XueTr --- Computer Examination Report
Examination Date: 2011-11-15 17:37
OS Information: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Internet Explorer: 8.0.6001.18702

Examination Items:
      Process
      Process Modules
      Process Threads
      Kernel Module
      Notify Routine
      Filter
      DPC Timer
      Worker Thread
      Object Hijack
      Direct IO
      GDT
      SSDT
      Shadow SSDT
      FSD
      Keyboard
      Mouclass
      Classpnp
      Atapi
      Acpi
      Scsi
      Kernel Hook
      Object Type
      IDT
      Message Hook
      Process Hook
      KernelCallbackTable
      Port
      Tcpip
      IE Plugin
      IE Shell
      Spi
      Hosts File
      Startup
      Service
      File Association
      IFEO
      IME
      Firewall Rule
      Scan MBR Rootkit

==========================================================================================

Process

       System - System - 
       smss.exe - C:\WINDOWS\system32\smss.exe - Microsoft Corporation
       csrss.exe - C:\WINDOWS\system32\csrss.exe - Microsoft Corporation
       winlogon.exe - C:\WINDOWS\system32\winlogon.exe - Microsoft Corporation
       services.exe - C:\WINDOWS\system32\services.exe - Microsoft Corporation
       lsass.exe - C:\WINDOWS\system32\lsass.exe - Microsoft Corporation
       svchost.exe - C:\WINDOWS\system32\svchost.exe - Microsoft Corporation
       svchost.exe - C:\WINDOWS\system32\svchost.exe - Microsoft Corporation
       svchost.exe - C:\WINDOWS\system32\svchost.exe - Microsoft Corporation
       svchost.exe - C:\WINDOWS\system32\svchost.exe - Microsoft Corporation
       explorer.exe - C:\WINDOWS\explorer.exe - Microsoft Corporation
       XueTr.exe - C:\Documents and Settings\Mike\Plocha\XueTr.exe - Email: linxer@163.com
       Idle - Idle - 

==========================================================================================

Process Modules

      Image File Name[System]Modules
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[smss.exe]Modules
             smss.exe - C:\WINDOWS\System32\smss.exe - Microsoft Corporation
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[csrss.exe]Modules
             csrss.exe - C:\WINDOWS\system32\csrss.exe - Microsoft Corporation
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             CSRSRV.dll - C:\WINDOWS\system32\CSRSRV.dll - Microsoft Corporation
             basesrv.dll - C:\WINDOWS\system32\basesrv.dll - Microsoft Corporation
             winsrv.dll - C:\WINDOWS\system32\winsrv.dll - Microsoft Corporation
             GDI32.dll - C:\WINDOWS\system32\GDI32.dll - Microsoft Corporation
             KERNEL32.dll - C:\WINDOWS\system32\KERNEL32.dll - Microsoft Corporation
             USER32.dll - C:\WINDOWS\system32\USER32.dll - Microsoft Corporation
             sxs.dll - C:\WINDOWS\system32\sxs.dll - Microsoft Corporation
             ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             Secur32.dll - C:\WINDOWS\system32\Secur32.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[winlogon.exe]Modules
             winlogon.exe - C:\WINDOWS\system32\winlogon.exe - Microsoft Corporation
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             Secur32.dll - C:\WINDOWS\system32\Secur32.dll - Microsoft Corporation
             AUTHZ.dll - C:\WINDOWS\system32\AUTHZ.dll - Microsoft Corporation
             msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             CRYPT32.dll - C:\WINDOWS\system32\CRYPT32.dll - Microsoft Corporation
             MSASN1.dll - C:\WINDOWS\system32\MSASN1.dll - Microsoft Corporation
             USER32.dll - C:\WINDOWS\system32\USER32.dll - Microsoft Corporation
             GDI32.dll - C:\WINDOWS\system32\GDI32.dll - Microsoft Corporation
             NDdeApi.dll - C:\WINDOWS\system32\NDdeApi.dll - Microsoft Corporation
             PROFMAP.dll - C:\WINDOWS\system32\PROFMAP.dll - Microsoft Corporation
             NETAPI32.dll - C:\WINDOWS\system32\NETAPI32.dll - Microsoft Corporation
             USERENV.dll - C:\WINDOWS\system32\USERENV.dll - Microsoft Corporation
             PSAPI.DLL - C:\WINDOWS\system32\PSAPI.DLL - Microsoft Corporation
             REGAPI.dll - C:\WINDOWS\system32\REGAPI.dll - Microsoft Corporation
             SETUPAPI.dll - C:\WINDOWS\system32\SETUPAPI.dll - Microsoft Corporation
             VERSION.dll - C:\WINDOWS\system32\VERSION.dll - Microsoft Corporation
             WINSTA.dll - C:\WINDOWS\system32\WINSTA.dll - Microsoft Corporation
             WINTRUST.dll - C:\WINDOWS\system32\WINTRUST.dll - Microsoft Corporation
             IMAGEHLP.dll - C:\WINDOWS\system32\IMAGEHLP.dll - Microsoft Corporation
             WS2_32.dll - C:\WINDOWS\system32\WS2_32.dll - Microsoft Corporation
             WS2HELP.dll - C:\WINDOWS\system32\WS2HELP.dll - Microsoft Corporation
             IMM32.DLL - C:\WINDOWS\system32\IMM32.DLL - Microsoft Corporation
             MSGINA.dll - C:\WINDOWS\system32\MSGINA.dll - Microsoft Corporation
             COMCTL32.dll - C:\WINDOWS\system32\COMCTL32.dll - Microsoft Corporation
             ODBC32.dll - C:\WINDOWS\system32\ODBC32.dll - Microsoft Corporation
             comdlg32.dll - C:\WINDOWS\system32\comdlg32.dll - Microsoft Corporation
             SHELL32.dll - C:\WINDOWS\system32\SHELL32.dll - Microsoft Corporation
             SHLWAPI.dll - C:\WINDOWS\system32\SHLWAPI.dll - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - Microsoft Corporation
             odbcint.dll - C:\WINDOWS\system32\odbcint.dll - Microsoft Corporation
             SHSVCS.dll - C:\WINDOWS\system32\SHSVCS.dll - Microsoft Corporation
             sfc.dll - C:\WINDOWS\system32\sfc.dll - Microsoft Corporation
             sfc_os.dll - C:\WINDOWS\system32\sfc_os.dll - Microsoft Corporation
             ole32.dll - C:\WINDOWS\system32\ole32.dll - Microsoft Corporation
             Apphelp.dll - C:\WINDOWS\system32\Apphelp.dll - Microsoft Corporation
             msctfime.ime - C:\WINDOWS\system32\msctfime.ime - Microsoft Corporation
             WINMM.dll - C:\WINDOWS\system32\WINMM.dll - Microsoft Corporation
             SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - SUPERAntiSpyware.com
             OLEAUT32.dll - C:\WINDOWS\system32\OLEAUT32.dll - Microsoft Corporation
             WININET.dll - C:\WINDOWS\system32\WININET.dll - Microsoft Corporation
             Normaliz.dll - C:\WINDOWS\system32\Normaliz.dll - Microsoft Corporation
             urlmon.dll - C:\WINDOWS\system32\urlmon.dll - Microsoft Corporation
             iertutil.dll - C:\WINDOWS\system32\iertutil.dll - Microsoft Corporation
             rsaenh.dll - C:\WINDOWS\system32\rsaenh.dll - Microsoft Corporation
             Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll - ATI Technologies Inc.
             cscdll.dll - C:\WINDOWS\system32\cscdll.dll - Microsoft Corporation
             dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll - Microsoft Corporation
             WlNotify.dll - C:\WINDOWS\system32\WlNotify.dll - Microsoft Corporation
             MPR.dll - C:\WINDOWS\system32\MPR.dll - Microsoft Corporation
             WinSCard.dll - C:\WINDOWS\system32\WinSCard.dll - Microsoft Corporation
             WTSAPI32.dll - C:\WINDOWS\system32\WTSAPI32.dll - Microsoft Corporation
             WINSPOOL.DRV - C:\WINDOWS\system32\WINSPOOL.DRV - Microsoft Corporation
             WgaLogon.dll - C:\WINDOWS\system32\WgaLogon.dll - 
             NTMARTA.DLL - C:\WINDOWS\system32\NTMARTA.DLL - Microsoft Corporation
             SAMLIB.dll - C:\WINDOWS\system32\SAMLIB.dll - Microsoft Corporation
             WLDAP32.dll - C:\WINDOWS\system32\WLDAP32.dll - Microsoft Corporation
             CLBCATQ.DLL - C:\WINDOWS\system32\CLBCATQ.DLL - Microsoft Corporation
             COMRes.dll - C:\WINDOWS\system32\COMRes.dll - Microsoft Corporation
             UxTheme.dll - C:\WINDOWS\system32\UxTheme.dll - Microsoft Corporation
             cscui.dll - C:\WINDOWS\system32\cscui.dll - Microsoft Corporation
             xpsp2res.dll - C:\WINDOWS\system32\xpsp2res.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[services.exe]Modules
             services.exe - C:\WINDOWS\system32\services.exe - Microsoft Corporation
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             Secur32.dll - C:\WINDOWS\system32\Secur32.dll - Microsoft Corporation
             msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             NCObjAPI.DLL - C:\WINDOWS\system32\NCObjAPI.DLL - Microsoft Corporation
             MSVCP60.dll - C:\WINDOWS\system32\MSVCP60.dll - Microsoft Corporation
             SCESRV.dll - C:\WINDOWS\system32\SCESRV.dll - Microsoft Corporation
             AUTHZ.dll - C:\WINDOWS\system32\AUTHZ.dll - Microsoft Corporation
             USER32.dll - C:\WINDOWS\system32\USER32.dll - Microsoft Corporation
             GDI32.dll - C:\WINDOWS\system32\GDI32.dll - Microsoft Corporation
             USERENV.dll - C:\WINDOWS\system32\USERENV.dll - Microsoft Corporation
             umpnpmgr.dll - C:\WINDOWS\system32\umpnpmgr.dll - Microsoft Corporation
             WINSTA.dll - C:\WINDOWS\system32\WINSTA.dll - Microsoft Corporation
             NETAPI32.dll - C:\WINDOWS\system32\NETAPI32.dll - Microsoft Corporation
             ShimEng.dll - C:\WINDOWS\system32\ShimEng.dll - Microsoft Corporation
             AcAdProc.dll - C:\WINDOWS\AppPatch\AcAdProc.dll - Microsoft Corporation
             IMM32.DLL - C:\WINDOWS\system32\IMM32.DLL - Microsoft Corporation
             Apphelp.dll - C:\WINDOWS\system32\Apphelp.dll - Microsoft Corporation
             VERSION.dll - C:\WINDOWS\system32\VERSION.dll - Microsoft Corporation
             eventlog.dll - C:\WINDOWS\system32\eventlog.dll - Microsoft Corporation
             PSAPI.DLL - C:\WINDOWS\system32\PSAPI.DLL - Microsoft Corporation
             WS2_32.dll - C:\WINDOWS\system32\WS2_32.dll - Microsoft Corporation
             WS2HELP.dll - C:\WINDOWS\system32\WS2HELP.dll - Microsoft Corporation
             wtsapi32.dll - C:\WINDOWS\system32\wtsapi32.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[lsass.exe]Modules
             lsass.exe - C:\WINDOWS\system32\lsass.exe - Microsoft Corporation
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             Secur32.dll - C:\WINDOWS\system32\Secur32.dll - Microsoft Corporation
             LSASRV.dll - C:\WINDOWS\system32\LSASRV.dll - Microsoft Corporation
             MPR.dll - C:\WINDOWS\system32\MPR.dll - Microsoft Corporation
             USER32.dll - C:\WINDOWS\system32\USER32.dll - Microsoft Corporation
             GDI32.dll - C:\WINDOWS\system32\GDI32.dll - Microsoft Corporation
             MSASN1.dll - C:\WINDOWS\system32\MSASN1.dll - Microsoft Corporation
             msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             NETAPI32.dll - C:\WINDOWS\system32\NETAPI32.dll - Microsoft Corporation
             NTDSAPI.dll - C:\WINDOWS\system32\NTDSAPI.dll - Microsoft Corporation
             DNSAPI.dll - C:\WINDOWS\system32\DNSAPI.dll - Microsoft Corporation
             WS2_32.dll - C:\WINDOWS\system32\WS2_32.dll - Microsoft Corporation
             WS2HELP.dll - C:\WINDOWS\system32\WS2HELP.dll - Microsoft Corporation
             WLDAP32.dll - C:\WINDOWS\system32\WLDAP32.dll - Microsoft Corporation
             SAMLIB.dll - C:\WINDOWS\system32\SAMLIB.dll - Microsoft Corporation
             SAMSRV.dll - C:\WINDOWS\system32\SAMSRV.dll - Microsoft Corporation
             cryptdll.dll - C:\WINDOWS\system32\cryptdll.dll - Microsoft Corporation
             ShimEng.dll - C:\WINDOWS\system32\ShimEng.dll - Microsoft Corporation
             AcGenral.DLL - C:\WINDOWS\AppPatch\AcGenral.DLL - Microsoft Corporation
             WINMM.dll - C:\WINDOWS\system32\WINMM.dll - Microsoft Corporation
             ole32.dll - C:\WINDOWS\system32\ole32.dll - Microsoft Corporation
             OLEAUT32.dll - C:\WINDOWS\system32\OLEAUT32.dll - Microsoft Corporation
             MSACM32.dll - C:\WINDOWS\system32\MSACM32.dll - Microsoft Corporation
             VERSION.dll - C:\WINDOWS\system32\VERSION.dll - Microsoft Corporation
             SHELL32.dll - C:\WINDOWS\system32\SHELL32.dll - Microsoft Corporation
             SHLWAPI.dll - C:\WINDOWS\system32\SHLWAPI.dll - Microsoft Corporation
             USERENV.dll - C:\WINDOWS\system32\USERENV.dll - Microsoft Corporation
             UxTheme.dll - C:\WINDOWS\system32\UxTheme.dll - Microsoft Corporation
             IMM32.DLL - C:\WINDOWS\system32\IMM32.DLL - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\system32\comctl32.dll - Microsoft Corporation
             msprivs.dll - C:\WINDOWS\system32\msprivs.dll - Microsoft Corporation
             kerberos.dll - C:\WINDOWS\system32\kerberos.dll - Microsoft Corporation
             msv1_0.dll - C:\WINDOWS\system32\msv1_0.dll - Microsoft Corporation
             iphlpapi.dll - C:\WINDOWS\system32\iphlpapi.dll - Microsoft Corporation
             netlogon.dll - C:\WINDOWS\system32\netlogon.dll - Microsoft Corporation
             w32time.dll - C:\WINDOWS\system32\w32time.dll - Microsoft Corporation
             MSVCP60.dll - C:\WINDOWS\system32\MSVCP60.dll - Microsoft Corporation
             schannel.dll - C:\WINDOWS\system32\schannel.dll - Microsoft Corporation
             CRYPT32.dll - C:\WINDOWS\system32\CRYPT32.dll - Microsoft Corporation
             wdigest.dll - C:\WINDOWS\system32\wdigest.dll - Microsoft Corporation
             rsaenh.dll - C:\WINDOWS\system32\rsaenh.dll - Microsoft Corporation
             setupapi.dll - C:\WINDOWS\system32\setupapi.dll - Microsoft Corporation
             scecli.dll - C:\WINDOWS\system32\scecli.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[svchost.exe]Modules
             svchost.exe - C:\WINDOWS\system32\svchost.exe - Microsoft Corporation
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             Secur32.dll - C:\WINDOWS\system32\Secur32.dll - Microsoft Corporation
             ShimEng.dll - C:\WINDOWS\system32\ShimEng.dll - Microsoft Corporation
             AcGenral.DLL - C:\WINDOWS\AppPatch\AcGenral.DLL - Microsoft Corporation
             USER32.dll - C:\WINDOWS\system32\USER32.dll - Microsoft Corporation
             GDI32.dll - C:\WINDOWS\system32\GDI32.dll - Microsoft Corporation
             WINMM.dll - C:\WINDOWS\system32\WINMM.dll - Microsoft Corporation
             ole32.dll - C:\WINDOWS\system32\ole32.dll - Microsoft Corporation
             msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             OLEAUT32.dll - C:\WINDOWS\system32\OLEAUT32.dll - Microsoft Corporation
             MSACM32.dll - C:\WINDOWS\system32\MSACM32.dll - Microsoft Corporation
             VERSION.dll - C:\WINDOWS\system32\VERSION.dll - Microsoft Corporation
             SHELL32.dll - C:\WINDOWS\system32\SHELL32.dll - Microsoft Corporation
             SHLWAPI.dll - C:\WINDOWS\system32\SHLWAPI.dll - Microsoft Corporation
             USERENV.dll - C:\WINDOWS\system32\USERENV.dll - Microsoft Corporation
             UxTheme.dll - C:\WINDOWS\system32\UxTheme.dll - Microsoft Corporation
             IMM32.DLL - C:\WINDOWS\system32\IMM32.DLL - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\system32\comctl32.dll - Microsoft Corporation
             NTMARTA.DLL - C:\WINDOWS\system32\NTMARTA.DLL - Microsoft Corporation
             SAMLIB.dll - C:\WINDOWS\system32\SAMLIB.dll - Microsoft Corporation
             WLDAP32.dll - C:\WINDOWS\system32\WLDAP32.dll - Microsoft Corporation
             rpcss.dll - c:\windows\system32\rpcss.dll - Microsoft Corporation
             WS2_32.dll - c:\windows\system32\WS2_32.dll - Microsoft Corporation
             WS2HELP.dll - c:\windows\system32\WS2HELP.dll - Microsoft Corporation
             xpsp2res.dll - C:\WINDOWS\system32\xpsp2res.dll - Microsoft Corporation
             CLBCATQ.DLL - C:\WINDOWS\system32\CLBCATQ.DLL - Microsoft Corporation
             COMRes.dll - C:\WINDOWS\system32\COMRes.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[svchost.exe]Modules
             svchost.exe - C:\WINDOWS\system32\svchost.exe - Microsoft Corporation
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             Secur32.dll - C:\WINDOWS\system32\Secur32.dll - Microsoft Corporation
             ShimEng.dll - C:\WINDOWS\system32\ShimEng.dll - Microsoft Corporation
             AcGenral.DLL - C:\WINDOWS\AppPatch\AcGenral.DLL - Microsoft Corporation
             USER32.dll - C:\WINDOWS\system32\USER32.dll - Microsoft Corporation
             GDI32.dll - C:\WINDOWS\system32\GDI32.dll - Microsoft Corporation
             WINMM.dll - C:\WINDOWS\system32\WINMM.dll - Microsoft Corporation
             ole32.dll - C:\WINDOWS\system32\ole32.dll - Microsoft Corporation
             msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             OLEAUT32.dll - C:\WINDOWS\system32\OLEAUT32.dll - Microsoft Corporation
             MSACM32.dll - C:\WINDOWS\system32\MSACM32.dll - Microsoft Corporation
             VERSION.dll - C:\WINDOWS\system32\VERSION.dll - Microsoft Corporation
             SHELL32.dll - C:\WINDOWS\system32\SHELL32.dll - Microsoft Corporation
             SHLWAPI.dll - C:\WINDOWS\system32\SHLWAPI.dll - Microsoft Corporation
             USERENV.dll - C:\WINDOWS\system32\USERENV.dll - Microsoft Corporation
             UxTheme.dll - C:\WINDOWS\system32\UxTheme.dll - Microsoft Corporation
             IMM32.DLL - C:\WINDOWS\system32\IMM32.DLL - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\system32\comctl32.dll - Microsoft Corporation
             rpcss.dll - c:\windows\system32\rpcss.dll - Microsoft Corporation
             WS2_32.dll - c:\windows\system32\WS2_32.dll - Microsoft Corporation
             WS2HELP.dll - c:\windows\system32\WS2HELP.dll - Microsoft Corporation
             xpsp2res.dll - C:\WINDOWS\system32\xpsp2res.dll - Microsoft Corporation
             rsaenh.dll - C:\WINDOWS\system32\rsaenh.dll - Microsoft Corporation
             mswsock.dll - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation
             avsda.dll - C:\Program Files\Avira\AntiVir Desktop\avsda.dll - Avira Operations GmbH & Co. KG
             IPHLPAPI.DLL - C:\WINDOWS\system32\IPHLPAPI.DLL - Microsoft Corporation
             hnetcfg.dll - C:\WINDOWS\system32\hnetcfg.dll - Microsoft Corporation
             wshtcpip.dll - C:\WINDOWS\System32\wshtcpip.dll - Microsoft Corporation
             DNSAPI.dll - C:\WINDOWS\system32\DNSAPI.dll - Microsoft Corporation
             winrnr.dll - C:\WINDOWS\System32\winrnr.dll - Microsoft Corporation
             WLDAP32.dll - C:\WINDOWS\system32\WLDAP32.dll - Microsoft Corporation
             mdnsNSP.dll - C:\Program Files\Bonjour\mdnsNSP.dll - Apple Inc.
             wshbth.dll - C:\WINDOWS\system32\wshbth.dll - Microsoft Corporation
             SETUPAPI.dll - C:\WINDOWS\system32\SETUPAPI.dll - Microsoft Corporation
             rasadhlp.dll - C:\WINDOWS\system32\rasadhlp.dll - Microsoft Corporation
             CLBCATQ.DLL - C:\WINDOWS\system32\CLBCATQ.DLL - Microsoft Corporation
             COMRes.dll - C:\WINDOWS\system32\COMRes.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[svchost.exe]Modules
             svchost.exe - C:\WINDOWS\system32\svchost.exe - Microsoft Corporation
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             Secur32.dll - C:\WINDOWS\system32\Secur32.dll - Microsoft Corporation
             ShimEng.dll - C:\WINDOWS\system32\ShimEng.dll - Microsoft Corporation
             AcGenral.DLL - C:\WINDOWS\AppPatch\AcGenral.DLL - Microsoft Corporation
             USER32.dll - C:\WINDOWS\system32\USER32.dll - Microsoft Corporation
             GDI32.dll - C:\WINDOWS\system32\GDI32.dll - Microsoft Corporation
             WINMM.dll - C:\WINDOWS\system32\WINMM.dll - Microsoft Corporation
             ole32.dll - C:\WINDOWS\system32\ole32.dll - Microsoft Corporation
             msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             OLEAUT32.dll - C:\WINDOWS\system32\OLEAUT32.dll - Microsoft Corporation
             MSACM32.dll - C:\WINDOWS\system32\MSACM32.dll - Microsoft Corporation
             VERSION.dll - C:\WINDOWS\system32\VERSION.dll - Microsoft Corporation
             SHELL32.dll - C:\WINDOWS\system32\SHELL32.dll - Microsoft Corporation
             SHLWAPI.dll - C:\WINDOWS\system32\SHLWAPI.dll - Microsoft Corporation
             USERENV.dll - C:\WINDOWS\system32\USERENV.dll - Microsoft Corporation
             UxTheme.dll - C:\WINDOWS\system32\UxTheme.dll - Microsoft Corporation
             IMM32.DLL - C:\WINDOWS\system32\IMM32.DLL - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\system32\comctl32.dll - Microsoft Corporation
             wudfsvc.dll - c:\windows\system32\wudfsvc.dll - Microsoft Corporation
             SETUPAPI.dll - c:\windows\system32\SETUPAPI.dll - Microsoft Corporation
             WUDFPlatform.dll - c:\windows\system32\WUDFPlatform.dll - Microsoft Corporation
             PSAPI.DLL - c:\windows\system32\PSAPI.DLL - Microsoft Corporation
             WINTRUST.dll - C:\WINDOWS\system32\WINTRUST.dll - Microsoft Corporation
             CRYPT32.dll - C:\WINDOWS\system32\CRYPT32.dll - Microsoft Corporation
             MSASN1.dll - C:\WINDOWS\system32\MSASN1.dll - Microsoft Corporation
             IMAGEHLP.dll - C:\WINDOWS\system32\IMAGEHLP.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[svchost.exe]Modules
             svchost.exe - C:\WINDOWS\system32\svchost.exe - Microsoft Corporation
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             Secur32.dll - C:\WINDOWS\system32\Secur32.dll - Microsoft Corporation
             ShimEng.dll - C:\WINDOWS\system32\ShimEng.dll - Microsoft Corporation
             AcGenral.DLL - C:\WINDOWS\AppPatch\AcGenral.DLL - Microsoft Corporation
             USER32.dll - C:\WINDOWS\system32\USER32.dll - Microsoft Corporation
             GDI32.dll - C:\WINDOWS\system32\GDI32.dll - Microsoft Corporation
             WINMM.dll - C:\WINDOWS\system32\WINMM.dll - Microsoft Corporation
             ole32.dll - C:\WINDOWS\system32\ole32.dll - Microsoft Corporation
             msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             OLEAUT32.dll - C:\WINDOWS\system32\OLEAUT32.dll - Microsoft Corporation
             MSACM32.dll - C:\WINDOWS\system32\MSACM32.dll - Microsoft Corporation
             VERSION.dll - C:\WINDOWS\system32\VERSION.dll - Microsoft Corporation
             SHELL32.dll - C:\WINDOWS\system32\SHELL32.dll - Microsoft Corporation
             SHLWAPI.dll - C:\WINDOWS\system32\SHLWAPI.dll - Microsoft Corporation
             USERENV.dll - C:\WINDOWS\system32\USERENV.dll - Microsoft Corporation
             UxTheme.dll - C:\WINDOWS\system32\UxTheme.dll - Microsoft Corporation
             IMM32.DLL - C:\WINDOWS\system32\IMM32.DLL - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\system32\comctl32.dll - Microsoft Corporation
             NTMARTA.DLL - C:\WINDOWS\system32\NTMARTA.DLL - Microsoft Corporation
             SAMLIB.dll - C:\WINDOWS\system32\SAMLIB.dll - Microsoft Corporation
             WLDAP32.dll - C:\WINDOWS\system32\WLDAP32.dll - Microsoft Corporation
             xpsp2res.dll - C:\WINDOWS\system32\xpsp2res.dll - Microsoft Corporation
             dmserver.dll - c:\windows\system32\dmserver.dll - Microsoft Corp.
             SETUPAPI.dll - c:\windows\system32\SETUPAPI.dll - Microsoft Corporation
             srsvc.dll - c:\windows\system32\srsvc.dll - Microsoft Corporation
             POWRPROF.dll - c:\windows\system32\POWRPROF.dll - Microsoft Corporation
             wmisvc.dll - c:\windows\system32\wbem\wmisvc.dll - Microsoft Corporation
             VSSAPI.DLL - C:\WINDOWS\system32\VSSAPI.DLL - Microsoft Corporation
             ATL.DLL - C:\WINDOWS\system32\ATL.DLL - Microsoft Corporation
             NETAPI32.dll - C:\WINDOWS\system32\NETAPI32.dll - Microsoft Corporation
             pchsvc.dll - c:\windows\pchealth\helpctr\binaries\pchsvc.dll - Microsoft Corporation
             WINSTA.dll - C:\WINDOWS\system32\WINSTA.dll - Microsoft Corporation
             CLBCATQ.DLL - C:\WINDOWS\system32\CLBCATQ.DLL - Microsoft Corporation
             COMRes.dll - C:\WINDOWS\system32\COMRes.dll - Microsoft Corporation
             cryptsvc.dll - c:\windows\system32\cryptsvc.dll - Microsoft Corporation
             certcli.dll - c:\windows\system32\certcli.dll - Microsoft Corporation
             CRYPT32.dll - c:\windows\system32\CRYPT32.dll - Microsoft Corporation
             MSASN1.dll - c:\windows\system32\MSASN1.dll - Microsoft Corporation
             CRYPTUI.dll - c:\windows\system32\CRYPTUI.dll - Microsoft Corporation
             WININET.dll - C:\WINDOWS\system32\WININET.dll - Microsoft Corporation
             Normaliz.dll - C:\WINDOWS\system32\Normaliz.dll - Microsoft Corporation
             urlmon.dll - C:\WINDOWS\system32\urlmon.dll - Microsoft Corporation
             iertutil.dll - C:\WINDOWS\system32\iertutil.dll - Microsoft Corporation
             WINTRUST.dll - c:\windows\system32\WINTRUST.dll - Microsoft Corporation
             IMAGEHLP.dll - C:\WINDOWS\system32\IMAGEHLP.dll - Microsoft Corporation
             ESENT.dll - c:\windows\system32\ESENT.dll - Microsoft Corporation
             wbemcore.dll - C:\WINDOWS\system32\wbem\wbemcore.dll - Microsoft Corporation
             MSVCP60.dll - C:\WINDOWS\system32\MSVCP60.dll - Microsoft Corporation
             esscli.dll - C:\WINDOWS\system32\wbem\esscli.dll - Microsoft Corporation
             wbemcomn.dll - C:\WINDOWS\system32\wbem\wbemcomn.dll - Microsoft Corporation
             FastProx.dll - C:\WINDOWS\system32\wbem\FastProx.dll - Microsoft Corporation
             NTDSAPI.dll - C:\WINDOWS\system32\NTDSAPI.dll - Microsoft Corporation
             DNSAPI.dll - C:\WINDOWS\system32\DNSAPI.dll - Microsoft Corporation
             WS2_32.dll - C:\WINDOWS\system32\WS2_32.dll - Microsoft Corporation
             WS2HELP.dll - C:\WINDOWS\system32\WS2HELP.dll - Microsoft Corporation
             wmiutils.dll - C:\WINDOWS\system32\wbem\wmiutils.dll - Microsoft Corporation
             repdrvfs.dll - C:\WINDOWS\system32\wbem\repdrvfs.dll - Microsoft Corporation
             wmiprvsd.dll - C:\WINDOWS\system32\wbem\wmiprvsd.dll - Microsoft Corporation
             NCObjAPI.DLL - C:\WINDOWS\system32\NCObjAPI.DLL - Microsoft Corporation
             wbemess.dll - C:\WINDOWS\system32\wbem\wbemess.dll - Microsoft Corporation
             rsaenh.dll - C:\WINDOWS\system32\rsaenh.dll - Microsoft Corporation
             ncprov.dll - C:\WINDOWS\system32\wbem\ncprov.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[explorer.exe]Modules
             Explorer.EXE - C:\WINDOWS\Explorer.EXE - Microsoft Corporation
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             Secur32.dll - C:\WINDOWS\system32\Secur32.dll - Microsoft Corporation
             BROWSEUI.dll - C:\WINDOWS\system32\BROWSEUI.dll - Spolenost Microsoft
             GDI32.dll - C:\WINDOWS\system32\GDI32.dll - Microsoft Corporation
             USER32.dll - C:\WINDOWS\system32\USER32.dll - Microsoft Corporation
             msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             ole32.dll - C:\WINDOWS\system32\ole32.dll - Microsoft Corporation
             SHLWAPI.dll - C:\WINDOWS\system32\SHLWAPI.dll - Microsoft Corporation
             OLEAUT32.dll - C:\WINDOWS\system32\OLEAUT32.dll - Microsoft Corporation
             SHDOCVW.dll - C:\WINDOWS\system32\SHDOCVW.dll - Microsoft Corporation
             CRYPT32.dll - C:\WINDOWS\system32\CRYPT32.dll - Microsoft Corporation
             MSASN1.dll - C:\WINDOWS\system32\MSASN1.dll - Microsoft Corporation
             CRYPTUI.dll - C:\WINDOWS\system32\CRYPTUI.dll - Microsoft Corporation
             NETAPI32.dll - C:\WINDOWS\system32\NETAPI32.dll - Microsoft Corporation
             VERSION.dll - C:\WINDOWS\system32\VERSION.dll - Microsoft Corporation
             WININET.dll - C:\WINDOWS\system32\WININET.dll - Microsoft Corporation
             Normaliz.dll - C:\WINDOWS\system32\Normaliz.dll - Microsoft Corporation
             urlmon.dll - C:\WINDOWS\system32\urlmon.dll - Microsoft Corporation
             iertutil.dll - C:\WINDOWS\system32\iertutil.dll - Microsoft Corporation
             WINTRUST.dll - C:\WINDOWS\system32\WINTRUST.dll - Microsoft Corporation
             IMAGEHLP.dll - C:\WINDOWS\system32\IMAGEHLP.dll - Microsoft Corporation
             WLDAP32.dll - C:\WINDOWS\system32\WLDAP32.dll - Microsoft Corporation
             SHELL32.dll - C:\WINDOWS\system32\SHELL32.dll - Microsoft Corporation
             UxTheme.dll - C:\WINDOWS\system32\UxTheme.dll - Microsoft Corporation
             ShimEng.dll - C:\WINDOWS\system32\ShimEng.dll - Microsoft Corporation
             AcGenral.DLL - C:\WINDOWS\AppPatch\AcGenral.DLL - Microsoft Corporation
             WINMM.dll - C:\WINDOWS\system32\WINMM.dll - Microsoft Corporation
             MSACM32.dll - C:\WINDOWS\system32\MSACM32.dll - Microsoft Corporation
             USERENV.dll - C:\WINDOWS\system32\USERENV.dll - Microsoft Corporation
             IMM32.DLL - C:\WINDOWS\system32\IMM32.DLL - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\system32\comctl32.dll - Microsoft Corporation
             msctfime.ime - C:\WINDOWS\system32\msctfime.ime - Microsoft Corporation
             appHelp.dll - C:\WINDOWS\system32\appHelp.dll - Microsoft Corporation
             CLBCATQ.DLL - C:\WINDOWS\system32\CLBCATQ.DLL - Microsoft Corporation
             COMRes.dll - C:\WINDOWS\system32\COMRes.dll - Microsoft Corporation
             GrooveShellExtensions.dll - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll - Microsoft Corporation
             GrooveUtil.DLL - C:\Program Files\Microsoft Office\Office12\GrooveUtil.DLL - Microsoft Corporation
             MSVCR80.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll - Microsoft Corporation
             GrooveNew.DLL - C:\Program Files\Microsoft Office\Office12\GrooveNew.DLL - Microsoft Corporation
             ATL80.DLL - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.DLL - Microsoft Corporation
             rsaenh.dll - C:\WINDOWS\system32\rsaenh.dll - Microsoft Corporation
             MSImg32.dll - C:\WINDOWS\system32\MSImg32.dll - Microsoft Corporation
             cscui.dll - C:\WINDOWS\System32\cscui.dll - Microsoft Corporation
             CSCDLL.dll - C:\WINDOWS\System32\CSCDLL.dll - Microsoft Corporation
             themeui.dll - C:\WINDOWS\system32\themeui.dll - Microsoft Corporation
             xpsp2res.dll - C:\WINDOWS\system32\xpsp2res.dll - Microsoft Corporation
             msutb.dll - C:\WINDOWS\system32\msutb.dll - Microsoft Corporation
             MSCTF.dll - C:\WINDOWS\system32\MSCTF.dll - Microsoft Corporation
             LINKINFO.dll - C:\WINDOWS\system32\LINKINFO.dll - Microsoft Corporation
             ntshrui.dll - C:\WINDOWS\system32\ntshrui.dll - Microsoft Corporation
             ATL.DLL - C:\WINDOWS\system32\ATL.DLL - Microsoft Corporation
             SAMLIB.dll - C:\WINDOWS\system32\SAMLIB.dll - Microsoft Corporation
             GrooveSystemServices.dll - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll - Microsoft Corporation
             msxml3.dll - C:\WINDOWS\system32\msxml3.dll - Microsoft Corporation
             NeroDigitalExt.dll - C:\Program Files\Common Files\Nero\SMC\NeroDigitalExt.dll - Nero AG
             MFC80.DLL - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\MFC80.DLL - Microsoft Corporation
             MSVCP80.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCP80.dll - Microsoft Corporation
             PDFShell.dll - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll - Adobe Systems, Inc.
             SETUPAPI.dll - C:\WINDOWS\system32\SETUPAPI.dll - Microsoft Corporation
             ieframe.dll - C:\WINDOWS\system32\ieframe.dll - Microsoft Corporation
             NETSHELL.dll - C:\WINDOWS\system32\NETSHELL.dll - Microsoft Corporation
             credui.dll - C:\WINDOWS\system32\credui.dll - Microsoft Corporation
             dot3api.dll - C:\WINDOWS\system32\dot3api.dll - Microsoft Corporation
             rtutils.dll - C:\WINDOWS\system32\rtutils.dll - Microsoft Corporation
             dot3dlg.dll - C:\WINDOWS\system32\dot3dlg.dll - Microsoft Corporation
             OneX.DLL - C:\WINDOWS\system32\OneX.DLL - Microsoft Corporation
             WTSAPI32.dll - C:\WINDOWS\system32\WTSAPI32.dll - Microsoft Corporation
             WINSTA.dll - C:\WINDOWS\system32\WINSTA.dll - Microsoft Corporation
             eappcfg.dll - C:\WINDOWS\system32\eappcfg.dll - Microsoft Corporation
             MSVCP60.dll - C:\WINDOWS\system32\MSVCP60.dll - Microsoft Corporation
             eappprxy.dll - C:\WINDOWS\system32\eappprxy.dll - Microsoft Corporation
             iphlpapi.dll - C:\WINDOWS\system32\iphlpapi.dll - Microsoft Corporation
             WS2_32.dll - C:\WINDOWS\system32\WS2_32.dll - Microsoft Corporation
             WS2HELP.dll - C:\WINDOWS\system32\WS2HELP.dll - Microsoft Corporation
             SASSEH.DLL - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL - SuperAdBlocker.com
             browselc.dll - C:\WINDOWS\system32\browselc.dll - Microsoft Corporation
             msi.dll - C:\WINDOWS\system32\msi.dll - Microsoft Corporation
             MPR.dll - C:\WINDOWS\system32\MPR.dll - Microsoft Corporation
             drprov.dll - C:\WINDOWS\System32\drprov.dll - Microsoft Corporation
             ntlanman.dll - C:\WINDOWS\System32\ntlanman.dll - Microsoft Corporation
             NETUI0.dll - C:\WINDOWS\System32\NETUI0.dll - Microsoft Corporation
             NETUI1.dll - C:\WINDOWS\System32\NETUI1.dll - Microsoft Corporation
             NETRAP.dll - C:\WINDOWS\System32\NETRAP.dll - Microsoft Corporation
             davclnt.dll - C:\WINDOWS\System32\davclnt.dll - Microsoft Corporation
             PortableDeviceApi.dll - C:\WINDOWS\system32\PortableDeviceApi.dll - Microsoft Corporation
             MSGINA.dll - C:\WINDOWS\system32\MSGINA.dll - Microsoft Corporation
             ODBC32.dll - C:\WINDOWS\system32\ODBC32.dll - Microsoft Corporation
             comdlg32.dll - C:\WINDOWS\system32\comdlg32.dll - Microsoft Corporation
             odbcint.dll - C:\WINDOWS\system32\odbcint.dll - Microsoft Corporation
             MLANG.dll - C:\WINDOWS\system32\MLANG.dll - Microsoft Corporation
             GrooveMisc.dll - C:\Program Files\Microsoft Office\Office12\GrooveMisc.dll - Microsoft Corporation
             zipfldr.dll - C:\WINDOWS\system32\zipfldr.dll - Microsoft Corporation
             rarext.dll - C:\Program Files\WinRAR\rarext.dll - 
             7-zip.dll - D:\Program Files\7-Zip\7-zip.dll - Igor Pavlov
             actxprxy.dll - C:\WINDOWS\system32\actxprxy.dll - Microsoft Corporation
             SASCTXMN.DLL - C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL - SUPERAntiSpyware.com
             Mp3tagShell32.dll - d:\Program Files\Mp3tag\Mp3tagShell32.dll - Florian Heidenreich
             WINSPOOL.DRV - C:\WINDOWS\system32\WINSPOOL.DRV - Microsoft Corporation
             CoverEdExtension.dll - D:\Program Files\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll - Nero AG
             gdiplus.dll - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\gdiplus.dll - Microsoft Corporation
             MSVFW32.dll - C:\WINDOWS\system32\MSVFW32.dll - Microsoft Corporation
             Faultrep.dll - C:\WINDOWS\system32\Faultrep.dll - Microsoft Corporation
             RICHED32.DLL - C:\WINDOWS\system32\RICHED32.DLL - Microsoft Corporation
             RICHED20.dll - C:\WINDOWS\system32\RICHED20.dll - Microsoft Corporation
             UnlockerCOM.dll - C:\Program Files\Unlocker\UnlockerCOM.dll - 
             shlext.dll - C:\Program Files\Avira\AntiVir Desktop\shlext.dll - Avira Operations GmbH & Co. KG
             mfc100u.dll - C:\WINDOWS\system32\mfc100u.dll - Microsoft Corporation
             MSVCR100.dll - C:\WINDOWS\system32\MSVCR100.dll - Microsoft Corporation
             MSVCP100.dll - C:\WINDOWS\system32\MSVCP100.dll - Microsoft Corporation
             oodsh.dll - D:\PROGRA~1\OOSOFT~1\Defrag\oodsh.dll - O&O Software GmbH
             oledlg.dll - C:\WINDOWS\system32\oledlg.dll - Microsoft Corporation
             OODSHRS.DLL - D:\PROGRA~1\OOSOFT~1\Defrag\OODSHRS.DLL - O&O Software GmbH
             FRIntegration.dll - D:\Program Files\ABBYY FineReader 10\FRIntegration.dll - ABBYY.

