XueTr --- Computer Examination Report
Examination Date: 2012-05-12 11:07
OS Information: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Internet Explorer: 8.0.6001.18702

Examination Items:
      Process
      Process Modules
      Process Threads
      Kernel Module
      Notify Routine
      Filter
      DPC Timer
      Worker Thread
      Object Hijack
      Direct IO
      GDT
      SSDT
      Shadow SSDT
      FSD
      Keyboard
      Mouclass
      Classpnp
      Atapi
      Acpi
      Scsi
      Kernel Hook
      Object Type
      IDT
      Message Hook
      Process Hook
      KernelCallbackTable
      Port
      Tcpip
      IE Plugin
      IE Shell
      Spi
      Hosts File
      Startup
      Service
      File Association
      IFEO
      IME
      Firewall Rule
      Scan MBR Rootkit

==========================================================================================

Process

       System - System - 
       winlogon.exe - C:\WINDOWS\system32\winlogon.exe - Microsoft Corporation
       soffice.exe - C:\Program Files\OpenOffice.org 3\program\soffice.exe - OpenOffice.org
       soffice.bin - C:\Program Files\OpenOffice.org 3\program\soffice.bin - OpenOffice.org
       AvastSvc.exe - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe - AVAST Software
       rundll32.exe - C:\WINDOWS\system32\rundll32.exe - Microsoft Corporation
       Updater.exe - C:\Program Files\Ask.com\Updater\Updater.exe - Ask
       SpywareTerminatorShield.Exe - C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe - Crawler.com
       svchost.exe - C:\WINDOWS\system32\svchost.exe - Microsoft Corporation
       services.exe - C:\WINDOWS\system32\services.exe - Microsoft Corporation
       SpywareTerminatorUpdate.exe - C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe - Crawler.com
       wuauclt.exe - C:\WINDOWS\system32\wuauclt.exe - Microsoft Corporation
       svchost.exe - C:\WINDOWS\system32\svchost.exe - Microsoft Corporation
       sp_rsser.exe - C:\Program Files\Spyware Terminator\sp_rsser.exe - Crawler.com
       svchost.exe - C:\WINDOWS\system32\svchost.exe - Microsoft Corporation
       lsass.exe - C:\WINDOWS\system32\lsass.exe - Microsoft Corporation
       explorer.exe - C:\WINDOWS\explorer.exe - Microsoft Corporation
       smss.exe - C:\WINDOWS\system32\smss.exe - Microsoft Corporation
       csrss.exe - C:\WINDOWS\system32\csrss.exe - Microsoft Corporation
       svchost.exe - C:\WINDOWS\system32\svchost.exe - Microsoft Corporation
       svchost.exe - C:\WINDOWS\system32\svchost.exe - Microsoft Corporation
       svchost.exe - C:\WINDOWS\system32\svchost.exe - Microsoft Corporation
       AvastUI.exe - C:\Program Files\Alwil Software\Avast5\AvastUI.exe - AVAST Software
       spoolsv.exe - C:\WINDOWS\system32\spoolsv.exe - Microsoft Corporation
       XueTr.exe - C:\Documents and Settings\Zuzana\Local Settings\Temp\Rar$EX00.546\XueTr.exe - Email: linxer@163.com
       ctfmon.exe - C:\WINDOWS\system32\ctfmon.exe - Microsoft Corporation
       WinRAR.exe - C:\Program Files\WinRAR\WinRAR.exe - 
       notepad.exe - C:\WINDOWS\system32\notepad.exe - Microsoft Corporation
       alg.exe - C:\WINDOWS\system32\alg.exe - Microsoft Corporation
       notepad.exe - C:\WINDOWS\system32\notepad.exe - Microsoft Corporation
       Idle - Idle - 

==========================================================================================

Process Modules

      Image File Name[System]Modules
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[winlogon.exe]Modules
             winlogon.exe - C:\WINDOWS\system32\winlogon.exe - Microsoft Corporation
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             snxhk.dll - C:\Program Files\Alwil Software\Avast5\snxhk.dll - AVAST Software
             ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             Secur32.dll - C:\WINDOWS\system32\Secur32.dll - Microsoft Corporation
             AUTHZ.dll - C:\WINDOWS\system32\AUTHZ.dll - Microsoft Corporation
             msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             CRYPT32.dll - C:\WINDOWS\system32\CRYPT32.dll - Microsoft Corporation
             MSASN1.dll - C:\WINDOWS\system32\MSASN1.dll - Microsoft Corporation
             USER32.dll - C:\WINDOWS\system32\USER32.dll - Microsoft Corporation
             GDI32.dll - C:\WINDOWS\system32\GDI32.dll - Microsoft Corporation
             NDdeApi.dll - C:\WINDOWS\system32\NDdeApi.dll - Microsoft Corporation
             PROFMAP.dll - C:\WINDOWS\system32\PROFMAP.dll - Microsoft Corporation
             NETAPI32.dll - C:\WINDOWS\system32\NETAPI32.dll - Microsoft Corporation
             USERENV.dll - C:\WINDOWS\system32\USERENV.dll - Microsoft Corporation
             PSAPI.DLL - C:\WINDOWS\system32\PSAPI.DLL - Microsoft Corporation
             REGAPI.dll - C:\WINDOWS\system32\REGAPI.dll - Microsoft Corporation
             SETUPAPI.dll - C:\WINDOWS\system32\SETUPAPI.dll - Microsoft Corporation
             VERSION.dll - C:\WINDOWS\system32\VERSION.dll - Microsoft Corporation
             WINSTA.dll - C:\WINDOWS\system32\WINSTA.dll - Microsoft Corporation
             WINTRUST.dll - C:\WINDOWS\system32\WINTRUST.dll - Microsoft Corporation
             IMAGEHLP.dll - C:\WINDOWS\system32\IMAGEHLP.dll - Microsoft Corporation
             WS2_32.dll - C:\WINDOWS\system32\WS2_32.dll - Microsoft Corporation
             WS2HELP.dll - C:\WINDOWS\system32\WS2HELP.dll - Microsoft Corporation
             IMM32.DLL - C:\WINDOWS\system32\IMM32.DLL - Microsoft Corporation
             MSGINA.dll - C:\WINDOWS\system32\MSGINA.dll - Microsoft Corporation
             COMCTL32.dll - C:\WINDOWS\system32\COMCTL32.dll - Microsoft Corporation
             ODBC32.dll - C:\WINDOWS\system32\ODBC32.dll - Microsoft Corporation
             comdlg32.dll - C:\WINDOWS\system32\comdlg32.dll - Microsoft Corporation
             SHELL32.dll - C:\WINDOWS\system32\SHELL32.dll - Microsoft Corporation
             SHLWAPI.dll - C:\WINDOWS\system32\SHLWAPI.dll - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - Microsoft Corporation
             odbcint.dll - C:\WINDOWS\system32\odbcint.dll - Microsoft Corporation
             SHSVCS.dll - C:\WINDOWS\system32\SHSVCS.dll - Microsoft Corporation
             sfc.dll - C:\WINDOWS\system32\sfc.dll - Microsoft Corporation
             sfc_os.dll - C:\WINDOWS\system32\sfc_os.dll - Microsoft Corporation
             ole32.dll - C:\WINDOWS\system32\ole32.dll - Microsoft Corporation
             Apphelp.dll - C:\WINDOWS\system32\Apphelp.dll - Microsoft Corporation
             msctfime.ime - C:\WINDOWS\system32\msctfime.ime - Microsoft Corporation
             WINSCARD.DLL - C:\WINDOWS\system32\WINSCARD.DLL - Microsoft Corporation
             WTSAPI32.dll - C:\WINDOWS\system32\WTSAPI32.dll - Microsoft Corporation
             sxs.dll - C:\WINDOWS\system32\sxs.dll - Microsoft Corporation
             uxtheme.dll - C:\WINDOWS\system32\uxtheme.dll - Microsoft Corporation
             WINMM.dll - C:\WINDOWS\system32\WINMM.dll - Microsoft Corporation
             cscdll.dll - C:\WINDOWS\system32\cscdll.dll - Microsoft Corporation
             dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll - Microsoft Corporation
             rsaenh.dll - C:\WINDOWS\system32\rsaenh.dll - Microsoft Corporation
             WlNotify.dll - C:\WINDOWS\system32\WlNotify.dll - Microsoft Corporation
             MPR.dll - C:\WINDOWS\system32\MPR.dll - Microsoft Corporation
             WINSPOOL.DRV - C:\WINDOWS\system32\WINSPOOL.DRV - Microsoft Corporation
             SAMLIB.dll - C:\WINDOWS\system32\SAMLIB.dll - Microsoft Corporation
             cscui.dll - C:\WINDOWS\system32\cscui.dll - Microsoft Corporation
             MPRAPI.dll - C:\WINDOWS\system32\MPRAPI.dll - Microsoft Corporation
             ACTIVEDS.dll - C:\WINDOWS\system32\ACTIVEDS.dll - Microsoft Corporation
             adsldpc.dll - C:\WINDOWS\system32\adsldpc.dll - Microsoft Corporation
             WLDAP32.dll - C:\WINDOWS\system32\WLDAP32.dll - Microsoft Corporation
             ATL.DLL - C:\WINDOWS\system32\ATL.DLL - Microsoft Corporation
             OLEAUT32.dll - C:\WINDOWS\system32\OLEAUT32.dll - Microsoft Corporation
             rtutils.dll - C:\WINDOWS\system32\rtutils.dll - Microsoft Corporation
             xpsp2res.dll - C:\WINDOWS\system32\xpsp2res.dll - Microsoft Corporation
             NTMARTA.DLL - C:\WINDOWS\system32\NTMARTA.DLL - Microsoft Corporation
             msv1_0.dll - C:\WINDOWS\system32\msv1_0.dll - Microsoft Corporation
             cryptdll.dll - C:\WINDOWS\system32\cryptdll.dll - Microsoft Corporation
             iphlpapi.dll - C:\WINDOWS\system32\iphlpapi.dll - Microsoft Corporation
             wdmaud.drv - C:\WINDOWS\system32\wdmaud.drv - Microsoft Corporation
             msacm32.drv - C:\WINDOWS\system32\msacm32.drv - Microsoft Corporation
             MSACM32.dll - C:\WINDOWS\system32\MSACM32.dll - Microsoft Corporation
             midimap.dll - C:\WINDOWS\system32\midimap.dll - Microsoft Corporation
             COMRes.dll - C:\WINDOWS\system32\COMRes.dll - Microsoft Corporation
             CLBCATQ.DLL - C:\WINDOWS\system32\CLBCATQ.DLL - Microsoft Corporation
             wbemprox.dll - C:\WINDOWS\system32\wbem\wbemprox.dll - Microsoft Corporation
             wbemcomn.dll - C:\WINDOWS\system32\wbem\wbemcomn.dll - Microsoft Corporation
             wbemsvc.dll - C:\WINDOWS\system32\wbem\wbemsvc.dll - Microsoft Corporation
             fastprox.dll - C:\WINDOWS\system32\wbem\fastprox.dll - Microsoft Corporation
             MSVCP60.dll - C:\WINDOWS\system32\MSVCP60.dll - Microsoft Corporation
             NTDSAPI.dll - C:\WINDOWS\system32\NTDSAPI.dll - Microsoft Corporation
             DNSAPI.dll - C:\WINDOWS\system32\DNSAPI.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[soffice.exe]Modules
             soffice.exe - C:\Program Files\OpenOffice.org 3\program\soffice.exe - OpenOffice.org
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             snxhk.dll - C:\Program Files\Alwil Software\Avast5\snxhk.dll - AVAST Software
             MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             USER32.dll - C:\WINDOWS\system32\USER32.dll - Microsoft Corporation
             GDI32.dll - C:\WINDOWS\system32\GDI32.dll - Microsoft Corporation
             ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             Secur32.dll - C:\WINDOWS\system32\Secur32.dll - Microsoft Corporation
             SHELL32.dll - C:\WINDOWS\system32\SHELL32.dll - Microsoft Corporation
             msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             SHLWAPI.dll - C:\WINDOWS\system32\SHLWAPI.dll - Microsoft Corporation
             IMM32.DLL - C:\WINDOWS\system32\IMM32.DLL - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\system32\comctl32.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[soffice.bin]Modules
             soffice.bin - C:\Program Files\OpenOffice.org 3\program\soffice.bin - OpenOffice.org
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             snxhk.dll - C:\Program Files\Alwil Software\Avast5\snxhk.dll - AVAST Software
             sal3.dll - C:\Program Files\OpenOffice.org 3\URE\bin\sal3.dll - OpenOffice.org
             uwinapi.dll - C:\Program Files\OpenOffice.org 3\URE\bin\uwinapi.dll - OpenOffice.org
             USER32.dll - C:\WINDOWS\system32\USER32.dll - Microsoft Corporation
             GDI32.dll - C:\WINDOWS\system32\GDI32.dll - Microsoft Corporation
             ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             Secur32.dll - C:\WINDOWS\system32\Secur32.dll - Microsoft Corporation
             VERSION.dll - C:\WINDOWS\system32\VERSION.dll - Microsoft Corporation
             MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             SHLWAPI.dll - C:\WINDOWS\system32\SHLWAPI.dll - Microsoft Corporation
             msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             WSOCK32.dll - C:\WINDOWS\system32\WSOCK32.dll - Microsoft Corporation
             WS2_32.dll - C:\WINDOWS\system32\WS2_32.dll - Microsoft Corporation
             WS2HELP.dll - C:\WINDOWS\system32\WS2HELP.dll - Microsoft Corporation
             ole32.dll - C:\WINDOWS\system32\ole32.dll - Microsoft Corporation
             MPR.dll - C:\WINDOWS\system32\MPR.dll - Microsoft Corporation
             sofficeapp.dll - C:\Program Files\OpenOffice.org 3\program\sofficeapp.dll - OpenOffice.org
             comphelp4MSC.dll - C:\Program Files\OpenOffice.org 3\program\comphelp4MSC.dll - OpenOffice.org
             cppuhelper3MSC.dll - C:\Program Files\OpenOffice.org 3\URE\bin\cppuhelper3MSC.dll - OpenOffice.org
             salhelper3MSC.dll - C:\Program Files\OpenOffice.org 3\URE\bin\salhelper3MSC.dll - OpenOffice.org
             cppu3.dll - C:\Program Files\OpenOffice.org 3\URE\bin\cppu3.dll - OpenOffice.org
             stlport_vc7145.dll - C:\Program Files\OpenOffice.org 3\URE\bin\stlport_vc7145.dll - STLport Consulting, Inc.
             ucbhelper4MSC.dll - C:\Program Files\OpenOffice.org 3\program\ucbhelper4MSC.dll - OpenOffice.org
             vos3MSC.dll - C:\Program Files\OpenOffice.org 3\program\vos3MSC.dll - OpenOffice.org
             i18nisolang1MSC.dll - C:\Program Files\OpenOffice.org 3\program\i18nisolang1MSC.dll - OpenOffice.org
             sfxmi.dll - C:\Program Files\OpenOffice.org 3\program\sfxmi.dll - OpenOffice.org
             fwemi.dll - C:\Program Files\OpenOffice.org 3\program\fwemi.dll - OpenOffice.org
             fwimi.dll - C:\Program Files\OpenOffice.org 3\program\fwimi.dll - OpenOffice.org
             utlmi.dll - C:\Program Files\OpenOffice.org 3\program\utlmi.dll - OpenOffice.org
             tlmi.dll - C:\Program Files\OpenOffice.org 3\program\tlmi.dll - OpenOffice.org
             basegfxmi.dll - C:\Program Files\OpenOffice.org 3\program\basegfxmi.dll - OpenOffice.org
             SHELL32.dll - C:\WINDOWS\system32\SHELL32.dll - Microsoft Corporation
             vclmi.dll - C:\Program Files\OpenOffice.org 3\program\vclmi.dll - OpenOffice.org
             sotmi.dll - C:\Program Files\OpenOffice.org 3\program\sotmi.dll - OpenOffice.org
             i18npapermi.dll - C:\Program Files\OpenOffice.org 3\program\i18npapermi.dll - OpenOffice.org
             i18nutilMSC.dll - C:\Program Files\OpenOffice.org 3\program\i18nutilMSC.dll - OpenOffice.org
             icuuc40.dll - C:\Program Files\OpenOffice.org 3\program\icuuc40.dll - IBM Corporation and others
             icudt40.dll - C:\Program Files\OpenOffice.org 3\program\icudt40.dll - IBM Corporation and others
             gdiplus.dll - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\gdiplus.dll - Microsoft Corporation
             MSIMG32.dll - C:\WINDOWS\system32\MSIMG32.dll - Microsoft Corporation
             WINSPOOL.DRV - C:\WINDOWS\system32\WINSPOOL.DRV - Microsoft Corporation
             IMM32.dll - C:\WINDOWS\system32\IMM32.dll - Microsoft Corporation
             tkmi.dll - C:\Program Files\OpenOffice.org 3\program\tkmi.dll - OpenOffice.org
             svlmi.dll - C:\Program Files\OpenOffice.org 3\program\svlmi.dll - OpenOffice.org
             svtmi.dll - C:\Program Files\OpenOffice.org 3\program\svtmi.dll - OpenOffice.org
             jvmfwk3.dll - C:\Program Files\OpenOffice.org 3\URE\bin\jvmfwk3.dll - OpenOffice.org
             libxml2.dll - C:\Program Files\OpenOffice.org 3\program\libxml2.dll - 
             sbmi.dll - C:\Program Files\OpenOffice.org 3\program\sbmi.dll - OpenOffice.org
             xcrmi.dll - C:\Program Files\OpenOffice.org 3\program\xcrmi.dll - OpenOffice.org
             OLEAUT32.dll - C:\WINDOWS\system32\OLEAUT32.dll - Microsoft Corporation
             saxmi.dll - C:\Program Files\OpenOffice.org 3\program\saxmi.dll - OpenOffice.org
             comctl32.dll - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - Microsoft Corporation
             uxtheme.dll - C:\WINDOWS\system32\uxtheme.dll - Microsoft Corporation
             MSCTF.dll - C:\WINDOWS\system32\MSCTF.dll - Microsoft Corporation
             msctfime.ime - C:\WINDOWS\system32\msctfime.ime - Microsoft Corporation
             PSAPI.DLL - C:\WINDOWS\system32\PSAPI.DLL - Microsoft Corporation
             msci_uno.dll - C:\Program Files\OpenOffice.org 3\URE\bin\msci_uno.dll - OpenOffice.org
             bootstrap.uno.dll - C:\Program Files\OpenOffice.org 3\URE\bin\bootstrap.uno.dll - OpenOffice.org
             reg3.dll - C:\Program Files\OpenOffice.org 3\URE\bin\reg3.dll - OpenOffice.org
             store3.dll - C:\Program Files\OpenOffice.org 3\URE\bin\store3.dll - OpenOffice.org
             configmgr2.uno.dll - C:\Program Files\OpenOffice.org 3\program\configmgr2.uno.dll - OpenOffice.org
             stocservices.uno.dll - C:\Program Files\OpenOffice.org 3\URE\bin\stocservices.uno.dll - OpenOffice.org
             sysmgr1.uno.dll - C:\Program Files\OpenOffice.org 3\program\sysmgr1.uno.dll - OpenOffice.org
             sax.uno.dll - C:\Program Files\OpenOffice.org 3\program\sax.uno.dll - OpenOffice.org
             localebe1.uno.dll - C:\Program Files\OpenOffice.org 3\program\localebe1.uno.dll - OpenOffice.org
             behelper.uno.dll - C:\Program Files\OpenOffice.org 3\program\behelper.uno.dll - OpenOffice.org
             ucb1.dll - C:\Program Files\OpenOffice.org 3\program\ucb1.dll - OpenOffice.org
             fwkmi.dll - C:\Program Files\OpenOffice.org 3\program\fwkmi.dll - OpenOffice.org
             ucpfile1.dll - C:\Program Files\OpenOffice.org 3\program\ucpfile1.dll - OpenOffice.org
             usp10.dll - C:\WINDOWS\system32\usp10.dll - Microsoft Corporation
             SETUPAPI.dll - C:\WINDOWS\system32\SETUPAPI.dll - Microsoft Corporation
             oleautobridge.uno.dll - C:\Program Files\OpenOffice.org 3\program\oleautobridge.uno.dll - OpenOffice.org
             CLBCATQ.DLL - C:\WINDOWS\system32\CLBCATQ.DLL - Microsoft Corporation
             COMRes.dll - C:\WINDOWS\system32\COMRes.dll - Microsoft Corporation
             xpsp2res.dll - C:\WINDOWS\system32\xpsp2res.dll - Microsoft Corporation
             emsermi.dll - C:\Program Files\OpenOffice.org 3\program\emsermi.dll - OpenOffice.org

------------------------------------------------------------------------------------------

