 8
Object-Path: 
Status: Visible

Object-Type: Process
Object-Name: CSRSS.EXE
Pid: 256
Object-Path: C:\WINNT\system32\csrss.exe
Status: Visible

Object-Type: Process
Object-Name: Icq.exe
Pid: 1404
Object-Path: C:\PROGRA~1\ICQ\ICQ.exe
Status: Visible

Object-Type: Process
Object-Name: regsvc.exe
Pid: 816
Object-Path: C:\WINNT\system32\regsvc.exe
Status: Visible

Object-Type: Process
Object-Name: Rootkit_Detecti
Pid: 1436
Object-Path: B:\DVD_09_2007\zabezpeceni\rootkitdetective\Rootkit_Detective.exe
Status: Visible

Object-Type: Process
Object-Name: winampa.exe
Pid: 1344
Object-Path: C:\Program Files\Winamp\winampa.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 508
Object-Path: C:\WINNT\System32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: nod32krn.exe
Pid: 756
Object-Path: C:\Program Files\Eset\nod32krn.exe
Status: Visible

Object-Type: Process
Object-Name: ClockTraySkins.
Pid: 1408
Object-Path: C:\Program Files\Clock Tray Skins\ClockTraySkins.exe
Status: Visible

Object-Type: Process
Object-Name: mstask.exe
Pid: 820
Object-Path: C:\WINNT\system32\MSTask.exe
Status: Visible

Object-Type: Process
Object-Name: SMSS.EXE
Pid: 232
Object-Path: C:\WINNT\System32\smss.exe
Status: Visible

Object-Type: Process
Object-Name: nod32kui.exe
Pid: 1348
Object-Path: C:\Program Files\Eset\nod32kui.exe
Status: Visible

Object-Type: Process
Object-Name: ntaskldr.exe
Pid: 1472
Object-Path: C:\lotus\notes\ntaskldr.EXE
Status: Visible

Object-Type: Process
Object-Name: WinMgmt.exe
Pid: 948
Object-Path: C:\WINNT\System32\WBEM\WinMgmt.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 980
Object-Path: C:\WINNT\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: nvsvc32.exe
Pid: 796
Object-Path: C:\WINNT\system32\nvsvc32.exe
Status: Visible

Object-Type: Process
Object-Name: internat.exe
Pid: 1416
Object-Path: C:\WINNT\system32\internat.exe
Status: Visible

Object-Type: Process
Object-Name: daemon.exe
Pid: 1448
Object-Path: C:\Program Files\DAEMON Tools\daemon.exe
Status: Visible

Object-Type: Process
Object-Name: raysat_VIZ2008_
Pid: 736
Object-Path: C:\Program Files\Autodesk\VIZ2008\mentalray\satellite\raysat_VIZ2008_32server.exe
Status: Visible

Object-Type: Process
Object-Name: StarWindService
Pid: 860
Object-Path: C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Status: Visible

Object-Type: Process
Object-Name: gnetmous.exe
Pid: 1388
Object-Path: C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE
Status: Visible

Object-Type: Process
Object-Name: WZQKPICK.EXE
Pid: 1512
Object-Path: C:\Program Files\WinZip\WZQKPICK.EXE
Status: Visible

Object-Type: Process
Object-Name: SERVICES.EXE
Pid: 304
Object-Path: C:\WINNT\system32\services.exe
Status: Visible

Object-Type: Process
Object-Name: VideoAccelerato
Pid: 924
Object-Path: C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
Status: Visible

Object-Type: Process
Object-Name: VideoAccelerato
Pid: 1236
Object-Path: C:\PROGRA~1\SPEEDB~1\VideoAccelerator.exe
Status: Visible

Object-Type: Process
Object-Name: WINLOGON.EXE
Pid: 276
Object-Path: C:\WINNT\system32\winlogon.exe
Status: Visible

Object-Type: Process
Object-Name: spoolsv.exe
Pid: 556
Object-Path: C:\WINNT\system32\spoolsv.exe
Status: Visible

Object-Type: Process
Object-Name: nlnotes.exe
Pid: 1548
Object-Path: C:\lotus\notes\NLNOTES.EXE
Status: Visible

Object-Type: Process
Object-Name: TOTALCMD.EXE
Pid: 1300
Object-Path: C:\Program Files\totalcmd7\TOTALCMD.EXE
Status: Visible

Scan complete. Hidden registry keys/values: 29