------------------------------------------------------------------------------------------

      Image File Name[XueTr.exe]Modules
             XueTr.exe - C:\Documents and Settings\Mike\Plocha\XueTr.exe - Email: linxer@163.com
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             MFC42u.DLL - C:\WINDOWS\system32\MFC42u.DLL - Microsoft Corporation
             msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             GDI32.dll - C:\WINDOWS\system32\GDI32.dll - Microsoft Corporation
             USER32.dll - C:\WINDOWS\system32\USER32.dll - Microsoft Corporation
             ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             Secur32.dll - C:\WINDOWS\system32\Secur32.dll - Microsoft Corporation
             SHELL32.dll - C:\WINDOWS\system32\SHELL32.dll - Microsoft Corporation
             SHLWAPI.dll - C:\WINDOWS\system32\SHLWAPI.dll - Microsoft Corporation
             COMCTL32.dll - C:\WINDOWS\system32\COMCTL32.dll - Microsoft Corporation
             ole32.dll - C:\WINDOWS\system32\ole32.dll - Microsoft Corporation
             MSVCP60.dll - C:\WINDOWS\system32\MSVCP60.dll - Microsoft Corporation
             VERSION.dll - C:\WINDOWS\system32\VERSION.dll - Microsoft Corporation
             WININET.dll - C:\WINDOWS\system32\WININET.dll - Microsoft Corporation
             Normaliz.dll - C:\WINDOWS\system32\Normaliz.dll - Microsoft Corporation
             urlmon.dll - C:\WINDOWS\system32\urlmon.dll - Microsoft Corporation
             OLEAUT32.dll - C:\WINDOWS\system32\OLEAUT32.dll - Microsoft Corporation
             iertutil.dll - C:\WINDOWS\system32\iertutil.dll - Microsoft Corporation
             WS2_32.dll - C:\WINDOWS\system32\WS2_32.dll - Microsoft Corporation
             WS2HELP.dll - C:\WINDOWS\system32\WS2HELP.dll - Microsoft Corporation
             IMM32.DLL - C:\WINDOWS\system32\IMM32.DLL - Microsoft Corporation
             MFC42LOC.DLL - C:\WINDOWS\system32\MFC42LOC.DLL - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - Microsoft Corporation
             RICHED32.DLL - C:\WINDOWS\system32\RICHED32.DLL - Microsoft Corporation
             RICHED20.dll - C:\WINDOWS\system32\RICHED20.dll - Microsoft Corporation
             msctfime.ime - C:\WINDOWS\system32\msctfime.ime - Microsoft Corporation
             wintrust.dll - C:\WINDOWS\system32\wintrust.dll - Microsoft Corporation
             CRYPT32.dll - C:\WINDOWS\system32\CRYPT32.dll - Microsoft Corporation
             MSASN1.dll - C:\WINDOWS\system32\MSASN1.dll - Microsoft Corporation
             IMAGEHLP.dll - C:\WINDOWS\system32\IMAGEHLP.dll - Microsoft Corporation
             appHelp.dll - C:\WINDOWS\system32\appHelp.dll - Microsoft Corporation
             CLBCATQ.DLL - C:\WINDOWS\system32\CLBCATQ.DLL - Microsoft Corporation
             COMRes.dll - C:\WINDOWS\system32\COMRes.dll - Microsoft Corporation
             GrooveShellExtensions.dll - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll - Microsoft Corporation
             GrooveUtil.DLL - C:\Program Files\Microsoft Office\Office12\GrooveUtil.DLL - Microsoft Corporation
             MSVCR80.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll - Microsoft Corporation
             GrooveNew.DLL - C:\Program Files\Microsoft Office\Office12\GrooveNew.DLL - Microsoft Corporation
             ATL80.DLL - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.DLL - Microsoft Corporation
             rsaenh.dll - C:\WINDOWS\system32\rsaenh.dll - Microsoft Corporation
             MSImg32.dll - C:\WINDOWS\system32\MSImg32.dll - Microsoft Corporation
             UXTHEME.DLL - C:\WINDOWS\system32\UXTHEME.DLL - Microsoft Corporation
             SETUPAPI.dll - C:\WINDOWS\system32\SETUPAPI.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[Idle]Modules

==========================================================================================

Process Threads

      Image File Name[System]Threads
             8 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             12 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             16 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             20 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             24 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             28 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             32 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             36 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             40 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             44 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             48 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             52 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             56 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             60 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             64 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             68 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             72 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             76 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             80 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             84 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             88 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             92 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             96 - Wait - sptd.sys - C:\WINDOWS\system32\drivers\sptd.sys - 
             100 - Wait - sptd.sys - C:\WINDOWS\system32\drivers\sptd.sys - 
             104 - Wait - sptd.sys - C:\WINDOWS\system32\drivers\sptd.sys - 
             108 - Wait - sptd.sys - C:\WINDOWS\system32\drivers\sptd.sys - 
             112 - Wait - sptd.sys - C:\WINDOWS\system32\drivers\sptd.sys - 
             116 - Wait - sptd.sys - C:\WINDOWS\system32\drivers\sptd.sys - 
             120 - Wait - sptd.sys - C:\WINDOWS\system32\drivers\sptd.sys - 
             124 - Wait - sptd.sys - C:\WINDOWS\system32\drivers\sptd.sys - 
             128 - Wait - sptd.sys - C:\WINDOWS\system32\drivers\sptd.sys - 
             132 - Wait - sptd.sys - C:\WINDOWS\system32\drivers\sptd.sys - 
             136 - Wait - sptd.sys - C:\WINDOWS\system32\drivers\sptd.sys - 
             140 - Wait - sptd.sys - C:\WINDOWS\system32\drivers\sptd.sys - 
             144 - Wait - sptd.sys - C:\WINDOWS\system32\drivers\sptd.sys - 
             148 - Wait - ACPI.sys - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
             152 - Wait - dmio.sys - C:\WINDOWS\system32\drivers\dmio.sys - Microsoft Corp., Veritas Software
             156 - Wait - NDIS.sys - C:\WINDOWS\system32\drivers\NDIS.sys - Microsoft Corporation
             160 - Wait - redbook.sys - C:\WINDOWS\system32\DRIVERS\redbook.sys - Microsoft Corporation
             164 - Wait - rdpdr.sys - C:\WINDOWS\system32\DRIVERS\rdpdr.sys - Microsoft Corporation
             168 - Wait - rdpdr.sys - C:\WINDOWS\system32\DRIVERS\rdpdr.sys - Microsoft Corporation
             172 - Wait - rdpdr.sys - C:\WINDOWS\system32\DRIVERS\rdpdr.sys - Microsoft Corporation
             176 - Wait - rdpdr.sys - C:\WINDOWS\system32\DRIVERS\rdpdr.sys - Microsoft Corporation
             180 - Wait - USBPORT.SYS - C:\WINDOWS\system32\DRIVERS\USBPORT.SYS - Microsoft Corporation
             184 - Wait - redbook.sys - C:\WINDOWS\system32\DRIVERS\redbook.sys - Microsoft Corporation
             188 - Wait - USBPORT.SYS - C:\WINDOWS\system32\DRIVERS\USBPORT.SYS - Microsoft Corporation
             192 - Wait - USBPORT.SYS - C:\WINDOWS\system32\DRIVERS\USBPORT.SYS - Microsoft Corporation
             196 - Wait - USBPORT.SYS - C:\WINDOWS\system32\DRIVERS\USBPORT.SYS - Microsoft Corporation
             200 - Wait - USBPORT.SYS - C:\WINDOWS\system32\DRIVERS\USBPORT.SYS - Microsoft Corporation
             208 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             268 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             272 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             668 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[smss.exe]Threads
             216 - Wait - smss.exe - C:\WINDOWS\System32\smss.exe - Microsoft Corporation
             220 - Wait - smss.exe - C:\WINDOWS\System32\smss.exe - Microsoft Corporation
             224 - Wait -  -  - 

------------------------------------------------------------------------------------------

      Image File Name[csrss.exe]Threads
             284 - Wait - winsrv.dll - C:\WINDOWS\system32\winsrv.dll - Microsoft Corporation
             288 - Wait - winsrv.dll - C:\WINDOWS\system32\winsrv.dll - Microsoft Corporation
             292 - Wait -  -  - 
             296 - Wait - CSRSRV.dll - C:\WINDOWS\system32\CSRSRV.dll - Microsoft Corporation
             308 - Wait - CSRSRV.dll - C:\WINDOWS\system32\CSRSRV.dll - Microsoft Corporation
             312 - Wait - winsrv.dll - C:\WINDOWS\system32\winsrv.dll - Microsoft Corporation
             316 - Wait - winsrv.dll - C:\WINDOWS\system32\winsrv.dll - Microsoft Corporation
             364 - Wait - winsrv.dll - C:\WINDOWS\system32\winsrv.dll - Microsoft Corporation
             648 - Wait -  -  - 

------------------------------------------------------------------------------------------

      Image File Name[winlogon.exe]Threads
             304 - Wait - winlogon.exe - C:\WINDOWS\system32\winlogon.exe - Microsoft Corporation
             324 - Wait - kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             328 - Wait - RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             332 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             340 - Wait - RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             352 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             552 - Wait -  -  - 
             700 - Terminate - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll - ATI Technologies Inc.
             704 - Wait - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll - ATI Technologies Inc.
             744 - Wait - winlogon.exe - C:\WINDOWS\system32\winlogon.exe - Microsoft Corporation
             748 - Wait - cscdll.dll - C:\WINDOWS\system32\cscdll.dll - Microsoft Corporation
             784 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             828 - Wait - winlogon.exe - C:\WINDOWS\system32\winlogon.exe - Microsoft Corporation
             868 - Terminate - WlNotify.dll - C:\WINDOWS\system32\WlNotify.dll - Microsoft Corporation
             952 - Terminate - WgaLogon.dll - C:\WINDOWS\system32\WgaLogon.dll - 
             1080 - Wait - RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             1088 - Wait - RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             1096 - Wait - RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             1172 - Wait - RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             1280 - Wait - RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[services.exe]Threads
             368 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             372 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             376 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             472 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             476 - Wait - kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             480 - Wait - RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             496 - Wait - kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             500 - Wait - AUTHZ.dll - C:\WINDOWS\system32\AUTHZ.dll - Microsoft Corporation
             508 - Terminate - NCObjAPI.DLL - C:\WINDOWS\system32\NCObjAPI.DLL - Microsoft Corporation
             524 - Wait - services.exe - C:\WINDOWS\system32\services.exe - Microsoft Corporation
             548 - Wait -  -  - 
             620 - Wait - kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             644 - Wait - umpnpmgr.dll - C:\WINDOWS\system32\umpnpmgr.dll - Microsoft Corporation
             652 - Wait - umpnpmgr.dll - C:\WINDOWS\system32\umpnpmgr.dll - Microsoft Corporation
             1148 - Terminate - NCObjAPI.DLL - C:\WINDOWS\system32\NCObjAPI.DLL - Microsoft Corporation
             1160 - Wait - NCObjAPI.DLL - C:\WINDOWS\system32\NCObjAPI.DLL - Microsoft Corporation
             1164 - Wait - NCObjAPI.DLL - C:\WINDOWS\system32\NCObjAPI.DLL - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[lsass.exe]Threads
             380 - Wait - LSASRV.dll - C:\WINDOWS\system32\LSASRV.dll - Microsoft Corporation
             384 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             388 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             392 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             396 - Wait - LSASRV.dll - C:\WINDOWS\system32\LSASRV.dll - Microsoft Corporation
             408 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             420 - Wait - RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             424 - Wait - kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             428 - Wait - RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             432 - Wait -  -  - 
             444 - Wait - LSASRV.dll - C:\WINDOWS\system32\LSASRV.dll - Microsoft Corporation
             448 - Wait -  -  - 
             452 - Wait - RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             468 - Wait - LSASRV.dll - C:\WINDOWS\system32\LSASRV.dll - Microsoft Corporation
             504 - Wait - kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             776 - Wait -  -  - 

------------------------------------------------------------------------------------------

      Image File Name[svchost.exe]Threads
             516 - Wait - svchost.exe - C:\WINDOWS\system32\svchost.exe - Microsoft Corporation
             532 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             536 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             540 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             544 - Wait - kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             624 - Wait - kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[svchost.exe]Threads
             580 - Wait - svchost.exe - C:\WINDOWS\system32\svchost.exe - Microsoft Corporation
             588 - Wait - ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             592 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             596 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             600 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             604 - Wait - kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             716 - Wait - kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             812 - Wait - kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[svchost.exe]Threads
             640 - Wait - svchost.exe - C:\WINDOWS\system32\svchost.exe - Microsoft Corporation
             672 - Wait - WUDFPlatform.dll - c:\windows\system32\WUDFPlatform.dll - Microsoft Corporation
             676 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             680 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             684 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[svchost.exe]Threads
             696 - Wait - svchost.exe - C:\WINDOWS\system32\svchost.exe - Microsoft Corporation
             732 - Wait - ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             740 - Wait - ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             772 - Wait - RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             788 - Wait - RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             792 - Wait - RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             796 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             808 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             1104 - Terminate - NCObjAPI.DLL - C:\WINDOWS\system32\NCObjAPI.DLL - Microsoft Corporation
             1108 - Terminate - NCObjAPI.DLL - C:\WINDOWS\system32\NCObjAPI.DLL - Microsoft Corporation
             1144 - Wait - ncprov.dll - C:\WINDOWS\system32\wbem\ncprov.dll - Microsoft Corporation
             1152 - Wait - NCObjAPI.DLL - C:\WINDOWS\system32\NCObjAPI.DLL - Microsoft Corporation
             1156 - Wait - NCObjAPI.DLL - C:\WINDOWS\system32\NCObjAPI.DLL - Microsoft Corporation
             1232 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             1288 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[explorer.exe]Threads
             964 - Wait - Explorer.EXE - C:\WINDOWS\Explorer.EXE - Microsoft Corporation
             972 - Wait - ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             976 - Wait -  -  - 
             980 - Wait - ole32.dll - C:\WINDOWS\system32\ole32.dll - Microsoft Corporation
             984 - Wait - SHLWAPI.dll - C:\WINDOWS\system32\SHLWAPI.dll - Microsoft Corporation
             988 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             996 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             1008 - Wait - SHLWAPI.dll - C:\WINDOWS\system32\SHLWAPI.dll - Microsoft Corporation
             1068 - Wait -  -  - 
             1188 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[XueTr.exe]Threads
             1264 - Wait - XueTr.exe - C:\Documents and Settings\Mike\Plocha\XueTr.exe - Email: linxer@163.com
             1268 - Wait - ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             1284 - Run - XueTr.exe - C:\Documents and Settings\Mike\Plocha\XueTr.exe - Email: linxer@163.com

------------------------------------------------------------------------------------------

      Image File Name[Idle]Threads

==========================================================================================

Kernel Module

       ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       hal.dll - C:\WINDOWS\system32\hal.dll - Microsoft Corporation
       KDCOM.DLL - C:\WINDOWS\system32\KDCOM.DLL - Microsoft Corporation
       BOOTVID.dll - C:\WINDOWS\system32\BOOTVID.dll - Microsoft Corporation
       sptd.sys - C:\WINDOWS\system32\drivers\sptd.sys - 
       WMILIB.SYS - C:\WINDOWS\System32\Drivers\WMILIB.SYS - Microsoft Corporation
       SCSIPORT.SYS - C:\WINDOWS\System32\Drivers\SCSIPORT.SYS - Microsoft Corporation
       ACPI.sys - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       isapnp.sys - C:\WINDOWS\system32\drivers\isapnp.sys - Microsoft Corporation
       ohci1394.sys - C:\WINDOWS\system32\drivers\ohci1394.sys - Microsoft Corporation
       1394BUS.SYS - C:\WINDOWS\system32\DRIVERS\1394BUS.SYS - Microsoft Corporation
       pci.sys - C:\WINDOWS\system32\drivers\pci.sys - Microsoft Corporation
       pciide.sys - C:\WINDOWS\system32\drivers\pciide.sys - Microsoft Corporation
       PCIIDEX.SYS - C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS - Microsoft Corporation
       MountMgr.sys - C:\WINDOWS\system32\drivers\MountMgr.sys - Microsoft Corporation
       ftdisk.sys - C:\WINDOWS\system32\drivers\ftdisk.sys - Microsoft Corporation
       dmload.sys - C:\WINDOWS\system32\drivers\dmload.sys - Microsoft Corp., Veritas Software.
       dmio.sys - C:\WINDOWS\system32\drivers\dmio.sys - Microsoft Corp., Veritas Software
       PartMgr.sys - C:\WINDOWS\system32\drivers\PartMgr.sys - Microsoft Corporation
       VolSnap.sys - C:\WINDOWS\system32\drivers\VolSnap.sys - Microsoft Corporation
       atapi.sys - C:\WINDOWS\system32\drivers\atapi.sys - Microsoft Corporation
       disk.sys - C:\WINDOWS\system32\drivers\disk.sys - Microsoft Corporation
       CLASSPNP.SYS - C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS - Microsoft Corporation
       fltMgr.sys - C:\WINDOWS\system32\drivers\fltMgr.sys - Microsoft Corporation
       KSecDD.sys - C:\WINDOWS\system32\drivers\KSecDD.sys - Microsoft Corporation
       WudfPf.sys - C:\WINDOWS\system32\drivers\WudfPf.sys - Microsoft Corporation
       Ntfs.sys - C:\WINDOWS\system32\drivers\Ntfs.sys - Microsoft Corporation
       NDIS.sys - C:\WINDOWS\system32\drivers\NDIS.sys - Microsoft Corporation
       Mup.sys - C:\WINDOWS\system32\drivers\Mup.sys - Microsoft Corporation
       HDAudBus.sys - C:\WINDOWS\system32\DRIVERS\HDAudBus.sys - Windows (R) Server 2003 DDK provider
       usbuhci.sys - C:\WINDOWS\system32\DRIVERS\usbuhci.sys - Microsoft Corporation
       USBPORT.SYS - C:\WINDOWS\system32\DRIVERS\USBPORT.SYS - Microsoft Corporation
       usbehci.sys - C:\WINDOWS\system32\DRIVERS\usbehci.sys - Microsoft Corporation
       fdc.sys - C:\WINDOWS\system32\DRIVERS\fdc.sys - Microsoft Corporation
       i8042prt.sys - C:\WINDOWS\system32\DRIVERS\i8042prt.sys - Microsoft Corporation
       mouclass.sys - C:\WINDOWS\system32\DRIVERS\mouclass.sys - Microsoft Corporation
       kbdclass.sys - C:\WINDOWS\system32\DRIVERS\kbdclass.sys - Microsoft Corporation
       imapi.sys - C:\WINDOWS\system32\DRIVERS\imapi.sys - Microsoft Corporation
       cdrom.sys - C:\WINDOWS\system32\DRIVERS\cdrom.sys - Microsoft Corporation
       redbook.sys - C:\WINDOWS\system32\DRIVERS\redbook.sys - Microsoft Corporation
       ks.sys - C:\WINDOWS\system32\DRIVERS\ks.sys - Microsoft Corporation
       GEARAspiWDM.sys - C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys - GEAR Software Inc.
       asxovfon.SYS - C:\WINDOWS\System32\Drivers\asxovfon.SYS - File not found
       rdpdr.sys - C:\WINDOWS\system32\DRIVERS\rdpdr.sys - Microsoft Corporation
       termdd.sys - C:\WINDOWS\system32\DRIVERS\termdd.sys - Microsoft Corporation
       swenum.sys - C:\WINDOWS\system32\DRIVERS\swenum.sys - Microsoft Corporation
       update.sys - C:\WINDOWS\system32\DRIVERS\update.sys - Microsoft Corporation
       mssmbios.sys - C:\WINDOWS\system32\DRIVERS\mssmbios.sys - Microsoft Corporation
       usbhub.sys - C:\WINDOWS\system32\DRIVERS\usbhub.sys - Microsoft Corporation
       USBD.SYS - C:\WINDOWS\system32\DRIVERS\USBD.SYS - Microsoft Corporation
       flpydisk.sys - C:\WINDOWS\system32\DRIVERS\flpydisk.sys - Microsoft Corporation
       Fs_Rec.SYS - C:\WINDOWS\System32\Drivers\Fs_Rec.SYS - Microsoft Corporation
       Null.SYS - C:\WINDOWS\System32\Drivers\Null.SYS - Microsoft Corporation
       Beep.SYS - C:\WINDOWS\System32\Drivers\Beep.SYS - Microsoft Corporation
       vga.sys - C:\WINDOWS\System32\drivers\vga.sys - Microsoft Corporation
       VIDEOPRT.SYS - C:\WINDOWS\System32\drivers\VIDEOPRT.SYS - Microsoft Corporation
       Msfs.SYS - C:\WINDOWS\System32\Drivers\Msfs.SYS - Microsoft Corporation
       Npfs.SYS - C:\WINDOWS\System32\Drivers\Npfs.SYS - Microsoft Corporation
       Cdfs.SYS - C:\WINDOWS\System32\Drivers\Cdfs.SYS - Microsoft Corporation
       dump_atapi.sys - C:\WINDOWS\System32\Drivers\dump_atapi.sys - File not found
       dump_WMILIB.SYS - C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS - File not found
       win32k.sys - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       Dxapi.sys - C:\WINDOWS\System32\drivers\Dxapi.sys - Microsoft Corporation
       watchdog.sys - C:\WINDOWS\System32\watchdog.sys - Microsoft Corporation
       dxg.sys - C:\WINDOWS\System32\drivers\dxg.sys - Microsoft Corporation
       dxgthk.sys - C:\WINDOWS\System32\drivers\dxgthk.sys - Microsoft Corporation
       framebuf.dll - C:\WINDOWS\System32\framebuf.dll - Microsoft Corporation
       ATMFD.DLL - C:\WINDOWS\System32\ATMFD.DLL - Adobe Systems Incorporated
       Fastfat.SYS - C:\WINDOWS\System32\Drivers\Fastfat.SYS - Microsoft Corporation
       cigsaqdif.sys - C:\Documents and Settings\Mike\Plocha\cigsaqdif.sys - File not found

==========================================================================================

Notify Routine

       CreateProcess - 0xF73FC472 - C:\WINDOWS\system32\drivers\sptd.sys - 
       LoadImage - 0x86FD5ED6 - unknown image - 
       BugCheckCallback - 0xF741AA7A - C:\WINDOWS\system32\drivers\sptd.sys - 
       BugCheckCallback - 0x80707C14 - C:\WINDOWS\system32\hal.dll - Microsoft Corporation
       BugCheckReasonCallback - 0xF6FFF522 - C:\WINDOWS\System32\drivers\VIDEOPRT.SYS - Microsoft Corporation
       BugCheckReasonCallback - 0xF71A9AB8 - C:\WINDOWS\system32\DRIVERS\mssmbios.sys - Microsoft Corporation
       BugCheckReasonCallback - 0xF71A9A70 - C:\WINDOWS\system32\DRIVERS\mssmbios.sys - Microsoft Corporation
       BugCheckReasonCallback - 0xF71A9A28 - C:\WINDOWS\system32\DRIVERS\mssmbios.sys - Microsoft Corporation
       BugCheckReasonCallback - 0xF715F1BE - C:\WINDOWS\system32\DRIVERS\USBPORT.SYS - Microsoft Corporation
       BugCheckReasonCallback - 0xF715F11E - C:\WINDOWS\system32\DRIVERS\USBPORT.SYS - Microsoft Corporation
       BugCheckReasonCallback - 0xF741AA36 - C:\WINDOWS\system32\drivers\sptd.sys - 
       Shutdown - 0xF73E4000 - C:\WINDOWS\system32\drivers\sptd.sys - 
       Shutdown - 0x86CF51E8 - unknown image - 
       Shutdown - 0xF700BC6A - C:\WINDOWS\System32\drivers\VIDEOPRT.SYS - Microsoft Corporation
       Shutdown - 0xF7A0C5BE - C:\WINDOWS\System32\Drivers\Fs_Rec.SYS - Microsoft Corporation
       Shutdown - 0xF7A0C5BE - C:\WINDOWS\System32\Drivers\Fs_Rec.SYS - Microsoft Corporation
       Shutdown - 0xF7A0C5BE - C:\WINDOWS\System32\Drivers\Fs_Rec.SYS - Microsoft Corporation
       Shutdown - 0xF7A0C5BE - C:\WINDOWS\System32\Drivers\Fs_Rec.SYS - Microsoft Corporation
       Shutdown - 0xF7A0C5BE - C:\WINDOWS\System32\Drivers\Fs_Rec.SYS - Microsoft Corporation
       Shutdown - 0xF721E96B - C:\WINDOWS\system32\drivers\Mup.sys - Microsoft Corporation
       Shutdown - 0x86FD11E8 - unknown image - 
       Shutdown - 0xF751E73A - C:\WINDOWS\system32\drivers\MountMgr.sys - Microsoft Corporation
       Shutdown - 0x80638817 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Shutdown - 0x8064804B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       PlugPlay - 0x805E155C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       PlugPlay - 0x805E155C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       PlugPlay - 0xBF882CFE - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       PlugPlay - 0x805E155C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       PlugPlay - 0xF7419604 - C:\WINDOWS\system32\drivers\sptd.sys - 
       PlugPlay - 0xBF882CFE - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       PlugPlay - 0xF7419604 - C:\WINDOWS\system32\drivers\sptd.sys - 
       PlugPlay - 0xBF883925 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       PlugPlay - 0xF7661AC0 - C:\WINDOWS\system32\DRIVERS\redbook.sys - Microsoft Corporation
       PlugPlay - 0xF7661AC0 - C:\WINDOWS\system32\DRIVERS\redbook.sys - Microsoft Corporation
       PlugPlay - 0xF7526C26 - C:\WINDOWS\system32\drivers\MountMgr.sys - Microsoft Corporation
       PlugPlay - 0xF7419604 - C:\WINDOWS\system32\drivers\sptd.sys - 
       PlugPlay - 0xF7536544 - C:\WINDOWS\system32\drivers\VolSnap.sys - Microsoft Corporation
       PlugPlay - 0xBF882CFE - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       PlugPlay - 0x805E155C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       PlugPlay - 0xF777785E - C:\WINDOWS\system32\drivers\PartMgr.sys - Microsoft Corporation