      Image File Name[AvastSvc.exe]Modules
             AvastSvc.exe - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe - AVAST Software
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             WS2_32.dll - C:\WINDOWS\system32\WS2_32.dll - Microsoft Corporation
             ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             Secur32.dll - C:\WINDOWS\system32\Secur32.dll - Microsoft Corporation
             msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             WS2HELP.dll - C:\WINDOWS\system32\WS2HELP.dll - Microsoft Corporation
             aswCmnBS.dll - C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll - AVAST Software
             aswCmnOS.dll - C:\Program Files\Alwil Software\Avast5\aswCmnOS.dll - AVAST Software
             aswCmnIS.dll - C:\Program Files\Alwil Software\Avast5\aswCmnIS.dll - AVAST Software
             MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             USER32.dll - C:\WINDOWS\system32\USER32.dll - Microsoft Corporation
             GDI32.dll - C:\WINDOWS\system32\GDI32.dll - Microsoft Corporation
             MSVCP90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCP90.dll - Microsoft Corporation
             ashBase.dll - C:\Program Files\Alwil Software\Avast5\ashBase.dll - AVAST Software
             WSOCK32.dll - C:\WINDOWS\system32\WSOCK32.dll - Microsoft Corporation
             VERSION.dll - C:\WINDOWS\system32\VERSION.dll - Microsoft Corporation
             aswEngLdr.dll - C:\Program Files\Alwil Software\Avast5\aswEngLdr.dll - AVAST Software
             PSAPI.DLL - C:\WINDOWS\system32\PSAPI.DLL - Microsoft Corporation
             SHLWAPI.dll - C:\WINDOWS\system32\SHLWAPI.dll - Microsoft Corporation
             USERENV.dll - C:\WINDOWS\system32\USERENV.dll - Microsoft Corporation
             SHELL32.dll - C:\WINDOWS\system32\SHELL32.dll - Microsoft Corporation
             IMM32.DLL - C:\WINDOWS\system32\IMM32.DLL - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\system32\comctl32.dll - Microsoft Corporation
             dbghelp.dll - C:\WINDOWS\system32\dbghelp.dll - Microsoft Corporation
             Base.dll - C:\Program Files\Alwil Software\Avast5\1029\Base.dll - AVAST Software
             ashServ.dll - C:\Program Files\Alwil Software\Avast5\ashServ.dll - AVAST Software
             aswAux.dll - C:\Program Files\Alwil Software\Avast5\aswAux.dll - AVAST Software
             ashTask.dll - C:\Program Files\Alwil Software\Avast5\ashTask.dll - AVAST Software
             ashTaskEx.dll - C:\Program Files\Alwil Software\Avast5\ashTaskEx.dll - AVAST Software
             aswLog.dll - C:\Program Files\Alwil Software\Avast5\aswLog.dll - AVAST Software
             aswSqLt.dll - C:\Program Files\Alwil Software\Avast5\aswSqLt.dll - AVAST Software
             aswProperty.dll - C:\Program Files\Alwil Software\Avast5\aswProperty.dll - AVAST Software
             ole32.dll - C:\WINDOWS\system32\ole32.dll - Microsoft Corporation
             Aavm4h.dll - C:\Program Files\Alwil Software\Avast5\Aavm4h.dll - AVAST Software
             AavmRpch.dll - C:\Program Files\Alwil Software\Avast5\AavmRpch.dll - AVAST Software
             aswIdle.dll - C:\Program Files\Alwil Software\Avast5\aswIdle.dll - AVAST Software
             aswDld.dll - C:\Program Files\Alwil Software\Avast5\aswDld.dll - AVAST Software
             aswStrm.dll - C:\Program Files\Alwil Software\Avast5\aswStrm.dll - AVAST Software
             uxtheme.dll - C:\WINDOWS\system32\uxtheme.dll - Microsoft Corporation
             Wtsapi32.dll - C:\WINDOWS\system32\Wtsapi32.dll - Microsoft Corporation
             WINSTA.dll - C:\WINDOWS\system32\WINSTA.dll - Microsoft Corporation
             NETAPI32.dll - C:\WINDOWS\system32\NETAPI32.dll - Microsoft Corporation
             FltLib.dll - C:\WINDOWS\system32\FltLib.dll - Microsoft Corporation
             AhResBhv.dll - C:\Program Files\Alwil Software\Avast5\AhResBhv.dll - AVAST Software
             AhResJs.dll - C:\Program Files\Alwil Software\Avast5\AhResJs.dll - AVAST Software
             AhResMai.dll - C:\Program Files\Alwil Software\Avast5\AhResMai.dll - AVAST Software
             AhResMes.dll - C:\Program Files\Alwil Software\Avast5\AhResMes.dll - AVAST Software
             AhResNS.dll - C:\Program Files\Alwil Software\Avast5\AhResNS.dll - AVAST Software
             AhResP2P.dll - C:\Program Files\Alwil Software\Avast5\AhResP2P.dll - AVAST Software
             AhResStd.dll - C:\Program Files\Alwil Software\Avast5\AhResStd.dll - AVAST Software
             AhResWS.dll - C:\Program Files\Alwil Software\Avast5\AhResWS.dll - AVAST Software
             ashMaiSv.dll - C:\Program Files\Alwil Software\Avast5\ashMaiSv.dll - AVAST Software
             rsaenh.dll - C:\WINDOWS\system32\rsaenh.dll - Microsoft Corporation
             CLBCATQ.DLL - C:\WINDOWS\system32\CLBCATQ.DLL - Microsoft Corporation
             COMRes.dll - C:\WINDOWS\system32\COMRes.dll - Microsoft Corporation
             OLEAUT32.dll - C:\WINDOWS\system32\OLEAUT32.dll - Microsoft Corporation
             mswsock.dll - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation
             hnetcfg.dll - C:\WINDOWS\system32\hnetcfg.dll - Microsoft Corporation
             ashWebSv.dll - C:\Program Files\Alwil Software\Avast5\ashWebSv.dll - AVAST Software
             wshtcpip.dll - C:\WINDOWS\System32\wshtcpip.dll - Microsoft Corporation
             xpsp2res.dll - C:\WINDOWS\system32\xpsp2res.dll - Microsoft Corporation
             DNSAPI.dll - C:\WINDOWS\system32\DNSAPI.dll - Microsoft Corporation
             iphlpapi.dll - C:\WINDOWS\system32\iphlpapi.dll - Microsoft Corporation
             winrnr.dll - C:\WINDOWS\System32\winrnr.dll - Microsoft Corporation
             WLDAP32.dll - C:\WINDOWS\system32\WLDAP32.dll - Microsoft Corporation
             rasadhlp.dll - C:\WINDOWS\system32\rasadhlp.dll - Microsoft Corporation
             security.dll - C:\WINDOWS\system32\security.dll - Microsoft Corporation
             ashWsFtr.dll - C:\Program Files\Alwil Software\Avast5\ashWsFtr.dll - AVAST Software
             wininet.dll - C:\WINDOWS\system32\wininet.dll - Microsoft Corporation
             Normaliz.dll - C:\WINDOWS\system32\Normaliz.dll - Microsoft Corporation
             urlmon.dll - C:\WINDOWS\system32\urlmon.dll - Microsoft Corporation
             iertutil.dll - C:\WINDOWS\system32\iertutil.dll - Microsoft Corporation
             aswEngin.dll - C:\Program Files\Alwil Software\Avast5\defs\12051101\aswEngin.dll - AVAST Software
             aswCmnOS.dll - C:\Program Files\Alwil Software\Avast5\defs\12051101\aswCmnOS.dll - AVAST Software
             aswCmnIS.dll - C:\Program Files\Alwil Software\Avast5\defs\12051101\aswCmnIS.dll - AVAST Software
             aswCmnBS.dll - C:\Program Files\Alwil Software\Avast5\defs\12051101\aswCmnBS.dll - AVAST Software
             aswScan.dll - C:\Program Files\Alwil Software\Avast5\defs\12051101\aswScan.dll - AVAST Software
             aswRep.dll - C:\Program Files\Alwil Software\Avast5\defs\12051101\aswRep.dll - AVAST Software
             aswFiDb.dll - C:\Program Files\Alwil Software\Avast5\defs\12051101\aswFiDb.dll - AVAST Software
             algo.dll - C:\Program Files\Alwil Software\Avast5\defs\12051101\algo.dll - 
             arPot.dll - C:\Program Files\Alwil Software\Avast5\defs\12051101\arPot.dll - AVAST Software
             NTMARTA.DLL - C:\WINDOWS\system32\NTMARTA.DLL - Microsoft Corporation
             SAMLIB.dll - C:\WINDOWS\system32\SAMLIB.dll - Microsoft Corporation
             Apphelp.dll - C:\WINDOWS\system32\Apphelp.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[rundll32.exe]Modules
             RunDll32.exe - C:\WINDOWS\system32\RunDll32.exe - Microsoft Corporation
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             snxhk.dll - C:\Program Files\Alwil Software\Avast5\snxhk.dll - AVAST Software
             msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             GDI32.dll - C:\WINDOWS\system32\GDI32.dll - Microsoft Corporation
             USER32.dll - C:\WINDOWS\system32\USER32.dll - Microsoft Corporation
             IMAGEHLP.dll - C:\WINDOWS\system32\IMAGEHLP.dll - Microsoft Corporation
             ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             Secur32.dll - C:\WINDOWS\system32\Secur32.dll - Microsoft Corporation
             ShimEng.dll - C:\WINDOWS\system32\ShimEng.dll - Microsoft Corporation
             AcGenral.DLL - C:\WINDOWS\AppPatch\AcGenral.DLL - Microsoft Corporation
             WINMM.dll - C:\WINDOWS\system32\WINMM.dll - Microsoft Corporation
             ole32.dll - C:\WINDOWS\system32\ole32.dll - Microsoft Corporation
             OLEAUT32.dll - C:\WINDOWS\system32\OLEAUT32.dll - Microsoft Corporation
             MSACM32.dll - C:\WINDOWS\system32\MSACM32.dll - Microsoft Corporation
             VERSION.dll - C:\WINDOWS\system32\VERSION.dll - Microsoft Corporation
             SHELL32.dll - C:\WINDOWS\system32\SHELL32.dll - Microsoft Corporation
             SHLWAPI.dll - C:\WINDOWS\system32\SHLWAPI.dll - Microsoft Corporation
             USERENV.dll - C:\WINDOWS\system32\USERENV.dll - Microsoft Corporation
             UxTheme.dll - C:\WINDOWS\system32\UxTheme.dll - Microsoft Corporation
             IMM32.DLL - C:\WINDOWS\system32\IMM32.DLL - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\system32\comctl32.dll - Microsoft Corporation
             CMICNFG3.cpl - C:\WINDOWS\system\CMICNFG3.cpl - C-Media Corporation
             SETUPAPI.dll - C:\WINDOWS\system32\SETUPAPI.dll - Microsoft Corporation
             comdlg32.dll - C:\WINDOWS\system32\comdlg32.dll - Microsoft Corporation
             WINSPOOL.DRV - C:\WINDOWS\system32\WINSPOOL.DRV - Microsoft Corporation
             gdiplus.dll - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\gdiplus.dll - Microsoft Corporation
             msctfime.ime - C:\WINDOWS\system32\msctfime.ime - Microsoft Corporation
             WINTRUST.dll - C:\WINDOWS\system32\WINTRUST.dll - Microsoft Corporation
             CRYPT32.dll - C:\WINDOWS\system32\CRYPT32.dll - Microsoft Corporation
             MSASN1.dll - C:\WINDOWS\system32\MSASN1.dll - Microsoft Corporation
             dsound.dll - C:\WINDOWS\system32\dsound.dll - Microsoft Corporation
             wdmaud.drv - C:\WINDOWS\system32\wdmaud.drv - Microsoft Corporation
             msacm32.drv - C:\WINDOWS\system32\msacm32.drv - Microsoft Corporation
             midimap.dll - C:\WINDOWS\system32\midimap.dll - Microsoft Corporation
             KsUser.dll - C:\WINDOWS\system32\KsUser.dll - Microsoft Corporation
             MSCTF.dll - C:\WINDOWS\system32\MSCTF.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[Updater.exe]Modules
             Updater.exe - C:\Program Files\Ask.com\Updater\Updater.exe - Ask
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             snxhk.dll - C:\Program Files\Alwil Software\Avast5\snxhk.dll - AVAST Software
             USER32.dll - C:\WINDOWS\system32\USER32.dll - Microsoft Corporation
             GDI32.dll - C:\WINDOWS\system32\GDI32.dll - Microsoft Corporation
             ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             Secur32.dll - C:\WINDOWS\system32\Secur32.dll - Microsoft Corporation
             SHELL32.dll - C:\WINDOWS\system32\SHELL32.dll - Microsoft Corporation
             msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             SHLWAPI.dll - C:\WINDOWS\system32\SHLWAPI.dll - Microsoft Corporation
             ole32.dll - C:\WINDOWS\system32\ole32.dll - Microsoft Corporation
             OLEAUT32.dll - C:\WINDOWS\system32\OLEAUT32.dll - Microsoft Corporation
             WININET.dll - C:\WINDOWS\system32\WININET.dll - Microsoft Corporation
             Normaliz.dll - C:\WINDOWS\system32\Normaliz.dll - Microsoft Corporation
             urlmon.dll - C:\WINDOWS\system32\urlmon.dll - Microsoft Corporation
             iertutil.dll - C:\WINDOWS\system32\iertutil.dll - Microsoft Corporation
             VERSION.dll - C:\WINDOWS\system32\VERSION.dll - Microsoft Corporation
             gdiplus.dll - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\gdiplus.dll - Microsoft Corporation
             MSIMG32.dll - C:\WINDOWS\system32\MSIMG32.dll - Microsoft Corporation
             PSAPI.DLL - C:\WINDOWS\system32\PSAPI.DLL - Microsoft Corporation
             CRYPT32.dll - C:\WINDOWS\system32\CRYPT32.dll - Microsoft Corporation
             MSASN1.dll - C:\WINDOWS\system32\MSASN1.dll - Microsoft Corporation
             COMCTL32.dll - C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\COMCTL32.dll - Microsoft Corporation
             OLEACC.dll - C:\WINDOWS\system32\OLEACC.dll - Microsoft Corporation
             IMM32.DLL - C:\WINDOWS\system32\IMM32.DLL - Microsoft Corporation
             uxtheme.dll - C:\WINDOWS\system32\uxtheme.dll - Microsoft Corporation
             CLBCATQ.DLL - C:\WINDOWS\system32\CLBCATQ.DLL - Microsoft Corporation
             COMRes.dll - C:\WINDOWS\system32\COMRes.dll - Microsoft Corporation
             msxml3.dll - C:\WINDOWS\system32\msxml3.dll - Microsoft Corporation
             msctfime.ime - C:\WINDOWS\system32\msctfime.ime - Microsoft Corporation
             MSCTF.dll - C:\WINDOWS\system32\MSCTF.dll - Microsoft Corporation
             ws2_32.dll - C:\WINDOWS\system32\ws2_32.dll - Microsoft Corporation
             WS2HELP.dll - C:\WINDOWS\system32\WS2HELP.dll - Microsoft Corporation
             RASAPI32.dll - C:\WINDOWS\system32\RASAPI32.dll - Microsoft Corporation
             rasman.dll - C:\WINDOWS\system32\rasman.dll - Microsoft Corporation
             NETAPI32.dll - C:\WINDOWS\system32\NETAPI32.dll - Microsoft Corporation
             TAPI32.dll - C:\WINDOWS\system32\TAPI32.dll - Microsoft Corporation
             rtutils.dll - C:\WINDOWS\system32\rtutils.dll - Microsoft Corporation
             WINMM.dll - C:\WINDOWS\system32\WINMM.dll - Microsoft Corporation
             USERENV.dll - C:\WINDOWS\system32\USERENV.dll - Microsoft Corporation
             mswsock.dll - C:\WINDOWS\System32\mswsock.dll - Microsoft Corporation
             rasadhlp.dll - C:\WINDOWS\system32\rasadhlp.dll - Microsoft Corporation
             sensapi.dll - C:\WINDOWS\system32\sensapi.dll - Microsoft Corporation
             DNSAPI.dll - C:\WINDOWS\system32\DNSAPI.dll - Microsoft Corporation
             iphlpapi.dll - C:\WINDOWS\system32\iphlpapi.dll - Microsoft Corporation
             msv1_0.dll - C:\WINDOWS\system32\msv1_0.dll - Microsoft Corporation
             cryptdll.dll - C:\WINDOWS\system32\cryptdll.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[SpywareTerminatorShield.Exe]Modules
             SpywareTerminatorShield.exe - C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe - Crawler.com
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             snxhk.dll - C:\Program Files\Alwil Software\Avast5\snxhk.dll - AVAST Software
             oleaut32.dll - C:\WINDOWS\system32\oleaut32.dll - Microsoft Corporation
             ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             Secur32.dll - C:\WINDOWS\system32\Secur32.dll - Microsoft Corporation
             GDI32.dll - C:\WINDOWS\system32\GDI32.dll - Microsoft Corporation
             USER32.dll - C:\WINDOWS\system32\USER32.dll - Microsoft Corporation
             msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             ole32.dll - C:\WINDOWS\system32\ole32.dll - Microsoft Corporation
             version.dll - C:\WINDOWS\system32\version.dll - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - Microsoft Corporation
             SHLWAPI.dll - C:\WINDOWS\system32\SHLWAPI.dll - Microsoft Corporation
             shell32.dll - C:\WINDOWS\system32\shell32.dll - Microsoft Corporation
             winspool.drv - C:\WINDOWS\system32\winspool.drv - Microsoft Corporation
             SHFolder.dll - C:\WINDOWS\system32\SHFolder.dll - Microsoft Corporation
             IMM32.DLL - C:\WINDOWS\system32\IMM32.DLL - Microsoft Corporation
             uxtheme.dll - C:\WINDOWS\system32\uxtheme.dll - Microsoft Corporation
             MSCTF.dll - C:\WINDOWS\system32\MSCTF.dll - Microsoft Corporation
             msctfime.ime - C:\WINDOWS\system32\msctfime.ime - Microsoft Corporation
             olepro32.dll - C:\WINDOWS\system32\olepro32.dll - Microsoft Corporation
             NTMARTA.DLL - C:\WINDOWS\system32\NTMARTA.DLL - Microsoft Corporation
             SAMLIB.dll - C:\WINDOWS\system32\SAMLIB.dll - Microsoft Corporation
             WLDAP32.dll - C:\WINDOWS\system32\WLDAP32.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[svchost.exe]Modules
             svchost.exe - C:\WINDOWS\system32\svchost.exe - Microsoft Corporation
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             snxhk.dll - C:\Program Files\Alwil Software\Avast5\snxhk.dll - AVAST Software
             ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             Secur32.dll - C:\WINDOWS\system32\Secur32.dll - Microsoft Corporation
             ShimEng.dll - C:\WINDOWS\system32\ShimEng.dll - Microsoft Corporation
             AcGenral.DLL - C:\WINDOWS\AppPatch\AcGenral.DLL - Microsoft Corporation
             USER32.dll - C:\WINDOWS\system32\USER32.dll - Microsoft Corporation
             GDI32.dll - C:\WINDOWS\system32\GDI32.dll - Microsoft Corporation
             WINMM.dll - C:\WINDOWS\system32\WINMM.dll - Microsoft Corporation
             ole32.dll - C:\WINDOWS\system32\ole32.dll - Microsoft Corporation
             msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             OLEAUT32.dll - C:\WINDOWS\system32\OLEAUT32.dll - Microsoft Corporation
             MSACM32.dll - C:\WINDOWS\system32\MSACM32.dll - Microsoft Corporation
             VERSION.dll - C:\WINDOWS\system32\VERSION.dll - Microsoft Corporation
             SHELL32.dll - C:\WINDOWS\system32\SHELL32.dll - Microsoft Corporation
             SHLWAPI.dll - C:\WINDOWS\system32\SHLWAPI.dll - Microsoft Corporation
             USERENV.dll - C:\WINDOWS\system32\USERENV.dll - Microsoft Corporation
             UxTheme.dll - C:\WINDOWS\system32\UxTheme.dll - Microsoft Corporation
             IMM32.DLL - C:\WINDOWS\system32\IMM32.DLL - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\system32\comctl32.dll - Microsoft Corporation
             rpcss.dll - c:\windows\system32\rpcss.dll - Microsoft Corporation
             WS2_32.dll - c:\windows\system32\WS2_32.dll - Microsoft Corporation
             WS2HELP.dll - c:\windows\system32\WS2HELP.dll - Microsoft Corporation
             xpsp2res.dll - C:\WINDOWS\system32\xpsp2res.dll - Microsoft Corporation
             rsaenh.dll - C:\WINDOWS\system32\rsaenh.dll - Microsoft Corporation
             mswsock.dll - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation
             hnetcfg.dll - C:\WINDOWS\system32\hnetcfg.dll - Microsoft Corporation
             wshtcpip.dll - C:\WINDOWS\System32\wshtcpip.dll - Microsoft Corporation
             DNSAPI.dll - C:\WINDOWS\system32\DNSAPI.dll - Microsoft Corporation
             iphlpapi.dll - C:\WINDOWS\system32\iphlpapi.dll - Microsoft Corporation
             winrnr.dll - C:\WINDOWS\System32\winrnr.dll - Microsoft Corporation
             WLDAP32.dll - C:\WINDOWS\system32\WLDAP32.dll - Microsoft Corporation
             rasadhlp.dll - C:\WINDOWS\system32\rasadhlp.dll - Microsoft Corporation
             CLBCATQ.DLL - C:\WINDOWS\system32\CLBCATQ.DLL - Microsoft Corporation
             COMRes.dll - C:\WINDOWS\system32\COMRes.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[services.exe]Modules
             services.exe - C:\WINDOWS\system32\services.exe - Microsoft Corporation
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             snxhk.dll - C:\Program Files\Alwil Software\Avast5\snxhk.dll - AVAST Software
             ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             Secur32.dll - C:\WINDOWS\system32\Secur32.dll - Microsoft Corporation
             msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             NCObjAPI.DLL - C:\WINDOWS\system32\NCObjAPI.DLL - Microsoft Corporation
             MSVCP60.dll - C:\WINDOWS\system32\MSVCP60.dll - Microsoft Corporation
             SCESRV.dll - C:\WINDOWS\system32\SCESRV.dll - Microsoft Corporation
             AUTHZ.dll - C:\WINDOWS\system32\AUTHZ.dll - Microsoft Corporation
             USER32.dll - C:\WINDOWS\system32\USER32.dll - Microsoft Corporation
             GDI32.dll - C:\WINDOWS\system32\GDI32.dll - Microsoft Corporation
             USERENV.dll - C:\WINDOWS\system32\USERENV.dll - Microsoft Corporation
             umpnpmgr.dll - C:\WINDOWS\system32\umpnpmgr.dll - Microsoft Corporation
             WINSTA.dll - C:\WINDOWS\system32\WINSTA.dll - Microsoft Corporation
             NETAPI32.dll - C:\WINDOWS\system32\NETAPI32.dll - Microsoft Corporation
             ShimEng.dll - C:\WINDOWS\system32\ShimEng.dll - Microsoft Corporation
             AcAdProc.dll - C:\WINDOWS\AppPatch\AcAdProc.dll - Microsoft Corporation
             IMM32.DLL - C:\WINDOWS\system32\IMM32.DLL - Microsoft Corporation
             Apphelp.dll - C:\WINDOWS\system32\Apphelp.dll - Microsoft Corporation
             VERSION.dll - C:\WINDOWS\system32\VERSION.dll - Microsoft Corporation
             eventlog.dll - C:\WINDOWS\system32\eventlog.dll - Microsoft Corporation
             PSAPI.DLL - C:\WINDOWS\system32\PSAPI.DLL - Microsoft Corporation
             WS2_32.dll - C:\WINDOWS\system32\WS2_32.dll - Microsoft Corporation
             WS2HELP.dll - C:\WINDOWS\system32\WS2HELP.dll - Microsoft Corporation
             wtsapi32.dll - C:\WINDOWS\system32\wtsapi32.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[SpywareTerminatorUpdate.exe]Modules
             SpywareTerminatorUpdate.exe - C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe - Crawler.com
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             snxhk.dll - C:\Program Files\Alwil Software\Avast5\snxhk.dll - AVAST Software
             oleaut32.dll - C:\WINDOWS\system32\oleaut32.dll - Microsoft Corporation
             ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             Secur32.dll - C:\WINDOWS\system32\Secur32.dll - Microsoft Corporation
             GDI32.dll - C:\WINDOWS\system32\GDI32.dll - Microsoft Corporation
             USER32.dll - C:\WINDOWS\system32\USER32.dll - Microsoft Corporation
             msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             ole32.dll - C:\WINDOWS\system32\ole32.dll - Microsoft Corporation
             version.dll - C:\WINDOWS\system32\version.dll - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - Microsoft Corporation
             SHLWAPI.dll - C:\WINDOWS\system32\SHLWAPI.dll - Microsoft Corporation
             wininet.dll - C:\WINDOWS\system32\wininet.dll - Microsoft Corporation
             Normaliz.dll - C:\WINDOWS\system32\Normaliz.dll - Microsoft Corporation
             urlmon.dll - C:\WINDOWS\system32\urlmon.dll - Microsoft Corporation
             iertutil.dll - C:\WINDOWS\system32\iertutil.dll - Microsoft Corporation
             shell32.dll - C:\WINDOWS\system32\shell32.dll - Microsoft Corporation
             winmm.dll - C:\WINDOWS\system32\winmm.dll - Microsoft Corporation
             SHFolder.dll - C:\WINDOWS\system32\SHFolder.dll - Microsoft Corporation
             oleacc.dll - C:\WINDOWS\system32\oleacc.dll - Microsoft Corporation
             IMM32.DLL - C:\WINDOWS\system32\IMM32.DLL - Microsoft Corporation
             uxtheme.dll - C:\WINDOWS\system32\uxtheme.dll - Microsoft Corporation
             MSCTF.dll - C:\WINDOWS\system32\MSCTF.dll - Microsoft Corporation
             msctfime.ime - C:\WINDOWS\system32\msctfime.ime - Microsoft Corporation
             SETUPAPI.dll - C:\WINDOWS\system32\SETUPAPI.dll - Microsoft Corporation
             olepro32.dll - C:\WINDOWS\system32\olepro32.dll - Microsoft Corporation
             NTMARTA.DLL - C:\WINDOWS\system32\NTMARTA.DLL - Microsoft Corporation
             SAMLIB.dll - C:\WINDOWS\system32\SAMLIB.dll - Microsoft Corporation
             WLDAP32.dll - C:\WINDOWS\system32\WLDAP32.dll - Microsoft Corporation
             TorentDll.dll - C:\Program Files\Spyware Terminator\TorentDll.dll - 
             WS2_32.dll - C:\WINDOWS\system32\WS2_32.dll - Microsoft Corporation
             WS2HELP.dll - C:\WINDOWS\system32\WS2HELP.dll - Microsoft Corporation
             MSWSOCK.dll - C:\WINDOWS\system32\MSWSOCK.dll - Microsoft Corporation
             hnetcfg.dll - C:\WINDOWS\system32\hnetcfg.dll - Microsoft Corporation
             wshtcpip.dll - C:\WINDOWS\System32\wshtcpip.dll - Microsoft Corporation
             RASAPI32.dll - C:\WINDOWS\system32\RASAPI32.dll - Microsoft Corporation
             rasman.dll - C:\WINDOWS\system32\rasman.dll - Microsoft Corporation
             NETAPI32.dll - C:\WINDOWS\system32\NETAPI32.dll - Microsoft Corporation
             TAPI32.dll - C:\WINDOWS\system32\TAPI32.dll - Microsoft Corporation
             rtutils.dll - C:\WINDOWS\system32\rtutils.dll - Microsoft Corporation
             USERENV.dll - C:\WINDOWS\system32\USERENV.dll - Microsoft Corporation
             DNSAPI.dll - C:\WINDOWS\system32\DNSAPI.dll - Microsoft Corporation
             iphlpapi.dll - C:\WINDOWS\system32\iphlpapi.dll - Microsoft Corporation
             rasadhlp.dll - C:\WINDOWS\system32\rasadhlp.dll - Microsoft Corporation
             sensapi.dll - C:\WINDOWS\system32\sensapi.dll - Microsoft Corporation
             msv1_0.dll - C:\WINDOWS\system32\msv1_0.dll - Microsoft Corporation
             cryptdll.dll - C:\WINDOWS\system32\cryptdll.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[wuauclt.exe]Modules
             wuauclt.exe - C:\WINDOWS\system32\wuauclt.exe - Microsoft Corporation
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             snxhk.dll - C:\Program Files\Alwil Software\Avast5\snxhk.dll - AVAST Software
             msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             ole32.dll - C:\WINDOWS\system32\ole32.dll - Microsoft Corporation
             ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             Secur32.dll - C:\WINDOWS\system32\Secur32.dll - Microsoft Corporation
             GDI32.dll - C:\WINDOWS\system32\GDI32.dll - Microsoft Corporation
             USER32.dll - C:\WINDOWS\system32\USER32.dll - Microsoft Corporation
             OLEAUT32.dll - C:\WINDOWS\system32\OLEAUT32.dll - Microsoft Corporation
             SHLWAPI.dll - C:\WINDOWS\system32\SHLWAPI.dll - Microsoft Corporation
             ShimEng.dll - C:\WINDOWS\system32\ShimEng.dll - Microsoft Corporation
             AcGenral.DLL - C:\WINDOWS\AppPatch\AcGenral.DLL - Microsoft Corporation
             WINMM.dll - C:\WINDOWS\system32\WINMM.dll - Microsoft Corporation
             MSACM32.dll - C:\WINDOWS\system32\MSACM32.dll - Microsoft Corporation
             VERSION.dll - C:\WINDOWS\system32\VERSION.dll - Microsoft Corporation
             SHELL32.dll - C:\WINDOWS\system32\SHELL32.dll - Microsoft Corporation
             USERENV.dll - C:\WINDOWS\system32\USERENV.dll - Microsoft Corporation
             UxTheme.dll - C:\WINDOWS\system32\UxTheme.dll - Microsoft Corporation
             IMM32.DLL - C:\WINDOWS\system32\IMM32.DLL - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - Microsoft Corporation
             wucltui.dll - C:\WINDOWS\system32\wucltui.dll - Microsoft Corporation
             MSIMG32.dll - C:\WINDOWS\system32\MSIMG32.dll - Microsoft Corporation
             Cabinet.dll - C:\WINDOWS\system32\Cabinet.dll - Microsoft Corporation
             CRYPT32.dll - C:\WINDOWS\system32\CRYPT32.dll - Microsoft Corporation
             MSASN1.dll - C:\WINDOWS\system32\MSASN1.dll - Microsoft Corporation
             WINTRUST.dll - C:\WINDOWS\system32\WINTRUST.dll - Microsoft Corporation
             IMAGEHLP.dll - C:\WINDOWS\system32\IMAGEHLP.dll - Microsoft Corporation
             MSCTF.dll - C:\WINDOWS\system32\MSCTF.dll - Microsoft Corporation
             CLBCATQ.DLL - C:\WINDOWS\system32\CLBCATQ.DLL - Microsoft Corporation
             COMRes.dll - C:\WINDOWS\system32\COMRes.dll - Microsoft Corporation
             xpsp2res.dll - C:\WINDOWS\system32\xpsp2res.dll - Microsoft Corporation
             wups2.dll - C:\WINDOWS\system32\wups2.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[svchost.exe]Modules
             svchost.exe - C:\WINDOWS\system32\svchost.exe - Microsoft Corporation
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             snxhk.dll - C:\Program Files\Alwil Software\Avast5\snxhk.dll - AVAST Software
             ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             Secur32.dll - C:\WINDOWS\system32\Secur32.dll - Microsoft Corporation
             ShimEng.dll - C:\WINDOWS\system32\ShimEng.dll - Microsoft Corporation
             AcGenral.DLL - C:\WINDOWS\AppPatch\AcGenral.DLL - Microsoft Corporation
             USER32.dll - C:\WINDOWS\system32\USER32.dll - Microsoft Corporation
             GDI32.dll - C:\WINDOWS\system32\GDI32.dll - Microsoft Corporation
             WINMM.dll - C:\WINDOWS\system32\WINMM.dll - Microsoft Corporation
             ole32.dll - C:\WINDOWS\system32\ole32.dll - Microsoft Corporation
             msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             OLEAUT32.dll - C:\WINDOWS\system32\OLEAUT32.dll - Microsoft Corporation
             MSACM32.dll - C:\WINDOWS\system32\MSACM32.dll - Microsoft Corporation
             VERSION.dll - C:\WINDOWS\system32\VERSION.dll - Microsoft Corporation
             SHELL32.dll - C:\WINDOWS\system32\SHELL32.dll - Microsoft Corporation
             SHLWAPI.dll - C:\WINDOWS\system32\SHLWAPI.dll - Microsoft Corporation
             USERENV.dll - C:\WINDOWS\system32\USERENV.dll - Microsoft Corporation
             UxTheme.dll - C:\WINDOWS\system32\UxTheme.dll - Microsoft Corporation
             IMM32.DLL - C:\WINDOWS\system32\IMM32.DLL - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\system32\comctl32.dll - Microsoft Corporation
             NTMARTA.DLL - C:\WINDOWS\system32\NTMARTA.DLL - Microsoft Corporation
             SAMLIB.dll - C:\WINDOWS\system32\SAMLIB.dll - Microsoft Corporation
             WLDAP32.dll - C:\WINDOWS\system32\WLDAP32.dll - Microsoft Corporation
             xpsp2res.dll - C:\WINDOWS\system32\xpsp2res.dll - Microsoft Corporation
             webclnt.dll - c:\windows\system32\webclnt.dll - Microsoft Corporation
             WININET.dll - C:\WINDOWS\system32\WININET.dll - Microsoft Corporation
             Normaliz.dll - C:\WINDOWS\system32\Normaliz.dll - Microsoft Corporation
             urlmon.dll - C:\WINDOWS\system32\urlmon.dll - Microsoft Corporation
             iertutil.dll - C:\WINDOWS\system32\iertutil.dll - Microsoft Corporation
             WS2_32.dll - c:\windows\system32\WS2_32.dll - Microsoft Corporation
             WS2HELP.dll - c:\windows\system32\WS2HELP.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[sp_rsser.exe]Modules
             sp_rsser.exe - C:\Program Files\Spyware Terminator\sp_rsser.exe - Crawler.com
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             snxhk.dll - C:\Program Files\Alwil Software\Avast5\snxhk.dll - AVAST Software
             oleaut32.dll - C:\WINDOWS\system32\oleaut32.dll - Microsoft Corporation
             ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             Secur32.dll - C:\WINDOWS\system32\Secur32.dll - Microsoft Corporation
             GDI32.dll - C:\WINDOWS\system32\GDI32.dll - Microsoft Corporation
             USER32.dll - C:\WINDOWS\system32\USER32.dll - Microsoft Corporation
             msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             ole32.dll - C:\WINDOWS\system32\ole32.dll - Microsoft Corporation
             shell32.dll - C:\WINDOWS\system32\shell32.dll - Microsoft Corporation
             SHLWAPI.dll - C:\WINDOWS\system32\SHLWAPI.dll - Microsoft Corporation
             SHFolder.dll - C:\WINDOWS\system32\SHFolder.dll - Microsoft Corporation
             IMM32.DLL - C:\WINDOWS\system32\IMM32.DLL - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\system32\comctl32.dll - Microsoft Corporation
             uxtheme.dll - C:\WINDOWS\system32\uxtheme.dll - Microsoft Corporation
             version.dll - C:\WINDOWS\system32\version.dll - Microsoft Corporation
             NTMARTA.DLL - C:\WINDOWS\system32\NTMARTA.DLL - Microsoft Corporation
             SAMLIB.dll - C:\WINDOWS\system32\SAMLIB.dll - Microsoft Corporation
             WLDAP32.dll - C:\WINDOWS\system32\WLDAP32.dll - Microsoft Corporation
             psapi.dll - C:\WINDOWS\system32\psapi.dll - Microsoft Corporation
             SETUPAPI.dll - C:\WINDOWS\system32\SETUPAPI.dll - Microsoft Corporation
             appHelp.dll - C:\WINDOWS\system32\appHelp.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[svchost.exe]Modules
             svchost.exe - C:\WINDOWS\System32\svchost.exe - Microsoft Corporation
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             snxhk.dll - C:\Program Files\Alwil Software\Avast5\snxhk.dll - AVAST Software
             ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             Secur32.dll - C:\WINDOWS\system32\Secur32.dll - Microsoft Corporation
             ShimEng.dll - C:\WINDOWS\System32\ShimEng.dll - Microsoft Corporation
             AcGenral.DLL - C:\WINDOWS\AppPatch\AcGenral.DLL - Microsoft Corporation
             USER32.dll - C:\WINDOWS\system32\USER32.dll - Microsoft Corporation
             GDI32.dll - C:\WINDOWS\system32\GDI32.dll - Microsoft Corporation
             WINMM.dll - C:\WINDOWS\System32\WINMM.dll - Microsoft Corporation
             ole32.dll - C:\WINDOWS\system32\ole32.dll - Microsoft Corporation
             msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             OLEAUT32.dll - C:\WINDOWS\system32\OLEAUT32.dll - Microsoft Corporation
             MSACM32.dll - C:\WINDOWS\System32\MSACM32.dll - Microsoft Corporation
             VERSION.dll - C:\WINDOWS\system32\VERSION.dll - Microsoft Corporation
             SHELL32.dll - C:\WINDOWS\system32\SHELL32.dll - Microsoft Corporation
             SHLWAPI.dll - C:\WINDOWS\system32\SHLWAPI.dll - Microsoft Corporation
             USERENV.dll - C:\WINDOWS\system32\USERENV.dll - Microsoft Corporation
             UxTheme.dll - C:\WINDOWS\System32\UxTheme.dll - Microsoft Corporation
             IMM32.DLL - C:\WINDOWS\system32\IMM32.DLL - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\system32\comctl32.dll - Microsoft Corporation
             NTMARTA.DLL - C:\WINDOWS\System32\NTMARTA.DLL - Microsoft Corporation
             SAMLIB.dll - C:\WINDOWS\System32\SAMLIB.dll - Microsoft Corporation
             WLDAP32.dll - C:\WINDOWS\system32\WLDAP32.dll - Microsoft Corporation
             xpsp2res.dll - C:\WINDOWS\System32\xpsp2res.dll - Microsoft Corporation
             shsvcs.dll - c:\windows\system32\shsvcs.dll - Microsoft Corporation
             WINSTA.dll - C:\WINDOWS\System32\WINSTA.dll - Microsoft Corporation
             NETAPI32.dll - C:\WINDOWS\System32\NETAPI32.dll - Microsoft Corporation
             dhcpcsvc.dll - c:\windows\system32\dhcpcsvc.dll - Microsoft Corporation
             DNSAPI.dll - c:\windows\system32\DNSAPI.dll - Microsoft Corporation
             WS2_32.dll - c:\windows\system32\WS2_32.dll - Microsoft Corporation
             WS2HELP.dll - c:\windows\system32\WS2HELP.dll - Microsoft Corporation
             iphlpapi.dll - c:\windows\system32\iphlpapi.dll - Microsoft Corporation
             rsaenh.dll - C:\WINDOWS\System32\rsaenh.dll - Microsoft Corporation
             mswsock.dll - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation
             hnetcfg.dll - C:\WINDOWS\System32\hnetcfg.dll - Microsoft Corporation
             wshtcpip.dll - C:\WINDOWS\System32\wshtcpip.dll - Microsoft Corporation
             wzcsvc.dll - c:\windows\system32\wzcsvc.dll - Microsoft Corporation
             rtutils.dll - c:\windows\system32\rtutils.dll - Microsoft Corporation
             WMI.dll - c:\windows\system32\WMI.dll - Microsoft Corporation
             CRYPT32.dll - c:\windows\system32\CRYPT32.dll - Microsoft Corporation
             MSASN1.dll - c:\windows\system32\MSASN1.dll - Microsoft Corporation
             EapolQec.dll - c:\windows\system32\EapolQec.dll - Microsoft Corporation
             ATL.DLL - c:\windows\system32\ATL.DLL - Microsoft Corporation
             QUtil.dll - c:\windows\system32\QUtil.dll - Microsoft Corporation
             MSVCP60.dll - c:\windows\system32\MSVCP60.dll - Microsoft Corporation
             dot3api.dll - c:\windows\system32\dot3api.dll - Microsoft Corporation
             WTSAPI32.dll - c:\windows\system32\WTSAPI32.dll - Microsoft Corporation
             ESENT.dll - c:\windows\system32\ESENT.dll - Microsoft Corporation
             SETUPAPI.DLL - C:\WINDOWS\System32\SETUPAPI.DLL - Microsoft Corporation
             CLBCATQ.DLL - C:\WINDOWS\System32\CLBCATQ.DLL - Microsoft Corporation
             COMRes.dll - C:\WINDOWS\System32\COMRes.dll - Microsoft Corporation
             rastls.dll - C:\WINDOWS\System32\rastls.dll - Microsoft Corporation
             CRYPTUI.dll - C:\WINDOWS\System32\CRYPTUI.dll - Microsoft Corporation
             WININET.dll - C:\WINDOWS\system32\WININET.dll - Microsoft Corporation
             Normaliz.dll - C:\WINDOWS\system32\Normaliz.dll - Microsoft Corporation
             urlmon.dll - C:\WINDOWS\system32\urlmon.dll - Microsoft Corporation
             iertutil.dll - C:\WINDOWS\system32\iertutil.dll - Microsoft Corporation
             WINTRUST.dll - C:\WINDOWS\System32\WINTRUST.dll - Microsoft Corporation
             IMAGEHLP.dll - C:\WINDOWS\system32\IMAGEHLP.dll - Microsoft Corporation
             MPRAPI.dll - C:\WINDOWS\System32\MPRAPI.dll - Microsoft Corporation
             ACTIVEDS.dll - C:\WINDOWS\System32\ACTIVEDS.dll - Microsoft Corporation
             adsldpc.dll - C:\WINDOWS\System32\adsldpc.dll - Microsoft Corporation
             RASAPI32.dll - C:\WINDOWS\System32\RASAPI32.dll - Microsoft Corporation
             rasman.dll - C:\WINDOWS\System32\rasman.dll - Microsoft Corporation
             TAPI32.dll - C:\WINDOWS\System32\TAPI32.dll - Microsoft Corporation
             SCHANNEL.dll - C:\WINDOWS\System32\SCHANNEL.dll - Microsoft Corporation
             WinSCard.dll - C:\WINDOWS\System32\WinSCard.dll - Microsoft Corporation
             PSAPI.DLL - C:\WINDOWS\System32\PSAPI.DLL - Microsoft Corporation
             raschap.dll - C:\WINDOWS\System32\raschap.dll - Microsoft Corporation
             msv1_0.dll - C:\WINDOWS\system32\msv1_0.dll - Microsoft Corporation
             cryptdll.dll - C:\WINDOWS\System32\cryptdll.dll - Microsoft Corporation
             schedsvc.dll - c:\windows\system32\schedsvc.dll - Microsoft Corporation
             NTDSAPI.dll - c:\windows\system32\NTDSAPI.dll - Microsoft Corporation
             MSIDLE.DLL - C:\WINDOWS\System32\MSIDLE.DLL - Microsoft Corporation
             audiosrv.dll - c:\windows\system32\audiosrv.dll - Microsoft Corporation
             wkssvc.dll - c:\windows\system32\wkssvc.dll - Microsoft Corporation
             cryptsvc.dll - c:\windows\system32\cryptsvc.dll - Microsoft Corporation
             certcli.dll - c:\windows\system32\certcli.dll - Microsoft Corporation
             es.dll - c:\windows\system32\es.dll - Microsoft Corporation
             ersvc.dll - c:\windows\system32\ersvc.dll - Microsoft Corporation
             dmserver.dll - c:\windows\system32\dmserver.dll - Microsoft Corp.
             netman.dll - c:\windows\system32\netman.dll - Microsoft Corporation
             netshell.dll - c:\windows\system32\netshell.dll - Microsoft Corporation
             credui.dll - c:\windows\system32\credui.dll - Microsoft Corporation
             dot3dlg.dll - c:\windows\system32\dot3dlg.dll - Microsoft Corporation
             OneX.DLL - c:\windows\system32\OneX.DLL - Microsoft Corporation
             eappcfg.dll - c:\windows\system32\eappcfg.dll - Microsoft Corporation
             eappprxy.dll - c:\windows\system32\eappprxy.dll - Microsoft Corporation
             WZCSAPI.DLL - c:\windows\system32\WZCSAPI.DLL - Microsoft Corporation
             srvsvc.dll - c:\windows\system32\srvsvc.dll - Microsoft Corporation
             pchsvc.dll - c:\windows\pchealth\helpctr\binaries\pchsvc.dll - Microsoft Corporation
             seclogon.dll - c:\windows\system32\seclogon.dll - Microsoft Corporation
             srsvc.dll - c:\windows\system32\srsvc.dll - Microsoft Corporation
             POWRPROF.dll - c:\windows\system32\POWRPROF.dll - Microsoft Corporation
             wmisvc.dll - c:\windows\system32\wbem\wmisvc.dll - Microsoft Corporation
             VSSAPI.DLL - C:\WINDOWS\system32\VSSAPI.DLL - Microsoft Corporation
             w32time.dll - c:\windows\system32\w32time.dll - Microsoft Corporation
             trkwks.dll - c:\windows\system32\trkwks.dll - Microsoft Corporation
             browser.dll - c:\windows\system32\browser.dll - Microsoft Corporation
             wuauserv.dll - c:\windows\system32\wuauserv.dll - Microsoft Corporation
             sens.dll - c:\windows\system32\sens.dll - Microsoft Corporation
             wuaueng.dll - C:\WINDOWS\system32\wuaueng.dll - Microsoft Corporation
             WINSPOOL.DRV - C:\WINDOWS\System32\WINSPOOL.DRV - Microsoft Corporation
             WINHTTP.dll - C:\WINDOWS\System32\WINHTTP.dll - Microsoft Corporation
             Cabinet.dll - C:\WINDOWS\System32\Cabinet.dll - Microsoft Corporation
             mspatcha.dll - C:\WINDOWS\System32\mspatcha.dll - Microsoft Corporation
             wscsvc.dll - c:\windows\system32\wscsvc.dll - Microsoft Corporation
             msi.dll - c:\windows\system32\msi.dll - Microsoft Corporation
             ipnathlp.dll - c:\windows\system32\ipnathlp.dll - Microsoft Corporation
             AUTHZ.dll - c:\windows\system32\AUTHZ.dll - Microsoft Corporation
             wbemcomn.dll - C:\WINDOWS\system32\wbem\wbemcomn.dll - Microsoft Corporation
             SXS.DLL - C:\WINDOWS\System32\SXS.DLL - Microsoft Corporation
             comsvcs.dll - C:\WINDOWS\system32\comsvcs.dll - Microsoft Corporation
             colbact.DLL - C:\WINDOWS\system32\colbact.DLL - Microsoft Corporation
             MTXCLU.DLL - C:\WINDOWS\system32\MTXCLU.DLL - Microsoft Corporation
             WSOCK32.dll - C:\WINDOWS\system32\WSOCK32.dll - Microsoft Corporation
             CLUSAPI.DLL - C:\WINDOWS\System32\CLUSAPI.DLL - Microsoft Corporation
             RESUTILS.DLL - C:\WINDOWS\System32\RESUTILS.DLL - Microsoft Corporation
             wbemcore.dll - C:\WINDOWS\System32\Wbem\wbemcore.dll - Microsoft Corporation
             esscli.dll - C:\WINDOWS\System32\Wbem\esscli.dll - Microsoft Corporation
             FastProx.dll - C:\WINDOWS\System32\Wbem\FastProx.dll - Microsoft Corporation
             wbemsvc.dll - C:\WINDOWS\system32\wbem\wbemsvc.dll - Microsoft Corporation
             sfc.dll - C:\WINDOWS\System32\sfc.dll - Microsoft Corporation
             sfc_os.dll - C:\WINDOWS\System32\sfc_os.dll - Microsoft Corporation
             wmiutils.dll - C:\WINDOWS\system32\wbem\wmiutils.dll - Microsoft Corporation
             repdrvfs.dll - C:\WINDOWS\system32\wbem\repdrvfs.dll - Microsoft Corporation
             wmiprvsd.dll - C:\WINDOWS\system32\wbem\wmiprvsd.dll - Microsoft Corporation
             NCObjAPI.DLL - C:\WINDOWS\system32\NCObjAPI.DLL - Microsoft Corporation
             wbemess.dll - C:\WINDOWS\system32\wbem\wbemess.dll - Microsoft Corporation
             Apphelp.dll - C:\WINDOWS\system32\Apphelp.dll - Microsoft Corporation
             ncprov.dll - C:\WINDOWS\system32\wbem\ncprov.dll - Microsoft Corporation
             upnp.dll - C:\WINDOWS\system32\upnp.dll - Microsoft Corporation
             SSDPAPI.dll - C:\WINDOWS\system32\SSDPAPI.dll - Microsoft Corporation
             wups2.dll - C:\WINDOWS\system32\wups2.dll - Microsoft Corporation
             netcfgx.dll - C:\WINDOWS\system32\netcfgx.dll - Microsoft Corporation
             tapisrv.dll - c:\windows\system32\tapisrv.dll - Microsoft Corporation
             rasmans.dll - c:\windows\system32\rasmans.dll - Microsoft Corporation
             WINIPSEC.DLL - c:\windows\system32\WINIPSEC.DLL - Microsoft Corporation
             rastapi.dll - C:\WINDOWS\System32\rastapi.dll - Microsoft Corporation
             unimdm.tsp - C:\WINDOWS\System32\unimdm.tsp - Microsoft Corporation
             uniplat.dll - C:\WINDOWS\System32\uniplat.dll - Microsoft Corporation
             kmddsp.tsp - C:\WINDOWS\System32\kmddsp.tsp - Microsoft Corporation
             ndptsp.tsp - C:\WINDOWS\System32\ndptsp.tsp - Microsoft Corporation
             ipconf.tsp - C:\WINDOWS\System32\ipconf.tsp - Microsoft Corporation
             h323.tsp - C:\WINDOWS\System32\h323.tsp - Microsoft Corporation
             hidphone.tsp - C:\WINDOWS\System32\hidphone.tsp - Microsoft Corporation
             HID.DLL - C:\WINDOWS\System32\HID.DLL - Microsoft Corporation
             rasppp.dll - C:\WINDOWS\System32\rasppp.dll - Microsoft Corporation
             ntlsapi.dll - C:\WINDOWS\System32\ntlsapi.dll - Microsoft Corporation
             rasadhlp.dll - C:\WINDOWS\System32\rasadhlp.dll - Microsoft Corporation
             kerberos.dll - C:\WINDOWS\system32\kerberos.dll - Microsoft Corporation
             RASDLG.dll - C:\WINDOWS\System32\RASDLG.dll - Microsoft Corporation
             RASQEC.DLL - C:\WINDOWS\System32\RASQEC.DLL - Microsoft Corporation
             msxml3.dll - C:\WINDOWS\system32\msxml3.dll - Microsoft Corporation
             dssenh.dll - C:\WINDOWS\System32\dssenh.dll - Microsoft Corporation
             winrnr.dll - C:\WINDOWS\System32\winrnr.dll - Microsoft Corporation
             qmgr.dll - c:\windows\system32\qmgr.dll - Microsoft Corporation
             MPR.dll - C:\WINDOWS\system32\MPR.dll - Microsoft Corporation
             SHFOLDER.dll - c:\windows\system32\SHFOLDER.dll - Microsoft Corporation
             advpack.dll - C:\WINDOWS\system32\advpack.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[lsass.exe]Modules
             lsass.exe - C:\WINDOWS\system32\lsass.exe - Microsoft Corporation
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             snxhk.dll - C:\Program Files\Alwil Software\Avast5\snxhk.dll - AVAST Software
             ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             Secur32.dll - C:\WINDOWS\system32\Secur32.dll - Microsoft Corporation
             LSASRV.dll - C:\WINDOWS\system32\LSASRV.dll - Microsoft Corporation
             MPR.dll - C:\WINDOWS\system32\MPR.dll - Microsoft Corporation
             USER32.dll - C:\WINDOWS\system32\USER32.dll - Microsoft Corporation
             GDI32.dll - C:\WINDOWS\system32\GDI32.dll - Microsoft Corporation
             MSASN1.dll - C:\WINDOWS\system32\MSASN1.dll - Microsoft Corporation
             msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             NETAPI32.dll - C:\WINDOWS\system32\NETAPI32.dll - Microsoft Corporation
             NTDSAPI.dll - C:\WINDOWS\system32\NTDSAPI.dll - Microsoft Corporation
             DNSAPI.dll - C:\WINDOWS\system32\DNSAPI.dll - Microsoft Corporation
             WS2_32.dll - C:\WINDOWS\system32\WS2_32.dll - Microsoft Corporation
             WS2HELP.dll - C:\WINDOWS\system32\WS2HELP.dll - Microsoft Corporation
             WLDAP32.dll - C:\WINDOWS\system32\WLDAP32.dll - Microsoft Corporation
             SAMLIB.dll - C:\WINDOWS\system32\SAMLIB.dll - Microsoft Corporation
             SAMSRV.dll - C:\WINDOWS\system32\SAMSRV.dll - Microsoft Corporation
             cryptdll.dll - C:\WINDOWS\system32\cryptdll.dll - Microsoft Corporation
             ShimEng.dll - C:\WINDOWS\system32\ShimEng.dll - Microsoft Corporation
             AcGenral.DLL - C:\WINDOWS\AppPatch\AcGenral.DLL - Microsoft Corporation
             WINMM.dll - C:\WINDOWS\system32\WINMM.dll - Microsoft Corporation
             ole32.dll - C:\WINDOWS\system32\ole32.dll - Microsoft Corporation
             OLEAUT32.dll - C:\WINDOWS\system32\OLEAUT32.dll - Microsoft Corporation
             MSACM32.dll - C:\WINDOWS\system32\MSACM32.dll - Microsoft Corporation
             VERSION.dll - C:\WINDOWS\system32\VERSION.dll - Microsoft Corporation
             SHELL32.dll - C:\WINDOWS\system32\SHELL32.dll - Microsoft Corporation
             SHLWAPI.dll - C:\WINDOWS\system32\SHLWAPI.dll - Microsoft Corporation
             USERENV.dll - C:\WINDOWS\system32\USERENV.dll - Microsoft Corporation
             UxTheme.dll - C:\WINDOWS\system32\UxTheme.dll - Microsoft Corporation
             IMM32.DLL - C:\WINDOWS\system32\IMM32.DLL - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\system32\comctl32.dll - Microsoft Corporation
             msprivs.dll - C:\WINDOWS\system32\msprivs.dll - Microsoft Corporation
             kerberos.dll - C:\WINDOWS\system32\kerberos.dll - Microsoft Corporation
             msv1_0.dll - C:\WINDOWS\system32\msv1_0.dll - Microsoft Corporation
             iphlpapi.dll - C:\WINDOWS\system32\iphlpapi.dll - Microsoft Corporation
             netlogon.dll - C:\WINDOWS\system32\netlogon.dll - Microsoft Corporation
             w32time.dll - C:\WINDOWS\system32\w32time.dll - Microsoft Corporation
             MSVCP60.dll - C:\WINDOWS\system32\MSVCP60.dll - Microsoft Corporation
             schannel.dll - C:\WINDOWS\system32\schannel.dll - Microsoft Corporation
             CRYPT32.dll - C:\WINDOWS\system32\CRYPT32.dll - Microsoft Corporation
             wdigest.dll - C:\WINDOWS\system32\wdigest.dll - Microsoft Corporation
             rsaenh.dll - C:\WINDOWS\system32\rsaenh.dll - Microsoft Corporation
             setupapi.dll - C:\WINDOWS\system32\setupapi.dll - Microsoft Corporation
             scecli.dll - C:\WINDOWS\system32\scecli.dll - Microsoft Corporation
             ipsecsvc.dll - C:\WINDOWS\system32\ipsecsvc.dll - Microsoft Corporation
             AUTHZ.dll - C:\WINDOWS\system32\AUTHZ.dll - Microsoft Corporation
             oakley.DLL - C:\WINDOWS\system32\oakley.DLL - Microsoft Corporation
             WINIPSEC.DLL - C:\WINDOWS\system32\WINIPSEC.DLL - Microsoft Corporation
             pstorsvc.dll - C:\WINDOWS\system32\pstorsvc.dll - Microsoft Corporation
             psbase.dll - C:\WINDOWS\system32\psbase.dll - Microsoft Corporation
             mswsock.dll - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation
             hnetcfg.dll - C:\WINDOWS\system32\hnetcfg.dll - Microsoft Corporation
             wshtcpip.dll - C:\WINDOWS\System32\wshtcpip.dll - Microsoft Corporation
             dssenh.dll - C:\WINDOWS\system32\dssenh.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[explorer.exe]Modules
             Explorer.EXE - C:\WINDOWS\Explorer.EXE - Microsoft Corporation
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             snxhk.dll - C:\Program Files\Alwil Software\Avast5\snxhk.dll - AVAST Software
             ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             Secur32.dll - C:\WINDOWS\system32\Secur32.dll - Microsoft Corporation
             BROWSEUI.dll - C:\WINDOWS\system32\BROWSEUI.dll - Spolenost Microsoft
             GDI32.dll - C:\WINDOWS\system32\GDI32.dll - Microsoft Corporation
             USER32.dll - C:\WINDOWS\system32\USER32.dll - Microsoft Corporation
             msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             ole32.dll - C:\WINDOWS\system32\ole32.dll - Microsoft Corporation
             SHLWAPI.dll - C:\WINDOWS\system32\SHLWAPI.dll - Microsoft Corporation
             OLEAUT32.dll - C:\WINDOWS\system32\OLEAUT32.dll - Microsoft Corporation
             SHDOCVW.dll - C:\WINDOWS\system32\SHDOCVW.dll - Microsoft Corporation
             CRYPT32.dll - C:\WINDOWS\system32\CRYPT32.dll - Microsoft Corporation
             MSASN1.dll - C:\WINDOWS\system32\MSASN1.dll - Microsoft Corporation
             CRYPTUI.dll - C:\WINDOWS\system32\CRYPTUI.dll - Microsoft Corporation
             NETAPI32.dll - C:\WINDOWS\system32\NETAPI32.dll - Microsoft Corporation
             VERSION.dll - C:\WINDOWS\system32\VERSION.dll - Microsoft Corporation
             WININET.dll - C:\WINDOWS\system32\WININET.dll - Microsoft Corporation
             Normaliz.dll - C:\WINDOWS\system32\Normaliz.dll - Microsoft Corporation
             urlmon.dll - C:\WINDOWS\system32\urlmon.dll - Microsoft Corporation
             iertutil.dll - C:\WINDOWS\system32\iertutil.dll - Microsoft Corporation
             WINTRUST.dll - C:\WINDOWS\system32\WINTRUST.dll - Microsoft Corporation
             IMAGEHLP.dll - C:\WINDOWS\system32\IMAGEHLP.dll - Microsoft Corporation
             WLDAP32.dll - C:\WINDOWS\system32\WLDAP32.dll - Microsoft Corporation
             SHELL32.dll - C:\WINDOWS\system32\SHELL32.dll - Microsoft Corporation
             UxTheme.dll - C:\WINDOWS\system32\UxTheme.dll - Microsoft Corporation
             ShimEng.dll - C:\WINDOWS\system32\ShimEng.dll - Microsoft Corporation
             AcGenral.DLL - C:\WINDOWS\AppPatch\AcGenral.DLL - Microsoft Corporation
             WINMM.dll - C:\WINDOWS\system32\WINMM.dll - Microsoft Corporation
             MSACM32.dll - C:\WINDOWS\system32\MSACM32.dll - Microsoft Corporation
             USERENV.dll - C:\WINDOWS\system32\USERENV.dll - Microsoft Corporation
             IMM32.DLL - C:\WINDOWS\system32\IMM32.DLL - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\system32\comctl32.dll - Microsoft Corporation
             msctfime.ime - C:\WINDOWS\system32\msctfime.ime - Microsoft Corporation
             appHelp.dll - C:\WINDOWS\system32\appHelp.dll - Microsoft Corporation
             CLBCATQ.DLL - C:\WINDOWS\system32\CLBCATQ.DLL - Microsoft Corporation
             COMRes.dll - C:\WINDOWS\system32\COMRes.dll - Microsoft Corporation
             ashShell.dll - C:\Program Files\Alwil Software\Avast5\ashShell.dll - AVAST Software
             msi.dll - C:\WINDOWS\system32\msi.dll - Microsoft Corporation
             cscui.dll - C:\WINDOWS\System32\cscui.dll - Microsoft Corporation
             CSCDLL.dll - C:\WINDOWS\System32\CSCDLL.dll - Microsoft Corporation
             themeui.dll - C:\WINDOWS\system32\themeui.dll - Microsoft Corporation
             MSIMG32.dll - C:\WINDOWS\system32\MSIMG32.dll - Microsoft Corporation
             xpsp2res.dll - C:\WINDOWS\system32\xpsp2res.dll - Microsoft Corporation
             msutb.dll - C:\WINDOWS\system32\msutb.dll - Microsoft Corporation
             MSCTF.dll - C:\WINDOWS\system32\MSCTF.dll - Microsoft Corporation
             SAMLIB.dll - C:\WINDOWS\system32\SAMLIB.dll - Microsoft Corporation
             SETUPAPI.dll - C:\WINDOWS\system32\SETUPAPI.dll - Microsoft Corporation
             LINKINFO.dll - C:\WINDOWS\system32\LINKINFO.dll - Microsoft Corporation
             ntshrui.dll - C:\WINDOWS\system32\ntshrui.dll - Microsoft Corporation
             ATL.DLL - C:\WINDOWS\system32\ATL.DLL - Microsoft Corporation
             MLANG.dll - C:\WINDOWS\system32\MLANG.dll - Microsoft Corporation
             ieframe.dll - C:\WINDOWS\system32\ieframe.dll - Microsoft Corporation
             NETSHELL.dll - C:\WINDOWS\system32\NETSHELL.dll - Microsoft Corporation
             credui.dll - C:\WINDOWS\system32\credui.dll - Microsoft Corporation
             dot3api.dll - C:\WINDOWS\system32\dot3api.dll - Microsoft Corporation
             rtutils.dll - C:\WINDOWS\system32\rtutils.dll - Microsoft Corporation
             dot3dlg.dll - C:\WINDOWS\system32\dot3dlg.dll - Microsoft Corporation
             OneX.DLL - C:\WINDOWS\system32\OneX.DLL - Microsoft Corporation
             WTSAPI32.dll - C:\WINDOWS\system32\WTSAPI32.dll - Microsoft Corporation
             WINSTA.dll - C:\WINDOWS\system32\WINSTA.dll - Microsoft Corporation
             eappcfg.dll - C:\WINDOWS\system32\eappcfg.dll - Microsoft Corporation
             MSVCP60.dll - C:\WINDOWS\system32\MSVCP60.dll - Microsoft Corporation
             eappprxy.dll - C:\WINDOWS\system32\eappprxy.dll - Microsoft Corporation
             iphlpapi.dll - C:\WINDOWS\system32\iphlpapi.dll - Microsoft Corporation
             WS2_32.dll - C:\WINDOWS\system32\WS2_32.dll - Microsoft Corporation
             WS2HELP.dll - C:\WINDOWS\system32\WS2HELP.dll - Microsoft Corporation
             rsaenh.dll - C:\WINDOWS\system32\rsaenh.dll - Microsoft Corporation
             webcheck.dll - C:\WINDOWS\system32\webcheck.dll - Microsoft Corporation
             stobject.dll - C:\WINDOWS\system32\stobject.dll - Microsoft Corporation
             BatMeter.dll - C:\WINDOWS\system32\BatMeter.dll - Microsoft Corporation
             POWRPROF.dll - C:\WINDOWS\system32\POWRPROF.dll - Microsoft Corporation
             WPDShServiceObj.dll - C:\WINDOWS\system32\WPDShServiceObj.dll - Microsoft Corporation
             WINHTTP.dll - C:\WINDOWS\system32\WINHTTP.dll - Microsoft Corporation
             mydocs.dll - C:\WINDOWS\system32\mydocs.dll - Microsoft Corporation
             PortableDeviceTypes.dll - C:\WINDOWS\system32\PortableDeviceTypes.dll - Microsoft Corporation
             PortableDeviceApi.dll - C:\WINDOWS\system32\PortableDeviceApi.dll - Microsoft Corporation
             wdmaud.drv - C:\WINDOWS\system32\wdmaud.drv - Microsoft Corporation
             msacm32.drv - C:\WINDOWS\system32\msacm32.drv - Microsoft Corporation
             midimap.dll - C:\WINDOWS\system32\midimap.dll - Microsoft Corporation
             wzcdlg.dll - C:\WINDOWS\system32\wzcdlg.dll - Microsoft Corporation
             WZCSAPI.DLL - C:\WINDOWS\system32\WZCSAPI.DLL - Microsoft Corporation
             MPR.dll - C:\WINDOWS\system32\MPR.dll - Microsoft Corporation
             drprov.dll - C:\WINDOWS\System32\drprov.dll - Microsoft Corporation
             ntlanman.dll - C:\WINDOWS\System32\ntlanman.dll - Microsoft Corporation
             NETUI0.dll - C:\WINDOWS\System32\NETUI0.dll - Microsoft Corporation
             NETUI1.dll - C:\WINDOWS\System32\NETUI1.dll - Microsoft Corporation
             NETRAP.dll - C:\WINDOWS\System32\NETRAP.dll - Microsoft Corporation
             davclnt.dll - C:\WINDOWS\System32\davclnt.dll - Microsoft Corporation
             browselc.dll - C:\WINDOWS\system32\browselc.dll - Microsoft Corporation
             DUSER.dll - C:\WINDOWS\system32\DUSER.dll - Microsoft Corporation
             RASAPI32.dll - C:\WINDOWS\system32\RASAPI32.dll - Microsoft Corporation
             rasman.dll - C:\WINDOWS\system32\rasman.dll - Microsoft Corporation
             TAPI32.dll - C:\WINDOWS\system32\TAPI32.dll - Microsoft Corporation
             sensapi.dll - C:\WINDOWS\system32\sensapi.dll - Microsoft Corporation
             msv1_0.dll - C:\WINDOWS\system32\msv1_0.dll - Microsoft Corporation
             cryptdll.dll - C:\WINDOWS\system32\cryptdll.dll - Microsoft Corporation
             zipfldr.dll - C:\WINDOWS\system32\zipfldr.dll - Microsoft Corporation
             rarext.dll - C:\Program Files\WinRAR\rarext.dll - 
             rarlng.dll - C:\Program Files\WinRAR\rarlng.dll - 
             actxprxy.dll - C:\WINDOWS\system32\actxprxy.dll - Microsoft Corporation
             NTMARTA.DLL - C:\WINDOWS\system32\NTMARTA.DLL - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[smss.exe]Modules
             smss.exe - C:\WINDOWS\System32\smss.exe - Microsoft Corporation
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[csrss.exe]Modules
             csrss.exe - C:\WINDOWS\system32\csrss.exe - Microsoft Corporation
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             CSRSRV.dll - C:\WINDOWS\system32\CSRSRV.dll - Microsoft Corporation
             basesrv.dll - C:\WINDOWS\system32\basesrv.dll - Microsoft Corporation
             winsrv.dll - C:\WINDOWS\system32\winsrv.dll - Microsoft Corporation
             GDI32.dll - C:\WINDOWS\system32\GDI32.dll - Microsoft Corporation
             KERNEL32.dll - C:\WINDOWS\system32\KERNEL32.dll - Microsoft Corporation
             USER32.dll - C:\WINDOWS\system32\USER32.dll - Microsoft Corporation
             sxs.dll - C:\WINDOWS\system32\sxs.dll - Microsoft Corporation
             ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             Secur32.dll - C:\WINDOWS\system32\Secur32.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[svchost.exe]Modules
             svchost.exe - C:\WINDOWS\system32\svchost.exe - Microsoft Corporation
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             snxhk.dll - C:\Program Files\Alwil Software\Avast5\snxhk.dll - AVAST Software
             ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             Secur32.dll - C:\WINDOWS\system32\Secur32.dll - Microsoft Corporation
             ShimEng.dll - C:\WINDOWS\system32\ShimEng.dll - Microsoft Corporation
             AcGenral.DLL - C:\WINDOWS\AppPatch\AcGenral.DLL - Microsoft Corporation
             USER32.dll - C:\WINDOWS\system32\USER32.dll - Microsoft Corporation
             GDI32.dll - C:\WINDOWS\system32\GDI32.dll - Microsoft Corporation
             WINMM.dll - C:\WINDOWS\system32\WINMM.dll - Microsoft Corporation
             ole32.dll - C:\WINDOWS\system32\ole32.dll - Microsoft Corporation
             msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             OLEAUT32.dll - C:\WINDOWS\system32\OLEAUT32.dll - Microsoft Corporation
             MSACM32.dll - C:\WINDOWS\system32\MSACM32.dll - Microsoft Corporation
             VERSION.dll - C:\WINDOWS\system32\VERSION.dll - Microsoft Corporation
             SHELL32.dll - C:\WINDOWS\system32\SHELL32.dll - Microsoft Corporation
             SHLWAPI.dll - C:\WINDOWS\system32\SHLWAPI.dll - Microsoft Corporation
             USERENV.dll - C:\WINDOWS\system32\USERENV.dll - Microsoft Corporation
             UxTheme.dll - C:\WINDOWS\system32\UxTheme.dll - Microsoft Corporation
             IMM32.DLL - C:\WINDOWS\system32\IMM32.DLL - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\system32\comctl32.dll - Microsoft Corporation
             NTMARTA.DLL - C:\WINDOWS\system32\NTMARTA.DLL - Microsoft Corporation
             SAMLIB.dll - C:\WINDOWS\system32\SAMLIB.dll - Microsoft Corporation
             WLDAP32.dll - C:\WINDOWS\system32\WLDAP32.dll - Microsoft Corporation
             xpsp2res.dll - C:\WINDOWS\system32\xpsp2res.dll - Microsoft Corporation
             lmhsvc.dll - c:\windows\system32\lmhsvc.dll - Microsoft Corporation
             iphlpapi.dll - c:\windows\system32\iphlpapi.dll - Microsoft Corporation
             WS2_32.dll - c:\windows\system32\WS2_32.dll - Microsoft Corporation
             WS2HELP.dll - c:\windows\system32\WS2HELP.dll - Microsoft Corporation
             regsvc.dll - c:\windows\system32\regsvc.dll - Microsoft Corporation
             ssdpsrv.dll - c:\windows\system32\ssdpsrv.dll - Microsoft Corporation
             hnetcfg.dll - C:\WINDOWS\system32\hnetcfg.dll - Microsoft Corporation
             CLBCATQ.DLL - C:\WINDOWS\system32\CLBCATQ.DLL - Microsoft Corporation
             COMRes.dll - C:\WINDOWS\system32\COMRes.dll - Microsoft Corporation
             mswsock.dll - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation
             wshtcpip.dll - C:\WINDOWS\System32\wshtcpip.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[svchost.exe]Modules
             svchost.exe - C:\WINDOWS\system32\svchost.exe - Microsoft Corporation
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             snxhk.dll - C:\Program Files\Alwil Software\Avast5\snxhk.dll - AVAST Software
             ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             Secur32.dll - C:\WINDOWS\system32\Secur32.dll - Microsoft Corporation
             ShimEng.dll - C:\WINDOWS\system32\ShimEng.dll - Microsoft Corporation
             AcGenral.DLL - C:\WINDOWS\AppPatch\AcGenral.DLL - Microsoft Corporation
             USER32.dll - C:\WINDOWS\system32\USER32.dll - Microsoft Corporation
             GDI32.dll - C:\WINDOWS\system32\GDI32.dll - Microsoft Corporation
             WINMM.dll - C:\WINDOWS\system32\WINMM.dll - Microsoft Corporation
             ole32.dll - C:\WINDOWS\system32\ole32.dll - Microsoft Corporation
             msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             OLEAUT32.dll - C:\WINDOWS\system32\OLEAUT32.dll - Microsoft Corporation
             MSACM32.dll - C:\WINDOWS\system32\MSACM32.dll - Microsoft Corporation
             VERSION.dll - C:\WINDOWS\system32\VERSION.dll - Microsoft Corporation
             SHELL32.dll - C:\WINDOWS\system32\SHELL32.dll - Microsoft Corporation
             SHLWAPI.dll - C:\WINDOWS\system32\SHLWAPI.dll - Microsoft Corporation
             USERENV.dll - C:\WINDOWS\system32\USERENV.dll - Microsoft Corporation
             UxTheme.dll - C:\WINDOWS\system32\UxTheme.dll - Microsoft Corporation
             IMM32.DLL - C:\WINDOWS\system32\IMM32.DLL - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\system32\comctl32.dll - Microsoft Corporation
             NTMARTA.DLL - C:\WINDOWS\system32\NTMARTA.DLL - Microsoft Corporation
             SAMLIB.dll - C:\WINDOWS\system32\SAMLIB.dll - Microsoft Corporation
             WLDAP32.dll - C:\WINDOWS\system32\WLDAP32.dll - Microsoft Corporation
             rpcss.dll - c:\windows\system32\rpcss.dll - Microsoft Corporation
             WS2_32.dll - c:\windows\system32\WS2_32.dll - Microsoft Corporation
             WS2HELP.dll - c:\windows\system32\WS2HELP.dll - Microsoft Corporation
             xpsp2res.dll - C:\WINDOWS\system32\xpsp2res.dll - Microsoft Corporation
             CLBCATQ.DLL - C:\WINDOWS\system32\CLBCATQ.DLL - Microsoft Corporation
             COMRes.dll - C:\WINDOWS\system32\COMRes.dll - Microsoft Corporation
             termsrv.dll - c:\windows\system32\termsrv.dll - Microsoft Corporation
             ICAAPI.dll - c:\windows\system32\ICAAPI.dll - Microsoft Corporation
             SETUPAPI.dll - c:\windows\system32\SETUPAPI.dll - Microsoft Corporation
             WINTRUST.dll - c:\windows\system32\WINTRUST.dll - Microsoft Corporation
             CRYPT32.dll - c:\windows\system32\CRYPT32.dll - Microsoft Corporation
             MSASN1.dll - c:\windows\system32\MSASN1.dll - Microsoft Corporation
             IMAGEHLP.dll - C:\WINDOWS\system32\IMAGEHLP.dll - Microsoft Corporation
             AUTHZ.dll - c:\windows\system32\AUTHZ.dll - Microsoft Corporation
             mstlsapi.dll - c:\windows\system32\mstlsapi.dll - Microsoft Corporation
             ACTIVEDS.dll - c:\windows\system32\ACTIVEDS.dll - Microsoft Corporation
             adsldpc.dll - c:\windows\system32\adsldpc.dll - Microsoft Corporation
             NETAPI32.dll - c:\windows\system32\NETAPI32.dll - Microsoft Corporation
             ATL.DLL - c:\windows\system32\ATL.DLL - Microsoft Corporation
             REGAPI.dll - C:\WINDOWS\system32\REGAPI.dll - Microsoft Corporation
             rsaenh.dll - C:\WINDOWS\system32\rsaenh.dll - Microsoft Corporation
             Apphelp.dll - C:\WINDOWS\system32\Apphelp.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[svchost.exe]Modules
             svchost.exe - C:\WINDOWS\system32\svchost.exe - Microsoft Corporation
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             snxhk.dll - C:\Program Files\Alwil Software\Avast5\snxhk.dll - AVAST Software
             ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             Secur32.dll - C:\WINDOWS\system32\Secur32.dll - Microsoft Corporation
             ShimEng.dll - C:\WINDOWS\system32\ShimEng.dll - Microsoft Corporation
             AcGenral.DLL - C:\WINDOWS\AppPatch\AcGenral.DLL - Microsoft Corporation
             USER32.dll - C:\WINDOWS\system32\USER32.dll - Microsoft Corporation
             GDI32.dll - C:\WINDOWS\system32\GDI32.dll - Microsoft Corporation
             WINMM.dll - C:\WINDOWS\system32\WINMM.dll - Microsoft Corporation
             ole32.dll - C:\WINDOWS\system32\ole32.dll - Microsoft Corporation
             msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             OLEAUT32.dll - C:\WINDOWS\system32\OLEAUT32.dll - Microsoft Corporation
             MSACM32.dll - C:\WINDOWS\system32\MSACM32.dll - Microsoft Corporation
             VERSION.dll - C:\WINDOWS\system32\VERSION.dll - Microsoft Corporation
             SHELL32.dll - C:\WINDOWS\system32\SHELL32.dll - Microsoft Corporation
             SHLWAPI.dll - C:\WINDOWS\system32\SHLWAPI.dll - Microsoft Corporation
             USERENV.dll - C:\WINDOWS\system32\USERENV.dll - Microsoft Corporation
             UxTheme.dll - C:\WINDOWS\system32\UxTheme.dll - Microsoft Corporation
             IMM32.DLL - C:\WINDOWS\system32\IMM32.DLL - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\system32\comctl32.dll - Microsoft Corporation
             dnsrslvr.dll - c:\windows\system32\dnsrslvr.dll - Microsoft Corporation
             DNSAPI.dll - c:\windows\system32\DNSAPI.dll - Microsoft Corporation
             WS2_32.dll - c:\windows\system32\WS2_32.dll - Microsoft Corporation
             WS2HELP.dll - c:\windows\system32\WS2HELP.dll - Microsoft Corporation
             iphlpapi.dll - c:\windows\system32\iphlpapi.dll - Microsoft Corporation
             rsaenh.dll - C:\WINDOWS\system32\rsaenh.dll - Microsoft Corporation
             mswsock.dll - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation
             hnetcfg.dll - C:\WINDOWS\system32\hnetcfg.dll - Microsoft Corporation
             wshtcpip.dll - C:\WINDOWS\System32\wshtcpip.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[AvastUI.exe]Modules
             avastUI.exe - C:\Program Files\Alwil Software\Avast5\avastUI.exe - AVAST Software
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             aswUtil.dll - C:\Program Files\Alwil Software\Avast5\aswUtil.dll - AVAST Software
             ashBase.dll - C:\Program Files\Alwil Software\Avast5\ashBase.dll - AVAST Software
             WSOCK32.dll - C:\WINDOWS\system32\WSOCK32.dll - Microsoft Corporation
             WS2_32.dll - C:\WINDOWS\system32\WS2_32.dll - Microsoft Corporation
             ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             Secur32.dll - C:\WINDOWS\system32\Secur32.dll - Microsoft Corporation
             msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             WS2HELP.dll - C:\WINDOWS\system32\WS2HELP.dll - Microsoft Corporation
             VERSION.dll - C:\WINDOWS\system32\VERSION.dll - Microsoft Corporation
             aswEngLdr.dll - C:\Program Files\Alwil Software\Avast5\aswEngLdr.dll - AVAST Software
             aswCmnOS.dll - C:\Program Files\Alwil Software\Avast5\aswCmnOS.dll - AVAST Software
             aswCmnIS.dll - C:\Program Files\Alwil Software\Avast5\aswCmnIS.dll - AVAST Software
             MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             USER32.dll - C:\WINDOWS\system32\USER32.dll - Microsoft Corporation
             GDI32.dll - C:\WINDOWS\system32\GDI32.dll - Microsoft Corporation
             MSVCP90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCP90.dll - Microsoft Corporation
             aswCmnBS.dll - C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll - AVAST Software
             PSAPI.DLL - C:\WINDOWS\system32\PSAPI.DLL - Microsoft Corporation
             SHLWAPI.dll - C:\WINDOWS\system32\SHLWAPI.dll - Microsoft Corporation
             USERENV.dll - C:\WINDOWS\system32\USERENV.dll - Microsoft Corporation
             SHELL32.dll - C:\WINDOWS\system32\SHELL32.dll - Microsoft Corporation
             ashTask.dll - C:\Program Files\Alwil Software\Avast5\ashTask.dll - AVAST Software
             aswAux.dll - C:\Program Files\Alwil Software\Avast5\aswAux.dll - AVAST Software
             DNSAPI.dll - C:\WINDOWS\system32\DNSAPI.dll - Microsoft Corporation
             aswLog.dll - C:\Program Files\Alwil Software\Avast5\aswLog.dll - AVAST Software
             aswSqLt.dll - C:\Program Files\Alwil Software\Avast5\aswSqLt.dll - AVAST Software
             aswProperty.dll - C:\Program Files\Alwil Software\Avast5\aswProperty.dll - AVAST Software
             ole32.dll - C:\WINDOWS\system32\ole32.dll - Microsoft Corporation
             AavmRpch.dll - C:\Program Files\Alwil Software\Avast5\AavmRpch.dll - AVAST Software
             mfc90u.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll - Microsoft Corporation
             COMCTL32.dll - C:\WINDOWS\system32\COMCTL32.dll - Microsoft Corporation
             MSIMG32.dll - C:\WINDOWS\system32\MSIMG32.dll - Microsoft Corporation
             COMDLG32.dll - C:\WINDOWS\system32\COMDLG32.dll - Microsoft Corporation
             OLEAUT32.dll - C:\WINDOWS\system32\OLEAUT32.dll - Microsoft Corporation
             WINMM.dll - C:\WINDOWS\system32\WINMM.dll - Microsoft Corporation
             WININET.dll - C:\WINDOWS\system32\WININET.dll - Microsoft Corporation
             Normaliz.dll - C:\WINDOWS\system32\Normaliz.dll - Microsoft Corporation
             urlmon.dll - C:\WINDOWS\system32\urlmon.dll - Microsoft Corporation
             iertutil.dll - C:\WINDOWS\system32\iertutil.dll - Microsoft Corporation
             OLEACC.dll - C:\WINDOWS\system32\OLEACC.dll - Microsoft Corporation
             IMM32.DLL - C:\WINDOWS\system32\IMM32.DLL - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - Microsoft Corporation
             UxTheme.dll - C:\WINDOWS\system32\UxTheme.dll - Microsoft Corporation
             dbghelp.dll - C:\WINDOWS\system32\dbghelp.dll - Microsoft Corporation
             Base.dll - C:\Program Files\Alwil Software\Avast5\1029\Base.dll - AVAST Software
             aswAra.dll - C:\Program Files\Alwil Software\Avast5\aswAra.dll - Avast! Software
             WTSAPI32.dll - C:\WINDOWS\system32\WTSAPI32.dll - Microsoft Corporation
             WINSTA.dll - C:\WINDOWS\system32\WINSTA.dll - Microsoft Corporation
             NETAPI32.dll - C:\WINDOWS\system32\NETAPI32.dll - Microsoft Corporation
             MSCTF.dll - C:\WINDOWS\system32\MSCTF.dll - Microsoft Corporation
             aswData.dll - C:\Program Files\Alwil Software\Avast5\aswData.dll - AVAST Software
             ashTaskEx.dll - C:\Program Files\Alwil Software\Avast5\ashTaskEx.dll - AVAST Software
             Aavm4h.dll - C:\Program Files\Alwil Software\Avast5\Aavm4h.dll - AVAST Software
             UILangRes.dll - C:\Program Files\Alwil Software\Avast5\1029\UILangRes.dll - AVAST Software
             CommonRes.dll - C:\Program Files\Alwil Software\Avast5\CommonRes.dll - AVAST Software
             msctfime.ime - C:\WINDOWS\system32\msctfime.ime - Microsoft Corporation
             CLBCATQ.DLL - C:\WINDOWS\system32\CLBCATQ.DLL - Microsoft Corporation
             COMRes.dll - C:\WINDOWS\system32\COMRes.dll - Microsoft Corporation
             DSOUND.dll - C:\WINDOWS\system32\DSOUND.dll - Microsoft Corporation
             ieframe.dll - C:\WINDOWS\system32\ieframe.dll - Microsoft Corporation
             SXS.DLL - C:\WINDOWS\system32\SXS.DLL - Microsoft Corporation
             WINTRUST.dll - C:\WINDOWS\system32\WINTRUST.dll - Microsoft Corporation
             CRYPT32.dll - C:\WINDOWS\system32\CRYPT32.dll - Microsoft Corporation
             MSASN1.dll - C:\WINDOWS\system32\MSASN1.dll - Microsoft Corporation
             IMAGEHLP.dll - C:\WINDOWS\system32\IMAGEHLP.dll - Microsoft Corporation
             wdmaud.drv - C:\WINDOWS\system32\wdmaud.drv - Microsoft Corporation
             msacm32.drv - C:\WINDOWS\system32\msacm32.drv - Microsoft Corporation
             MSACM32.dll - C:\WINDOWS\system32\MSACM32.dll - Microsoft Corporation
             midimap.dll - C:\WINDOWS\system32\midimap.dll - Microsoft Corporation
             l3codecp.acm - C:\WINDOWS\system32\l3codecp.acm - Fraunhofer Institut Integrierte Schaltungen IIS
             uiExt.dll - C:\Program Files\Alwil Software\Avast5\defs\12051101\uiExt.dll - AVAST Software

------------------------------------------------------------------------------------------