==========================================================================================

Filter

       Disk - \Driver\PartMgr->\Driver\Disk - 0x86F2AC60 - C:\WINDOWS\system32\drivers\PartMgr.sys - Microsoft Corporation
       Volume - \Driver\VolSnap->\Driver\Ftdisk - 0x86EF1D80 - C:\WINDOWS\system32\drivers\VolSnap.sys - Microsoft Corporation
       I8042prt - \Driver\Kbdclass->\Driver\i8042prt - 0x86E18AA0 - C:\WINDOWS\system32\DRIVERS\kbdclass.sys - Microsoft Corporation
       I8042prt - \Driver\Mouclass->\Driver\i8042prt - 0x86E1A510 - C:\WINDOWS\system32\DRIVERS\mouclass.sys - Microsoft Corporation
       PnpManager - \Driver\mssmbios->\Driver\PnpManager - 0x86E79BF0 - C:\WINDOWS\system32\DRIVERS\mssmbios.sys - Microsoft Corporation
       PnpManager - \Driver\Update->\Driver\PnpManager - 0x86E51138 - C:\WINDOWS\system32\DRIVERS\update.sys - Microsoft Corporation
       PnpManager - \Driver\swenum->\Driver\PnpManager - 0x86E78020 - C:\WINDOWS\system32\DRIVERS\swenum.sys - Microsoft Corporation
       PnpManager - \Driver\TermDD->\Driver\PnpManager - 0x86EF2030 - C:\WINDOWS\system32\DRIVERS\termdd.sys - Microsoft Corporation
       PnpManager - \Driver\Mouclass->\Driver\TermDD - 0x86E79030 - C:\WINDOWS\system32\DRIVERS\mouclass.sys - Microsoft Corporation
       PnpManager - \Driver\TermDD->\Driver\PnpManager - 0x86E7AD70 - C:\WINDOWS\system32\DRIVERS\termdd.sys - Microsoft Corporation
       PnpManager - \Driver\Kbdclass->\Driver\TermDD - 0x86E93030 - C:\WINDOWS\system32\DRIVERS\kbdclass.sys - Microsoft Corporation
       PnpManager - \Driver\rdpdr->\Driver\PnpManager - 0x86E7C338 - C:\WINDOWS\system32\DRIVERS\rdpdr.sys - Microsoft Corporation
       PnpManager - \Driver\Ftdisk->\Driver\PnpManager - 0x86F2AA38 - C:\WINDOWS\system32\drivers\ftdisk.sys - Microsoft Corporation
       PnpManager - \Driver\dmio->\Driver\PnpManager - 0x86EFBEC8 - C:\WINDOWS\system32\drivers\dmio.sys - Microsoft Corp., Veritas Software
       PnpManager - \Driver\ACPI_HAL->\Driver\PnpManager - 0x86FE1AD0 -  - 

==========================================================================================

DPC Timer

       0x86EC4730 - 0x86ECF918 - unknown image - 
       0x8056A700 - 0x8051C6C7 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       0x80568DE0 - 0x804E62B7 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       0x86C42F88 - 0xF78E66C4 - C:\WINDOWS\System32\watchdog.sys - Microsoft Corporation
       0x86C80F88 - 0xF78E66C4 - C:\WINDOWS\System32\watchdog.sys - Microsoft Corporation
       0x80560C50 - 0x804EC9E3 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       0x80560D80 - 0x804E63DA - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       0x86CAC2A0 - 0x804E7C61 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       0x805633C0 - 0x8051AF0A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       0x86C25D08 - 0x804E7C61 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       0x86CB5650 - 0x804E7C61 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       0x86C7C288 - 0x804E7C61 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       0x86C58718 - 0x804E7C61 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       0xF72742D0 - 0xF72563D8 - C:\WINDOWS\system32\drivers\Ntfs.sys - Microsoft Corporation
       0x86C46CC8 - 0x804E7C61 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       0xF7274270 - 0xF72561B4 - C:\WINDOWS\system32\drivers\Ntfs.sys - Microsoft Corporation
       0x86C30AB0 - 0x804E7C61 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       0x86C74790 - 0x804E7C61 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       0x80569560 - 0x804E7EA7 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       0x8056A780 - 0x8054AE9B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       0x8056A800 - 0x8054AE6D - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       0x86ECA730 - 0x86ECF918 - unknown image - 
       0x8055F608 - 0x804E6B8C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       0x86EC7730 - 0x86ECF918 - unknown image - 
       0x86E2F730 - 0x86ECF918 - unknown image - 
       0x86E23730 - 0x86ECF918 - unknown image - 

==========================================================================================

Worker Thread

       CriticalWorkQueue - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CriticalWorkQueue - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       DelayedWorkQueue - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       HyperCriticalWorkQueue - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation

==========================================================================================

Object Hijack

       0x86D82028 - DeviceObject -  - Abnormal DeviceObject/DriverObject
       0xF732F000 - KernelModule - C:\WINDOWS\system32\drivers\atapi.sys - Hijack on Kernel Module File

==========================================================================================

Direct IO

       csrss.exe - C:\WINDOWS\system32\csrss.exe - Microsoft Corporation - IOPL

==========================================================================================

GDT

       Selector(0x0001) - Type(Code RE Ac)
       Selector(0x0002) - Type(Data RW Ac)
       Selector(0x0003) - Type(Code RE Ac)
       Selector(0x0004) - Type(Data RW Ac)
       Selector(0x0005) - Type(T5532 Busy)
       Selector(0x0006) - Type(Data RW Ac)
       Selector(0x0007) - Type(Data RW Ac)
       Selector(0x0008) - Type(Data RW)
       Selector(0x000A) - Type(T5532 Avl)
       Selector(0x000B) - Type(T5532 Avl)
       Selector(0x000C) - Type(Data RW Ac)
       Selector(0x000D) - Type(Data RW)
       Selector(0x000E) - Type(Data RW)
       Selector(0x000F) - Type(Code RE)
       Selector(0x0010) - Type(Data RW)
       Selector(0x0011) - Type(Data RW)
       Selector(0x0014) - Type(T5532 Avl)
       Selector(0x001C) - Type(Code RE CA)
       Selector(0x001D) - Type(Data RW)
       Selector(0x001E) - Type(Code EO)
       Selector(0x001F) - Type(Data RW)
       Selector(0x0020) - Type(Data RW Ac)
       Selector(0x0021) - Type(Data RW Ac)
       Selector(0x0022) - Type(Data RW Ac)

==========================================================================================

SSDT

       NtAcceptConnectPort - OK - 0x805885D4 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtAccessCheck - OK - 0x80581F2A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtAccessCheckAndAuditAlarm - OK - 0x80597BCD - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtAccessCheckByType - OK - 0x805907DC - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtAccessCheckByTypeAndAuditAlarm - OK - 0x80597C54 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtAccessCheckByTypeResultList - OK - 0x806409CA - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtAccessCheckByTypeResultListAndAuditAlarm - OK - 0x80642B53 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtAccessCheckByTypeResultListAndAuditAlarmByHandle - OK - 0x80642B9C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtAddAtom - OK - 0x8057FDDC - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtAddBootEntry - OK - 0x80650DFF - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtAdjustGroupsToken - OK - 0x80640185 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtAdjustPrivilegesToken - OK - 0x8059741F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtAlertResumeThread - OK - 0x80637D4E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtAlertThread - OK - 0x80592C30 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtAllocateLocallyUniqueId - OK - 0x805969FC - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtAllocateUserPhysicalPages - OK - 0x8062E9E2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtAllocateUuids - OK - 0x805B0739 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtAllocateVirtualMemory - OK - 0x80570BC5 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtAreMappedFilesTheSame - OK - 0x805AD9E8 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtAssignProcessToJobObject - OK - 0x805E4D63 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCallbackReturn - OK - 0x804E4EE4 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCancelDeviceWakeupRequest - OK - 0x8063417A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCancelIoFile - OK - 0x805E2387 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCancelTimer - OK - 0x804EC842 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtClearEvent - OK - 0x805706C3 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtClose - OK - 0x8056F8D7 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCloseObjectAuditAlarm - OK - 0x805977FD - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCompactKeys - OK - 0x806569E8 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCompareTokens - OK - 0x80591A4E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCompleteConnectPort - OK - 0x80590358 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCompressKey - OK - 0x80656C57 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtConnectPort - OK - 0x80590E53 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtContinue - OK - 0x804E123F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCreateDebugObject - OK - 0x80662096 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCreateDirectoryObject - OK - 0x805B5AC5 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCreateEvent - OK - 0x805744F6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCreateEventPair - OK - 0x80650EF4 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCreateFile - OK - 0x80573DFB - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCreateIoCompletion - OK - 0x805E73F1 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCreateJobObject - OK - 0x805C3517 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCreateJobSet - OK - 0x806381F7 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCreateKey - ssdt hook - 0xF73E40D0 - C:\WINDOWS\system32\drivers\sptd.sys - 
       NtCreateMailslotFile - OK - 0x805E3643 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCreateMutant - OK - 0x8058408D - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCreateNamedPipeFile - OK - 0x80588FBA - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCreatePagingFile - OK - 0x805CB7B5 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCreatePort - OK - 0x805A13A0 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCreateProcess - OK - 0x805C7A4D - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCreateProcessEx - OK - 0x8058B9EC - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCreateProfile - OK - 0x80651515 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCreateSection - OK - 0x8056DB66 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCreateSemaphore - OK - 0x8057FD03 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCreateSymbolicLinkObject - OK - 0x805AD5D4 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCreateThread - OK - 0x80584D39 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCreateTimer - OK - 0x8059EFE9 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCreateToken - OK - 0x805B1376 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCreateWaitablePort - OK - 0x805B68AC - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtDebugActiveProcess - OK - 0x80663211 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtDebugContinue - OK - 0x8066336B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtDelayExecution - OK - 0x8056EB03 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtDeleteAtom - OK - 0x805946E0 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtDeleteBootEntry - OK - 0x8063417A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtDeleteFile - OK - 0x805BF004 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtDeleteKey - OK - 0x8059A5C9 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtDeleteObjectAuditAlarm - OK - 0x80642BF7 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtDeleteValueKey - OK - 0x805991E8 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtDeviceIoControlFile - OK - 0x80588CB6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtDisplayString - OK - 0x805CCC68 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtDuplicateObject - OK - 0x8057F18D - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtDuplicateToken - OK - 0x805865FF - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtEnumerateBootEntries - OK - 0x80650DFF - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtEnumerateKey - ssdt hook - 0xF73E9FB2 - C:\WINDOWS\system32\drivers\sptd.sys - 
       NtEnumerateSystemEnvironmentValuesEx - OK - 0x8065088B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtEnumerateValueKey - ssdt hook - 0xF73EA340 - C:\WINDOWS\system32\drivers\sptd.sys - 
       NtExtendSection - OK - 0x8062D9A1 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtFilterToken - OK - 0x805B7EEF - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtFindAtom - OK - 0x805E7DDD - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtFlushBuffersFile - OK - 0x8059297A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtFlushInstructionCache - OK - 0x80586C26 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtFlushKey - OK - 0x805E686F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtFlushVirtualMemory - OK - 0x805E9791 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtFlushWriteBuffer - OK - 0x8062F23F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtFreeUserPhysicalPages - OK - 0x8062ED95 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtFreeVirtualMemory - OK - 0x805710BF - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtFsControlFile - OK - 0x80582AF2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtGetContextThread - OK - 0x80635CD5 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtGetDevicePowerState - OK - 0x806341AB - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtGetPlugPlayEvent - OK - 0x805A3ED8 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtGetWriteWatch - OK - 0x8053F757 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtImpersonateAnonymousToken - OK - 0x805A0F55 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtImpersonateClientOfPort - OK - 0x805913C1 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtImpersonateThread - OK - 0x805876BA - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtInitializeRegistry - OK - 0x805B607F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtInitiatePowerAction - OK - 0x80633F5F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtIsProcessInJob - OK - 0x806380AB - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtIsSystemResumeAutomatic - OK - 0x8063418F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtListenPort - OK - 0x805B5EEE - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtLoadDriver - OK - 0x805B52F0 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtLoadKey - OK - 0x805B8287 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtLoadKey2 - OK - 0x805B83E6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtLockFile - OK - 0x80594AAD - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtLockProductActivationKeys - OK - 0x805B7763 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtLockRegistryKey - OK - 0x805DE2C5 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtLockVirtualMemory - OK - 0x805C462D - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtMakePermanentObject - OK - 0x805AD7DC - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtMakeTemporaryObject - OK - 0x805AD8A3 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtMapUserPhysicalPages - OK - 0x8062E03E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtMapUserPhysicalPagesScatter - OK - 0x8062E497 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtMapViewOfSection - OK - 0x8057AC21 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtModifyBootEntry - OK - 0x8063417A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtNotifyChangeDirectoryFile - OK - 0x80595ECF - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtNotifyChangeKey - OK - 0x80596D8A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtNotifyChangeMultipleKeys - OK - 0x80596B9C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtOpenDirectoryObject - OK - 0x8058A3C6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtOpenEvent - OK - 0x80589D61 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtOpenEventPair - OK - 0x80650FE5 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtOpenFile - OK - 0x8057A095 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtOpenIoCompletion - OK - 0x80621643 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtOpenJobObject - OK - 0x8063844F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtOpenKey - ssdt hook - 0xF73E40B0 - C:\WINDOWS\system32\drivers\sptd.sys - 
       NtOpenMutant - OK - 0x8058413B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtOpenObjectAuditAlarm - OK - 0x805E5E8B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtOpenProcess - OK - 0x8057F93A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtOpenProcessToken - OK - 0x805784EC - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtOpenProcessTokenEx - OK - 0x80578443 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtOpenSection - OK - 0x80579192 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtOpenSemaphore - OK - 0x805AD95A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtOpenSymbolicLinkObject - OK - 0x8058A349 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtOpenThread - OK - 0x80596743 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtOpenThreadToken - OK - 0x805746D2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtOpenThreadTokenEx - OK - 0x805745CF - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtOpenTimer - OK - 0x80650E1B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtPlugPlayControl - OK - 0x805A1B2D - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtPowerInformation - OK - 0x805B1A01 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtPrivilegeCheck - OK - 0x805A1E28 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtPrivilegeObjectAuditAlarm - OK - 0x805B087F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtPrivilegedServiceAuditAlarm - OK - 0x805B7388 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtProtectVirtualMemory - OK - 0x8057F56B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtPulseEvent - OK - 0x805B6804 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryAttributesFile - OK - 0x8057A2C4 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryBootEntryOrder - OK - 0x80650DFF - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryBootOptions - OK - 0x80650DFF - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryDebugFilterState - OK - 0x804FABB1 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryDefaultLocale - OK - 0x8056F0D0 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryDefaultUILanguage - OK - 0x80589795 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryDirectoryFile - OK - 0x8057BBBC - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryDirectoryObject - OK - 0x8058FC86 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryEaFile - OK - 0x8062188C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryEvent - OK - 0x8058A130 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryFullAttributesFile - OK - 0x80580DAE - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryInformationAtom - OK - 0x805BF9FB - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryInformationFile - OK - 0x8057AF40 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryInformationJobObject - OK - 0x8058C0F3 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryInformationPort - OK - 0x8062B645 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryInformationProcess - OK - 0x805747B6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryInformationThread - OK - 0x80576860 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryInformationToken - OK - 0x805772DA - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryInstallUILanguage - OK - 0x80589ECA - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryIntervalProfile - OK - 0x806519C7 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryIoCompletion - OK - 0x80621704 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryKey - ssdt hook - 0xF73EA418 - C:\WINDOWS\system32\drivers\sptd.sys - 
       NtQueryMultipleValueKey - OK - 0x806563CF - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryMutant - OK - 0x8065134E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryObject - OK - 0x8058A65E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryOpenSubKeys - OK - 0x806565D7 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryPerformanceCounter - OK - 0x805708A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryQuotaInformationFile - OK - 0x80622143 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQuerySection - OK - 0x80587073 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQuerySecurityObject - OK - 0x805E8893 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQuerySemaphore - OK - 0x8065015D - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQuerySymbolicLinkObject - OK - 0x8058A1BA - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQuerySystemEnvironmentValue - OK - 0x806508B3 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQuerySystemEnvironmentValueEx - OK - 0x80650877 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQuerySystemInformation - OK - 0x805856A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQuerySystemTime - OK - 0x8059264B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryTimer - OK - 0x8059FD1A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryTimerResolution - OK - 0x8058D019 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryValueKey - ssdt hook - 0xF73EA298 - C:\WINDOWS\system32\drivers\sptd.sys - 
       NtQueryVirtualMemory - OK - 0x8057CCE8 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryVolumeInformationFile - OK - 0x8057A3E0 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueueApcThread - OK - 0x8059FC75 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtRaiseException - OK - 0x804E1287 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtRaiseHardError - OK - 0x8064FE99 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtReadFile - OK - 0x8057495D - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtReadFileScatter - OK - 0x80622A17 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtReadRequestData - OK - 0x805918D9 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtReadVirtualMemory - OK - 0x805874F7 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtRegisterThreadTerminatePort - OK - 0x8058548A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtReleaseMutant - OK - 0x8056EB6E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtReleaseSemaphore - OK - 0x80576F36 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtRemoveIoCompletion - OK - 0x8056F54C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtRemoveProcessDebug - OK - 0x806632E6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtRenameKey - OK - 0x8065684C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtReplaceKey - OK - 0x806571A8 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtReplyPort - OK - 0x805862F8 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtReplyWaitReceivePort - OK - 0x80576817 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtReplyWaitReceivePortEx - OK - 0x8057632F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtReplyWaitReplyPort - OK - 0x8062B724 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtRequestDeviceWakeup - OK - 0x80634107 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtRequestPort - OK - 0x805E646F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtRequestWaitReplyPort - OK - 0x8057D13B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtRequestWakeupLatency - OK - 0x80633F00 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtResetEvent - OK - 0x8059F355 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtResetWriteWatch - OK - 0x8053FBD2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtRestoreKey - OK - 0x80656D3D - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtResumeProcess - OK - 0x80637CEE - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtResumeThread - OK - 0x805853B0 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSaveKey - OK - 0x80656E3E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSaveKeyEx - OK - 0x80656F29 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSaveMergedKeys - OK - 0x80657056 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSecureConnectPort - OK - 0x80587E0A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetBootEntryOrder - OK - 0x80650DFF - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetBootOptions - OK - 0x80650DFF - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetContextThread - OK - 0x80635EFB - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetDebugFilterState - OK - 0x80664CC6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetDefaultHardErrorPort - OK - 0x805C6DB9 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetDefaultLocale - OK - 0x805C3B85 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetDefaultUILanguage - OK - 0x805C3B2B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetEaFile - OK - 0x80621DD1 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetEvent - OK - 0x80570634 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetEventBoostPriority - OK - 0x80576CA0 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetHighEventPair - OK - 0x806512D9 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetHighWaitLowEventPair - OK - 0x806511FD - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetInformationDebugObject - OK - 0x80662C87 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetInformationFile - OK - 0x805830D1 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetInformationJobObject - OK - 0x805C366B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetInformationKey - OK - 0x80655F32 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetInformationObject - OK - 0x80589E49 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetInformationProcess - OK - 0x80574B1F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetInformationThread - OK - 0x80576AB3 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetInformationToken - OK - 0x805B0A10 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetIntervalProfile - OK - 0x806514F3 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetIoCompletion - OK - 0x80576DE6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetLdtEntries - OK - 0x80636C07 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetLowEventPair - OK - 0x8065126F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetLowWaitHighEventPair - OK - 0x8065118B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetQuotaInformationFile - OK - 0x80622119 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetSecurityObject - OK - 0x805E8694 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetSystemEnvironmentValue - OK - 0x80650B50 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetSystemEnvironmentValueEx - OK - 0x80650877 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetSystemInformation - OK - 0x805BFDB1 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetSystemPowerState - OK - 0x806700E7 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetSystemTime - OK - 0x8064FB4D - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetThreadExecutionState - OK - 0x805EB1B8 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetTimer - OK - 0x804E7A55 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetTimerResolution - OK - 0x805EB47E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetUuidSeed - OK - 0x805B7534 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetValueKey - ssdt hook - 0xF73EA4AA - C:\WINDOWS\system32\drivers\sptd.sys - 
       NtSetVolumeInformationFile - OK - 0x80622657 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtShutdownSystem - OK - 0x8064F29B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSignalAndWaitForSingleObject - OK - 0x8051C3B1 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtStartProfile - OK - 0x8065175C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtStopProfile - OK - 0x80651915 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSuspendProcess - OK - 0x80637C93 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSuspendThread - OK - 0x80637BAF - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSystemDebugControl - OK - 0x80651A75 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtTerminateJobObject - OK - 0x806385C1 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtTerminateProcess - OK - 0x8058E8B1 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtTerminateThread - OK - 0x80584966 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtTestAlert - OK - 0x80584E98 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtTraceEvent - OK - 0x80549A10 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtTranslateFilePath - OK - 0x8065089F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtUnloadDriver - OK - 0x80624D24 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtUnloadKey - OK - 0x80655A96 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtUnloadKeyEx - OK - 0x80655CC7 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtUnlockFile - OK - 0x80594C0D - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtUnlockVirtualMemory - OK - 0x8062F2B3 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtUnmapViewOfSection - OK - 0x8057A7A9 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtVdmControl - OK - 0x805C28F0 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtWaitForDebugEvent - OK - 0x806629D0 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtWaitForMultipleObjects - OK - 0x8056EC49 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtWaitForSingleObject - OK - 0x8056DF62 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtWaitHighEventPair - OK - 0x80651121 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtWaitLowEventPair - OK - 0x806510B7 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtWriteFile - OK - 0x80583355 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtWriteFileGather - OK - 0x805E2674 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtWriteRequestData - OK - 0x8059195D - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtWriteVirtualMemory - OK - 0x805875EF - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtYieldExecution - OK - 0x80515AB2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCreateKeyedEvent - OK - 0x805D9A8A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtOpenKeyedEvent - OK - 0x8058BC3E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtReleaseKeyedEvent - OK - 0x80651EE9 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtWaitForKeyedEvent - OK - 0x80652154 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryPortInformationProcess - OK - 0x80635509 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation

==========================================================================================

Shadow SSDT

       NtGdiAbortDoc - OK - 0xBF9390DD - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiAbortPath - OK - 0xBF94A650 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiAddFontResourceW - OK - 0xBF86FF5B - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiAddRemoteFontToDC - OK - 0xBF942212 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiAddFontMemResourceEx - OK - 0xBF94BC67 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiRemoveMergeFont - OK - 0xBF939371 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiAddRemoteMMInstanceToDC - OK - 0xBF939416 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiAlphaBlend - OK - 0xBF8316EE - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiAngleArc - OK - 0xBF94B58E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiAnyLinkedFonts - OK - 0xBF9374DC - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiFontIsLinked - OK - 0xBF94BB86 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiArcInternal - OK - 0xBF9100CA - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiBeginPath - OK - 0xBF8FF523 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiBitBlt - OK - 0xBF809992 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCancelDC - OK - 0xBF94BA58 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCheckBitmapBits - OK - 0xBF94D254 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCloseFigure - OK - 0xBF8FDE20 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiClearBitmapAttributes - OK - 0xBF87703C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiClearBrushAttributes - OK - 0xBF94BB36 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiColorCorrectPalette - OK - 0xBF94D387 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCombineRgn - OK - 0xBF81C891 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCombineTransform - OK - 0xBF8E58F5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiComputeXformCoefficients - OK - 0xBF8AC9B6 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiConsoleTextOut - OK - 0xBF85A0D9 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiConvertMetafileRect - OK - 0xBF911305 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCreateBitmap - OK - 0xBF80E34D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCreateClientObj - OK - 0xBF8E559D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCreateColorSpace - OK - 0xBF94D04C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCreateColorTransform - OK - 0xBF94DF57 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCreateCompatibleBitmap - OK - 0xBF813AF9 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCreateCompatibleDC - OK - 0xBF80C8EE - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCreateDIBBrush - OK - 0xBF8DA29E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCreateDIBitmapInternal - OK - 0xBF828ED2 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCreateDIBSection - OK - 0xBF82A96C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCreateEllipticRgn - OK - 0xBF93B989 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCreateHalftonePalette - OK - 0xBF8AC7C0 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCreateHatchBrushInternal - OK - 0xBF94EFE3 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCreateMetafileDC - OK - 0xBF8CB7B5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCreatePaletteInternal - OK - 0xBF85F416 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCreatePatternBrushInternal - OK - 0xBF8AABB1 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCreatePen - OK - 0xBF8A4954 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCreateRectRgn - OK - 0xBF83527F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCreateRoundRectRgn - OK - 0xBF8B7F3A - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCreateServerMetaFile - OK - 0xBF91120A - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCreateSolidBrush - OK - 0xBF819FAD - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiD3dContextCreate - OK - 0xBF936AFC - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiD3dContextDestroy - OK - 0xBF936B0F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiD3dContextDestroyAll - OK - 0xBF936B22 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiD3dValidateTextureStageState - OK - 0xBF936B35 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiD3dDrawPrimitives2 - OK - 0xBF936B48 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdGetDriverState - OK - 0xBF936B5B - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdAddAttachedSurface - OK - 0xBF9369D1 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdAlphaBlt - OK - 0xBF936C1B - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdAttachSurface - OK - 0xBF9069C9 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdBeginMoCompFrame - OK - 0xBF936BC6 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdBlt - OK - 0xBF9069DC - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdCanCreateSurface - OK - 0xBF9067B6 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdCanCreateD3DBuffer - OK - 0xBF936AD3 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdColorControl - OK - 0xBF9369E4 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdCreateDirectDrawObject - OK - 0xBF8F4647 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdCreateSurface - OK - 0xBF8F465A - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdCreateD3DBuffer - OK - 0xBF936ABD - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdCreateMoComp - OK - 0xBF9067F5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdCreateSurfaceObject - OK - 0xBF906E20 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdDeleteDirectDrawObject - OK - 0xBF8F48A3 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdDeleteSurfaceObject - OK - 0xBF90699D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdDestroyMoComp - OK - 0xBF9067C9 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdDestroySurface - OK - 0xBF8F488D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdDestroyD3DBuffer - OK - 0xBF936AE6 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdEndMoCompFrame - OK - 0xBF936BD9 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdFlip - OK - 0xBF906EC6 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdFlipToGDISurface - OK - 0xBF9075D1 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdGetAvailDriverMemory - OK - 0xBF9069B3 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdGetBltStatus - OK - 0xBF9369F7 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdGetDC - OK - 0xBF906721 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdGetDriverInfo - OK - 0xBF906760 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdGetDxHandle - OK - 0xBF936A65 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdGetFlipStatus - OK - 0xBF936A0D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdGetInternalMoCompInfo - OK - 0xBF936BB0 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdGetMoCompBuffInfo - OK - 0xBF936B9A - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdGetMoCompGuids - OK - 0xBF9067DF - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdGetMoCompFormats - OK - 0xBF936B84 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdGetScanLine - OK - 0xBF9076D7 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdLock - OK - 0xBF8C8ABD - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdLockD3D - OK - 0xBF936A91 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdQueryDirectDrawObject - OK - 0xBF8F45E6 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdQueryMoCompStatus - OK - 0xBF936C05 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdReenableDirectDrawObject - OK - 0xBF8F4621 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdReleaseDC - OK - 0xBF906895 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdRenderMoComp - OK - 0xBF936BEF - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdResetVisrgn - OK - 0xBF8C8903 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdSetColorKey - OK - 0xBF906EDC - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdSetExclusiveMode - OK - 0xBF936A23 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdSetGammaRamp - OK - 0xBF936A7B - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdCreateSurfaceEx - OK - 0xBF936B6E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdSetOverlayPosition - OK - 0xBF936A39 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdUnattachSurface - OK - 0xBF906A69 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdUnlock - OK - 0xBF8C88B3 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdUnlockD3D - OK - 0xBF936AA7 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdUpdateOverlay - OK - 0xBF906EB0 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdWaitForVerticalBlank - OK - 0xBF936A4F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDvpCanCreateVideoPort - OK - 0xBF936C2E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDvpColorControl - OK - 0xBF936C44 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDvpCreateVideoPort - OK - 0xBF936C5A - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDvpDestroyVideoPort - OK - 0xBF936C70 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDvpFlipVideoPort - OK - 0xBF936C86 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDvpGetVideoPortBandwidth - OK - 0xBF936C9C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDvpGetVideoPortField - OK - 0xBF936CB2 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDvpGetVideoPortFlipStatus - OK - 0xBF936CC8 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDvpGetVideoPortInputFormats - OK - 0xBF936CDE - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDvpGetVideoPortLine - OK - 0xBF936CF4 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDvpGetVideoPortOutputFormats - OK - 0xBF936D0A - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDvpGetVideoPortConnectInfo - OK - 0xBF936D20 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDvpGetVideoSignalStatus - OK - 0xBF936D36 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDvpUpdateVideoPort - OK - 0xBF936D4C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDvpWaitForVideoPortSync - OK - 0xBF936D62 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDvpAcquireNotification - OK - 0xBF936D78 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDvpReleaseNotification - OK - 0xBF936D8E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDxgGenericThunk - OK - 0xBF9369BE - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDeleteClientObj - OK - 0xBF8E56BF - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDeleteColorSpace - OK - 0xBF94D03F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDeleteColorTransform - OK - 0xBF94E213 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDeleteObjectApp - OK - 0xBF813986 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDescribePixelFormat - OK - 0xBF94C73D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetPerBandInfo - OK - 0xBF8F9BA4 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDoBanding - OK - 0xBF8FB1B8 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDoPalette - OK - 0xBF837FCB - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDrawEscape - OK - 0xBF94B5D8 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEllipse - OK - 0xBF8DCDB5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEnableEudc - OK - 0xBF875508 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEndDoc - OK - 0xBF8FAB34 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEndPage - OK - 0xBF903FFD - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEndPath - OK - 0xBF8FF5C3 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEnumFontChunk - OK - 0xBF86A9D0 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEnumFontClose - OK - 0xBF86A94F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEnumFontOpen - OK - 0xBF869FDE - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEnumObjects - OK - 0xBF8DA5A6 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEqualRgn - OK - 0xBF93BA84 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEudcLoadUnloadLink - OK - 0xBF9527EE - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiExcludeClipRect - OK - 0xBF827FC3 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiExtCreatePen - OK - 0xBF8D24A5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiExtCreateRegion - OK - 0xBF835773 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiExtEscape - OK - 0xBF8B62CB - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiExtFloodFill - OK - 0xBF95360C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiExtGetObjectW - OK - 0xBF827104 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiExtSelectClipRgn - OK - 0xBF80F20D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiExtTextOutW - OK - 0xBF899988 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiFillPath - OK - 0xBF94A775 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiFillRgn - OK - 0xBF8AA4F2 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiFlattenPath - OK - 0xBF94A6DA - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiFlushUserBatch - OK - 0xBF80C3D1 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiFlush - OK - 0xBF80A295 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiForceUFIMapping - OK - 0xBF94C61D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiFrameRgn - OK - 0xBF8B81AC - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiFullscreenControl - OK - 0xBF93E761 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetAndSetDCDword - OK - 0xBF8D1776 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetAppClipBox - OK - 0xBF81651D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetBitmapBits - OK - 0xBF8AA9E5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetBitmapDimension - OK - 0xBF94C53F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetBoundsRect - OK - 0xBF8BDD12 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetCharABCWidthsW - OK - 0xBF8CA169 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetCharacterPlacementW - OK - 0xBF94ACE3 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetCharSet - OK - 0xBF80F848 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetCharWidthW - OK - 0xBF8F6F80 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetCharWidthInfo - OK - 0xBF8AB6FB - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetColorAdjustment - OK - 0xBF94B8FA - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetColorSpaceforBitmap - OK - 0xBF953EC1 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetDCDword - OK - 0xBF8273D1 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetDCforBitmap - OK - 0xBF898674 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetDCObject - OK - 0xBF82725E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetDCPoint - OK - 0xBF8C358D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetDeviceCaps - OK - 0xBF94BAF6 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetDeviceGammaRamp - OK - 0xBF94D5EA - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetDeviceCapsAll - OK - 0xBF8D0A17 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetDIBitsInternal - OK - 0xBF839DAF - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetETM - OK - 0xBF954E24 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetEudcTimeStampEx - OK - 0xBF950290 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetFontData - OK - 0xBF8F879C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetFontResourceInfoInternalW - OK - 0xBF94BD95 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetGlyphIndicesW - OK - 0xBF94CA20 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetGlyphIndicesWInternal - OK - 0xBF94C8C3 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetGlyphOutline - OK - 0xBF94B6EB - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetKerningPairs - OK - 0xBF94B7F0 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetLinkedUFIs - OK - 0xBF9390F5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetMiterLimit - OK - 0xBF8CB81D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetMonitorID - OK - 0xBF9416A3 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetNearestColor - OK - 0xBF828119 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetNearestPaletteIndex - OK - 0xBF94F069 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetObjectBitmapHandle - OK - 0xBF94B881 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetOutlineTextMetricsInternalW - OK - 0xBF8F67A9 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetPath - OK - 0xBF94AB42 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetPixel - OK - 0xBF864C81 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetRandomRgn - OK - 0xBF80F21D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetRasterizerCaps - OK - 0xBF8F92DA - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetRealizationInfo - OK - 0xBF94CACB - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetRegionData - OK - 0xBF83A77F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetRgnBox - OK - 0xBF8C34D7 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetServerMetaFileBits - OK - 0xBF911464 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetSpoolMessage - OK - 0xBF892BEA - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetStats - OK - 0xBF954FA1 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetStockObject - OK - 0xBF852B73 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetStringBitmapW - OK - 0xBF951E82 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetSystemPaletteUse - OK - 0xBF8D081E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetTextCharsetInfo - OK - 0xBF82870C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetTextExtent - OK - 0xBF84E652 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetTextExtentExW - OK - 0xBF8D9E0C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetTextFaceW - OK - 0xBF82FDDB - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetTextMetricsW - OK - 0xBF82856A - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetTransform - OK - 0xBF8B3CB1 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetUFI - OK - 0xBF94BFDC - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetEmbUFI - OK - 0xBF94C0A5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetUFIPathname - OK - 0xBF94C185 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetEmbedFonts - OK - 0xBF94BF5D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiChangeGhostFont - OK - 0xBF94BF67 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiAddEmbFontToDC - OK - 0xBF937D87 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetFontUnicodeRanges - OK - 0xBF94CA44 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetWidthTable - OK - 0xBF82EF93 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGradientFill - OK - 0xBF860D96 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiHfontCreate - OK - 0xBF828258 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiIcmBrushInfo - OK - 0xBF94DBCE - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiInit - OK - 0xBF85927C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiInitSpool - OK - 0xBF877526 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiIntersectClipRect - OK - 0xBF816046 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiInvertRgn - OK - 0xBF8C4EA5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiLineTo - OK - 0xBF8C5E5F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiMakeFontDir - OK - 0xBF94C7B7 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiMakeInfoDC - OK - 0xBF953EFA - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiMaskBlt - OK - 0xBF828CA3 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiModifyWorldTransform - OK - 0xBF8B3A8E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiMonoBitmap - OK - 0xBF8CB9F0 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiMoveTo - OK - 0xBF94BA88 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiOffsetClipRgn - OK - 0xBF8FB077 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiOffsetRgn - OK - 0xBF898A38 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiOpenDCW - OK - 0xBF83A12C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiPatBlt - OK - 0xBF8C2F59 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiPolyPatBlt - OK - 0xBF82A045 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiPathToRegion - OK - 0xBF94A84F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiPlgBlt - OK - 0xBF9463F2 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiPolyDraw - OK - 0xBF94B176 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiPolyPolyDraw - OK - 0xBF8A41D6 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiPolyTextOutW - OK - 0xBF94B273 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiPtInRegion - OK - 0xBF94BB76 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiPtVisible - OK - 0xBF93BC26 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiQueryFonts - OK - 0xBF94BB96 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiQueryFontAssocInfo - OK - 0xBF859797 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiRectangle - OK - 0xBF8C7E0F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiRectInRegion - OK - 0xBF8ECC27 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiRectVisible - OK - 0xBF89A312 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiRemoveFontResourceW - OK - 0xBF8D96E2 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiRemoveFontMemResourceEx - OK - 0xBF94BD79 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiResetDC - OK - 0xBF8EBC9E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiResizePalette - OK - 0xBF94F2DD - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiRestoreDC - OK - 0xBF82943C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiRoundRect - OK - 0xBF90F293 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSaveDC - OK - 0xBF82944C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiScaleViewportExtEx - OK - 0xBF944619 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiScaleWindowExtEx - OK - 0xBF94C4CB - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSelectBitmap - OK - 0xBF8085A0 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSelectBrush - OK - 0xBF94BA68 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSelectClipPath - OK - 0xBF8FF6C2 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSelectFont - OK - 0xBF81C8A1 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSelectPen - OK - 0xBF94BA78 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetBitmapAttributes - OK - 0xBF876F70 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetBitmapBits - OK - 0xBF8C3A0D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetBitmapDimension - OK - 0xBF94C5A9 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetBoundsRect - OK - 0xBF8BE119 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetBrushAttributes - OK - 0xBF94BB16 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetBrushOrg - OK - 0xBF8C3AAB - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetColorAdjustment - OK - 0xBF94B95B - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetColorSpace - OK - 0xBF94D101 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetDeviceGammaRamp - OK - 0xBF94D926 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetDIBitsToDeviceInternal - OK - 0xBF826B19 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetFontEnumeration - OK - 0xBF891C3B - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetFontXform - OK - 0xBF8E5A75 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetIcmMode - OK - 0xBF8C57A2 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetLinkedUFIs - OK - 0xBF8F98A2 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetMagicColors - OK - 0xBF94F6FB - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetMetaRgn - OK - 0xBF8E57F4 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetMiterLimit - OK - 0xBF8E5816 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetDeviceWidth - OK - 0xBF94C4BB - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiMirrorWindowOrg - OK - 0xBF94C4AB - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetLayout - OK - 0xBF827ECB - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetPixel - OK - 0xBF864EC3 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetPixelFormat - OK - 0xBF955C6B - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetRectRgn - OK - 0xBF94BB66 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetSystemPaletteUse - OK - 0xBF94BB06 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetTextJustification - OK - 0xBF955231 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetupPublicCFONT - OK - 0xBF872BC0 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetVirtualResolution - OK - 0xBF8E5618 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetSizeDevice - OK - 0xBF8E5AE6 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiStartDoc - OK - 0xBF902EBA - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiStartPage - OK - 0xBF903E41 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiStretchBlt - OK - 0xBF89482D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiStretchDIBitsInternal - OK - 0xBF8AFEBB - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiStrokeAndFillPath - OK - 0xBF8FE239 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiStrokePath - OK - 0xBF94AA56 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSwapBuffers - OK - 0xBF955E13 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiTransformPoints - OK - 0xBF8D0939 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiTransparentBlt - OK - 0xBF895305 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiUnloadPrinterDriver - OK - 0xBF94C68E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiUnmapMemFont - OK - 0xBF956187 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiUnrealizeObject - OK - 0xBF94BB56 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiUpdateColors - OK - 0xBF94F567 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiWidenPath - OK - 0xBF94A937 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserActivateKeyboardLayout - OK - 0xBF868910 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserAlterWindowStyle - OK - 0xBF8632C0 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserAssociateInputContext - OK - 0xBF9156CE - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserAttachThreadInput - OK - 0xBF8F52E8 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserBeginPaint - OK - 0xBF815C2E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserBitBltSysBmp - OK - 0xBF8D0844 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserBlockInput - OK - 0xBF914007 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserBuildHimcList - OK - 0xBF915805 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserBuildHwndList - OK - 0xBF895BC5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserBuildNameList - OK - 0xBF85E63F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserBuildPropList - OK - 0xBF913DCA - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCallHwnd - OK - 0xBF8655F7 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCallHwndLock - OK - 0xBF89897F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCallHwndOpt - OK - 0xBF874550 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCallHwndParam - OK - 0xBF898B72 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCallHwndParamLock - OK - 0xBF824339 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCallMsgFilter - OK - 0xBF8D0753 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCallNextHookEx - OK - 0xBF8F6133 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCallNoParam - OK - 0xBF801167 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCallOneParam - OK - 0xBF80111F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCallTwoParam - OK - 0xBF898B32 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserChangeClipboardChain - OK - 0xBF8CA6FC - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserChangeDisplaySettings - OK - 0xBF89021D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCheckImeHotKey - OK - 0xBF8A1DA7 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCheckMenuItem - OK - 0xBF8D564A - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserChildWindowFromPointEx - OK - 0xBF86D9F4 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserClipCursor - OK - 0xBF8F96C2 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCloseClipboard - OK - 0xBF8C4DAA - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCloseDesktop - OK - 0xBF85E31A - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCloseWindowStation - OK - 0xBF85E3DC - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserConsoleControl - OK - 0xBF858CB0 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserConvertMemHandle - OK - 0xBF8CFC39 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCopyAcceleratorTable - OK - 0xBF90E8CC - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCountClipboardFormats - OK - 0xBF8D07F8 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCreateAcceleratorTable - OK - 0xBF8AC6E5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCreateCaret - OK - 0xBF8A3335 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCreateDesktop - OK - 0xBF876C13 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCreateInputContext - OK - 0xBF915634 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCreateLocalMemHandle - OK - 0xBF8CAA57 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCreateWindowEx - OK - 0xBF832E9B - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCreateWindowStation - OK - 0xBF877266 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserDdeGetQualityOfService - OK - 0xBF912E54 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserDdeInitialize - OK - 0xBF8751E4 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserDdeSetQualityOfService - OK - 0xBF912D84 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserDeferWindowPos - OK - 0xBF8A1934 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserDefSetText - OK - 0xBF8A22C8 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserDeleteMenu - OK - 0xBF8A3761 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserDestroyAcceleratorTable - OK - 0xBF8F9661 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserDestroyCursor - OK - 0xBF896B82 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserDestroyInputContext - OK - 0xBF915684 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserDestroyMenu - OK - 0xBF8A2C2C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserDestroyWindow - OK - 0xBF89DC40 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserDisableThreadIme - OK - 0xBF915DDA - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserDispatchMessage - OK - 0xBF80ECAF - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserDragDetect - OK - 0xBF913EC5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserDragObject - OK - 0xBF9122FD - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserDrawAnimatedRects - OK - 0xBF913024 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserDrawCaption - OK - 0xBF9130E7 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserDrawCaptionTemp - OK - 0xBF90C671 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserDrawIconEx - OK - 0xBF8322B4 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserDrawMenuBarTemp - OK - 0xBF914092 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserEmptyClipboard - OK - 0xBF8CF8BE - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserEnableMenuItem - OK - 0xBF8C3692 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserEnableScrollBar - OK - 0xBF912CFF - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserEndDeferWindowPosEx - OK - 0xBF82789E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserEndMenu - OK - 0xBF913190 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserEndPaint - OK - 0xBF8158E5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserEnumDisplayDevices - OK - 0xBF865F12 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserEnumDisplayMonitors - OK - 0xBF896628 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserEnumDisplaySettings - OK - 0xBF8939EC - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserEvent - OK - 0xBF91258A - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserExcludeUpdateRgn - OK - 0xBF8C50AB - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserFillWindow - OK - 0xBF8D068A - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserFindExistingCursorIcon - OK - 0xBF84E8B8 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserFindWindowEx - OK - 0xBF85C08F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserFlashWindowEx - OK - 0xBF9161E7 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetAltTabInfo - OK - 0xBF8CDAE5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetAncestor - OK - 0xBF827A66 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetAppImeLevel - OK - 0xBF915BD9 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetAsyncKeyState - OK - 0xBF89C6AB - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetAtomName - OK - 0xBF833077 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetCaretBlinkTime - OK - 0xBF8A1E80 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetCaretPos - OK - 0xBF8C3B26 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetClassInfo - OK - 0xBF837C8C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetClassName - OK - 0xBF81F94A - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetClipboardData - OK - 0xBF8CA892 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetClipboardFormatName - OK - 0xBF8ECCEC - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetClipboardOwner - OK - 0xBF8CF9B4 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetClipboardSequenceNumber - OK - 0xBF8C32CF - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetClipboardViewer - OK - 0xBF9131D6 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetClipCursor - OK - 0xBF912C67 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetComboBoxInfo - OK - 0xBF91289D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetControlBrush - OK - 0xBF8AB612 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetControlColor - OK - 0xBF9062A2 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetCPD - OK - 0xBF81CED4 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetCursorFrameInfo - OK - 0xBF860B14 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetCursorInfo - OK - 0xBF9129BA - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetDC - OK - 0xBF804406 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetDCEx - OK - 0xBF83022E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetDoubleClickTime - OK - 0xBF831291 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetForegroundWindow - OK - 0xBF81C51E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetGuiResources - OK - 0xBF9123C6 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetGUIThreadInfo - OK - 0xBF85CA33 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetIconInfo - OK - 0xBF8373DB - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetIconSize - OK - 0xBF83752B - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetImeHotKey - OK - 0xBF915A97 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetImeInfoEx - OK - 0xBF915907 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetInternalWindowPos - OK - 0xBF91261B - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetKeyboardLayoutList - OK - 0xBF89A648 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetKeyboardLayoutName - OK - 0xBF8F4C94 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetKeyboardState - OK - 0xBF85BF4A - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetKeyNameText - OK - 0xBF90C9C2 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetKeyState - OK - 0xBF81C7C9 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetListBoxInfo - OK - 0xBF912966 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetMenuBarInfo - OK - 0xBF912AB7 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetMenuIndex - OK - 0xBF912F0D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetMenuItemRect - OK - 0xBF913A41 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetMessage - OK - 0xBF819EE7 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetMouseMovePointsEx - OK - 0xBF91371C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetObjectInformation - OK - 0xBF81A15F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetOpenClipboardWindow - OK - 0xBF8D07CC - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetPriorityClipboardFormat - OK - 0xBF913202 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetProcessWindowStation - OK - 0xBF819FCA - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetRawInputBuffer - OK - 0xBF916A67 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetRawInputData - OK - 0xBF916367 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetRawInputDeviceInfo - OK - 0xBF916541 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetRawInputDeviceList - OK - 0xBF916836 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetRegisteredRawInputDevices - OK - 0xBF916A2C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetScrollBarInfo - OK - 0xBF8A15CF - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetSystemMenu - OK - 0xBF835459 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetThreadDesktop - OK - 0xBF81A415 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetThreadState - OK - 0xBF81F3E5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetTitleBarInfo - OK - 0xBF8304B8 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetUpdateRect - OK - 0xBF8310BE - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetUpdateRgn - OK - 0xBF8C337E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetWindowDC - OK - 0xBF803806 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetWindowPlacement - OK - 0xBF8EC489 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetWOWClass - OK - 0xBF90EC78 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserHardErrorControl - OK - 0xBF912207 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserHideCaret - OK - 0xBF899695 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserHiliteMenuItem - OK - 0xBF91328B - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserImpersonateDdeClientWindow - OK - 0xBF91402D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserInitialize - OK - 0xBF88B6FA - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserInitializeClientPfnArrays - OK - 0xBF885C4F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserInitTask - OK - 0xBF9126FA - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserInternalGetWindowText - OK - 0xBF8305B4 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserInvalidateRect - OK - 0xBF814F7C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserInvalidateRgn - OK - 0xBF8A2BD2 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserIsClipboardFormatAvailable - OK - 0xBF8C3295 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserKillTimer - OK - 0xBF80E95D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserLoadKeyboardLayoutEx - OK - 0xBF8B9417 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserLockWindowStation - OK - 0xBF876E75 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserLockWindowUpdate - OK - 0xBF8D5591 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserLockWorkStation - OK - 0xBF9122E0 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserMapVirtualKeyEx - OK - 0xBF8C7032 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserMenuItemFromPoint - OK - 0xBF913B18 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserMessageCall - OK - 0xBF80EEF3 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserMinMaximize - OK - 0xBF91086D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserMNDragLeave - OK - 0xBF9133DB - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserMNDragOver - OK - 0xBF91332B - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserModifyUserStartupInfoFlags - OK - 0xBF8EBEA5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserMoveWindow - OK - 0xBF829096 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserNotifyIMEStatus - OK - 0xBF915D75 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserNotifyProcessCreate - OK - 0xBF8592B2 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserNotifyWinEvent - OK - 0xBF8C363D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserOpenClipboard - OK - 0xBF8C4D27 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserOpenDesktop - OK - 0xBF85E5B4 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserOpenInputDesktop - OK - 0xBF8734A3 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserOpenWindowStation - OK - 0xBF8EC6D1 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserPaintDesktop - OK - 0xBF868BC6 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserPeekMessage - OK - 0xBF8036F5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserPostMessage - OK - 0xBF808367 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserPostThreadMessage - OK - 0xBF85DF0E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserPrintWindow - OK - 0xBF891D3E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserProcessConnect - OK - 0xBF856FF0 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserQueryInformationThread - OK - 0xBF913BAA - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserQueryInputContext - OK - 0xBF915781 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserQuerySendMessage - OK - 0xBF913F58 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserQueryUserCounters - OK - 0xBF915E7E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserQueryWindow - OK - 0xBF80A182 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserRealChildWindowFromPoint - OK - 0xBF912A79 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserRealInternalGetMessage - OK - 0xBF872F5B - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserRealWaitMessageEx - OK - 0xBF913981 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserRedrawWindow - OK - 0xBF81F5BA - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserRegisterClassExWOW - OK - 0xBF85248F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserRegisterUserApiHook - OK - 0xBF877652 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserRegisterHotKey - OK - 0xBF891282 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserRegisterRawInputDevices - OK - 0xBF916980 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserRegisterTasklist - OK - 0xBF91284B - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserRegisterWindowMessage - OK - 0xBF80A426 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserRemoveMenu - OK - 0xBF891C66 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserRemoveProp - OK - 0xBF895ED8 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserResolveDesktop - OK - 0xBF86BB2E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserResolveDesktopForWOW - OK - 0xBF916C78 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSBGetParms - OK - 0xBF8A1476 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserScrollDC - OK - 0xBF856900 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserScrollWindowEx - OK - 0xBF8ECE05 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSelectPalette - OK - 0xBF828B1D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSendInput - OK - 0xBF8C21B0 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetActiveWindow - OK - 0xBF8AB882 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetAppImeLevel - OK - 0xBF915B6E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetCapture - OK - 0xBF89D718 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetClassLong - OK - 0xBF8A0FC8 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetClassWord - OK - 0xBF9133F8 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetClipboardData - OK - 0xBF8CFB5D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetClipboardViewer - OK - 0xBF8CA612 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetConsoleReserveKeys - OK - 0xBF8696B1 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetCursor - OK - 0xBF81CA44 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetCursorContents - OK - 0xBF9139FA - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetCursorIconData - OK - 0xBF83763D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetDbgTag - OK - 0xBF912F90 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetFocus - OK - 0xBF8309AA - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetImeHotKey - OK - 0xBF8B9337 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetImeInfoEx - OK - 0xBF9159EC - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetImeOwnerWindow - OK - 0xBF915C43 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetInformationProcess - OK - 0xBF858F16 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetInformationThread - OK - 0xBF86947B - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetInternalWindowPos - OK - 0xBF912B86 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetKeyboardState - OK - 0xBF8C518B - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetLogonNotifyWindow - OK - 0xBF87F83E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetMenu - OK - 0xBF90C888 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetMenuContextHelpId - OK - 0xBF912FB3 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetMenuDefaultItem - OK - 0xBF891BFB - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetMenuFlagRtoL - OK - 0xBF912FF0 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetObjectInformation - OK - 0xBF912252 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetParent - OK - 0xBF8AB3CF - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetProcessWindowStation - OK - 0xBF85E9A6 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetProp - OK - 0xBF823FA2 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetRipFlags - OK - 0xBF912F6D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetScrollInfo - OK - 0xBF80E69A - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetShellWindowEx - OK - 0xBF873D31 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetSysColors - OK - 0xBF913433 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetSystemCursor - OK - 0xBF9139C1 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetSystemMenu - OK - 0xBF8F5D8F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetSystemTimer - OK - 0xBF913F1F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetThreadDesktop - OK - 0xBF85E9FE - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetThreadLayoutHandles - OK - 0xBF915CF4 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetThreadState - OK - 0xBF8AB5D6 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetTimer - OK - 0xBF803AA0 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetWindowFNID - OK - 0xBF8AB47A - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetWindowLong - OK - 0xBF89606D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetWindowPlacement - OK - 0xBF8B8C2D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetWindowPos - OK - 0xBF823D49 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetWindowRgn - OK - 0xBF8351D4 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetWindowsHookAW - OK - 0xBF8603C4 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetWindowsHookEx - OK - 0xBF85F8B2 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetWindowStationUser - OK - 0xBF876D12 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetWindowWord - OK - 0xBF8F48B9 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetWinEventHook - OK - 0xBF8EC2F7 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserShowCaret - OK - 0xBF8996F7 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserShowScrollBar - OK - 0xBF8C422C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserShowWindow - OK - 0xBF89A25B - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserShowWindowAsync - OK - 0xBF86BA21 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSoundSentry - OK - 0xBF8EBF9D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSwitchDesktop - OK - 0xBF873FD0 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSystemParametersInfo - OK - 0xBF851A23 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserTestForInteractiveUser - OK - 0xBF90EE03 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserThunkedMenuInfo - OK - 0xBF8F5CF0 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserThunkedMenuItemInfo - OK - 0xBF89FF52 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserToUnicodeEx - OK - 0xBF9137CC - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserTrackMouseEvent - OK - 0xBF85ADC5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserTrackPopupMenuEx - OK - 0xBF9135E9 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCalcMenuBar - OK - 0xBF83071F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserPaintMenuBar - OK - 0xBF8EE27E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserTranslateAccelerator - OK - 0xBF8D0170 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserTranslateMessage - OK - 0xBF89BE1E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserUnhookWindowsHookEx - OK - 0xBF8607C4 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserUnhookWinEvent - OK - 0xBF8EC3D2 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserUnloadKeyboardLayout - OK - 0xBF913E97 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserUnlockWindowStation - OK - 0xBF8BCCDC - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserUnregisterClass - OK - 0xBF852E43 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserUnregisterUserApiHook - OK - 0xBF876AEF - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserUnregisterHotKey - OK - 0xBF9136DF - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserUpdateInputContext - OK - 0xBF915731 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserUpdateInstance - OK - 0xBF9124F5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserUpdateLayeredWindow - OK - 0xBF8AA36F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetLayeredWindowAttributes - OK - 0xBF9162A9 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetLayeredWindowAttributes - OK - 0xBF8A2D08 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserUpdatePerUserSystemParameters - OK - 0xBF87C869 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserUserHandleGrantAccess - OK - 0xBF913BF1 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserValidateHandleSecure - OK - 0xBF801991 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserValidateRect - OK - 0xBF8C7A07 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserValidateTimerCallback - OK - 0xBF80A74D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserVkKeyScanEx - OK - 0xBF8C2B6E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserWaitForInputIdle - OK - 0xBF90E647 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserWaitForMsgAndEvent - OK - 0xBF90D584 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserWaitMessage - OK - 0xBF80379C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserWin32PoolAllocationStats - OK - 0xBF912248 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserWindowFromPoint - OK - 0xBF81CDA2 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserYieldTask - OK - 0xBF90ED9B - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserRemoteConnect - OK - 0xBF8738B8 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserRemoteRedrawRectangle - OK - 0xBF9120CF - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserRemoteRedrawScreen - OK - 0xBF91211C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserRemoteStopScreenUpdates - OK - 0xBF912170 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCtxDisplayIOCtl - OK - 0xBF9121BD - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngAssociateSurface - OK - 0xBF8FA9DB - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngCreateBitmap - OK - 0xBF8FB3CF - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngCreateDeviceSurface - OK - 0xBF8FA9A8 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngCreateDeviceBitmap - OK - 0xBF956192 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngCreatePalette - OK - 0xBF8E7C3D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngComputeGlyphSet - OK - 0xBF905036 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngCopyBits - OK - 0xBF9566EE - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngDeletePalette - OK - 0xBF8E87C9 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngDeleteSurface - OK - 0xBF8FA92E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngEraseSurface - OK - 0xBF956318 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngUnlockSurface - OK - 0xBF8FEBEB - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngLockSurface - OK - 0xBF8FADD1 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngBitBlt - OK - 0xBF903BC6 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngStretchBlt - OK - 0xBF8FEFC4 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngPlgBlt - OK - 0xBF956AA4 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngMarkBandingSurface - OK - 0xBF8FB471 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngStrokePath - OK - 0xBF8FC26B - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngFillPath - OK - 0xBF956C9B - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngStrokeAndFillPath - OK - 0xBF8FCF00 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngPaint - OK - 0xBF956E06 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngLineTo - OK - 0xBF956F22 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngAlphaBlend - OK - 0xBF95704B - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngGradientFill - OK - 0xBF9571CA - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngTransparentBlt - OK - 0xBF9573A3 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngTextOut - OK - 0xBF8FDA40 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngStretchBltROP - OK - 0xBF956848 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiXLATEOBJ_cGetPalette - OK - 0xBF957E70 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiXLATEOBJ_iXlate - OK - 0xBF957F2C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiXLATEOBJ_hGetColorTransform - OK - 0xBF957E22 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCLIPOBJ_bEnum - OK - 0xBF8FC768 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCLIPOBJ_cEnumStart - OK - 0xBF8FC815 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCLIPOBJ_ppoGetPath - OK - 0xBF956409 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngDeletePath - OK - 0xBF956447 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngCreateClip - OK - 0xBF956481 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngDeleteClip - OK - 0xBF9564B3 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiBRUSHOBJ_ulGetBrushColor - OK - 0xBF8FBDD3 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiBRUSHOBJ_pvAllocRbrush - OK - 0xBF95750F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiBRUSHOBJ_pvGetRbrush - OK - 0xBF957560 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiBRUSHOBJ_hGetColorTransform - OK - 0xBF9050BC - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiXFORMOBJ_bApplyXform - OK - 0xBF904A05 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiXFORMOBJ_iGetXform - OK - 0xBF8F9CD8 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiFONTOBJ_vGetInfo - OK - 0xBF904BC6 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiFONTOBJ_pxoGetXform - OK - 0xBF8F9C3E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiFONTOBJ_cGetGlyphs - OK - 0xBF90466A - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiFONTOBJ_pifi - OK - 0xBF8F9E49 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiFONTOBJ_pfdg - OK - 0xBF957679 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiFONTOBJ_pQueryGlyphAttrs - OK - 0xBF957780 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiFONTOBJ_pvTrueTypeFontFile - OK - 0xBF957D52 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiFONTOBJ_cGetAllGlyphHandles - OK - 0xBF9575AE - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSTROBJ_bEnum - OK - 0xBF957858 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSTROBJ_bEnumPositionsOnly - OK - 0xBF904DF4 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSTROBJ_bGetAdvanceWidths - OK - 0xBF8F9F5C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSTROBJ_vEnumStart - OK - 0xBF904E12 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSTROBJ_dwGetCodePage - OK - 0xBF957876 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiPATHOBJ_vGetBounds - OK - 0xBF957967 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiPATHOBJ_bEnum - OK - 0xBF9579F8 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiPATHOBJ_vEnumStart - OK - 0xBF957B05 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiPATHOBJ_vEnumStartClipLines - OK - 0xBF957B61 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiPATHOBJ_bEnumClipLines - OK - 0xBF957C1F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetDhpdev - OK - 0xBF956160 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngCheckAbort - OK - 0xBF9564ED - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiHT_Get8BPPFormatPalette - OK - 0xBF9044AF - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiHT_Get8BPPMaskPalette - OK - 0xBF9561D4 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiUpdateTransform - OK - 0xBF9447DE - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetPUMPDOBJ - OK - 0xBF8E6355 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiBRUSHOBJ_DeleteRbrush - OK - 0xBF9578C4 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiUnmapMemFont - OK - 0xBF956187 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDrawStream - OK - 0xBF8176B1 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation

==========================================================================================