      Image File Name[spoolsv.exe]Modules
             spoolsv.exe - C:\WINDOWS\system32\spoolsv.exe - Microsoft Corporation
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             snxhk.dll - C:\Program Files\Alwil Software\Avast5\snxhk.dll - AVAST Software
             ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             Secur32.dll - C:\WINDOWS\system32\Secur32.dll - Microsoft Corporation
             GDI32.dll - C:\WINDOWS\system32\GDI32.dll - Microsoft Corporation
             USER32.dll - C:\WINDOWS\system32\USER32.dll - Microsoft Corporation
             msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             ShimEng.dll - C:\WINDOWS\system32\ShimEng.dll - Microsoft Corporation
             AcGenral.DLL - C:\WINDOWS\AppPatch\AcGenral.DLL - Microsoft Corporation
             WINMM.dll - C:\WINDOWS\system32\WINMM.dll - Microsoft Corporation
             ole32.dll - C:\WINDOWS\system32\ole32.dll - Microsoft Corporation
             OLEAUT32.dll - C:\WINDOWS\system32\OLEAUT32.dll - Microsoft Corporation
             MSACM32.dll - C:\WINDOWS\system32\MSACM32.dll - Microsoft Corporation
             VERSION.dll - C:\WINDOWS\system32\VERSION.dll - Microsoft Corporation
             SHELL32.dll - C:\WINDOWS\system32\SHELL32.dll - Microsoft Corporation
             SHLWAPI.dll - C:\WINDOWS\system32\SHLWAPI.dll - Microsoft Corporation
             USERENV.dll - C:\WINDOWS\system32\USERENV.dll - Microsoft Corporation
             UxTheme.dll - C:\WINDOWS\system32\UxTheme.dll - Microsoft Corporation
             IMM32.DLL - C:\WINDOWS\system32\IMM32.DLL - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\system32\comctl32.dll - Microsoft Corporation
             SPOOLSS.DLL - C:\WINDOWS\system32\SPOOLSS.DLL - Microsoft Corporation
             WS2_32.dll - C:\WINDOWS\system32\WS2_32.dll - Microsoft Corporation
             WS2HELP.dll - C:\WINDOWS\system32\WS2HELP.dll - Microsoft Corporation
             DNSAPI.dll - C:\WINDOWS\system32\DNSAPI.dll - Microsoft Corporation
             iphlpapi.dll - C:\WINDOWS\system32\iphlpapi.dll - Microsoft Corporation
             rasadhlp.dll - C:\WINDOWS\system32\rasadhlp.dll - Microsoft Corporation
             localspl.dll - C:\WINDOWS\system32\localspl.dll - Microsoft Corporation
             sfc_os.dll - C:\WINDOWS\system32\sfc_os.dll - Microsoft Corporation
             WINTRUST.dll - C:\WINDOWS\system32\WINTRUST.dll - Microsoft Corporation
             CRYPT32.dll - C:\WINDOWS\system32\CRYPT32.dll - Microsoft Corporation
             MSASN1.dll - C:\WINDOWS\system32\MSASN1.dll - Microsoft Corporation
             IMAGEHLP.dll - C:\WINDOWS\system32\IMAGEHLP.dll - Microsoft Corporation
             winspool.drv - C:\WINDOWS\system32\winspool.drv - Microsoft Corporation
             netapi32.dll - C:\WINDOWS\system32\netapi32.dll - Microsoft Corporation
             cnbjmon.dll - C:\WINDOWS\system32\cnbjmon.dll - Microsoft Corporation
             pjlmon.dll - C:\WINDOWS\system32\pjlmon.dll - Microsoft Corporation
             tcpmon.dll - C:\WINDOWS\system32\tcpmon.dll - Microsoft Corporation
             usbmon.dll - C:\WINDOWS\system32\usbmon.dll - Microsoft Corporation
             filterpipelineprintproc.dll - C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll - Microsoft Corporation
             mswsock.dll - C:\WINDOWS\System32\mswsock.dll - Microsoft Corporation
             winrnr.dll - C:\WINDOWS\System32\winrnr.dll - Microsoft Corporation
             WLDAP32.dll - C:\WINDOWS\system32\WLDAP32.dll - Microsoft Corporation
             win32spl.dll - C:\WINDOWS\system32\win32spl.dll - Microsoft Corporation
             NETRAP.dll - C:\WINDOWS\system32\NETRAP.dll - Microsoft Corporation
             NTDSAPI.dll - C:\WINDOWS\system32\NTDSAPI.dll - Microsoft Corporation
             CLBCATQ.DLL - C:\WINDOWS\system32\CLBCATQ.DLL - Microsoft Corporation
             COMRes.dll - C:\WINDOWS\system32\COMRes.dll - Microsoft Corporation
             inetpp.dll - C:\WINDOWS\system32\inetpp.dll - Microsoft Corporation
             xpsp2res.dll - C:\WINDOWS\system32\xpsp2res.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[XueTr.exe]Modules
             XueTr.exe - C:\DOCUME~1\Zuzana\LOCALS~1\Temp\Rar$EX00.546\XueTr.exe - Email: linxer@163.com
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             snxhk.dll - C:\Program Files\Alwil Software\Avast5\snxhk.dll - AVAST Software
             MFC42u.DLL - C:\WINDOWS\system32\MFC42u.DLL - Microsoft Corporation
             msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             GDI32.dll - C:\WINDOWS\system32\GDI32.dll - Microsoft Corporation
             USER32.dll - C:\WINDOWS\system32\USER32.dll - Microsoft Corporation
             ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             Secur32.dll - C:\WINDOWS\system32\Secur32.dll - Microsoft Corporation
             SHELL32.dll - C:\WINDOWS\system32\SHELL32.dll - Microsoft Corporation
             SHLWAPI.dll - C:\WINDOWS\system32\SHLWAPI.dll - Microsoft Corporation
             COMCTL32.dll - C:\WINDOWS\system32\COMCTL32.dll - Microsoft Corporation
             ole32.dll - C:\WINDOWS\system32\ole32.dll - Microsoft Corporation
             MSVCP60.dll - C:\WINDOWS\system32\MSVCP60.dll - Microsoft Corporation
             VERSION.dll - C:\WINDOWS\system32\VERSION.dll - Microsoft Corporation
             WININET.dll - C:\WINDOWS\system32\WININET.dll - Microsoft Corporation
             Normaliz.dll - C:\WINDOWS\system32\Normaliz.dll - Microsoft Corporation
             urlmon.dll - C:\WINDOWS\system32\urlmon.dll - Microsoft Corporation
             OLEAUT32.dll - C:\WINDOWS\system32\OLEAUT32.dll - Microsoft Corporation
             iertutil.dll - C:\WINDOWS\system32\iertutil.dll - Microsoft Corporation
             WS2_32.dll - C:\WINDOWS\system32\WS2_32.dll - Microsoft Corporation
             WS2HELP.dll - C:\WINDOWS\system32\WS2HELP.dll - Microsoft Corporation
             IMM32.DLL - C:\WINDOWS\system32\IMM32.DLL - Microsoft Corporation
             MFC42LOC.DLL - C:\WINDOWS\system32\MFC42LOC.DLL - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - Microsoft Corporation
             RICHED32.DLL - C:\WINDOWS\system32\RICHED32.DLL - Microsoft Corporation
             RICHED20.dll - C:\WINDOWS\system32\RICHED20.dll - Microsoft Corporation
             msctfime.ime - C:\WINDOWS\system32\msctfime.ime - Microsoft Corporation
             wintrust.dll - C:\WINDOWS\system32\wintrust.dll - Microsoft Corporation
             CRYPT32.dll - C:\WINDOWS\system32\CRYPT32.dll - Microsoft Corporation
             MSASN1.dll - C:\WINDOWS\system32\MSASN1.dll - Microsoft Corporation
             IMAGEHLP.dll - C:\WINDOWS\system32\IMAGEHLP.dll - Microsoft Corporation
             appHelp.dll - C:\WINDOWS\system32\appHelp.dll - Microsoft Corporation
             CLBCATQ.DLL - C:\WINDOWS\system32\CLBCATQ.DLL - Microsoft Corporation
             COMRes.dll - C:\WINDOWS\system32\COMRes.dll - Microsoft Corporation
             ashShell.dll - C:\Program Files\Alwil Software\Avast5\ashShell.dll - AVAST Software
             msi.dll - C:\WINDOWS\system32\msi.dll - Microsoft Corporation
             SETUPAPI.dll - C:\WINDOWS\system32\SETUPAPI.dll - Microsoft Corporation
             USERENV.dll - C:\WINDOWS\system32\USERENV.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[ctfmon.exe]Modules
             ctfmon.exe - C:\WINDOWS\system32\ctfmon.exe - Microsoft Corporation
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             snxhk.dll - C:\Program Files\Alwil Software\Avast5\snxhk.dll - AVAST Software
             msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             Secur32.dll - C:\WINDOWS\system32\Secur32.dll - Microsoft Corporation
             USER32.dll - C:\WINDOWS\system32\USER32.dll - Microsoft Corporation
             GDI32.dll - C:\WINDOWS\system32\GDI32.dll - Microsoft Corporation
             MSCTF.dll - C:\WINDOWS\system32\MSCTF.dll - Microsoft Corporation
             MSUTB.dll - C:\WINDOWS\system32\MSUTB.dll - Microsoft Corporation
             ShimEng.dll - C:\WINDOWS\system32\ShimEng.dll - Microsoft Corporation
             AcGenral.DLL - C:\WINDOWS\AppPatch\AcGenral.DLL - Microsoft Corporation
             WINMM.dll - C:\WINDOWS\system32\WINMM.dll - Microsoft Corporation
             ole32.dll - C:\WINDOWS\system32\ole32.dll - Microsoft Corporation
             OLEAUT32.dll - C:\WINDOWS\system32\OLEAUT32.dll - Microsoft Corporation
             MSACM32.dll - C:\WINDOWS\system32\MSACM32.dll - Microsoft Corporation
             VERSION.dll - C:\WINDOWS\system32\VERSION.dll - Microsoft Corporation
             SHELL32.dll - C:\WINDOWS\system32\SHELL32.dll - Microsoft Corporation
             SHLWAPI.dll - C:\WINDOWS\system32\SHLWAPI.dll - Microsoft Corporation
             USERENV.dll - C:\WINDOWS\system32\USERENV.dll - Microsoft Corporation
             UxTheme.dll - C:\WINDOWS\system32\UxTheme.dll - Microsoft Corporation
             IMM32.DLL - C:\WINDOWS\system32\IMM32.DLL - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - Microsoft Corporation
             msctfime.ime - C:\WINDOWS\system32\msctfime.ime - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[WinRAR.exe]Modules
             WinRAR.exe - C:\Program Files\WinRAR\WinRAR.exe - 
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             snxhk.dll - C:\Program Files\Alwil Software\Avast5\snxhk.dll - AVAST Software
             COMCTL32.dll - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\COMCTL32.dll - Microsoft Corporation
             msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             Secur32.dll - C:\WINDOWS\system32\Secur32.dll - Microsoft Corporation
             GDI32.dll - C:\WINDOWS\system32\GDI32.dll - Microsoft Corporation
             USER32.dll - C:\WINDOWS\system32\USER32.dll - Microsoft Corporation
             SHLWAPI.dll - C:\WINDOWS\system32\SHLWAPI.dll - Microsoft Corporation
             COMDLG32.dll - C:\WINDOWS\system32\COMDLG32.dll - Microsoft Corporation
             SHELL32.dll - C:\WINDOWS\system32\SHELL32.dll - Microsoft Corporation
             ole32.dll - C:\WINDOWS\system32\ole32.dll - Microsoft Corporation
             IMM32.DLL - C:\WINDOWS\system32\IMM32.DLL - Microsoft Corporation
             uxtheme.dll - C:\WINDOWS\system32\uxtheme.dll - Microsoft Corporation
             MSCTF.dll - C:\WINDOWS\system32\MSCTF.dll - Microsoft Corporation
             SETUPAPI.dll - C:\WINDOWS\system32\SETUPAPI.dll - Microsoft Corporation
             rarlng.dll - C:\Program Files\WinRAR\rarlng.dll - 
             riched32.dll - C:\WINDOWS\system32\riched32.dll - Microsoft Corporation
             RICHED20.dll - C:\WINDOWS\system32\RICHED20.dll - Microsoft Corporation
             msctfime.ime - C:\WINDOWS\system32\msctfime.ime - Microsoft Corporation
             appHelp.dll - C:\WINDOWS\system32\appHelp.dll - Microsoft Corporation
             CLBCATQ.DLL - C:\WINDOWS\system32\CLBCATQ.DLL - Microsoft Corporation
             COMRes.dll - C:\WINDOWS\system32\COMRes.dll - Microsoft Corporation
             OLEAUT32.dll - C:\WINDOWS\system32\OLEAUT32.dll - Microsoft Corporation
             VERSION.dll - C:\WINDOWS\system32\VERSION.dll - Microsoft Corporation
             ashShell.dll - C:\Program Files\Alwil Software\Avast5\ashShell.dll - AVAST Software
             msi.dll - C:\WINDOWS\system32\msi.dll - Microsoft Corporation
             cscui.dll - C:\WINDOWS\System32\cscui.dll - Microsoft Corporation
             CSCDLL.dll - C:\WINDOWS\System32\CSCDLL.dll - Microsoft Corporation
             browseui.dll - C:\WINDOWS\system32\browseui.dll - Spolenost Microsoft
             USERENV.dll - C:\WINDOWS\system32\USERENV.dll - Microsoft Corporation
             netapi32.dll - C:\WINDOWS\system32\netapi32.dll - Microsoft Corporation
             MPR.dll - C:\WINDOWS\system32\MPR.dll - Microsoft Corporation
             drprov.dll - C:\WINDOWS\System32\drprov.dll - Microsoft Corporation
             ntlanman.dll - C:\WINDOWS\System32\ntlanman.dll - Microsoft Corporation
             NETUI0.dll - C:\WINDOWS\System32\NETUI0.dll - Microsoft Corporation
             NETUI1.dll - C:\WINDOWS\System32\NETUI1.dll - Microsoft Corporation
             NETRAP.dll - C:\WINDOWS\System32\NETRAP.dll - Microsoft Corporation
             SAMLIB.dll - C:\WINDOWS\System32\SAMLIB.dll - Microsoft Corporation
             davclnt.dll - C:\WINDOWS\System32\davclnt.dll - Microsoft Corporation
             wpdshext.dll - C:\WINDOWS\system32\wpdshext.dll - Microsoft Corporation
             WINMM.dll - C:\WINDOWS\system32\WINMM.dll - Microsoft Corporation
             gdiplus.dll - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\gdiplus.dll - Microsoft Corporation
             PortableDeviceApi.dll - C:\WINDOWS\system32\PortableDeviceApi.dll - Microsoft Corporation
             WINTRUST.dll - C:\WINDOWS\system32\WINTRUST.dll - Microsoft Corporation
             CRYPT32.dll - C:\WINDOWS\system32\CRYPT32.dll - Microsoft Corporation
             MSASN1.dll - C:\WINDOWS\system32\MSASN1.dll - Microsoft Corporation
             IMAGEHLP.dll - C:\WINDOWS\system32\IMAGEHLP.dll - Microsoft Corporation
             shgina.dll - C:\WINDOWS\system32\shgina.dll - Microsoft Corporation
             MSGINA.dll - C:\WINDOWS\system32\MSGINA.dll - Microsoft Corporation
             ODBC32.dll - C:\WINDOWS\system32\ODBC32.dll - Microsoft Corporation
             WINSTA.dll - C:\WINDOWS\system32\WINSTA.dll - Microsoft Corporation
             odbcint.dll - C:\WINDOWS\system32\odbcint.dll - Microsoft Corporation
             Audiodev.dll - C:\WINDOWS\system32\Audiodev.dll - Microsoft Corporation
             WMVCore.DLL - C:\WINDOWS\system32\WMVCore.DLL - Microsoft Corporation
             WMASF.DLL - C:\WINDOWS\system32\WMASF.DLL - Microsoft Corporation
             urlmon.dll - C:\WINDOWS\system32\urlmon.dll - Microsoft Corporation
             iertutil.dll - C:\WINDOWS\system32\iertutil.dll - Microsoft Corporation
             SHDOCVW.dll - C:\WINDOWS\system32\SHDOCVW.dll - Microsoft Corporation
             CRYPTUI.dll - C:\WINDOWS\system32\CRYPTUI.dll - Microsoft Corporation
             WININET.dll - C:\WINDOWS\system32\WININET.dll - Microsoft Corporation
             Normaliz.dll - C:\WINDOWS\system32\Normaliz.dll - Microsoft Corporation
             WLDAP32.dll - C:\WINDOWS\system32\WLDAP32.dll - Microsoft Corporation
             ieframe.dll - C:\WINDOWS\system32\ieframe.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[notepad.exe]Modules
             NOTEPAD.EXE - C:\WINDOWS\system32\NOTEPAD.EXE - Microsoft Corporation
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             snxhk.dll - C:\Program Files\Alwil Software\Avast5\snxhk.dll - AVAST Software
             comdlg32.dll - C:\WINDOWS\system32\comdlg32.dll - Microsoft Corporation
             ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             Secur32.dll - C:\WINDOWS\system32\Secur32.dll - Microsoft Corporation
             COMCTL32.dll - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\COMCTL32.dll - Microsoft Corporation
             msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             GDI32.dll - C:\WINDOWS\system32\GDI32.dll - Microsoft Corporation
             USER32.dll - C:\WINDOWS\system32\USER32.dll - Microsoft Corporation
             SHLWAPI.dll - C:\WINDOWS\system32\SHLWAPI.dll - Microsoft Corporation
             SHELL32.dll - C:\WINDOWS\system32\SHELL32.dll - Microsoft Corporation
             WINSPOOL.DRV - C:\WINDOWS\system32\WINSPOOL.DRV - Microsoft Corporation
             ShimEng.dll - C:\WINDOWS\system32\ShimEng.dll - Microsoft Corporation
             AcGenral.DLL - C:\WINDOWS\AppPatch\AcGenral.DLL - Microsoft Corporation
             WINMM.dll - C:\WINDOWS\system32\WINMM.dll - Microsoft Corporation
             ole32.dll - C:\WINDOWS\system32\ole32.dll - Microsoft Corporation
             OLEAUT32.dll - C:\WINDOWS\system32\OLEAUT32.dll - Microsoft Corporation
             MSACM32.dll - C:\WINDOWS\system32\MSACM32.dll - Microsoft Corporation
             VERSION.dll - C:\WINDOWS\system32\VERSION.dll - Microsoft Corporation
             USERENV.dll - C:\WINDOWS\system32\USERENV.dll - Microsoft Corporation
             UxTheme.dll - C:\WINDOWS\system32\UxTheme.dll - Microsoft Corporation
             IMM32.DLL - C:\WINDOWS\system32\IMM32.DLL - Microsoft Corporation
             MSCTF.dll - C:\WINDOWS\system32\MSCTF.dll - Microsoft Corporation
             msctfime.ime - C:\WINDOWS\system32\msctfime.ime - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[alg.exe]Modules
             alg.exe - C:\WINDOWS\System32\alg.exe - Microsoft Corporation
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             snxhk.dll - C:\Program Files\Alwil Software\Avast5\snxhk.dll - AVAST Software
             msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             ATL.DLL - C:\WINDOWS\System32\ATL.DLL - Microsoft Corporation
             USER32.dll - C:\WINDOWS\system32\USER32.dll - Microsoft Corporation
             GDI32.dll - C:\WINDOWS\system32\GDI32.dll - Microsoft Corporation
             ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             Secur32.dll - C:\WINDOWS\system32\Secur32.dll - Microsoft Corporation
             ole32.dll - C:\WINDOWS\system32\ole32.dll - Microsoft Corporation
             OLEAUT32.dll - C:\WINDOWS\system32\OLEAUT32.dll - Microsoft Corporation
             WSOCK32.dll - C:\WINDOWS\System32\WSOCK32.dll - Microsoft Corporation
             WS2_32.dll - C:\WINDOWS\System32\WS2_32.dll - Microsoft Corporation
             WS2HELP.dll - C:\WINDOWS\System32\WS2HELP.dll - Microsoft Corporation
             MSWSOCK.dll - C:\WINDOWS\System32\MSWSOCK.dll - Microsoft Corporation
             ShimEng.dll - C:\WINDOWS\System32\ShimEng.dll - Microsoft Corporation
             AcGenral.DLL - C:\WINDOWS\AppPatch\AcGenral.DLL - Microsoft Corporation
             WINMM.dll - C:\WINDOWS\System32\WINMM.dll - Microsoft Corporation
             MSACM32.dll - C:\WINDOWS\System32\MSACM32.dll - Microsoft Corporation
             VERSION.dll - C:\WINDOWS\system32\VERSION.dll - Microsoft Corporation
             SHELL32.dll - C:\WINDOWS\system32\SHELL32.dll - Microsoft Corporation
             SHLWAPI.dll - C:\WINDOWS\system32\SHLWAPI.dll - Microsoft Corporation
             USERENV.dll - C:\WINDOWS\system32\USERENV.dll - Microsoft Corporation
             UxTheme.dll - C:\WINDOWS\System32\UxTheme.dll - Microsoft Corporation
             IMM32.DLL - C:\WINDOWS\system32\IMM32.DLL - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\system32\comctl32.dll - Microsoft Corporation
             CLBCATQ.DLL - C:\WINDOWS\System32\CLBCATQ.DLL - Microsoft Corporation
             COMRes.dll - C:\WINDOWS\System32\COMRes.dll - Microsoft Corporation
             xpsp2res.dll - C:\WINDOWS\System32\xpsp2res.dll - Microsoft Corporation
             hnetcfg.dll - C:\WINDOWS\system32\hnetcfg.dll - Microsoft Corporation
             wshtcpip.dll - C:\WINDOWS\System32\wshtcpip.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[notepad.exe]Modules
             NOTEPAD.EXE - C:\WINDOWS\system32\NOTEPAD.EXE - Microsoft Corporation
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             snxhk.dll - C:\Program Files\Alwil Software\Avast5\snxhk.dll - AVAST Software
             comdlg32.dll - C:\WINDOWS\system32\comdlg32.dll - Microsoft Corporation
             ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             Secur32.dll - C:\WINDOWS\system32\Secur32.dll - Microsoft Corporation
             COMCTL32.dll - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\COMCTL32.dll - Microsoft Corporation
             msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             GDI32.dll - C:\WINDOWS\system32\GDI32.dll - Microsoft Corporation
             USER32.dll - C:\WINDOWS\system32\USER32.dll - Microsoft Corporation
             SHLWAPI.dll - C:\WINDOWS\system32\SHLWAPI.dll - Microsoft Corporation
             SHELL32.dll - C:\WINDOWS\system32\SHELL32.dll - Microsoft Corporation
             WINSPOOL.DRV - C:\WINDOWS\system32\WINSPOOL.DRV - Microsoft Corporation
             ShimEng.dll - C:\WINDOWS\system32\ShimEng.dll - Microsoft Corporation
             AcGenral.DLL - C:\WINDOWS\AppPatch\AcGenral.DLL - Microsoft Corporation
             WINMM.dll - C:\WINDOWS\system32\WINMM.dll - Microsoft Corporation
             ole32.dll - C:\WINDOWS\system32\ole32.dll - Microsoft Corporation
             OLEAUT32.dll - C:\WINDOWS\system32\OLEAUT32.dll - Microsoft Corporation
             MSACM32.dll - C:\WINDOWS\system32\MSACM32.dll - Microsoft Corporation
             VERSION.dll - C:\WINDOWS\system32\VERSION.dll - Microsoft Corporation
             USERENV.dll - C:\WINDOWS\system32\USERENV.dll - Microsoft Corporation
             UxTheme.dll - C:\WINDOWS\system32\UxTheme.dll - Microsoft Corporation
             IMM32.DLL - C:\WINDOWS\system32\IMM32.DLL - Microsoft Corporation
             MSCTF.dll - C:\WINDOWS\system32\MSCTF.dll - Microsoft Corporation
             msctfime.ime - C:\WINDOWS\system32\msctfime.ime - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[Idle]Modules

==========================================================================================

Process Threads

      Image File Name[System]Threads
             8 - Ready - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             12 - Terminate - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             16 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             20 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             24 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             28 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             32 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             36 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             40 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             44 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             48 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             52 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             56 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             60 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             64 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             68 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             72 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             76 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             80 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             84 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             88 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             92 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             96 - Wait - ACPI.sys - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
             100 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             104 - Wait - dmio.sys - C:\WINDOWS\system32\drivers\dmio.sys - Microsoft Corp., Veritas Software
             108 - Wait - NDIS.sys - C:\WINDOWS\system32\drivers\NDIS.sys - Microsoft Corporation
             116 - Wait - redbook.sys - C:\WINDOWS\system32\DRIVERS\redbook.sys - Microsoft Corporation
             132 - Wait - rdpdr.sys - C:\WINDOWS\system32\DRIVERS\rdpdr.sys - Microsoft Corporation
             136 - Wait - rdpdr.sys - C:\WINDOWS\system32\DRIVERS\rdpdr.sys - Microsoft Corporation
             140 - Wait - rdpdr.sys - C:\WINDOWS\system32\DRIVERS\rdpdr.sys - Microsoft Corporation
             144 - Wait - rdpdr.sys - C:\WINDOWS\system32\DRIVERS\rdpdr.sys - Microsoft Corporation
             148 - Wait - USBPORT.SYS - C:\WINDOWS\system32\DRIVERS\USBPORT.SYS - Microsoft Corporation
             156 - Wait - raspptp.sys - C:\WINDOWS\system32\DRIVERS\raspptp.sys - Microsoft Corporation
             160 - Wait - raspptp.sys - C:\WINDOWS\system32\DRIVERS\raspptp.sys - Microsoft Corporation
             284 - Wait - USBPORT.SYS - C:\WINDOWS\system32\DRIVERS\USBPORT.SYS - Microsoft Corporation
             288 - Wait - USBPORT.SYS - C:\WINDOWS\system32\DRIVERS\USBPORT.SYS - Microsoft Corporation
             340 - Wait - parport.sys - C:\WINDOWS\system32\DRIVERS\parport.sys - Microsoft Corporation
             348 - Wait - rasacd.sys - C:\WINDOWS\system32\DRIVERS\rasacd.sys - Microsoft Corporation
             352 - Wait - aswTdi.SYS - C:\WINDOWS\System32\Drivers\aswTdi.SYS - AVAST Software
             356 - Wait - rdbss.sys - C:\WINDOWS\system32\DRIVERS\rdbss.sys - Microsoft Corporation
             360 - Wait - rdbss.sys - C:\WINDOWS\system32\DRIVERS\rdbss.sys - Microsoft Corporation
             364 - Wait - rdbss.sys - C:\WINDOWS\system32\DRIVERS\rdbss.sys - Microsoft Corporation
             368 - Wait - rdbss.sys - C:\WINDOWS\system32\DRIVERS\rdbss.sys - Microsoft Corporation
             372 - Wait - mrxdav.sys - C:\WINDOWS\system32\DRIVERS\mrxdav.sys - Microsoft Corporation
             532 - Wait - mrxdav.sys - C:\WINDOWS\system32\DRIVERS\mrxdav.sys - Microsoft Corporation
             536 - Wait - mrxdav.sys - C:\WINDOWS\system32\DRIVERS\mrxdav.sys - Microsoft Corporation
             540 - Wait - mrxdav.sys - C:\WINDOWS\system32\DRIVERS\mrxdav.sys - Microsoft Corporation
             552 - Terminate - aswSP.SYS - C:\WINDOWS\System32\Drivers\aswSP.SYS - AVAST Software
             556 - Wait - aswSP.SYS - C:\WINDOWS\System32\Drivers\aswSP.SYS - AVAST Software
             560 - Wait - aswSP.SYS - C:\WINDOWS\System32\Drivers\aswSP.SYS - AVAST Software
             564 - Wait - aswSP.SYS - C:\WINDOWS\System32\Drivers\aswSP.SYS - AVAST Software
             568 - Wait - aswSP.SYS - C:\WINDOWS\System32\Drivers\aswSP.SYS - AVAST Software
             572 - Wait - aswSP.SYS - C:\WINDOWS\System32\Drivers\aswSP.SYS - AVAST Software
             576 - Wait - aswSnx.SYS - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
             580 - Wait - aswSnx.SYS - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
             584 - Wait - aswSnx.SYS - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
             588 - Wait - aswSnx.SYS - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
             592 - Wait - aswSnx.SYS - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
             596 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             608 - Wait - mrxdav.sys - C:\WINDOWS\system32\DRIVERS\mrxdav.sys - Microsoft Corporation
             1064 - Wait - srv.sys - C:\WINDOWS\system32\DRIVERS\srv.sys - Microsoft Corporation
             1068 - Wait - srv.sys - C:\WINDOWS\system32\DRIVERS\srv.sys - Microsoft Corporation
             1228 - Ready - aswSP.SYS - C:\WINDOWS\System32\Drivers\aswSP.SYS - AVAST Software
             1352 - Wait - aswSP.SYS - C:\WINDOWS\System32\Drivers\aswSP.SYS - AVAST Software
             1592 - Wait - aswMon2.SYS - C:\WINDOWS\System32\Drivers\aswMon2.SYS - AVAST Software
             1596 - Wait - aswMon2.SYS - C:\WINDOWS\System32\Drivers\aswMon2.SYS - AVAST Software
             1600 - Wait - aswMon2.SYS - C:\WINDOWS\System32\Drivers\aswMon2.SYS - AVAST Software
             1604 - Wait - aswMon2.SYS - C:\WINDOWS\System32\Drivers\aswMon2.SYS - AVAST Software
             1608 - Wait - aswMon2.SYS - C:\WINDOWS\System32\Drivers\aswMon2.SYS - AVAST Software
             1612 - Wait - aswMon2.SYS - C:\WINDOWS\System32\Drivers\aswMon2.SYS - AVAST Software
             1616 - Wait - aswMon2.SYS - C:\WINDOWS\System32\Drivers\aswMon2.SYS - AVAST Software
             2796 - Wait - HTTP.sys - C:\WINDOWS\System32\Drivers\HTTP.sys - Microsoft Corporation
             2800 - Wait - HTTP.sys - C:\WINDOWS\System32\Drivers\HTTP.sys - Microsoft Corporation
             2804 - Wait - HTTP.sys - C:\WINDOWS\System32\Drivers\HTTP.sys - Microsoft Corporation
             2808 - Wait - HTTP.sys - C:\WINDOWS\System32\Drivers\HTTP.sys - Microsoft Corporation
             2812 - Wait - HTTP.sys - C:\WINDOWS\System32\Drivers\HTTP.sys - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[winlogon.exe]Threads
             112 - Wait - USERENV.dll - C:\WINDOWS\system32\USERENV.dll - Microsoft Corporation
             344 - Wait - USERENV.dll - C:\WINDOWS\system32\USERENV.dll - Microsoft Corporation
             544 - Wait - USERENV.dll - C:\WINDOWS\system32\USERENV.dll - Microsoft Corporation
             692 - Wait - winlogon.exe - C:\WINDOWS\system32\winlogon.exe - Microsoft Corporation
             720 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             724 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             728 - Wait - kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             740 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             972 - Wait - sfc_os.dll - C:\WINDOWS\system32\sfc_os.dll - Microsoft Corporation
             976 - Wait - sfc_os.dll - C:\WINDOWS\system32\sfc_os.dll - Microsoft Corporation
             980 - Wait - sfc_os.dll - C:\WINDOWS\system32\sfc_os.dll - Microsoft Corporation
             984 - Wait -  -  - 
             1252 - Wait - winlogon.exe - C:\WINDOWS\system32\winlogon.exe - Microsoft Corporation
             1256 - Wait - cscdll.dll - C:\WINDOWS\system32\cscdll.dll - Microsoft Corporation
             1348 - Terminate - winlogon.exe - C:\WINDOWS\system32\winlogon.exe - Microsoft Corporation
             1420 - Terminate - WlNotify.dll - C:\WINDOWS\system32\WlNotify.dll - Microsoft Corporation
             1548 - Wait - kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             1848 - Wait - wdmaud.drv - C:\WINDOWS\system32\wdmaud.drv - Microsoft Corporation
             1852 - Wait - WINMM.dll - C:\WINDOWS\system32\WINMM.dll - Microsoft Corporation
             2732 - Wait - RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             4028 - Wait - RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[soffice.exe]Threads
             152 - Wait - soffice.exe - C:\Program Files\OpenOffice.org 3\program\soffice.exe - OpenOffice.org

------------------------------------------------------------------------------------------

      Image File Name[soffice.bin]Threads
             164 - Wait - gdiplus.dll - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\gdiplus.dll - Microsoft Corporation
             184 - Wait - sal3.dll - C:\Program Files\OpenOffice.org 3\URE\bin\sal3.dll - OpenOffice.org
             188 - Wait - soffice.bin - C:\Program Files\OpenOffice.org 3\program\soffice.bin - OpenOffice.org
             240 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             280 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             512 - Wait - sfxmi.dll - C:\Program Files\OpenOffice.org 3\program\sfxmi.dll - OpenOffice.org
             520 - Wait -  -  - 

------------------------------------------------------------------------------------------

      Image File Name[AvastSvc.exe]Threads
             172 - Wait - arPot.dll - C:\Program Files\Alwil Software\Avast5\defs\12051101\arPot.dll - AVAST Software
             200 - Wait - arPot.dll - C:\Program Files\Alwil Software\Avast5\defs\12051101\arPot.dll - AVAST Software
             424 - Wait - mswsock.dll - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation
             792 - Wait - Aavm4h.dll - C:\Program Files\Alwil Software\Avast5\Aavm4h.dll - AVAST Software
             1176 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             1192 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             1204 - Wait - Aavm4h.dll - C:\Program Files\Alwil Software\Avast5\Aavm4h.dll - AVAST Software
             1236 - Wait - Aavm4h.dll - C:\Program Files\Alwil Software\Avast5\Aavm4h.dll - AVAST Software
             1260 - Wait - Aavm4h.dll - C:\Program Files\Alwil Software\Avast5\Aavm4h.dll - AVAST Software
             1268 - Wait - Aavm4h.dll - C:\Program Files\Alwil Software\Avast5\Aavm4h.dll - AVAST Software
             1272 - Wait - Aavm4h.dll - C:\Program Files\Alwil Software\Avast5\Aavm4h.dll - AVAST Software
             1276 - Wait - Aavm4h.dll - C:\Program Files\Alwil Software\Avast5\Aavm4h.dll - AVAST Software
             1288 - Wait - Aavm4h.dll - C:\Program Files\Alwil Software\Avast5\Aavm4h.dll - AVAST Software
             1292 - Wait - Aavm4h.dll - C:\Program Files\Alwil Software\Avast5\Aavm4h.dll - AVAST Software
             1324 - Wait - AhResBhv.dll - C:\Program Files\Alwil Software\Avast5\AhResBhv.dll - AVAST Software
             1336 - Wait - Aavm4h.dll - C:\Program Files\Alwil Software\Avast5\Aavm4h.dll - AVAST Software
             1344 - Wait - AhResBhv.dll - C:\Program Files\Alwil Software\Avast5\AhResBhv.dll - AVAST Software
             1372 - Wait - AhResBhv.dll - C:\Program Files\Alwil Software\Avast5\AhResBhv.dll - AVAST Software
             1408 - Wait - AhResMai.dll - C:\Program Files\Alwil Software\Avast5\AhResMai.dll - AVAST Software
             1472 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             1476 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             1488 - Wait - AhResStd.dll - C:\Program Files\Alwil Software\Avast5\AhResStd.dll - AVAST Software
             1492 - Wait - AhResWS.dll - C:\Program Files\Alwil Software\Avast5\AhResWS.dll - AVAST Software
             1516 - Wait - Aavm4h.dll - C:\Program Files\Alwil Software\Avast5\Aavm4h.dll - AVAST Software
             1520 - Wait - Aavm4h.dll - C:\Program Files\Alwil Software\Avast5\Aavm4h.dll - AVAST Software
             1528 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             1532 - Wait - aswLog.dll - C:\Program Files\Alwil Software\Avast5\aswLog.dll - AVAST Software
             1624 - Wait - AvastSvc.exe - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe - AVAST Software
             1628 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             1632 - Wait - ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             1696 - Wait - kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             1724 - Wait - Aavm4h.dll - C:\Program Files\Alwil Software\Avast5\Aavm4h.dll - AVAST Software
             1728 - Wait - Aavm4h.dll - C:\Program Files\Alwil Software\Avast5\Aavm4h.dll - AVAST Software
             1936 - Wait - AhResMai.dll - C:\Program Files\Alwil Software\Avast5\AhResMai.dll - AVAST Software
             1972 - Terminate - aswEngin.dll - C:\Program Files\Alwil Software\Avast5\defs\12051101\aswEngin.dll - AVAST Software
             2044 - Wait - arPot.dll - C:\Program Files\Alwil Software\Avast5\defs\12051101\arPot.dll - AVAST Software
             2104 - Wait - ashMaiSv.dll - C:\Program Files\Alwil Software\Avast5\ashMaiSv.dll - AVAST Software
             2108 - Wait - AhResWS.dll - C:\Program Files\Alwil Software\Avast5\AhResWS.dll - AVAST Software
             2120 - Wait - ashServ.dll - C:\Program Files\Alwil Software\Avast5\ashServ.dll - AVAST Software
             2124 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             2128 - Terminate - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             2132 - Wait - ashWsFtr.dll - C:\Program Files\Alwil Software\Avast5\ashWsFtr.dll - AVAST Software
             2136 - Wait - ashWsFtr.dll - C:\Program Files\Alwil Software\Avast5\ashWsFtr.dll - AVAST Software
             2148 - Wait - ashServ.dll - C:\Program Files\Alwil Software\Avast5\ashServ.dll - AVAST Software
             2152 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             2156 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             2160 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             2164 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             2168 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             2172 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             2176 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             2180 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             2184 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             2188 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             2192 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             2196 - Wait - ashServ.dll - C:\Program Files\Alwil Software\Avast5\ashServ.dll - AVAST Software
             2204 - Wait - ashServ.dll - C:\Program Files\Alwil Software\Avast5\ashServ.dll - AVAST Software
             2208 - Wait - ashServ.dll - C:\Program Files\Alwil Software\Avast5\ashServ.dll - AVAST Software
             2212 - Terminate - ashServ.dll - C:\Program Files\Alwil Software\Avast5\ashServ.dll - AVAST Software
             2216 - Wait - ashServ.dll - C:\Program Files\Alwil Software\Avast5\ashServ.dll - AVAST Software
             2220 - Wait - ashServ.dll - C:\Program Files\Alwil Software\Avast5\ashServ.dll - AVAST Software
             2224 - Wait - ashServ.dll - C:\Program Files\Alwil Software\Avast5\ashServ.dll - AVAST Software
             2228 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             3248 - Wait -  -  - 
             3352 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             3508 - Wait - RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             3724 - Wait - kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             4048 - Wait - RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[rundll32.exe]Threads
             192 - Wait - wdmaud.drv - C:\WINDOWS\system32\wdmaud.drv - Microsoft Corporation
             1932 - Wait - RunDll32.exe - C:\WINDOWS\system32\RunDll32.exe - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[Updater.exe]Threads
             208 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             1960 - Wait - Updater.exe - C:\Program Files\Ask.com\Updater\Updater.exe - Ask

------------------------------------------------------------------------------------------

      Image File Name[SpywareTerminatorShield.Exe]Threads
             212 - Wait - SpywareTerminatorShield.exe - C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe - Crawler.com
             236 - Wait - SpywareTerminatorShield.exe - C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe - Crawler.com
             1952 - Wait - SpywareTerminatorShield.exe - C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe - Crawler.com
             2252 - Wait - SpywareTerminatorShield.exe - C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe - Crawler.com
             2260 - Wait - SpywareTerminatorShield.exe - C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe - Crawler.com

------------------------------------------------------------------------------------------

      Image File Name[svchost.exe]Threads
             216 - Wait - RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             992 - Wait - svchost.exe - C:\WINDOWS\system32\svchost.exe - Microsoft Corporation
             996 - Wait - ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             1000 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             1004 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             1008 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             1020 - Wait -  -  - 
             1056 - Wait - rpcss.dll - c:\windows\system32\rpcss.dll - Microsoft Corporation
             3060 - Wait -  -  - 
             3496 - Wait - kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             3708 - Wait - RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[services.exe]Threads
             232 - Wait - kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             756 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             760 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             764 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             860 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             868 - Wait - RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             896 - Wait - AUTHZ.dll - C:\WINDOWS\system32\AUTHZ.dll - Microsoft Corporation
             904 - Terminate - NCObjAPI.DLL - C:\WINDOWS\system32\NCObjAPI.DLL - Microsoft Corporation
             924 - Wait - services.exe - C:\WINDOWS\system32\services.exe - Microsoft Corporation
             968 - Wait -  -  - 
             1136 - Wait - umpnpmgr.dll - C:\WINDOWS\system32\umpnpmgr.dll - Microsoft Corporation
             1140 - Wait - umpnpmgr.dll - C:\WINDOWS\system32\umpnpmgr.dll - Microsoft Corporation
             2020 - Wait -  -  - 
             2060 - Terminate - NCObjAPI.DLL - C:\WINDOWS\system32\NCObjAPI.DLL - Microsoft Corporation
             2072 - Wait - NCObjAPI.DLL - C:\WINDOWS\system32\NCObjAPI.DLL - Microsoft Corporation
             2076 - Wait - NCObjAPI.DLL - C:\WINDOWS\system32\NCObjAPI.DLL - Microsoft Corporation
             2708 - Wait -  -  - 

------------------------------------------------------------------------------------------

      Image File Name[SpywareTerminatorUpdate.exe]Threads
             244 - Wait - SpywareTerminatorUpdate.exe - C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe - Crawler.com
             248 - Wait - SpywareTerminatorUpdate.exe - C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe - Crawler.com
             252 - Wait - TorentDll.dll - C:\Program Files\Spyware Terminator\TorentDll.dll - 
             256 - Wait - TorentDll.dll - C:\Program Files\Spyware Terminator\TorentDll.dll - 
             264 - Terminate - hnetcfg.dll - C:\WINDOWS\system32\hnetcfg.dll - Microsoft Corporation
             276 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             380 - Wait - TorentDll.dll - C:\Program Files\Spyware Terminator\TorentDll.dll - 
             396 - Wait - SpywareTerminatorUpdate.exe - C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe - Crawler.com
             1992 - Wait - SpywareTerminatorUpdate.exe - C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe - Crawler.com

------------------------------------------------------------------------------------------

      Image File Name[wuauclt.exe]Threads
             260 - Wait - wuauclt.exe - C:\WINDOWS\system32\wuauclt.exe - Microsoft Corporation
             1784 - Wait - kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             4068 - Wait - wucltui.dll - C:\WINDOWS\system32\wucltui.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[svchost.exe]Threads
             548 - Wait - svchost.exe - C:\WINDOWS\system32\svchost.exe - Microsoft Corporation
             612 - Wait - webclnt.dll - c:\windows\system32\webclnt.dll - Microsoft Corporation
             632 - Wait - RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             636 - Wait - webclnt.dll - c:\windows\system32\webclnt.dll - Microsoft Corporation
             2652 - Wait - RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[sp_rsser.exe]Threads
             320 - Wait - sp_rsser.exe - C:\Program Files\Spyware Terminator\sp_rsser.exe - Crawler.com
             748 - Wait - sp_rsser.exe - C:\Program Files\Spyware Terminator\sp_rsser.exe - Crawler.com
             1200 - Wait - ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             1212 - Wait - sp_rsser.exe - C:\Program Files\Spyware Terminator\sp_rsser.exe - Crawler.com
             1248 - Wait - sp_rsser.exe - C:\Program Files\Spyware Terminator\sp_rsser.exe - Crawler.com
             1400 - Wait - sp_rsser.exe - C:\Program Files\Spyware Terminator\sp_rsser.exe - Crawler.com
             2256 - Wait - sp_rsser.exe - C:\Program Files\Spyware Terminator\sp_rsser.exe - Crawler.com
             2464 - Wait - sp_rsser.exe - C:\Program Files\Spyware Terminator\sp_rsser.exe - Crawler.com
             3544 - Wait - sp_rsser.exe - C:\Program Files\Spyware Terminator\sp_rsser.exe - Crawler.com
             3564 - Wait - sp_rsser.exe - C:\Program Files\Spyware Terminator\sp_rsser.exe - Crawler.com
             3568 - Wait - sp_rsser.exe - C:\Program Files\Spyware Terminator\sp_rsser.exe - Crawler.com
             3884 - Wait - sp_rsser.exe - C:\Program Files\Spyware Terminator\sp_rsser.exe - Crawler.com

------------------------------------------------------------------------------------------

      Image File Name[svchost.exe]Threads
             432 - Wait - ESENT.dll - c:\windows\system32\ESENT.dll - Microsoft Corporation
             468 - Terminate - wuaueng.dll - C:\WINDOWS\system32\wuaueng.dll - Microsoft Corporation
             528 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             648 - Wait -  -  - 
             656 - Wait - ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             660 - Wait - ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             1088 - Wait - svchost.exe - C:\WINDOWS\System32\svchost.exe - Microsoft Corporation
             1092 - Wait -  -  - 
             1096 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             1100 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             1124 - Wait - ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             1148 - Wait - kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             1180 - Wait - dhcpcsvc.dll - c:\windows\system32\dhcpcsvc.dll - Microsoft Corporation
             1184 - Wait -  -  - 
             1188 - Wait -  -  - 
             1224 - Terminate - NCObjAPI.DLL - C:\WINDOWS\system32\NCObjAPI.DLL - Microsoft Corporation
             1232 - Terminate - NCObjAPI.DLL - C:\WINDOWS\system32\NCObjAPI.DLL - Microsoft Corporation
             1364 - Terminate - es.dll - c:\windows\system32\es.dll - Microsoft Corporation
             1404 - Wait - ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             1412 - Wait - ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             1440 - Wait - EapolQec.dll - c:\windows\system32\EapolQec.dll - Microsoft Corporation
             1444 - Wait - QUtil.dll - c:\windows\system32\QUtil.dll - Microsoft Corporation
             1448 - Wait - USERENV.dll - C:\WINDOWS\system32\USERENV.dll - Microsoft Corporation
             1452 - Wait - w32time.dll - c:\windows\system32\w32time.dll - Microsoft Corporation
             1460 - Terminate - es.dll - c:\windows\system32\es.dll - Microsoft Corporation
             1468 - Wait - RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             1496 - Wait - AUTHZ.dll - c:\windows\system32\AUTHZ.dll - Microsoft Corporation
             1560 - Wait - wzcsvc.dll - c:\windows\system32\wzcsvc.dll - Microsoft Corporation
             1568 - Wait - ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             1576 - Wait -  -  - 
             1644 - Wait - ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             1652 - Wait -  -  - 
             1660 - Wait - kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             1664 - Wait - schedsvc.dll - c:\windows\system32\schedsvc.dll - Microsoft Corporation
             1668 - Wait - schedsvc.dll - c:\windows\system32\schedsvc.dll - Microsoft Corporation
             1680 - Wait - schedsvc.dll - c:\windows\system32\schedsvc.dll - Microsoft Corporation
             1720 - Wait -  -  - 
             1760 - Wait - kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             1768 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             1800 - Wait -  -  - 
             2056 - Wait - ncprov.dll - C:\WINDOWS\system32\wbem\ncprov.dll - Microsoft Corporation
             2064 - Wait - NCObjAPI.DLL - C:\WINDOWS\system32\NCObjAPI.DLL - Microsoft Corporation
             2068 - Wait - NCObjAPI.DLL - C:\WINDOWS\system32\NCObjAPI.DLL - Microsoft Corporation
             2092 - Wait - wscsvc.dll - c:\windows\system32\wscsvc.dll - Microsoft Corporation
             2100 - Wait - wscsvc.dll - c:\windows\system32\wscsvc.dll - Microsoft Corporation
             2264 - Wait - ole32.dll - C:\WINDOWS\system32\ole32.dll - Microsoft Corporation
             2420 - Terminate - wuaueng.dll - C:\WINDOWS\system32\wuaueng.dll - Microsoft Corporation
             2448 - Wait - ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             2452 - Wait - shsvcs.dll - c:\windows\system32\shsvcs.dll - Microsoft Corporation
             2472 - Wait - tapisrv.dll - c:\windows\system32\tapisrv.dll - Microsoft Corporation
             2480 - Wait - ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             2588 - Wait - rastapi.dll - C:\WINDOWS\System32\rastapi.dll - Microsoft Corporation
             2592 - Wait - kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             2620 - Wait -  -  - 
             2624 - Wait - unimdm.tsp - C:\WINDOWS\System32\unimdm.tsp - Microsoft Corporation
             2648 - Wait - ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             2660 - Wait - uniplat.dll - C:\WINDOWS\System32\uniplat.dll - Microsoft Corporation
             2672 - Wait - kmddsp.tsp - C:\WINDOWS\System32\kmddsp.tsp - Microsoft Corporation
             2676 - Wait - ndptsp.tsp - C:\WINDOWS\System32\ndptsp.tsp - Microsoft Corporation
             2680 - Wait - h323.tsp - C:\WINDOWS\System32\h323.tsp - Microsoft Corporation
             2684 - Wait - hidphone.tsp - C:\WINDOWS\System32\hidphone.tsp - Microsoft Corporation
             2688 - Wait - TAPI32.dll - C:\WINDOWS\System32\TAPI32.dll - Microsoft Corporation
             2700 - Wait - schedsvc.dll - c:\windows\system32\schedsvc.dll - Microsoft Corporation
             2896 - Wait - RASQEC.DLL - C:\WINDOWS\System32\RASQEC.DLL - Microsoft Corporation
             2900 - Wait - rasppp.dll - C:\WINDOWS\System32\rasppp.dll - Microsoft Corporation
             2924 - Wait - kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             3000 - Terminate - hnetcfg.dll - C:\WINDOWS\System32\hnetcfg.dll - Microsoft Corporation
             3016 - Terminate - WINHTTP.dll - C:\WINDOWS\System32\WINHTTP.dll - Microsoft Corporation
             3020 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             3420 - Wait - kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             3588 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             3668 - Wait - RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             3728 - Wait - SSDPAPI.dll - C:\WINDOWS\system32\SSDPAPI.dll - Microsoft Corporation
             3792 - Terminate - SSDPAPI.dll - C:\WINDOWS\system32\SSDPAPI.dll - Microsoft Corporation
             3860 - Terminate - WINHTTP.dll - C:\WINDOWS\System32\WINHTTP.dll - Microsoft Corporation
             3904 - Wait - RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             3916 - Wait - RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             3924 - Wait - SSDPAPI.dll - C:\WINDOWS\system32\SSDPAPI.dll - Microsoft Corporation
             3948 - Wait - ESENT.dll - c:\windows\system32\ESENT.dll - Microsoft Corporation
             3960 - Wait - RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             3968 - Wait - kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             3984 - Wait - ESENT.dll - c:\windows\system32\ESENT.dll - Microsoft Corporation
             3988 - Wait - ESENT.dll - c:\windows\system32\ESENT.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[lsass.exe]Threads
             440 - Wait - USERENV.dll - C:\WINDOWS\system32\USERENV.dll - Microsoft Corporation
             768 - Wait - LSASRV.dll - C:\WINDOWS\system32\LSASRV.dll - Microsoft Corporation
             772 - Wait - ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             776 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             780 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             784 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             788 - Wait -  -  - 
             804 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             828 - Wait - RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             832 - Wait -  -  - 
             844 - Wait - LSASRV.dll - C:\WINDOWS\system32\LSASRV.dll - Microsoft Corporation
             848 - Wait - RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             852 - Wait - kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             876 - Wait - LSASRV.dll - C:\WINDOWS\system32\LSASRV.dll - Microsoft Corporation
             1040 - Terminate - hnetcfg.dll - C:\WINDOWS\system32\hnetcfg.dll - Microsoft Corporation
             1044 - Wait - msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             1048 - Wait - msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             1052 - Wait - msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             1384 - Wait - kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             1416 - Wait -  -  - 
             2240 - Wait - LSASRV.dll - C:\WINDOWS\system32\LSASRV.dll - Microsoft Corporation
             2316 - Wait - RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             3272 - Wait - kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[explorer.exe]Threads
             484 - Wait - stobject.dll - C:\WINDOWS\system32\stobject.dll - Microsoft Corporation
             492 - Wait - SHLWAPI.dll - C:\WINDOWS\system32\SHLWAPI.dll - Microsoft Corporation
             500 - Wait - SHLWAPI.dll - C:\WINDOWS\system32\SHLWAPI.dll - Microsoft Corporation
             508 - Wait - wdmaud.drv - C:\WINDOWS\system32\wdmaud.drv - Microsoft Corporation
             1640 - Wait - Explorer.EXE - C:\WINDOWS\Explorer.EXE - Microsoft Corporation
             1704 - Wait - SHLWAPI.dll - C:\WINDOWS\system32\SHLWAPI.dll - Microsoft Corporation
             1708 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             1716 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             1764 - Wait - SHLWAPI.dll - C:\WINDOWS\system32\SHLWAPI.dll - Microsoft Corporation
             2116 - Wait - WINMM.dll - C:\WINDOWS\system32\WINMM.dll - Microsoft Corporation
             2760 - Wait -  -  - 
             3008 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             3460 - Wait - ole32.dll - C:\WINDOWS\system32\ole32.dll - Microsoft Corporation
             3572 - Wait - RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[smss.exe]Threads
             620 - Wait - smss.exe - C:\WINDOWS\System32\smss.exe - Microsoft Corporation
             624 - Wait - smss.exe - C:\WINDOWS\System32\smss.exe - Microsoft Corporation
             628 - Wait -  -  - 

------------------------------------------------------------------------------------------

      Image File Name[csrss.exe]Threads
             672 - Wait - winsrv.dll - C:\WINDOWS\system32\winsrv.dll - Microsoft Corporation
             676 - Wait - winsrv.dll - C:\WINDOWS\system32\winsrv.dll - Microsoft Corporation
             680 - Wait -  -  - 
             684 - Wait - CSRSRV.dll - C:\WINDOWS\system32\CSRSRV.dll - Microsoft Corporation
             696 - Wait - CSRSRV.dll - C:\WINDOWS\system32\CSRSRV.dll - Microsoft Corporation
             700 - Wait - winsrv.dll - C:\WINDOWS\system32\winsrv.dll - Microsoft Corporation
             704 - Wait - winsrv.dll - C:\WINDOWS\system32\winsrv.dll - Microsoft Corporation
             752 - Wait - winsrv.dll - C:\WINDOWS\system32\winsrv.dll - Microsoft Corporation
             1244 - Wait - CSRSRV.dll - C:\WINDOWS\system32\CSRSRV.dll - Microsoft Corporation
             2568 - Wait - winsrv.dll - C:\WINDOWS\system32\winsrv.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[svchost.exe]Threads
             892 - Wait - RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             1312 - Wait - svchost.exe - C:\WINDOWS\system32\svchost.exe - Microsoft Corporation
             1360 - Wait - ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             1380 - Wait - lmhsvc.dll - c:\windows\system32\lmhsvc.dll - Microsoft Corporation
             2816 - Wait - ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             2824 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             2828 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             2832 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             2904 - Wait - kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             2908 - Wait - ssdpsrv.dll - c:\windows\system32\ssdpsrv.dll - Microsoft Corporation
             3052 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             3796 - Wait -  -  - 

------------------------------------------------------------------------------------------

      Image File Name[svchost.exe]Threads
             916 - Wait - svchost.exe - C:\WINDOWS\system32\svchost.exe - Microsoft Corporation
             948 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             956 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             2084 - Wait - RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             2468 - Wait - termsrv.dll - c:\windows\system32\termsrv.dll - Microsoft Corporation
             2496 - Wait -  -  - 
             2504 - Wait -  -  - 
             2516 - Wait - termsrv.dll - c:\windows\system32\termsrv.dll - Microsoft Corporation
             2528 - Wait - termsrv.dll - c:\windows\system32\termsrv.dll - Microsoft Corporation
             2532 - Wait - termsrv.dll - c:\windows\system32\termsrv.dll - Microsoft Corporation
             2536 - Wait - kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             2540 - Wait - RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             2544 - Wait - USERENV.dll - C:\WINDOWS\system32\USERENV.dll - Microsoft Corporation
             2548 - Wait - kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             2564 - Wait - kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             2572 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             3044 - Wait - kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[svchost.exe]Threads
             932 - Wait -  -  - 
             1160 - Wait - svchost.exe - C:\WINDOWS\system32\svchost.exe - Microsoft Corporation
             1296 - Wait - dnsrslvr.dll - c:\windows\system32\dnsrslvr.dll - Microsoft Corporation
             1300 - Wait - dnsrslvr.dll - c:\windows\system32\dnsrslvr.dll - Microsoft Corporation
             3504 - Wait -  -  - 
             3892 - Wait - kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[AvastUI.exe]Threads
             1072 - Wait - wdmaud.drv - C:\WINDOWS\system32\wdmaud.drv - Microsoft Corporation
             1076 - Wait - WINMM.dll - C:\WINDOWS\system32\WINMM.dll - Microsoft Corporation
             1220 - Wait - aswData.dll - C:\Program Files\Alwil Software\Avast5\aswData.dll - AVAST Software
             1892 - Wait - avastUI.exe - C:\Program Files\Alwil Software\Avast5\avastUI.exe - AVAST Software
             1900 - Terminate - avastUI.exe - C:\Program Files\Alwil Software\Avast5\avastUI.exe - AVAST Software
             1908 - Wait -  -  - 
             1916 - Wait - Aavm4h.dll - C:\Program Files\Alwil Software\Avast5\Aavm4h.dll - AVAST Software
             1920 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             1924 - Wait - avastUI.exe - C:\Program Files\Alwil Software\Avast5\avastUI.exe - AVAST Software
             1940 - Wait - avastUI.exe - C:\Program Files\Alwil Software\Avast5\avastUI.exe - AVAST Software
             2028 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             2032 - Wait - avastUI.exe - C:\Program Files\Alwil Software\Avast5\avastUI.exe - AVAST Software
             2036 - Wait - avastUI.exe - C:\Program Files\Alwil Software\Avast5\avastUI.exe - AVAST Software
             2052 - Wait - avastUI.exe - C:\Program Files\Alwil Software\Avast5\avastUI.exe - AVAST Software
             2356 - Wait - avastUI.exe - C:\Program Files\Alwil Software\Avast5\avastUI.exe - AVAST Software
             2360 - Wait - avastUI.exe - C:\Program Files\Alwil Software\Avast5\avastUI.exe - AVAST Software

------------------------------------------------------------------------------------------

      Image File Name[spoolsv.exe]Threads
             1676 - Wait - spoolsv.exe - C:\WINDOWS\system32\spoolsv.exe - Microsoft Corporation
             1732 - Wait - ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             1736 - Wait -  -  - 
             1748 - Wait - spoolsv.exe - C:\WINDOWS\system32\spoolsv.exe - Microsoft Corporation
             3096 - Wait - spoolsv.exe - C:\WINDOWS\system32\spoolsv.exe - Microsoft Corporation
             3360 - Wait - usbmon.dll - C:\WINDOWS\system32\usbmon.dll - Microsoft Corporation
             3436 - Wait - localspl.dll - C:\WINDOWS\system32\localspl.dll - Microsoft Corporation
             3440 - Wait - localspl.dll - C:\WINDOWS\system32\localspl.dll - Microsoft Corporation
             3632 - Wait - RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             4056 - Wait - RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[XueTr.exe]Threads
             1948 - Wait - XueTr.exe - C:\DOCUME~1\Zuzana\LOCALS~1\Temp\Rar$EX00.546\XueTr.exe - Email: linxer@163.com
             3252 - Run - XueTr.exe - C:\DOCUME~1\Zuzana\LOCALS~1\Temp\Rar$EX00.546\XueTr.exe - Email: linxer@163.com
             3580 - Wait - ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[ctfmon.exe]Threads
             2004 - Wait - ctfmon.exe - C:\WINDOWS\system32\ctfmon.exe - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[WinRAR.exe]Threads
             3228 - Wait - WinRAR.exe - C:\Program Files\WinRAR\WinRAR.exe - 
             3428 - Wait - ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             3556 - Wait - WinRAR.exe - C:\Program Files\WinRAR\WinRAR.exe - 

------------------------------------------------------------------------------------------

      Image File Name[notepad.exe]Threads
             2704 - Wait - NOTEPAD.EXE - C:\WINDOWS\system32\NOTEPAD.EXE - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[alg.exe]Threads
             2892 - Wait - alg.exe - C:\WINDOWS\System32\alg.exe - Microsoft Corporation
             3064 - Wait - ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             3068 - Wait - kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             3084 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             3092 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[notepad.exe]Threads
             4060 - Wait - NOTEPAD.EXE - C:\WINDOWS\system32\NOTEPAD.EXE - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[Idle]Threads

==========================================================================================