FSD

       (Fastfat)IRP_MJ_CREATE - fsd hook - 0x86D0E790->0xF740167E - C:\WINDOWS\system32\drivers\sptd.sys - 
       (Fastfat)IRP_MJ_CREATE_NAMED_PIPE - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       (Fastfat)IRP_MJ_CLOSE - fsd hook - 0x86D0E790->0xF740167E - C:\WINDOWS\system32\drivers\sptd.sys - 
       (Fastfat)IRP_MJ_READ - fsd hook - 0x86D0E790->0xF740167E - C:\WINDOWS\system32\drivers\sptd.sys - 
       (Fastfat)IRP_MJ_WRITE - fsd hook - 0x86D0E790->0xF740167E - C:\WINDOWS\system32\drivers\sptd.sys - 
       (Fastfat)IRP_MJ_QUERY_INFORMATION - fsd hook - 0x86D0E790->0xF740167E - C:\WINDOWS\system32\drivers\sptd.sys - 
       (Fastfat)IRP_MJ_SET_INFORMATION - fsd hook - 0x86D0E790->0xF740167E - C:\WINDOWS\system32\drivers\sptd.sys - 
       (Fastfat)IRP_MJ_QUERY_EA - fsd hook - 0x86D0E790->0xF740167E - C:\WINDOWS\system32\drivers\sptd.sys - 
       (Fastfat)IRP_MJ_SET_EA - fsd hook - 0x86D0E790->0xF740167E - C:\WINDOWS\system32\drivers\sptd.sys - 
       (Fastfat)IRP_MJ_FLUSH_BUFFERS - fsd hook - 0x86D0E790->0xF740167E - C:\WINDOWS\system32\drivers\sptd.sys - 
       (Fastfat)IRP_MJ_QUERY_VOLUME_INFORMATION - fsd hook - 0x86D0E790->0xF740167E - C:\WINDOWS\system32\drivers\sptd.sys - 
       (Fastfat)IRP_MJ_SET_VOLUME_INFORMATION - fsd hook - 0x86D0E790->0xF740167E - C:\WINDOWS\system32\drivers\sptd.sys - 
       (Fastfat)IRP_MJ_DIRECTORY_CONTROL - fsd hook - 0x86D0E790->0xF740167E - C:\WINDOWS\system32\drivers\sptd.sys - 
       (Fastfat)IRP_MJ_FILE_SYSTEM_CONTROL - fsd hook - 0x86D0E790->0xF740167E - C:\WINDOWS\system32\drivers\sptd.sys - 
       (Fastfat)IRP_MJ_DEVICE_CONTROL - fsd hook - 0x86D0E790->0xF740167E - C:\WINDOWS\system32\drivers\sptd.sys - 
       (Fastfat)IRP_MJ_INTERNAL_DEVICE_CONTROL - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       (Fastfat)IRP_MJ_SHUTDOWN - fsd hook - 0x86D0E790->0xF740167E - C:\WINDOWS\system32\drivers\sptd.sys - 
       (Fastfat)IRP_MJ_LOCK_CONTROL - fsd hook - 0x86D0E790->0xF740167E - C:\WINDOWS\system32\drivers\sptd.sys - 
       (Fastfat)IRP_MJ_CLEANUP - fsd hook - 0x86D0E790->0xF740167E - C:\WINDOWS\system32\drivers\sptd.sys - 
       (Fastfat)IRP_MJ_CREATE_MAILSLOT - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       (Fastfat)IRP_MJ_QUERY_SECURITY - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       (Fastfat)IRP_MJ_SET_SECURITY - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       (Fastfat)IRP_MJ_POWER - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       (Fastfat)IRP_MJ_SYSTEM_CONTROL - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       (Fastfat)IRP_MJ_DEVICE_CHANGE - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       (Fastfat)IRP_MJ_QUERY_QUOTA - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       (Fastfat)IRP_MJ_SET_QUOTA - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       (Fastfat)IRP_MJ_PNP_POWER - fsd hook - 0x86D0E790->0xF740167E - C:\WINDOWS\system32\drivers\sptd.sys - 
       (Ntfs)IRP_MJ_CREATE - fsd hook - 0x86FCF1E8->0xF740167E - C:\WINDOWS\system32\drivers\sptd.sys - 
       (Ntfs)IRP_MJ_CREATE_NAMED_PIPE - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       (Ntfs)IRP_MJ_CLOSE - fsd hook - 0x86FCF1E8->0xF740167E - C:\WINDOWS\system32\drivers\sptd.sys - 
       (Ntfs)IRP_MJ_READ - fsd hook - 0x86FCF1E8->0xF740167E - C:\WINDOWS\system32\drivers\sptd.sys - 
       (Ntfs)IRP_MJ_WRITE - fsd hook - 0x86FCF1E8->0xF740167E - C:\WINDOWS\system32\drivers\sptd.sys - 
       (Ntfs)IRP_MJ_QUERY_INFORMATION - fsd hook - 0x86FCF1E8->0xF740167E - C:\WINDOWS\system32\drivers\sptd.sys - 
       (Ntfs)IRP_MJ_SET_INFORMATION - fsd hook - 0x86FCF1E8->0xF740167E - C:\WINDOWS\system32\drivers\sptd.sys - 
       (Ntfs)IRP_MJ_QUERY_EA - fsd hook - 0x86FCF1E8->0xF740167E - C:\WINDOWS\system32\drivers\sptd.sys - 
       (Ntfs)IRP_MJ_SET_EA - fsd hook - 0x86FCF1E8->0xF740167E - C:\WINDOWS\system32\drivers\sptd.sys - 
       (Ntfs)IRP_MJ_FLUSH_BUFFERS - fsd hook - 0x86FCF1E8->0xF740167E - C:\WINDOWS\system32\drivers\sptd.sys - 
       (Ntfs)IRP_MJ_QUERY_VOLUME_INFORMATION - fsd hook - 0x86FCF1E8->0xF740167E - C:\WINDOWS\system32\drivers\sptd.sys - 
       (Ntfs)IRP_MJ_SET_VOLUME_INFORMATION - fsd hook - 0x86FCF1E8->0xF740167E - C:\WINDOWS\system32\drivers\sptd.sys - 
       (Ntfs)IRP_MJ_DIRECTORY_CONTROL - fsd hook - 0x86FCF1E8->0xF740167E - C:\WINDOWS\system32\drivers\sptd.sys - 
       (Ntfs)IRP_MJ_FILE_SYSTEM_CONTROL - fsd hook - 0x86FCF1E8->0xF740167E - C:\WINDOWS\system32\drivers\sptd.sys - 
       (Ntfs)IRP_MJ_DEVICE_CONTROL - fsd hook - 0x86FCF1E8->0xF740167E - C:\WINDOWS\system32\drivers\sptd.sys - 
       (Ntfs)IRP_MJ_INTERNAL_DEVICE_CONTROL - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       (Ntfs)IRP_MJ_SHUTDOWN - fsd hook - 0x86FCF1E8->0xF740167E - C:\WINDOWS\system32\drivers\sptd.sys - 
       (Ntfs)IRP_MJ_LOCK_CONTROL - fsd hook - 0x86FCF1E8->0xF740167E - C:\WINDOWS\system32\drivers\sptd.sys - 
       (Ntfs)IRP_MJ_CLEANUP - fsd hook - 0x86FCF1E8->0xF740167E - C:\WINDOWS\system32\drivers\sptd.sys - 
       (Ntfs)IRP_MJ_CREATE_MAILSLOT - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       (Ntfs)IRP_MJ_QUERY_SECURITY - fsd hook - 0x86FCF1E8->0xF740167E - C:\WINDOWS\system32\drivers\sptd.sys - 
       (Ntfs)IRP_MJ_SET_SECURITY - fsd hook - 0x86FCF1E8->0xF740167E - C:\WINDOWS\system32\drivers\sptd.sys - 
       (Ntfs)IRP_MJ_POWER - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       (Ntfs)IRP_MJ_SYSTEM_CONTROL - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       (Ntfs)IRP_MJ_DEVICE_CHANGE - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       (Ntfs)IRP_MJ_QUERY_QUOTA - fsd hook - 0x86FCF1E8->0xF740167E - C:\WINDOWS\system32\drivers\sptd.sys - 
       (Ntfs)IRP_MJ_SET_QUOTA - fsd hook - 0x86FCF1E8->0xF740167E - C:\WINDOWS\system32\drivers\sptd.sys - 
       (Ntfs)IRP_MJ_PNP_POWER - fsd hook - 0x86FCF1E8->0xF740167E - C:\WINDOWS\system32\drivers\sptd.sys - 

==========================================================================================

Keyboard

       IRP_MJ_CREATE - OK - 0xF7786DD0 - C:\WINDOWS\system32\DRIVERS\kbdclass.sys - Microsoft Corporation
       IRP_MJ_CREATE_NAMED_PIPE - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_CLOSE - OK - 0xF7786FE0 - C:\WINDOWS\system32\DRIVERS\kbdclass.sys - Microsoft Corporation
       IRP_MJ_READ - OK - 0xF7787C72 - C:\WINDOWS\system32\DRIVERS\kbdclass.sys - Microsoft Corporation
       IRP_MJ_WRITE - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_QUERY_INFORMATION - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_SET_INFORMATION - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_QUERY_EA - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_SET_EA - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_FLUSH_BUFFERS - OK - 0xF7786D4A - C:\WINDOWS\system32\DRIVERS\kbdclass.sys - Microsoft Corporation
       IRP_MJ_QUERY_VOLUME_INFORMATION - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_SET_VOLUME_INFORMATION - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_DIRECTORY_CONTROL - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_FILE_SYSTEM_CONTROL - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_DEVICE_CONTROL - OK - 0xF7788A38 - C:\WINDOWS\system32\DRIVERS\kbdclass.sys - Microsoft Corporation
       IRP_MJ_INTERNAL_DEVICE_CONTROL - OK - 0xF7788386 - C:\WINDOWS\system32\DRIVERS\kbdclass.sys - Microsoft Corporation
       IRP_MJ_SHUTDOWN - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_LOCK_CONTROL - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_CLEANUP - OK - 0xF7786D06 - C:\WINDOWS\system32\DRIVERS\kbdclass.sys - Microsoft Corporation
       IRP_MJ_CREATE_MAILSLOT - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_QUERY_SECURITY - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_SET_SECURITY - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_POWER - OK - 0xF7789180 - C:\WINDOWS\system32\DRIVERS\kbdclass.sys - Microsoft Corporation
       IRP_MJ_SYSTEM_CONTROL - OK - 0xF7788842 - C:\WINDOWS\system32\DRIVERS\kbdclass.sys - Microsoft Corporation
       IRP_MJ_DEVICE_CHANGE - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_QUERY_QUOTA - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_SET_QUOTA - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_PNP_POWER - OK - 0xF778778A - C:\WINDOWS\system32\DRIVERS\kbdclass.sys - Microsoft Corporation

==========================================================================================

Mouclass

       IRP_MJ_CREATE - OK - 0xF78EEB78 - C:\WINDOWS\system32\DRIVERS\mouclass.sys - Microsoft Corporation
       IRP_MJ_CREATE_NAMED_PIPE - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_CLOSE - OK - 0xF78EED86 - C:\WINDOWS\system32\DRIVERS\mouclass.sys - Microsoft Corporation
       IRP_MJ_READ - OK - 0xF78EF98C - C:\WINDOWS\system32\DRIVERS\mouclass.sys - Microsoft Corporation
       IRP_MJ_WRITE - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_QUERY_INFORMATION - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_SET_INFORMATION - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_QUERY_EA - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_SET_EA - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_FLUSH_BUFFERS - OK - 0xF78EEAF2 - C:\WINDOWS\system32\DRIVERS\mouclass.sys - Microsoft Corporation
       IRP_MJ_QUERY_VOLUME_INFORMATION - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_SET_VOLUME_INFORMATION - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_DIRECTORY_CONTROL - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_FILE_SYSTEM_CONTROL - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_DEVICE_CONTROL - OK - 0xF78F02C6 - C:\WINDOWS\system32\DRIVERS\mouclass.sys - Microsoft Corporation
       IRP_MJ_INTERNAL_DEVICE_CONTROL - OK - 0xF78F0086 - C:\WINDOWS\system32\DRIVERS\mouclass.sys - Microsoft Corporation
       IRP_MJ_SHUTDOWN - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_LOCK_CONTROL - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_CLEANUP - OK - 0xF78EEAAE - C:\WINDOWS\system32\DRIVERS\mouclass.sys - Microsoft Corporation
       IRP_MJ_CREATE_MAILSLOT - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_QUERY_SECURITY - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_SET_SECURITY - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_POWER - OK - 0xF78F0CC6 - C:\WINDOWS\system32\DRIVERS\mouclass.sys - Microsoft Corporation
       IRP_MJ_SYSTEM_CONTROL - OK - 0xF78F078C - C:\WINDOWS\system32\DRIVERS\mouclass.sys - Microsoft Corporation
       IRP_MJ_DEVICE_CHANGE - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_QUERY_QUOTA - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_SET_QUOTA - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_PNP_POWER - OK - 0xF78EF542 - C:\WINDOWS\system32\DRIVERS\mouclass.sys - Microsoft Corporation

==========================================================================================

Classpnp

       IRP_MJ_CREATE - OK - 0xF7554BB0 - C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS - Microsoft Corporation
       IRP_MJ_CREATE_NAMED_PIPE - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_CLOSE - OK - 0xF7554BB0 - C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS - Microsoft Corporation
       IRP_MJ_READ - OK - 0xF754ED1F - C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS - Microsoft Corporation
       IRP_MJ_WRITE - OK - 0xF754ED1F - C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS - Microsoft Corporation
       IRP_MJ_QUERY_INFORMATION - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_SET_INFORMATION - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_QUERY_EA - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_SET_EA - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_FLUSH_BUFFERS - OK - 0xF754F2E2 - C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS - Microsoft Corporation
       IRP_MJ_QUERY_VOLUME_INFORMATION - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_SET_VOLUME_INFORMATION - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_DIRECTORY_CONTROL - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_FILE_SYSTEM_CONTROL - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_DEVICE_CONTROL - OK - 0xF754F3BB - C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS - Microsoft Corporation
       IRP_MJ_INTERNAL_DEVICE_CONTROL - OK - 0xF7552F28 - C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS - Microsoft Corporation
       IRP_MJ_SHUTDOWN - OK - 0xF754F2E2 - C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS - Microsoft Corporation
       IRP_MJ_LOCK_CONTROL - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_CLEANUP - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_CREATE_MAILSLOT - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_QUERY_SECURITY - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_SET_SECURITY - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_POWER - OK - 0xF7550C82 - C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS - Microsoft Corporation
       IRP_MJ_SYSTEM_CONTROL - OK - 0xF755599E - C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS - Microsoft Corporation
       IRP_MJ_DEVICE_CHANGE - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_QUERY_QUOTA - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_SET_QUOTA - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_PNP_POWER - OK - 0xF7554C93 - C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS - Microsoft Corporation

==========================================================================================

Atapi

       IRP_MJ_CREATE - atapi hook - 0xF7338B40 - C:\WINDOWS\system32\drivers\atapi.sys - Microsoft Corporation
       IRP_MJ_CREATE_NAMED_PIPE - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_CLOSE - atapi hook - 0xF7338B40 - C:\WINDOWS\system32\drivers\atapi.sys - Microsoft Corporation
       IRP_MJ_READ - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_WRITE - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_QUERY_INFORMATION - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_SET_INFORMATION - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_QUERY_EA - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_SET_EA - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_FLUSH_BUFFERS - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_QUERY_VOLUME_INFORMATION - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_SET_VOLUME_INFORMATION - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_DIRECTORY_CONTROL - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_FILE_SYSTEM_CONTROL - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_DEVICE_CONTROL - atapi hook - 0xF7338B40 - C:\WINDOWS\system32\drivers\atapi.sys - Microsoft Corporation
       IRP_MJ_INTERNAL_DEVICE_CONTROL - atapi hook - 0xF7338B40 - C:\WINDOWS\system32\drivers\atapi.sys - Microsoft Corporation
       IRP_MJ_SHUTDOWN - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_LOCK_CONTROL - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_CLEANUP - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_CREATE_MAILSLOT - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_QUERY_SECURITY - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_SET_SECURITY - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_POWER - atapi hook - 0xF7338B40 - C:\WINDOWS\system32\drivers\atapi.sys - Microsoft Corporation
       IRP_MJ_SYSTEM_CONTROL - atapi hook - 0xF7338B40 - C:\WINDOWS\system32\drivers\atapi.sys - Microsoft Corporation
       IRP_MJ_DEVICE_CHANGE - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_QUERY_QUOTA - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_SET_QUOTA - OK - 0x804F9759 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_PNP_POWER - atapi hook - 0xF7338B40 - C:\WINDOWS\system32\drivers\atapi.sys - Microsoft Corporation
       DriverStartIo - OK - 0xF7336864 - C:\WINDOWS\system32\drivers\atapi.sys - Microsoft Corporation

==========================================================================================

Acpi

       IRP_MJ_CREATE - OK - 0xF73A3CB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_CREATE_NAMED_PIPE - OK - 0xF73A3CB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_CLOSE - OK - 0xF73A3CB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_READ - OK - 0xF73A3CB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_WRITE - OK - 0xF73A3CB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_QUERY_INFORMATION - OK - 0xF73A3CB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_SET_INFORMATION - OK - 0xF73A3CB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_QUERY_EA - OK - 0xF73A3CB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_SET_EA - OK - 0xF73A3CB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_FLUSH_BUFFERS - OK - 0xF73A3CB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_QUERY_VOLUME_INFORMATION - OK - 0xF73A3CB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_SET_VOLUME_INFORMATION - OK - 0xF73A3CB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_DIRECTORY_CONTROL - OK - 0xF73A3CB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_FILE_SYSTEM_CONTROL - OK - 0xF73A3CB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_DEVICE_CONTROL - OK - 0xF73A3CB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_INTERNAL_DEVICE_CONTROL - OK - 0xF73A3CB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_SHUTDOWN - OK - 0xF73A3CB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_LOCK_CONTROL - OK - 0xF73A3CB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_CLEANUP - OK - 0xF73A3CB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_CREATE_MAILSLOT - OK - 0xF73A3CB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_QUERY_SECURITY - OK - 0xF73A3CB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_SET_SECURITY - OK - 0xF73A3CB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_POWER - OK - 0xF73A3CB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_SYSTEM_CONTROL - OK - 0xF73A3CB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_DEVICE_CHANGE - OK - 0xF73A3CB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_QUERY_QUOTA - OK - 0xF73A3CB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_SET_QUOTA - OK - 0xF73A3CB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_PNP_POWER - OK - 0xF73A3CB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation

==========================================================================================

Scsi

       Nothing

==========================================================================================

Kernel Hook

       Inline - len(1) RtlPrefetchMemoryNonTemporal[ntoskrnl.exe] - [0x804E5531]->[-]
       Inline - len(1) KiFastCallEntry[ntoskrnl.exe] - [0x804DDA9D]->[-]
       Inline - len(18) [ntoskrnl.exe] - [0x804DCB22]->[-]
       Inline - len(1) [ntoskrnl.exe] - [0x804DCB3A]->[-]
       Inline - len(4) [ntoskrnl.exe] - [0x804E4974]->[-]
       Inline - len(12) [ntoskrnl.exe] - [0x804E49EC]->[-]
       Inline - len(4) [ntoskrnl.exe] - [0x804E4AAC]->[-]
       Inline - len(4) [ntoskrnl.exe] - [0x804E4B50]->[-]
       Inline - len(4) [ntoskrnl.exe] - [0x804E4B94]->[-]
       Inline - len(4) [ntoskrnl.exe] - [0x804E4CAC]->[-]
       Iat - ntoskrnl.exe:IoConnectInterrupt[SCSIPORT.SYS<=>0xF73D20F0] - [0x805BFB4E]->[0xF73FB06C][C:\WINDOWS\system32\drivers\sptd.sys]
       Iat - ntoskrnl.exe:IoDetachDevice[pci.sys<=>0xF7390200] - [0x80507FC4]->[0xF73FB018][C:\WINDOWS\system32\drivers\sptd.sys]
       Iat - ntoskrnl.exe:IoAttachDeviceToDeviceStack[pci.sys<=>0xF7390210] - [0x80506BF6]->[0xF741D9AE][C:\WINDOWS\system32\drivers\sptd.sys]
       Inline - len(5) DllUnload[USBPORT.SYS] - [0xF71698AC]->[0x86ECF1C8][->0xF73FBCB0==>C:\WINDOWS\system32\drivers\sptd.sys]
       Iat - HAL.dll:READ_PORT_UCHAR[i8042prt.sys<=>0xF7631304] - [0x80708A54]->[0xF73FA29A][C:\WINDOWS\system32\drivers\sptd.sys]

==========================================================================================

Object Type

       CmpCloseKeyObject - CmpKeyObjectType - OK - 0x80573369 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpDeleteKeyObject - CmpKeyObjectType - OK - 0x805732E2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpParseKey - CmpKeyObjectType - OK - 0x805728DB - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpSecurityMethod - CmpKeyObjectType - OK - 0x8057321B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpQueryKeyName - CmpKeyObjectType - OK - 0x805A687D - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IopCloseFile - IoFileObjectType - OK - 0x805740F2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IopDeleteFile - IoFileObjectType - OK - 0x80573F45 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IopParseFile - IoFileObjectType - OK - 0x80584202 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IopGetSetSecurityObject - IoFileObjectType - OK - 0x805E807E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IopQueryName - IoFileObjectType - OK - 0x8058AF8A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IopDeleteDriver - IoDriverObjectType - OK - 0x805B39D8 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - IoDriverObjectType - OK - 0x8056FEA2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IopDeleteDevice - IoDeviceObjectType - OK - 0x805A45C1 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IopParseDevice - IoDeviceObjectType - OK - 0x8057931E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IopGetSetSecurityObject - IoDeviceObjectType - OK - 0x805E807E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IopDeleteIoCompletion - IoCompletionObjectType - OK - 0x8057D5F1 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - IoCompletionObjectType - OK - 0x8056FEA2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       PspJobClose - PsJobType - OK - 0x805C1604 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       PspJobDelete - PsJobType - OK - 0x805C16E2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - PsJobType - OK - 0x8056FEA2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       PspThreadDelete - PsThreadType - OK - 0x80575C80 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - PsThreadType - OK - 0x8056FEA2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       PspProcessDelete - PsProcessType - OK - 0x8058E682 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - PsProcessType - OK - 0x8056FEA2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       ObpDeleteObjectType - ObpTypeObjectType - OK - 0x80631AFB - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - ObpTypeObjectType - OK - 0x8056FEA2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - ObpDirectoryObjectType - OK - 0x8056FEA2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       ObpDeleteSymbolicLink - ObpSymbolicLinkObjectType - OK - 0x805AD90E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       ObpParseSymbolicLink - ObpSymbolicLinkObjectType - OK - 0x8056D79E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - ObpSymbolicLinkObjectType - OK - 0x8056FEA2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       MiSectionDelete - MmSectionObjectType - OK - 0x8056D751 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - MmSectionObjectType - OK - 0x8056FEA2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - ExEventObjectType - OK - 0x8056FEA2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       ExpDeleteMutant - ExMutantObjectType - OK - 0x804FA865 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - ExMutantObjectType - OK - 0x8056FEA2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - ExSemaphoreObjectType - OK - 0x8056FEA2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SepTokenDeleteMethod - SeTokenObjectType - OK - 0x805811D4 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - SeTokenObjectType - OK - 0x8056FEA2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       LpcpClosePort - LpcPortObjectType - OK - 0x80587D82 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       LpcpDeletePort - LpcPortObjectType - OK - 0x80587B51 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - LpcPortObjectType - OK - 0x8056FEA2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CloseProcedure - FilterCommunicationPort - OK - 0xF732390A - C:\WINDOWS\system32\drivers\fltMgr.sys - Microsoft Corporation
       DeleteProcedure - FilterCommunicationPort - OK - 0xF7323190 - C:\WINDOWS\system32\drivers\fltMgr.sys - Microsoft Corporation
       SeDefaultObjectMethod - FilterCommunicationPort - OK - 0x8056FEA2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - Controller - OK - 0x8056FEA2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       DeleteProcedure - Profile - OK - 0x806514A4 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - Profile - OK - 0x8056FEA2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - EventPair - OK - 0x8056FEA2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       OpenProcedure - Desktop - OK - 0x8058DE41 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CloseProcedure - Desktop - OK - 0x8058E06E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       DeleteProcedure - Desktop - OK - 0x8064D7BF - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - Desktop - OK - 0x8056FEA2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       OkayToCloseProcedure - Desktop - OK - 0x8058E0C4 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       DeleteProcedure - Timer - OK - 0x80518AB5 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - Timer - OK - 0x8056FEA2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       OpenProcedure - WindowStation - OK - 0x8058DE41 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CloseProcedure - WindowStation - OK - 0x8058E06E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       DeleteProcedure - WindowStation - OK - 0x8064D7BF - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       ParseProcedure - WindowStation - OK - 0x8058DEB4 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - WindowStation - OK - 0x8056FEA2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       OkayToCloseProcedure - WindowStation - OK - 0x8058E0C4 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CloseProcedure - WmiGuid - OK - 0x805A027B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       DeleteProcedure - WmiGuid - OK - 0x805AEB63 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - WmiGuid - OK - 0x805A020F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - KeyedEvent - OK - 0x8056FEA2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CloseProcedure - DebugObject - OK - 0x80662E11 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       DeleteProcedure - DebugObject - OK - 0x80573E48 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - DebugObject - OK - 0x8056FEA2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - Adapter - OK - 0x8056FEA2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CloseProcedure - WaitablePort - OK - 0x80587D82 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       DeleteProcedure - WaitablePort - OK - 0x80587B51 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - WaitablePort - OK - 0x8056FEA2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       DeleteProcedure - Callback - OK - 0x80573E48 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - Callback - OK - 0x8056FEA2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CloseProcedure - FilterConnectionPort - OK - 0xF73231AA - C:\WINDOWS\system32\drivers\fltMgr.sys - Microsoft Corporation
       DeleteProcedure - FilterConnectionPort - OK - 0xF73231CA - C:\WINDOWS\system32\drivers\fltMgr.sys - Microsoft Corporation
       SeDefaultObjectMethod - FilterConnectionPort - OK - 0x8056FEA2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       GetCellRoutine - HHIVE - OK - 0x80578799 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       ReleaseCellRoutine - HHIVE - OK - 0x80578726 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpAllocate - HHIVE - OK - 0x80593033 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFree - HHIVE - OK - 0x8059307A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileSetSize - HHIVE - OK - 0x805934EC - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileWrite - HHIVE - OK - 0x8059B859 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileRead - HHIVE - OK - 0x805BA86A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileFlush - HHIVE - OK - 0x8059B58C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       GetCellRoutine - HHIVE - OK - 0x80578799 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       ReleaseCellRoutine - HHIVE - OK - 0x80578726 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpAllocate - HHIVE - OK - 0x80593033 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFree - HHIVE - OK - 0x8059307A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileSetSize - HHIVE - OK - 0x805934EC - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileWrite - HHIVE - OK - 0x8059B859 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileRead - HHIVE - OK - 0x805BA86A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileFlush - HHIVE - OK - 0x8059B58C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       GetCellRoutine - HHIVE - OK - 0x80578799 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       ReleaseCellRoutine - HHIVE - OK - 0x80578726 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpAllocate - HHIVE - OK - 0x80593033 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFree - HHIVE - OK - 0x8059307A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileSetSize - HHIVE - OK - 0x805934EC - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileWrite - HHIVE - OK - 0x8059B859 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileRead - HHIVE - OK - 0x805BA86A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileFlush - HHIVE - OK - 0x8059B58C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       GetCellRoutine - HHIVE - OK - 0x80578799 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       ReleaseCellRoutine - HHIVE - OK - 0x80578726 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpAllocate - HHIVE - OK - 0x80593033 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFree - HHIVE - OK - 0x8059307A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileSetSize - HHIVE - OK - 0x805934EC - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileWrite - HHIVE - OK - 0x8059B859 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileRead - HHIVE - OK - 0x805BA86A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileFlush - HHIVE - OK - 0x8059B58C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       GetCellRoutine - HHIVE - OK - 0x80578799 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       ReleaseCellRoutine - HHIVE - OK - 0x80578726 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpAllocate - HHIVE - OK - 0x80593033 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFree - HHIVE - OK - 0x8059307A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileSetSize - HHIVE - OK - 0x805934EC - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileWrite - HHIVE - OK - 0x8059B859 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileRead - HHIVE - OK - 0x805BA86A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileFlush - HHIVE - OK - 0x8059B58C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       GetCellRoutine - HHIVE - OK - 0x80578799 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       ReleaseCellRoutine - HHIVE - OK - 0x80578726 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpAllocate - HHIVE - OK - 0x80593033 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFree - HHIVE - OK - 0x8059307A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileSetSize - HHIVE - OK - 0x805934EC - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileWrite - HHIVE - OK - 0x8059B859 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileRead - HHIVE - OK - 0x805BA86A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileFlush - HHIVE - OK - 0x8059B58C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       GetCellRoutine - HHIVE - OK - 0x80578799 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       ReleaseCellRoutine - HHIVE - OK - 0x80578726 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpAllocate - HHIVE - OK - 0x80593033 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFree - HHIVE - OK - 0x8059307A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileSetSize - HHIVE - OK - 0x805934EC - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileWrite - HHIVE - OK - 0x8059B859 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileRead - HHIVE - OK - 0x805BA86A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileFlush - HHIVE - OK - 0x8059B58C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       GetCellRoutine - HHIVE - OK - 0x80578799 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       ReleaseCellRoutine - HHIVE - OK - 0x80578726 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpAllocate - HHIVE - OK - 0x80593033 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFree - HHIVE - OK - 0x8059307A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileSetSize - HHIVE - OK - 0x805934EC - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileWrite - HHIVE - OK - 0x8059B859 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileRead - HHIVE - OK - 0x805BA86A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileFlush - HHIVE - OK - 0x8059B58C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       GetCellRoutine - HHIVE - OK - 0x805789F6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpAllocate - HHIVE - OK - 0x80593033 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFree - HHIVE - OK - 0x8059307A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileSetSize - HHIVE - OK - 0x805934EC - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileWrite - HHIVE - OK - 0x8059B859 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileRead - HHIVE - OK - 0x805BA86A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileFlush - HHIVE - OK - 0x8059B58C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       GetCellRoutine - HHIVE - OK - 0x80578799 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       ReleaseCellRoutine - HHIVE - OK - 0x80578726 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpAllocate - HHIVE - OK - 0x80593033 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFree - HHIVE - OK - 0x8059307A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileSetSize - HHIVE - OK - 0x805934EC - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileWrite - HHIVE - OK - 0x8059B859 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileRead - HHIVE - OK - 0x805BA86A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileFlush - HHIVE - OK - 0x8059B58C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       GetCellRoutine - HHIVE - OK - 0x805789F6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpAllocate - HHIVE - OK - 0x80593033 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFree - HHIVE - OK - 0x8059307A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileSetSize - HHIVE - OK - 0x805934EC - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileWrite - HHIVE - OK - 0x8059B859 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileRead - HHIVE - OK - 0x805BA86A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileFlush - HHIVE - OK - 0x8059B58C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation

==========================================================================================

IDT

       Divide error - OK - 0x804DE51E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Debug - OK - 0x804DE69D - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Not used - OK - 0x00000000 - - - 
       Breakpoint - OK - 0x804DEAB1 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Overflow - OK - 0x804DEC34 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Bounds check - OK - 0x804DED99 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Invalid opcode - OK - 0x804DEF1A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Device not available - OK - 0x804DF593 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Double fault - OK - 0x00000000 - - - 
       Coprocessor segment overrun - OK - 0x804DF998 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Invalid TSS - OK - 0x804DFAB6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Segment not present - OK - 0x804DFBF3 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Stack segment fault - OK - 0x804DFE50 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       General protection - OK - 0x804E014C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Page Fault - OK - 0x804E0889 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Reserved by Intel - OK - 0x804E0BBE - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Floating-point error - OK - 0x804E0CDC - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Alignment check - OK - 0x804E0E16 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Machine check - OK - 0x804E0BBE - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SIMD floating point exception - OK - 0x804E0F7B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Reserved by Intel - OK - 0x804E0BBE - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Reserved by Intel - OK - 0x804E0BBE - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Reserved by Intel - OK - 0x804E0BBE - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Reserved by Intel - OK - 0x804E0BBE - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Reserved by Intel - OK - 0x804E0BBE - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Reserved by Intel - OK - 0x804E0BBE - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Reserved by Intel - OK - 0x804E0BBE - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Reserved by Intel - OK - 0x804E0BBE - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Reserved by Intel - OK - 0x804E0BBE - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Reserved by Intel - OK - 0x804E0BBE - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Reserved by Intel - OK - 0x804E0BBE - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Reserved by Intel - OK - 0x8070210C - C:\WINDOWS\system32\hal.dll - Microsoft Corporation
       Not used - OK - 0x00000000 - - - 
       Not used - OK - 0x00000000 - - - 
       Not used - OK - 0x00000000 - - - 
       Not used - OK - 0x00000000 - - - 
       Not used - OK - 0x00000000 - - - 
       Not used - OK - 0x00000000 - - - 
       Not used - OK - 0x00000000 - - - 
       Not used - OK - 0x00000000 - - - 
       Not used - OK - 0x00000000 - - - 
       Not used - OK - 0x00000000 - - - 
       KiGetTickCount - OK - 0x804DDD51 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiCallbackReturn - OK - 0x804DDE54 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiSetLowWaitHighThread - OK - 0x804DE000 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiDebugService - OK - 0x804DE990 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiSystemService - OK - 0x804DD7D1 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Reserved for APIC - OK - 0x804E0BBE - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiStartUnexpectedRange - OK - 0x804DCE90 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt1 - OK - 0x804DCE9A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt2 - OK - 0x804DCEA4 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt3 - OK - 0x804DCEAE - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt4 - OK - 0x804DCEB8 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt5 - OK - 0x804DCEC2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt6 - OK - 0x804DCECC - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt7 - OK - 0x80701864 - C:\WINDOWS\system32\hal.dll - Microsoft Corporation
       KiUnexpectedInterrupt8 - OK - 0x804DCEE0 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt9 - OK - 0x804DCEEA - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt10 - OK - 0x804DCEF4 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt11 - OK - 0x804DCEFE - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt12 - OK - 0x804DCF08 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt13 - OK - 0x80702E2C - C:\WINDOWS\system32\hal.dll - Microsoft Corporation
       KiUnexpectedInterrupt14 - OK - 0x804DCF1C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt15 - OK - 0x804DCF26 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt16 - OK - 0x804DCF30 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt17 - OK - 0x80702C88 - C:\WINDOWS\system32\hal.dll - Microsoft Corporation
       KiUnexpectedInterrupt18 - OK - 0x804DCF44 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt19 - OK - 0x804DCF4E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt20 - OK - 0x804DCF58 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt21 - OK - 0x804DCF62 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt22 - OK - 0x804DCF6C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt23 - OK - 0x804DCF76 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt24 - OK - 0x804DCF80 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt25 - OK - 0x804DCF8A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt26 - OK - 0x804DCF94 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt27 - OK - 0x804DCF9E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt28 - OK - 0x804DCFA8 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt29 - OK - 0x804DCFB2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt30 - OK - 0x804DCFBC - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt31 - OK - 0x804DCFC6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt32 - OK - 0x8070193C - C:\WINDOWS\system32\hal.dll - Microsoft Corporation
       KiUnexpectedInterrupt33 - OK - 0x804DCFDA - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt34 - OK - 0x804DCFE4 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt35 - OK - 0x804DCFEE - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt36 - OK - 0x804DCFF8 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt37 - OK - 0x804DD002 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt38 - OK - 0x804DD00C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt39 - OK - 0x804DD016 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt40 - OK - 0x804DD020 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt41 - OK - 0x804DD02A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt42 - OK - 0x804DD034 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt43 - OK - 0x804DD03E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt44 - OK - 0x804DD048 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt45 - OK - 0x804DD052 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt46 - OK - 0x804DD05C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt47 - OK - 0x804DD066 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt48 - OK - 0x804DD070 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt49 - OK - 0x804DD07A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt50 - idt hook - 0x86E97E54 - unknown image - 
       KiUnexpectedInterrupt51 - idt hook - 0x86E9472C - unknown image - 
       KiUnexpectedInterrupt52 - OK - 0x804DD098 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt53 - OK - 0x804DD0A2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt54 - OK - 0x804DD0AC - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt55 - OK - 0x804DD0B6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt56 - OK - 0x804DD0C0 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt57 - OK - 0x804DD0CA - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt58 - OK - 0x804DD0D4 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt59 - OK - 0x804DD0DE - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt60 - OK - 0x804DD0E8 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt61 - OK - 0x804DD0F2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt62 - OK - 0x804DD0FC - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt63 - OK - 0x804DD106 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt64 - OK - 0x804DD110 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt65 - OK - 0x804DD11A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt66 - OK - 0x804DD124 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt67 - idt hook - 0x86D9C3AC - unknown image - 
       KiUnexpectedInterrupt68 - OK - 0x804DD138 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt69 - OK - 0x804DD142 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt70 - OK - 0x804DD14C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt71 - OK - 0x804DD156 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt72 - OK - 0x804DD160 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt73 - OK - 0x804DD16A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt74 - OK - 0x804DD174 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt75 - OK - 0x804DD17E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt76 - OK - 0x804DD188 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt77 - OK - 0x804DD192 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt78 - OK - 0x804DD19C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt79 - OK - 0x804DD1A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt80 - OK - 0x804DD1B0 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt81 - OK - 0x804DD1BA - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt82 - idt hook - 0x86E95E54 - unknown image - 
       KiUnexpectedInterrupt83 - idt hook - 0x86E0F7EC - unknown image - 
       KiUnexpectedInterrupt84 - OK - 0x804DD1D8 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt85 - OK - 0x804DD1E2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt86 - OK - 0x804DD1EC - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt87 - OK - 0x804DD1F6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt88 - OK - 0x804DD200 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt89 - OK - 0x804DD20A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt90 - OK - 0x804DD214 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt91 - OK - 0x804DD21E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt92 - OK - 0x804DD228 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt93 - OK - 0x804DD232 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt94 - OK - 0x804DD23C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt95 - OK - 0x804DD246 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt96 - OK - 0x804DD250 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt97 - OK - 0x804DD25A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt98 - OK - 0x804DD264 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt99 - idt hook - 0x86D723EC - unknown image - 
       KiUnexpectedInterrupt100 - OK - 0x804DD278 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt101 - OK - 0x804DD282 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt102 - OK - 0x804DD28C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt103 - OK - 0x804DD296 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt104 - OK - 0x804DD2A0 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt105 - OK - 0x804DD2AA - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt106 - OK - 0x804DD2B4 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt107 - OK - 0x804DD2BE - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt108 - OK - 0x804DD2C8 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt109 - OK - 0x804DD2D2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt110 - OK - 0x804DD2DC - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt111 - OK - 0x804DD2E6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt112 - OK - 0x804DD2F0 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt113 - OK - 0x804DD2FA - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt114 - OK - 0x804DD304 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt115 - idt hook - 0x86D702AC - unknown image - 
       KiUnexpectedInterrupt116 - OK - 0x804DD318 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt117 - OK - 0x804DD322 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt118 - OK - 0x804DD32C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt119 - OK - 0x804DD336 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt120 - OK - 0x804DD340 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt121 - OK - 0x804DD34A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt122 - OK - 0x804DD354 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt123 - OK - 0x804DD35E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt124 - OK - 0x804DD368 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt125 - OK - 0x804DD372 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt126 - OK - 0x804DD37C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt127 - OK - 0x804DD386 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt128 - OK - 0x804DD390 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt129 - idt hook - 0x86F3BD34 - unknown image - 
       KiUnexpectedInterrupt130 - OK - 0x804DD3A4 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt131 - OK - 0x804DD3AE - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt132 - idt hook - 0x86D7CCBC - unknown image - 
       KiUnexpectedInterrupt133 - OK - 0x804DD3C2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt134 - OK - 0x804DD3CC - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt135 - OK - 0x804DD3D6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt136 - OK - 0x804DD3E0 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt137 - OK - 0x804DD3EA - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt138 - OK - 0x804DD3F4 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt139 - OK - 0x804DD3FE - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt140 - OK - 0x804DD408 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt141 - OK - 0x804DD412 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt142 - OK - 0x804DD41C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt143 - OK - 0x804DD426 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt144 - OK - 0x804DD430 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt145 - OK - 0x80701AC0 - C:\WINDOWS\system32\hal.dll - Microsoft Corporation
       KiUnexpectedInterrupt146 - OK - 0x804DD444 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt147 - OK - 0x804DD44E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt148 - OK - 0x804DD458 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt149 - OK - 0x804DD462 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt150 - OK - 0x804DD46C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt151 - OK - 0x804DD476 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt152 - OK - 0x804DD480 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt153 - OK - 0x804DD48A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt154 - OK - 0x804DD494 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt155 - OK - 0x804DD49E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt156 - OK - 0x804DD4A8 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt157 - OK - 0x804DD4B2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt158 - OK - 0x804DD4BC - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt159 - OK - 0x804DD4C6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt160 - OK - 0x804DD4D0 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt161 - OK - 0x807012A0 - C:\WINDOWS\system32\hal.dll - Microsoft Corporation
       KiUnexpectedInterrupt162 - OK - 0x804DD4E4 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt163 - OK - 0x804DD4EE - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt164 - OK - 0x804DD4F8 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt165 - OK - 0x804DD502 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt166 - OK - 0x804DD50C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt167 - OK - 0x804DD516 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt168 - OK - 0x804DD520 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt169 - OK - 0x804DD52A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt170 - OK - 0x804DD534 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt171 - OK - 0x804DD53E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt172 - OK - 0x804DD548 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt173 - OK - 0x804DD552 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt174 - OK - 0x804DD55C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt175 - OK - 0x804DD566 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt176 - OK - 0x804DD570 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt177 - OK - 0x80702048 - C:\WINDOWS\system32\hal.dll - Microsoft Corporation
       KiUnexpectedInterrupt178 - OK - 0x804DD584 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt179 - OK - 0x80701DAC - C:\WINDOWS\system32\hal.dll - Microsoft Corporation
       KiUnexpectedInterrupt180 - OK - 0x804DD598 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt181 - OK - 0x804DD5A2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt182 - OK - 0x804DD5AC - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt183 - OK - 0x804DD5B6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt184 - OK - 0x804DD5C0 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt185 - OK - 0x804DD5CA - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt186 - OK - 0x804DD5D4 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt187 - OK - 0x804DD5DE - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt188 - OK - 0x804DD5E8 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt189 - OK - 0x804DD5F2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt190 - OK - 0x804DD5F9 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt191 - OK - 0x804DD600 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt192 - OK - 0x804DD607 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt193 - OK - 0x804DD60E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt194 - OK - 0x804DD615 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt195 - OK - 0x804DD61C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt196 - OK - 0x804DD623 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt197 - OK - 0x804DD62A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt198 - OK - 0x804DD631 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt199 - OK - 0x804DD638 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt200 - OK - 0x804DD63F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt201 - OK - 0x804DD646 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt202 - OK - 0x804DD64D - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt203 - OK - 0x804DD654 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt204 - OK - 0x804DD65B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt205 - OK - 0x807025A8 - C:\WINDOWS\system32\hal.dll - Microsoft Corporation
       KiUnexpectedInterrupt206 - OK - 0x80702748 - C:\WINDOWS\system32\hal.dll - Microsoft Corporation
       KiUnexpectedInterrupt207 - OK - 0x804DD670 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation

==========================================================================================

Message Hook

       XueTr.exe - C:\Documents and Settings\Mike\Plocha\XueTr.exe - WH_CBT - mfc42u.dll
       XueTr.exe - C:\Documents and Settings\Mike\Plocha\XueTr.exe - WH_MSGFILTER - mfc42u.dll

==========================================================================================

Process Hook

      Image File Name[212 smss.exe]Process Hook
             Nothing

------------------------------------------------------------------------------------------

      Image File Name[276 csrss.exe]Process Hook
             Nothing

------------------------------------------------------------------------------------------

      Image File Name[300 winlogon.exe]Process Hook
             Nothing

------------------------------------------------------------------------------------------

      Image File Name[344 services.exe]Process Hook
             Nothing

------------------------------------------------------------------------------------------

      Image File Name[356 lsass.exe]Process Hook
             Nothing

------------------------------------------------------------------------------------------

      Image File Name[512 svchost.exe]Process Hook
             Nothing

------------------------------------------------------------------------------------------

      Image File Name[576 svchost.exe]Process Hook
             Nothing

------------------------------------------------------------------------------------------

      Image File Name[636 svchost.exe]Process Hook
             Nothing

------------------------------------------------------------------------------------------

      Image File Name[692 svchost.exe]Process Hook
             Nothing

------------------------------------------------------------------------------------------

      Image File Name[960 explorer.exe]Process Hook
             Iat - Explorer.EXE->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - Explorer.EXE->SHELL32.dll:[Ordinal:518] - 0x7C9C0000->0x7CA40226[C:\WINDOWS\system32\SHELL32.dll]
             Iat - ADVAPI32.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - RPCRT4.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - Secur32.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - BROWSEUI.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - GDI32.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - USER32.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - msvcrt.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - ole32.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - SHLWAPI.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - OLEAUT32.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - SHDOCVW.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - CRYPT32.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - MSASN1.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - CRYPTUI.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - NETAPI32.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - VERSION.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - WININET.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - urlmon.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - iertutil.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - WINTRUST.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - IMAGEHLP.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - WLDAP32.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - SHELL32.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - UxTheme.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - WINMM.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - MSACM32.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - USERENV.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - IMM32.DLL->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - comctl32.dll[WinSxs]->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - comctl32.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - msctfime.ime->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - appHelp.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - CLBCATQ.DLL->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - GrooveShellExtensions.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - GrooveUtil.DLL->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - MSVCR80.dll[WinSxs]->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - ATL80.DLL[WinSxs]->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - rsaenh.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - cscui.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - CSCDLL.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - themeui.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - msutb.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - MSCTF.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - LINKINFO.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - ntshrui.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - ATL.DLL->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - GrooveSystemServices.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - msxml3.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - NeroDigitalExt.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - MFC80.DLL[WinSxs]->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - SETUPAPI.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - ieframe.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - NETSHELL.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - credui.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - WTSAPI32.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - eappcfg.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - iphlpapi.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - WS2_32.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - WS2HELP.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - SASSEH.DLL->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - msi.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - MPR.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - ntlanman.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - NETUI0.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - davclnt.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - PortableDeviceApi.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - MSGINA.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - ODBC32.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - comdlg32.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - MLANG.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - GrooveMisc.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - zipfldr.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - zipfldr.dll->SHLWAPI.dll:[Ordinal:486] - 0x77F6C2A7->0x77FC020B[C:\WINDOWS\system32\SHLWAPI.dll]
             Iat - rarext.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - 7-zip.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - actxprxy.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - Mp3tagShell32.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - WINSPOOL.DRV->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - CoverEdExtension.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - gdiplus.dll[WinSxs]->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - MSVFW32.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - Faultrep.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - RICHED20.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - shlext.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - mfc100u.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - MSVCR100.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - oodsh.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - oledlg.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]

------------------------------------------------------------------------------------------

      Image File Name[1260 XueTr.exe]Process Hook
             inline - len(5) kernel32.dll->LoadLibraryExW - 0x7C801AF5->0x00408A80[C:\Documents and Settings\Mike\Plocha\XueTr.exe]

==========================================================================================

KernelCallbackTable

      Image File Name[4 System]KernelCallbackTable

------------------------------------------------------------------------------------------

      Image File Name[212 smss.exe]KernelCallbackTable

------------------------------------------------------------------------------------------

      Image File Name[276 csrss.exe]KernelCallbackTable
             fnCOPYDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnCOPYGLOBALDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnNCDESTROY - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORDOPTINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTDRAG - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINCNTOUTSTRING - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCOMPAREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDELETEITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDRAWITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPMDICREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPMEASUREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPWINDOWPOS - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPPOINT5 - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNCCALCSIZE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINPAINTCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSIZECLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINDESTROYCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINDEVICECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNEXTMENU - OK - C:\WINDOWS\system32\USER32.dll
             fnLOGONNOTIFY - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTDWORDINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnSENTDDEMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTSTYLECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTACTIVATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPDEBUGHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMOUSEHOOKSTRUCTEX - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPKBDLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkOPTINLPEVENTMSG - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientEventCallback - OK - C:\WINDOWS\system32\USER32.dll
             ClientFindMnemChar - OK - C:\WINDOWS\system32\USER32.dll
             ClientFontSweep - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeDDEHandle - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetCharsetInfo - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEFlags - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEHookData - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetListboxString - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetMessageMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadMenu - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLocalT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadRemoteT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientPSMTextOut - OK - C:\WINDOWS\system32\USER32.dll
             ClientLpkDrawTextEx - OK - C:\WINDOWS\system32\USER32.dll
             ClientExtTextOutW - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetTextExtentPointW - OK - C:\WINDOWS\system32\USER32.dll
             ClientCharToWchar - OK - C:\WINDOWS\system32\USER32.dll
             ClientAddFontResourceW - OK - C:\WINDOWS\system32\USER32.dll
             ClientThreadSetup - OK - C:\WINDOWS\system32\USER32.dll
             ClientDeliverUserApc - OK - C:\WINDOWS\system32\USER32.dll
             ClientNoMemoryPopup - OK - C:\WINDOWS\system32\USER32.dll
             ClientMonitorEnumProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientCallWinEventProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientWaitMessageExMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWGetProcModule - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWTask16SchedNotify - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmLoadLayout - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmProcessKey - OK - C:\WINDOWS\system32\USER32.dll
             fnIMECONTROL - OK - C:\WINDOWS\system32\USER32.dll
             fnINWPARAMDBCSCHAR - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPKDRAWSWITCHWND - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadStringW - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadOLE - OK - C:\WINDOWS\system32\USER32.dll
             ClientRegisterDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             ClientRevokeDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTMENUGETOBJECT - OK - C:\WINDOWS\system32\USER32.dll
             ClientPrinterThunk - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPCOMBOBOXINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPSCROLLBARINFO - OK - C:\WINDOWS\system32\USER32.dll

------------------------------------------------------------------------------------------

      Image File Name[300 winlogon.exe]KernelCallbackTable
             fnCOPYDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnCOPYGLOBALDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnNCDESTROY - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORDOPTINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTDRAG - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINCNTOUTSTRING - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCOMPAREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDELETEITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDRAWITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPMDICREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPMEASUREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPWINDOWPOS - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPPOINT5 - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNCCALCSIZE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINPAINTCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSIZECLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINDESTROYCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINDEVICECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNEXTMENU - OK - C:\WINDOWS\system32\USER32.dll
             fnLOGONNOTIFY - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTDWORDINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnSENTDDEMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTSTYLECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTACTIVATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPDEBUGHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMOUSEHOOKSTRUCTEX - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPKBDLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkOPTINLPEVENTMSG - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientEventCallback - OK - C:\WINDOWS\system32\USER32.dll
             ClientFindMnemChar - OK - C:\WINDOWS\system32\USER32.dll
             ClientFontSweep - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeDDEHandle - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetCharsetInfo - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEFlags - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEHookData - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetListboxString - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetMessageMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadMenu - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLocalT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadRemoteT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientPSMTextOut - OK - C:\WINDOWS\system32\USER32.dll
             ClientLpkDrawTextEx - OK - C:\WINDOWS\system32\USER32.dll
             ClientExtTextOutW - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetTextExtentPointW - OK - C:\WINDOWS\system32\USER32.dll
             ClientCharToWchar - OK - C:\WINDOWS\system32\USER32.dll
             ClientAddFontResourceW - OK - C:\WINDOWS\system32\USER32.dll
             ClientThreadSetup - OK - C:\WINDOWS\system32\USER32.dll
             ClientDeliverUserApc - OK - C:\WINDOWS\system32\USER32.dll
             ClientNoMemoryPopup - OK - C:\WINDOWS\system32\USER32.dll
             ClientMonitorEnumProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientCallWinEventProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientWaitMessageExMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWGetProcModule - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWTask16SchedNotify - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmLoadLayout - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmProcessKey - OK - C:\WINDOWS\system32\USER32.dll
             fnIMECONTROL - OK - C:\WINDOWS\system32\USER32.dll
             fnINWPARAMDBCSCHAR - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPKDRAWSWITCHWND - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadStringW - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadOLE - OK - C:\WINDOWS\system32\USER32.dll
             ClientRegisterDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             ClientRevokeDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTMENUGETOBJECT - OK - C:\WINDOWS\system32\USER32.dll
             ClientPrinterThunk - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPCOMBOBOXINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPSCROLLBARINFO - OK - C:\WINDOWS\system32\USER32.dll

------------------------------------------------------------------------------------------

      Image File Name[344 services.exe]KernelCallbackTable
             fnCOPYDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnCOPYGLOBALDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnNCDESTROY - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORDOPTINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTDRAG - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINCNTOUTSTRING - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCOMPAREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDELETEITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDRAWITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPMDICREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPMEASUREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPWINDOWPOS - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPPOINT5 - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNCCALCSIZE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINPAINTCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSIZECLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINDESTROYCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINDEVICECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNEXTMENU - OK - C:\WINDOWS\system32\USER32.dll
             fnLOGONNOTIFY - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTDWORDINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnSENTDDEMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTSTYLECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTACTIVATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPDEBUGHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMOUSEHOOKSTRUCTEX - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPKBDLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkOPTINLPEVENTMSG - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientEventCallback - OK - C:\WINDOWS\system32\USER32.dll
             ClientFindMnemChar - OK - C:\WINDOWS\system32\USER32.dll
             ClientFontSweep - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeDDEHandle - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetCharsetInfo - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEFlags - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEHookData - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetListboxString - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetMessageMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadMenu - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLocalT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadRemoteT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientPSMTextOut - OK - C:\WINDOWS\system32\USER32.dll
             ClientLpkDrawTextEx - OK - C:\WINDOWS\system32\USER32.dll
             ClientExtTextOutW - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetTextExtentPointW - OK - C:\WINDOWS\system32\USER32.dll
             ClientCharToWchar - OK - C:\WINDOWS\system32\USER32.dll
             ClientAddFontResourceW - OK - C:\WINDOWS\system32\USER32.dll
             ClientThreadSetup - OK - C:\WINDOWS\system32\USER32.dll
             ClientDeliverUserApc - OK - C:\WINDOWS\system32\USER32.dll
             ClientNoMemoryPopup - OK - C:\WINDOWS\system32\USER32.dll
             ClientMonitorEnumProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientCallWinEventProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientWaitMessageExMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWGetProcModule - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWTask16SchedNotify - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmLoadLayout - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmProcessKey - OK - C:\WINDOWS\system32\USER32.dll
             fnIMECONTROL - OK - C:\WINDOWS\system32\USER32.dll
             fnINWPARAMDBCSCHAR - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPKDRAWSWITCHWND - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadStringW - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadOLE - OK - C:\WINDOWS\system32\USER32.dll
             ClientRegisterDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             ClientRevokeDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTMENUGETOBJECT - OK - C:\WINDOWS\system32\USER32.dll
             ClientPrinterThunk - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPCOMBOBOXINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPSCROLLBARINFO - OK - C:\WINDOWS\system32\USER32.dll

------------------------------------------------------------------------------------------

      Image File Name[356 lsass.exe]KernelCallbackTable
             fnCOPYDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnCOPYGLOBALDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnNCDESTROY - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORDOPTINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTDRAG - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINCNTOUTSTRING - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCOMPAREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDELETEITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDRAWITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPMDICREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPMEASUREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPWINDOWPOS - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPPOINT5 - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNCCALCSIZE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINPAINTCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSIZECLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINDESTROYCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINDEVICECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNEXTMENU - OK - C:\WINDOWS\system32\USER32.dll
             fnLOGONNOTIFY - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTDWORDINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnSENTDDEMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTSTYLECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTACTIVATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPDEBUGHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMOUSEHOOKSTRUCTEX - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPKBDLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkOPTINLPEVENTMSG - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientEventCallback - OK - C:\WINDOWS\system32\USER32.dll
             ClientFindMnemChar - OK - C:\WINDOWS\system32\USER32.dll
             ClientFontSweep - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeDDEHandle - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetCharsetInfo - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEFlags - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEHookData - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetListboxString - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetMessageMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadMenu - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLocalT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadRemoteT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientPSMTextOut - OK - C:\WINDOWS\system32\USER32.dll
             ClientLpkDrawTextEx - OK - C:\WINDOWS\system32\USER32.dll
             ClientExtTextOutW - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetTextExtentPointW - OK - C:\WINDOWS\system32\USER32.dll
             ClientCharToWchar - OK - C:\WINDOWS\system32\USER32.dll
             ClientAddFontResourceW - OK - C:\WINDOWS\system32\USER32.dll
             ClientThreadSetup - OK - C:\WINDOWS\system32\USER32.dll
             ClientDeliverUserApc - OK - C:\WINDOWS\system32\USER32.dll
             ClientNoMemoryPopup - OK - C:\WINDOWS\system32\USER32.dll
             ClientMonitorEnumProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientCallWinEventProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientWaitMessageExMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWGetProcModule - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWTask16SchedNotify - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmLoadLayout - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmProcessKey - OK - C:\WINDOWS\system32\USER32.dll
             fnIMECONTROL - OK - C:\WINDOWS\system32\USER32.dll
             fnINWPARAMDBCSCHAR - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPKDRAWSWITCHWND - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadStringW - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadOLE - OK - C:\WINDOWS\system32\USER32.dll
             ClientRegisterDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             ClientRevokeDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTMENUGETOBJECT - OK - C:\WINDOWS\system32\USER32.dll
             ClientPrinterThunk - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPCOMBOBOXINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPSCROLLBARINFO - OK - C:\WINDOWS\system32\USER32.dll

------------------------------------------------------------------------------------------

      Image File Name[512 svchost.exe]KernelCallbackTable
             fnCOPYDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnCOPYGLOBALDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnNCDESTROY - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORDOPTINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTDRAG - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINCNTOUTSTRING - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCOMPAREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDELETEITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDRAWITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPMDICREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPMEASUREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPWINDOWPOS - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPPOINT5 - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNCCALCSIZE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINPAINTCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSIZECLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINDESTROYCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINDEVICECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNEXTMENU - OK - C:\WINDOWS\system32\USER32.dll
             fnLOGONNOTIFY - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTDWORDINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnSENTDDEMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTSTYLECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTACTIVATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPDEBUGHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMOUSEHOOKSTRUCTEX - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPKBDLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkOPTINLPEVENTMSG - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientEventCallback - OK - C:\WINDOWS\system32\USER32.dll
             ClientFindMnemChar - OK - C:\WINDOWS\system32\USER32.dll
             ClientFontSweep - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeDDEHandle - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetCharsetInfo - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEFlags - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEHookData - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetListboxString - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetMessageMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadMenu - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLocalT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadRemoteT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientPSMTextOut - OK - C:\WINDOWS\system32\USER32.dll
             ClientLpkDrawTextEx - OK - C:\WINDOWS\system32\USER32.dll
             ClientExtTextOutW - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetTextExtentPointW - OK - C:\WINDOWS\system32\USER32.dll
             ClientCharToWchar - OK - C:\WINDOWS\system32\USER32.dll
             ClientAddFontResourceW - OK - C:\WINDOWS\system32\USER32.dll
             ClientThreadSetup - OK - C:\WINDOWS\system32\USER32.dll
             ClientDeliverUserApc - OK - C:\WINDOWS\system32\USER32.dll
             ClientNoMemoryPopup - OK - C:\WINDOWS\system32\USER32.dll
             ClientMonitorEnumProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientCallWinEventProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientWaitMessageExMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWGetProcModule - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWTask16SchedNotify - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmLoadLayout - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmProcessKey - OK - C:\WINDOWS\system32\USER32.dll
             fnIMECONTROL - OK - C:\WINDOWS\system32\USER32.dll
             fnINWPARAMDBCSCHAR - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPKDRAWSWITCHWND - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadStringW - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadOLE - OK - C:\WINDOWS\system32\USER32.dll
             ClientRegisterDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             ClientRevokeDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTMENUGETOBJECT - OK - C:\WINDOWS\system32\USER32.dll
             ClientPrinterThunk - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPCOMBOBOXINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPSCROLLBARINFO - OK - C:\WINDOWS\system32\USER32.dll

------------------------------------------------------------------------------------------

      Image File Name[576 svchost.exe]KernelCallbackTable
             fnCOPYDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnCOPYGLOBALDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnNCDESTROY - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORDOPTINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTDRAG - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINCNTOUTSTRING - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCOMPAREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDELETEITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDRAWITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPMDICREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPMEASUREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPWINDOWPOS - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPPOINT5 - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNCCALCSIZE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINPAINTCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSIZECLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINDESTROYCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINDEVICECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNEXTMENU - OK - C:\WINDOWS\system32\USER32.dll
             fnLOGONNOTIFY - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTDWORDINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnSENTDDEMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTSTYLECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTACTIVATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPDEBUGHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMOUSEHOOKSTRUCTEX - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPKBDLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkOPTINLPEVENTMSG - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientEventCallback - OK - C:\WINDOWS\system32\USER32.dll
             ClientFindMnemChar - OK - C:\WINDOWS\system32\USER32.dll
             ClientFontSweep - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeDDEHandle - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetCharsetInfo - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEFlags - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEHookData - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetListboxString - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetMessageMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadMenu - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLocalT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadRemoteT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientPSMTextOut - OK - C:\WINDOWS\system32\USER32.dll
             ClientLpkDrawTextEx - OK - C:\WINDOWS\system32\USER32.dll
             ClientExtTextOutW - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetTextExtentPointW - OK - C:\WINDOWS\system32\USER32.dll
             ClientCharToWchar - OK - C:\WINDOWS\system32\USER32.dll
             ClientAddFontResourceW - OK - C:\WINDOWS\system32\USER32.dll
             ClientThreadSetup - OK - C:\WINDOWS\system32\USER32.dll
             ClientDeliverUserApc - OK - C:\WINDOWS\system32\USER32.dll
             ClientNoMemoryPopup - OK - C:\WINDOWS\system32\USER32.dll
             ClientMonitorEnumProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientCallWinEventProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientWaitMessageExMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWGetProcModule - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWTask16SchedNotify - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmLoadLayout - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmProcessKey - OK - C:\WINDOWS\system32\USER32.dll
             fnIMECONTROL - OK - C:\WINDOWS\system32\USER32.dll
             fnINWPARAMDBCSCHAR - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPKDRAWSWITCHWND - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadStringW - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadOLE - OK - C:\WINDOWS\system32\USER32.dll
             ClientRegisterDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             ClientRevokeDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTMENUGETOBJECT - OK - C:\WINDOWS\system32\USER32.dll
             ClientPrinterThunk - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPCOMBOBOXINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPSCROLLBARINFO - OK - C:\WINDOWS\system32\USER32.dll

------------------------------------------------------------------------------------------

      Image File Name[636 svchost.exe]KernelCallbackTable
             fnCOPYDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnCOPYGLOBALDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnNCDESTROY - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORDOPTINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTDRAG - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINCNTOUTSTRING - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCOMPAREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDELETEITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDRAWITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPMDICREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPMEASUREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPWINDOWPOS - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPPOINT5 - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNCCALCSIZE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINPAINTCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSIZECLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINDESTROYCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINDEVICECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNEXTMENU - OK - C:\WINDOWS\system32\USER32.dll
             fnLOGONNOTIFY - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTDWORDINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnSENTDDEMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTSTYLECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTACTIVATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPDEBUGHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMOUSEHOOKSTRUCTEX - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPKBDLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkOPTINLPEVENTMSG - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientEventCallback - OK - C:\WINDOWS\system32\USER32.dll
             ClientFindMnemChar - OK - C:\WINDOWS\system32\USER32.dll
             ClientFontSweep - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeDDEHandle - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetCharsetInfo - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEFlags - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEHookData - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetListboxString - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetMessageMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadMenu - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLocalT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadRemoteT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientPSMTextOut - OK - C:\WINDOWS\system32\USER32.dll
             ClientLpkDrawTextEx - OK - C:\WINDOWS\system32\USER32.dll
             ClientExtTextOutW - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetTextExtentPointW - OK - C:\WINDOWS\system32\USER32.dll
             ClientCharToWchar - OK - C:\WINDOWS\system32\USER32.dll
             ClientAddFontResourceW - OK - C:\WINDOWS\system32\USER32.dll
             ClientThreadSetup - OK - C:\WINDOWS\system32\USER32.dll
             ClientDeliverUserApc - OK - C:\WINDOWS\system32\USER32.dll
             ClientNoMemoryPopup - OK - C:\WINDOWS\system32\USER32.dll
             ClientMonitorEnumProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientCallWinEventProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientWaitMessageExMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWGetProcModule - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWTask16SchedNotify - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmLoadLayout - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmProcessKey - OK - C:\WINDOWS\system32\USER32.dll
             fnIMECONTROL - OK - C:\WINDOWS\system32\USER32.dll
             fnINWPARAMDBCSCHAR - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPKDRAWSWITCHWND - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadStringW - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadOLE - OK - C:\WINDOWS\system32\USER32.dll
             ClientRegisterDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             ClientRevokeDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTMENUGETOBJECT - OK - C:\WINDOWS\system32\USER32.dll
             ClientPrinterThunk - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPCOMBOBOXINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPSCROLLBARINFO - OK - C:\WINDOWS\system32\USER32.dll

------------------------------------------------------------------------------------------

      Image File Name[692 svchost.exe]KernelCallbackTable
             fnCOPYDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnCOPYGLOBALDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnNCDESTROY - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORDOPTINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTDRAG - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINCNTOUTSTRING - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCOMPAREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDELETEITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDRAWITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPMDICREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPMEASUREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPWINDOWPOS - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPPOINT5 - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNCCALCSIZE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINPAINTCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSIZECLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINDESTROYCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINDEVICECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNEXTMENU - OK - C:\WINDOWS\system32\USER32.dll
             fnLOGONNOTIFY - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTDWORDINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnSENTDDEMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTSTYLECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTACTIVATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPDEBUGHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMOUSEHOOKSTRUCTEX - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPKBDLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkOPTINLPEVENTMSG - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientEventCallback - OK - C:\WINDOWS\system32\USER32.dll
             ClientFindMnemChar - OK - C:\WINDOWS\system32\USER32.dll
             ClientFontSweep - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeDDEHandle - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetCharsetInfo - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEFlags - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEHookData - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetListboxString - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetMessageMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadMenu - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLocalT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadRemoteT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientPSMTextOut - OK - C:\WINDOWS\system32\USER32.dll
             ClientLpkDrawTextEx - OK - C:\WINDOWS\system32\USER32.dll
             ClientExtTextOutW - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetTextExtentPointW - OK - C:\WINDOWS\system32\USER32.dll
             ClientCharToWchar - OK - C:\WINDOWS\system32\USER32.dll
             ClientAddFontResourceW - OK - C:\WINDOWS\system32\USER32.dll
             ClientThreadSetup - OK - C:\WINDOWS\system32\USER32.dll
             ClientDeliverUserApc - OK - C:\WINDOWS\system32\USER32.dll
             ClientNoMemoryPopup - OK - C:\WINDOWS\system32\USER32.dll
             ClientMonitorEnumProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientCallWinEventProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientWaitMessageExMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWGetProcModule - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWTask16SchedNotify - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmLoadLayout - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmProcessKey - OK - C:\WINDOWS\system32\USER32.dll
             fnIMECONTROL - OK - C:\WINDOWS\system32\USER32.dll
             fnINWPARAMDBCSCHAR - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPKDRAWSWITCHWND - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadStringW - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadOLE - OK - C:\WINDOWS\system32\USER32.dll
             ClientRegisterDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             ClientRevokeDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTMENUGETOBJECT - OK - C:\WINDOWS\system32\USER32.dll
             ClientPrinterThunk - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPCOMBOBOXINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPSCROLLBARINFO - OK - C:\WINDOWS\system32\USER32.dll

------------------------------------------------------------------------------------------