Kernel Module

       ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       hal.dll - C:\WINDOWS\system32\hal.dll - Microsoft Corporation
       KDCOM.DLL - C:\WINDOWS\system32\KDCOM.DLL - Microsoft Corporation
       BOOTVID.dll - C:\WINDOWS\system32\BOOTVID.dll - Microsoft Corporation
       ACPI.sys - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       WMILIB.SYS - C:\WINDOWS\system32\DRIVERS\WMILIB.SYS - Microsoft Corporation
       pci.sys - C:\WINDOWS\system32\drivers\pci.sys - Microsoft Corporation
       isapnp.sys - C:\WINDOWS\system32\drivers\isapnp.sys - Microsoft Corporation
       PCIIde.sys - C:\WINDOWS\system32\drivers\PCIIde.sys - Microsoft Corporation
       PCIIDEX.SYS - C:\WINDOWS\System32\Drivers\PCIIDEX.SYS - Microsoft Corporation
       intelide.sys - C:\WINDOWS\system32\drivers\intelide.sys - Microsoft Corporation
       MountMgr.sys - C:\WINDOWS\system32\drivers\MountMgr.sys - Microsoft Corporation
       ftdisk.sys - C:\WINDOWS\system32\drivers\ftdisk.sys - Microsoft Corporation
       dmload.sys - C:\WINDOWS\system32\drivers\dmload.sys - Microsoft Corp., Veritas Software.
       dmio.sys - C:\WINDOWS\system32\drivers\dmio.sys - Microsoft Corp., Veritas Software
       PartMgr.sys - C:\WINDOWS\system32\drivers\PartMgr.sys - Microsoft Corporation
       VolSnap.sys - C:\WINDOWS\system32\drivers\VolSnap.sys - Microsoft Corporation
       atapi.sys - C:\WINDOWS\system32\drivers\atapi.sys - Microsoft Corporation
       disk.sys - C:\WINDOWS\system32\drivers\disk.sys - Microsoft Corporation
       CLASSPNP.SYS - C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS - Microsoft Corporation
       fltmgr.sys - C:\WINDOWS\system32\drivers\fltmgr.sys - Microsoft Corporation
       sr.sys - C:\WINDOWS\system32\drivers\sr.sys - Microsoft Corporation
       KSecDD.sys - C:\WINDOWS\system32\drivers\KSecDD.sys - Microsoft Corporation
       Ntfs.sys - C:\WINDOWS\system32\drivers\Ntfs.sys - Microsoft Corporation
       NDIS.sys - C:\WINDOWS\system32\drivers\NDIS.sys - Microsoft Corporation
       Mup.sys - C:\WINDOWS\system32\drivers\Mup.sys - Microsoft Corporation
       usbuhci.sys - C:\WINDOWS\system32\DRIVERS\usbuhci.sys - Microsoft Corporation
       USBPORT.SYS - C:\WINDOWS\system32\DRIVERS\USBPORT.SYS - Microsoft Corporation
       usbehci.sys - C:\WINDOWS\system32\DRIVERS\usbehci.sys - Microsoft Corporation
       cmudax3.sys - C:\WINDOWS\system32\drivers\cmudax3.sys - C-Media Inc
       portcls.sys - C:\WINDOWS\system32\drivers\portcls.sys - Microsoft Corporation
       drmk.sys - C:\WINDOWS\system32\drivers\drmk.sys - Microsoft Corporation
       ks.sys - C:\WINDOWS\system32\drivers\ks.sys - Microsoft Corporation
       e100b325.sys - C:\WINDOWS\system32\DRIVERS\e100b325.sys - Intel Corporation
       i8042prt.sys - C:\WINDOWS\system32\DRIVERS\i8042prt.sys - Microsoft Corporation
       mouclass.sys - C:\WINDOWS\system32\DRIVERS\mouclass.sys - Microsoft Corporation
       kbdclass.sys - C:\WINDOWS\system32\DRIVERS\kbdclass.sys - Microsoft Corporation
       parport.sys - C:\WINDOWS\system32\DRIVERS\parport.sys - Microsoft Corporation
       serial.sys - C:\WINDOWS\system32\DRIVERS\serial.sys - Microsoft Corporation
       serenum.sys - C:\WINDOWS\system32\DRIVERS\serenum.sys - Microsoft Corporation
       fdc.sys - C:\WINDOWS\system32\DRIVERS\fdc.sys - Microsoft Corporation
       imapi.sys - C:\WINDOWS\system32\DRIVERS\imapi.sys - Microsoft Corporation
       Afc.sys - C:\WINDOWS\system32\drivers\Afc.sys - Arcsoft, Inc.
       cdrom.sys - C:\WINDOWS\system32\DRIVERS\cdrom.sys - Microsoft Corporation
       redbook.sys - C:\WINDOWS\system32\DRIVERS\redbook.sys - Microsoft Corporation
       intelppm.sys - C:\WINDOWS\system32\DRIVERS\intelppm.sys - Microsoft Corporation
       audstub.sys - C:\WINDOWS\system32\DRIVERS\audstub.sys - Microsoft Corporation
       rasl2tp.sys - C:\WINDOWS\system32\DRIVERS\rasl2tp.sys - Microsoft Corporation
       ndistapi.sys - C:\WINDOWS\system32\DRIVERS\ndistapi.sys - Microsoft Corporation
       ndiswan.sys - C:\WINDOWS\system32\DRIVERS\ndiswan.sys - Microsoft Corporation
       raspppoe.sys - C:\WINDOWS\system32\DRIVERS\raspppoe.sys - Microsoft Corporation
       raspptp.sys - C:\WINDOWS\system32\DRIVERS\raspptp.sys - Microsoft Corporation
       TDI.SYS - C:\WINDOWS\system32\DRIVERS\TDI.SYS - Microsoft Corporation
       psched.sys - C:\WINDOWS\system32\DRIVERS\psched.sys - Microsoft Corporation
       msgpc.sys - C:\WINDOWS\system32\DRIVERS\msgpc.sys - Microsoft Corporation
       ptilink.sys - C:\WINDOWS\system32\DRIVERS\ptilink.sys - Parallel Technologies, Inc.
       raspti.sys - C:\WINDOWS\system32\DRIVERS\raspti.sys - Microsoft Corporation
       rdpdr.sys - C:\WINDOWS\system32\DRIVERS\rdpdr.sys - Microsoft Corporation
       termdd.sys - C:\WINDOWS\system32\DRIVERS\termdd.sys - Microsoft Corporation
       swenum.sys - C:\WINDOWS\system32\DRIVERS\swenum.sys - Microsoft Corporation
       update.sys - C:\WINDOWS\system32\DRIVERS\update.sys - Microsoft Corporation
       mssmbios.sys - C:\WINDOWS\system32\DRIVERS\mssmbios.sys - Microsoft Corporation
       usbhub.sys - C:\WINDOWS\system32\DRIVERS\usbhub.sys - Microsoft Corporation
       USBD.SYS - C:\WINDOWS\system32\DRIVERS\USBD.SYS - Microsoft Corporation
       NDProxy.SYS - C:\WINDOWS\System32\Drivers\NDProxy.SYS - Microsoft Corporation
       Fs_Rec.SYS - C:\WINDOWS\System32\Drivers\Fs_Rec.SYS - Microsoft Corporation
       Null.SYS - C:\WINDOWS\System32\Drivers\Null.SYS - Microsoft Corporation
       Beep.SYS - C:\WINDOWS\System32\Drivers\Beep.SYS - Microsoft Corporation
       vga.sys - C:\WINDOWS\System32\drivers\vga.sys - Microsoft Corporation
       VIDEOPRT.SYS - C:\WINDOWS\System32\drivers\VIDEOPRT.SYS - Microsoft Corporation
       mnmdd.SYS - C:\WINDOWS\System32\Drivers\mnmdd.SYS - Microsoft Corporation
       RDPCDD.sys - C:\WINDOWS\System32\DRIVERS\RDPCDD.sys - Microsoft Corporation
       Msfs.SYS - C:\WINDOWS\System32\Drivers\Msfs.SYS - Microsoft Corporation
       Npfs.SYS - C:\WINDOWS\System32\Drivers\Npfs.SYS - Microsoft Corporation
       rasacd.sys - C:\WINDOWS\system32\DRIVERS\rasacd.sys - Microsoft Corporation
       ipsec.sys - C:\WINDOWS\system32\DRIVERS\ipsec.sys - Microsoft Corporation
       tcpip.sys - C:\WINDOWS\system32\DRIVERS\tcpip.sys - Microsoft Corporation
       aswTdi.SYS - C:\WINDOWS\System32\Drivers\aswTdi.SYS - AVAST Software
       netbt.sys - C:\WINDOWS\system32\DRIVERS\netbt.sys - Microsoft Corporation
       aswRdr.SYS - C:\WINDOWS\System32\Drivers\aswRdr.SYS - AVAST Software
       afd.sys - C:\WINDOWS\System32\drivers\afd.sys - Microsoft Corporation
       netbios.sys - C:\WINDOWS\system32\DRIVERS\netbios.sys - Microsoft Corporation
       sp_rsdrv2.sys - C:\WINDOWS\system32\drivers\sp_rsdrv2.sys - 
       rdbss.sys - C:\WINDOWS\system32\DRIVERS\rdbss.sys - Microsoft Corporation
       mrxsmb.sys - C:\WINDOWS\system32\DRIVERS\mrxsmb.sys - Microsoft Corporation
       Fips.SYS - C:\WINDOWS\System32\Drivers\Fips.SYS - Microsoft Corporation
       ipnat.sys - C:\WINDOWS\system32\DRIVERS\ipnat.sys - Microsoft Corporation
       wanarp.sys - C:\WINDOWS\system32\DRIVERS\wanarp.sys - Microsoft Corporation
       aswSP.SYS - C:\WINDOWS\System32\Drivers\aswSP.SYS - AVAST Software
       aswSnx.SYS - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       Aavmker4.SYS - C:\WINDOWS\System32\Drivers\Aavmker4.SYS - AVAST Software
       Cdfs.SYS - C:\WINDOWS\System32\Drivers\Cdfs.SYS - Microsoft Corporation
       dump_atapi.sys - C:\WINDOWS\System32\Drivers\dump_atapi.sys - File not found
       dump_WMILIB.SYS - C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS - File not found
       win32k.sys - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       Dxapi.sys - C:\WINDOWS\System32\drivers\Dxapi.sys - Microsoft Corporation
       watchdog.sys - C:\WINDOWS\System32\watchdog.sys - Microsoft Corporation
       dxg.sys - C:\WINDOWS\System32\drivers\dxg.sys - Microsoft Corporation
       dxgthk.sys - C:\WINDOWS\System32\drivers\dxgthk.sys - Microsoft Corporation
       framebuf.dll - C:\WINDOWS\System32\framebuf.dll - Microsoft Corporation
       ATMFD.DLL - C:\WINDOWS\System32\ATMFD.DLL - Adobe Systems Incorporated
       aswFsBlk.SYS - C:\WINDOWS\System32\Drivers\aswFsBlk.SYS - AVAST Software
       ndisuio.sys - C:\WINDOWS\system32\DRIVERS\ndisuio.sys - Microsoft Corporation
       aswMon2.SYS - C:\WINDOWS\System32\Drivers\aswMon2.SYS - AVAST Software
       wdmaud.sys - C:\WINDOWS\system32\drivers\wdmaud.sys - Microsoft Corporation
       sysaudio.sys - C:\WINDOWS\system32\drivers\sysaudio.sys - Microsoft Corporation
       mrxdav.sys - C:\WINDOWS\system32\DRIVERS\mrxdav.sys - Microsoft Corporation
       ParVdm.SYS - C:\WINDOWS\System32\Drivers\ParVdm.SYS - Microsoft Corporation
       srv.sys - C:\WINDOWS\system32\DRIVERS\srv.sys - Microsoft Corporation
       HTTP.sys - C:\WINDOWS\System32\Drivers\HTTP.sys - Microsoft Corporation
       XueTr.sys - C:\DOCUME~1\Zuzana\LOCALS~1\Temp\Rar$EX00.546\XueTr.sys - File not found

==========================================================================================

Notify Routine

       CreateProcess - 0xB8A6E60A - C:\WINDOWS\System32\Drivers\aswSP.SYS - AVAST Software
       CreateProcess - 0xB89D3B70 - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       CreateProcess - 0xF754832C - C:\WINDOWS\System32\Drivers\Aavmker4.SYS - AVAST Software
       CreateProcess - 0xB8B80AF4 - C:\WINDOWS\system32\drivers\sp_rsdrv2.sys - 
       CreateThread - 0xB8A6E37A - C:\WINDOWS\System32\Drivers\aswSP.SYS - AVAST Software
       CreateThread - 0xB89D2144 - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       LoadImage - 0xB8A6E266 - C:\WINDOWS\System32\Drivers\aswSP.SYS - AVAST Software
       LoadImage - 0xB89D28A2 - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       LoadImage - 0xB8B80A3A - C:\WINDOWS\system32\drivers\sp_rsdrv2.sys - 
       BugCheckCallback - 0xF74285EF - C:\WINDOWS\system32\drivers\NDIS.sys - Microsoft Corporation
       BugCheckCallback - 0x806F67CC - C:\WINDOWS\system32\hal.dll - Microsoft Corporation
       BugCheckReasonCallback - 0xB8CC9522 - C:\WINDOWS\System32\drivers\VIDEOPRT.SYS - Microsoft Corporation
       BugCheckReasonCallback - 0xBA7DCAB8 - C:\WINDOWS\system32\DRIVERS\mssmbios.sys - Microsoft Corporation
       BugCheckReasonCallback - 0xBA7DCA70 - C:\WINDOWS\system32\DRIVERS\mssmbios.sys - Microsoft Corporation
       BugCheckReasonCallback - 0xBA7DCA28 - C:\WINDOWS\system32\DRIVERS\mssmbios.sys - Microsoft Corporation
       BugCheckReasonCallback - 0xB93351BE - C:\WINDOWS\system32\DRIVERS\USBPORT.SYS - Microsoft Corporation
       BugCheckReasonCallback - 0xB933511E - C:\WINDOWS\system32\DRIVERS\USBPORT.SYS - Microsoft Corporation
       SeFileSystem - 0xB8AF9375 - C:\WINDOWS\system32\DRIVERS\mrxsmb.sys - Microsoft Corporation
       Shutdown - 0xBA4C4C74 - C:\WINDOWS\System32\Drivers\Cdfs.SYS - Microsoft Corporation
       Shutdown - 0xB8CD5C6A - C:\WINDOWS\System32\drivers\VIDEOPRT.SYS - Microsoft Corporation
       Shutdown - 0xB8CD5C6A - C:\WINDOWS\System32\drivers\VIDEOPRT.SYS - Microsoft Corporation
       Shutdown - 0xB8CD5C6A - C:\WINDOWS\System32\drivers\VIDEOPRT.SYS - Microsoft Corporation
       Shutdown - 0xF79B35BE - C:\WINDOWS\System32\Drivers\Fs_Rec.SYS - Microsoft Corporation
       Shutdown - 0xF79B35BE - C:\WINDOWS\System32\Drivers\Fs_Rec.SYS - Microsoft Corporation
       Shutdown - 0xF79B35BE - C:\WINDOWS\System32\Drivers\Fs_Rec.SYS - Microsoft Corporation
       Shutdown - 0xF79B35BE - C:\WINDOWS\System32\Drivers\Fs_Rec.SYS - Microsoft Corporation
       Shutdown - 0xF79B35BE - C:\WINDOWS\System32\Drivers\Fs_Rec.SYS - Microsoft Corporation
       Shutdown - 0xF741B96B - C:\WINDOWS\system32\drivers\Mup.sys - Microsoft Corporation
       Shutdown - 0xF74D92BE - C:\WINDOWS\system32\drivers\ftdisk.sys - Microsoft Corporation
       Shutdown - 0xF760773A - C:\WINDOWS\system32\drivers\MountMgr.sys - Microsoft Corporation
       Shutdown - 0x80630A35 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Shutdown - 0x80640AEB - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       PlugPlay - 0xB8598FCC - C:\WINDOWS\system32\drivers\sysaudio.sys - Microsoft Corporation
       PlugPlay - 0x805D5C01 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       PlugPlay - 0x805D5C01 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       PlugPlay - 0xBF882A1E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       PlugPlay - 0x805D5C01 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       PlugPlay - 0xB82D344E - C:\WINDOWS\system32\drivers\wdmaud.sys - Microsoft Corporation
       PlugPlay - 0xB82D344E - C:\WINDOWS\system32\drivers\wdmaud.sys - Microsoft Corporation
       PlugPlay - 0xB82D344E - C:\WINDOWS\system32\drivers\wdmaud.sys - Microsoft Corporation
       PlugPlay - 0xB82D344E - C:\WINDOWS\system32\drivers\wdmaud.sys - Microsoft Corporation
       PlugPlay - 0xBF882A1E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       PlugPlay - 0xBF883645 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       PlugPlay - 0xB9B0EAC0 - C:\WINDOWS\system32\DRIVERS\redbook.sys - Microsoft Corporation
       PlugPlay - 0xF760FC26 - C:\WINDOWS\system32\drivers\MountMgr.sys - Microsoft Corporation
       PlugPlay - 0xF761F544 - C:\WINDOWS\system32\drivers\VolSnap.sys - Microsoft Corporation
       PlugPlay - 0xBF882A1E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       PlugPlay - 0x805D5C01 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       PlugPlay - 0xF771085E - C:\WINDOWS\system32\drivers\PartMgr.sys - Microsoft Corporation
       PlugPlay - 0xB8598FCC - C:\WINDOWS\system32\drivers\sysaudio.sys - Microsoft Corporation
       FsNotifyChange - 0xF7473876 - C:\WINDOWS\system32\drivers\sr.sys - Microsoft Corporation
       FsNotifyChange - 0xF748A4B8 - C:\WINDOWS\system32\drivers\fltmgr.sys - Microsoft Corporation
       FsNotifyChange - 0xB83D3866 - C:\WINDOWS\System32\Drivers\aswMon2.SYS - AVAST Software

==========================================================================================

Filter

       File - \FileSystem\sr->\FileSystem\Ntfs - 0x89BC8DD0 - C:\WINDOWS\system32\drivers\sr.sys - Microsoft Corporation
       File - \FileSystem\FltMgr->\FileSystem\sr - 0x899197D8 - C:\WINDOWS\system32\drivers\fltmgr.sys - Microsoft Corporation
       File - \FileSystem\aswMon2->\FileSystem\FltMgr - 0x8954E020 - C:\WINDOWS\System32\Drivers\aswMon2.SYS - AVAST Software
       Disk - \Driver\PartMgr->\Driver\Disk - 0x89B08900 - C:\WINDOWS\system32\drivers\PartMgr.sys - Microsoft Corporation
       Volume - \Driver\VolSnap->\Driver\Ftdisk - 0x89AC0930 - C:\WINDOWS\system32\drivers\VolSnap.sys - Microsoft Corporation
       I8042prt - \Driver\Kbdclass->\Driver\i8042prt - 0x89AACAA0 - C:\WINDOWS\system32\DRIVERS\kbdclass.sys - Microsoft Corporation
       I8042prt - \Driver\Mouclass->\Driver\i8042prt - 0x89B855E8 - C:\WINDOWS\system32\DRIVERS\mouclass.sys - Microsoft Corporation
       Tcpip - \Driver\aswTdi->\Driver\Tcpip - 0x8984AEC8 - C:\WINDOWS\System32\Drivers\aswTdi.SYS - AVAST Software
       Tcpip - \Driver\aswTdi->\Driver\Tcpip - 0x8984B3C0 - C:\WINDOWS\System32\Drivers\aswTdi.SYS - AVAST Software
       Tcpip - \Driver\aswRdr->\Driver\aswTdi - 0x897E1490 - C:\WINDOWS\System32\Drivers\aswRdr.SYS - AVAST Software
       PnpManager - \Driver\mssmbios->\Driver\PnpManager - 0x89A0A020 - C:\WINDOWS\system32\DRIVERS\mssmbios.sys - Microsoft Corporation
       PnpManager - \Driver\Update->\Driver\PnpManager - 0x89A3E030 - C:\WINDOWS\system32\DRIVERS\update.sys - Microsoft Corporation
       PnpManager - \Driver\swenum->\Driver\PnpManager - 0x89A61020 - C:\WINDOWS\system32\DRIVERS\swenum.sys - Microsoft Corporation
       PnpManager - \Driver\TermDD->\Driver\PnpManager - 0x89A5F030 - C:\WINDOWS\system32\DRIVERS\termdd.sys - Microsoft Corporation
       PnpManager - \Driver\Mouclass->\Driver\TermDD - 0x89900C60 - C:\WINDOWS\system32\DRIVERS\mouclass.sys - Microsoft Corporation
       PnpManager - \Driver\TermDD->\Driver\PnpManager - 0x89ADC030 - C:\WINDOWS\system32\DRIVERS\termdd.sys - Microsoft Corporation
       PnpManager - \Driver\Kbdclass->\Driver\TermDD - 0x899C8A08 - C:\WINDOWS\system32\DRIVERS\kbdclass.sys - Microsoft Corporation
       PnpManager - \Driver\rdpdr->\Driver\PnpManager - 0x89B35030 - C:\WINDOWS\system32\DRIVERS\rdpdr.sys - Microsoft Corporation
       PnpManager - \Driver\Raspti->\Driver\PnpManager - 0x899C67A8 - C:\WINDOWS\system32\DRIVERS\raspti.sys - Microsoft Corporation
       PnpManager - \Driver\PSched->\Driver\PnpManager - 0x899289D0 - C:\WINDOWS\system32\DRIVERS\psched.sys - Microsoft Corporation
       PnpManager - \Driver\PSched->\Driver\PnpManager - 0x89925168 - C:\WINDOWS\system32\DRIVERS\psched.sys - Microsoft Corporation
       PnpManager - \Driver\PptpMiniport->\Driver\PnpManager - 0x89B199D0 - C:\WINDOWS\system32\DRIVERS\raspptp.sys - Microsoft Corporation
       PnpManager - \Driver\RasPppoe->\Driver\PnpManager - 0x89B5D030 - C:\WINDOWS\system32\DRIVERS\raspppoe.sys - Microsoft Corporation
       PnpManager - \Driver\NdisWan->\Driver\PnpManager - 0x89B97440 - C:\WINDOWS\system32\DRIVERS\ndiswan.sys - Microsoft Corporation
       PnpManager - \Driver\Rasl2tp->\Driver\PnpManager - 0x899E52E8 - C:\WINDOWS\system32\DRIVERS\rasl2tp.sys - Microsoft Corporation
       PnpManager - \Driver\audstub->\Driver\PnpManager - 0x89AA9F10 - C:\WINDOWS\system32\DRIVERS\audstub.sys - Microsoft Corporation
       PnpManager - \Driver\audstub->\Driver\PnpManager - 0x89AFB680 - C:\WINDOWS\system32\DRIVERS\audstub.sys - Microsoft Corporation
       PnpManager - \Driver\audstub->\Driver\PnpManager - 0x89AFBA70 - C:\WINDOWS\system32\DRIVERS\audstub.sys - Microsoft Corporation
       PnpManager - \Driver\audstub->\Driver\PnpManager - 0x899E48D8 - C:\WINDOWS\system32\DRIVERS\audstub.sys - Microsoft Corporation
       PnpManager - \Driver\audstub->\Driver\PnpManager - 0x89AD9490 - C:\WINDOWS\system32\DRIVERS\audstub.sys - Microsoft Corporation
       PnpManager - \Driver\Ftdisk->\Driver\PnpManager - 0x89ACB300 - C:\WINDOWS\system32\drivers\ftdisk.sys - Microsoft Corporation
       PnpManager - \Driver\dmio->\Driver\PnpManager - 0x89AD1EC8 - C:\WINDOWS\system32\drivers\dmio.sys - Microsoft Corp., Veritas Software
       PnpManager - \Driver\ACPI_HAL->\Driver\PnpManager - 0x89C131A8 -  - 

==========================================================================================

DPC Timer

       0x89897410 - 0x804E59B7 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       0x89904140 - 0x804E59B7 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       0x805612E0 - 0x804E6471 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       0x80562480 - 0x805181A1 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       0x805589D0 - 0x804ED0E5 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       0xB7A4BE60 - 0xB7A3B6BC - C:\WINDOWS\System32\Drivers\HTTP.sys - Microsoft Corporation
       0x8997C898 - 0xB8BB285A - C:\WINDOWS\System32\drivers\afd.sys - Microsoft Corporation
       0xB8C54D08 - 0xB8C453E7 - C:\WINDOWS\system32\DRIVERS\ipsec.sys - Microsoft Corporation
       0xB8C551C0 - 0xB8C45471 - C:\WINDOWS\system32\DRIVERS\ipsec.sys - Microsoft Corporation
       0xB8C54D70 - 0xB8C453E7 - C:\WINDOWS\system32\DRIVERS\ipsec.sys - Microsoft Corporation
       0xB8C302D0 - 0xF77E73F0 - C:\WINDOWS\system32\DRIVERS\TDI.SYS - Microsoft Corporation
       0x899C1208 - 0xB8BC448A - C:\WINDOWS\system32\DRIVERS\netbt.sys - Microsoft Corporation
       0xB8AD5D60 - 0xB8ACD266 - C:\WINDOWS\system32\DRIVERS\ipnat.sys - Microsoft Corporation
       0x89AB43D0 - 0xB8BC448A - C:\WINDOWS\system32\DRIVERS\netbt.sys - Microsoft Corporation
       0x80562500 - 0x80546FE3 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       0x80562580 - 0x80546FB8 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       0x89B975B0 - 0xF743CF6F - C:\WINDOWS\system32\drivers\NDIS.sys - Microsoft Corporation
       0x899E5458 - 0xF743CF6F - C:\WINDOWS\system32\drivers\NDIS.sys - Microsoft Corporation
       0x898E7770 - 0x804E59B7 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       0x899C6918 - 0xF743CF6F - C:\WINDOWS\system32\drivers\NDIS.sys - Microsoft Corporation
       0x89928B40 - 0xF743CF6F - C:\WINDOWS\system32\drivers\NDIS.sys - Microsoft Corporation
       0xF7B72270 - 0xF7B541B4 - C:\WINDOWS\system32\drivers\Ntfs.sys - Microsoft Corporation
       0x898C6700 - 0x804E59B7 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       0x89AAD730 - 0xB932C6DC - C:\WINDOWS\system32\DRIVERS\USBPORT.SYS - Microsoft Corporation
       0xB8C35010 - 0xB8BEC3DD - C:\WINDOWS\system32\DRIVERS\tcpip.sys - Microsoft Corporation
       0x80560B60 - 0x804E4D50 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       0xB8B5E2A0 - 0xB8B54385 - C:\WINDOWS\system32\DRIVERS\rdbss.sys - Microsoft Corporation
       0x89A57730 - 0xB932C6DC - C:\WINDOWS\system32\DRIVERS\USBPORT.SYS - Microsoft Corporation
       0x899252D8 - 0xF743CF6F - C:\WINDOWS\system32\drivers\NDIS.sys - Microsoft Corporation
       0x89101248 - 0xB8BB285A - C:\WINDOWS\System32\drivers\afd.sys - Microsoft Corporation
       0x899817B8 - 0x804E59B7 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       0x898CDA90 - 0xB8A61EDE - C:\WINDOWS\System32\Drivers\aswSP.SYS - AVAST Software
       0x894DB1A0 - 0xF747E23C - C:\WINDOWS\system32\drivers\fltmgr.sys - Microsoft Corporation
       0x897D2368 - 0x804E59B7 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       0xB7A4E440 - 0xB7A41C66 - C:\WINDOWS\System32\Drivers\HTTP.sys - Microsoft Corporation
       0x89BDBB20 - 0xF746892E - C:\WINDOWS\system32\drivers\sr.sys - Microsoft Corporation
       0x80558B00 - 0x804E3F07 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       0x80557388 - 0x804E5240 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       0xB7A4BC10 - 0xB7A341D0 - C:\WINDOWS\System32\Drivers\HTTP.sys - Microsoft Corporation
       0x89B5E730 - 0xB932C6DC - C:\WINDOWS\system32\DRIVERS\USBPORT.SYS - Microsoft Corporation
       0x899C2B88 - 0xF77E73F0 - C:\WINDOWS\system32\DRIVERS\TDI.SYS - Microsoft Corporation
       0x899848D0 - 0xB8CA06C4 - C:\WINDOWS\System32\watchdog.sys - Microsoft Corporation
       0x89852318 - 0xB8CA06C4 - C:\WINDOWS\System32\watchdog.sys - Microsoft Corporation
       0x899214B0 - 0xF77E73F0 - C:\WINDOWS\system32\DRIVERS\TDI.SYS - Microsoft Corporation
       0x898E3D88 - 0xF77E73F0 - C:\WINDOWS\system32\DRIVERS\TDI.SYS - Microsoft Corporation
       0x89927918 - 0xF743CF1A - C:\WINDOWS\system32\drivers\NDIS.sys - Microsoft Corporation
       0xF7B722D0 - 0xF7B543D8 - C:\WINDOWS\system32\drivers\Ntfs.sys - Microsoft Corporation
       0x89A19998 - 0x804E59B7 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       0xB7A4E4E0 - 0xB7A3FAB2 - C:\WINDOWS\System32\Drivers\HTTP.sys - Microsoft Corporation
       0x80557FE0 - 0x80515735 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       0x89A3F170 - 0xF743D6BC - C:\WINDOWS\system32\drivers\NDIS.sys - Microsoft Corporation
       0x89B19B40 - 0xF743CF6F - C:\WINDOWS\system32\drivers\NDIS.sys - Microsoft Corporation
       0x89B5D1A0 - 0xF743CF6F - C:\WINDOWS\system32\drivers\NDIS.sys - Microsoft Corporation
       0x898B8020 - 0x804E59B7 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       0x899B1658 - 0x804E59B7 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       0xB7F0CB58 - 0xB7EF9385 - C:\WINDOWS\system32\DRIVERS\srv.sys - Microsoft Corporation
       0x898E5490 - 0x804E59B7 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       0x89BB8950 - 0x804E59B7 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       0x89B87380 - 0xF743CF6F - C:\WINDOWS\system32\drivers\NDIS.sys - Microsoft Corporation
       0x895D0B28 - 0xB8BA2385 - C:\WINDOWS\System32\drivers\afd.sys - Microsoft Corporation
       0x8055B140 - 0x8051762B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       0x891D0950 - 0x804E59B7 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       0x899F04B8 - 0x804E59B7 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation

==========================================================================================

Worker Thread

       CriticalWorkQueue - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CriticalWorkQueue - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CriticalWorkQueue - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       DelayedWorkQueue - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       DelayedWorkQueue - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       HyperCriticalWorkQueue - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation

==========================================================================================

Object Hijack

       Nothing

==========================================================================================

Direct IO

       csrss.exe - C:\WINDOWS\system32\csrss.exe - Microsoft Corporation - IOPL

==========================================================================================

GDT

       Selector(0x0001) - Type(Code RE Ac)
       Selector(0x0002) - Type(Data RW Ac)
       Selector(0x0003) - Type(Code RE Ac)
       Selector(0x0004) - Type(Data RW Ac)
       Selector(0x0005) - Type(T5532 Busy)
       Selector(0x0006) - Type(Data RW Ac)
       Selector(0x0007) - Type(Data RW Ac)
       Selector(0x0008) - Type(Data RW)
       Selector(0x000A) - Type(T5532 Avl)
       Selector(0x000B) - Type(T5532 Avl)
       Selector(0x000C) - Type(Data RW Ac)
       Selector(0x000D) - Type(Data RW)
       Selector(0x000E) - Type(Data RW)
       Selector(0x000F) - Type(Code RE)
       Selector(0x0010) - Type(Data RW)
       Selector(0x0011) - Type(Data RW)
       Selector(0x0014) - Type(T5532 Avl)
       Selector(0x001D) - Type(Data RW)
       Selector(0x001E) - Type(Code EO)
       Selector(0x001F) - Type(Data RW)

==========================================================================================

SSDT

       NtAcceptConnectPort - OK - 0x80599957 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtAccessCheck - OK - 0x80575FB1 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtAccessCheckAndAuditAlarm - OK - 0x805910B9 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtAccessCheckByType - OK - 0x8058F9F9 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtAccessCheckByTypeAndAuditAlarm - OK - 0x8059BF36 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtAccessCheckByTypeResultList - OK - 0x80638E2E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtAccessCheckByTypeResultListAndAuditAlarm - OK - 0x8063AFB7 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtAccessCheckByTypeResultListAndAuditAlarmByHandle - OK - 0x8063B000 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtAddAtom - OK - 0x805744D7 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtAddBootEntry - ssdt hook - 0xB89C3DF8 - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtAdjustGroupsToken - OK - 0x806385E9 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtAdjustPrivilegesToken - OK - 0x8059B554 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtAlertResumeThread - OK - 0x8062FFDC - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtAlertThread - OK - 0x805771F8 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtAllocateLocallyUniqueId - OK - 0x80593AD4 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtAllocateUserPhysicalPages - OK - 0x80626F37 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtAllocateUuids - OK - 0x8059F7F9 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtAllocateVirtualMemory - ssdt hook - 0xB8A50A5A - C:\WINDOWS\System32\Drivers\aswSP.SYS - AVAST Software
       NtAreMappedFilesTheSame - OK - 0x805D916F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtAssignProcessToJobObject - ssdt hook - 0xB89C485E - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtCallbackReturn - OK - 0x804E2CC4 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCancelDeviceWakeupRequest - OK - 0x8062C782 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCancelIoFile - OK - 0x805CB2CD - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCancelTimer - OK - 0x804ECFBC - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtClearEvent - OK - 0x80569896 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtClose - ssdt hook - 0xB8B8088E - C:\WINDOWS\system32\drivers\sp_rsdrv2.sys - 
       NtCloseObjectAuditAlarm - OK - 0x8059B9C2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCompactKeys - OK - 0x8064F6C4 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCompareTokens - OK - 0x8058F6C4 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCompleteConnectPort - OK - 0x8059A0D1 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCompressKey - OK - 0x8064F931 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtConnectPort - OK - 0x8059110B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtContinue - OK - 0x804E2006 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCreateDebugObject - OK - 0x8065AE02 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCreateDirectoryObject - OK - 0x805A2FEF - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCreateEvent - ssdt hook - 0xB89C92E4 - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtCreateEventPair - ssdt hook - 0xB89C9330 - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtCreateFile - ssdt hook - 0xB8B800EC - C:\WINDOWS\system32\drivers\sp_rsdrv2.sys - 
       NtCreateIoCompletion - ssdt hook - 0xB89C9422 - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtCreateJobObject - OK - 0x805AB974 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCreateJobSet - OK - 0x80630487 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCreateKey - ssdt hook - 0xB8B7FDCE - C:\WINDOWS\system32\drivers\sp_rsdrv2.sys - 
       NtCreateMailslotFile - OK - 0x805D9060 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCreateMutant - ssdt hook - 0xB89C9252 - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtCreateNamedPipeFile - OK - 0x80585619 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCreatePagingFile - OK - 0x805C45FB - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCreatePort - OK - 0x805893C7 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCreateProcess - OK - 0x805B1BEA - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCreateProcessEx - inline hook - 0xB8A66D96 - C:\WINDOWS\System32\Drivers\aswSP.SYS - AVAST Software
       NtCreateProfile - OK - 0x8064A4F7 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCreateSection - ssdt hook - 0xB8B81938 - C:\WINDOWS\system32\drivers\sp_rsdrv2.sys - 
       NtCreateSemaphore - ssdt hook - 0xB89C929A - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtCreateSymbolicLinkObject - OK - 0x805A0036 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCreateThread - OK - 0x80578803 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCreateTimer - ssdt hook - 0xB89C93DC - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtCreateToken - OK - 0x805A92C4 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCreateWaitablePort - OK - 0x805DB3E4 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtDebugActiveProcess - OK - 0x8065BF7D - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtDebugContinue - OK - 0x8065C0D7 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtDelayExecution - OK - 0x80566490 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtDeleteAtom - OK - 0x805904EF - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtDeleteBootEntry - ssdt hook - 0xB89C3E44 - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtDeleteFile - OK - 0x805D7A13 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtDeleteKey - ssdt hook - 0xB8B7FED8 - C:\WINDOWS\system32\drivers\sp_rsdrv2.sys - 
       NtDeleteObjectAuditAlarm - OK - 0x8063B05B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtDeleteValueKey - ssdt hook - 0xB8B7FFC2 - C:\WINDOWS\system32\drivers\sp_rsdrv2.sys - 
       NtDeviceIoControlFile - OK - 0x805795B9 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtDisplayString - OK - 0x805C778B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtDuplicateObject - ssdt hook - 0xB89C69A8 - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtDuplicateToken - OK - 0x8057E983 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtEnumerateBootEntries - OK - 0x8064986F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtEnumerateKey - ssdt hook - 0xB89F128E - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtEnumerateSystemEnvironmentValuesEx - OK - 0x8064985B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtEnumerateValueKey - ssdt hook - 0xB89F10F9 - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtExtendSection - OK - 0x80625D58 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtFilterToken - OK - 0x805B13D8 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtFindAtom - OK - 0x8058FCE5 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtFlushBuffersFile - OK - 0x80590E8E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtFlushInstructionCache - OK - 0x8056E68E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtFlushKey - OK - 0x8059E9C0 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtFlushVirtualMemory - OK - 0x805DC7FE - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtFlushWriteBuffer - OK - 0x8062779B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtFreeUserPhysicalPages - OK - 0x806272EC - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtFreeVirtualMemory - ssdt hook - 0xB8A50B34 - C:\WINDOWS\System32\Drivers\aswSP.SYS - AVAST Software
       NtFsControlFile - OK - 0x805770E0 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtGetContextThread - OK - 0x805E0540 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtGetDevicePowerState - OK - 0x8062C7B3 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtGetPlugPlayEvent - OK - 0x805A08F6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtGetWriteWatch - OK - 0x8053B79D - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtImpersonateAnonymousToken - OK - 0x805893EB - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtImpersonateClientOfPort - OK - 0x8058F130 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtImpersonateThread - OK - 0x8057F929 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtInitializeRegistry - OK - 0x805A87D0 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtInitiatePowerAction - OK - 0x8062C567 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtIsProcessInJob - OK - 0x8063033B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtIsSystemResumeAutomatic - OK - 0x8062C797 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtListenPort - OK - 0x805AAEB6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtLoadDriver - ssdt hook - 0xB8B80BBC - C:\WINDOWS\system32\drivers\sp_rsdrv2.sys - 
       NtLoadKey - OK - 0x805AF5C3 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtLoadKey2 - OK - 0x805AF400 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtLockFile - OK - 0x80592E9B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtLockProductActivationKeys - OK - 0x805B15A8 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtLockRegistryKey - OK - 0x805D2697 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtLockVirtualMemory - OK - 0x805B0A2A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtMakePermanentObject - OK - 0x805A0483 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtMakeTemporaryObject - OK - 0x805A0400 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtMapUserPhysicalPages - OK - 0x80626423 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtMapUserPhysicalPagesScatter - OK - 0x806268F7 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtMapViewOfSection - OK - 0x8057AC99 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtModifyBootEntry - ssdt hook - 0xB89C3E90 - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtNotifyChangeDirectoryFile - OK - 0x80594261 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtNotifyChangeKey - ssdt hook - 0xB89C6D1C - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtNotifyChangeMultipleKeys - ssdt hook - 0xB89C4B02 - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtOpenDirectoryObject - OK - 0x8059A6C5 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtOpenEvent - ssdt hook - 0xB89C930E - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtOpenEventPair - ssdt hook - 0xB89C9352 - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtOpenFile - ssdt hook - 0xB8B803F4 - C:\WINDOWS\system32\drivers\sp_rsdrv2.sys - 
       NtOpenIoCompletion - ssdt hook - 0xB89C9446 - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtOpenJobObject - OK - 0x806306DF - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtOpenKey - ssdt hook - 0xB89F0A6D - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtOpenMutant - ssdt hook - 0xB89C9278 - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtOpenObjectAuditAlarm - OK - 0x805DC2C2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtOpenProcess - ssdt hook - 0xB89C6518 - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtOpenProcessToken - OK - 0x80571009 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtOpenProcessTokenEx - OK - 0x80571202 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtOpenSection - ssdt hook - 0xB89C93AE - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtOpenSemaphore - ssdt hook - 0xB89C92C2 - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtOpenSymbolicLinkObject - OK - 0x8059A591 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtOpenThread - ssdt hook - 0xB89C674C - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtOpenThreadToken - OK - 0x80570AA6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtOpenThreadTokenEx - OK - 0x80570A17 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtOpenTimer - ssdt hook - 0xB89C9400 - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtPlugPlayControl - OK - 0x8059D713 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtPowerInformation - OK - 0x8058B528 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtPrivilegeCheck - OK - 0x8058E77C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtPrivilegeObjectAuditAlarm - OK - 0x8059F668 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtPrivilegedServiceAuditAlarm - OK - 0x805AAFF9 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtProtectVirtualMemory - ssdt hook - 0xB8A50CA0 - C:\WINDOWS\System32\Drivers\aswSP.SYS - AVAST Software
       NtPulseEvent - OK - 0x805DB33C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryAttributesFile - OK - 0x805706D2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryBootEntryOrder - OK - 0x8064986F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryBootOptions - OK - 0x8064986F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryDebugFilterState - OK - 0x804F7E5D - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryDefaultLocale - OK - 0x80566C02 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryDefaultUILanguage - OK - 0x80580087 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryDirectoryFile - OK - 0x8057B4E3 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryDirectoryObject - OK - 0x80585A7B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryEaFile - OK - 0x80616FF4 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryEvent - OK - 0x8059A742 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryFullAttributesFile - OK - 0x8057E1B2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryInformationAtom - OK - 0x805D70F0 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryInformationFile - OK - 0x80579DA7 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryInformationJobObject - OK - 0x80581E8D - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryInformationPort - OK - 0x80623823 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryInformationProcess - OK - 0x80570C44 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryInformationThread - OK - 0x8056721E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryInformationToken - OK - 0x80571773 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryInstallUILanguage - OK - 0x8057FDDC - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryIntervalProfile - OK - 0x8064A9A7 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryIoCompletion - OK - 0x80616E6C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryKey - ssdt hook - 0xB89F0F74 - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtQueryMultipleValueKey - OK - 0x8064F0A7 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryMutant - OK - 0x8064A32C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryObject - ssdt hook - 0xB89C49CE - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtQueryOpenSubKeys - OK - 0x8064F2B1 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryPerformanceCounter - OK - 0x80567558 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryQuotaInformationFile - OK - 0x806178B5 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQuerySection - OK - 0x8057EE6E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQuerySecurityObject - OK - 0x8058E61C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQuerySemaphore - OK - 0x80649127 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQuerySymbolicLinkObject - OK - 0x8059A402 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQuerySystemEnvironmentValue - OK - 0x80649897 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQuerySystemEnvironmentValueEx - OK - 0x80649848 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQuerySystemInformation - OK - 0x8057D5DB - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQuerySystemTime - OK - 0x8059BFC7 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryTimer - OK - 0x8059C961 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryTimerResolution - OK - 0x805856E1 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryValueKey - ssdt hook - 0xB89F0DC6 - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtQueryVirtualMemory - OK - 0x80571300 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryVolumeInformationFile - OK - 0x8056FAA7 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueueApcThread - OK - 0x8058F954 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtRaiseException - OK - 0x804E204E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtRaiseHardError - OK - 0x80648E63 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtReadFile - OK - 0x80570337 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtReadFileScatter - OK - 0x805DB96E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtReadRequestData - OK - 0x8058F475 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtReadVirtualMemory - OK - 0x8057F61A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtRegisterThreadTerminatePort - OK - 0x80578F50 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtReleaseMutant - OK - 0x805664FB - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtReleaseSemaphore - OK - 0x80590000 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtRemoveIoCompletion - OK - 0x80567019 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtRemoveProcessDebug - OK - 0x8065C052 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtRenameKey - ssdt hook - 0xB8A5AB68 - C:\WINDOWS\System32\Drivers\aswSP.SYS - AVAST Software
       NtReplaceKey - OK - 0x8064FE82 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtReplyPort - OK - 0x8057E67C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtReplyWaitReceivePort - OK - 0x8056BC24 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtReplyWaitReceivePortEx - OK - 0x8056B73C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtReplyWaitReplyPort - OK - 0x80623902 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtRequestDeviceWakeup - OK - 0x8062C70F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtRequestPort - OK - 0x8058E3D2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtRequestWaitReplyPort - OK - 0x8056DC86 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtRequestWakeupLatency - OK - 0x8062C508 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtResetEvent - OK - 0x805DCCB6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtResetWriteWatch - OK - 0x8053BC32 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtRestoreKey - ssdt hook - 0xB89EFD84 - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtResumeProcess - OK - 0x8062FF7C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtResumeThread - OK - 0x80578E76 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSaveKey - OK - 0x8064FB1A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSaveKeyEx - OK - 0x8064FC05 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSaveMergedKeys - OK - 0x8064FD32 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSecureConnectPort - OK - 0x80599040 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetBootEntryOrder - ssdt hook - 0xB89C3EDC - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtSetBootOptions - ssdt hook - 0xB89C3F28 - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtSetContextThread - OK - 0x8062E33F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetDebugFilterState - OK - 0x8065DB9A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetDefaultHardErrorPort - OK - 0x805B3B0B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetDefaultLocale - OK - 0x805AF0BF - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetDefaultUILanguage - OK - 0x805AF066 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetEaFile - OK - 0x80617541 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetEvent - OK - 0x805698E5 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetEventBoostPriority - OK - 0x8056C92E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetHighEventPair - OK - 0x8064A2B3 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetHighWaitLowEventPair - OK - 0x8064A1D3 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetInformationDebugObject - OK - 0x8065B9F3 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetInformationFile - ssdt hook - 0xB8B80526 - C:\WINDOWS\system32\drivers\sp_rsdrv2.sys - 
       NtSetInformationJobObject - OK - 0x805ABAC8 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetInformationKey - OK - 0x8064EC0A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetInformationObject - OK - 0x8057FD0E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetInformationProcess - OK - 0x80570D15 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetInformationThread - OK - 0x8056C516 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetInformationToken - OK - 0x805A8E5C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetIntervalProfile - OK - 0x8064A4D3 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetIoCompletion - OK - 0x8056C3CB - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetLdtEntries - OK - 0x8062F05F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetLowEventPair - OK - 0x8064A247 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetLowWaitHighEventPair - OK - 0x8064A15F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetQuotaInformationFile - OK - 0x8061788D - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetSecurityObject - OK - 0x8059D2BD - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetSystemEnvironmentValue - OK - 0x80649B34 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetSystemEnvironmentValueEx - OK - 0x80649848 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetSystemInformation - ssdt hook - 0xB89C3B46 - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtSetSystemPowerState - ssdt hook - 0xB89C3CEA - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtSetSystemTime - OK - 0x806487AB - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetThreadExecutionState - OK - 0x805E02AF - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetTimer - OK - 0x804E57AB - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetTimerResolution - OK - 0x805E0935 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetUuidSeed - OK - 0x805AB1E0 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetValueKey - ssdt hook - 0xB8B7FBFC - C:\WINDOWS\system32\drivers\sp_rsdrv2.sys - 
       NtSetVolumeInformationFile - OK - 0x80617DCF - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtShutdownSystem - ssdt hook - 0xB89C3C92 - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtSignalAndWaitForSingleObject - OK - 0x805173A1 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtStartProfile - OK - 0x8064A73E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtStopProfile - OK - 0x8064A8F7 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSuspendProcess - OK - 0x8062FF21 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSuspendThread - OK - 0x805E05AB - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSystemDebugControl - ssdt hook - 0xB89C3D5A - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtTerminateJobObject - OK - 0x80630855 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtTerminateProcess - ssdt hook - 0xB8B80B04 - C:\WINDOWS\system32\drivers\sp_rsdrv2.sys - 
       NtTerminateThread - OK - 0x80577F1F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtTestAlert - OK - 0x8057895D - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtTraceEvent - OK - 0x80545BC0 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtTranslateFilePath - OK - 0x80649883 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtUnloadDriver - OK - 0x8061A212 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtUnloadKey - OK - 0x8064E76E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtUnloadKeyEx - OK - 0x8064E99F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtUnlockFile - OK - 0x80592FFB - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtUnlockVirtualMemory - OK - 0x8062780F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtUnmapViewOfSection - OK - 0x8057A81E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtVdmControl - ssdt hook - 0xB89C3F74 - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtWaitForDebugEvent - OK - 0x8065B73C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtWaitForMultipleObjects - OK - 0x80566746 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtWaitForSingleObject - OK - 0x805661FC - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtWaitHighEventPair - OK - 0x8064A0F3 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtWaitLowEventPair - OK - 0x8064A087 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtWriteFile - ssdt hook - 0xB8B8070C - C:\WINDOWS\system32\drivers\sp_rsdrv2.sys - 
       NtWriteFileGather - OK - 0x805DB5A4 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtWriteRequestData - OK - 0x8058F662 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtWriteVirtualMemory - ssdt hook - 0xB8A50BE0 - C:\WINDOWS\System32\Drivers\aswSP.SYS - AVAST Software
       NtYieldExecution - OK - 0x804F0EB6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCreateKeyedEvent - OK - 0x805CD54D - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtOpenKeyedEvent - OK - 0x80582C18 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtReleaseKeyedEvent - OK - 0x8064AECB - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtWaitForKeyedEvent - OK - 0x8064B166 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryPortInformationProcess - OK - 0x8062DB17 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation

==========================================================================================