      Image File Name[960 explorer.exe]KernelCallbackTable
             fnCOPYDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnCOPYGLOBALDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnNCDESTROY - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORDOPTINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTDRAG - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINCNTOUTSTRING - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCOMPAREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDELETEITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDRAWITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPMDICREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPMEASUREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPWINDOWPOS - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPPOINT5 - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNCCALCSIZE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINPAINTCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSIZECLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINDESTROYCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINDEVICECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNEXTMENU - OK - C:\WINDOWS\system32\USER32.dll
             fnLOGONNOTIFY - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTDWORDINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnSENTDDEMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTSTYLECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTACTIVATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPDEBUGHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMOUSEHOOKSTRUCTEX - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPKBDLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkOPTINLPEVENTMSG - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientEventCallback - OK - C:\WINDOWS\system32\USER32.dll
             ClientFindMnemChar - OK - C:\WINDOWS\system32\USER32.dll
             ClientFontSweep - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeDDEHandle - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetCharsetInfo - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEFlags - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEHookData - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetListboxString - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetMessageMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadMenu - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLocalT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadRemoteT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientPSMTextOut - OK - C:\WINDOWS\system32\USER32.dll
             ClientLpkDrawTextEx - OK - C:\WINDOWS\system32\USER32.dll
             ClientExtTextOutW - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetTextExtentPointW - OK - C:\WINDOWS\system32\USER32.dll
             ClientCharToWchar - OK - C:\WINDOWS\system32\USER32.dll
             ClientAddFontResourceW - OK - C:\WINDOWS\system32\USER32.dll
             ClientThreadSetup - OK - C:\WINDOWS\system32\USER32.dll
             ClientDeliverUserApc - OK - C:\WINDOWS\system32\USER32.dll
             ClientNoMemoryPopup - OK - C:\WINDOWS\system32\USER32.dll
             ClientMonitorEnumProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientCallWinEventProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientWaitMessageExMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWGetProcModule - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWTask16SchedNotify - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmLoadLayout - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmProcessKey - OK - C:\WINDOWS\system32\USER32.dll
             fnIMECONTROL - OK - C:\WINDOWS\system32\USER32.dll
             fnINWPARAMDBCSCHAR - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPKDRAWSWITCHWND - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadStringW - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadOLE - OK - C:\WINDOWS\system32\USER32.dll
             ClientRegisterDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             ClientRevokeDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTMENUGETOBJECT - OK - C:\WINDOWS\system32\USER32.dll
             ClientPrinterThunk - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPCOMBOBOXINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPSCROLLBARINFO - OK - C:\WINDOWS\system32\USER32.dll

------------------------------------------------------------------------------------------

      Image File Name[1260 XueTr.exe]KernelCallbackTable
             fnCOPYDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnCOPYGLOBALDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnNCDESTROY - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORDOPTINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTDRAG - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINCNTOUTSTRING - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCOMPAREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDELETEITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDRAWITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPMDICREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPMEASUREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPWINDOWPOS - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPPOINT5 - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNCCALCSIZE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINPAINTCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSIZECLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINDESTROYCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINDEVICECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNEXTMENU - OK - C:\WINDOWS\system32\USER32.dll
             fnLOGONNOTIFY - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTDWORDINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnSENTDDEMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTSTYLECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTACTIVATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPDEBUGHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMOUSEHOOKSTRUCTEX - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPKBDLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkOPTINLPEVENTMSG - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientEventCallback - OK - C:\WINDOWS\system32\USER32.dll
             ClientFindMnemChar - OK - C:\WINDOWS\system32\USER32.dll
             ClientFontSweep - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeDDEHandle - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetCharsetInfo - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEFlags - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEHookData - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetListboxString - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetMessageMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadMenu - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLocalT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadRemoteT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientPSMTextOut - OK - C:\WINDOWS\system32\USER32.dll
             ClientLpkDrawTextEx - OK - C:\WINDOWS\system32\USER32.dll
             ClientExtTextOutW - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetTextExtentPointW - OK - C:\WINDOWS\system32\USER32.dll
             ClientCharToWchar - OK - C:\WINDOWS\system32\USER32.dll
             ClientAddFontResourceW - OK - C:\WINDOWS\system32\USER32.dll
             ClientThreadSetup - OK - C:\WINDOWS\system32\USER32.dll
             ClientDeliverUserApc - OK - C:\WINDOWS\system32\USER32.dll
             ClientNoMemoryPopup - OK - C:\WINDOWS\system32\USER32.dll
             ClientMonitorEnumProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientCallWinEventProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientWaitMessageExMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWGetProcModule - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWTask16SchedNotify - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmLoadLayout - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmProcessKey - OK - C:\WINDOWS\system32\USER32.dll
             fnIMECONTROL - OK - C:\WINDOWS\system32\USER32.dll
             fnINWPARAMDBCSCHAR - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPKDRAWSWITCHWND - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadStringW - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadOLE - OK - C:\WINDOWS\system32\USER32.dll
             ClientRegisterDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             ClientRevokeDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTMENUGETOBJECT - OK - C:\WINDOWS\system32\USER32.dll
             ClientPrinterThunk - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPCOMBOBOXINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPSCROLLBARINFO - OK - C:\WINDOWS\system32\USER32.dll

------------------------------------------------------------------------------------------

      Image File Name[0 Idle]KernelCallbackTable

==========================================================================================

Port

       Nothing

==========================================================================================

Tcpip

       Nothing

==========================================================================================

IE Plugin

       Browser Helper Objects - IDMIEHlprObj Class - C:\Program Files\Internet Download Manager\IDMIECC.dll - Tonec Inc. - {0055C089-8582-441B-A0BF-17B458C2A3A8}
       Browser Helper Objects - Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll - Adobe Systems Incorporated - {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
       Browser Helper Objects - WebTransBHO Class - C:\Documents and Settings\All Users\Data aplikac\LangSoft\WebIE.dll -  - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853}
       Browser Helper Objects - Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll - Microsoft Corporation - {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
       Browser Helper Objects - Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll - Sun Microsystems, Inc. - {DBC80044-A445-435b-BC74-9C25C1C588A9}
       Browser Helper Objects - JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll - Sun Microsystems, Inc. - {E7E6F031-17CE-4C07-BC86-EABFE594F69C}
       Browser Extensions - Odeslat do aplikace OneNote -  -  - {2670000A-7350-4f3c-8081-5663EE0C6C49}
       Browser Extensions - Run WinHTTrack -  -  - {36ECAF82-3300-8F84-092E-AFF36D6C7040}
       Browser Extensions - WebTran -  -  - {7E6A20FB-153F-402c-A84B-1A64E1955D3D}
       Browser Extensions - Research -  -  - {92780B25-18CC-41C8-B9BE-3C9C571A8263}
       Browser Extensions -  -  -  - {BFC32E1D-EE75-4A48-BC60-104E11EE2431}
       Browser Extensions -  -  -  - {CC963627-B1DC-40E0-B52A-CF21EE748449}
       Browser Extensions -  -  -  - {CC963627-B1DC-40E0-B52A-CF21EE748450}
       Browser Extensions -  -  -  - {CC963627-B1DC-40E0-B52A-CF21EE748451}
       Browser Extensions -  -  -  - {CC963627-B1DC-40E0-B52A-CF21EE748452}
       Browser Extensions -  - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe - Microsoft Corporation - {e2e2dd38-d088-4134-82b7-f2ba38496583}
       Browser Extensions - ICQ6 - C:\Program Files\ICQ6.5\ICQ.exe - ICQ, LLC. - {E59EB121-F339-4851-A3BA-FE49C35617C2}
       ToolBar - WebTranslator - C:\Documents and Settings\All Users\Data aplikac\LangSoft\WebIE.dll -  - {BFC32E1D-EE75-4A48-BC60-104E11EE2431}
       URLSearchHooks - Microsoft Url Search Hook - C:\WINDOWS\system32\ieframe.dll - Microsoft Corporation - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
       ActiveX -  -  -  - {000123B4-9B42-4900-B3F7-F4B073EFC214}
       ActiveX - IDMIEHlprObj Class - C:\Program Files\Internet Download Manager\IDMIECC.dll - Tonec Inc. - {0055C089-8582-441B-A0BF-17B458C2A3A8}
       ActiveX - Outlook Today's Data-binding control - C:\Program Files\Microsoft Office\Office12\OUTLCTL.DLL -  - {0468C085-CA5B-11D0-AF08-00609797F0E0}
       ActiveX - Office Genuine Advantage Validation Tool -  -  - {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}
       ActiveX -  -  -  - {0F7195C2-6713-4D93-A1BC-DA5FA33F0A65}
       ActiveX - Windows Genuine Advantage Validation Tool - C:\WINDOWS\system32\LegitCheckControl.DLL -  - {17492023-C23A-453E-A040-C7C580BBF700}
       ActiveX - Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll - Adobe Systems Incorporated - {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
       ActiveX - Veetle TV Core - C:\Program Files\Veetle\plugins\Veetle.ocx - Veetle Inc - {1EB0FE44-B210-47FE-BADE-04D617312B39}
       ActiveX -  -  -  - {1EF681F7-A04B-4D6D-9012-A307CCA55610}
       ActiveX -  -  -  - {219C3416-8CB2-491A-A3C7-D9FCDDC9D600}
       ActiveX - Windows Media Player - C:\WINDOWS\system32\wmpdxm.dll - Microsoft Corporation - {22D6F312-B0F6-11D0-94AB-0080C74C7E95}
       ActiveX - HTML Document - C:\WINDOWS\system32\mshtml.dll - Microsoft Corporation - {25336920-03F9-11CF-8FD0-00AA00686F13}
       ActiveX -  -  -  - {2670000A-7350-4F3C-8081-5663EE0C6C49}
       ActiveX - XML DOM Document - C:\WINDOWS\system32\msxml3.dll - Microsoft Corporation - {2933BF90-7B36-11D2-B20E-00C04F983E60}
       ActiveX - WebTransBHO Class - C:\Documents and Settings\All Users\Data aplikac\LangSoft\WebIE.dll -  - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853}
       ActiveX -  -  -  - {32C3FEAE-0877-4767-8C20-62A5829A0945}
       ActiveX -  -  -  - {36ECAF82-3300-8F84-092E-AFF36D6C7040}
       ActiveX - QuickTime Object - C:\Program Files\QuickTime\QTPlugin.ocx - Apple Inc. - {4063BE15-3B08-470D-A0D5-B37161CFFD69}
       ActiveX -  -  -  - {4248FE82-7FCB-46AC-B270-339F08212110}
       ActiveX -  -  -  - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}
       ActiveX - WUWebControl Class - C:\WINDOWS\system32\wuweb.dll - Microsoft Corporation - {6414512B-B978-451D-A0D8-FCFDF33E833C}
       ActiveX - Windows Media Player - C:\WINDOWS\system32\wmp.dll - Microsoft Corporation - {6BF52A52-394A-11D3-B153-00C04F79FAA6}
       ActiveX - MUWebControl Class - C:\WINDOWS\system32\muweb.dll - Microsoft Corporation - {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
       ActiveX - Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll - Microsoft Corporation - {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
       ActiveX - IDMDwnlMgr Class - C:\Program Files\Internet Download Manager\downlWithIDM.dll - Tonec Inc. - {7D11E719-FF90-479C-B0D7-96EB43EE55D7}
       ActiveX - ToolBarButton Class - C:\Documents and Settings\All Users\Data aplikac\LangSoft\WebIE.dll -  - {7E6A20FB-153F-402C-A84B-1A64E1955D3D}
       ActiveX - WebSDev Control - C:\Program Files\MSI\MSIWDev\WebSDev.ocx - MICRO-STAR INT'L CO., LTD. - {8167C273-DF59-4416-B647-C8BB2C7EE83E}
       ActiveX - Microsoft Web Browser - C:\WINDOWS\system32\ieframe.dll - Microsoft Corporation - {8856F961-340A-11D0-A96B-00C04FD705A2}
       ActiveX - Veetle TV Player 0.9.18 - C:\Program Files\Veetle\Player\axvlc.dll -  - {8A4227BF-0CC2-4EEF-B076-DAFFF941EEA5}
       ActiveX -  -  -  - {9030D464-4C02-4ABF-8ECC-5164760863C6}
       ActiveX -  -  -  - {92780B25-18CC-41C8-B9BE-3C9C571A8263}
       ActiveX - VideoLAN VLC ActiveX Plugin v2 - C:\Program Files\VideoLAN\VLC\axvlc.dll -  - {9BE31822-FDAD-461B-AD51-BE1D1C159921}
       ActiveX - WebTranslator - C:\Documents and Settings\All Users\Data aplikac\LangSoft\WebIE.dll -  - {BFC32E1D-EE75-4A48-BC60-104E11EE2431}
       ActiveX -  -  -  - {C98FE784-B96E-41e1-8399-1337AE3E539F}
       ActiveX - Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll - Adobe Systems, Inc. - {CA8A9780-280D-11CF-A24D-444553540000}
       ActiveX - MenuItem3 Class - C:\Documents and Settings\All Users\Data aplikac\LangSoft\WebIE.dll -  - {CC963627-B1DC-40E0-B52A-CF21EE748449}
       ActiveX - MenuItem4 Class - C:\Documents and Settings\All Users\Data aplikac\LangSoft\WebIE.dll -  - {CC963627-B1DC-40E0-B52A-CF21EE748450}
       ActiveX - MenuItem2 Class - C:\Documents and Settings\All Users\Data aplikac\LangSoft\WebIE.dll -  - {CC963627-B1DC-40E0-B52A-CF21EE748451}
       ActiveX - MenuItem1 Class - C:\Documents and Settings\All Users\Data aplikac\LangSoft\WebIE.dll -  - {CC963627-B1DC-40E0-B52A-CF21EE748452}
       ActiveX -  -  -  - {CCF151D8-D089-449F-A5A4-D9909053F20F}
       ActiveX - Microsoft Url Search Hook - C:\WINDOWS\system32\ieframe.dll - Microsoft Corporation - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
       ActiveX - RealPlayer G2 Control - C:\WINDOWS\system32\rmoc3260.dll - RealNetworks, Inc. - {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}
       ActiveX - Shockwave Flash Object - C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx - Adobe Systems, Inc. - {D27CDB6E-AE6D-11CF-96B8-444553540000}
       ActiveX - Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll - Sun Microsystems, Inc. - {DBC80044-A445-435B-BC74-9C25C1C588A9}
       ActiveX -  -  -  - {E2E2DD38-D088-4134-82B7-F2BA38496583}
       ActiveX -  -  -  - {E33CF602-D945-461A-83F0-819F76A199F8}
       ActiveX -  -  -  - {E59EB121-F339-4851-A3BA-FE49C35617C2}
       ActiveX -  -  -  - {E601996F-E400-41CA-804B-CD6373A7EEE2}
       ActiveX - JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll - Sun Microsystems, Inc. - {E7E6F031-17CE-4C07-BC86-EABFE594F69C}
       ActiveX - XML HTTP Request - C:\WINDOWS\system32\msxml3.dll - Microsoft Corporation - {ED8C108E-4349-11D2-91A4-00C04F7969E8}
       ActiveX - XML HTTP - C:\WINDOWS\system32\msxml3.dll - Microsoft Corporation - {F6D90F16-9C73-11D3-B32E-00C04F990BB4}
       ActiveX -  -  -  - {FB5F1910-F110-11D2-BB9E-00C04F795683}
       ActiveX -  -  -  - {FE063DB9-4EC0-403E-8DD8-394C54984B2C}
       Distribution Units - OGACheckControl.DLL - C:\WINDOWS\system32\OGACheckControl.DLL - File not found - {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}
       Distribution Units - LegitCheckControl.DLL - C:\WINDOWS\system32\LegitCheckControl.DLL -  - {17492023-C23A-453E-A040-C7C580BBF700}
       Distribution Units - wuweb.dll - C:\WINDOWS\system32\wuweb.dll - Microsoft Corporation - {6414512B-B978-451D-A0D8-FCFDF33E833C}
       Distribution Units - muweb.dll - C:\WINDOWS\system32\muweb.dll - Microsoft Corporation - {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
       Distribution Units - WebSDev.ocx - C:\Program Files\MSI\MSIWDev\WebSDev.ocx - MICRO-STAR INT'L CO., LTD. - {8167C273-DF59-4416-B647-C8BB2C7EE83E}
       Distribution Units - npjpi160_15.dll - C:\Program Files\Java\jre6\bin\npjpi160_15.dll - Sun Microsystems, Inc. - {8AD9C840-044E-11D1-B3E9-00805F499D93}
       Distribution Units - npjpi160_15.dll - C:\Program Files\Java\jre6\bin\npjpi160_15.dll - Sun Microsystems, Inc. - {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
       Distribution Units - npjpi160_15.dll - C:\Program Files\Java\jre6\bin\npjpi160_15.dll - Sun Microsystems, Inc. - {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

==========================================================================================

IE Shell

       E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
       Sthnout s IDM - C:\Program Files\Internet Download Manager\IEExt.htm
       Sthnout s IDM obsah FLV videa - C:\Program Files\Internet Download Manager\IEGetVL.htm
       Sthnout s IDM vechny odkazy - C:\Program Files\Internet Download Manager\IEGetAll.htm

==========================================================================================

Spi

       AVSDA over [MSAFD Tcpip [TCP/IP]] - C:\Program Files\Avira\AntiVir Desktop\avsda.dll - Avira Operations GmbH & Co. KG - {D2456C42-6D8E-42DD-B6EF-98B50A3D4665}
       AVSDA over [MSAFD Tcpip [UDP/IP]] - C:\Program Files\Avira\AntiVir Desktop\avsda.dll - Avira Operations GmbH & Co. KG - {D2456C42-6D8E-42DD-B6EF-98B50A3D4666}
       MSAFD Tcpip [TCP/IP] - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation - {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
       MSAFD Tcpip [UDP/IP] - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation - {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
       MSAFD Tcpip [RAW/IP] - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation - {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
       RSVP UDP Service Provider - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation - {9D60A9E0-337A-11D0-BD88-0000C082E69A}
       RSVP TCP Service Provider - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation - {9D60A9E0-337A-11D0-BD88-0000C082E69A}
       MSAFD RfComm [Bluetooth] - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation - {9FC48064-7298-43E4-B7BD-181F2089792A}
       AVSDA - C:\Program Files\Avira\AntiVir Desktop\avsda.dll - Avira Operations GmbH & Co. KG - {14072000-1136-5503-4156-504F504C5350}
       MSAFD NetBIOS [\Device\NetBT_Tcpip_{7765FEA1-E5E8-4560-A532-CE1E5DC90369}] SEQPACKET 15 - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation - {8D5F1830-C273-11CF-95C8-00805F48A192}
       MSAFD NetBIOS [\Device\NetBT_Tcpip_{7765FEA1-E5E8-4560-A532-CE1E5DC90369}] DATAGRAM 15 - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation - {8D5F1830-C273-11CF-95C8-00805F48A192}
       MSAFD NetBIOS [\Device\NetBT_Tcpip_{40F37D6C-4AC1-4F87-A201-6127A0E7B808}] SEQPACKET 14 - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation - {8D5F1830-C273-11CF-95C8-00805F48A192}
       MSAFD NetBIOS [\Device\NetBT_Tcpip_{40F37D6C-4AC1-4F87-A201-6127A0E7B808}] DATAGRAM 14 - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation - {8D5F1830-C273-11CF-95C8-00805F48A192}
       MSAFD NetBIOS [\Device\NetBT_Tcpip_{FE77B4C8-DBD8-4F67-9C16-432985EBD151}] SEQPACKET 13 - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation - {8D5F1830-C273-11CF-95C8-00805F48A192}
       MSAFD NetBIOS [\Device\NetBT_Tcpip_{FE77B4C8-DBD8-4F67-9C16-432985EBD151}] DATAGRAM 13 - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation - {8D5F1830-C273-11CF-95C8-00805F48A192}
       MSAFD NetBIOS [\Device\NetBT_Tcpip_{D4EBD905-E0CF-45C1-8415-CAAF6EE315BD}] SEQPACKET 12 - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation - {8D5F1830-C273-11CF-95C8-00805F48A192}
       MSAFD NetBIOS [\Device\NetBT_Tcpip_{D4EBD905-E0CF-45C1-8415-CAAF6EE315BD}] DATAGRAM 12 - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation - {8D5F1830-C273-11CF-95C8-00805F48A192}
       MSAFD NetBIOS [\Device\NetBT_Tcpip_{F314C0CA-8CBB-49BF-9807-0C999D3659E3}] SEQPACKET 11 - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation - {8D5F1830-C273-11CF-95C8-00805F48A192}
       MSAFD NetBIOS [\Device\NetBT_Tcpip_{F314C0CA-8CBB-49BF-9807-0C999D3659E3}] DATAGRAM 11 - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation - {8D5F1830-C273-11CF-95C8-00805F48A192}
       MSAFD NetBIOS [\Device\NetBT_Tcpip_{48830C03-7838-4A4F-B066-B7EE61F8310B}] SEQPACKET 10 - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation - {8D5F1830-C273-11CF-95C8-00805F48A192}
       MSAFD NetBIOS [\Device\NetBT_Tcpip_{48830C03-7838-4A4F-B066-B7EE61F8310B}] DATAGRAM 10 - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation - {8D5F1830-C273-11CF-95C8-00805F48A192}
       MSAFD NetBIOS [\Device\NetBT_Tcpip_{6B6D412A-FCBA-459E-ACFF-0171232E6586}] SEQPACKET 9 - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation - {8D5F1830-C273-11CF-95C8-00805F48A192}
       MSAFD NetBIOS [\Device\NetBT_Tcpip_{6B6D412A-FCBA-459E-ACFF-0171232E6586}] DATAGRAM 9 - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation - {8D5F1830-C273-11CF-95C8-00805F48A192}
       MSAFD NetBIOS [\Device\NetBT_Tcpip_{95975C78-34FB-412E-9CC1-2E79EEA240E5}] SEQPACKET 8 - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation - {8D5F1830-C273-11CF-95C8-00805F48A192}
       MSAFD NetBIOS [\Device\NetBT_Tcpip_{95975C78-34FB-412E-9CC1-2E79EEA240E5}] DATAGRAM 8 - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation - {8D5F1830-C273-11CF-95C8-00805F48A192}
       MSAFD NetBIOS [\Device\NetBT_Tcpip_{A626BC68-CEE0-41CA-9781-89EEE05905DC}] SEQPACKET 7 - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation - {8D5F1830-C273-11CF-95C8-00805F48A192}
       MSAFD NetBIOS [\Device\NetBT_Tcpip_{A626BC68-CEE0-41CA-9781-89EEE05905DC}] DATAGRAM 7 - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation - {8D5F1830-C273-11CF-95C8-00805F48A192}
       MSAFD NetBIOS [\Device\NetBT_Tcpip_{57A40C09-E7F5-4921-9C47-C9680AC7E630}] SEQPACKET 6 - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation - {8D5F1830-C273-11CF-95C8-00805F48A192}
       MSAFD NetBIOS [\Device\NetBT_Tcpip_{57A40C09-E7F5-4921-9C47-C9680AC7E630}] DATAGRAM 6 - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation - {8D5F1830-C273-11CF-95C8-00805F48A192}
       MSAFD NetBIOS [\Device\NetBT_Tcpip_{4F61BFF6-1AFC-41C9-AA1C-CD31DE0A0066}] SEQPACKET 5 - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation - {8D5F1830-C273-11CF-95C8-00805F48A192}
       MSAFD NetBIOS [\Device\NetBT_Tcpip_{4F61BFF6-1AFC-41C9-AA1C-CD31DE0A0066}] DATAGRAM 5 - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation - {8D5F1830-C273-11CF-95C8-00805F48A192}
       MSAFD NetBIOS [\Device\NetBT_Tcpip_{35910060-59CC-4D9F-8999-64910B20DAB0}] SEQPACKET 4 - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation - {8D5F1830-C273-11CF-95C8-00805F48A192}
       MSAFD NetBIOS [\Device\NetBT_Tcpip_{35910060-59CC-4D9F-8999-64910B20DAB0}] DATAGRAM 4 - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation - {8D5F1830-C273-11CF-95C8-00805F48A192}
       MSAFD NetBIOS [\Device\NetBT_Tcpip_{FAA51BB8-09A4-4FA4-83B3-97D62A8EE888}] SEQPACKET 3 - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation - {8D5F1830-C273-11CF-95C8-00805F48A192}
       MSAFD NetBIOS [\Device\NetBT_Tcpip_{FAA51BB8-09A4-4FA4-83B3-97D62A8EE888}] DATAGRAM 3 - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation - {8D5F1830-C273-11CF-95C8-00805F48A192}
       MSAFD NetBIOS [\Device\NetBT_Tcpip_{CAD7BB5E-0A79-4004-8703-933C136520E3}] SEQPACKET 0 - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation - {8D5F1830-C273-11CF-95C8-00805F48A192}
       MSAFD NetBIOS [\Device\NetBT_Tcpip_{CAD7BB5E-0A79-4004-8703-933C136520E3}] DATAGRAM 0 - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation - {8D5F1830-C273-11CF-95C8-00805F48A192}
       MSAFD NetBIOS [\Device\NetBT_Tcpip_{0767B9B0-6786-402A-8E45-945121BD421F}] SEQPACKET 1 - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation - {8D5F1830-C273-11CF-95C8-00805F48A192}
       MSAFD NetBIOS [\Device\NetBT_Tcpip_{0767B9B0-6786-402A-8E45-945121BD421F}] DATAGRAM 1 - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation - {8D5F1830-C273-11CF-95C8-00805F48A192}
       MSAFD NetBIOS [\Device\NetBT_Tcpip_{2C4A40B7-4B2D-43DE-9A8C-E0F329EF7FE3}] SEQPACKET 2 - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation - {8D5F1830-C273-11CF-95C8-00805F48A192}
       MSAFD NetBIOS [\Device\NetBT_Tcpip_{2C4A40B7-4B2D-43DE-9A8C-E0F329EF7FE3}] DATAGRAM 2 - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation - {8D5F1830-C273-11CF-95C8-00805F48A192}
       Tcpip - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation
       NTDS - C:\WINDOWS\system32\winrnr.dll - Microsoft Corporation
       Obor nzv sluby Sledovn umstn v sti (NLA) - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation
       mdnsNSP - C:\Program Files\Bonjour\mdnsNSP.dll - Apple Inc.
       Obor nzv Bluetooth - C:\WINDOWS\system32\wshbth.dll - Microsoft Corporation

==========================================================================================

Hosts File

       127.0.0.1       localhost


==========================================================================================

Startup

       RTHDCPL - C:\WINDOWS\RTHDCPL.EXE - Realtek Semiconductor Corp. - [\Registry\Machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RTHDCPL]
       SkyTel - C:\WINDOWS\SkyTel.EXE - Realtek Semiconductor Corp. - [\Registry\Machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SkyTel]
       BluetoothAuthenticationAgent - C:\WINDOWS\system32\bthprops.cpl - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BluetoothAuthenticationAgent]
       StartCCC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe - Advanced Micro Devices, Inc. - [\Registry\Machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Run StartCCC]
       avgnt - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe - Avira Operations GmbH & Co. KG - [\Registry\Machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Run avgnt]
       GrooveMonitor - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Run GrooveMonitor]
       Infium - C:\Documents and Settings\Mike\Dokumenty\QIP Infium\infium.exe - QIP - [\REGISTRY\USER\S-1-5-21-1390067357-963894560-1644491937-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Infium]
       wdmaud.drv - C:\WINDOWS\system32\wdmaud.drv - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32 aux]
       Shell - Explorer.exe - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Shell]
       UIHost - C:\WINDOWS\system32\logonui.exe - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon UIHost]
       Userinit - C:\WINDOWS\system32\userinit.exe - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Userinit]
       !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - SUPERAntiSpyware.com - [\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon DllName]
       AtiExtEvent - C:\WINDOWS\system32\Ati2evxx.dll - ATI Technologies Inc. - [\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent DllName]
       crypt32chain - C:\WINDOWS\system32\crypt32.dll - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain DllName]
       cryptnet - C:\WINDOWS\system32\cryptnet.dll - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet DllName]
       cscdll - C:\WINDOWS\system32\cscdll.dll - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll DllName]
       dimsntfy - C:\WINDOWS\system32\dimsntfy.dll - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy DllName]
       ScCertProp - C:\WINDOWS\system32\wlnotify.dll - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp DllName]
       Schedule - C:\WINDOWS\system32\wlnotify.dll - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule DllName]
       sclgntfy - C:\WINDOWS\system32\sclgntfy.dll - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy DllName]
       SensLogn - C:\WINDOWS\system32\WlNotify.dll - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn DllName]
       termsrv - C:\WINDOWS\system32\wlnotify.dll - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv DllName]
       WgaLogon - C:\WINDOWS\system32\WgaLogon.dll -  - [\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon DllName]
       wlballoon - C:\WINDOWS\system32\wlnotify.dll - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon DllName]
       WebCheck - C:\WINDOWS\system32\webcheck.dll - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad WebCheck]
       WPDShServiceObj - C:\WINDOWS\system32\WPDShServiceObj.dll - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad WPDShServiceObj]
       PostBootReminder - C:\WINDOWS\system32\shell32.dll - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad PostBootReminder]
       CDBurn - C:\WINDOWS\system32\shell32.dll - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad CDBurn]
       SysTray - C:\WINDOWS\system32\stobject.dll - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad SysTray]
       GrooveShellExtensions.dll({B5A7F190-DDA6-4420-B3BA-52453494E6CD}) - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks {B5A7F190-DDA6-4420-B3BA-52453494E6CD}]
       SASSEH.DLL({5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}) - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL - SuperAdBlocker.com - [\Registry\Machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}]
       browseui.dll({438755C2-A8BA-11D1-B96B-00A0C90312E1}) - C:\WINDOWS\system32\browseui.dll - Spolenost Microsoft - [\Registry\Machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler {438755C2-A8BA-11D1-B96B-00A0C90312E1}]
       browseui.dll({8C7461EF-2B13-11d2-BE35-3078302C2030}) - C:\WINDOWS\system32\browseui.dll - Spolenost Microsoft - [\Registry\Machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler {8C7461EF-2B13-11d2-BE35-3078302C2030}]
       BJ Language Monitor - C:\WINDOWS\system32\cnbjmon.dll - Microsoft Corporation - [\Registry\Machine\SYSTEM\CurrentControlSet\Control\Print\Monitors BJ Language Monitor]
       Local Port - C:\WINDOWS\system32\localspl.dll - Microsoft Corporation - [\Registry\Machine\SYSTEM\CurrentControlSet\Control\Print\Monitors Local Port]
       PJL Language Monitor - C:\WINDOWS\system32\pjlmon.dll - Microsoft Corporation - [\Registry\Machine\SYSTEM\CurrentControlSet\Control\Print\Monitors PJL Language Monitor]
       Send To Microsoft OneNote Monitor - C:\WINDOWS\system32\msonpmon.dll - Microsoft Corporation - [\Registry\Machine\SYSTEM\CurrentControlSet\Control\Print\Monitors Send To Microsoft OneNote Monitor]
       Standard TCP/IP Port - C:\WINDOWS\system32\tcpmon.dll - Microsoft Corporation - [\Registry\Machine\SYSTEM\CurrentControlSet\Control\Print\Monitors Standard TCP/IP Port]
       USB Monitor - C:\WINDOWS\system32\usbmon.dll - Microsoft Corporation - [\Registry\Machine\SYSTEM\CurrentControlSet\Control\Print\Monitors USB Monitor]
       Internet Print Provider - C:\WINDOWS\system32\inetpp.dll - Microsoft Corporation - [\Registry\Machine\SYSTEM\CurrentControlSet\Control\Print\Providers Internet Print Provider]
       LanMan Print Services - C:\WINDOWS\system32\win32spl.dll - Microsoft Corporation - [\Registry\Machine\SYSTEM\CurrentControlSet\Control\Print\Providers LanMan Print Services]
       advapi32 - C:\WINDOWS\system32\advapi32.dll - Microsoft Corporation - [\Registry\Machine\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs advapi32]
       comdlg32 - C:\WINDOWS\system32\comdlg32.dll - Microsoft Corporation - [\Registry\Machine\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs comdlg32]
       gdi32 - C:\WINDOWS\system32\gdi32.dll - Microsoft Corporation - [\Registry\Machine\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs gdi32]
       imagehlp - C:\WINDOWS\system32\imagehlp.dll - Microsoft Corporation - [\Registry\Machine\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs imagehlp]
       kernel32 - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation - [\Registry\Machine\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs kernel32]
       lz32 - C:\WINDOWS\system32\lz32.dll - Microsoft Corporation - [\Registry\Machine\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs lz32]
       ole32 - C:\WINDOWS\system32\ole32.dll - Microsoft Corporation - [\Registry\Machine\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs ole32]
       oleaut32 - C:\WINDOWS\system32\oleaut32.dll - Microsoft Corporation - [\Registry\Machine\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs oleaut32]
       olecli32 - C:\WINDOWS\system32\olecli32.dll - Microsoft Corporation - [\Registry\Machine\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs olecli32]
       olecnv32 - C:\WINDOWS\system32\olecnv32.dll - Microsoft Corporation - [\Registry\Machine\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs olecnv32]
       olesvr32 - C:\WINDOWS\system32\olesvr32.dll - Microsoft Corporation - [\Registry\Machine\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs olesvr32]
       olethk32 - C:\WINDOWS\system32\olethk32.dll - Microsoft Corporation - [\Registry\Machine\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs olethk32]
       rpcrt4 - C:\WINDOWS\system32\rpcrt4.dll - Microsoft Corporation - [\Registry\Machine\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs rpcrt4]
       shell32 - C:\WINDOWS\system32\shell32.dll - Microsoft Corporation - [\Registry\Machine\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs shell32]
       url - C:\WINDOWS\system32\url.dll - Microsoft Corporation - [\Registry\Machine\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs url]
       urlmon - C:\WINDOWS\system32\urlmon.dll - Microsoft Corporation - [\Registry\Machine\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs urlmon]
       user32 - C:\WINDOWS\system32\user32.dll - Microsoft Corporation - [\Registry\Machine\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs user32]
       version - C:\WINDOWS\system32\version.dll - Microsoft Corporation - [\Registry\Machine\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs version]
       wininet - C:\WINDOWS\system32\wininet.dll - Microsoft Corporation - [\Registry\Machine\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs wininet]
       wldap32 - C:\WINDOWS\system32\wldap32.dll - Microsoft Corporation - [\Registry\Machine\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs wldap32]
       7-zip.dll(7-Zip) - D:\Program Files\7-Zip\7-zip.dll - Igor Pavlov - [\Registry\Machine\SOFTWARE\Classes\*\shellex\ContextMenuHandlers 7-Zip]
       CoverEdExtension.dll(Cover Designer) - D:\Program Files\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll - Nero AG - [\Registry\Machine\SOFTWARE\Classes\*\shellex\ContextMenuHandlers Cover Designer]
       FRIntegration.dll(FineReader10ContextMenu) - D:\Program Files\ABBYY FineReader 10\FRIntegration.dll - ABBYY. - [\Registry\Machine\SOFTWARE\Classes\*\shellex\ContextMenuHandlers FineReader10ContextMenu]
       (MediaTagger) -  -  - [\Registry\Machine\SOFTWARE\Classes\*\shellex\ContextMenuHandlers MediaTagger]
       Mp3tagShell32.dll(Mp3tagShell) - d:\Program Files\Mp3tag\Mp3tagShell32.dll - Florian Heidenreich - [\Registry\Machine\SOFTWARE\Classes\*\shellex\ContextMenuHandlers Mp3tagShell]
       (MyPhoneExplorer) -  -  - [\Registry\Machine\SOFTWARE\Classes\*\shellex\ContextMenuHandlers MyPhoneExplorer]
       cscui.dll(Offline Files) - C:\WINDOWS\system32\cscui.dll - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Classes\*\shellex\ContextMenuHandlers Offline Files]
       oodsh.dll(OODefrag) - D:\Program Files\OO Software\Defrag\oodsh.dll - O&O Software GmbH - [\Registry\Machine\SOFTWARE\Classes\*\shellex\ContextMenuHandlers OODefrag]
       shell32.dll(Open With) - C:\WINDOWS\system32\shell32.dll - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Classes\*\shellex\ContextMenuHandlers Open With]
       shell32.dll(Open With EncryptionMenu) - C:\WINDOWS\system32\shell32.dll - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Classes\*\shellex\ContextMenuHandlers Open With EncryptionMenu]
       shlext.dll(Shell Extension for Malware scanning) - C:\Program Files\Avira\AntiVir Desktop\shlext.dll - Avira Operations GmbH & Co. KG - [\Registry\Machine\SOFTWARE\Classes\*\shellex\ContextMenuHandlers Shell Extension for Malware scanning]
       (TuneUp Shredder Shell Extension) -  -  - [\Registry\Machine\SOFTWARE\Classes\*\shellex\ContextMenuHandlers TuneUp Shredder Shell Extension]
       RarExt.dll(WinRAR) - C:\Program Files\WinRAR\RarExt.dll -  - [\Registry\Machine\SOFTWARE\Classes\*\shellex\ContextMenuHandlers WinRAR]
       GrooveShellExtensions.dll(XXX Groove GFS Context Menu Handler XXX) - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Classes\*\shellex\ContextMenuHandlers XXX Groove GFS Context Menu Handler XXX]
       shell32.dll(Send To) - C:\WINDOWS\system32\shell32.dll - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers Send To]
       UnlockerCOM.dll(UnlockerShellExtension) - C:\Program Files\Unlocker\UnlockerCOM.dll -  - [\Registry\Machine\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers UnlockerShellExtension]
       GrooveShellExtensions.dll(XXX Groove GFS Context Menu Handler XXX) - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers XXX Groove GFS Context Menu Handler XXX]
       FRIntegration.dll(FineReader10ContextMenu) - D:\Program Files\ABBYY FineReader 10\FRIntegration.dll - ABBYY. - [\Registry\Machine\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers FineReader10ContextMenu]
       oodsh.dll(OODefrag) - D:\Program Files\OO Software\Defrag\oodsh.dll - O&O Software GmbH - [\Registry\Machine\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers OODefrag]
       shlext.dll(Shell Extension for Malware scanning) - C:\Program Files\Avira\AntiVir Desktop\shlext.dll - Avira Operations GmbH & Co. KG - [\Registry\Machine\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers Shell Extension for Malware scanning]
       UnlockerCOM.dll(UnlockerShellExtension) - C:\Program Files\Unlocker\UnlockerCOM.dll -  - [\Registry\Machine\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers UnlockerShellExtension]
       RarExt.dll(WinRAR) - C:\Program Files\WinRAR\RarExt.dll -  - [\Registry\Machine\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers WinRAR]
       GrooveShellExtensions.dll(XXX Groove GFS Context Menu Handler XXX) - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers XXX Groove GFS Context Menu Handler XXX]
       Aktualizace verze aplikace Internet Explorer(<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}) - C:\WINDOWS\system32\ieudinit.exe - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Active Setup\Installed Components <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
       Windows Media Player(>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}) - C:\WINDOWS\inf\unregmp2.exe - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Active Setup\Installed Components >{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
       Internet Explorer(>{26923b43-4d38-484f-9b9e-de460746276c}) - C:\WINDOWS\system32\ie4uinit.exe - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Active Setup\Installed Components >{26923b43-4d38-484f-9b9e-de460746276c}]
       Browser Customizations(>{60B49E34-C7CC-11D0-8953-00A0C90347FF}) - C:\WINDOWS\system32\iedkcs32.dll - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Active Setup\Installed Components >{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
       Vlastn nastaven prohlee(>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS) - C:\WINDOWS\system32\IEDKCS32.DLL - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Active Setup\Installed Components >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
       Outlook Express(>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}) - C:\WINDOWS\system32\shmgrate.exe - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Active Setup\Installed Components >{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
       ({2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}) -  -  - [\Registry\Machine\SOFTWARE\Microsoft\Active Setup\Installed Components {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
       Microsoft Windows Media Player 6.4({22d6f312-b0f6-11d0-94ab-0080c74c7e95}) -  -  - [\Registry\Machine\SOFTWARE\Microsoft\Active Setup\Installed Components {22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
       Themes Setup({2C7339CF-2B09-4501-B3F3-F3508C9228ED}) - C:\WINDOWS\system32\regsvr32.exe - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Active Setup\Installed Components {2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
       Microsoft Outlook Express 6({44BBA840-CC51-11CF-AAFA-00AA00B6015C}) - C:\Program Files\Outlook Express\setup50.exe - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Active Setup\Installed Components {44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
       NetMeeting 3.01({44BBA842-CC51-11CF-AAFA-00AA00B6015B}) - C:\WINDOWS\system32\advpack.dll - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Active Setup\Installed Components {44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
       Windows Messenger 4.7({5945c046-1e7d-11d1-bc44-00c04fd912be}) - C:\WINDOWS\system32\advpack.dll - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Active Setup\Installed Components {5945c046-1e7d-11d1-bc44-00c04fd912be}]
       Microsoft Windows Media Player 11({6BF52A52-394A-11d3-B153-00C04F79FAA6}) - C:\WINDOWS\system32\advpack.dll - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Active Setup\Installed Components {6BF52A52-394A-11d3-B153-00C04F79FAA6}]
       Adres 6({7790769C-0471-11d2-AF11-00C04FA35D02}) - C:\Program Files\Outlook Express\setup50.exe - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Active Setup\Installed Components {7790769C-0471-11d2-AF11-00C04FA35D02}]
       Aktualizace plochy systmu Windows({89820200-ECBD-11cf-8B85-00AA005B4340}) - C:\WINDOWS\system32\regsvr32.exe - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Active Setup\Installed Components {89820200-ECBD-11cf-8B85-00AA005B4340}]
       Internet Explorer({89820200-ECBD-11cf-8B85-00AA005B4383}) - C:\WINDOWS\system32\ie4uinit.exe - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Active Setup\Installed Components {89820200-ECBD-11cf-8B85-00AA005B4383}]
       ({89B4C1CD-B018-4511-B0A1-5476DBF70820}) - C:\WINDOWS\system32\mscories.dll - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Active Setup\Installed Components {89B4C1CD-B018-4511-B0A1-5476DBF70820}]
       AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe - Apple Inc. - [Task Scheduler]

==========================================================================================

Service

       ABBYY.Licensing.FineReader.Corporate.10.0 - Stopped - Automatic - "C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe" -service - C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe -  - 
       Alerter - Stopped - Disabled - C:\WINDOWS\system32\svchost.exe -k LocalService - C:\WINDOWS\system32\svchost.exe -  - 
       ALG - Stopped - Manual - C:\WINDOWS\system32\alg.exe - C:\WINDOWS\system32\alg.exe -  - 
       AntiVirFirewallService - Stopped - Automatic - "C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe" - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe -  - 
       AntiVirMailService - Stopped - Disabled - "C:\Program Files\Avira\AntiVir Desktop\avmailc.exe" - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -  - 
       AntiVirSchedulerService - Stopped - Automatic - "C:\Program Files\Avira\AntiVir Desktop\sched.exe" - C:\Program Files\Avira\AntiVir Desktop\sched.exe -  - 
       AntiVirService - Stopped - Automatic - "C:\Program Files\Avira\AntiVir Desktop\avguard.exe" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe -  - 
       AntiVirWebService - Stopped - Automatic - "C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE" - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -  - 
       Apple Mobile Device - Stopped - Automatic - "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -  - 
       AppMgmt - Stopped - Manual - C:\WINDOWS\system32\svchost.exe -k netsvcs - C:\WINDOWS\system32\svchost.exe -  - 
       aspnet_state - Stopped - Manual - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -  - 
       Ati HotKey Poller - Stopped - Automatic - C:\WINDOWS\system32\Ati2evxx.exe - C:\WINDOWS\system32\Ati2evxx.exe -  - 
       ATI Smart - Stopped - Automatic - C:\WINDOWS\system32\ati2sgag.exe - C:\WINDOWS\system32\ati2sgag.exe -  - 
       AudioSrv - Stopped - Automatic - C:\WINDOWS\System32\svchost.exe -k netsvcs - C:\WINDOWS\System32\svchost.exe -  - 
       BITS - Stopped - Automatic - C:\WINDOWS\system32\svchost.exe -k netsvcs - C:\WINDOWS\system32\svchost.exe -  - 
       Bonjour Service - Stopped - Automatic - "C:\Program Files\Bonjour\mDNSResponder.exe" - C:\Program Files\Bonjour\mDNSResponder.exe -  - 
       Browser - Stopped - Automatic - C:\WINDOWS\system32\svchost.exe -k netsvcs - C:\WINDOWS\system32\svchost.exe -  - 
       BthServ - Stopped - Automatic - C:\WINDOWS\system32\svchost.exe -k bthsvcs - C:\WINDOWS\system32\svchost.exe -  - 
       CiSvc - Stopped - Manual - C:\WINDOWS\system32\cisvc.exe - C:\WINDOWS\system32\cisvc.exe -  - 
       ClipSrv - Stopped - Manual - C:\WINDOWS\system32\clipsrv.exe - C:\WINDOWS\system32\clipsrv.exe -  - 
       clr_optimization_v2.0.50727_32 - Stopped - Disabled - c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe - c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -  - 
       clr_optimization_v4.0.30319_32 - Stopped - Automatic - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -  - 
       COMSysApp - Stopped - Manual - C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} - C:\WINDOWS\system32\dllhost.exe -  - 
       CryptSvc - Started - Automatic - C:\WINDOWS\system32\svchost.exe -k netsvcs - C:\WINDOWS\system32\svchost.exe -  - 
       DcomLaunch - Started - Automatic - C:\WINDOWS\system32\svchost.exe -k DcomLaunch - C:\WINDOWS\system32\svchost.exe -  - 
       Dhcp - Stopped - Automatic - C:\WINDOWS\system32\svchost.exe -k netsvcs - C:\WINDOWS\system32\svchost.exe -  - 
       dmadmin - Stopped - Manual - C:\WINDOWS\System32\dmadmin.exe /com - C:\WINDOWS\System32\dmadmin.exe -  - 
       dmserver - Started - Automatic - C:\WINDOWS\System32\svchost.exe -k netsvcs - C:\WINDOWS\System32\svchost.exe -  - 
       Dnscache - Stopped - Automatic - C:\WINDOWS\system32\svchost.exe -k NetworkService - C:\WINDOWS\system32\svchost.exe -  - 
       Dot3svc - Stopped - Manual - C:\WINDOWS\System32\svchost.exe -k dot3svc - C:\WINDOWS\System32\svchost.exe -  - 
       EapHost - Stopped - Manual - C:\WINDOWS\System32\svchost.exe -k eapsvcs - C:\WINDOWS\System32\svchost.exe -  - 
       ERSvc - Stopped - Automatic - C:\WINDOWS\System32\svchost.exe -k netsvcs - C:\WINDOWS\System32\svchost.exe -  - 
       Eventlog - Started - Automatic - C:\WINDOWS\system32\services.exe - C:\WINDOWS\system32\services.exe -  - 
       EventSystem - Stopped - Manual - C:\WINDOWS\system32\svchost.exe -k netsvcs - C:\WINDOWS\system32\svchost.exe -  - 
       FastUserSwitchingCompatibility - Stopped - Manual - C:\WINDOWS\System32\svchost.exe -k netsvcs - C:\WINDOWS\System32\svchost.exe -  - 
       FLEXnet Licensing Service - Stopped - Manual - "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -  - 
       FontCache3.0.0.0 - Stopped - Manual - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -  - 
       HDDSvc - Stopped - Manual - C:\Program Files\Common Files\AltrixSoft\HDDInfoService\HDDSvc.exe - C:\Program Files\Common Files\AltrixSoft\HDDInfoService\HDDSvc.exe -  - 
       helpsvc - Started - Automatic - C:\WINDOWS\System32\svchost.exe -k netsvcs - C:\WINDOWS\System32\svchost.exe -  - 
       HidServ - Stopped - Disabled - C:\WINDOWS\System32\svchost.exe -k netsvcs - C:\WINDOWS\System32\svchost.exe -  - 
       hkmsvc - Stopped - Manual - C:\WINDOWS\System32\svchost.exe -k netsvcs - C:\WINDOWS\System32\svchost.exe -  - 
       HTTPFilter - Stopped - Manual - C:\WINDOWS\System32\svchost.exe -k HTTPFilter - C:\WINDOWS\System32\svchost.exe -  - 
       idsvc - Stopped - Manual - "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -  - 
       ImapiService - Stopped - Manual - C:\WINDOWS\system32\imapi.exe - C:\WINDOWS\system32\imapi.exe -  - 
       iPod Service - Stopped - Manual - "C:\Program Files\iPod\bin\iPodService.exe" - C:\Program Files\iPod\bin\iPodService.exe -  - 
       JavaQuickStarterService - Stopped - Automatic - "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" - C:\Program Files\Java\jre6\bin\jqs.exe -  - 
       LanmanServer - Stopped - Automatic - C:\WINDOWS\system32\svchost.exe -k netsvcs - C:\WINDOWS\system32\svchost.exe -  - 
       lanmanworkstation - Stopped - Automatic - C:\WINDOWS\system32\svchost.exe -k netsvcs - C:\WINDOWS\system32\svchost.exe -  - 
       LmHosts - Stopped - Automatic - C:\WINDOWS\system32\svchost.exe -k LocalService - C:\WINDOWS\system32\svchost.exe -  - 
       Messenger - Stopped - Disabled - C:\WINDOWS\system32\svchost.exe -k netsvcs - C:\WINDOWS\system32\svchost.exe -  - 
       Microsoft Office Groove Audit Service - Stopped - Manual - "C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -  - 
       mnmsrvc - Stopped - Manual - C:\WINDOWS\system32\mnmsrvc.exe - C:\WINDOWS\system32\mnmsrvc.exe -  - 
       MSDTC - Stopped - Manual - C:\WINDOWS\system32\msdtc.exe - C:\WINDOWS\system32\msdtc.exe -  - 
       MSIServer - Stopped - Manual - C:\WINDOWS\system32\msiexec.exe /V - C:\WINDOWS\system32\msiexec.exe -  - 
       napagent - Stopped - Manual - C:\WINDOWS\System32\svchost.exe -k netsvcs - C:\WINDOWS\System32\svchost.exe -  - 
       Nero BackItUp Scheduler 4.0 - Stopped - Automatic - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -  - 
       NetDDE - Stopped - Disabled - C:\WINDOWS\system32\netdde.exe - C:\WINDOWS\system32\netdde.exe -  - 
       NetDDEdsdm - Stopped - Disabled - C:\WINDOWS\system32\netdde.exe - C:\WINDOWS\system32\netdde.exe -  - 
       Netlogon - Stopped - Manual - C:\WINDOWS\system32\lsass.exe - C:\WINDOWS\system32\lsass.exe -  - 
       Netman - Stopped - Manual - C:\WINDOWS\System32\svchost.exe -k netsvcs - C:\WINDOWS\System32\svchost.exe -  - 
       NetTcpPortSharing - Stopped - Disabled - "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -  - 
       Nla - Stopped - Manual - C:\WINDOWS\system32\svchost.exe -k netsvcs - C:\WINDOWS\system32\svchost.exe -  - 
       NtLmSsp - Stopped - Manual - C:\WINDOWS\system32\lsass.exe - C:\WINDOWS\system32\lsass.exe -  - 
       NtmsSvc - Stopped - Manual - C:\WINDOWS\system32\svchost.exe -k netsvcs - C:\WINDOWS\system32\svchost.exe -  - 
       O&O Defrag - Stopped - Automatic - C:\WINDOWS\system32\oodag.exe - C:\WINDOWS\system32\oodag.exe -  - 
       odserv - Stopped - Manual - "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -  - 
       ose - Stopped - Manual - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -  - 
       PassThru Service - Stopped - Automatic - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -  - 
       PlugPlay - Started - Automatic - C:\WINDOWS\system32\services.exe - C:\WINDOWS\system32\services.exe -  - 
       PolicyAgent - Stopped - Automatic - C:\WINDOWS\system32\lsass.exe - C:\WINDOWS\system32\lsass.exe -  - 
       ProtectedStorage - Stopped - Automatic - C:\WINDOWS\system32\lsass.exe - C:\WINDOWS\system32\lsass.exe -  - 
       RasAuto - Stopped - Manual - C:\WINDOWS\system32\svchost.exe -k netsvcs - C:\WINDOWS\system32\svchost.exe -  - 
       RasMan - Stopped - Manual - C:\WINDOWS\system32\svchost.exe -k netsvcs - C:\WINDOWS\system32\svchost.exe -  - 
       RDSessMgr - Stopped - Manual - C:\WINDOWS\system32\sessmgr.exe - C:\WINDOWS\system32\sessmgr.exe -  - 
       RemoteAccess - Stopped - Disabled - C:\WINDOWS\system32\svchost.exe -k netsvcs - C:\WINDOWS\system32\svchost.exe -  - 
       RemoteRegistry - Stopped - Disabled - C:\WINDOWS\system32\svchost.exe -k LocalService - C:\WINDOWS\system32\svchost.exe -  - 
       RpcLocator - Stopped - Manual - C:\WINDOWS\system32\locator.exe - C:\WINDOWS\system32\locator.exe -  - 
       RpcSs - Started - Automatic - C:\WINDOWS\system32\svchost.exe -k rpcss - C:\WINDOWS\system32\svchost.exe -  - 
       RSVP - Stopped - Manual - C:\WINDOWS\system32\rsvp.exe - C:\WINDOWS\system32\rsvp.exe -  - 
       SamSs - Stopped - Automatic - C:\WINDOWS\system32\lsass.exe - C:\WINDOWS\system32\lsass.exe -  - 
       SCardSvr - Stopped - Manual - C:\WINDOWS\system32\scardsvr.exe - C:\WINDOWS\system32\scardsvr.exe -  - 
       Schedule - Stopped - Automatic - C:\WINDOWS\System32\svchost.exe -k netsvcs - C:\WINDOWS\System32\svchost.exe -  - 
       seclogon - Stopped - Automatic - C:\WINDOWS\System32\svchost.exe -k netsvcs - C:\WINDOWS\System32\svchost.exe -  - 
       SENS - Stopped - Automatic - C:\WINDOWS\system32\svchost.exe -k netsvcs - C:\WINDOWS\system32\svchost.exe -  - 
       ServiceLayer - Stopped - Manual - "C:\Program Files\PC Connectivity Solution\ServiceLayer.exe" - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -  - 
       SharedAccess - Stopped - Automatic - C:\WINDOWS\System32\svchost.exe -k netsvcs - C:\WINDOWS\System32\svchost.exe -  - 
       ShellHWDetection - Stopped - Automatic - C:\WINDOWS\System32\svchost.exe -k netsvcs - C:\WINDOWS\System32\svchost.exe -  - 
       Spooler - Stopped - Automatic - C:\WINDOWS\system32\spoolsv.exe - C:\WINDOWS\system32\spoolsv.exe -  - 
       srservice - Stopped - Automatic - C:\WINDOWS\system32\svchost.exe -k netsvcs - C:\WINDOWS\system32\svchost.exe -  - 
       SSDPSRV - Stopped - Manual - C:\WINDOWS\system32\svchost.exe -k LocalService - C:\WINDOWS\system32\svchost.exe -  - 
       StarWindServiceAE - Stopped - Automatic - d:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe - d:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -  - 
       stisvc - Stopped - Automatic - C:\WINDOWS\system32\svchost.exe -k imgsvc - C:\WINDOWS\system32\svchost.exe -  - 
       SwPrv - Stopped - Manual - C:\WINDOWS\system32\dllhost.exe /Processid:{22A9901E-A5F9-43CA-A114-F55A56DC3106} - C:\WINDOWS\system32\dllhost.exe -  - 
       SysmonLog - Stopped - Manual - C:\WINDOWS\system32\smlogsvc.exe - C:\WINDOWS\system32\smlogsvc.exe -  - 
       TapiSrv - Stopped - Manual - C:\WINDOWS\System32\svchost.exe -k netsvcs - C:\WINDOWS\System32\svchost.exe -  - 
       TermService - Stopped - Manual - C:\WINDOWS\System32\svchost.exe -k DComLaunch - C:\WINDOWS\System32\svchost.exe -  - 
       Themes - Stopped - Automatic - C:\WINDOWS\System32\svchost.exe -k netsvcs - C:\WINDOWS\System32\svchost.exe -  - 
       TlntSvr - Stopped - Manual - C:\WINDOWS\system32\tlntsvr.exe - C:\WINDOWS\system32\tlntsvr.exe -  - 
       TrkWks - Stopped - Automatic - C:\WINDOWS\system32\svchost.exe -k netsvcs - C:\WINDOWS\system32\svchost.exe -  - 
       TuneUp.Defrag - Stopped - Manual - C:\WINDOWS\system32\TuneUpDefragService.exe - C:\WINDOWS\system32\TuneUpDefragService.exe -  - 
       TuneUp.ProgramStatisticsSvc - Stopped - Automatic - C:\WINDOWS\system32\TUProgSt.exe - C:\WINDOWS\system32\TUProgSt.exe -  - 
       upnphost - Stopped - Manual - C:\WINDOWS\system32\svchost.exe -k LocalService - C:\WINDOWS\system32\svchost.exe -  - 
       UPS - Stopped - Manual - C:\WINDOWS\system32\ups.exe - C:\WINDOWS\system32\ups.exe -  - 
       UxTuneUp - Stopped - Automatic - C:\WINDOWS\System32\svchost.exe -k netsvcs - C:\WINDOWS\System32\svchost.exe -  - 
       VSS - Stopped - Manual - C:\WINDOWS\system32\vssvc.exe - C:\WINDOWS\system32\vssvc.exe -  - 
       W32Time - Stopped - Automatic - C:\WINDOWS\System32\svchost.exe -k netsvcs - C:\WINDOWS\System32\svchost.exe -  - 
       WebClient - Stopped - Manual - C:\WINDOWS\system32\svchost.exe -k LocalService - C:\WINDOWS\system32\svchost.exe -  - 
       winmgmt - Started - Automatic - C:\WINDOWS\system32\svchost.exe -k netsvcs - C:\WINDOWS\system32\svchost.exe -  - 
       WmdmPmSN - Stopped - Manual - C:\WINDOWS\System32\svchost.exe -k netsvcs - C:\WINDOWS\System32\svchost.exe -  - 
       Wmi - Stopped - Manual - C:\WINDOWS\System32\svchost.exe -k netsvcs - C:\WINDOWS\System32\svchost.exe -  - 
       WmiApSrv - Stopped - Manual - C:\WINDOWS\system32\wbem\wmiapsrv.exe - C:\WINDOWS\system32\wbem\wmiapsrv.exe -  - 
       WMPNetworkSvc - Stopped - Manual - "C:\Program Files\Windows Media Player\WMPNetwk.exe" - C:\Program Files\Windows Media Player\WMPNetwk.exe -  - 
       WPFFontCache_v0400 - Stopped - Manual - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -  - 
       wscsvc - Stopped - Automatic - C:\WINDOWS\System32\svchost.exe -k netsvcs - C:\WINDOWS\System32\svchost.exe -  - 
       wuauserv - Stopped - Automatic - C:\WINDOWS\system32\svchost.exe -k netsvcs - C:\WINDOWS\system32\svchost.exe -  - 
       WudfSvc - Started - Automatic - C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup - C:\WINDOWS\system32\svchost.exe -  - 
       WZCSVC - Stopped - Automatic - C:\WINDOWS\System32\svchost.exe -k netsvcs - C:\WINDOWS\System32\svchost.exe -  - 
       xmlprov - Stopped - Manual - C:\WINDOWS\System32\svchost.exe -k netsvcs - C:\WINDOWS\System32\svchost.exe -  - 
       .imapi -  - Manual -  -  -  - 

==========================================================================================

File Association

       .bat - "%1" %* - HKEY_CLASSES_ROOT\.bat
       .cmd - "%1" %* - HKEY_CLASSES_ROOT\.cmd
       .com - "%1" %* - HKEY_CLASSES_ROOT\.com
       .exe - "%1" %* - HKEY_CLASSES_ROOT\.exe
       .scr - "%1" /S - HKEY_CLASSES_ROOT\.scr
       .txt - %SystemRoot%\system32\NOTEPAD.EXE %1 - HKEY_CLASSES_ROOT\.txt
       .ini - %SystemRoot%\System32\NOTEPAD.EXE %1 - HKEY_CLASSES_ROOT\.ini
       .pif - "%1" %* - HKEY_CLASSES_ROOT\.pif
       .reg - regedit.exe "%1" - HKEY_CLASSES_ROOT\.reg
       .inf - %SystemRoot%\System32\NOTEPAD.EXE %1 - HKEY_CLASSES_ROOT\.inf
       .hlp - %SystemRoot%\System32\winhlp32.exe %1 - HKEY_CLASSES_ROOT\.hlp
       .chm - "%SYSTEMROOT%\hh.exe" %1 - HKEY_CLASSES_ROOT\.chm
       .vbs - %SystemRoot%\System32\WScript.exe "%1" %* - HKEY_CLASSES_ROOT\.vbs
       .js - %SystemRoot%\System32\WScript.exe "%1" %* - HKEY_CLASSES_ROOT\.js
       .lnk - lnkfile - HKEY_CLASSES_ROOT\.lnk
       batfile - "%1" %* - HKEY_CLASSES_ROOT\batfile\Shell\Open\Command
       cmdfile - "%1" %* - HKEY_CLASSES_ROOT\cmdfile\Shell\Open\Command
       comfile - "%1" %* - HKEY_CLASSES_ROOT\comfile\Shell\Open\Command
       exefile - "%1" %* - HKEY_CLASSES_ROOT\exefile\Shell\Open\Command
       scrfile - "%1" /S - HKEY_CLASSES_ROOT\scrfile\Shell\Open\Command
       txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1 - HKEY_CLASSES_ROOT\txtfile\Shell\Open\Command
       inifile - %SystemRoot%\System32\NOTEPAD.EXE %1 - HKEY_CLASSES_ROOT\inifile\Shell\Open\Command
       piffile - "%1" %* - HKEY_CLASSES_ROOT\piffile\Shell\Open\Command
       regfile - regedit.exe "%1" - HKEY_CLASSES_ROOT\regfile\Shell\Open\Command
       inffile - %SystemRoot%\System32\NOTEPAD.EXE %1 - HKEY_CLASSES_ROOT\inffile\Shell\Open\Command
       hlpfile - %SystemRoot%\System32\winhlp32.exe %1 - HKEY_CLASSES_ROOT\hlpfile\Shell\Open\Command
       chm.file - "%SYSTEMROOT%\hh.exe" %1 - HKEY_CLASSES_ROOT\chm.file\Shell\Open\Command
       vbsfile - %SystemRoot%\System32\WScript.exe "%1" %* - HKEY_CLASSES_ROOT\vbsfile\Shell\Open\Command
       jsfile - %SystemRoot%\System32\WScript.exe "%1" %* - HKEY_CLASSES_ROOT\jsfile\Shell\Open\Command
       HKCU .txt Progid - %SystemRoot%\system32\NOTEPAD.EXE %1 - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithProgids
       HKCU .ini Progid - %SystemRoot%\System32\NOTEPAD.EXE %1 - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ini\OpenWithProgids
       HKCU .reg Progid - regedit.exe "%1" - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.reg\OpenWithProgids
       HKCU .inf Progid - %SystemRoot%\System32\NOTEPAD.EXE %1 - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inf\OpenWithProgids
       HKCU .chm Progid - "%SYSTEMROOT%\hh.exe" %1 - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.chm\OpenWithProgids
       HKCU .js Progid - %SystemRoot%\System32\WScript.exe "%1" %* - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.js\OpenWithProgids

==========================================================================================

IFEO

       Nothing

==========================================================================================

IME

       Anglick (Spojen stty) -  -  - C:\WINDOWS\system32\KBDUS.DLL - Microsoft Corporation
       esk -  -  - C:\WINDOWS\system32\KBDCZ.DLL - Microsoft Corporation
       Rusk -  -  - C:\WINDOWS\system32\KBDRU.DLL - Microsoft Corporation
       Slovensk -  -  - C:\WINDOWS\system32\KBDSL.DLL - Microsoft Corporation
       Ukrajinsk -  -  - C:\WINDOWS\system32\KBDUR.DLL - Microsoft Corporation

==========================================================================================

Firewall Rule

       %windir%\Network Diagnostic\xpnetdiag.exe - Domain App - Enabled - 
       %windir%\system32\sessmgr.exe - Domain App - Enabled - 
       %windir%\Network Diagnostic\xpnetdiag.exe - Standard App - Enabled - 
       %windir%\system32\sessmgr.exe - Standard App - Enabled - 
       C:\Program Files\ICQ6.5\ICQ.exe - Standard App - Enabled - 
       C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE - Standard App - Enabled - 
       C:\Program Files\Microsoft Office\Office12\GROOVE.EXE - Standard App - Enabled - 
       C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE - Standard App - Enabled - 
       C:\Documents and Settings\Marie\Local Settings\Data aplikac\Skype\Phone\Skype.exe - Standard App - Enabled - 
       C:\Program Files\Skype\Phone\Skype.exe - Standard App - Enabled - 
       D:\Games\KONAMI\Pro Evolution Soccer 2012\pes2012.exe - Standard App - Enabled - 
       C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe - Standard App - Enabled - 
       C:\Program Files\Bonjour\mDNSResponder.exe - Standard App - Enabled - 
       D:\Program Files\iTunes\iTunes.exe - Standard App - Enabled - 
       1900:UDP - Open Port - Disable - 
       2869:TCP - Open Port - Disable - 

==========================================================================================

Scan MBR Rootkit

       Unknow MBR!