Shadow SSDT

       NtGdiAbortDoc - OK - 0xBF939260 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiAbortPath - OK - 0xBF94A890 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiAddFontResourceW - OK - 0xBF86FC7B - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiAddRemoteFontToDC - OK - 0xBF942395 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiAddFontMemResourceEx - OK - 0xBF94BEA7 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiRemoveMergeFont - OK - 0xBF9394F4 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiAddRemoteMMInstanceToDC - OK - 0xBF939599 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiAlphaBlend - inline hook - 0xB89C84F2 - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtGdiAngleArc - OK - 0xBF94B7CE - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiAnyLinkedFonts - OK - 0xBF93765F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiFontIsLinked - OK - 0xBF94BDC6 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiArcInternal - OK - 0xBF9101FD - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiBeginPath - OK - 0xBF8FF251 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiBitBlt - inline hook - 0xB89C8180 - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtGdiCancelDC - OK - 0xBF94BC98 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCheckBitmapBits - OK - 0xBF94D494 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCloseFigure - OK - 0xBF8FDB4E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiClearBitmapAttributes - OK - 0xBF876D5C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiClearBrushAttributes - OK - 0xBF94BD76 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiColorCorrectPalette - OK - 0xBF94D5C7 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCombineRgn - OK - 0xBF81C618 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCombineTransform - OK - 0xBF8E5615 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiComputeXformCoefficients - OK - 0xBF8AC6D6 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiConsoleTextOut - OK - 0xBF859DF9 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiConvertMetafileRect - OK - 0xBF911438 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCreateBitmap - OK - 0xBF80E2AD - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCreateClientObj - OK - 0xBF8E52BD - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCreateColorSpace - OK - 0xBF94D28C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCreateColorTransform - OK - 0xBF94E197 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCreateCompatibleBitmap - OK - 0xBF813A59 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCreateCompatibleDC - inline hook - 0xB89C807C - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtGdiCreateDIBBrush - OK - 0xBF8D9FBE - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCreateDIBitmapInternal - OK - 0xBF828C59 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCreateDIBSection - OK - 0xBF82A6F3 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCreateEllipticRgn - OK - 0xBF93BB0C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCreateHalftonePalette - OK - 0xBF8AC4E0 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCreateHatchBrushInternal - OK - 0xBF94F223 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCreateMetafileDC - OK - 0xBF8CB4E5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCreatePaletteInternal - OK - 0xBF85F136 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCreatePatternBrushInternal - OK - 0xBF8AA8D1 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCreatePen - OK - 0xBF8A4674 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCreateRectRgn - OK - 0xBF835006 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCreateRoundRectRgn - OK - 0xBF8B7C62 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCreateServerMetaFile - OK - 0xBF91133D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCreateSolidBrush - OK - 0xBF819D51 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiD3dContextCreate - OK - 0xBF936C7F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiD3dContextDestroy - OK - 0xBF936C92 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiD3dContextDestroyAll - OK - 0xBF936CA5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiD3dValidateTextureStageState - OK - 0xBF936CB8 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiD3dDrawPrimitives2 - OK - 0xBF936CCB - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdGetDriverState - OK - 0xBF936CDE - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdAddAttachedSurface - OK - 0xBF936B54 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdAlphaBlt - OK - 0xBF936D9E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdAttachSurface - OK - 0xBF9066F7 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdBeginMoCompFrame - OK - 0xBF936D49 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdBlt - OK - 0xBF90670A - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdCanCreateSurface - OK - 0xBF9064E4 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdCanCreateD3DBuffer - OK - 0xBF936C56 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdColorControl - OK - 0xBF936B67 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdCreateDirectDrawObject - OK - 0xBF8F4375 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdCreateSurface - OK - 0xBF8F4388 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdCreateD3DBuffer - OK - 0xBF936C40 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdCreateMoComp - OK - 0xBF906523 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdCreateSurfaceObject - OK - 0xBF906B4E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdDeleteDirectDrawObject - OK - 0xBF8F45D1 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdDeleteSurfaceObject - OK - 0xBF9066CB - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdDestroyMoComp - OK - 0xBF9064F7 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdDestroySurface - OK - 0xBF8F45BB - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdDestroyD3DBuffer - OK - 0xBF936C69 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdEndMoCompFrame - OK - 0xBF936D5C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdFlip - OK - 0xBF906BF4 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdFlipToGDISurface - OK - 0xBF9072FF - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdGetAvailDriverMemory - OK - 0xBF9066E1 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdGetBltStatus - OK - 0xBF936B7A - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdGetDC - OK - 0xBF90644F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdGetDriverInfo - OK - 0xBF90648E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdGetDxHandle - OK - 0xBF936BE8 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdGetFlipStatus - OK - 0xBF936B90 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdGetInternalMoCompInfo - OK - 0xBF936D33 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdGetMoCompBuffInfo - OK - 0xBF936D1D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdGetMoCompGuids - OK - 0xBF90650D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdGetMoCompFormats - OK - 0xBF936D07 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdGetScanLine - OK - 0xBF907405 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdLock - OK - 0xBF8C87ED - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdLockD3D - OK - 0xBF936C14 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdQueryDirectDrawObject - OK - 0xBF8F4314 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdQueryMoCompStatus - OK - 0xBF936D88 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdReenableDirectDrawObject - OK - 0xBF8F434F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdReleaseDC - OK - 0xBF9065C3 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdRenderMoComp - OK - 0xBF936D72 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdResetVisrgn - OK - 0xBF8C8633 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdSetColorKey - OK - 0xBF906C0A - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdSetExclusiveMode - OK - 0xBF936BA6 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdSetGammaRamp - OK - 0xBF936BFE - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdCreateSurfaceEx - OK - 0xBF936CF1 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdSetOverlayPosition - OK - 0xBF936BBC - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdUnattachSurface - OK - 0xBF906797 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdUnlock - OK - 0xBF8C85E3 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdUnlockD3D - OK - 0xBF936C2A - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdUpdateOverlay - OK - 0xBF906BDE - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdWaitForVerticalBlank - OK - 0xBF936BD2 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDvpCanCreateVideoPort - OK - 0xBF936DB1 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDvpColorControl - OK - 0xBF936DC7 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDvpCreateVideoPort - OK - 0xBF936DDD - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDvpDestroyVideoPort - OK - 0xBF936DF3 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDvpFlipVideoPort - OK - 0xBF936E09 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDvpGetVideoPortBandwidth - OK - 0xBF936E1F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDvpGetVideoPortField - OK - 0xBF936E35 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDvpGetVideoPortFlipStatus - OK - 0xBF936E4B - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDvpGetVideoPortInputFormats - OK - 0xBF936E61 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDvpGetVideoPortLine - OK - 0xBF936E77 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDvpGetVideoPortOutputFormats - OK - 0xBF936E8D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDvpGetVideoPortConnectInfo - OK - 0xBF936EA3 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDvpGetVideoSignalStatus - OK - 0xBF936EB9 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDvpUpdateVideoPort - OK - 0xBF936ECF - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDvpWaitForVideoPortSync - OK - 0xBF936EE5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDvpAcquireNotification - OK - 0xBF936EFB - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDvpReleaseNotification - OK - 0xBF936F11 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDxgGenericThunk - OK - 0xBF936B41 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDeleteClientObj - OK - 0xBF8E53DF - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDeleteColorSpace - OK - 0xBF94D27F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDeleteColorTransform - OK - 0xBF94E453 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDeleteObjectApp - inline hook - 0xB89C8036 - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtGdiDescribePixelFormat - OK - 0xBF94C97D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetPerBandInfo - OK - 0xBF8F98D2 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDoBanding - OK - 0xBF8FAEE6 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDoPalette - OK - 0xBF837D52 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDrawEscape - OK - 0xBF94B818 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEllipse - OK - 0xBF8DCAD5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEnableEudc - OK - 0xBF875228 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEndDoc - OK - 0xBF8FA862 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEndPage - OK - 0xBF903D2B - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEndPath - OK - 0xBF8FF2F1 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEnumFontChunk - OK - 0xBF86A6F0 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEnumFontClose - OK - 0xBF86A66F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEnumFontOpen - OK - 0xBF869CFE - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEnumObjects - OK - 0xBF8DA2C6 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEqualRgn - OK - 0xBF93BC07 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEudcLoadUnloadLink - OK - 0xBF952A2E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiExcludeClipRect - OK - 0xBF827D4A - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiExtCreatePen - OK - 0xBF8D21C5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiExtCreateRegion - OK - 0xBF8354FA - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiExtEscape - OK - 0xBF8B5FF3 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiExtFloodFill - OK - 0xBF95384C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiExtGetObjectW - OK - 0xBF826E8B - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiExtSelectClipRgn - OK - 0xBF80F16D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiExtTextOutW - OK - 0xBF8996A8 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiFillPath - OK - 0xBF94A9B5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiFillRgn - OK - 0xBF8AA212 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiFlattenPath - OK - 0xBF94A91A - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiFlushUserBatch - OK - 0xBF80C331 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiFlush - OK - 0xBF80A1F5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiForceUFIMapping - OK - 0xBF94C85D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiFrameRgn - OK - 0xBF8B7ED4 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiFullscreenControl - OK - 0xBF93E8E4 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetAndSetDCDword - OK - 0xBF8D1496 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetAppClipBox - OK - 0xBF81647D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetBitmapBits - OK - 0xBF8AA705 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetBitmapDimension - OK - 0xBF94C77F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetBoundsRect - OK - 0xBF8BDA27 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetCharABCWidthsW - OK - 0xBF8C9E99 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetCharacterPlacementW - OK - 0xBF94AF23 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetCharSet - OK - 0xBF80F7A8 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetCharWidthW - OK - 0xBF8F6CAE - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetCharWidthInfo - OK - 0xBF8AB41B - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetColorAdjustment - OK - 0xBF94BB3A - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetColorSpaceforBitmap - OK - 0xBF954101 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetDCDword - OK - 0xBF827158 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetDCforBitmap - OK - 0xBF898394 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetDCObject - OK - 0xBF826FE5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetDCPoint - OK - 0xBF8C32BD - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetDeviceCaps - OK - 0xBF94BD36 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetDeviceGammaRamp - OK - 0xBF94D82A - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetDeviceCapsAll - OK - 0xBF8D0737 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetDIBitsInternal - OK - 0xBF839B36 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetETM - OK - 0xBF955064 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetEudcTimeStampEx - OK - 0xBF9504D0 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetFontData - OK - 0xBF8F84CA - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetFontResourceInfoInternalW - OK - 0xBF94BFD5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetGlyphIndicesW - OK - 0xBF94CC60 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetGlyphIndicesWInternal - OK - 0xBF94CB03 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetGlyphOutline - OK - 0xBF94B92B - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetKerningPairs - OK - 0xBF94BA30 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetLinkedUFIs - OK - 0xBF939278 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetMiterLimit - OK - 0xBF8CB54D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetMonitorID - OK - 0xBF941826 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetNearestColor - OK - 0xBF827EA0 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetNearestPaletteIndex - OK - 0xBF94F2A9 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetObjectBitmapHandle - OK - 0xBF94BAC1 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetOutlineTextMetricsInternalW - OK - 0xBF8F64D7 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetPath - OK - 0xBF94AD82 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetPixel - inline hook - 0xB89C80BA - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtGdiGetRandomRgn - OK - 0xBF80F17D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetRasterizerCaps - OK - 0xBF8F9008 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetRealizationInfo - OK - 0xBF94CD0B - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetRegionData - OK - 0xBF83A506 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetRgnBox - OK - 0xBF8C3207 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetServerMetaFileBits - OK - 0xBF911597 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetSpoolMessage - OK - 0xBF89290A - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetStats - OK - 0xBF9551E1 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetStockObject - OK - 0xBF852895 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetStringBitmapW - OK - 0xBF9520C2 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetSystemPaletteUse - OK - 0xBF8D053E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetTextCharsetInfo - OK - 0xBF828493 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetTextExtent - OK - 0xBF84E374 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetTextExtentExW - OK - 0xBF8D9B2C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetTextFaceW - OK - 0xBF82FB62 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetTextMetricsW - OK - 0xBF8282F1 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetTransform - OK - 0xBF8B39D9 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetUFI - OK - 0xBF94C21C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetEmbUFI - OK - 0xBF94C2E5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetUFIPathname - OK - 0xBF94C3C5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetEmbedFonts - OK - 0xBF94C19D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiChangeGhostFont - OK - 0xBF94C1A7 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiAddEmbFontToDC - OK - 0xBF937F0A - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetFontUnicodeRanges - OK - 0xBF94CC84 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetWidthTable - OK - 0xBF82ED1A - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGradientFill - OK - 0xBF860AB6 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiHfontCreate - OK - 0xBF827FDF - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiIcmBrushInfo - OK - 0xBF94DE0E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiInit - OK - 0xBF858F9C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiInitSpool - OK - 0xBF877246 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiIntersectClipRect - OK - 0xBF815FA6 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiInvertRgn - OK - 0xBF8C4BD5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiLineTo - OK - 0xBF8C5B8F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiMakeFontDir - OK - 0xBF94C9F7 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiMakeInfoDC - OK - 0xBF95413A - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiMaskBlt - inline hook - 0xB89C82EA - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtGdiModifyWorldTransform - OK - 0xBF8B37B6 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiMonoBitmap - OK - 0xBF8CB720 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiMoveTo - OK - 0xBF94BCC8 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiOffsetClipRgn - OK - 0xBF8FADA5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiOffsetRgn - OK - 0xBF898758 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiOpenDCW - inline hook - 0xB89C7F3C - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtGdiPatBlt - OK - 0xBF8C2C89 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiPolyPatBlt - OK - 0xBF829DCC - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiPathToRegion - OK - 0xBF94AA8F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiPlgBlt - inline hook - 0xB89C83A8 - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtGdiPolyDraw - OK - 0xBF94B3B6 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiPolyPolyDraw - OK - 0xBF8A3EF6 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiPolyTextOutW - OK - 0xBF94B4B3 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiPtInRegion - OK - 0xBF94BDB6 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiPtVisible - OK - 0xBF93BDA9 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiQueryFonts - OK - 0xBF94BDD6 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiQueryFontAssocInfo - OK - 0xBF8594B7 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiRectangle - OK - 0xBF8C7B3F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiRectInRegion - OK - 0xBF8EC947 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiRectVisible - OK - 0xBF89A032 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiRemoveFontResourceW - OK - 0xBF8D9402 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiRemoveFontMemResourceEx - OK - 0xBF94BFB9 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiResetDC - OK - 0xBF8EB9BE - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiResizePalette - OK - 0xBF94F51D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiRestoreDC - OK - 0xBF8291C3 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiRoundRect - OK - 0xBF90F3C6 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSaveDC - OK - 0xBF8291D3 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiScaleViewportExtEx - OK - 0xBF94479C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiScaleWindowExtEx - OK - 0xBF94C70B - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSelectBitmap - OK - 0xBF808500 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSelectBrush - OK - 0xBF94BCA8 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSelectClipPath - OK - 0xBF8FF3F0 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSelectFont - OK - 0xBF81C628 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSelectPen - OK - 0xBF94BCB8 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetBitmapAttributes - OK - 0xBF876C90 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetBitmapBits - OK - 0xBF8C373D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetBitmapDimension - OK - 0xBF94C7E9 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetBoundsRect - OK - 0xBF8BDE2E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetBrushAttributes - OK - 0xBF94BD56 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetBrushOrg - OK - 0xBF8C37DB - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetColorAdjustment - OK - 0xBF94BB9B - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetColorSpace - OK - 0xBF94D341 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetDeviceGammaRamp - OK - 0xBF94DB66 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetDIBitsToDeviceInternal - OK - 0xBF8268A0 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetFontEnumeration - OK - 0xBF89195B - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetFontXform - OK - 0xBF8E5795 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetIcmMode - OK - 0xBF8C54D2 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetLinkedUFIs - OK - 0xBF8F95D0 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetMagicColors - OK - 0xBF94F93B - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetMetaRgn - OK - 0xBF8E5514 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetMiterLimit - OK - 0xBF8E5536 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetDeviceWidth - OK - 0xBF94C6FB - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiMirrorWindowOrg - OK - 0xBF94C6EB - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetLayout - OK - 0xBF827C52 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetPixel - OK - 0xBF864BE3 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetPixelFormat - OK - 0xBF955EAB - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetRectRgn - OK - 0xBF94BDA6 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetSystemPaletteUse - OK - 0xBF94BD46 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetTextJustification - OK - 0xBF955471 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetupPublicCFONT - OK - 0xBF8728E0 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetVirtualResolution - OK - 0xBF8E5338 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetSizeDevice - OK - 0xBF8E5806 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiStartDoc - OK - 0xBF902BE8 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiStartPage - OK - 0xBF903B6F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiStretchBlt - inline hook - 0xB89C8232 - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtGdiStretchDIBitsInternal - OK - 0xBF8AFBDB - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiStrokeAndFillPath - OK - 0xBF8FDF67 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiStrokePath - OK - 0xBF94AC96 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSwapBuffers - OK - 0xBF956053 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiTransformPoints - OK - 0xBF8D0659 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiTransparentBlt - inline hook - 0xB89C8450 - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtGdiUnloadPrinterDriver - OK - 0xBF94C8CE - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiUnmapMemFont - OK - 0xBF9563C7 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiUnrealizeObject - OK - 0xBF94BD96 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiUpdateColors - OK - 0xBF94F7A7 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiWidenPath - OK - 0xBF94AB77 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserActivateKeyboardLayout - OK - 0xBF868630 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserAlterWindowStyle - OK - 0xBF862FE0 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserAssociateInputContext - OK - 0xBF915801 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserAttachThreadInput - inline hook - 0xB89C773C - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtUserBeginPaint - OK - 0xBF815B8E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserBitBltSysBmp - OK - 0xBF8D0564 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserBlockInput - inline hook - 0xB89C70B0 - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtUserBuildHimcList - OK - 0xBF915938 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserBuildHwndList - OK - 0xBF8958E5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserBuildNameList - inline hook - 0xB89C7562 - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtUserBuildPropList - OK - 0xBF913EFD - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCallHwnd - OK - 0xBF865317 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCallHwndLock - OK - 0xBF89869F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCallHwndOpt - OK - 0xBF874270 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCallHwndParam - OK - 0xBF898892 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCallHwndParamLock - inline hook - 0xB89C6F84 - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtUserCallMsgFilter - OK - 0xBF8D0473 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCallNextHookEx - OK - 0xBF8F5E61 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCallNoParam - OK - 0xBF8010C7 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCallOneParam - OK - 0xBF80107F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCallTwoParam - OK - 0xBF898852 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserChangeClipboardChain - OK - 0xBF8CA42C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserChangeDisplaySettings - OK - 0xBF88FF3D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCheckImeHotKey - OK - 0xBF8A1AC7 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCheckMenuItem - OK - 0xBF8D536A - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserChildWindowFromPointEx - OK - 0xBF86D714 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserClipCursor - OK - 0xBF8F93F0 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCloseClipboard - OK - 0xBF8C4ADA - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCloseDesktop - OK - 0xBF85E03A - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCloseWindowStation - OK - 0xBF85E0FC - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserConsoleControl - OK - 0xBF8589D0 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserConvertMemHandle - OK - 0xBF8CF956 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCopyAcceleratorTable - OK - 0xBF90E9FF - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCountClipboardFormats - OK - 0xBF8D0518 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCreateAcceleratorTable - OK - 0xBF8AC405 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCreateCaret - OK - 0xBF8A3055 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCreateDesktop - OK - 0xBF876933 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCreateInputContext - OK - 0xBF915767 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCreateLocalMemHandle - OK - 0xBF8CA787 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCreateWindowEx - OK - 0xBF832C22 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCreateWindowStation - OK - 0xBF876F86 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserDdeGetQualityOfService - OK - 0xBF912F87 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserDdeInitialize - OK - 0xBF874F04 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserDdeSetQualityOfService - OK - 0xBF912EB7 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserDeferWindowPos - OK - 0xBF8A1654 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserDefSetText - OK - 0xBF8A1FE8 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserDeleteMenu - OK - 0xBF8A3481 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserDestroyAcceleratorTable - OK - 0xBF8F938F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserDestroyCursor - OK - 0xBF8968A2 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserDestroyInputContext - OK - 0xBF9157B7 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserDestroyMenu - OK - 0xBF8A294C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserDestroyWindow - inline hook - 0xB89C6FF4 - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtUserDisableThreadIme - OK - 0xBF915F0D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserDispatchMessage - OK - 0xBF80EC0F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserDragDetect - OK - 0xBF913FF8 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserDragObject - OK - 0xBF912430 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserDrawAnimatedRects - OK - 0xBF913157 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserDrawCaption - OK - 0xBF91321A - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserDrawCaptionTemp - OK - 0xBF90C7A4 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserDrawIconEx - OK - 0xBF83203B - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserDrawMenuBarTemp - OK - 0xBF9141C5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserEmptyClipboard - OK - 0xBF8CF5DB - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserEnableMenuItem - OK - 0xBF8C33C2 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserEnableScrollBar - OK - 0xBF912E32 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserEndDeferWindowPosEx - OK - 0xBF827625 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserEndMenu - OK - 0xBF9132C3 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserEndPaint - OK - 0xBF815845 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserEnumDisplayDevices - OK - 0xBF865C32 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserEnumDisplayMonitors - OK - 0xBF896348 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserEnumDisplaySettings - OK - 0xBF89370C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserEvent - OK - 0xBF9126BD - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserExcludeUpdateRgn - OK - 0xBF8C4DDB - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserFillWindow - OK - 0xBF8D03AA - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserFindExistingCursorIcon - OK - 0xBF84E5DA - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserFindWindowEx - OK - 0xBF85BDAF - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserFlashWindowEx - OK - 0xBF91631A - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetAltTabInfo - OK - 0xBF8CD802 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetAncestor - OK - 0xBF8277ED - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetAppImeLevel - OK - 0xBF915D0C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetAsyncKeyState - inline hook - 0xB89C770C - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtUserGetAtomName - OK - 0xBF832DFE - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetCaretBlinkTime - OK - 0xBF8A1BA0 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetCaretPos - OK - 0xBF8C3856 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetClassInfo - OK - 0xBF837A13 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetClassName - OK - 0xBF81F6D1 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetClipboardData - inline hook - 0xB89C72E4 - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtUserGetClipboardFormatName - OK - 0xBF8ECA0C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetClipboardOwner - OK - 0xBF8CF6D1 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetClipboardSequenceNumber - OK - 0xBF8C2FFF - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetClipboardViewer - OK - 0xBF913309 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetClipCursor - OK - 0xBF912D9A - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetComboBoxInfo - OK - 0xBF9129D0 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetControlBrush - OK - 0xBF8AB332 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetControlColor - OK - 0xBF905FD0 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetCPD - OK - 0xBF81CC5B - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetCursorFrameInfo - OK - 0xBF860834 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetCursorInfo - OK - 0xBF912AED - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetDC - OK - 0xBF804366 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetDCEx - OK - 0xBF82FFB5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetDoubleClickTime - OK - 0xBF831018 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetForegroundWindow - OK - 0xBF81C2A5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetGuiResources - OK - 0xBF9124F9 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetGUIThreadInfo - OK - 0xBF85C753 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetIconInfo - OK - 0xBF837162 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetIconSize - OK - 0xBF8372B2 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetImeHotKey - OK - 0xBF915BCA - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetImeInfoEx - OK - 0xBF915A3A - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetInternalWindowPos - OK - 0xBF91274E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetKeyboardLayoutList - OK - 0xBF89A368 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetKeyboardLayoutName - OK - 0xBF8F49C2 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetKeyboardState - inline hook - 0xB89C77E6 - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtUserGetKeyNameText - OK - 0xBF90CAF5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetKeyState - inline hook - 0xB89C7724 - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtUserGetListBoxInfo - OK - 0xBF912A99 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetMenuBarInfo - OK - 0xBF912BEA - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetMenuIndex - OK - 0xBF913040 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetMenuItemRect - OK - 0xBF913B74 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetMessage - OK - 0xBF819C8B - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetMouseMovePointsEx - OK - 0xBF91384F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetObjectInformation - OK - 0xBF819F03 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetOpenClipboardWindow - OK - 0xBF8D04EC - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetPriorityClipboardFormat - OK - 0xBF913335 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetProcessWindowStation - OK - 0xBF819D6E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetRawInputBuffer - OK - 0xBF916B9A - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetRawInputData - OK - 0xBF91649A - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetRawInputDeviceInfo - OK - 0xBF916674 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetRawInputDeviceList - OK - 0xBF916969 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetRegisteredRawInputDevices - OK - 0xBF916B5F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetScrollBarInfo - OK - 0xBF8A12EF - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetSystemMenu - OK - 0xBF8351E0 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetThreadDesktop - OK - 0xBF81A1B9 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetThreadState - OK - 0xBF81F16C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetTitleBarInfo - OK - 0xBF83023F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetUpdateRect - OK - 0xBF830E45 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetUpdateRgn - OK - 0xBF8C30AE - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetWindowDC - OK - 0xBF803766 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetWindowPlacement - OK - 0xBF8EC1A9 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetWOWClass - OK - 0xBF90EDAB - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserHardErrorControl - OK - 0xBF91233A - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserHideCaret - OK - 0xBF8993B5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserHiliteMenuItem - OK - 0xBF9133BE - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserImpersonateDdeClientWindow - OK - 0xBF914160 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserInitialize - OK - 0xBF88B41A - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserInitializeClientPfnArrays - OK - 0xBF88596F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserInitTask - OK - 0xBF91282D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserInternalGetWindowText - OK - 0xBF83033B - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserInvalidateRect - OK - 0xBF814EDC - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserInvalidateRgn - OK - 0xBF8A28F2 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserIsClipboardFormatAvailable - OK - 0xBF8C2FC5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserKillTimer - OK - 0xBF80E8BD - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserLoadKeyboardLayoutEx - OK - 0xBF8B913F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserLockWindowStation - OK - 0xBF876B95 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserLockWindowUpdate - OK - 0xBF8D52B1 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserLockWorkStation - OK - 0xBF912413 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserMapVirtualKeyEx - OK - 0xBF8C6D62 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserMenuItemFromPoint - OK - 0xBF913C4B - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserMessageCall - OK - 0xBF80EE53 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserMinMaximize - OK - 0xBF9109A0 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserMNDragLeave - OK - 0xBF91350E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserMNDragOver - OK - 0xBF91345E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserModifyUserStartupInfoFlags - OK - 0xBF8EBBC5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserMoveWindow - OK - 0xBF828E1D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserNotifyIMEStatus - OK - 0xBF915EA8 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserNotifyProcessCreate - OK - 0xBF858FD2 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserNotifyWinEvent - OK - 0xBF8C336D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserOpenClipboard - OK - 0xBF8C4A57 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserOpenDesktop - inline hook - 0xB89C7384 - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtUserOpenInputDesktop - OK - 0xBF8731C3 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserOpenWindowStation - OK - 0xBF8EC3F1 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserPaintDesktop - OK - 0xBF8688E6 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserPeekMessage - OK - 0xBF803655 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserPostMessage - OK - 0xBF8082C7 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserPostThreadMessage - OK - 0xBF85DC2E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserPrintWindow - OK - 0xBF891A5E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserProcessConnect - OK - 0xBF856D12 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserQueryInformationThread - OK - 0xBF913CDD - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserQueryInputContext - OK - 0xBF9158B4 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserQuerySendMessage - OK - 0xBF91408B - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserQueryUserCounters - OK - 0xBF915FB1 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserQueryWindow - OK - 0xBF80A0E2 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserRealChildWindowFromPoint - OK - 0xBF912BAC - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserRealInternalGetMessage - OK - 0xBF872C7B - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserRealWaitMessageEx - OK - 0xBF913AB4 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserRedrawWindow - OK - 0xBF81F341 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserRegisterClassExWOW - OK - 0xBF8521B1 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserRegisterUserApiHook - OK - 0xBF877372 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserRegisterHotKey - inline hook - 0xB89C77FE - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtUserRegisterRawInputDevices - inline hook - 0xB89C767C - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtUserRegisterTasklist - OK - 0xBF91297E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserRegisterWindowMessage - OK - 0xBF80A386 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserRemoveMenu - OK - 0xBF891986 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserRemoveProp - OK - 0xBF895BF8 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserResolveDesktop - OK - 0xBF86B84E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserResolveDesktopForWOW - OK - 0xBF916DAB - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSBGetParms - OK - 0xBF8A1196 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserScrollDC - OK - 0xBF856622 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserScrollWindowEx - OK - 0xBF8ECB25 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSelectPalette - OK - 0xBF8288A4 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSendInput - inline hook - 0xB89C7104 - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtUserSetActiveWindow - OK - 0xBF8AB5A2 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetAppImeLevel - OK - 0xBF915CA1 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetCapture - OK - 0xBF89D438 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetClassLong - OK - 0xBF8A0CE8 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetClassWord - OK - 0xBF91352B - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetClipboardData - OK - 0xBF8CF87A - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetClipboardViewer - inline hook - 0xB89C71AC - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtUserSetConsoleReserveKeys - OK - 0xBF8693D1 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetCursor - OK - 0xBF81C7CB - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetCursorContents - OK - 0xBF913B2D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetCursorIconData - OK - 0xBF8373C4 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetDbgTag - OK - 0xBF9130C3 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetFocus - OK - 0xBF830731 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetImeHotKey - OK - 0xBF8B905F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetImeInfoEx - OK - 0xBF915B1F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetImeOwnerWindow - OK - 0xBF915D76 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetInformationProcess - OK - 0xBF858C36 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetInformationThread - OK - 0xBF86919B - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetInternalWindowPos - OK - 0xBF912CB9 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetKeyboardState - OK - 0xBF8C4EBB - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetLogonNotifyWindow - OK - 0xBF87F55E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetMenu - OK - 0xBF90C9BB - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetMenuContextHelpId - OK - 0xBF9130E6 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetMenuDefaultItem - OK - 0xBF89191B - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetMenuFlagRtoL - OK - 0xBF913123 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetObjectInformation - OK - 0xBF912385 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetParent - OK - 0xBF8AB0EF - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetProcessWindowStation - OK - 0xBF85E6C6 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetProp - OK - 0xBF823D29 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetRipFlags - OK - 0xBF9130A0 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetScrollInfo - OK - 0xBF80E5FA - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetShellWindowEx - OK - 0xBF873A51 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetSysColors - inline hook - 0xB89C6F22 - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtUserSetSystemCursor - OK - 0xBF913AF4 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetSystemMenu - OK - 0xBF8F5ABD - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetSystemTimer - OK - 0xBF914052 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetThreadDesktop - OK - 0xBF85E71E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetThreadLayoutHandles - OK - 0xBF915E27 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetThreadState - OK - 0xBF8AB2F6 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetTimer - OK - 0xBF803A00 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetWindowFNID - OK - 0xBF8AB19A - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetWindowLong - OK - 0xBF895D8D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetWindowPlacement - OK - 0xBF8B8955 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetWindowPos - OK - 0xBF823AD0 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetWindowRgn - OK - 0xBF834F5B - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetWindowsHookAW - OK - 0xBF8600E4 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetWindowsHookEx - inline hook - 0xB89C6E4E - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtUserSetWindowStationUser - OK - 0xBF876A32 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetWindowWord - OK - 0xBF8F45E7 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetWinEventHook - inline hook - 0xB89C6D52 - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtUserShowCaret - OK - 0xBF899417 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserShowScrollBar - OK - 0xBF8C3F5C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserShowWindow - OK - 0xBF899F7B - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserShowWindowAsync - OK - 0xBF86B741 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSoundSentry - OK - 0xBF8EBCBD - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSwitchDesktop - inline hook - 0xB89C751C - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtUserSystemParametersInfo - inline hook - 0xB89C6E66 - C:\WINDOWS\System32\Drivers\aswSnx.SYS - AVAST Software
       NtUserTestForInteractiveUser - OK - 0xBF90EF36 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserThunkedMenuInfo - OK - 0xBF8F5A1E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserThunkedMenuItemInfo - OK - 0xBF89FC72 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserToUnicodeEx - OK - 0xBF9138FF - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserTrackMouseEvent - OK - 0xBF85AAE5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserTrackPopupMenuEx - OK - 0xBF91371C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCalcMenuBar - OK - 0xBF8304A6 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserPaintMenuBar - OK - 0xBF8EDF9E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserTranslateAccelerator - OK - 0xBF8CFE90 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserTranslateMessage - OK - 0xBF89BB3E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserUnhookWindowsHookEx - OK - 0xBF8604E4 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserUnhookWinEvent - OK - 0xBF8EC0F2 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserUnloadKeyboardLayout - OK - 0xBF913FCA - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserUnlockWindowStation - OK - 0xBF8BC9F1 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserUnregisterClass - OK - 0xBF852B65 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserUnregisterUserApiHook - OK - 0xBF87680F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserUnregisterHotKey - OK - 0xBF913812 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserUpdateInputContext - OK - 0xBF915864 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserUpdateInstance - OK - 0xBF912628 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserUpdateLayeredWindow - OK - 0xBF8AA08F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetLayeredWindowAttributes - OK - 0xBF9163DC - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetLayeredWindowAttributes - OK - 0xBF8A2A28 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserUpdatePerUserSystemParameters - OK - 0xBF87C589 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserUserHandleGrantAccess - OK - 0xBF913D24 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserValidateHandleSecure - OK - 0xBF8018F1 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserValidateRect - OK - 0xBF8C7737 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserValidateTimerCallback - OK - 0xBF80A6AD - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserVkKeyScanEx - OK - 0xBF8C289E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserWaitForInputIdle - OK - 0xBF90E77A - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserWaitForMsgAndEvent - OK - 0xBF90D6B7 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserWaitMessage - OK - 0xBF8036FC - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserWin32PoolAllocationStats - OK - 0xBF91237B - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserWindowFromPoint - OK - 0xBF81CB29 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserYieldTask - OK - 0xBF90EECE - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserRemoteConnect - OK - 0xBF8735D8 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserRemoteRedrawRectangle - OK - 0xBF912202 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserRemoteRedrawScreen - OK - 0xBF91224F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserRemoteStopScreenUpdates - OK - 0xBF9122A3 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCtxDisplayIOCtl - OK - 0xBF9122F0 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngAssociateSurface - OK - 0xBF8FA709 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngCreateBitmap - OK - 0xBF8FB0FD - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngCreateDeviceSurface - OK - 0xBF8FA6D6 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngCreateDeviceBitmap - OK - 0xBF9563D2 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngCreatePalette - OK - 0xBF8E795D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngComputeGlyphSet - OK - 0xBF904D64 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngCopyBits - OK - 0xBF956919 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngDeletePalette - OK - 0xBF8E84E9 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngDeleteSurface - OK - 0xBF8FA65C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngEraseSurface - OK - 0xBF956558 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngUnlockSurface - OK - 0xBF8FE919 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngLockSurface - OK - 0xBF8FAAFF - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngBitBlt - OK - 0xBF9038F4 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngStretchBlt - OK - 0xBF8FECF2 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngPlgBlt - OK - 0xBF956D11 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngMarkBandingSurface - OK - 0xBF8FB19F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngStrokePath - OK - 0xBF8FBF99 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngFillPath - OK - 0xBF956F08 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngStrokeAndFillPath - OK - 0xBF8FCC2E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngPaint - OK - 0xBF957073 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngLineTo - OK - 0xBF95718F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngAlphaBlend - OK - 0xBF9572B8 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngGradientFill - OK - 0xBF957437 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngTransparentBlt - OK - 0xBF957610 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngTextOut - OK - 0xBF8FD76E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngStretchBltROP - OK - 0xBF956AB5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiXLATEOBJ_cGetPalette - OK - 0xBF9580DD - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiXLATEOBJ_iXlate - OK - 0xBF958199 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiXLATEOBJ_hGetColorTransform - OK - 0xBF95808F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCLIPOBJ_bEnum - OK - 0xBF8FC496 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCLIPOBJ_cEnumStart - OK - 0xBF8FC543 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCLIPOBJ_ppoGetPath - OK - 0xBF956649 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngDeletePath - OK - 0xBF956687 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngCreateClip - OK - 0xBF9566C1 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngDeleteClip - OK - 0xBF9566F3 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiBRUSHOBJ_ulGetBrushColor - OK - 0xBF8FBB01 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiBRUSHOBJ_pvAllocRbrush - OK - 0xBF95777C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiBRUSHOBJ_pvGetRbrush - OK - 0xBF9577CD - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiBRUSHOBJ_hGetColorTransform - OK - 0xBF904DEA - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiXFORMOBJ_bApplyXform - OK - 0xBF904733 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiXFORMOBJ_iGetXform - OK - 0xBF8F9A06 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiFONTOBJ_vGetInfo - OK - 0xBF9048F4 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiFONTOBJ_pxoGetXform - OK - 0xBF8F996C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiFONTOBJ_cGetGlyphs - OK - 0xBF904398 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiFONTOBJ_pifi - OK - 0xBF8F9B77 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiFONTOBJ_pfdg - OK - 0xBF9578E6 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiFONTOBJ_pQueryGlyphAttrs - OK - 0xBF9579ED - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiFONTOBJ_pvTrueTypeFontFile - OK - 0xBF957FBF - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiFONTOBJ_cGetAllGlyphHandles - OK - 0xBF95781B - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSTROBJ_bEnum - OK - 0xBF957AC5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSTROBJ_bEnumPositionsOnly - OK - 0xBF904B22 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSTROBJ_bGetAdvanceWidths - OK - 0xBF8F9C8A - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSTROBJ_vEnumStart - OK - 0xBF904B40 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSTROBJ_dwGetCodePage - OK - 0xBF957AE3 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiPATHOBJ_vGetBounds - OK - 0xBF957BD4 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiPATHOBJ_bEnum - OK - 0xBF957C65 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiPATHOBJ_vEnumStart - OK - 0xBF957D72 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiPATHOBJ_vEnumStartClipLines - OK - 0xBF957DCE - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiPATHOBJ_bEnumClipLines - OK - 0xBF957E8C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetDhpdev - OK - 0xBF9563A0 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngCheckAbort - OK - 0xBF95672D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiHT_Get8BPPFormatPalette - OK - 0xBF9041DD - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiHT_Get8BPPMaskPalette - OK - 0xBF956414 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiUpdateTransform - OK - 0xBF944961 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetPUMPDOBJ - OK - 0xBF8E6075 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiBRUSHOBJ_DeleteRbrush - OK - 0xBF957B31 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiUnmapMemFont - OK - 0xBF9563C7 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDrawStream - OK - 0xBF817D44 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation

==========================================================================================

FSD

       (Ntfs)IRP_MJ_CREATE - fsd hook - 0xB8A668B0 - C:\WINDOWS\System32\Drivers\aswSP.SYS - AVAST Software
       (Ntfs)IRP_MJ_CREATE_NAMED_PIPE - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       (Ntfs)IRP_MJ_CLOSE - fsd hook - 0xB8A668F0 - C:\WINDOWS\System32\Drivers\aswSP.SYS - AVAST Software
       (Ntfs)IRP_MJ_READ - OK - 0xF7B54F2F - C:\WINDOWS\system32\drivers\Ntfs.sys - Microsoft Corporation
       (Ntfs)IRP_MJ_WRITE - fsd hook - 0xB8A669B8 - C:\WINDOWS\System32\Drivers\aswSP.SYS - AVAST Software
       (Ntfs)IRP_MJ_QUERY_INFORMATION - OK - 0xF7B784B9 - C:\WINDOWS\system32\drivers\Ntfs.sys - Microsoft Corporation
       (Ntfs)IRP_MJ_SET_INFORMATION - fsd hook - 0xB8A669F8 - C:\WINDOWS\System32\Drivers\aswSP.SYS - AVAST Software
       (Ntfs)IRP_MJ_QUERY_EA - OK - 0xF7B784B9 - C:\WINDOWS\system32\drivers\Ntfs.sys - Microsoft Corporation
       (Ntfs)IRP_MJ_SET_EA - OK - 0xF7B784B9 - C:\WINDOWS\system32\drivers\Ntfs.sys - Microsoft Corporation
       (Ntfs)IRP_MJ_FLUSH_BUFFERS - OK - 0xF7B920E5 - C:\WINDOWS\system32\drivers\Ntfs.sys - Microsoft Corporation
       (Ntfs)IRP_MJ_QUERY_VOLUME_INFORMATION - OK - 0xF7B78604 - C:\WINDOWS\system32\drivers\Ntfs.sys - Microsoft Corporation
       (Ntfs)IRP_MJ_SET_VOLUME_INFORMATION - OK - 0xF7B78604 - C:\WINDOWS\system32\drivers\Ntfs.sys - Microsoft Corporation
       (Ntfs)IRP_MJ_DIRECTORY_CONTROL - OK - 0xF7B7A1BD - C:\WINDOWS\system32\drivers\Ntfs.sys - Microsoft Corporation
       (Ntfs)IRP_MJ_FILE_SYSTEM_CONTROL - OK - 0xF7B7C958 - C:\WINDOWS\system32\drivers\Ntfs.sys - Microsoft Corporation
       (Ntfs)IRP_MJ_DEVICE_CONTROL - OK - 0xF7B78604 - C:\WINDOWS\system32\drivers\Ntfs.sys - Microsoft Corporation
       (Ntfs)IRP_MJ_INTERNAL_DEVICE_CONTROL - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       (Ntfs)IRP_MJ_SHUTDOWN - OK - 0xF7B667F2 - C:\WINDOWS\system32\drivers\Ntfs.sys - Microsoft Corporation
       (Ntfs)IRP_MJ_LOCK_CONTROL - OK - 0xF7BCBCE9 - C:\WINDOWS\system32\drivers\Ntfs.sys - Microsoft Corporation
       (Ntfs)IRP_MJ_CLEANUP - fsd hook - 0xB8A66954 - C:\WINDOWS\System32\Drivers\aswSP.SYS - AVAST Software
       (Ntfs)IRP_MJ_CREATE_MAILSLOT - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       (Ntfs)IRP_MJ_QUERY_SECURITY - OK - 0xF7B78604 - C:\WINDOWS\system32\drivers\Ntfs.sys - Microsoft Corporation
       (Ntfs)IRP_MJ_SET_SECURITY - OK - 0xF7B78604 - C:\WINDOWS\system32\drivers\Ntfs.sys - Microsoft Corporation
       (Ntfs)IRP_MJ_POWER - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       (Ntfs)IRP_MJ_SYSTEM_CONTROL - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       (Ntfs)IRP_MJ_DEVICE_CHANGE - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       (Ntfs)IRP_MJ_QUERY_QUOTA - OK - 0xF7B784B9 - C:\WINDOWS\system32\drivers\Ntfs.sys - Microsoft Corporation
       (Ntfs)IRP_MJ_SET_QUOTA - OK - 0xF7B784B9 - C:\WINDOWS\system32\drivers\Ntfs.sys - Microsoft Corporation
       (Ntfs)IRP_MJ_PNP_POWER - OK - 0xF7B94A0E - C:\WINDOWS\system32\drivers\Ntfs.sys - Microsoft Corporation

==========================================================================================

Keyboard

       IRP_MJ_CREATE - OK - 0xF77CFDD0 - C:\WINDOWS\system32\DRIVERS\kbdclass.sys - Microsoft Corporation
       IRP_MJ_CREATE_NAMED_PIPE - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_CLOSE - OK - 0xF77CFFE0 - C:\WINDOWS\system32\DRIVERS\kbdclass.sys - Microsoft Corporation
       IRP_MJ_READ - OK - 0xF77D0C72 - C:\WINDOWS\system32\DRIVERS\kbdclass.sys - Microsoft Corporation
       IRP_MJ_WRITE - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_QUERY_INFORMATION - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_SET_INFORMATION - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_QUERY_EA - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_SET_EA - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_FLUSH_BUFFERS - OK - 0xF77CFD4A - C:\WINDOWS\system32\DRIVERS\kbdclass.sys - Microsoft Corporation
       IRP_MJ_QUERY_VOLUME_INFORMATION - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_SET_VOLUME_INFORMATION - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_DIRECTORY_CONTROL - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_FILE_SYSTEM_CONTROL - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_DEVICE_CONTROL - OK - 0xF77D1A38 - C:\WINDOWS\system32\DRIVERS\kbdclass.sys - Microsoft Corporation
       IRP_MJ_INTERNAL_DEVICE_CONTROL - OK - 0xF77D1386 - C:\WINDOWS\system32\DRIVERS\kbdclass.sys - Microsoft Corporation
       IRP_MJ_SHUTDOWN - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_LOCK_CONTROL - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_CLEANUP - OK - 0xF77CFD06 - C:\WINDOWS\system32\DRIVERS\kbdclass.sys - Microsoft Corporation
       IRP_MJ_CREATE_MAILSLOT - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_QUERY_SECURITY - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_SET_SECURITY - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_POWER - OK - 0xF77D2180 - C:\WINDOWS\system32\DRIVERS\kbdclass.sys - Microsoft Corporation
       IRP_MJ_SYSTEM_CONTROL - OK - 0xF77D1842 - C:\WINDOWS\system32\DRIVERS\kbdclass.sys - Microsoft Corporation
       IRP_MJ_DEVICE_CHANGE - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_QUERY_QUOTA - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_SET_QUOTA - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_PNP_POWER - OK - 0xF77D078A - C:\WINDOWS\system32\DRIVERS\kbdclass.sys - Microsoft Corporation

==========================================================================================

Mouclass

       IRP_MJ_CREATE - OK - 0xF77C7B78 - C:\WINDOWS\system32\DRIVERS\mouclass.sys - Microsoft Corporation
       IRP_MJ_CREATE_NAMED_PIPE - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_CLOSE - OK - 0xF77C7D86 - C:\WINDOWS\system32\DRIVERS\mouclass.sys - Microsoft Corporation
       IRP_MJ_READ - OK - 0xF77C898C - C:\WINDOWS\system32\DRIVERS\mouclass.sys - Microsoft Corporation
       IRP_MJ_WRITE - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_QUERY_INFORMATION - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_SET_INFORMATION - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_QUERY_EA - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_SET_EA - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_FLUSH_BUFFERS - OK - 0xF77C7AF2 - C:\WINDOWS\system32\DRIVERS\mouclass.sys - Microsoft Corporation
       IRP_MJ_QUERY_VOLUME_INFORMATION - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_SET_VOLUME_INFORMATION - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_DIRECTORY_CONTROL - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_FILE_SYSTEM_CONTROL - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_DEVICE_CONTROL - OK - 0xF77C92C6 - C:\WINDOWS\system32\DRIVERS\mouclass.sys - Microsoft Corporation
       IRP_MJ_INTERNAL_DEVICE_CONTROL - OK - 0xF77C9086 - C:\WINDOWS\system32\DRIVERS\mouclass.sys - Microsoft Corporation
       IRP_MJ_SHUTDOWN - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_LOCK_CONTROL - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_CLEANUP - OK - 0xF77C7AAE - C:\WINDOWS\system32\DRIVERS\mouclass.sys - Microsoft Corporation
       IRP_MJ_CREATE_MAILSLOT - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_QUERY_SECURITY - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_SET_SECURITY - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_POWER - OK - 0xF77C9CC6 - C:\WINDOWS\system32\DRIVERS\mouclass.sys - Microsoft Corporation
       IRP_MJ_SYSTEM_CONTROL - OK - 0xF77C978C - C:\WINDOWS\system32\DRIVERS\mouclass.sys - Microsoft Corporation
       IRP_MJ_DEVICE_CHANGE - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_QUERY_QUOTA - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_SET_QUOTA - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_PNP_POWER - OK - 0xF77C8542 - C:\WINDOWS\system32\DRIVERS\mouclass.sys - Microsoft Corporation

==========================================================================================

Classpnp

       IRP_MJ_CREATE - OK - 0xF763DBB0 - C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS - Microsoft Corporation
       IRP_MJ_CREATE_NAMED_PIPE - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_CLOSE - OK - 0xF763DBB0 - C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS - Microsoft Corporation
       IRP_MJ_READ - OK - 0xF7637D1F - C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS - Microsoft Corporation
       IRP_MJ_WRITE - OK - 0xF7637D1F - C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS - Microsoft Corporation
       IRP_MJ_QUERY_INFORMATION - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_SET_INFORMATION - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_QUERY_EA - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_SET_EA - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_FLUSH_BUFFERS - OK - 0xF76382E2 - C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS - Microsoft Corporation
       IRP_MJ_QUERY_VOLUME_INFORMATION - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_SET_VOLUME_INFORMATION - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_DIRECTORY_CONTROL - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_FILE_SYSTEM_CONTROL - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_DEVICE_CONTROL - OK - 0xF76383BB - C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS - Microsoft Corporation
       IRP_MJ_INTERNAL_DEVICE_CONTROL - OK - 0xF763BF28 - C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS - Microsoft Corporation
       IRP_MJ_SHUTDOWN - OK - 0xF76382E2 - C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS - Microsoft Corporation
       IRP_MJ_LOCK_CONTROL - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_CLEANUP - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_CREATE_MAILSLOT - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_QUERY_SECURITY - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_SET_SECURITY - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_POWER - OK - 0xF7639C82 - C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS - Microsoft Corporation
       IRP_MJ_SYSTEM_CONTROL - OK - 0xF763E99E - C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS - Microsoft Corporation
       IRP_MJ_DEVICE_CHANGE - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_QUERY_QUOTA - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_SET_QUOTA - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_PNP_POWER - OK - 0xF763DC93 - C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS - Microsoft Corporation

==========================================================================================

Atapi

       IRP_MJ_CREATE - OK - 0xF74A46F2 - C:\WINDOWS\system32\drivers\atapi.sys - Microsoft Corporation
       IRP_MJ_CREATE_NAMED_PIPE - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_CLOSE - OK - 0xF74A46F2 - C:\WINDOWS\system32\drivers\atapi.sys - Microsoft Corporation
       IRP_MJ_READ - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_WRITE - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_QUERY_INFORMATION - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_SET_INFORMATION - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_QUERY_EA - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_SET_EA - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_FLUSH_BUFFERS - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_QUERY_VOLUME_INFORMATION - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_SET_VOLUME_INFORMATION - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_DIRECTORY_CONTROL - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_FILE_SYSTEM_CONTROL - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_DEVICE_CONTROL - OK - 0xF74A4712 - C:\WINDOWS\system32\drivers\atapi.sys - Microsoft Corporation
       IRP_MJ_INTERNAL_DEVICE_CONTROL - OK - 0xF74A0852 - C:\WINDOWS\system32\drivers\atapi.sys - Microsoft Corporation
       IRP_MJ_SHUTDOWN - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_LOCK_CONTROL - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_CLEANUP - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_CREATE_MAILSLOT - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_QUERY_SECURITY - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_SET_SECURITY - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_POWER - OK - 0xF74A473C - C:\WINDOWS\system32\drivers\atapi.sys - Microsoft Corporation
       IRP_MJ_SYSTEM_CONTROL - OK - 0xF74AB336 - C:\WINDOWS\system32\drivers\atapi.sys - Microsoft Corporation
       IRP_MJ_DEVICE_CHANGE - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_QUERY_QUOTA - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_SET_QUOTA - OK - 0x804FA8A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_PNP_POWER - OK - 0xF74AB302 - C:\WINDOWS\system32\drivers\atapi.sys - Microsoft Corporation
       DriverStartIo - OK - 0xF74A1864 - C:\WINDOWS\system32\drivers\atapi.sys - Microsoft Corporation

==========================================================================================

Acpi

       IRP_MJ_CREATE - OK - 0xF75AECB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_CREATE_NAMED_PIPE - OK - 0xF75AECB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_CLOSE - OK - 0xF75AECB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_READ - OK - 0xF75AECB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_WRITE - OK - 0xF75AECB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_QUERY_INFORMATION - OK - 0xF75AECB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_SET_INFORMATION - OK - 0xF75AECB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_QUERY_EA - OK - 0xF75AECB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_SET_EA - OK - 0xF75AECB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_FLUSH_BUFFERS - OK - 0xF75AECB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_QUERY_VOLUME_INFORMATION - OK - 0xF75AECB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_SET_VOLUME_INFORMATION - OK - 0xF75AECB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_DIRECTORY_CONTROL - OK - 0xF75AECB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_FILE_SYSTEM_CONTROL - OK - 0xF75AECB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_DEVICE_CONTROL - OK - 0xF75AECB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_INTERNAL_DEVICE_CONTROL - OK - 0xF75AECB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_SHUTDOWN - OK - 0xF75AECB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_LOCK_CONTROL - OK - 0xF75AECB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_CLEANUP - OK - 0xF75AECB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_CREATE_MAILSLOT - OK - 0xF75AECB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_QUERY_SECURITY - OK - 0xF75AECB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_SET_SECURITY - OK - 0xF75AECB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_POWER - OK - 0xF75AECB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_SYSTEM_CONTROL - OK - 0xF75AECB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_DEVICE_CHANGE - OK - 0xF75AECB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_QUERY_QUOTA - OK - 0xF75AECB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_SET_QUOTA - OK - 0xF75AECB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_PNP_POWER - OK - 0xF75AECB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation

==========================================================================================

Scsi

       Nothing

==========================================================================================

Kernel Hook

       Inline - len(1) RtlPrefetchMemoryNonTemporal[ntoskrnl.exe] - [0x804DB03D]->[-]
       Inline - len(5) ObInsertObject[ntoskrnl.exe] - [0x805650BA]->[0xB8A6574C][C:\WINDOWS\System32\Drivers\aswSP.SYS]
       Inline - len(5) ObMakeTemporaryObject[ntoskrnl.exe] - [0x805A038B]->[0xB8A63C8C][C:\WINDOWS\System32\Drivers\aswSP.SYS]
       Inline - len(1) KiFastCallEntry[ntoskrnl.exe] - [0x804DE8EA]->[-]
       Inline - len(7) NtCreateProcessEx[ntoskrnl.exe] - [0x8058124C]->[0xB8A66D96][C:\WINDOWS\System32\Drivers\aswSP.SYS]
       Inline - len(4) NtReplyWaitReceivePortEx[ntoskrnl.exe] - [0x8056BB08]->[0xB89C519E][C:\WINDOWS\System32\Drivers\aswSnx.SYS]
       Inline - len(18) [ntoskrnl.exe] - [0x804DBAA2]->[-]
       Inline - len(1) [ntoskrnl.exe] - [0x804DBABA]->[-]
       Inline - len(4) [ntoskrnl.exe] - [0x804E26DC]->[-]
       Inline - len(12) [ntoskrnl.exe] - [0x804E26FC]->[-]
       Inline - len(4) [ntoskrnl.exe] - [0x804E271C]->[-]
       Inline - len(16) [ntoskrnl.exe] - [0x804E2744]->[-]
       Inline - len(12) [ntoskrnl.exe] - [0x804E275C]->[-]
       Inline - len(8) [ntoskrnl.exe] - [0x804E2780]->[-]
       Inline - len(4) [ntoskrnl.exe] - [0x804E2790]->[-]
       Inline - len(20) [ntoskrnl.exe] - [0x804E27AC]->[-]
       Inline - len(4) [ntoskrnl.exe] - [0x804E27C8]->[-]
       Inline - len(12) [ntoskrnl.exe] - [0x804E27D4]->[-]
       Inline - len(4) [ntoskrnl.exe] - [0x804E2804]->[-]
       Inline - len(4) [ntoskrnl.exe] - [0x804E283C]->[-]
       Inline - len(16) [ntoskrnl.exe] - [0x804E28AC]->[-]
       Inline - len(4) [ntoskrnl.exe] - [0x804E28C4]->[-]
       Inline - len(4) [ntoskrnl.exe] - [0x804E28DC]->[-]
       Inline - len(4) [ntoskrnl.exe] - [0x804E2938]->[-]
       Inline - len(4) [ntoskrnl.exe] - [0x804E2944]->[-]
       Inline - len(4) [ntoskrnl.exe] - [0x804E297C]->[-]
       Inline - len(4) [ntoskrnl.exe] - [0x804E29B8]->[-]
       Inline - len(4) [ntoskrnl.exe] - [0x804E29E8]->[-]
       Inline - len(8) [ntoskrnl.exe] - [0x804E2A04]->[-]
       Inline - len(4) [ntoskrnl.exe] - [0x804E2A38]->[-]
       Inline - len(8) [ntoskrnl.exe] - [0x804E2A78]->[-]
       Inline - len(12) [ntoskrnl.exe] - [0x804E2A94]->[-]
       Inline - len(12) [ntoskrnl.exe] - [0x804E2AB4]->[-]
       Inline - len(4) [ntoskrnl.exe] - [0x804E2AE8]->[-]
       Inline - len(4) [ntoskrnl.exe] - [0x804E2B00]->[-]
       Inline - len(4) [ntoskrnl.exe] - [0x804E2B0C]->[-]
       Inline - len(5) [win32k.sys] - [0xBF8098F2]->[0xB89C8180][C:\WINDOWS\System32\Drivers\aswSnx.SYS]
       Inline - len(5) [win32k.sys] - [0xBF80C84E]->[0xB89C807C][C:\WINDOWS\System32\Drivers\aswSnx.SYS]
       Inline - len(5) [win32k.sys] - [0xBF8138E6]->[0xB89C8036][C:\WINDOWS\System32\Drivers\aswSnx.SYS]
       Inline - len(5) [win32k.sys] - [0xBF81C550]->[0xB89C7724][C:\WINDOWS\System32\Drivers\aswSnx.SYS]
       Inline - len(5) [win32k.sys] - [0xBF8240C0]->[0xB89C6F84][C:\WINDOWS\System32\Drivers\aswSnx.SYS]
       Inline - len(5) [win32k.sys] - [0xBF828A2A]->[0xB89C82EA][C:\WINDOWS\System32\Drivers\aswSnx.SYS]
       Inline - len(5) [win32k.sys] - [0xBF831475]->[0xB89C84F2][C:\WINDOWS\System32\Drivers\aswSnx.SYS]
       Inline - len(5) [win32k.sys] - [0xBF839EB3]->[0xB89C7F3C][C:\WINDOWS\System32\Drivers\aswSnx.SYS]
       Inline - len(5) [win32k.sys] - [0xBF851745]->[0xB89C6E66][C:\WINDOWS\System32\Drivers\aswSnx.SYS]
       Inline - len(5) [win32k.sys] - [0xBF85BC6A]->[0xB89C77E6][C:\WINDOWS\System32\Drivers\aswSnx.SYS]
       Inline - len(5) [win32k.sys] - [0xBF85E2D4]->[0xB89C7384][C:\WINDOWS\System32\Drivers\aswSnx.SYS]
       Inline - len(5) [win32k.sys] - [0xBF85E35F]->[0xB89C7562][C:\WINDOWS\System32\Drivers\aswSnx.SYS]
       Inline - len(5) [win32k.sys] - [0xBF85F5D2]->[0xB89C6E4E][C:\WINDOWS\System32\Drivers\aswSnx.SYS]
       Inline - len(5) [win32k.sys] - [0xBF8649A1]->[0xB89C80BA][C:\WINDOWS\System32\Drivers\aswSnx.SYS]
       Inline - len(5) [win32k.sys] - [0xBF873CF0]->[0xB89C751C][C:\WINDOWS\System32\Drivers\aswSnx.SYS]
       Inline - len(5) [win32k.sys] - [0xBF890FA2]->[0xB89C77FE][C:\WINDOWS\System32\Drivers\aswSnx.SYS]
       Inline - len(5) [win32k.sys] - [0xBF89454D]->[0xB89C8232][C:\WINDOWS\System32\Drivers\aswSnx.SYS]
       Inline - len(5) [win32k.sys] - [0xBF895025]->[0xB89C8450][C:\WINDOWS\System32\Drivers\aswSnx.SYS]
       Inline - len(5) [win32k.sys] - [0xBF89C3CB]->[0xB89C770C][C:\WINDOWS\System32\Drivers\aswSnx.SYS]
       Inline - len(5) [win32k.sys] - [0xBF89D960]->[0xB89C6FF4][C:\WINDOWS\System32\Drivers\aswSnx.SYS]
       Inline - len(5) [win32k.sys] - [0xBF8C1EE0]->[0xB89C7104][C:\WINDOWS\System32\Drivers\aswSnx.SYS]
       Inline - len(5) [win32k.sys] - [0xBF8CA342]->[0xB89C71AC][C:\WINDOWS\System32\Drivers\aswSnx.SYS]
       Inline - len(5) [win32k.sys] - [0xBF8CA5C2]->[0xB89C72E4][C:\WINDOWS\System32\Drivers\aswSnx.SYS]
       Inline - len(5) [win32k.sys] - [0xBF8EC017]->[0xB89C6D52][C:\WINDOWS\System32\Drivers\aswSnx.SYS]
       Inline - len(5) [win32k.sys] - [0xBF8F5016]->[0xB89C773C][C:\WINDOWS\System32\Drivers\aswSnx.SYS]
       Inline - len(5) [win32k.sys] - [0xBF913566]->[0xB89C6F22][C:\WINDOWS\System32\Drivers\aswSnx.SYS]
       Inline - len(5) [win32k.sys] - [0xBF91413A]->[0xB89C70B0][C:\WINDOWS\System32\Drivers\aswSnx.SYS]
       Inline - len(5) [win32k.sys] - [0xBF916AB3]->[0xB89C767C][C:\WINDOWS\System32\Drivers\aswSnx.SYS]
       Inline - len(5) [win32k.sys] - [0xBF946632]->[0xB89C83A8][C:\WINDOWS\System32\Drivers\aswSnx.SYS]

==========================================================================================

Object Type

       CmpCloseKeyObject - CmpKeyObjectType - OK - 0x8056AA0F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpDeleteKeyObject - CmpKeyObjectType - OK - 0x8056AAFD - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpParseKey - CmpKeyObjectType - OK - 0x80568D32 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpSecurityMethod - CmpKeyObjectType - OK - 0x8056AA61 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpQueryKeyName - CmpKeyObjectType - OK - 0x805A6D60 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IopCloseFile - IoFileObjectType - OK - 0x8056EAFF - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IopDeleteFile - IoFileObjectType - OK - 0x8056E909 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IopParseFile - IoFileObjectType - OK - 0x8057C046 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IopGetSetSecurityObject - IoFileObjectType - OK - 0x8059D50F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IopQueryName - IoFileObjectType - OK - 0x80580A61 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IopDeleteDriver - IoDriverObjectType - OK - 0x805CAB47 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - IoDriverObjectType - OK - 0x8056BC45 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IopDeleteDevice - IoDeviceObjectType - OK - 0x805A10D6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IopParseDevice - IoDeviceObjectType - OK - 0x8056EC79 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IopGetSetSecurityObject - IoDeviceObjectType - OK - 0x8059D50F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IopDeleteIoCompletion - IoCompletionObjectType - OK - 0x8059B028 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - IoCompletionObjectType - OK - 0x8056BC45 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       PspJobClose - PsJobType - OK - 0x805D7ADD - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       PspJobDelete - PsJobType - OK - 0x805D89EC - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - PsJobType - OK - 0x8056BC45 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       PspThreadDelete - PsThreadType - OK - 0x80577ACC - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - PsThreadType - OK - 0x8056BC45 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       PspProcessDelete - PsProcessType - OK - 0x80583418 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - PsProcessType - OK - 0x8056BC45 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       ObpDeleteObjectType - ObpTypeObjectType - OK - 0x8062A0FB - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - ObpTypeObjectType - OK - 0x8056BC45 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - ObpDirectoryObjectType - OK - 0x8056BC45 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       ObpDeleteSymbolicLink - ObpSymbolicLinkObjectType - OK - 0x805A033C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       ObpParseSymbolicLink - ObpSymbolicLinkObjectType - OK - 0x80565A6A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - ObpSymbolicLinkObjectType - OK - 0x8056BC45 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       MiSectionDelete - MmSectionObjectType - OK - 0x8056480B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - MmSectionObjectType - OK - 0x8056BC45 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - ExEventObjectType - OK - 0x8056BC45 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       ExpDeleteMutant - ExMutantObjectType - OK - 0x804F7A35 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - ExMutantObjectType - OK - 0x8056BC45 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - ExSemaphoreObjectType - OK - 0x8056BC45 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SepTokenDeleteMethod - SeTokenObjectType - OK - 0x8056D692 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - SeTokenObjectType - OK - 0x8056BC45 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       LpcpClosePort - LpcPortObjectType - OK - 0x8059A049 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       LpcpDeletePort - LpcPortObjectType - OK - 0x80599E37 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - LpcPortObjectType - OK - 0x8056BC45 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CloseProcedure - FilterCommunicationPort - OK - 0xF748E90A - C:\WINDOWS\system32\drivers\fltmgr.sys - Microsoft Corporation
       DeleteProcedure - FilterCommunicationPort - OK - 0xF748E190 - C:\WINDOWS\system32\drivers\fltmgr.sys - Microsoft Corporation
       SeDefaultObjectMethod - FilterCommunicationPort - OK - 0x8056BC45 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - Controller - OK - 0x8056BC45 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       DeleteProcedure - Profile - OK - 0x8064A484 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - Profile - OK - 0x8056BC45 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - EventPair - OK - 0x8056BC45 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       OpenProcedure - Desktop - OK - 0x805816E4 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CloseProcedure - Desktop - OK - 0x80583744 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       DeleteProcedure - Desktop - OK - 0x80646407 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - Desktop - OK - 0x8056BC45 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       OkayToCloseProcedure - Desktop - OK - 0x805836BD - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       DeleteProcedure - Timer - OK - 0x80501259 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - Timer - OK - 0x8056BC45 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       OpenProcedure - WindowStation - OK - 0x805816E4 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CloseProcedure - WindowStation - OK - 0x80583744 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       DeleteProcedure - WindowStation - OK - 0x80646407 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       ParseProcedure - WindowStation - OK - 0x80581757 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - WindowStation - OK - 0x8056BC45 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       OkayToCloseProcedure - WindowStation - OK - 0x805836BD - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CloseProcedure - WmiGuid - OK - 0x8058C94B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       DeleteProcedure - WmiGuid - OK - 0x8058CF61 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - WmiGuid - OK - 0x8058CD3D - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - KeyedEvent - OK - 0x8056BC45 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CloseProcedure - DebugObject - OK - 0x8065BB7D - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       DeleteProcedure - DebugObject - OK - 0x8056E288 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - DebugObject - OK - 0x8056BC45 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - Adapter - OK - 0x8056BC45 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CloseProcedure - WaitablePort - OK - 0x8059A049 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       DeleteProcedure - WaitablePort - OK - 0x80599E37 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - WaitablePort - OK - 0x8056BC45 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       DeleteProcedure - Callback - OK - 0x8056E288 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - Callback - OK - 0x8056BC45 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CloseProcedure - FilterConnectionPort - OK - 0xF748E1AA - C:\WINDOWS\system32\drivers\fltmgr.sys - Microsoft Corporation
       DeleteProcedure - FilterConnectionPort - OK - 0xF748E1CA - C:\WINDOWS\system32\drivers\fltmgr.sys - Microsoft Corporation
       SeDefaultObjectMethod - FilterConnectionPort - OK - 0x8056BC45 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       GetCellRoutine - HHIVE - OK - 0x80573253 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       ReleaseCellRoutine - HHIVE - OK - 0x8057338B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpAllocate - HHIVE - OK - 0x80590D94 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFree - HHIVE - OK - 0x80590DDB - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileSetSize - HHIVE - OK - 0x80592B2B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileWrite - HHIVE - OK - 0x80598281 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileRead - HHIVE - OK - 0x805AE7C9 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileFlush - HHIVE - OK - 0x80598173 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       GetCellRoutine - HHIVE - OK - 0x80573253 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       ReleaseCellRoutine - HHIVE - OK - 0x8057338B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpAllocate - HHIVE - OK - 0x80590D94 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFree - HHIVE - OK - 0x80590DDB - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileSetSize - HHIVE - OK - 0x80592B2B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileWrite - HHIVE - OK - 0x80598281 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileRead - HHIVE - OK - 0x805AE7C9 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileFlush - HHIVE - OK - 0x80598173 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       GetCellRoutine - HHIVE - OK - 0x80573253 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       ReleaseCellRoutine - HHIVE - OK - 0x8057338B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpAllocate - HHIVE - OK - 0x80590D94 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFree - HHIVE - OK - 0x80590DDB - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileSetSize - HHIVE - OK - 0x80592B2B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileWrite - HHIVE - OK - 0x80598281 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileRead - HHIVE - OK - 0x805AE7C9 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileFlush - HHIVE - OK - 0x80598173 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       GetCellRoutine - HHIVE - OK - 0x80573253 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       ReleaseCellRoutine - HHIVE - OK - 0x8057338B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpAllocate - HHIVE - OK - 0x80590D94 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFree - HHIVE - OK - 0x80590DDB - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileSetSize - HHIVE - OK - 0x80592B2B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileWrite - HHIVE - OK - 0x80598281 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileRead - HHIVE - OK - 0x805AE7C9 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileFlush - HHIVE - OK - 0x80598173 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       GetCellRoutine - HHIVE - OK - 0x80573253 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       ReleaseCellRoutine - HHIVE - OK - 0x8057338B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpAllocate - HHIVE - OK - 0x80590D94 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFree - HHIVE - OK - 0x80590DDB - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileSetSize - HHIVE - OK - 0x80592B2B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileWrite - HHIVE - OK - 0x80598281 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileRead - HHIVE - OK - 0x805AE7C9 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileFlush - HHIVE - OK - 0x80598173 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       GetCellRoutine - HHIVE - OK - 0x80573253 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       ReleaseCellRoutine - HHIVE - OK - 0x8057338B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpAllocate - HHIVE - OK - 0x80590D94 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFree - HHIVE - OK - 0x80590DDB - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileSetSize - HHIVE - OK - 0x80592B2B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileWrite - HHIVE - OK - 0x80598281 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileRead - HHIVE - OK - 0x805AE7C9 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileFlush - HHIVE - OK - 0x80598173 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       GetCellRoutine - HHIVE - OK - 0x80573253 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       ReleaseCellRoutine - HHIVE - OK - 0x8057338B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpAllocate - HHIVE - OK - 0x80590D94 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFree - HHIVE - OK - 0x80590DDB - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileSetSize - HHIVE - OK - 0x80592B2B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileWrite - HHIVE - OK - 0x80598281 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileRead - HHIVE - OK - 0x805AE7C9 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileFlush - HHIVE - OK - 0x80598173 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       GetCellRoutine - HHIVE - OK - 0x80573253 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       ReleaseCellRoutine - HHIVE - OK - 0x8057338B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpAllocate - HHIVE - OK - 0x80590D94 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFree - HHIVE - OK - 0x80590DDB - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileSetSize - HHIVE - OK - 0x80592B2B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileWrite - HHIVE - OK - 0x80598281 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileRead - HHIVE - OK - 0x805AE7C9 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileFlush - HHIVE - OK - 0x80598173 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       GetCellRoutine - HHIVE - OK - 0x80573253 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       ReleaseCellRoutine - HHIVE - OK - 0x8057338B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpAllocate - HHIVE - OK - 0x80590D94 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFree - HHIVE - OK - 0x80590DDB - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileSetSize - HHIVE - OK - 0x80592B2B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileWrite - HHIVE - OK - 0x80598281 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileRead - HHIVE - OK - 0x805AE7C9 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileFlush - HHIVE - OK - 0x80598173 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       GetCellRoutine - HHIVE - OK - 0x80573253 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       ReleaseCellRoutine - HHIVE - OK - 0x8057338B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpAllocate - HHIVE - OK - 0x80590D94 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFree - HHIVE - OK - 0x80590DDB - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileSetSize - HHIVE - OK - 0x80592B2B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileWrite - HHIVE - OK - 0x80598281 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileRead - HHIVE - OK - 0x805AE7C9 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileFlush - HHIVE - OK - 0x80598173 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       GetCellRoutine - HHIVE - OK - 0x805735BD - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpAllocate - HHIVE - OK - 0x80590D94 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFree - HHIVE - OK - 0x80590DDB - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileSetSize - HHIVE - OK - 0x80592B2B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileWrite - HHIVE - OK - 0x80598281 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileRead - HHIVE - OK - 0x805AE7C9 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileFlush - HHIVE - OK - 0x80598173 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       GetCellRoutine - HHIVE - OK - 0x80573253 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       ReleaseCellRoutine - HHIVE - OK - 0x8057338B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpAllocate - HHIVE - OK - 0x80590D94 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFree - HHIVE - OK - 0x80590DDB - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileSetSize - HHIVE - OK - 0x80592B2B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileWrite - HHIVE - OK - 0x80598281 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileRead - HHIVE - OK - 0x805AE7C9 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileFlush - HHIVE - OK - 0x80598173 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       GetCellRoutine - HHIVE - OK - 0x805735BD - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpAllocate - HHIVE - OK - 0x80590D94 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFree - HHIVE - OK - 0x80590DDB - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileSetSize - HHIVE - OK - 0x80592B2B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileWrite - HHIVE - OK - 0x80598281 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileRead - HHIVE - OK - 0x805AE7C9 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileFlush - HHIVE - OK - 0x80598173 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation

==========================================================================================

IDT

       Divide error - OK - 0x804DF350 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Debug - OK - 0x804DF4CB - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Not used - OK - 0x00000000 - - - 
       Breakpoint - OK - 0x804DF89D - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Overflow - OK - 0x804DFA20 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Bounds check - OK - 0x804DFB81 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Invalid opcode - OK - 0x804DFD02 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Device not available - OK - 0x804E036A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Double fault - OK - 0x00000000 - - - 
       Coprocessor segment overrun - OK - 0x804E078F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Invalid TSS - OK - 0x804E08AC - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Segment not present - OK - 0x804E09E9 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Stack segment fault - OK - 0x804E0C42 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       General protection - OK - 0x804E0F38 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Page Fault - OK - 0x804E1662 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Reserved by Intel - OK - 0x804E198F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Floating-point error - OK - 0x804E1AAC - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Alignment check - OK - 0x804E1BE2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Machine check - OK - 0x804E198F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SIMD floating point exception - OK - 0x804E1D48 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Reserved by Intel - OK - 0x804E198F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Reserved by Intel - OK - 0x804E198F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Reserved by Intel - OK - 0x804E198F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Reserved by Intel - OK - 0x804E198F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Reserved by Intel - OK - 0x804E198F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Reserved by Intel - OK - 0x804E198F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Reserved by Intel - OK - 0x804E198F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Reserved by Intel - OK - 0x804E198F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Reserved by Intel - OK - 0x804E198F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Reserved by Intel - OK - 0x804E198F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Reserved by Intel - OK - 0x804E198F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Reserved by Intel - OK - 0x806F0FD0 - C:\WINDOWS\system32\hal.dll - Microsoft Corporation
       Not used - OK - 0x00000000 - - - 
       Not used - OK - 0x00000000 - - - 
       Not used - OK - 0x00000000 - - - 
       Not used - OK - 0x00000000 - - - 
       Not used - OK - 0x00000000 - - - 
       Not used - OK - 0x00000000 - - - 
       Not used - OK - 0x00000000 - - - 
       Not used - OK - 0x00000000 - - - 
       Not used - OK - 0x00000000 - - - 
       Not used - OK - 0x00000000 - - - 
       KiGetTickCount - OK - 0x804DEB92 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiCallbackReturn - OK - 0x804DEC95 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiSetLowWaitHighThread - OK - 0x804DEE34 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiDebugService - OK - 0x804DF77C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiSystemService - OK - 0x804DE631 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Reserved for APIC - OK - 0x804E198F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiStartUnexpectedRange - OK - 0x804DDCF0 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt1 - OK - 0x804DDCFA - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt2 - OK - 0x804DDD04 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt3 - OK - 0x804DDD0E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt4 - OK - 0x804DDD18 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt5 - OK - 0x804DDD22 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt6 - OK - 0x804DDD2C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt7 - OK - 0x806F0728 - C:\WINDOWS\system32\hal.dll - Microsoft Corporation
       KiUnexpectedInterrupt8 - OK - 0x804DDD40 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt9 - OK - 0x804DDD4A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt10 - OK - 0x804DDD54 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt11 - OK - 0x804DDD5E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt12 - OK - 0x804DDD68 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt13 - OK - 0x806F1B70 - C:\WINDOWS\system32\hal.dll - Microsoft Corporation
       KiUnexpectedInterrupt14 - OK - 0x804DDD7C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt15 - OK - 0x804DDD86 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt16 - OK - 0x804DDD90 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt17 - OK - 0x806F19CC - C:\WINDOWS\system32\hal.dll - Microsoft Corporation
       KiUnexpectedInterrupt18 - OK - 0x804DDDA4 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt19 - OK - 0x804DDDAE - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt20 - OK - 0x804DDDB8 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt21 - OK - 0x804DDDC2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt22 - OK - 0x804DDDCC - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt23 - OK - 0x804DDDD6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt24 - OK - 0x804DDDE0 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt25 - OK - 0x804DDDEA - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt26 - OK - 0x804DDDF4 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt27 - OK - 0x804DDDFE - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt28 - OK - 0x804DDE08 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt29 - OK - 0x804DDE12 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt30 - OK - 0x804DDE1C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt31 - OK - 0x804DDE26 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt32 - OK - 0x806F0800 - C:\WINDOWS\system32\hal.dll - Microsoft Corporation
       KiUnexpectedInterrupt33 - OK - 0x804DDE3A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt34 - OK - 0x804DDE44 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt35 - OK - 0x804DDE4E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt36 - OK - 0x804DDE58 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt37 - OK - 0x804DDE62 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt38 - OK - 0x804DDE6C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt39 - OK - 0x804DDE76 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt40 - OK - 0x804DDE80 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt41 - OK - 0x804DDE8A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt42 - OK - 0x804DDE94 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt43 - OK - 0x804DDE9E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt44 - OK - 0x804DDEA8 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt45 - OK - 0x804DDEB2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt46 - OK - 0x804DDEBC - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt47 - OK - 0x804DDEC6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt48 - OK - 0x804DDED0 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt49 - OK - 0x804DDEDA - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt50 - idt hook - 0x89AD176C - unknown image - 
       KiUnexpectedInterrupt51 - idt hook - 0x898F2DD4 - unknown image - 
       KiUnexpectedInterrupt52 - OK - 0x804DDEF8 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt53 - OK - 0x804DDF02 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt54 - OK - 0x804DDF0C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt55 - OK - 0x804DDF16 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt56 - OK - 0x804DDF20 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt57 - OK - 0x804DDF2A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt58 - OK - 0x804DDF34 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt59 - OK - 0x804DDF3E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt60 - OK - 0x804DDF48 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt61 - OK - 0x804DDF52 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt62 - OK - 0x804DDF5C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt63 - OK - 0x804DDF66 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt64 - OK - 0x804DDF70 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt65 - OK - 0x804DDF7A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt66 - OK - 0x804DDF84 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt67 - idt hook - 0x899A0B5C - unknown image - 
       KiUnexpectedInterrupt68 - OK - 0x804DDF98 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt69 - OK - 0x804DDFA2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt70 - OK - 0x804DDFAC - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt71 - OK - 0x804DDFB6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt72 - OK - 0x804DDFC0 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt73 - OK - 0x804DDFCA - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt74 - OK - 0x804DDFD4 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt75 - OK - 0x804DDFDE - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt76 - OK - 0x804DDFE8 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt77 - OK - 0x804DDFF2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt78 - OK - 0x804DDFFC - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt79 - OK - 0x804DE006 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt80 - OK - 0x804DE010 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt81 - OK - 0x804DE01A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt82 - idt hook - 0x89B08DD4 - unknown image - 
       KiUnexpectedInterrupt83 - idt hook - 0x89AC1044 - unknown image - 
       KiUnexpectedInterrupt84 - OK - 0x804DE038 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt85 - OK - 0x804DE042 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt86 - OK - 0x804DE04C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt87 - OK - 0x804DE056 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt88 - OK - 0x804DE060 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt89 - OK - 0x804DE06A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt90 - OK - 0x804DE074 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt91 - OK - 0x804DE07E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt92 - OK - 0x804DE088 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt93 - OK - 0x804DE092 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt94 - OK - 0x804DE09C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt95 - OK - 0x804DE0A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt96 - OK - 0x804DE0B0 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt97 - OK - 0x804DE0BA - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt98 - idt hook - 0x898ECBC4 - unknown image - 
       KiUnexpectedInterrupt99 - idt hook - 0x899C4B64 - unknown image - 
       KiUnexpectedInterrupt100 - OK - 0x804DE0D8 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt101 - OK - 0x804DE0E2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt102 - OK - 0x804DE0EC - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt103 - OK - 0x804DE0F6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt104 - OK - 0x804DE100 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt105 - OK - 0x804DE10A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt106 - OK - 0x804DE114 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt107 - OK - 0x804DE11E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt108 - OK - 0x804DE128 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt109 - OK - 0x804DE132 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt110 - OK - 0x804DE13C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt111 - OK - 0x804DE146 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt112 - OK - 0x804DE150 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt113 - OK - 0x804DE15A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt114 - OK - 0x804DE164 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt115 - idt hook - 0x899C4DD4 - unknown image - 
       KiUnexpectedInterrupt116 - idt hook - 0x8978989C - unknown image - 
       KiUnexpectedInterrupt117 - OK - 0x804DE182 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt118 - OK - 0x804DE18C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt119 - OK - 0x804DE196 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt120 - OK - 0x804DE1A0 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt121 - OK - 0x804DE1AA - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt122 - OK - 0x804DE1B4 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt123 - OK - 0x804DE1BE - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt124 - OK - 0x804DE1C8 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt125 - OK - 0x804DE1D2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt126 - OK - 0x804DE1DC - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt127 - OK - 0x804DE1E6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt128 - OK - 0x804DE1F0 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt129 - idt hook - 0x89AA441C - unknown image - 
       KiUnexpectedInterrupt130 - OK - 0x804DE204 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt131 - OK - 0x804DE20E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt132 - idt hook - 0x897D09C4 - unknown image - 
       KiUnexpectedInterrupt133 - OK - 0x804DE222 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt134 - OK - 0x804DE22C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt135 - OK - 0x804DE236 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt136 - OK - 0x804DE240 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt137 - OK - 0x804DE24A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt138 - OK - 0x804DE254 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt139 - OK - 0x804DE25E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt140 - OK - 0x804DE268 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt141 - OK - 0x804DE272 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt142 - OK - 0x804DE27C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt143 - OK - 0x804DE286 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt144 - OK - 0x804DE290 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt145 - OK - 0x806F0984 - C:\WINDOWS\system32\hal.dll - Microsoft Corporation
       KiUnexpectedInterrupt146 - OK - 0x804DE2A4 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt147 - OK - 0x804DE2AE - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt148 - OK - 0x804DE2B8 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt149 - OK - 0x804DE2C2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt150 - OK - 0x804DE2CC - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt151 - OK - 0x804DE2D6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt152 - OK - 0x804DE2E0 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt153 - OK - 0x804DE2EA - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt154 - OK - 0x804DE2F4 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt155 - OK - 0x804DE2FE - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt156 - OK - 0x804DE308 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt157 - OK - 0x804DE312 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt158 - OK - 0x804DE31C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt159 - OK - 0x804DE326 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt160 - OK - 0x804DE330 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt161 - OK - 0x806EFD34 - C:\WINDOWS\system32\hal.dll - Microsoft Corporation
       KiUnexpectedInterrupt162 - OK - 0x804DE344 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt163 - OK - 0x804DE34E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt164 - OK - 0x804DE358 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt165 - OK - 0x804DE362 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt166 - OK - 0x804DE36C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt167 - OK - 0x804DE376 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt168 - OK - 0x804DE380 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt169 - OK - 0x804DE38A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt170 - OK - 0x804DE394 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt171 - OK - 0x804DE39E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt172 - OK - 0x804DE3A8 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt173 - OK - 0x804DE3B2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt174 - OK - 0x804DE3BC - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt175 - OK - 0x804DE3C6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt176 - OK - 0x804DE3D0 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt177 - OK - 0x806F0F0C - C:\WINDOWS\system32\hal.dll - Microsoft Corporation
       KiUnexpectedInterrupt178 - OK - 0x804DE3E4 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt179 - OK - 0x806F0C70 - C:\WINDOWS\system32\hal.dll - Microsoft Corporation
       KiUnexpectedInterrupt180 - OK - 0x804DE3F8 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt181 - OK - 0x804DE402 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt182 - OK - 0x804DE40C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt183 - OK - 0x804DE416 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt184 - OK - 0x804DE420 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt185 - OK - 0x804DE42A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt186 - OK - 0x804DE434 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt187 - OK - 0x804DE43E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt188 - OK - 0x804DE448 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt189 - OK - 0x804DE452 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt190 - OK - 0x804DE459 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt191 - OK - 0x804DE460 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt192 - OK - 0x804DE467 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt193 - OK - 0x804DE46E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt194 - OK - 0x804DE475 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt195 - OK - 0x804DE47C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt196 - OK - 0x804DE483 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt197 - OK - 0x804DE48A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt198 - OK - 0x804DE491 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt199 - OK - 0x804DE498 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt200 - OK - 0x804DE49F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt201 - OK - 0x804DE4A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt202 - OK - 0x804DE4AD - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt203 - OK - 0x804DE4B4 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt204 - OK - 0x804DE4BB - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt205 - OK - 0x806F1464 - C:\WINDOWS\system32\hal.dll - Microsoft Corporation
       KiUnexpectedInterrupt206 - OK - 0x806F1604 - C:\WINDOWS\system32\hal.dll - Microsoft Corporation
       KiUnexpectedInterrupt207 - OK - 0x804DE4D0 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation

==========================================================================================

Message Hook

       notepad.exe - C:\WINDOWS\system32\notepad.exe - WH_KEYBOARD - notepad.exe
       explorer.exe - C:\WINDOWS\explorer.exe - WH_MOUSE - explorer.exe
       ctfmon.exe - C:\WINDOWS\system32\ctfmon.exe - WH_SHELL - ctfmon.exe
       ctfmon.exe - C:\WINDOWS\system32\ctfmon.exe - WH_GETMESSAGE - ctfmon.exe
       ctfmon.exe - C:\WINDOWS\system32\ctfmon.exe - WH_CBT - ctfmon.exe
       ctfmon.exe - C:\WINDOWS\system32\ctfmon.exe - WH_KEYBOARD - ctfmon.exe
       ctfmon.exe - C:\WINDOWS\system32\ctfmon.exe - WH_MOUSE - ctfmon.exe
       explorer.exe - C:\WINDOWS\explorer.exe - WH_KEYBOARD - explorer.exe
       explorer.exe - C:\WINDOWS\explorer.exe - WH_MOUSE - explorer.exe
       AvastUI.exe - C:\Program Files\Alwil Software\Avast5\AvastUI.exe - WH_MSGFILTER - mfc90u.dll
       explorer.exe - C:\WINDOWS\explorer.exe - WH_KEYBOARD - explorer.exe
       soffice.bin - C:\Program Files\OpenOffice.org 3\program\soffice.bin - WH_KEYBOARD - soffice.bin
       soffice.bin - C:\Program Files\OpenOffice.org 3\program\soffice.bin - WH_MOUSE - soffice.bin
       soffice.bin - C:\Program Files\OpenOffice.org 3\program\soffice.bin - WH_KEYBOARD - soffice.bin
       soffice.bin - C:\Program Files\OpenOffice.org 3\program\soffice.bin - WH_MOUSE - soffice.bin
       SpywareTerminatorShield.Exe - C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe - WH_KEYBOARD - SpywareTerminatorShield.Exe
       SpywareTerminatorShield.Exe - C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe - WH_MOUSE - SpywareTerminatorShield.Exe
       SpywareTerminatorUpdate.exe - C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe - WH_KEYBOARD - SpywareTerminatorUpdate.exe
       SpywareTerminatorUpdate.exe - C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe - WH_MOUSE - SpywareTerminatorUpdate.exe
       explorer.exe - C:\WINDOWS\explorer.exe - WH_KEYBOARD - explorer.exe
       explorer.exe - C:\WINDOWS\explorer.exe - WH_MOUSE - explorer.exe
       explorer.exe - C:\WINDOWS\explorer.exe - WH_KEYBOARD - explorer.exe
       explorer.exe - C:\WINDOWS\explorer.exe - WH_MOUSE - explorer.exe
       soffice.bin - C:\Program Files\OpenOffice.org 3\program\soffice.bin - WH_KEYBOARD - soffice.bin
       soffice.bin - C:\Program Files\OpenOffice.org 3\program\soffice.bin - WH_MOUSE - soffice.bin
       AvastUI.exe - C:\Program Files\Alwil Software\Avast5\AvastUI.exe - WH_KEYBOARD - AvastUI.exe
       AvastUI.exe - C:\Program Files\Alwil Software\Avast5\AvastUI.exe - WH_MOUSE - AvastUI.exe
       notepad.exe - C:\WINDOWS\system32\notepad.exe - WH_MOUSE - notepad.exe
       AvastUI.exe - C:\Program Files\Alwil Software\Avast5\AvastUI.exe - WH_KEYBOARD - AvastUI.exe
       AvastUI.exe - C:\Program Files\Alwil Software\Avast5\AvastUI.exe - WH_CBT - mfc90u.dll
       notepad.exe - C:\WINDOWS\system32\notepad.exe - WH_KEYBOARD - notepad.exe
       notepad.exe - C:\WINDOWS\system32\notepad.exe - WH_MOUSE - notepad.exe
       wuauclt.exe - C:\WINDOWS\system32\wuauclt.exe - WH_MOUSE - wuauclt.exe
       wuauclt.exe - C:\WINDOWS\system32\wuauclt.exe - WH_MOUSE - wuauclt.exe
       wuauclt.exe - C:\WINDOWS\system32\wuauclt.exe - WH_KEYBOARD - wuauclt.exe
       AvastUI.exe - C:\Program Files\Alwil Software\Avast5\AvastUI.exe - WH_MOUSE - AvastUI.exe
       wuauclt.exe - C:\WINDOWS\system32\wuauclt.exe - WH_KEYBOARD - wuauclt.exe
       WinRAR.exe - C:\Program Files\WinRAR\WinRAR.exe - WH_KEYBOARD - WinRAR.exe
       XueTr.exe - C:\DOCUME~1\Zuzana\LOCALS~1\Temp\Rar$EX00.546\XueTr.exe - WH_CBT - mfc42u.dll
       explorer.exe - C:\WINDOWS\explorer.exe - WH_KEYBOARD - explorer.exe
       WinRAR.exe - C:\Program Files\WinRAR\WinRAR.exe - WH_MOUSE - WinRAR.exe
       explorer.exe - C:\WINDOWS\explorer.exe - WH_MOUSE - explorer.exe
       XueTr.exe - C:\DOCUME~1\Zuzana\LOCALS~1\Temp\Rar$EX00.546\XueTr.exe - WH_MSGFILTER - mfc42u.dll

==========================================================================================

Process Hook

      Image File Name[688 winlogon.exe]Process Hook
             inline - len(5) ntdll.dll->LdrLoadDll - 0x7C91632D->0x000701F8
             inline - len(5) ntdll.dll->LdrUnloadDll - 0x7C9171CD->0x000703FC
             inline - len(1) ntdll.dll - 0x7C916865->_
             inline - len(1) kernel32.dll - 0x7C868D8C->_
             inline - len(5) ADVAPI32.dll->ChangeServiceConfig2A - 0x77E27101->0x00300C0C
             inline - len(5) ADVAPI32.dll->ChangeServiceConfig2W - 0x77E27189->0x00300E10
             inline - len(5) ADVAPI32.dll->ChangeServiceConfigA - 0x77E26E69->0x00300804
             inline - len(5) ADVAPI32.dll->ChangeServiceConfigW - 0x77E27001->0x00300A08
             inline - len(5) ADVAPI32.dll->CreateServiceA - 0x77E27211->0x003001F8
             inline - len(5) ADVAPI32.dll->CreateServiceW - 0x77E273A9->0x003003FC
             inline - len(5) ADVAPI32.dll->DeleteService - 0x77E274B1->0x00300600
             inline - len(5) ADVAPI32.dll->SetServiceObjectSecurity - 0x77E26D81->0x00301014
             inline - len(5) USER32.dll->SetWinEventHook - 0x7E3817F7->0x003101F8
             inline - len(5) USER32.dll->SetWindowsHookExA - 0x7E381211->0x00310600
             inline - len(5) USER32.dll->SetWindowsHookExW - 0x7E37820F->0x00310804
             inline - len(5) USER32.dll->UnhookWinEvent - 0x7E3818AC->0x003103FC
             inline - len(5) USER32.dll->UnhookWindowsHookEx - 0x7E37D5F3->0x00310A08

------------------------------------------------------------------------------------------

      Image File Name[128 soffice.exe]Process Hook
             inline - len(5) ntdll.dll->LdrLoadDll - 0x7C91632D->0x001601F8
             inline - len(5) ntdll.dll->LdrUnloadDll - 0x7C9171CD->0x001603FC
             inline - len(1) ntdll.dll - 0x7C916865->_
             inline - len(1) kernel32.dll - 0x7C868D8C->_
             inline - len(5) USER32.dll->SetWinEventHook - 0x7E3817F7->0x003F01F8
             inline - len(5) USER32.dll->SetWindowsHookExA - 0x7E381211->0x003F0600
             inline - len(5) USER32.dll->SetWindowsHookExW - 0x7E37820F->0x003F0804
             inline - len(5) USER32.dll->UnhookWinEvent - 0x7E3818AC->0x003F03FC
             inline - len(5) USER32.dll->UnhookWindowsHookEx - 0x7E37D5F3->0x003F0A08
             inline - len(5) ADVAPI32.dll->ChangeServiceConfig2A - 0x77E27101->0x00ED0C0C
             inline - len(5) ADVAPI32.dll->ChangeServiceConfig2W - 0x77E27189->0x00ED0E10
             inline - len(5) ADVAPI32.dll->ChangeServiceConfigA - 0x77E26E69->0x00ED0804
             inline - len(5) ADVAPI32.dll->ChangeServiceConfigW - 0x77E27001->0x00ED0A08
             inline - len(5) ADVAPI32.dll->CreateServiceA - 0x77E27211->0x00ED01F8
             inline - len(5) ADVAPI32.dll->CreateServiceW - 0x77E273A9->0x00ED03FC
             inline - len(5) ADVAPI32.dll->DeleteService - 0x77E274B1->0x00ED0600
             inline - len(5) ADVAPI32.dll->SetServiceObjectSecurity - 0x77E26D81->0x00ED1014

------------------------------------------------------------------------------------------

      Image File Name[180 soffice.bin]Process Hook
             inline - len(5) ntdll.dll->LdrLoadDll - 0x7C91632D->0x000501F8
             inline - len(5) ntdll.dll->LdrUnloadDll - 0x7C9171CD->0x000503FC
             inline - len(1) ntdll.dll - 0x7C916865->_
             inline - len(1) kernel32.dll - 0x7C868D8C->_
             inline - len(5) USER32.dll->SetWinEventHook - 0x7E3817F7->0x03CF01F8
             inline - len(5) USER32.dll->SetWindowsHookExA - 0x7E381211->0x03CF0600
             inline - len(5) USER32.dll->SetWindowsHookExW - 0x7E37820F->0x03CF0804
             inline - len(5) USER32.dll->UnhookWinEvent - 0x7E3818AC->0x03CF03FC
             inline - len(5) USER32.dll->UnhookWindowsHookEx - 0x7E37D5F3->0x03CF0A08
             inline - len(5) ADVAPI32.dll->ChangeServiceConfig2A - 0x77E27101->0x03D00C0C
             inline - len(5) ADVAPI32.dll->ChangeServiceConfig2W - 0x77E27189->0x03D00E10
             inline - len(5) ADVAPI32.dll->ChangeServiceConfigA - 0x77E26E69->0x03D00804
             inline - len(5) ADVAPI32.dll->ChangeServiceConfigW - 0x77E27001->0x03D00A08
             inline - len(5) ADVAPI32.dll->CreateServiceA - 0x77E27211->0x03D001F8
             inline - len(5) ADVAPI32.dll->CreateServiceW - 0x77E273A9->0x03D003FC
             inline - len(5) ADVAPI32.dll->DeleteService - 0x77E274B1->0x03D00600
             inline - len(5) ADVAPI32.dll->SetServiceObjectSecurity - 0x77E26D81->0x03D01014

------------------------------------------------------------------------------------------

      Image File Name[1620 AvastSvc.exe]Process Hook
             inline - len(1) ntdll.dll - 0x7C916865->_
             inline - len(4) kernel32.dll->SetUnhandledExceptionFilter - 0x7C84495D->_
             inline - len(1) kernel32.dll - 0x7C868D8C->_
             inline - len(1) aswCmnBS.dll - 0x64C9F58B->_
             inline - len(1) aswCmnBS.dll - 0x64C9F698->_
             Iat - USER32.dll->KERNEL32.dll:LoadLibraryExW - 0x7C801AF5->0x64C8F6A0[C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll]
             inline - len(1) ashBase.dll - 0x64515412->_

------------------------------------------------------------------------------------------

      Image File Name[1928 rundll32.exe]Process Hook
             inline - len(5) ntdll.dll->LdrLoadDll - 0x7C91632D->0x000901F8
             inline - len(5) ntdll.dll->LdrUnloadDll - 0x7C9171CD->0x000903FC
             inline - len(1) ntdll.dll - 0x7C916865->_
             inline - len(1) kernel32.dll - 0x7C868D8C->_
             inline - len(5) USER32.dll->SetWinEventHook - 0x7E3817F7->0x003001F8
             inline - len(5) USER32.dll->SetWindowsHookExA - 0x7E381211->0x00300600
             inline - len(5) USER32.dll->SetWindowsHookExW - 0x7E37820F->0x00300804
             inline - len(5) USER32.dll->UnhookWinEvent - 0x7E3818AC->0x003003FC
             inline - len(5) USER32.dll->UnhookWindowsHookEx - 0x7E37D5F3->0x00300A08
             inline - len(5) ADVAPI32.dll->ChangeServiceConfig2A - 0x77E27101->0x00310C0C
             inline - len(5) ADVAPI32.dll->ChangeServiceConfig2W - 0x77E27189->0x00310E10
             inline - len(5) ADVAPI32.dll->ChangeServiceConfigA - 0x77E26E69->0x00310804
             inline - len(5) ADVAPI32.dll->ChangeServiceConfigW - 0x77E27001->0x00310A08
             inline - len(5) ADVAPI32.dll->CreateServiceA - 0x77E27211->0x003101F8
             inline - len(5) ADVAPI32.dll->CreateServiceW - 0x77E273A9->0x003103FC
             inline - len(5) ADVAPI32.dll->DeleteService - 0x77E274B1->0x00310600
             inline - len(5) ADVAPI32.dll->SetServiceObjectSecurity - 0x77E26D81->0x00311014

------------------------------------------------------------------------------------------

      Image File Name[1956 Updater.exe]Process Hook
             inline - len(5) ntdll.dll->LdrLoadDll - 0x7C91632D->0x001501F8
             inline - len(5) ntdll.dll->LdrUnloadDll - 0x7C9171CD->0x001503FC
             inline - len(1) ntdll.dll - 0x7C916865->_
             inline - len(1) kernel32.dll - 0x7C868D8C->_
             inline - len(5) USER32.dll->SetWinEventHook - 0x7E3817F7->0x003F01F8
             inline - len(5) USER32.dll->SetWindowsHookExA - 0x7E381211->0x003F0600
             inline - len(5) USER32.dll->SetWindowsHookExW - 0x7E37820F->0x003F0804
             inline - len(5) USER32.dll->UnhookWinEvent - 0x7E3818AC->0x003F03FC
             inline - len(5) USER32.dll->UnhookWindowsHookEx - 0x7E37D5F3->0x003F0A08
             inline - len(5) ADVAPI32.dll->ChangeServiceConfig2A - 0x77E27101->0x00560C0C
             inline - len(5) ADVAPI32.dll->ChangeServiceConfig2W - 0x77E27189->0x00560E10
             inline - len(5) ADVAPI32.dll->ChangeServiceConfigA - 0x77E26E69->0x00560804
             inline - len(5) ADVAPI32.dll->ChangeServiceConfigW - 0x77E27001->0x00560A08
             inline - len(5) ADVAPI32.dll->CreateServiceA - 0x77E27211->0x005601F8
             inline - len(5) ADVAPI32.dll->CreateServiceW - 0x77E273A9->0x005603FC
             inline - len(5) ADVAPI32.dll->DeleteService - 0x77E274B1->0x00560600
             inline - len(5) ADVAPI32.dll->SetServiceObjectSecurity - 0x77E26D81->0x00561014

------------------------------------------------------------------------------------------

      Image File Name[1944 SpywareTerminatorShield.Exe]Process Hook
             inline - len(3) SpywareTerminatorShield.exe - 0x004500FA->_
             inline - len(5) ntdll.dll->LdrLoadDll - 0x7C91632D->0x001501F8
             inline - len(5) ntdll.dll->LdrUnloadDll - 0x7C9171CD->0x001503FC
             inline - len(1) ntdll.dll - 0x7C916865->_
             inline - len(1) kernel32.dll - 0x7C868D8C->_
             inline - len(5) ADVAPI32.dll->ChangeServiceConfig2A - 0x77E27101->0x003E0C0C
             inline - len(5) ADVAPI32.dll->ChangeServiceConfig2W - 0x77E27189->0x003E0E10
             inline - len(5) ADVAPI32.dll->ChangeServiceConfigA - 0x77E26E69->0x003E0804
             inline - len(5) ADVAPI32.dll->ChangeServiceConfigW - 0x77E27001->0x003E0A08
             inline - len(5) ADVAPI32.dll->CreateServiceA - 0x77E27211->0x003E01F8
             inline - len(5) ADVAPI32.dll->CreateServiceW - 0x77E273A9->0x003E03FC
             inline - len(5) ADVAPI32.dll->DeleteService - 0x77E274B1->0x003E0600
             inline - len(5) ADVAPI32.dll->SetServiceObjectSecurity - 0x77E26D81->0x003E1014
             inline - len(5) USER32.dll->SetWinEventHook - 0x7E3817F7->0x003F01F8
             inline - len(5) USER32.dll->SetWindowsHookExA - 0x7E381211->0x003F0600
             inline - len(5) USER32.dll->SetWindowsHookExW - 0x7E37820F->0x003F0804
             inline - len(5) USER32.dll->UnhookWinEvent - 0x7E3818AC->0x003F03FC
             inline - len(5) USER32.dll->UnhookWindowsHookEx - 0x7E37D5F3->0x003F0A08

------------------------------------------------------------------------------------------

      Image File Name[988 svchost.exe]Process Hook
             inline - len(5) ntdll.dll->LdrLoadDll - 0x7C91632D->0x000901F8
             inline - len(5) ntdll.dll->LdrUnloadDll - 0x7C9171CD->0x000903FC
             inline - len(1) ntdll.dll - 0x7C916865->_
             inline - len(1) kernel32.dll - 0x7C868D8C->_
             inline - len(5) ADVAPI32.dll->ChangeServiceConfig2A - 0x77E27101->0x00300C0C
             inline - len(5) ADVAPI32.dll->ChangeServiceConfig2W - 0x77E27189->0x00300E10
             inline - len(5) ADVAPI32.dll->ChangeServiceConfigA - 0x77E26E69->0x00300804
             inline - len(5) ADVAPI32.dll->ChangeServiceConfigW - 0x77E27001->0x00300A08
             inline - len(5) ADVAPI32.dll->CreateServiceA - 0x77E27211->0x003001F8
             inline - len(5) ADVAPI32.dll->CreateServiceW - 0x77E273A9->0x003003FC
             inline - len(5) ADVAPI32.dll->DeleteService - 0x77E274B1->0x00300600
             inline - len(5) ADVAPI32.dll->SetServiceObjectSecurity - 0x77E26D81->0x00301014
             inline - len(5) USER32.dll->SetWinEventHook - 0x7E3817F7->0x003101F8
             inline - len(5) USER32.dll->SetWindowsHookExA - 0x7E381211->0x00310600
             inline - len(5) USER32.dll->SetWindowsHookExW - 0x7E37820F->0x00310804
             inline - len(5) USER32.dll->UnhookWinEvent - 0x7E3818AC->0x003103FC
             inline - len(5) USER32.dll->UnhookWindowsHookEx - 0x7E37D5F3->0x00310A08

------------------------------------------------------------------------------------------

      Image File Name[732 services.exe]Process Hook
             Iat - services.exe->ADVAPI32.dll:CreateProcessAsUserW - 0x77DDA8A9->0x00630002
             Iat - services.exe->KERNEL32.dll:CreateProcessW - 0x7C802336->0x00630000
             inline - len(5) ntdll.dll->LdrLoadDll - 0x7C91632D->0x000901F8
             inline - len(5) ntdll.dll->LdrUnloadDll - 0x7C9171CD->0x000903FC
             inline - len(1) ntdll.dll - 0x7C916865->_
             inline - len(1) kernel32.dll - 0x7C868D8C->_
             inline - len(5) ADVAPI32.dll->ChangeServiceConfig2A - 0x77E27101->0x00300C0C
             inline - len(5) ADVAPI32.dll->ChangeServiceConfig2W - 0x77E27189->0x00300E10
             inline - len(5) ADVAPI32.dll->ChangeServiceConfigA - 0x77E26E69->0x00300804
             inline - len(5) ADVAPI32.dll->ChangeServiceConfigW - 0x77E27001->0x00300A08
             inline - len(5) ADVAPI32.dll->CreateServiceA - 0x77E27211->0x003001F8
             inline - len(5) ADVAPI32.dll->CreateServiceW - 0x77E273A9->0x003003FC
             inline - len(5) ADVAPI32.dll->DeleteService - 0x77E274B1->0x00300600
             inline - len(5) ADVAPI32.dll->SetServiceObjectSecurity - 0x77E26D81->0x00301014
             inline - len(5) USER32.dll->SetWinEventHook - 0x7E3817F7->0x003101F8
             inline - len(5) USER32.dll->SetWindowsHookExA - 0x7E381211->0x00310600
             inline - len(5) USER32.dll->SetWindowsHookExW - 0x7E37820F->0x00310804
             inline - len(5) USER32.dll->UnhookWinEvent - 0x7E3818AC->0x003103FC
             inline - len(5) USER32.dll->UnhookWindowsHookEx - 0x7E37D5F3->0x00310A08

------------------------------------------------------------------------------------------

      Image File Name[1988 SpywareTerminatorUpdate.exe]Process Hook
             inline - len(5) ntdll.dll->LdrLoadDll - 0x7C91632D->0x001501F8
             inline - len(5) ntdll.dll->LdrUnloadDll - 0x7C9171CD->0x001503FC
             inline - len(1) ntdll.dll - 0x7C916865->_
             inline - len(1) kernel32.dll - 0x7C868D8C->_
             inline - len(5) ADVAPI32.dll->ChangeServiceConfig2A - 0x77E27101->0x003F0C0C
             inline - len(5) ADVAPI32.dll->ChangeServiceConfig2W - 0x77E27189->0x003F0E10
             inline - len(5) ADVAPI32.dll->ChangeServiceConfigA - 0x77E26E69->0x003F0804
             inline - len(5) ADVAPI32.dll->ChangeServiceConfigW - 0x77E27001->0x003F0A08
             inline - len(5) ADVAPI32.dll->CreateServiceA - 0x77E27211->0x003F01F8
             inline - len(5) ADVAPI32.dll->CreateServiceW - 0x77E273A9->0x003F03FC
             inline - len(5) ADVAPI32.dll->DeleteService - 0x77E274B1->0x003F0600
             inline - len(5) ADVAPI32.dll->SetServiceObjectSecurity - 0x77E26D81->0x003F1014
             inline - len(5) USER32.dll->SetWinEventHook - 0x7E3817F7->0x007401F8
             inline - len(5) USER32.dll->SetWindowsHookExA - 0x7E381211->0x00740600
             inline - len(5) USER32.dll->SetWindowsHookExW - 0x7E37820F->0x00740804
             inline - len(5) USER32.dll->UnhookWinEvent - 0x7E3818AC->0x007403FC
             inline - len(5) USER32.dll->UnhookWindowsHookEx - 0x7E37D5F3->0x00740A08

------------------------------------------------------------------------------------------

      Image File Name[4020 wuauclt.exe]Process Hook
             inline - len(5) ntdll.dll->LdrLoadDll - 0x7C91632D->0x000A01F8
             inline - len(5) ntdll.dll->LdrUnloadDll - 0x7C9171CD->0x000A03FC
             inline - len(1) ntdll.dll - 0x7C916865->_
             inline - len(1) kernel32.dll - 0x7C868D8C->_
             inline - len(5) ADVAPI32.dll->ChangeServiceConfig2A - 0x77E27101->0x00380C0C
             inline - len(5) ADVAPI32.dll->ChangeServiceConfig2W - 0x77E27189->0x00380E10
             inline - len(5) ADVAPI32.dll->ChangeServiceConfigA - 0x77E26E69->0x00380804
             inline - len(5) ADVAPI32.dll->ChangeServiceConfigW - 0x77E27001->0x00380A08
             inline - len(5) ADVAPI32.dll->CreateServiceA - 0x77E27211->0x003801F8
             inline - len(5) ADVAPI32.dll->CreateServiceW - 0x77E273A9->0x003803FC
             inline - len(5) ADVAPI32.dll->DeleteService - 0x77E274B1->0x00380600
             inline - len(5) ADVAPI32.dll->SetServiceObjectSecurity - 0x77E26D81->0x00381014
             inline - len(5) USER32.dll->SetWinEventHook - 0x7E3817F7->0x003901F8
             inline - len(5) USER32.dll->SetWindowsHookExA - 0x7E381211->0x00390600
             inline - len(5) USER32.dll->SetWindowsHookExW - 0x7E37820F->0x00390804
             inline - len(5) USER32.dll->UnhookWinEvent - 0x7E3818AC->0x003903FC
             inline - len(5) USER32.dll->UnhookWindowsHookEx - 0x7E37D5F3->0x00390A08

------------------------------------------------------------------------------------------

      Image File Name[272 svchost.exe]Process Hook
             inline - len(5) ntdll.dll->LdrLoadDll - 0x7C91632D->0x000901F8
             inline - len(5) ntdll.dll->LdrUnloadDll - 0x7C9171CD->0x000903FC
             inline - len(1) ntdll.dll - 0x7C916865->_
             inline - len(1) kernel32.dll - 0x7C868D8C->_
             inline - len(5) ADVAPI32.dll->ChangeServiceConfig2A - 0x77E27101->0x00300C0C
             inline - len(5) ADVAPI32.dll->ChangeServiceConfig2W - 0x77E27189->0x00300E10
             inline - len(5) ADVAPI32.dll->ChangeServiceConfigA - 0x77E26E69->0x00300804
             inline - len(5) ADVAPI32.dll->ChangeServiceConfigW - 0x77E27001->0x00300A08
             inline - len(5) ADVAPI32.dll->CreateServiceA - 0x77E27211->0x003001F8
             inline - len(5) ADVAPI32.dll->CreateServiceW - 0x77E273A9->0x003003FC
             inline - len(5) ADVAPI32.dll->DeleteService - 0x77E274B1->0x00300600
             inline - len(5) ADVAPI32.dll->SetServiceObjectSecurity - 0x77E26D81->0x00301014
             inline - len(5) USER32.dll->SetWinEventHook - 0x7E3817F7->0x003101F8
             inline - len(5) USER32.dll->SetWindowsHookExA - 0x7E381211->0x00310600
             inline - len(5) USER32.dll->SetWindowsHookExW - 0x7E37820F->0x00310804
             inline - len(5) USER32.dll->UnhookWinEvent - 0x7E3818AC->0x003103FC
             inline - len(5) USER32.dll->UnhookWindowsHookEx - 0x7E37D5F3->0x00310A08

------------------------------------------------------------------------------------------

      Image File Name[884 sp_rsser.exe]Process Hook
             inline - len(5) ntdll.dll->LdrLoadDll - 0x7C91632D->0x001401F8
             inline - len(5) ntdll.dll->LdrUnloadDll - 0x7C9171CD->0x001403FC
             inline - len(1) ntdll.dll - 0x7C916865->_
             inline - len(1) kernel32.dll - 0x7C868D8C->_
             inline - len(5) ADVAPI32.dll->ChangeServiceConfig2A - 0x77E27101->0x003D0C0C
             inline - len(5) ADVAPI32.dll->ChangeServiceConfig2W - 0x77E27189->0x003D0E10
             inline - len(5) ADVAPI32.dll->ChangeServiceConfigA - 0x77E26E69->0x003D0804
             inline - len(5) ADVAPI32.dll->ChangeServiceConfigW - 0x77E27001->0x003D0A08
             inline - len(5) ADVAPI32.dll->CreateServiceA - 0x77E27211->0x003D01F8
             inline - len(5) ADVAPI32.dll->CreateServiceW - 0x77E273A9->0x003D03FC
             inline - len(5) ADVAPI32.dll->DeleteService - 0x77E274B1->0x003D0600
             inline - len(5) ADVAPI32.dll->SetServiceObjectSecurity - 0x77E26D81->0x003D1014
             inline - len(5) USER32.dll->SetWinEventHook - 0x7E3817F7->0x003E01F8
             inline - len(5) USER32.dll->SetWindowsHookExA - 0x7E381211->0x003E0600
             inline - len(5) USER32.dll->SetWindowsHookExW - 0x7E37820F->0x003E0804
             inline - len(5) USER32.dll->UnhookWinEvent - 0x7E3818AC->0x003E03FC
             inline - len(5) USER32.dll->UnhookWindowsHookEx - 0x7E37D5F3->0x003E0A08

------------------------------------------------------------------------------------------

      Image File Name[1084 svchost.exe]Process Hook
             inline - len(5) ntdll.dll->LdrLoadDll - 0x7C91632D->0x000901F8
             inline - len(5) ntdll.dll->LdrUnloadDll - 0x7C9171CD->0x000903FC
             inline - len(1) ntdll.dll - 0x7C916865->_
             inline - len(1) kernel32.dll - 0x7C868D8C->_
             inline - len(5) ADVAPI32.dll->ChangeServiceConfig2A - 0x77E27101->0x00300C0C
             inline - len(5) ADVAPI32.dll->ChangeServiceConfig2W - 0x77E27189->0x00300E10
             inline - len(5) ADVAPI32.dll->ChangeServiceConfigA - 0x77E26E69->0x00300804
             inline - len(5) ADVAPI32.dll->ChangeServiceConfigW - 0x77E27001->0x00300A08
             inline - len(5) ADVAPI32.dll->CreateServiceA - 0x77E27211->0x003001F8
             inline - len(5) ADVAPI32.dll->CreateServiceW - 0x77E273A9->0x003003FC
             inline - len(5) ADVAPI32.dll->DeleteService - 0x77E274B1->0x00300600
             inline - len(5) ADVAPI32.dll->SetServiceObjectSecurity - 0x77E26D81->0x00301014
             inline - len(5) USER32.dll->SetWinEventHook - 0x7E3817F7->0x003101F8
             inline - len(5) USER32.dll->SetWindowsHookExA - 0x7E381211->0x00310600
             inline - len(5) USER32.dll->SetWindowsHookExW - 0x7E37820F->0x00310804
             inline - len(5) USER32.dll->UnhookWinEvent - 0x7E3818AC->0x003103FC
             inline - len(5) USER32.dll->UnhookWindowsHookEx - 0x7E37D5F3->0x00310A08

------------------------------------------------------------------------------------------

      Image File Name[744 lsass.exe]Process Hook
             inline - len(5) ntdll.dll->LdrLoadDll - 0x7C91632D->0x000901F8
             inline - len(5) ntdll.dll->LdrUnloadDll - 0x7C9171CD->0x000903FC
             inline - len(1) ntdll.dll - 0x7C916865->_
             inline - len(1) kernel32.dll - 0x7C868D8C->_
             inline - len(5) ADVAPI32.dll->ChangeServiceConfig2A - 0x77E27101->0x00300C0C
             inline - len(5) ADVAPI32.dll->ChangeServiceConfig2W - 0x77E27189->0x00300E10
             inline - len(5) ADVAPI32.dll->ChangeServiceConfigA - 0x77E26E69->0x00300804
             inline - len(5) ADVAPI32.dll->ChangeServiceConfigW - 0x77E27001->0x00300A08
             inline - len(5) ADVAPI32.dll->CreateServiceA - 0x77E27211->0x003001F8
             inline - len(5) ADVAPI32.dll->CreateServiceW - 0x77E273A9->0x003003FC
             inline - len(5) ADVAPI32.dll->DeleteService - 0x77E274B1->0x00300600
             inline - len(5) ADVAPI32.dll->SetServiceObjectSecurity - 0x77E26D81->0x00301014
             inline - len(5) USER32.dll->SetWinEventHook - 0x7E3817F7->0x003101F8
             inline - len(5) USER32.dll->SetWindowsHookExA - 0x7E381211->0x00310600
             inline - len(5) USER32.dll->SetWindowsHookExW - 0x7E37820F->0x00310804
             inline - len(5) USER32.dll->UnhookWinEvent - 0x7E3818AC->0x003103FC
             inline - len(5) USER32.dll->UnhookWindowsHookEx - 0x7E37D5F3->0x00310A08

------------------------------------------------------------------------------------------

      Image File Name[1636 explorer.exe]Process Hook
             Iat - Explorer.EXE->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - Explorer.EXE->SHELL32.dll:[Ordinal:518] - 0x7C9C0000->0x7CA40226[C:\WINDOWS\system32\SHELL32.dll]
             inline - len(5) ntdll.dll->LdrLoadDll - 0x7C91632D->0x000901F8
             inline - len(5) ntdll.dll->LdrUnloadDll - 0x7C9171CD->0x000903FC
             inline - len(1) ntdll.dll - 0x7C916865->_
             inline - len(1) kernel32.dll - 0x7C868D8C->_
             Iat - snxhk.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - ADVAPI32.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             inline - len(5) ADVAPI32.dll->ChangeServiceConfig2A - 0x77E27101->0x00380C0C
             inline - len(5) ADVAPI32.dll->ChangeServiceConfig2W - 0x77E27189->0x00380E10
             inline - len(5) ADVAPI32.dll->ChangeServiceConfigA - 0x77E26E69->0x00380804
             inline - len(5) ADVAPI32.dll->ChangeServiceConfigW - 0x77E27001->0x00380A08
             inline - len(5) ADVAPI32.dll->CreateServiceA - 0x77E27211->0x003801F8
             inline - len(5) ADVAPI32.dll->CreateServiceW - 0x77E273A9->0x003803FC
             inline - len(5) ADVAPI32.dll->DeleteService - 0x77E274B1->0x00380600
             inline - len(5) ADVAPI32.dll->SetServiceObjectSecurity - 0x77E26D81->0x00381014
             Iat - RPCRT4.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - Secur32.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - BROWSEUI.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - GDI32.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - USER32.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             inline - len(5) USER32.dll->SetWinEventHook - 0x7E3817F7->0x003901F8
             inline - len(5) USER32.dll->SetWindowsHookExA - 0x7E381211->0x00390600
             inline - len(5) USER32.dll->SetWindowsHookExW - 0x7E37820F->0x00390804
             inline - len(5) USER32.dll->UnhookWinEvent - 0x7E3818AC->0x003903FC
             inline - len(5) USER32.dll->UnhookWindowsHookEx - 0x7E37D5F3->0x00390A08
             Iat - msvcrt.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - ole32.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - SHLWAPI.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - OLEAUT32.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - SHDOCVW.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - CRYPT32.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - MSASN1.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - CRYPTUI.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - NETAPI32.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - VERSION.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - WININET.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - urlmon.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - iertutil.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - WINTRUST.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - IMAGEHLP.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - WLDAP32.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - SHELL32.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - UxTheme.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - WINMM.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - MSACM32.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - USERENV.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - IMM32.DLL->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - comctl32.dll[WinSxs]->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - comctl32.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - msctfime.ime->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - appHelp.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - CLBCATQ.DLL->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - ashShell.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - msi.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - cscui.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - CSCDLL.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - themeui.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - msutb.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - MSCTF.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - SETUPAPI.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - LINKINFO.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - ntshrui.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - ATL.DLL->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - MLANG.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - ieframe.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - NETSHELL.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - credui.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - WTSAPI32.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - eappcfg.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - iphlpapi.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - WS2_32.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - WS2HELP.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - rsaenh.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - webcheck.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - stobject.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - BatMeter.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - WPDShServiceObj.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - WINHTTP.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - mydocs.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - PortableDeviceTypes.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - PortableDeviceApi.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - wdmaud.drv->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - wzcdlg.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - WZCSAPI.DLL->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - MPR.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - ntlanman.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - NETUI0.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - davclnt.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - DUSER.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - RASAPI32.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - rasman.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - TAPI32.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - msv1_0.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - zipfldr.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - zipfldr.dll->SHLWAPI.dll:[Ordinal:486] - 0x77F6C2A7->0x77FC020B[C:\WINDOWS\system32\SHLWAPI.dll]
             Iat - rarext.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - rarlng.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - actxprxy.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - NTMARTA.DLL->KERNEL32.dll:GetProcAddress - 0x7C80AE40->0x5D067774[C:\WINDOWS\system32\ShimEng.dll]

------------------------------------------------------------------------------------------

      Image File Name[616 smss.exe]Process Hook
             inline - len(1) ntdll.dll - 0x7C916865->_

------------------------------------------------------------------------------------------

      Image File Name[664 csrss.exe]Process Hook
             inline - len(1) ntdll.dll - 0x7C916865->_
             inline - len(1) KERNEL32.dll - 0x7C868D8C->_

------------------------------------------------------------------------------------------

      Image File Name[1308 svchost.exe]Process Hook
             inline - len(5) ntdll.dll->LdrLoadDll - 0x7C91632D->0x000901F8
             inline - len(5) ntdll.dll->LdrUnloadDll - 0x7C9171CD->0x000903FC
             inline - len(1) ntdll.dll - 0x7C916865->_
             inline - len(1) kernel32.dll - 0x7C868D8C->_
             inline - len(5) ADVAPI32.dll->ChangeServiceConfig2A - 0x77E27101->0x00300C0C
             inline - len(5) ADVAPI32.dll->ChangeServiceConfig2W - 0x77E27189->0x00300E10
             inline - len(5) ADVAPI32.dll->ChangeServiceConfigA - 0x77E26E69->0x00300804
             inline - len(5) ADVAPI32.dll->ChangeServiceConfigW - 0x77E27001->0x00300A08
             inline - len(5) ADVAPI32.dll->CreateServiceA - 0x77E27211->0x003001F8
             inline - len(5) ADVAPI32.dll->CreateServiceW - 0x77E273A9->0x003003FC
             inline - len(5) ADVAPI32.dll->DeleteService - 0x77E274B1->0x00300600
             inline - len(5) ADVAPI32.dll->SetServiceObjectSecurity - 0x77E26D81->0x00301014
             inline - len(5) USER32.dll->SetWinEventHook - 0x7E3817F7->0x003101F8
             inline - len(5) USER32.dll->SetWindowsHookExA - 0x7E381211->0x00310600
             inline - len(5) USER32.dll->SetWindowsHookExW - 0x7E37820F->0x00310804
             inline - len(5) USER32.dll->UnhookWinEvent - 0x7E3818AC->0x003103FC
             inline - len(5) USER32.dll->UnhookWindowsHookEx - 0x7E37D5F3->0x00310A08

------------------------------------------------------------------------------------------

      Image File Name[912 svchost.exe]Process Hook
             inline - len(5) ntdll.dll->LdrLoadDll - 0x7C91632D->0x000901F8
             inline - len(5) ntdll.dll->LdrUnloadDll - 0x7C9171CD->0x000903FC
             inline - len(1) ntdll.dll - 0x7C916865->_
             inline - len(1) kernel32.dll - 0x7C868D8C->_
             inline - len(5) ADVAPI32.dll->ChangeServiceConfig2A - 0x77E27101->0x00300C0C
             inline - len(5) ADVAPI32.dll->ChangeServiceConfig2W - 0x77E27189->0x00300E10
             inline - len(5) ADVAPI32.dll->ChangeServiceConfigA - 0x77E26E69->0x00300804
             inline - len(5) ADVAPI32.dll->ChangeServiceConfigW - 0x77E27001->0x00300A08
             inline - len(5) ADVAPI32.dll->CreateServiceA - 0x77E27211->0x003001F8
             inline - len(5) ADVAPI32.dll->CreateServiceW - 0x77E273A9->0x003003FC
             inline - len(5) ADVAPI32.dll->DeleteService - 0x77E274B1->0x00300600
             inline - len(5) ADVAPI32.dll->SetServiceObjectSecurity - 0x77E26D81->0x00301014
             inline - len(5) USER32.dll->SetWinEventHook - 0x7E3817F7->0x003101F8
             inline - len(5) USER32.dll->SetWindowsHookExA - 0x7E381211->0x00310600
             inline - len(5) USER32.dll->SetWindowsHookExW - 0x7E37820F->0x00310804
             inline - len(5) USER32.dll->UnhookWinEvent - 0x7E3818AC->0x003103FC
             inline - len(5) USER32.dll->UnhookWindowsHookEx - 0x7E37D5F3->0x00310A08

------------------------------------------------------------------------------------------

      Image File Name[1156 svchost.exe]Process Hook
             inline - len(5) ntdll.dll->LdrLoadDll - 0x7C91632D->0x000901F8
             inline - len(5) ntdll.dll->LdrUnloadDll - 0x7C9171CD->0x000903FC
             inline - len(1) ntdll.dll - 0x7C916865->_
             inline - len(1) kernel32.dll - 0x7C868D8C->_
             inline - len(5) ADVAPI32.dll->ChangeServiceConfig2A - 0x77E27101->0x00300C0C
             inline - len(5) ADVAPI32.dll->ChangeServiceConfig2W - 0x77E27189->0x00300E10
             inline - len(5) ADVAPI32.dll->ChangeServiceConfigA - 0x77E26E69->0x00300804
             inline - len(5) ADVAPI32.dll->ChangeServiceConfigW - 0x77E27001->0x00300A08
             inline - len(5) ADVAPI32.dll->CreateServiceA - 0x77E27211->0x003001F8
             inline - len(5) ADVAPI32.dll->CreateServiceW - 0x77E273A9->0x003003FC
             inline - len(5) ADVAPI32.dll->DeleteService - 0x77E274B1->0x00300600
             inline - len(5) ADVAPI32.dll->SetServiceObjectSecurity - 0x77E26D81->0x00301014
             inline - len(5) USER32.dll->SetWinEventHook - 0x7E3817F7->0x003101F8
             inline - len(5) USER32.dll->SetWindowsHookExA - 0x7E381211->0x00310600
             inline - len(5) USER32.dll->SetWindowsHookExW - 0x7E37820F->0x00310804
             inline - len(5) USER32.dll->UnhookWinEvent - 0x7E3818AC->0x003103FC
             inline - len(5) USER32.dll->UnhookWindowsHookEx - 0x7E37D5F3->0x00310A08

------------------------------------------------------------------------------------------

      Image File Name[1912 AvastUI.exe]Process Hook
             inline - len(1) ntdll.dll - 0x7C916865->_
             inline - len(1) kernel32.dll - 0x7C868D8C->_
             Iat - USER32.dll->KERNEL32.dll:LoadLibraryExW - 0x7C801AF5->0x64C8F6A0[C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll]

------------------------------------------------------------------------------------------

      Image File Name[1672 spoolsv.exe]Process Hook
             inline - len(5) ntdll.dll->LdrLoadDll - 0x7C91632D->0x000901F8
             inline - len(5) ntdll.dll->LdrUnloadDll - 0x7C9171CD->0x000903FC
             inline - len(1) ntdll.dll - 0x7C916865->_
             inline - len(1) kernel32.dll - 0x7C868D8C->_
             inline - len(5) ADVAPI32.dll->ChangeServiceConfig2A - 0x77E27101->0x00300C0C
             inline - len(5) ADVAPI32.dll->ChangeServiceConfig2W - 0x77E27189->0x00300E10
             inline - len(5) ADVAPI32.dll->ChangeServiceConfigA - 0x77E26E69->0x00300804
             inline - len(5) ADVAPI32.dll->ChangeServiceConfigW - 0x77E27001->0x00300A08
             inline - len(5) ADVAPI32.dll->CreateServiceA - 0x77E27211->0x003001F8
             inline - len(5) ADVAPI32.dll->CreateServiceW - 0x77E273A9->0x003003FC
             inline - len(5) ADVAPI32.dll->DeleteService - 0x77E274B1->0x00300600
             inline - len(5) ADVAPI32.dll->SetServiceObjectSecurity - 0x77E26D81->0x00301014
             inline - len(5) USER32.dll->SetWinEventHook - 0x7E3817F7->0x003101F8
             inline - len(5) USER32.dll->SetWindowsHookExA - 0x7E381211->0x00310600
             inline - len(5) USER32.dll->SetWindowsHookExW - 0x7E37820F->0x00310804
             inline - len(5) USER32.dll->UnhookWinEvent - 0x7E3818AC->0x003103FC
             inline - len(5) USER32.dll->UnhookWindowsHookEx - 0x7E37D5F3->0x00310A08

------------------------------------------------------------------------------------------

      Image File Name[3584 XueTr.exe]Process Hook
             inline - len(5) ntdll.dll->LdrLoadDll - 0x7C91632D->0x001501F8
             inline - len(5) ntdll.dll->LdrUnloadDll - 0x7C9171CD->0x001503FC
             inline - len(1) ntdll.dll - 0x7C916865->_
             inline - len(5) kernel32.dll->LoadLibraryExW - 0x7C801AF5->0x00408A80[C:\DOCUME~1\Zuzana\LOCALS~1\Temp\Rar$EX00.546\XueTr.exe]
             inline - len(1) kernel32.dll - 0x7C868D8C->_
             inline - len(5) USER32.dll->SetWinEventHook - 0x7E3817F7->0x003F01F8
             inline - len(5) USER32.dll->SetWindowsHookExA - 0x7E381211->0x003F0600
             inline - len(5) USER32.dll->SetWindowsHookExW - 0x7E37820F->0x003F0804
             inline - len(5) USER32.dll->UnhookWinEvent - 0x7E3818AC->0x003F03FC
             inline - len(5) USER32.dll->UnhookWindowsHookEx - 0x7E37D5F3->0x003F0A08
             inline - len(5) ADVAPI32.dll->ChangeServiceConfig2A - 0x77E27101->0x00660C0C
             inline - len(5) ADVAPI32.dll->ChangeServiceConfig2W - 0x77E27189->0x00660E10
             inline - len(5) ADVAPI32.dll->ChangeServiceConfigA - 0x77E26E69->0x00660804
             inline - len(5) ADVAPI32.dll->ChangeServiceConfigW - 0x77E27001->0x00660A08
             inline - len(5) ADVAPI32.dll->CreateServiceA - 0x77E27211->0x006601F8
             inline - len(5) ADVAPI32.dll->CreateServiceW - 0x77E273A9->0x006603FC
             inline - len(5) ADVAPI32.dll->DeleteService - 0x77E274B1->0x00660600
             inline - len(5) ADVAPI32.dll->SetServiceObjectSecurity - 0x77E26D81->0x00661014

------------------------------------------------------------------------------------------

      Image File Name[2000 ctfmon.exe]Process Hook
             inline - len(5) ntdll.dll->LdrLoadDll - 0x7C91632D->0x000A01F8
             inline - len(5) ntdll.dll->LdrUnloadDll - 0x7C9171CD->0x000A03FC
             inline - len(1) ntdll.dll - 0x7C916865->_
             inline - len(1) kernel32.dll - 0x7C868D8C->_
             inline - len(5) ADVAPI32.dll->ChangeServiceConfig2A - 0x77E27101->0x00380C0C
             inline - len(5) ADVAPI32.dll->ChangeServiceConfig2W - 0x77E27189->0x00380E10
             inline - len(5) ADVAPI32.dll->ChangeServiceConfigA - 0x77E26E69->0x00380804
             inline - len(5) ADVAPI32.dll->ChangeServiceConfigW - 0x77E27001->0x00380A08
             inline - len(5) ADVAPI32.dll->CreateServiceA - 0x77E27211->0x003801F8
             inline - len(5) ADVAPI32.dll->CreateServiceW - 0x77E273A9->0x003803FC
             inline - len(5) ADVAPI32.dll->DeleteService - 0x77E274B1->0x00380600
             inline - len(5) ADVAPI32.dll->SetServiceObjectSecurity - 0x77E26D81->0x00381014
             inline - len(5) USER32.dll->SetWinEventHook - 0x7E3817F7->0x003901F8
             inline - len(5) USER32.dll->SetWindowsHookExA - 0x7E381211->0x00390600
             inline - len(5) USER32.dll->SetWindowsHookExW - 0x7E37820F->0x00390804
             inline - len(5) USER32.dll->UnhookWinEvent - 0x7E3818AC->0x003903FC
             inline - len(5) USER32.dll->UnhookWindowsHookEx - 0x7E37D5F3->0x00390A08

------------------------------------------------------------------------------------------

      Image File Name[2200 WinRAR.exe]Process Hook
             inline - len(5) ntdll.dll->LdrLoadDll - 0x7C91632D->0x001501F8
             inline - len(5) ntdll.dll->LdrUnloadDll - 0x7C9171CD->0x001503FC
             inline - len(1) ntdll.dll - 0x7C916865->_
             inline - len(1) kernel32.dll - 0x7C868D8C->_
             inline - len(5) ADVAPI32.dll->ChangeServiceConfig2A - 0x77E27101->0x003E0C0C
             inline - len(5) ADVAPI32.dll->ChangeServiceConfig2W - 0x77E27189->0x003E0E10
             inline - len(5) ADVAPI32.dll->ChangeServiceConfigA - 0x77E26E69->0x003E0804
             inline - len(5) ADVAPI32.dll->ChangeServiceConfigW - 0x77E27001->0x003E0A08
             inline - len(5) ADVAPI32.dll->CreateServiceA - 0x77E27211->0x003E01F8
             inline - len(5) ADVAPI32.dll->CreateServiceW - 0x77E273A9->0x003E03FC
             inline - len(5) ADVAPI32.dll->DeleteService - 0x77E274B1->0x003E0600
             inline - len(5) ADVAPI32.dll->SetServiceObjectSecurity - 0x77E26D81->0x003E1014
             inline - len(5) USER32.dll->SetWinEventHook - 0x7E3817F7->0x003F01F8
             inline - len(5) USER32.dll->SetWindowsHookExA - 0x7E381211->0x003F0600
             inline - len(5) USER32.dll->SetWindowsHookExW - 0x7E37820F->0x003F0804
             inline - len(5) USER32.dll->UnhookWinEvent - 0x7E3818AC->0x003F03FC
             inline - len(5) USER32.dll->UnhookWindowsHookEx - 0x7E37D5F3->0x003F0A08

------------------------------------------------------------------------------------------

      Image File Name[3380 notepad.exe]Process Hook
             inline - len(5) ntdll.dll->LdrLoadDll - 0x7C91632D->0x000A01F8
             inline - len(5) ntdll.dll->LdrUnloadDll - 0x7C9171CD->0x000A03FC
             inline - len(1) ntdll.dll - 0x7C916865->_
             inline - len(1) kernel32.dll - 0x7C868D8C->_
             inline - len(5) ADVAPI32.dll->ChangeServiceConfig2A - 0x77E27101->0x00310C0C
             inline - len(5) ADVAPI32.dll->ChangeServiceConfig2W - 0x77E27189->0x00310E10
             inline - len(5) ADVAPI32.dll->ChangeServiceConfigA - 0x77E26E69->0x00310804
             inline - len(5) ADVAPI32.dll->ChangeServiceConfigW - 0x77E27001->0x00310A08
             inline - len(5) ADVAPI32.dll->CreateServiceA - 0x77E27211->0x003101F8
             inline - len(5) ADVAPI32.dll->CreateServiceW - 0x77E273A9->0x003103FC
             inline - len(5) ADVAPI32.dll->DeleteService - 0x77E274B1->0x00310600
             inline - len(5) ADVAPI32.dll->SetServiceObjectSecurity - 0x77E26D81->0x00311014
             inline - len(5) USER32.dll->SetWinEventHook - 0x7E3817F7->0x003201F8
             inline - len(5) USER32.dll->SetWindowsHookExA - 0x7E381211->0x00320600
             inline - len(5) USER32.dll->SetWindowsHookExW - 0x7E37820F->0x00320804
             inline - len(5) USER32.dll->UnhookWinEvent - 0x7E3818AC->0x003203FC
             inline - len(5) USER32.dll->UnhookWindowsHookEx - 0x7E37D5F3->0x00320A08

------------------------------------------------------------------------------------------

      Image File Name[2888 alg.exe]Process Hook
             inline - len(5) ntdll.dll->LdrLoadDll - 0x7C91632D->0x000901F8
             inline - len(5) ntdll.dll->LdrUnloadDll - 0x7C9171CD->0x000903FC
             inline - len(1) ntdll.dll - 0x7C916865->_
             inline - len(1) kernel32.dll - 0x7C868D8C->_
             inline - len(5) USER32.dll->SetWinEventHook - 0x7E3817F7->0x003001F8
             inline - len(5) USER32.dll->SetWindowsHookExA - 0x7E381211->0x00300600
             inline - len(5) USER32.dll->SetWindowsHookExW - 0x7E37820F->0x00300804
             inline - len(5) USER32.dll->UnhookWinEvent - 0x7E3818AC->0x003003FC
             inline - len(5) USER32.dll->UnhookWindowsHookEx - 0x7E37D5F3->0x00300A08
             inline - len(5) ADVAPI32.dll->ChangeServiceConfig2A - 0x77E27101->0x00310C0C
             inline - len(5) ADVAPI32.dll->ChangeServiceConfig2W - 0x77E27189->0x00310E10
             inline - len(5) ADVAPI32.dll->ChangeServiceConfigA - 0x77E26E69->0x00310804
             inline - len(5) ADVAPI32.dll->ChangeServiceConfigW - 0x77E27001->0x00310A08
             inline - len(5) ADVAPI32.dll->CreateServiceA - 0x77E27211->0x003101F8
             inline - len(5) ADVAPI32.dll->CreateServiceW - 0x77E273A9->0x003103FC
             inline - len(5) ADVAPI32.dll->DeleteService - 0x77E274B1->0x00310600
             inline - len(5) ADVAPI32.dll->SetServiceObjectSecurity - 0x77E26D81->0x00311014

------------------------------------------------------------------------------------------

      Image File Name[3956 notepad.exe]Process Hook
             inline - len(5) ntdll.dll->LdrLoadDll - 0x7C91632D->0x000A01F8
             inline - len(5) ntdll.dll->LdrUnloadDll - 0x7C9171CD->0x000A03FC
             inline - len(1) ntdll.dll - 0x7C916865->_
             inline - len(1) kernel32.dll - 0x7C868D8C->_
             inline - len(5) ADVAPI32.dll->ChangeServiceConfig2A - 0x77E27101->0x00310C0C
             inline - len(5) ADVAPI32.dll->ChangeServiceConfig2W - 0x77E27189->0x00310E10
             inline - len(5) ADVAPI32.dll->ChangeServiceConfigA - 0x77E26E69->0x00310804
             inline - len(5) ADVAPI32.dll->ChangeServiceConfigW - 0x77E27001->0x00310A08
             inline - len(5) ADVAPI32.dll->CreateServiceA - 0x77E27211->0x003101F8
             inline - len(5) ADVAPI32.dll->CreateServiceW - 0x77E273A9->0x003103FC
             inline - len(5) ADVAPI32.dll->DeleteService - 0x77E274B1->0x00310600
             inline - len(5) ADVAPI32.dll->SetServiceObjectSecurity - 0x77E26D81->0x00311014
             inline - len(5) USER32.dll->SetWinEventHook - 0x7E3817F7->0x003201F8
             inline - len(5) USER32.dll->SetWindowsHookExA - 0x7E381211->0x00320600
             inline - len(5) USER32.dll->SetWindowsHookExW - 0x7E37820F->0x00320804
             inline - len(5) USER32.dll->UnhookWinEvent - 0x7E3818AC->0x003203FC
             inline - len(5) USER32.dll->UnhookWindowsHookEx - 0x7E37D5F3->0x00320A08

==========================================================================================

KernelCallbackTable

      Image File Name[4 System]KernelCallbackTable

------------------------------------------------------------------------------------------

      Image File Name[688 winlogon.exe]KernelCallbackTable
             fnCOPYDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnCOPYGLOBALDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnNCDESTROY - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORDOPTINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTDRAG - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINCNTOUTSTRING - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCOMPAREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDELETEITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDRAWITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPMDICREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPMEASUREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPWINDOWPOS - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPPOINT5 - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNCCALCSIZE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINPAINTCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSIZECLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINDESTROYCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINDEVICECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNEXTMENU - OK - C:\WINDOWS\system32\USER32.dll
             fnLOGONNOTIFY - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTDWORDINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnSENTDDEMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTSTYLECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTACTIVATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPDEBUGHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMOUSEHOOKSTRUCTEX - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPKBDLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkOPTINLPEVENTMSG - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientEventCallback - OK - C:\WINDOWS\system32\USER32.dll
             ClientFindMnemChar - OK - C:\WINDOWS\system32\USER32.dll
             ClientFontSweep - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeDDEHandle - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetCharsetInfo - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEFlags - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEHookData - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetListboxString - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetMessageMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadMenu - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLocalT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadRemoteT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientPSMTextOut - OK - C:\WINDOWS\system32\USER32.dll
             ClientLpkDrawTextEx - OK - C:\WINDOWS\system32\USER32.dll
             ClientExtTextOutW - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetTextExtentPointW - OK - C:\WINDOWS\system32\USER32.dll
             ClientCharToWchar - OK - C:\WINDOWS\system32\USER32.dll
             ClientAddFontResourceW - OK - C:\WINDOWS\system32\USER32.dll
             ClientThreadSetup - OK - C:\WINDOWS\system32\USER32.dll
             ClientDeliverUserApc - OK - C:\WINDOWS\system32\USER32.dll
             ClientNoMemoryPopup - OK - C:\WINDOWS\system32\USER32.dll
             ClientMonitorEnumProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientCallWinEventProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientWaitMessageExMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWGetProcModule - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWTask16SchedNotify - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmLoadLayout - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmProcessKey - OK - C:\WINDOWS\system32\USER32.dll
             fnIMECONTROL - OK - C:\WINDOWS\system32\USER32.dll
             fnINWPARAMDBCSCHAR - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPKDRAWSWITCHWND - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadStringW - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadOLE - OK - C:\WINDOWS\system32\USER32.dll
             ClientRegisterDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             ClientRevokeDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTMENUGETOBJECT - OK - C:\WINDOWS\system32\USER32.dll
             ClientPrinterThunk - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPCOMBOBOXINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPSCROLLBARINFO - OK - C:\WINDOWS\system32\USER32.dll

------------------------------------------------------------------------------------------

      Image File Name[128 soffice.exe]KernelCallbackTable
             fnCOPYDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnCOPYGLOBALDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnNCDESTROY - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORDOPTINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTDRAG - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINCNTOUTSTRING - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCOMPAREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDELETEITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDRAWITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPMDICREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPMEASUREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPWINDOWPOS - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPPOINT5 - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNCCALCSIZE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINPAINTCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSIZECLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINDESTROYCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINDEVICECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNEXTMENU - OK - C:\WINDOWS\system32\USER32.dll
             fnLOGONNOTIFY - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTDWORDINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnSENTDDEMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTSTYLECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTACTIVATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPDEBUGHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMOUSEHOOKSTRUCTEX - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPKBDLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkOPTINLPEVENTMSG - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientEventCallback - OK - C:\WINDOWS\system32\USER32.dll
             ClientFindMnemChar - OK - C:\WINDOWS\system32\USER32.dll
             ClientFontSweep - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeDDEHandle - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetCharsetInfo - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEFlags - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEHookData - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetListboxString - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetMessageMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadMenu - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLocalT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadRemoteT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientPSMTextOut - OK - C:\WINDOWS\system32\USER32.dll
             ClientLpkDrawTextEx - OK - C:\WINDOWS\system32\USER32.dll
             ClientExtTextOutW - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetTextExtentPointW - OK - C:\WINDOWS\system32\USER32.dll
             ClientCharToWchar - OK - C:\WINDOWS\system32\USER32.dll
             ClientAddFontResourceW - OK - C:\WINDOWS\system32\USER32.dll
             ClientThreadSetup - OK - C:\WINDOWS\system32\USER32.dll
             ClientDeliverUserApc - OK - C:\WINDOWS\system32\USER32.dll
             ClientNoMemoryPopup - OK - C:\WINDOWS\system32\USER32.dll
             ClientMonitorEnumProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientCallWinEventProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientWaitMessageExMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWGetProcModule - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWTask16SchedNotify - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmLoadLayout - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmProcessKey - OK - C:\WINDOWS\system32\USER32.dll
             fnIMECONTROL - OK - C:\WINDOWS\system32\USER32.dll
             fnINWPARAMDBCSCHAR - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPKDRAWSWITCHWND - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadStringW - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadOLE - OK - C:\WINDOWS\system32\USER32.dll
             ClientRegisterDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             ClientRevokeDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTMENUGETOBJECT - OK - C:\WINDOWS\system32\USER32.dll
             ClientPrinterThunk - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPCOMBOBOXINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPSCROLLBARINFO - OK - C:\WINDOWS\system32\USER32.dll

------------------------------------------------------------------------------------------

      Image File Name[180 soffice.bin]KernelCallbackTable
             fnCOPYDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnCOPYGLOBALDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnNCDESTROY - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORDOPTINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTDRAG - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINCNTOUTSTRING - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCOMPAREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDELETEITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDRAWITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPMDICREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPMEASUREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPWINDOWPOS - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPPOINT5 - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNCCALCSIZE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINPAINTCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSIZECLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINDESTROYCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINDEVICECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNEXTMENU - OK - C:\WINDOWS\system32\USER32.dll
             fnLOGONNOTIFY - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTDWORDINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnSENTDDEMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTSTYLECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTACTIVATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPDEBUGHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMOUSEHOOKSTRUCTEX - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPKBDLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkOPTINLPEVENTMSG - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientEventCallback - OK - C:\WINDOWS\system32\USER32.dll
             ClientFindMnemChar - OK - C:\WINDOWS\system32\USER32.dll
             ClientFontSweep - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeDDEHandle - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetCharsetInfo - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEFlags - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEHookData - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetListboxString - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetMessageMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadMenu - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLocalT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadRemoteT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientPSMTextOut - OK - C:\WINDOWS\system32\USER32.dll
             ClientLpkDrawTextEx - OK - C:\WINDOWS\system32\USER32.dll
             ClientExtTextOutW - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetTextExtentPointW - OK - C:\WINDOWS\system32\USER32.dll
             ClientCharToWchar - OK - C:\WINDOWS\system32\USER32.dll
             ClientAddFontResourceW - OK - C:\WINDOWS\system32\USER32.dll
             ClientThreadSetup - OK - C:\WINDOWS\system32\USER32.dll
             ClientDeliverUserApc - OK - C:\WINDOWS\system32\USER32.dll
             ClientNoMemoryPopup - OK - C:\WINDOWS\system32\USER32.dll
             ClientMonitorEnumProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientCallWinEventProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientWaitMessageExMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWGetProcModule - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWTask16SchedNotify - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmLoadLayout - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmProcessKey - OK - C:\WINDOWS\system32\USER32.dll
             fnIMECONTROL - OK - C:\WINDOWS\system32\USER32.dll
             fnINWPARAMDBCSCHAR - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPKDRAWSWITCHWND - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadStringW - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadOLE - OK - C:\WINDOWS\system32\USER32.dll
             ClientRegisterDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             ClientRevokeDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTMENUGETOBJECT - OK - C:\WINDOWS\system32\USER32.dll
             ClientPrinterThunk - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPCOMBOBOXINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPSCROLLBARINFO - OK - C:\WINDOWS\system32\USER32.dll

------------------------------------------------------------------------------------------

      Image File Name[1620 AvastSvc.exe]KernelCallbackTable
             fnCOPYDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnCOPYGLOBALDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnNCDESTROY - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORDOPTINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTDRAG - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINCNTOUTSTRING - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCOMPAREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDELETEITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDRAWITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPMDICREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPMEASUREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPWINDOWPOS - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPPOINT5 - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNCCALCSIZE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINPAINTCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSIZECLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINDESTROYCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINDEVICECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNEXTMENU - OK - C:\WINDOWS\system32\USER32.dll
             fnLOGONNOTIFY - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTDWORDINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnSENTDDEMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTSTYLECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTACTIVATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPDEBUGHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMOUSEHOOKSTRUCTEX - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPKBDLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkOPTINLPEVENTMSG - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientEventCallback - OK - C:\WINDOWS\system32\USER32.dll
             ClientFindMnemChar - OK - C:\WINDOWS\system32\USER32.dll
             ClientFontSweep - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeDDEHandle - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetCharsetInfo - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEFlags - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEHookData - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetListboxString - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetMessageMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadMenu - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLocalT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadRemoteT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientPSMTextOut - OK - C:\WINDOWS\system32\USER32.dll
             ClientLpkDrawTextEx - OK - C:\WINDOWS\system32\USER32.dll
             ClientExtTextOutW - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetTextExtentPointW - OK - C:\WINDOWS\system32\USER32.dll
             ClientCharToWchar - OK - C:\WINDOWS\system32\USER32.dll
             ClientAddFontResourceW - OK - C:\WINDOWS\system32\USER32.dll
             ClientThreadSetup - OK - C:\WINDOWS\system32\USER32.dll
             ClientDeliverUserApc - OK - C:\WINDOWS\system32\USER32.dll
             ClientNoMemoryPopup - OK - C:\WINDOWS\system32\USER32.dll
             ClientMonitorEnumProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientCallWinEventProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientWaitMessageExMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWGetProcModule - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWTask16SchedNotify - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmLoadLayout - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmProcessKey - OK - C:\WINDOWS\system32\USER32.dll
             fnIMECONTROL - OK - C:\WINDOWS\system32\USER32.dll
             fnINWPARAMDBCSCHAR - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPKDRAWSWITCHWND - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadStringW - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadOLE - OK - C:\WINDOWS\system32\USER32.dll
             ClientRegisterDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             ClientRevokeDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTMENUGETOBJECT - OK - C:\WINDOWS\system32\USER32.dll
             ClientPrinterThunk - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPCOMBOBOXINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPSCROLLBARINFO - OK - C:\WINDOWS\system32\USER32.dll

------------------------------------------------------------------------------------------

      Image File Name[1928 rundll32.exe]KernelCallbackTable
             fnCOPYDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnCOPYGLOBALDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnNCDESTROY - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORDOPTINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTDRAG - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINCNTOUTSTRING - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCOMPAREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDELETEITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDRAWITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPMDICREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPMEASUREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPWINDOWPOS - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPPOINT5 - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNCCALCSIZE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINPAINTCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSIZECLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINDESTROYCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINDEVICECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNEXTMENU - OK - C:\WINDOWS\system32\USER32.dll
             fnLOGONNOTIFY - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTDWORDINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnSENTDDEMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTSTYLECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTACTIVATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPDEBUGHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMOUSEHOOKSTRUCTEX - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPKBDLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkOPTINLPEVENTMSG - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientEventCallback - OK - C:\WINDOWS\system32\USER32.dll
             ClientFindMnemChar - OK - C:\WINDOWS\system32\USER32.dll
             ClientFontSweep - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeDDEHandle - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetCharsetInfo - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEFlags - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEHookData - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetListboxString - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetMessageMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadMenu - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLocalT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadRemoteT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientPSMTextOut - OK - C:\WINDOWS\system32\USER32.dll
             ClientLpkDrawTextEx - OK - C:\WINDOWS\system32\USER32.dll
             ClientExtTextOutW - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetTextExtentPointW - OK - C:\WINDOWS\system32\USER32.dll
             ClientCharToWchar - OK - C:\WINDOWS\system32\USER32.dll
             ClientAddFontResourceW - OK - C:\WINDOWS\system32\USER32.dll
             ClientThreadSetup - OK - C:\WINDOWS\system32\USER32.dll
             ClientDeliverUserApc - OK - C:\WINDOWS\system32\USER32.dll
             ClientNoMemoryPopup - OK - C:\WINDOWS\system32\USER32.dll
             ClientMonitorEnumProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientCallWinEventProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientWaitMessageExMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWGetProcModule - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWTask16SchedNotify - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmLoadLayout - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmProcessKey - OK - C:\WINDOWS\system32\USER32.dll
             fnIMECONTROL - OK - C:\WINDOWS\system32\USER32.dll
             fnINWPARAMDBCSCHAR - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPKDRAWSWITCHWND - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadStringW - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadOLE - OK - C:\WINDOWS\system32\USER32.dll
             ClientRegisterDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             ClientRevokeDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTMENUGETOBJECT - OK - C:\WINDOWS\system32\USER32.dll
             ClientPrinterThunk - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPCOMBOBOXINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPSCROLLBARINFO - OK - C:\WINDOWS\system32\USER32.dll

------------------------------------------------------------------------------------------

      Image File Name[1956 Updater.exe]KernelCallbackTable
             fnCOPYDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnCOPYGLOBALDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnNCDESTROY - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORDOPTINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTDRAG - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINCNTOUTSTRING - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCOMPAREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDELETEITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDRAWITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPMDICREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPMEASUREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPWINDOWPOS - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPPOINT5 - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNCCALCSIZE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINPAINTCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSIZECLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINDESTROYCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINDEVICECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNEXTMENU - OK - C:\WINDOWS\system32\USER32.dll
             fnLOGONNOTIFY - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTDWORDINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnSENTDDEMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTSTYLECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTACTIVATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPDEBUGHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMOUSEHOOKSTRUCTEX - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPKBDLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkOPTINLPEVENTMSG - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientEventCallback - OK - C:\WINDOWS\system32\USER32.dll
             ClientFindMnemChar - OK - C:\WINDOWS\system32\USER32.dll
             ClientFontSweep - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeDDEHandle - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetCharsetInfo - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEFlags - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEHookData - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetListboxString - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetMessageMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadMenu - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLocalT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadRemoteT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientPSMTextOut - OK - C:\WINDOWS\system32\USER32.dll
             ClientLpkDrawTextEx - OK - C:\WINDOWS\system32\USER32.dll
             ClientExtTextOutW - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetTextExtentPointW - OK - C:\WINDOWS\system32\USER32.dll
             ClientCharToWchar - OK - C:\WINDOWS\system32\USER32.dll
             ClientAddFontResourceW - OK - C:\WINDOWS\system32\USER32.dll
             ClientThreadSetup - OK - C:\WINDOWS\system32\USER32.dll
             ClientDeliverUserApc - OK - C:\WINDOWS\system32\USER32.dll
             ClientNoMemoryPopup - OK - C:\WINDOWS\system32\USER32.dll
             ClientMonitorEnumProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientCallWinEventProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientWaitMessageExMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWGetProcModule - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWTask16SchedNotify - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmLoadLayout - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmProcessKey - OK - C:\WINDOWS\system32\USER32.dll
             fnIMECONTROL - OK - C:\WINDOWS\system32\USER32.dll
             fnINWPARAMDBCSCHAR - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPKDRAWSWITCHWND - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadStringW - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadOLE - OK - C:\WINDOWS\system32\USER32.dll
             ClientRegisterDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             ClientRevokeDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTMENUGETOBJECT - OK - C:\WINDOWS\system32\USER32.dll
             ClientPrinterThunk - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPCOMBOBOXINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPSCROLLBARINFO - OK - C:\WINDOWS\system32\USER32.dll

------------------------------------------------------------------------------------------

      Image File Name[1944 SpywareTerminatorShield.Exe]KernelCallbackTable
             fnCOPYDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnCOPYGLOBALDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnNCDESTROY - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORDOPTINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTDRAG - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINCNTOUTSTRING - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCOMPAREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDELETEITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDRAWITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPMDICREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPMEASUREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPWINDOWPOS - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPPOINT5 - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNCCALCSIZE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINPAINTCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSIZECLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINDESTROYCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINDEVICECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNEXTMENU - OK - C:\WINDOWS\system32\USER32.dll
             fnLOGONNOTIFY - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTDWORDINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnSENTDDEMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTSTYLECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTACTIVATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPDEBUGHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMOUSEHOOKSTRUCTEX - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPKBDLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkOPTINLPEVENTMSG - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientEventCallback - OK - C:\WINDOWS\system32\USER32.dll
             ClientFindMnemChar - OK - C:\WINDOWS\system32\USER32.dll
             ClientFontSweep - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeDDEHandle - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetCharsetInfo - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEFlags - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEHookData - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetListboxString - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetMessageMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadMenu - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLocalT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadRemoteT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientPSMTextOut - OK - C:\WINDOWS\system32\USER32.dll
             ClientLpkDrawTextEx - OK - C:\WINDOWS\system32\USER32.dll
             ClientExtTextOutW - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetTextExtentPointW - OK - C:\WINDOWS\system32\USER32.dll
             ClientCharToWchar - OK - C:\WINDOWS\system32\USER32.dll
             ClientAddFontResourceW - OK - C:\WINDOWS\system32\USER32.dll
             ClientThreadSetup - OK - C:\WINDOWS\system32\USER32.dll
             ClientDeliverUserApc - OK - C:\WINDOWS\system32\USER32.dll
             ClientNoMemoryPopup - OK - C:\WINDOWS\system32\USER32.dll
             ClientMonitorEnumProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientCallWinEventProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientWaitMessageExMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWGetProcModule - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWTask16SchedNotify - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmLoadLayout - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmProcessKey - OK - C:\WINDOWS\system32\USER32.dll
             fnIMECONTROL - OK - C:\WINDOWS\system32\USER32.dll
             fnINWPARAMDBCSCHAR - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPKDRAWSWITCHWND - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadStringW - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadOLE - OK - C:\WINDOWS\system32\USER32.dll
             ClientRegisterDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             ClientRevokeDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTMENUGETOBJECT - OK - C:\WINDOWS\system32\USER32.dll
             ClientPrinterThunk - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPCOMBOBOXINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPSCROLLBARINFO - OK - C:\WINDOWS\system32\USER32.dll

------------------------------------------------------------------------------------------

      Image File Name[988 svchost.exe]KernelCallbackTable
             fnCOPYDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnCOPYGLOBALDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnNCDESTROY - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORDOPTINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTDRAG - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINCNTOUTSTRING - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCOMPAREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDELETEITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDRAWITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPMDICREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPMEASUREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPWINDOWPOS - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPPOINT5 - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNCCALCSIZE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINPAINTCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSIZECLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINDESTROYCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINDEVICECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNEXTMENU - OK - C:\WINDOWS\system32\USER32.dll
             fnLOGONNOTIFY - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTDWORDINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnSENTDDEMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTSTYLECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTACTIVATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPDEBUGHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMOUSEHOOKSTRUCTEX - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPKBDLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkOPTINLPEVENTMSG - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientEventCallback - OK - C:\WINDOWS\system32\USER32.dll
             ClientFindMnemChar - OK - C:\WINDOWS\system32\USER32.dll
             ClientFontSweep - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeDDEHandle - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetCharsetInfo - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEFlags - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEHookData - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetListboxString - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetMessageMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadMenu - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLocalT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadRemoteT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientPSMTextOut - OK - C:\WINDOWS\system32\USER32.dll
             ClientLpkDrawTextEx - OK - C:\WINDOWS\system32\USER32.dll
             ClientExtTextOutW - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetTextExtentPointW - OK - C:\WINDOWS\system32\USER32.dll
             ClientCharToWchar - OK - C:\WINDOWS\system32\USER32.dll
             ClientAddFontResourceW - OK - C:\WINDOWS\system32\USER32.dll
             ClientThreadSetup - OK - C:\WINDOWS\system32\USER32.dll
             ClientDeliverUserApc - OK - C:\WINDOWS\system32\USER32.dll
             ClientNoMemoryPopup - OK - C:\WINDOWS\system32\USER32.dll
             ClientMonitorEnumProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientCallWinEventProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientWaitMessageExMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWGetProcModule - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWTask16SchedNotify - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmLoadLayout - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmProcessKey - OK - C:\WINDOWS\system32\USER32.dll
             fnIMECONTROL - OK - C:\WINDOWS\system32\USER32.dll
             fnINWPARAMDBCSCHAR - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPKDRAWSWITCHWND - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadStringW - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadOLE - OK - C:\WINDOWS\system32\USER32.dll
             ClientRegisterDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             ClientRevokeDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTMENUGETOBJECT - OK - C:\WINDOWS\system32\USER32.dll
             ClientPrinterThunk - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPCOMBOBOXINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPSCROLLBARINFO - OK - C:\WINDOWS\system32\USER32.dll

------------------------------------------------------------------------------------------

      Image File Name[1988 SpywareTerminatorUpdate.exe]KernelCallbackTable
             fnCOPYDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnCOPYGLOBALDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnNCDESTROY - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORDOPTINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTDRAG - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINCNTOUTSTRING - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCOMPAREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDELETEITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDRAWITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPMDICREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPMEASUREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPWINDOWPOS - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPPOINT5 - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNCCALCSIZE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINPAINTCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSIZECLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINDESTROYCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINDEVICECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNEXTMENU - OK - C:\WINDOWS\system32\USER32.dll
             fnLOGONNOTIFY - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTDWORDINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnSENTDDEMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTSTYLECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTACTIVATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPDEBUGHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMOUSEHOOKSTRUCTEX - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPKBDLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkOPTINLPEVENTMSG - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientEventCallback - OK - C:\WINDOWS\system32\USER32.dll
             ClientFindMnemChar - OK - C:\WINDOWS\system32\USER32.dll
             ClientFontSweep - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeDDEHandle - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetCharsetInfo - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEFlags - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEHookData - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetListboxString - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetMessageMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadMenu - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLocalT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadRemoteT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientPSMTextOut - OK - C:\WINDOWS\system32\USER32.dll
             ClientLpkDrawTextEx - OK - C:\WINDOWS\system32\USER32.dll
             ClientExtTextOutW - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetTextExtentPointW - OK - C:\WINDOWS\system32\USER32.dll
             ClientCharToWchar - OK - C:\WINDOWS\system32\USER32.dll
             ClientAddFontResourceW - OK - C:\WINDOWS\system32\USER32.dll
             ClientThreadSetup - OK - C:\WINDOWS\system32\USER32.dll
             ClientDeliverUserApc - OK - C:\WINDOWS\system32\USER32.dll
             ClientNoMemoryPopup - OK - C:\WINDOWS\system32\USER32.dll
             ClientMonitorEnumProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientCallWinEventProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientWaitMessageExMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWGetProcModule - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWTask16SchedNotify - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmLoadLayout - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmProcessKey - OK - C:\WINDOWS\system32\USER32.dll
             fnIMECONTROL - OK - C:\WINDOWS\system32\USER32.dll
             fnINWPARAMDBCSCHAR - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPKDRAWSWITCHWND - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadStringW - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadOLE - OK - C:\WINDOWS\system32\USER32.dll
             ClientRegisterDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             ClientRevokeDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTMENUGETOBJECT - OK - C:\WINDOWS\system32\USER32.dll
             ClientPrinterThunk - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPCOMBOBOXINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPSCROLLBARINFO - OK - C:\WINDOWS\system32\USER32.dll

------------------------------------------------------------------------------------------

      Image File Name[4020 wuauclt.exe]KernelCallbackTable
             fnCOPYDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnCOPYGLOBALDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnNCDESTROY - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORDOPTINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTDRAG - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINCNTOUTSTRING - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCOMPAREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDELETEITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDRAWITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPMDICREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPMEASUREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPWINDOWPOS - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPPOINT5 - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNCCALCSIZE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINPAINTCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSIZECLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINDESTROYCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINDEVICECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNEXTMENU - OK - C:\WINDOWS\system32\USER32.dll
             fnLOGONNOTIFY - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTDWORDINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnSENTDDEMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTSTYLECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTACTIVATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPDEBUGHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMOUSEHOOKSTRUCTEX - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPKBDLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkOPTINLPEVENTMSG - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientEventCallback - OK - C:\WINDOWS\system32\USER32.dll
             ClientFindMnemChar - OK - C:\WINDOWS\system32\USER32.dll
             ClientFontSweep - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeDDEHandle - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetCharsetInfo - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEFlags - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEHookData - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetListboxString - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetMessageMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadMenu - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLocalT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadRemoteT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientPSMTextOut - OK - C:\WINDOWS\system32\USER32.dll
             ClientLpkDrawTextEx - OK - C:\WINDOWS\system32\USER32.dll
             ClientExtTextOutW - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetTextExtentPointW - OK - C:\WINDOWS\system32\USER32.dll
             ClientCharToWchar - OK - C:\WINDOWS\system32\USER32.dll
             ClientAddFontResourceW - OK - C:\WINDOWS\system32\USER32.dll
             ClientThreadSetup - OK - C:\WINDOWS\system32\USER32.dll
             ClientDeliverUserApc - OK - C:\WINDOWS\system32\USER32.dll
             ClientNoMemoryPopup - OK - C:\WINDOWS\system32\USER32.dll
             ClientMonitorEnumProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientCallWinEventProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientWaitMessageExMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWGetProcModule - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWTask16SchedNotify - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmLoadLayout - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmProcessKey - OK - C:\WINDOWS\system32\USER32.dll
             fnIMECONTROL - OK - C:\WINDOWS\system32\USER32.dll
             fnINWPARAMDBCSCHAR - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPKDRAWSWITCHWND - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadStringW - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadOLE - OK - C:\WINDOWS\system32\USER32.dll
             ClientRegisterDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             ClientRevokeDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTMENUGETOBJECT - OK - C:\WINDOWS\system32\USER32.dll
             ClientPrinterThunk - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPCOMBOBOXINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPSCROLLBARINFO - OK - C:\WINDOWS\system32\USER32.dll

------------------------------------------------------------------------------------------

      Image File Name[272 svchost.exe]KernelCallbackTable
             fnCOPYDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnCOPYGLOBALDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnNCDESTROY - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORDOPTINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTDRAG - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINCNTOUTSTRING - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCOMPAREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDELETEITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDRAWITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPMDICREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPMEASUREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPWINDOWPOS - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPPOINT5 - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNCCALCSIZE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINPAINTCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSIZECLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINDESTROYCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINDEVICECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNEXTMENU - OK - C:\WINDOWS\system32\USER32.dll
             fnLOGONNOTIFY - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTDWORDINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnSENTDDEMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTSTYLECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTACTIVATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPDEBUGHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMOUSEHOOKSTRUCTEX - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPKBDLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkOPTINLPEVENTMSG - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientEventCallback - OK - C:\WINDOWS\system32\USER32.dll
             ClientFindMnemChar - OK - C:\WINDOWS\system32\USER32.dll
             ClientFontSweep - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeDDEHandle - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetCharsetInfo - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEFlags - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEHookData - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetListboxString - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetMessageMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadMenu - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLocalT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadRemoteT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientPSMTextOut - OK - C:\WINDOWS\system32\USER32.dll
             ClientLpkDrawTextEx - OK - C:\WINDOWS\system32\USER32.dll
             ClientExtTextOutW - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetTextExtentPointW - OK - C:\WINDOWS\system32\USER32.dll
             ClientCharToWchar - OK - C:\WINDOWS\system32\USER32.dll
             ClientAddFontResourceW - OK - C:\WINDOWS\system32\USER32.dll
             ClientThreadSetup - OK - C:\WINDOWS\system32\USER32.dll
             ClientDeliverUserApc - OK - C:\WINDOWS\system32\USER32.dll
             ClientNoMemoryPopup - OK - C:\WINDOWS\system32\USER32.dll
             ClientMonitorEnumProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientCallWinEventProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientWaitMessageExMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWGetProcModule - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWTask16SchedNotify - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmLoadLayout - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmProcessKey - OK - C:\WINDOWS\system32\USER32.dll
             fnIMECONTROL - OK - C:\WINDOWS\system32\USER32.dll
             fnINWPARAMDBCSCHAR - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPKDRAWSWITCHWND - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadStringW - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadOLE - OK - C:\WINDOWS\system32\USER32.dll
             ClientRegisterDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             ClientRevokeDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTMENUGETOBJECT - OK - C:\WINDOWS\system32\USER32.dll
             ClientPrinterThunk - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPCOMBOBOXINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPSCROLLBARINFO - OK - C:\WINDOWS\system32\USER32.dll

------------------------------------------------------------------------------------------

      Image File Name[884 sp_rsser.exe]KernelCallbackTable
             fnCOPYDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnCOPYGLOBALDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnNCDESTROY - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORDOPTINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTDRAG - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINCNTOUTSTRING - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCOMPAREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDELETEITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDRAWITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPMDICREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPMEASUREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPWINDOWPOS - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPPOINT5 - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNCCALCSIZE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINPAINTCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSIZECLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINDESTROYCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINDEVICECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNEXTMENU - OK - C:\WINDOWS\system32\USER32.dll
             fnLOGONNOTIFY - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTDWORDINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnSENTDDEMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTSTYLECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTACTIVATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPDEBUGHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMOUSEHOOKSTRUCTEX - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPKBDLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkOPTINLPEVENTMSG - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientEventCallback - OK - C:\WINDOWS\system32\USER32.dll
             ClientFindMnemChar - OK - C:\WINDOWS\system32\USER32.dll
             ClientFontSweep - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeDDEHandle - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetCharsetInfo - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEFlags - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEHookData - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetListboxString - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetMessageMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadMenu - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLocalT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadRemoteT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientPSMTextOut - OK - C:\WINDOWS\system32\USER32.dll
             ClientLpkDrawTextEx - OK - C:\WINDOWS\system32\USER32.dll
             ClientExtTextOutW - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetTextExtentPointW - OK - C:\WINDOWS\system32\USER32.dll
             ClientCharToWchar - OK - C:\WINDOWS\system32\USER32.dll
             ClientAddFontResourceW - OK - C:\WINDOWS\system32\USER32.dll
             ClientThreadSetup - OK - C:\WINDOWS\system32\USER32.dll
             ClientDeliverUserApc - OK - C:\WINDOWS\system32\USER32.dll
             ClientNoMemoryPopup - OK - C:\WINDOWS\system32\USER32.dll
             ClientMonitorEnumProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientCallWinEventProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientWaitMessageExMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWGetProcModule - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWTask16SchedNotify - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmLoadLayout - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmProcessKey - OK - C:\WINDOWS\system32\USER32.dll
             fnIMECONTROL - OK - C:\WINDOWS\system32\USER32.dll
             fnINWPARAMDBCSCHAR - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPKDRAWSWITCHWND - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadStringW - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadOLE - OK - C:\WINDOWS\system32\USER32.dll
             ClientRegisterDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             ClientRevokeDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTMENUGETOBJECT - OK - C:\WINDOWS\system32\USER32.dll
             ClientPrinterThunk - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPCOMBOBOXINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPSCROLLBARINFO - OK - C:\WINDOWS\system32\USER32.dll

------------------------------------------------------------------------------------------

      Image File Name[1084 svchost.exe]KernelCallbackTable
             fnCOPYDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnCOPYGLOBALDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnNCDESTROY - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORDOPTINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTDRAG - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINCNTOUTSTRING - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCOMPAREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDELETEITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDRAWITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPMDICREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPMEASUREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPWINDOWPOS - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPPOINT5 - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNCCALCSIZE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINPAINTCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSIZECLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINDESTROYCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINDEVICECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNEXTMENU - OK - C:\WINDOWS\system32\USER32.dll
             fnLOGONNOTIFY - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTDWORDINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnSENTDDEMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTSTYLECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTACTIVATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPDEBUGHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMOUSEHOOKSTRUCTEX - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPKBDLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkOPTINLPEVENTMSG - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientEventCallback - OK - C:\WINDOWS\system32\USER32.dll
             ClientFindMnemChar - OK - C:\WINDOWS\system32\USER32.dll
             ClientFontSweep - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeDDEHandle - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetCharsetInfo - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEFlags - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEHookData - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetListboxString - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetMessageMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadMenu - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLocalT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadRemoteT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientPSMTextOut - OK - C:\WINDOWS\system32\USER32.dll
             ClientLpkDrawTextEx - OK - C:\WINDOWS\system32\USER32.dll
             ClientExtTextOutW - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetTextExtentPointW - OK - C:\WINDOWS\system32\USER32.dll
             ClientCharToWchar - OK - C:\WINDOWS\system32\USER32.dll
             ClientAddFontResourceW - OK - C:\WINDOWS\system32\USER32.dll
             ClientThreadSetup - OK - C:\WINDOWS\system32\USER32.dll
             ClientDeliverUserApc - OK - C:\WINDOWS\system32\USER32.dll
             ClientNoMemoryPopup - OK - C:\WINDOWS\system32\USER32.dll
             ClientMonitorEnumProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientCallWinEventProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientWaitMessageExMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWGetProcModule - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWTask16SchedNotify - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmLoadLayout - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmProcessKey - OK - C:\WINDOWS\system32\USER32.dll
             fnIMECONTROL - OK - C:\WINDOWS\system32\USER32.dll
             fnINWPARAMDBCSCHAR - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPKDRAWSWITCHWND - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadStringW - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadOLE - OK - C:\WINDOWS\system32\USER32.dll
             ClientRegisterDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             ClientRevokeDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTMENUGETOBJECT - OK - C:\WINDOWS\system32\USER32.dll
             ClientPrinterThunk - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPCOMBOBOXINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPSCROLLBARINFO - OK - C:\WINDOWS\system32\USER32.dll

------------------------------------------------------------------------------------------

      Image File Name[744 lsass.exe]KernelCallbackTable
             fnCOPYDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnCOPYGLOBALDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnNCDESTROY - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORDOPTINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTDRAG - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINCNTOUTSTRING - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCOMPAREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDELETEITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDRAWITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPMDICREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPMEASUREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPWINDOWPOS - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPPOINT5 - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNCCALCSIZE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINPAINTCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSIZECLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINDESTROYCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINDEVICECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNEXTMENU - OK - C:\WINDOWS\system32\USER32.dll
             fnLOGONNOTIFY - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTDWORDINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnSENTDDEMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTSTYLECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTACTIVATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPDEBUGHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMOUSEHOOKSTRUCTEX - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPKBDLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkOPTINLPEVENTMSG - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientEventCallback - OK - C:\WINDOWS\system32\USER32.dll
             ClientFindMnemChar - OK - C:\WINDOWS\system32\USER32.dll
             ClientFontSweep - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeDDEHandle - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetCharsetInfo - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEFlags - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEHookData - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetListboxString - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetMessageMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadMenu - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLocalT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadRemoteT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientPSMTextOut - OK - C:\WINDOWS\system32\USER32.dll
             ClientLpkDrawTextEx - OK - C:\WINDOWS\system32\USER32.dll
             ClientExtTextOutW - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetTextExtentPointW - OK - C:\WINDOWS\system32\USER32.dll
             ClientCharToWchar - OK - C:\WINDOWS\system32\USER32.dll
             ClientAddFontResourceW - OK - C:\WINDOWS\system32\USER32.dll
             ClientThreadSetup - OK - C:\WINDOWS\system32\USER32.dll
             ClientDeliverUserApc - OK - C:\WINDOWS\system32\USER32.dll
             ClientNoMemoryPopup - OK - C:\WINDOWS\system32\USER32.dll
             ClientMonitorEnumProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientCallWinEventProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientWaitMessageExMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWGetProcModule - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWTask16SchedNotify - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmLoadLayout - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmProcessKey - OK - C:\WINDOWS\system32\USER32.dll
             fnIMECONTROL - OK - C:\WINDOWS\system32\USER32.dll
             fnINWPARAMDBCSCHAR - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPKDRAWSWITCHWND - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadStringW - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadOLE - OK - C:\WINDOWS\system32\USER32.dll
             ClientRegisterDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             ClientRevokeDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTMENUGETOBJECT - OK - C:\WINDOWS\system32\USER32.dll
             ClientPrinterThunk - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPCOMBOBOXINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPSCROLLBARINFO - OK - C:\WINDOWS\system32\USER32.dll

------------------------------------------------------------------------------------------

      Image File Name[1636 explorer.exe]KernelCallbackTable
             fnCOPYDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnCOPYGLOBALDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnNCDESTROY - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORDOPTINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTDRAG - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINCNTOUTSTRING - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCOMPAREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDELETEITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDRAWITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPMDICREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPMEASUREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPWINDOWPOS - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPPOINT5 - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNCCALCSIZE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINPAINTCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSIZECLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINDESTROYCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINDEVICECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNEXTMENU - OK - C:\WINDOWS\system32\USER32.dll
             fnLOGONNOTIFY - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTDWORDINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnSENTDDEMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTSTYLECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTACTIVATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPDEBUGHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMOUSEHOOKSTRUCTEX - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPKBDLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkOPTINLPEVENTMSG - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientEventCallback - OK - C:\WINDOWS\system32\USER32.dll
             ClientFindMnemChar - OK - C:\WINDOWS\system32\USER32.dll
             ClientFontSweep - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeDDEHandle - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetCharsetInfo - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEFlags - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEHookData - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetListboxString - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetMessageMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadMenu - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLocalT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadRemoteT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientPSMTextOut - OK - C:\WINDOWS\system32\USER32.dll
             ClientLpkDrawTextEx - OK - C:\WINDOWS\system32\USER32.dll
             ClientExtTextOutW - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetTextExtentPointW - OK - C:\WINDOWS\system32\USER32.dll
             ClientCharToWchar - OK - C:\WINDOWS\system32\USER32.dll
             ClientAddFontResourceW - OK - C:\WINDOWS\system32\USER32.dll
             ClientThreadSetup - OK - C:\WINDOWS\system32\USER32.dll
             ClientDeliverUserApc - OK - C:\WINDOWS\system32\USER32.dll
             ClientNoMemoryPopup - OK - C:\WINDOWS\system32\USER32.dll
             ClientMonitorEnumProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientCallWinEventProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientWaitMessageExMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWGetProcModule - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWTask16SchedNotify - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmLoadLayout - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmProcessKey - OK - C:\WINDOWS\system32\USER32.dll
             fnIMECONTROL - OK - C:\WINDOWS\system32\USER32.dll
             fnINWPARAMDBCSCHAR - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPKDRAWSWITCHWND - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadStringW - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadOLE - OK - C:\WINDOWS\system32\USER32.dll
             ClientRegisterDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             ClientRevokeDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTMENUGETOBJECT - OK - C:\WINDOWS\system32\USER32.dll
             ClientPrinterThunk - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPCOMBOBOXINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPSCROLLBARINFO - OK - C:\WINDOWS\system32\USER32.dll

------------------------------------------------------------------------------------------

      Image File Name[616 smss.exe]KernelCallbackTable

------------------------------------------------------------------------------------------

      Image File Name[664 csrss.exe]KernelCallbackTable
             fnCOPYDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnCOPYGLOBALDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnNCDESTROY - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORDOPTINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTDRAG - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINCNTOUTSTRING - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCOMPAREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDELETEITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDRAWITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPMDICREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPMEASUREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPWINDOWPOS - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPPOINT5 - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNCCALCSIZE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINPAINTCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSIZECLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINDESTROYCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINDEVICECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNEXTMENU - OK - C:\WINDOWS\system32\USER32.dll
             fnLOGONNOTIFY - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTDWORDINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnSENTDDEMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTSTYLECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTACTIVATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPDEBUGHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMOUSEHOOKSTRUCTEX - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPKBDLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkOPTINLPEVENTMSG - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientEventCallback - OK - C:\WINDOWS\system32\USER32.dll
             ClientFindMnemChar - OK - C:\WINDOWS\system32\USER32.dll
             ClientFontSweep - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeDDEHandle - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetCharsetInfo - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEFlags - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEHookData - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetListboxString - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetMessageMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadMenu - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLocalT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadRemoteT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientPSMTextOut - OK - C:\WINDOWS\system32\USER32.dll
             ClientLpkDrawTextEx - OK - C:\WINDOWS\system32\USER32.dll
             ClientExtTextOutW - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetTextExtentPointW - OK - C:\WINDOWS\system32\USER32.dll
             ClientCharToWchar - OK - C:\WINDOWS\system32\USER32.dll
             ClientAddFontResourceW - OK - C:\WINDOWS\system32\USER32.dll
             ClientThreadSetup - OK - C:\WINDOWS\system32\USER32.dll
             ClientDeliverUserApc - OK - C:\WINDOWS\system32\USER32.dll
             ClientNoMemoryPopup - OK - C:\WINDOWS\system32\USER32.dll
             ClientMonitorEnumProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientCallWinEventProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientWaitMessageExMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWGetProcModule - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWTask16SchedNotify - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmLoadLayout - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmProcessKey - OK - C:\WINDOWS\system32\USER32.dll
             fnIMECONTROL - OK - C:\WINDOWS\system32\USER32.dll
             fnINWPARAMDBCSCHAR - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPKDRAWSWITCHWND - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadStringW - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadOLE - OK - C:\WINDOWS\system32\USER32.dll
             ClientRegisterDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             ClientRevokeDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTMENUGETOBJECT - OK - C:\WINDOWS\system32\USER32.dll
             ClientPrinterThunk - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPCOMBOBOXINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPSCROLLBARINFO - OK - C:\WINDOWS\system32\USER32.dll

------------------------------------------------------------------------------------------

      Image File Name[732 services.exe]KernelCallbackTable
             fnCOPYDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnCOPYGLOBALDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnNCDESTROY - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORDOPTINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTDRAG - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINCNTOUTSTRING - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCOMPAREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDELETEITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDRAWITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPMDICREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPMEASUREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPWINDOWPOS - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPPOINT5 - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNCCALCSIZE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINPAINTCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSIZECLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINDESTROYCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINDEVICECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNEXTMENU - OK - C:\WINDOWS\system32\USER32.dll
             fnLOGONNOTIFY - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTDWORDINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnSENTDDEMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTSTYLECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTACTIVATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPDEBUGHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMOUSEHOOKSTRUCTEX - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPKBDLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkOPTINLPEVENTMSG - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientEventCallback - OK - C:\WINDOWS\system32\USER32.dll
             ClientFindMnemChar - OK - C:\WINDOWS\system32\USER32.dll
             ClientFontSweep - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeDDEHandle - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetCharsetInfo - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEFlags - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEHookData - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetListboxString - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetMessageMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadMenu - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLocalT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadRemoteT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientPSMTextOut - OK - C:\WINDOWS\system32\USER32.dll
             ClientLpkDrawTextEx - OK - C:\WINDOWS\system32\USER32.dll
             ClientExtTextOutW - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetTextExtentPointW - OK - C:\WINDOWS\system32\USER32.dll
             ClientCharToWchar - OK - C:\WINDOWS\system32\USER32.dll
             ClientAddFontResourceW - OK - C:\WINDOWS\system32\USER32.dll
             ClientThreadSetup - OK - C:\WINDOWS\system32\USER32.dll
             ClientDeliverUserApc - OK - C:\WINDOWS\system32\USER32.dll
             ClientNoMemoryPopup - OK - C:\WINDOWS\system32\USER32.dll
             ClientMonitorEnumProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientCallWinEventProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientWaitMessageExMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWGetProcModule - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWTask16SchedNotify - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmLoadLayout - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmProcessKey - OK - C:\WINDOWS\system32\USER32.dll
             fnIMECONTROL - OK - C:\WINDOWS\system32\USER32.dll
             fnINWPARAMDBCSCHAR - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPKDRAWSWITCHWND - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadStringW - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadOLE - OK - C:\WINDOWS\system32\USER32.dll
             ClientRegisterDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             ClientRevokeDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTMENUGETOBJECT - OK - C:\WINDOWS\system32\USER32.dll
             ClientPrinterThunk - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPCOMBOBOXINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPSCROLLBARINFO - OK - C:\WINDOWS\system32\USER32.dll

------------------------------------------------------------------------------------------

      Image File Name[1308 svchost.exe]KernelCallbackTable
             fnCOPYDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnCOPYGLOBALDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnNCDESTROY - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORDOPTINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTDRAG - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINCNTOUTSTRING - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCOMPAREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDELETEITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDRAWITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPMDICREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPMEASUREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPWINDOWPOS - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPPOINT5 - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNCCALCSIZE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINPAINTCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSIZECLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINDESTROYCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINDEVICECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNEXTMENU - OK - C:\WINDOWS\system32\USER32.dll
             fnLOGONNOTIFY - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTDWORDINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnSENTDDEMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTSTYLECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTACTIVATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPDEBUGHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMOUSEHOOKSTRUCTEX - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPKBDLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkOPTINLPEVENTMSG - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientEventCallback - OK - C:\WINDOWS\system32\USER32.dll
             ClientFindMnemChar - OK - C:\WINDOWS\system32\USER32.dll
             ClientFontSweep - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeDDEHandle - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetCharsetInfo - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEFlags - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEHookData - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetListboxString - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetMessageMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadMenu - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLocalT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadRemoteT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientPSMTextOut - OK - C:\WINDOWS\system32\USER32.dll
             ClientLpkDrawTextEx - OK - C:\WINDOWS\system32\USER32.dll
             ClientExtTextOutW - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetTextExtentPointW - OK - C:\WINDOWS\system32\USER32.dll
             ClientCharToWchar - OK - C:\WINDOWS\system32\USER32.dll
             ClientAddFontResourceW - OK - C:\WINDOWS\system32\USER32.dll
             ClientThreadSetup - OK - C:\WINDOWS\system32\USER32.dll
             ClientDeliverUserApc - OK - C:\WINDOWS\system32\USER32.dll
             ClientNoMemoryPopup - OK - C:\WINDOWS\system32\USER32.dll
             ClientMonitorEnumProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientCallWinEventProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientWaitMessageExMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWGetProcModule - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWTask16SchedNotify - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmLoadLayout - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmProcessKey - OK - C:\WINDOWS\system32\USER32.dll
             fnIMECONTROL - OK - C:\WINDOWS\system32\USER32.dll
             fnINWPARAMDBCSCHAR - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPKDRAWSWITCHWND - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadStringW - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadOLE - OK - C:\WINDOWS\system32\USER32.dll
             ClientRegisterDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             ClientRevokeDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTMENUGETOBJECT - OK - C:\WINDOWS\system32\USER32.dll
             ClientPrinterThunk - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPCOMBOBOXINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPSCROLLBARINFO - OK - C:\WINDOWS\system32\USER32.dll

------------------------------------------------------------------------------------------

      Image File Name[912 svchost.exe]KernelCallbackTable
             fnCOPYDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnCOPYGLOBALDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnNCDESTROY - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORDOPTINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTDRAG - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINCNTOUTSTRING - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCOMPAREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDELETEITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDRAWITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPMDICREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPMEASUREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPWINDOWPOS - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPPOINT5 - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNCCALCSIZE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINPAINTCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSIZECLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINDESTROYCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINDEVICECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNEXTMENU - OK - C:\WINDOWS\system32\USER32.dll
             fnLOGONNOTIFY - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTDWORDINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnSENTDDEMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTSTYLECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTACTIVATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPDEBUGHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMOUSEHOOKSTRUCTEX - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPKBDLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkOPTINLPEVENTMSG - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientEventCallback - OK - C:\WINDOWS\system32\USER32.dll
             ClientFindMnemChar - OK - C:\WINDOWS\system32\USER32.dll
             ClientFontSweep - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeDDEHandle - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetCharsetInfo - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEFlags - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEHookData - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetListboxString - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetMessageMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadMenu - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLocalT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadRemoteT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientPSMTextOut - OK - C:\WINDOWS\system32\USER32.dll
             ClientLpkDrawTextEx - OK - C:\WINDOWS\system32\USER32.dll
             ClientExtTextOutW - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetTextExtentPointW - OK - C:\WINDOWS\system32\USER32.dll
             ClientCharToWchar - OK - C:\WINDOWS\system32\USER32.dll
             ClientAddFontResourceW - OK - C:\WINDOWS\system32\USER32.dll
             ClientThreadSetup - OK - C:\WINDOWS\system32\USER32.dll
             ClientDeliverUserApc - OK - C:\WINDOWS\system32\USER32.dll
             ClientNoMemoryPopup - OK - C:\WINDOWS\system32\USER32.dll
             ClientMonitorEnumProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientCallWinEventProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientWaitMessageExMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWGetProcModule - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWTask16SchedNotify - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmLoadLayout - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmProcessKey - OK - C:\WINDOWS\system32\USER32.dll
             fnIMECONTROL - OK - C:\WINDOWS\system32\USER32.dll
             fnINWPARAMDBCSCHAR - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPKDRAWSWITCHWND - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadStringW - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadOLE - OK - C:\WINDOWS\system32\USER32.dll
             ClientRegisterDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             ClientRevokeDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTMENUGETOBJECT - OK - C:\WINDOWS\system32\USER32.dll
             ClientPrinterThunk - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPCOMBOBOXINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPSCROLLBARINFO - OK - C:\WINDOWS\system32\USER32.dll

------------------------------------------------------------------------------------------

      Image File Name[1156 svchost.exe]KernelCallbackTable
             fnCOPYDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnCOPYGLOBALDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnNCDESTROY - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORDOPTINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTDRAG - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINCNTOUTSTRING - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCOMPAREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDELETEITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDRAWITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPMDICREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPMEASUREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPWINDOWPOS - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPPOINT5 - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNCCALCSIZE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINPAINTCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSIZECLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINDESTROYCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINDEVICECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNEXTMENU - OK - C:\WINDOWS\system32\USER32.dll
             fnLOGONNOTIFY - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTDWORDINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnSENTDDEMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTSTYLECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTACTIVATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPDEBUGHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMOUSEHOOKSTRUCTEX - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPKBDLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkOPTINLPEVENTMSG - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientEventCallback - OK - C:\WINDOWS\system32\USER32.dll
             ClientFindMnemChar - OK - C:\WINDOWS\system32\USER32.dll
             ClientFontSweep - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeDDEHandle - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetCharsetInfo - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEFlags - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEHookData - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetListboxString - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetMessageMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadMenu - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLocalT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadRemoteT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientPSMTextOut - OK - C:\WINDOWS\system32\USER32.dll
             ClientLpkDrawTextEx - OK - C:\WINDOWS\system32\USER32.dll
             ClientExtTextOutW - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetTextExtentPointW - OK - C:\WINDOWS\system32\USER32.dll
             ClientCharToWchar - OK - C:\WINDOWS\system32\USER32.dll
             ClientAddFontResourceW - OK - C:\WINDOWS\system32\USER32.dll
             ClientThreadSetup - OK - C:\WINDOWS\system32\USER32.dll
             ClientDeliverUserApc - OK - C:\WINDOWS\system32\USER32.dll
             ClientNoMemoryPopup - OK - C:\WINDOWS\system32\USER32.dll
             ClientMonitorEnumProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientCallWinEventProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientWaitMessageExMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWGetProcModule - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWTask16SchedNotify - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmLoadLayout - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmProcessKey - OK - C:\WINDOWS\system32\USER32.dll
             fnIMECONTROL - OK - C:\WINDOWS\system32\USER32.dll
             fnINWPARAMDBCSCHAR - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPKDRAWSWITCHWND - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadStringW - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadOLE - OK - C:\WINDOWS\system32\USER32.dll
             ClientRegisterDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             ClientRevokeDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTMENUGETOBJECT - OK - C:\WINDOWS\system32\USER32.dll
             ClientPrinterThunk - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPCOMBOBOXINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPSCROLLBARINFO - OK - C:\WINDOWS\system32\USER32.dll

------------------------------------------------------------------------------------------

      Image File Name[1912 AvastUI.exe]KernelCallbackTable
             fnCOPYDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnCOPYGLOBALDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnNCDESTROY - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORDOPTINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTDRAG - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINCNTOUTSTRING - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCOMPAREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDELETEITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDRAWITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPMDICREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPMEASUREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPWINDOWPOS - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPPOINT5 - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNCCALCSIZE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINPAINTCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSIZECLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINDESTROYCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINDEVICECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNEXTMENU - OK - C:\WINDOWS\system32\USER32.dll
             fnLOGONNOTIFY - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTDWORDINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnSENTDDEMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTSTYLECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTACTIVATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPDEBUGHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMOUSEHOOKSTRUCTEX - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPKBDLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkOPTINLPEVENTMSG - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientEventCallback - OK - C:\WINDOWS\system32\USER32.dll
             ClientFindMnemChar - OK - C:\WINDOWS\system32\USER32.dll
             ClientFontSweep - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeDDEHandle - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetCharsetInfo - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEFlags - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEHookData - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetListboxString - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetMessageMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadMenu - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLocalT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadRemoteT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientPSMTextOut - OK - C:\WINDOWS\system32\USER32.dll
             ClientLpkDrawTextEx - OK - C:\WINDOWS\system32\USER32.dll
             ClientExtTextOutW - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetTextExtentPointW - OK - C:\WINDOWS\system32\USER32.dll
             ClientCharToWchar - OK - C:\WINDOWS\system32\USER32.dll
             ClientAddFontResourceW - OK - C:\WINDOWS\system32\USER32.dll
             ClientThreadSetup - OK - C:\WINDOWS\system32\USER32.dll
             ClientDeliverUserApc - OK - C:\WINDOWS\system32\USER32.dll
             ClientNoMemoryPopup - OK - C:\WINDOWS\system32\USER32.dll
             ClientMonitorEnumProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientCallWinEventProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientWaitMessageExMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWGetProcModule - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWTask16SchedNotify - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmLoadLayout - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmProcessKey - OK - C:\WINDOWS\system32\USER32.dll
             fnIMECONTROL - OK - C:\WINDOWS\system32\USER32.dll
             fnINWPARAMDBCSCHAR - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPKDRAWSWITCHWND - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadStringW - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadOLE - OK - C:\WINDOWS\system32\USER32.dll
             ClientRegisterDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             ClientRevokeDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTMENUGETOBJECT - OK - C:\WINDOWS\system32\USER32.dll
             ClientPrinterThunk - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPCOMBOBOXINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPSCROLLBARINFO - OK - C:\WINDOWS\system32\USER32.dll

------------------------------------------------------------------------------------------

      Image File Name[1672 spoolsv.exe]KernelCallbackTable
             fnCOPYDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnCOPYGLOBALDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnNCDESTROY - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORDOPTINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTDRAG - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINCNTOUTSTRING - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCOMPAREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDELETEITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDRAWITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPMDICREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPMEASUREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPWINDOWPOS - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPPOINT5 - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNCCALCSIZE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINPAINTCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSIZECLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINDESTROYCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINDEVICECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNEXTMENU - OK - C:\WINDOWS\system32\USER32.dll
             fnLOGONNOTIFY - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTDWORDINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnSENTDDEMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTSTYLECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTACTIVATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPDEBUGHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMOUSEHOOKSTRUCTEX - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPKBDLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkOPTINLPEVENTMSG - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientEventCallback - OK - C:\WINDOWS\system32\USER32.dll
             ClientFindMnemChar - OK - C:\WINDOWS\system32\USER32.dll
             ClientFontSweep - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeDDEHandle - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetCharsetInfo - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEFlags - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEHookData - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetListboxString - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetMessageMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadMenu - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLocalT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadRemoteT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientPSMTextOut - OK - C:\WINDOWS\system32\USER32.dll
             ClientLpkDrawTextEx - OK - C:\WINDOWS\system32\USER32.dll
             ClientExtTextOutW - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetTextExtentPointW - OK - C:\WINDOWS\system32\USER32.dll
             ClientCharToWchar - OK - C:\WINDOWS\system32\USER32.dll
             ClientAddFontResourceW - OK - C:\WINDOWS\system32\USER32.dll
             ClientThreadSetup - OK - C:\WINDOWS\system32\USER32.dll
             ClientDeliverUserApc - OK - C:\WINDOWS\system32\USER32.dll
             ClientNoMemoryPopup - OK - C:\WINDOWS\system32\USER32.dll
             ClientMonitorEnumProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientCallWinEventProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientWaitMessageExMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWGetProcModule - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWTask16SchedNotify - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmLoadLayout - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmProcessKey - OK - C:\WINDOWS\system32\USER32.dll
             fnIMECONTROL - OK - C:\WINDOWS\system32\USER32.dll
             fnINWPARAMDBCSCHAR - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPKDRAWSWITCHWND - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadStringW - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadOLE - OK - C:\WINDOWS\system32\USER32.dll
             ClientRegisterDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             ClientRevokeDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTMENUGETOBJECT - OK - C:\WINDOWS\system32\USER32.dll
             ClientPrinterThunk - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPCOMBOBOXINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPSCROLLBARINFO - OK - C:\WINDOWS\system32\USER32.dll

------------------------------------------------------------------------------------------

      Image File Name[3584 XueTr.exe]KernelCallbackTable
             fnCOPYDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnCOPYGLOBALDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnNCDESTROY - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORDOPTINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTDRAG - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINCNTOUTSTRING - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCOMPAREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDELETEITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDRAWITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPMDICREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPMEASUREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPWINDOWPOS - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPPOINT5 - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNCCALCSIZE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINPAINTCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSIZECLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINDESTROYCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINDEVICECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNEXTMENU - OK - C:\WINDOWS\system32\USER32.dll
             fnLOGONNOTIFY - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTDWORDINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnSENTDDEMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTSTYLECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTACTIVATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPDEBUGHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMOUSEHOOKSTRUCTEX - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPKBDLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkOPTINLPEVENTMSG - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientEventCallback - OK - C:\WINDOWS\system32\USER32.dll
             ClientFindMnemChar - OK - C:\WINDOWS\system32\USER32.dll
             ClientFontSweep - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeDDEHandle - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetCharsetInfo - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEFlags - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEHookData - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetListboxString - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetMessageMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadMenu - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLocalT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadRemoteT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientPSMTextOut - OK - C:\WINDOWS\system32\USER32.dll
             ClientLpkDrawTextEx - OK - C:\WINDOWS\system32\USER32.dll
             ClientExtTextOutW - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetTextExtentPointW - OK - C:\WINDOWS\system32\USER32.dll
             ClientCharToWchar - OK - C:\WINDOWS\system32\USER32.dll
             ClientAddFontResourceW - OK - C:\WINDOWS\system32\USER32.dll
             ClientThreadSetup - OK - C:\WINDOWS\system32\USER32.dll
             ClientDeliverUserApc - OK - C:\WINDOWS\system32\USER32.dll
             ClientNoMemoryPopup - OK - C:\WINDOWS\system32\USER32.dll
             ClientMonitorEnumProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientCallWinEventProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientWaitMessageExMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWGetProcModule - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWTask16SchedNotify - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmLoadLayout - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmProcessKey - OK - C:\WINDOWS\system32\USER32.dll
             fnIMECONTROL - OK - C:\WINDOWS\system32\USER32.dll
             fnINWPARAMDBCSCHAR - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPKDRAWSWITCHWND - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadStringW - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadOLE - OK - C:\WINDOWS\system32\USER32.dll
             ClientRegisterDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             ClientRevokeDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTMENUGETOBJECT - OK - C:\WINDOWS\system32\USER32.dll
             ClientPrinterThunk - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPCOMBOBOXINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPSCROLLBARINFO - OK - C:\WINDOWS\system32\USER32.dll

------------------------------------------------------------------------------------------

      Image File Name[2000 ctfmon.exe]KernelCallbackTable
             fnCOPYDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnCOPYGLOBALDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnNCDESTROY - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORDOPTINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTDRAG - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINCNTOUTSTRING - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCOMPAREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDELETEITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDRAWITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPMDICREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPMEASUREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPWINDOWPOS - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPPOINT5 - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNCCALCSIZE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINPAINTCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSIZECLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINDESTROYCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINDEVICECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNEXTMENU - OK - C:\WINDOWS\system32\USER32.dll
             fnLOGONNOTIFY - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTDWORDINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnSENTDDEMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTSTYLECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTACTIVATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPDEBUGHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMOUSEHOOKSTRUCTEX - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPKBDLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkOPTINLPEVENTMSG - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientEventCallback - OK - C:\WINDOWS\system32\USER32.dll
             ClientFindMnemChar - OK - C:\WINDOWS\system32\USER32.dll
             ClientFontSweep - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeDDEHandle - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetCharsetInfo - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEFlags - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEHookData - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetListboxString - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetMessageMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadMenu - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLocalT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadRemoteT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientPSMTextOut - OK - C:\WINDOWS\system32\USER32.dll
             ClientLpkDrawTextEx - OK - C:\WINDOWS\system32\USER32.dll
             ClientExtTextOutW - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetTextExtentPointW - OK - C:\WINDOWS\system32\USER32.dll
             ClientCharToWchar - OK - C:\WINDOWS\system32\USER32.dll
             ClientAddFontResourceW - OK - C:\WINDOWS\system32\USER32.dll
             ClientThreadSetup - OK - C:\WINDOWS\system32\USER32.dll
             ClientDeliverUserApc - OK - C:\WINDOWS\system32\USER32.dll
             ClientNoMemoryPopup - OK - C:\WINDOWS\system32\USER32.dll
             ClientMonitorEnumProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientCallWinEventProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientWaitMessageExMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWGetProcModule - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWTask16SchedNotify - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmLoadLayout - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmProcessKey - OK - C:\WINDOWS\system32\USER32.dll
             fnIMECONTROL - OK - C:\WINDOWS\system32\USER32.dll
             fnINWPARAMDBCSCHAR - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPKDRAWSWITCHWND - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadStringW - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadOLE - OK - C:\WINDOWS\system32\USER32.dll
             ClientRegisterDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             ClientRevokeDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTMENUGETOBJECT - OK - C:\WINDOWS\system32\USER32.dll
             ClientPrinterThunk - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPCOMBOBOXINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPSCROLLBARINFO - OK - C:\WINDOWS\system32\USER32.dll

------------------------------------------------------------------------------------------

      Image File Name[2200 WinRAR.exe]KernelCallbackTable
             fnCOPYDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnCOPYGLOBALDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnNCDESTROY - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORDOPTINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTDRAG - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINCNTOUTSTRING - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCOMPAREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDELETEITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDRAWITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPMDICREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPMEASUREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPWINDOWPOS - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPPOINT5 - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNCCALCSIZE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINPAINTCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSIZECLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINDESTROYCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINDEVICECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNEXTMENU - OK - C:\WINDOWS\system32\USER32.dll
             fnLOGONNOTIFY - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTDWORDINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnSENTDDEMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTSTYLECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTACTIVATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPDEBUGHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMOUSEHOOKSTRUCTEX - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPKBDLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkOPTINLPEVENTMSG - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientEventCallback - OK - C:\WINDOWS\system32\USER32.dll
             ClientFindMnemChar - OK - C:\WINDOWS\system32\USER32.dll
             ClientFontSweep - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeDDEHandle - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetCharsetInfo - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEFlags - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEHookData - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetListboxString - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetMessageMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadMenu - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLocalT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadRemoteT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientPSMTextOut - OK - C:\WINDOWS\system32\USER32.dll
             ClientLpkDrawTextEx - OK - C:\WINDOWS\system32\USER32.dll
             ClientExtTextOutW - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetTextExtentPointW - OK - C:\WINDOWS\system32\USER32.dll
             ClientCharToWchar - OK - C:\WINDOWS\system32\USER32.dll
             ClientAddFontResourceW - OK - C:\WINDOWS\system32\USER32.dll
             ClientThreadSetup - OK - C:\WINDOWS\system32\USER32.dll
             ClientDeliverUserApc - OK - C:\WINDOWS\system32\USER32.dll
             ClientNoMemoryPopup - OK - C:\WINDOWS\system32\USER32.dll
             ClientMonitorEnumProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientCallWinEventProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientWaitMessageExMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWGetProcModule - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWTask16SchedNotify - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmLoadLayout - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmProcessKey - OK - C:\WINDOWS\system32\USER32.dll
             fnIMECONTROL - OK - C:\WINDOWS\system32\USER32.dll
             fnINWPARAMDBCSCHAR - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPKDRAWSWITCHWND - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadStringW - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadOLE - OK - C:\WINDOWS\system32\USER32.dll
             ClientRegisterDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             ClientRevokeDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTMENUGETOBJECT - OK - C:\WINDOWS\system32\USER32.dll
             ClientPrinterThunk - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPCOMBOBOXINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPSCROLLBARINFO - OK - C:\WINDOWS\system32\USER32.dll

------------------------------------------------------------------------------------------

      Image File Name[3380 notepad.exe]KernelCallbackTable
             fnCOPYDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnCOPYGLOBALDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnNCDESTROY - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORDOPTINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTDRAG - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINCNTOUTSTRING - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCOMPAREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDELETEITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDRAWITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPMDICREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPMEASUREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPWINDOWPOS - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPPOINT5 - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNCCALCSIZE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINPAINTCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSIZECLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINDESTROYCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINDEVICECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNEXTMENU - OK - C:\WINDOWS\system32\USER32.dll
             fnLOGONNOTIFY - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTDWORDINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnSENTDDEMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTSTYLECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTACTIVATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPDEBUGHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMOUSEHOOKSTRUCTEX - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPKBDLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkOPTINLPEVENTMSG - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientEventCallback - OK - C:\WINDOWS\system32\USER32.dll
             ClientFindMnemChar - OK - C:\WINDOWS\system32\USER32.dll
             ClientFontSweep - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeDDEHandle - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetCharsetInfo - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEFlags - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEHookData - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetListboxString - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetMessageMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadMenu - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLocalT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadRemoteT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientPSMTextOut - OK - C:\WINDOWS\system32\USER32.dll
             ClientLpkDrawTextEx - OK - C:\WINDOWS\system32\USER32.dll
             ClientExtTextOutW - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetTextExtentPointW - OK - C:\WINDOWS\system32\USER32.dll
             ClientCharToWchar - OK - C:\WINDOWS\system32\USER32.dll
             ClientAddFontResourceW - OK - C:\WINDOWS\system32\USER32.dll
             ClientThreadSetup - OK - C:\WINDOWS\system32\USER32.dll
             ClientDeliverUserApc - OK - C:\WINDOWS\system32\USER32.dll
             ClientNoMemoryPopup - OK - C:\WINDOWS\system32\USER32.dll
             ClientMonitorEnumProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientCallWinEventProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientWaitMessageExMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWGetProcModule - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWTask16SchedNotify - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmLoadLayout - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmProcessKey - OK - C:\WINDOWS\system32\USER32.dll
             fnIMECONTROL - OK - C:\WINDOWS\system32\USER32.dll
             fnINWPARAMDBCSCHAR - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPKDRAWSWITCHWND - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadStringW - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadOLE - OK - C:\WINDOWS\system32\USER32.dll
             ClientRegisterDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             ClientRevokeDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTMENUGETOBJECT - OK - C:\WINDOWS\system32\USER32.dll
             ClientPrinterThunk - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPCOMBOBOXINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPSCROLLBARINFO - OK - C:\WINDOWS\system32\USER32.dll

------------------------------------------------------------------------------------------

      Image File Name[2888 alg.exe]KernelCallbackTable
             fnCOPYDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnCOPYGLOBALDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnNCDESTROY - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORDOPTINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTDRAG - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINCNTOUTSTRING - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCOMPAREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDELETEITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDRAWITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPMDICREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPMEASUREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPWINDOWPOS - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPPOINT5 - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNCCALCSIZE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINPAINTCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSIZECLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINDESTROYCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINDEVICECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNEXTMENU - OK - C:\WINDOWS\system32\USER32.dll
             fnLOGONNOTIFY - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTDWORDINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnSENTDDEMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTSTYLECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTACTIVATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPDEBUGHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMOUSEHOOKSTRUCTEX - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPKBDLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkOPTINLPEVENTMSG - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientEventCallback - OK - C:\WINDOWS\system32\USER32.dll
             ClientFindMnemChar - OK - C:\WINDOWS\system32\USER32.dll
             ClientFontSweep - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeDDEHandle - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetCharsetInfo - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEFlags - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEHookData - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetListboxString - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetMessageMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadMenu - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLocalT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadRemoteT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientPSMTextOut - OK - C:\WINDOWS\system32\USER32.dll
             ClientLpkDrawTextEx - OK - C:\WINDOWS\system32\USER32.dll
             ClientExtTextOutW - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetTextExtentPointW - OK - C:\WINDOWS\system32\USER32.dll
             ClientCharToWchar - OK - C:\WINDOWS\system32\USER32.dll
             ClientAddFontResourceW - OK - C:\WINDOWS\system32\USER32.dll
             ClientThreadSetup - OK - C:\WINDOWS\system32\USER32.dll
             ClientDeliverUserApc - OK - C:\WINDOWS\system32\USER32.dll
             ClientNoMemoryPopup - OK - C:\WINDOWS\system32\USER32.dll
             ClientMonitorEnumProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientCallWinEventProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientWaitMessageExMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWGetProcModule - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWTask16SchedNotify - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmLoadLayout - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmProcessKey - OK - C:\WINDOWS\system32\USER32.dll
             fnIMECONTROL - OK - C:\WINDOWS\system32\USER32.dll
             fnINWPARAMDBCSCHAR - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPKDRAWSWITCHWND - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadStringW - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadOLE - OK - C:\WINDOWS\system32\USER32.dll
             ClientRegisterDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             ClientRevokeDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTMENUGETOBJECT - OK - C:\WINDOWS\system32\USER32.dll
             ClientPrinterThunk - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPCOMBOBOXINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPSCROLLBARINFO - OK - C:\WINDOWS\system32\USER32.dll

------------------------------------------------------------------------------------------

      Image File Name[3956 notepad.exe]KernelCallbackTable
             fnCOPYDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnCOPYGLOBALDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnNCDESTROY - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORDOPTINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTDRAG - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINCNTOUTSTRING - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCOMPAREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDELETEITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDRAWITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPMDICREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPMEASUREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPWINDOWPOS - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPPOINT5 - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNCCALCSIZE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINPAINTCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSIZECLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINDESTROYCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINDEVICECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNEXTMENU - OK - C:\WINDOWS\system32\USER32.dll
             fnLOGONNOTIFY - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTDWORDINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnSENTDDEMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTSTYLECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTACTIVATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPDEBUGHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMOUSEHOOKSTRUCTEX - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPKBDLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkOPTINLPEVENTMSG - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientEventCallback - OK - C:\WINDOWS\system32\USER32.dll
             ClientFindMnemChar - OK - C:\WINDOWS\system32\USER32.dll
             ClientFontSweep - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeDDEHandle - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetCharsetInfo - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEFlags - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEHookData - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetListboxString - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetMessageMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadMenu - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLocalT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadRemoteT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientPSMTextOut - OK - C:\WINDOWS\system32\USER32.dll
             ClientLpkDrawTextEx - OK - C:\WINDOWS\system32\USER32.dll
             ClientExtTextOutW - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetTextExtentPointW - OK - C:\WINDOWS\system32\USER32.dll
             ClientCharToWchar - OK - C:\WINDOWS\system32\USER32.dll
             ClientAddFontResourceW - OK - C:\WINDOWS\system32\USER32.dll
             ClientThreadSetup - OK - C:\WINDOWS\system32\USER32.dll
             ClientDeliverUserApc - OK - C:\WINDOWS\system32\USER32.dll
             ClientNoMemoryPopup - OK - C:\WINDOWS\system32\USER32.dll
             ClientMonitorEnumProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientCallWinEventProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientWaitMessageExMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWGetProcModule - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWTask16SchedNotify - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmLoadLayout - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmProcessKey - OK - C:\WINDOWS\system32\USER32.dll
             fnIMECONTROL - OK - C:\WINDOWS\system32\USER32.dll
             fnINWPARAMDBCSCHAR - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPKDRAWSWITCHWND - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadStringW - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadOLE - OK - C:\WINDOWS\system32\USER32.dll
             ClientRegisterDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             ClientRevokeDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTMENUGETOBJECT - OK - C:\WINDOWS\system32\USER32.dll
             ClientPrinterThunk - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPCOMBOBOXINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPSCROLLBARINFO - OK - C:\WINDOWS\system32\USER32.dll

------------------------------------------------------------------------------------------

      Image File Name[0 Idle]KernelCallbackTable

==========================================================================================

Port

       Tcp 62.24.80.27 : 1982 - 64.95.244.53 : 80 - ESTABLISHED - 1620 - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
       Tcp 127.0.0.1 : 12143 - 0.0.0.0 : 0 - LISTENING - 1620 - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
       Tcp 0.0.0.0 : 445 - 0.0.0.0 : 0 - LISTENING - 4 - System
       Tcp 127.0.0.1 : 12465 - 0.0.0.0 : 0 - LISTENING - 1620 - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
       Tcp 0.0.0.0 : 135 - 0.0.0.0 : 0 - LISTENING - 988 - C:\WINDOWS\system32\svchost.exe
       Tcp 127.0.0.1 : 27275 - 0.0.0.0 : 0 - LISTENING - 1620 - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
       Tcp 0.0.0.0 : 6881 - 0.0.0.0 : 0 - LISTENING - 1988 - C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
       Tcp 127.0.0.1 : 12993 - 0.0.0.0 : 0 - LISTENING - 1620 - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
       Tcp 127.0.0.1 : 12563 - 0.0.0.0 : 0 - LISTENING - 1620 - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
       Tcp 62.24.80.27 : 139 - 0.0.0.0 : 0 - LISTENING - 4 - System
       Tcp 127.0.0.1 : 12110 - 0.0.0.0 : 0 - LISTENING - 1620 - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
       Tcp 127.0.0.1 : 1034 - 0.0.0.0 : 0 - LISTENING - 2888 - C:\WINDOWS\system32\alg.exe
       Tcp 127.0.0.1 : 12025 - 0.0.0.0 : 0 - LISTENING - 1620 - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
       Tcp 127.0.0.1 : 12080 - 0.0.0.0 : 0 - LISTENING - 1620 - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
       Tcp 127.0.0.1 : 12995 - 0.0.0.0 : 0 - LISTENING - 1620 - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
       Tcp 127.0.0.1 : 12119 - 0.0.0.0 : 0 - LISTENING - 1620 - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
       Udp 0.0.0.0 : 6881 - * : * - 1988 - C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
       Udp 0.0.0.0 : 1027 - * : * - 1988 - C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
       Udp 62.24.80.27 : 138 - * : * - 4 - System
       Udp 0.0.0.0 : 500 - * : * - 744 - C:\WINDOWS\system32\lsass.exe
       Udp 127.0.0.1 : 1029 - * : * - 1988 - C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
       Udp 62.24.80.27 : 123 - * : * - 1084 - C:\WINDOWS\system32\svchost.exe
       Udp 127.0.0.1 : 6771 - * : * - 1988 - C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
       Udp 192.168.100.10 : 1028 - * : * - 1988 - C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
       Udp 127.0.0.1 : 123 - * : * - 1084 - C:\WINDOWS\system32\svchost.exe
       Udp 62.24.80.27 : 1900 - * : * - 1308 - C:\WINDOWS\system32\svchost.exe
       Udp 0.0.0.0 : 6771 - * : * - 1988 - C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
       Udp 62.24.80.27 : 137 - * : * - 4 - System
       Udp 192.168.100.10 : 6771 - * : * - 1988 - C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
       Udp 127.0.0.1 : 1900 - * : * - 1308 - C:\WINDOWS\system32\svchost.exe
       Udp 0.0.0.0 : 4500 - * : * - 744 - C:\WINDOWS\system32\lsass.exe
       Udp 0.0.0.0 : 445 - * : * - 4 - System
       Raw 4 - System
       Raw 4 - System
       Raw 744 - C:\WINDOWS\system32\lsass.exe

==========================================================================================

Tcpip

       IRP_MJ_CREATE - OK - 0xB8BF24F9 - C:\WINDOWS\system32\DRIVERS\tcpip.sys - Microsoft Corporation
       IRP_MJ_CREATE_NAMED_PIPE - OK - 0xB8BF24F9 - C:\WINDOWS\system32\DRIVERS\tcpip.sys - Microsoft Corporation
       IRP_MJ_CLOSE - OK - 0xB8BF24F9 - C:\WINDOWS\system32\DRIVERS\tcpip.sys - Microsoft Corporation
       IRP_MJ_READ - OK - 0xB8BF24F9 - C:\WINDOWS\system32\DRIVERS\tcpip.sys - Microsoft Corporation
       IRP_MJ_WRITE - OK - 0xB8BF24F9 - C:\WINDOWS\system32\DRIVERS\tcpip.sys - Microsoft Corporation
       IRP_MJ_QUERY_INFORMATION - OK - 0xB8BF24F9 - C:\WINDOWS\system32\DRIVERS\tcpip.sys - Microsoft Corporation
       IRP_MJ_SET_INFORMATION - OK - 0xB8BF24F9 - C:\WINDOWS\system32\DRIVERS\tcpip.sys - Microsoft Corporation
       IRP_MJ_QUERY_EA - OK - 0xB8BF24F9 - C:\WINDOWS\system32\DRIVERS\tcpip.sys - Microsoft Corporation
       IRP_MJ_SET_EA - OK - 0xB8BF24F9 - C:\WINDOWS\system32\DRIVERS\tcpip.sys - Microsoft Corporation
       IRP_MJ_FLUSH_BUFFERS - OK - 0xB8BF24F9 - C:\WINDOWS\system32\DRIVERS\tcpip.sys - Microsoft Corporation
       IRP_MJ_QUERY_VOLUME_INFORMATION - OK - 0xB8BF24F9 - C:\WINDOWS\system32\DRIVERS\tcpip.sys - Microsoft Corporation
       IRP_MJ_SET_VOLUME_INFORMATION - OK - 0xB8BF24F9 - C:\WINDOWS\system32\DRIVERS\tcpip.sys - Microsoft Corporation
       IRP_MJ_DIRECTORY_CONTROL - OK - 0xB8BF24F9 - C:\WINDOWS\system32\DRIVERS\tcpip.sys - Microsoft Corporation
       IRP_MJ_FILE_SYSTEM_CONTROL - OK - 0xB8BF24F9 - C:\WINDOWS\system32\DRIVERS\tcpip.sys - Microsoft Corporation
       IRP_MJ_DEVICE_CONTROL - OK - 0xB8BF24F9 - C:\WINDOWS\system32\DRIVERS\tcpip.sys - Microsoft Corporation
       IRP_MJ_INTERNAL_DEVICE_CONTROL - OK - 0xB8BF2718 - C:\WINDOWS\system32\DRIVERS\tcpip.sys - Microsoft Corporation
       IRP_MJ_SHUTDOWN - OK - 0xB8BF24F9 - C:\WINDOWS\system32\DRIVERS\tcpip.sys - Microsoft Corporation
       IRP_MJ_LOCK_CONTROL - OK - 0xB8BF24F9 - C:\WINDOWS\system32\DRIVERS\tcpip.sys - Microsoft Corporation
       IRP_MJ_CLEANUP - OK - 0xB8BF24F9 - C:\WINDOWS\system32\DRIVERS\tcpip.sys - Microsoft Corporation
       IRP_MJ_CREATE_MAILSLOT - OK - 0xB8BF24F9 - C:\WINDOWS\system32\DRIVERS\tcpip.sys - Microsoft Corporation
       IRP_MJ_QUERY_SECURITY - OK - 0xB8BF24F9 - C:\WINDOWS\system32\DRIVERS\tcpip.sys - Microsoft Corporation
       IRP_MJ_SET_SECURITY - OK - 0xB8BF24F9 - C:\WINDOWS\system32\DRIVERS\tcpip.sys - Microsoft Corporation
       IRP_MJ_POWER - OK - 0xB8BF24F9 - C:\WINDOWS\system32\DRIVERS\tcpip.sys - Microsoft Corporation
       IRP_MJ_SYSTEM_CONTROL - OK - 0xB8BF24F9 - C:\WINDOWS\system32\DRIVERS\tcpip.sys - Microsoft Corporation
       IRP_MJ_DEVICE_CHANGE - OK - 0xB8BF24F9 - C:\WINDOWS\system32\DRIVERS\tcpip.sys - Microsoft Corporation
       IRP_MJ_QUERY_QUOTA - OK - 0xB8BF24F9 - C:\WINDOWS\system32\DRIVERS\tcpip.sys - Microsoft Corporation
       IRP_MJ_SET_QUOTA - OK - 0xB8BF24F9 - C:\WINDOWS\system32\DRIVERS\tcpip.sys - Microsoft Corporation
       IRP_MJ_PNP_POWER - OK - 0xB8BF24F9 - C:\WINDOWS\system32\DRIVERS\tcpip.sys - Microsoft Corporation

==========================================================================================

IE Plugin

       Browser Helper Objects - Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll - Adobe Systems Incorporated - {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
       Browser Helper Objects - &Crawler Toolbar Helper - C:\Program Files\Crawler\ctbr.dll - Crawler.com - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
       Browser Helper Objects - avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll - AVAST Software - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
       Browser Helper Objects - Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll - Skype Technologies S.A. - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
       Browser Helper Objects - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll - Ask - {D4027C7F-154A-4066-A1AD-4243D8127440}
       Browser Extensions - Skype Plug-In -  -  - {898EA8C8-E7FF-479B-8935-AEC46303B9E5}
       Browser Extensions -  - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe - Microsoft Corporation - {e2e2dd38-d088-4134-82b7-f2ba38496583}
       Browser Extensions - Messenger - C:\Program Files\Messenger\msmsgs.exe - Microsoft Corporation - {FB5F1910-F110-11d2-BB9E-00C04F795683}
       ToolBar -  - C:\Program Files\Crawler\ctbr.dll - Crawler.com - {4B3803EA-5230-4DC3-A7FC-33638F3D3542}
       ToolBar -  - C:\Program Files\Ask.com\GenericAskToolbar.dll - Ask - {D4027C7F-154A-4066-A1AD-4243D8127440}
       ToolBar -  - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll - AVAST Software - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
       URLSearchHooks - UrlSearchHook Class - C:\Program Files\Ask.com\GenericAskToolbar.dll - Ask - {00000000-6E41-4FD3-8538-502F5495E5FC}
       URLSearchHooks - &Crawler Toolbar Helper - C:\Program Files\Crawler\ctbr.dll - Crawler.com - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
       ActiveX - Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll - Adobe Systems Incorporated - {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
       ActiveX - &Crawler Toolbar Helper - C:\Program Files\Crawler\ctbr.dll - Crawler.com - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
       ActiveX - HTML Document - C:\WINDOWS\system32\mshtml.dll - Microsoft Corporation - {25336920-03F9-11CF-8FD0-00AA00686F13}
       ActiveX - XML DOM Document - C:\WINDOWS\system32\msxml3.dll - Microsoft Corporation - {2933BF90-7B36-11D2-B20E-00C04F983E60}
       ActiveX -  -  -  - {326E768D-4182-46FD-9C16-1449A49795F4}
       ActiveX - Tabular Data Control - C:\WINDOWS\system32\tdc.ocx - Microsoft Corporation - {333C7BC4-460F-11D0-BC04-0080C7055A83}
       ActiveX - &Crawler lita - C:\Program Files\Crawler\ctbr.dll - Crawler.com - {4B3803EA-5230-4DC3-A7FC-33638F3D3542}
       ActiveX - Microsoft Terminal Services Client Control (redist) - C:\WINDOWS\system32\mstscax.dll - Microsoft Corporation - {4eb89ff4-7f78-4a0f-8b8d-2bf02e94e4b2}
       ActiveX - Microsoft Terminal Services Client Control (redist) - C:\WINDOWS\system32\mstscax.dll - Microsoft Corporation - {4EDCB26C-D24C-4e72-AF07-B576699AC0DE}
       ActiveX -  -  -  - {593DDEC6-7468-4CDD-90E1-42DADAA222E9}
       ActiveX -  -  -  - {67DABFBF-D0AB-41FA-9C46-CC0F21721616}
       ActiveX - Windows Media Player - C:\WINDOWS\system32\wmp.dll - Microsoft Corporation - {6BF52A52-394A-11D3-B153-00C04F79FAA6}
       ActiveX - Microsoft Terminal Services Client Control (redist) - C:\WINDOWS\system32\mstscax.dll - Microsoft Corporation - {7390f3d8-0439-4c05-91e3-cf5cb290c3d0}
       ActiveX - Microsoft Terminal Services Client Control (redist) - C:\WINDOWS\system32\mstscax.dll - Microsoft Corporation - {7584c670-2274-4efb-b00b-d6aaba6d3850}
       ActiveX -  -  -  - {8736C681-37A0-40C6-A0F0-4C083409151C}
       ActiveX - Microsoft Web Browser - C:\WINDOWS\system32\ieframe.dll - Microsoft Corporation - {8856F961-340A-11D0-A96B-00C04FD705A2}
       ActiveX - Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll - Skype Technologies S.A. - {898EA8C8-E7FF-479B-8935-AEC46303B9E5}
       ActiveX - avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll - AVAST Software - {8E5E2654-AD2D-48BF-AC2D-D17F00898D06}
       ActiveX - Microsoft Terminal Services Client Control (redist) - C:\WINDOWS\system32\mstscax.dll - Microsoft Corporation - {9059f30f-4eb1-4bd2-9fdc-36f43a218f4a}
       ActiveX -  -  -  - {93A19665-CB06-44B4-A578-620454EB7BD8}
       ActiveX - Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll - Skype Technologies S.A. - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
       ActiveX -  -  -  - {C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}
       ActiveX -  -  -  - {C442AC41-9200-4770-8CC0-7CDB4F245C55}
       ActiveX - Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll - Adobe Systems, Inc. - {CA8A9780-280D-11CF-A24D-444553540000}
       ActiveX - Microsoft Url Search Hook - C:\WINDOWS\system32\ieframe.dll - Microsoft Corporation - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
       ActiveX - Shockwave Flash Object - C:\WINDOWS\system32\Macromed\Flash\Flash10l.ocx - Adobe Systems, Inc. - {D27CDB6E-AE6D-11CF-96B8-444553540000}
       ActiveX - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll - Ask - {D4027C7F-154A-4066-A1AD-4243D8127440}
       ActiveX - Microsoft Silverlight - c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll -  Microsoft Corporation - {DFEAF541-F3E1-4C24-ACAC-99C30715084A}
       ActiveX -  -  -  - {E2E2DD38-D088-4134-82B7-F2BA38496583}
       ActiveX - XML HTTP Request - C:\WINDOWS\system32\msxml3.dll - Microsoft Corporation - {ED8C108E-4349-11D2-91A4-00C04F7969E8}
       ActiveX - XML HTTP - C:\WINDOWS\system32\msxml3.dll - Microsoft Corporation - {F6D90F16-9C73-11D3-B32E-00C04F990BB4}
       ActiveX -  -  -  - {FB5F1910-F110-11D2-BB9E-00C04F795683}
       Distribution Units - FP_AX_CAB_INSTALLER.exe - C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe - Adobe Systems, Inc. - {D27CDB6E-AE6D-11CF-96B8-444553540000}

==========================================================================================

IE Shell

       Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
       Crawler Search - tbr:iemenu

==========================================================================================

Spi

       MSAFD Tcpip [TCP/IP] - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation - {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
       MSAFD Tcpip [UDP/IP] - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation - {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
       MSAFD Tcpip [RAW/IP] - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation - {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
       RSVP UDP Service Provider - C:\WINDOWS\system32\rsvpsp.dll - Microsoft Corporation - {9D60A9E0-337A-11D0-BD88-0000C082E69A}
       RSVP TCP Service Provider - C:\WINDOWS\system32\rsvpsp.dll - Microsoft Corporation - {9D60A9E0-337A-11D0-BD88-0000C082E69A}
       MSAFD NetBIOS [\Device\NetBT_Tcpip_{1EBA5F67-7EBA-4DBF-A83A-B8DEBF79555A}] SEQPACKET 0 - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation - {8D5F1830-C273-11CF-95C8-00805F48A192}
       MSAFD NetBIOS [\Device\NetBT_Tcpip_{1EBA5F67-7EBA-4DBF-A83A-B8DEBF79555A}] DATAGRAM 0 - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation - {8D5F1830-C273-11CF-95C8-00805F48A192}
       MSAFD NetBIOS [\Device\NetBT_Tcpip_{45D54BFB-40B1-4471-9C4E-E5E2882E8784}] SEQPACKET 1 - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation - {8D5F1830-C273-11CF-95C8-00805F48A192}
       MSAFD NetBIOS [\Device\NetBT_Tcpip_{45D54BFB-40B1-4471-9C4E-E5E2882E8784}] DATAGRAM 1 - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation - {8D5F1830-C273-11CF-95C8-00805F48A192}
       MSAFD NetBIOS [\Device\NetBT_Tcpip_{6E75894B-1427-4CEF-AFC2-1B69419198E3}] SEQPACKET 2 - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation - {8D5F1830-C273-11CF-95C8-00805F48A192}
       MSAFD NetBIOS [\Device\NetBT_Tcpip_{6E75894B-1427-4CEF-AFC2-1B69419198E3}] DATAGRAM 2 - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation - {8D5F1830-C273-11CF-95C8-00805F48A192}
       Tcpip - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation
       NTDS - C:\WINDOWS\system32\winrnr.dll - Microsoft Corporation
       Obor nzv sluby Sledovn umstn v sti (NLA) - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation

==========================================================================================

Hosts File

       

       127.0.0.1       localhost


==========================================================================================

Startup

       avast5 - C:\Program Files\Alwil Software\Avast5\AvastUI.exe - AVAST Software - [\Registry\Machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Run avast5]
       CmPCIaudio - CMICNFG3.cpl - C-Media Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Run CmPCIaudio]
       SpywareTerminator - C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe - Crawler.com - [\Registry\Machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SpywareTerminator]
        -  -  - [\Registry\Machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ]
       ApnUpdater - C:\Program Files\Ask.com\Updater\Updater.exe - Ask - [\Registry\Machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ApnUpdater]
       Adobe Reader Speed Launcher - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe - Adobe Systems Incorporated - [\Registry\Machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Adobe Reader Speed Launcher]
       Adobe ARM - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe - Adobe Systems Incorporated - [\Registry\Machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Adobe ARM]
       Google Update - C:\Documents and Settings\Zuzana\Local Settings\Data aplikac\Google\Update\GoogleUpdate.exe - Google Inc. - [\REGISTRY\USER\S-1-5-21-861567501-261903793-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Google Update]
       SpywareTerminatorUpdate - C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe - Crawler.com - [\REGISTRY\USER\S-1-5-21-861567501-261903793-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SpywareTerminatorUpdate]
       ctfmon.exe - C:\WINDOWS\system32\ctfmon.exe - Microsoft Corporation - [\REGISTRY\USER\S-1-5-21-861567501-261903793-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ctfmon.exe]
       FlashPlayerUpdate - C:\WINDOWS\system32\Macromed\Flash\FlashUtil11e_Plugin.exe - Adobe Systems, Inc. - [\REGISTRY\USER\S-1-5-21-861567501-261903793-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce FlashPlayerUpdate]
       OpenOffice.org 3.2.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe -  - [C:\Documents and Settings\Zuzana\Nabdka Start\Programy\Po sputn\OpenOffice.org 3.2.lnk]
       logon.scr - C:\WINDOWS\system32\logon.scr - Microsoft Corporation - [\REGISTRY\USER\S-1-5-21-861567501-261903793-682003330-1003\Control Panel\Desktop SCRNSAVE.EXE]
       Shell - Explorer.exe - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Shell]
       UIHost - logonui.exe - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon UIHost]
       Userinit - C:\WINDOWS\system32\userinit.exe - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Userinit]
       crypt32chain - C:\WINDOWS\system32\crypt32.dll - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain DllName]
       cryptnet - C:\WINDOWS\system32\cryptnet.dll - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet DllName]
       cscdll - C:\WINDOWS\system32\cscdll.dll - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll DllName]
       dimsntfy - C:\WINDOWS\system32\dimsntfy.dll - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy DllName]
       ScCertProp - C:\WINDOWS\system32\wlnotify.dll - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp DllName]
       Schedule - C:\WINDOWS\system32\wlnotify.dll - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule DllName]
       sclgntfy - C:\WINDOWS\system32\sclgntfy.dll - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy DllName]
       SensLogn - C:\WINDOWS\system32\WlNotify.dll - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn DllName]
       termsrv - C:\WINDOWS\system32\wlnotify.dll - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv DllName]
       wlballoon - C:\WINDOWS\system32\wlnotify.dll - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon DllName]
       PostBootReminder - C:\WINDOWS\system32\shell32.dll - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad PostBootReminder]
       CDBurn - C:\WINDOWS\system32\shell32.dll - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad CDBurn]
       WebCheck - C:\WINDOWS\system32\webcheck.dll - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad WebCheck]
       SysTray - C:\WINDOWS\system32\stobject.dll - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad SysTray]
       WPDShServiceObj - C:\WINDOWS\system32\WPDShServiceObj.dll - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad WPDShServiceObj]
       shell32.dll({AEB6717E-7E19-11d0-97EE-00C04FD91972}) - C:\WINDOWS\system32\shell32.dll - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks {AEB6717E-7E19-11d0-97EE-00C04FD91972}]
       browseui.dll({438755C2-A8BA-11D1-B96B-00A0C90312E1}) - C:\WINDOWS\system32\browseui.dll - Spolenost Microsoft - [\Registry\Machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler {438755C2-A8BA-11D1-B96B-00A0C90312E1}]
       browseui.dll({8C7461EF-2B13-11d2-BE35-3078302C2030}) - C:\WINDOWS\system32\browseui.dll - Spolenost Microsoft - [\Registry\Machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler {8C7461EF-2B13-11d2-BE35-3078302C2030}]
       BJ Language Monitor - C:\WINDOWS\system32\cnbjmon.dll - Microsoft Corporation - [\Registry\Machine\SYSTEM\CurrentControlSet\Control\Print\Monitors BJ Language Monitor]
       Local Port - C:\WINDOWS\system32\localspl.dll - Microsoft Corporation - [\Registry\Machine\SYSTEM\CurrentControlSet\Control\Print\Monitors Local Port]
       PJL Language Monitor - C:\WINDOWS\system32\pjlmon.dll - Microsoft Corporation - [\Registry\Machine\SYSTEM\CurrentControlSet\Control\Print\Monitors PJL Language Monitor]
       Standard TCP/IP Port - C:\WINDOWS\system32\tcpmon.dll - Microsoft Corporation - [\Registry\Machine\SYSTEM\CurrentControlSet\Control\Print\Monitors Standard TCP/IP Port]
       USB Monitor - C:\WINDOWS\system32\usbmon.dll - Microsoft Corporation - [\Registry\Machine\SYSTEM\CurrentControlSet\Control\Print\Monitors USB Monitor]
       Internet Print Provider - C:\WINDOWS\system32\inetpp.dll - Microsoft Corporation - [\Registry\Machine\SYSTEM\CurrentControlSet\Control\Print\Providers Internet Print Provider]
       LanMan Print Services - C:\WINDOWS\system32\win32spl.dll - Microsoft Corporation - [\Registry\Machine\SYSTEM\CurrentControlSet\Control\Print\Providers LanMan Print Services]
       advapi32 - C:\WINDOWS\system32\advapi32.dll - Microsoft Corporation - [\Registry\Machine\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs advapi32]
       comdlg32 - C:\WINDOWS\system32\comdlg32.dll - Microsoft Corporation - [\Registry\Machine\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs comdlg32]
       gdi32 - C:\WINDOWS\system32\gdi32.dll - Microsoft Corporation - [\Registry\Machine\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs gdi32]
       imagehlp - C:\WINDOWS\system32\imagehlp.dll - Microsoft Corporation - [\Registry\Machine\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs imagehlp]
       kernel32 - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation - [\Registry\Machine\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs kernel32]
       lz32 - C:\WINDOWS\system32\lz32.dll - Microsoft Corporation - [\Registry\Machine\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs lz32]
       ole32 - C:\WINDOWS\system32\ole32.dll - Microsoft Corporation - [\Registry\Machine\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs ole32]
       oleaut32 - C:\WINDOWS\system32\oleaut32.dll - Microsoft Corporation - [\Registry\Machine\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs oleaut32]
       olecli32 - C:\WINDOWS\system32\olecli32.dll - Microsoft Corporation - [\Registry\Machine\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs olecli32]
       olecnv32 - C:\WINDOWS\system32\olecnv32.dll - Microsoft Corporation - [\Registry\Machine\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs olecnv32]
       olesvr32 - C:\WINDOWS\system32\olesvr32.dll - Microsoft Corporation - [\Registry\Machine\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs olesvr32]
       olethk32 - C:\WINDOWS\system32\olethk32.dll - Microsoft Corporation - [\Registry\Machine\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs olethk32]
       rpcrt4 - C:\WINDOWS\system32\rpcrt4.dll - Microsoft Corporation - [\Registry\Machine\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs rpcrt4]
       shell32 - C:\WINDOWS\system32\shell32.dll - Microsoft Corporation - [\Registry\Machine\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs shell32]
       url - C:\WINDOWS\system32\url.dll - Microsoft Corporation - [\Registry\Machine\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs url]
       urlmon - C:\WINDOWS\system32\urlmon.dll - Microsoft Corporation - [\Registry\Machine\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs urlmon]
       user32 - C:\WINDOWS\system32\user32.dll - Microsoft Corporation - [\Registry\Machine\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs user32]
       version - C:\WINDOWS\system32\version.dll - Microsoft Corporation - [\Registry\Machine\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs version]
       wininet - C:\WINDOWS\system32\wininet.dll - Microsoft Corporation - [\Registry\Machine\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs wininet]
       wldap32 - C:\WINDOWS\system32\wldap32.dll - Microsoft Corporation - [\Registry\Machine\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs wldap32]
       ashShell.dll(avast) - C:\Program Files\Alwil Software\Avast5\ashShell.dll - AVAST Software - [\Registry\Machine\SOFTWARE\Classes\*\shellex\ContextMenuHandlers avast]
       ShellEx_100.dll(FormatFactoryShell) - C:\Program Files\FreeTime\FormatFactory\ShellEx_100.dll - Free Time - [\Registry\Machine\SOFTWARE\Classes\*\shellex\ContextMenuHandlers FormatFactoryShell]
       cscui.dll(Offline Files) - C:\WINDOWS\system32\cscui.dll - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Classes\*\shellex\ContextMenuHandlers Offline Files]
       shell32.dll(Open With) - C:\WINDOWS\system32\shell32.dll - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Classes\*\shellex\ContextMenuHandlers Open With]
       shell32.dll(Open With EncryptionMenu) - C:\WINDOWS\system32\shell32.dll - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Classes\*\shellex\ContextMenuHandlers Open With EncryptionMenu]
       sptcontmenu.dll(SPTContMenu) - C:\Program Files\Spyware Terminator\sptcontmenu.dll - Crawler.com - [\Registry\Machine\SOFTWARE\Classes\*\shellex\ContextMenuHandlers SPTContMenu]
       RarExt.dll(WinRAR) - C:\Program Files\WinRAR\RarExt.dll -  - [\Registry\Machine\SOFTWARE\Classes\*\shellex\ContextMenuHandlers WinRAR]
       ashShell.dll(00avast) - C:\Program Files\Alwil Software\Avast5\ashShell.dll - AVAST Software - [\Registry\Machine\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers 00avast]
       shell32.dll(Send To) - C:\WINDOWS\system32\shell32.dll - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers Send To]
       sptcontmenu.dll(SPTContMenu) - C:\Program Files\Spyware Terminator\sptcontmenu.dll - Crawler.com - [\Registry\Machine\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers SPTContMenu]
       ashShell.dll(avast) - C:\Program Files\Alwil Software\Avast5\ashShell.dll - AVAST Software - [\Registry\Machine\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers avast]
       sptcontmenu.dll(SPTContMenu) - C:\Program Files\Spyware Terminator\sptcontmenu.dll - Crawler.com - [\Registry\Machine\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers SPTContMenu]
       RarExt.dll(WinRAR) - C:\Program Files\WinRAR\RarExt.dll -  - [\Registry\Machine\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers WinRAR]
       Aktualizace verze aplikace Internet Explorer(<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}) - C:\WINDOWS\system32\ieudinit.exe - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Active Setup\Installed Components <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
       Windows Media Player(>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}) - C:\WINDOWS\inf\unregmp2.exe - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Active Setup\Installed Components >{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
       Internet Explorer(>{26923b43-4d38-484f-9b9e-de460746276c}) - C:\WINDOWS\system32\shmgrate.exe - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Active Setup\Installed Components >{26923b43-4d38-484f-9b9e-de460746276c}]
       Browser Customizations(>{60B49E34-C7CC-11D0-8953-00A0C90347FF}) - C:\WINDOWS\system32\iedkcs32.dll - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Active Setup\Installed Components >{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
       Vlastn nastaven prohlee(>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS) - C:\WINDOWS\system32\IEDKCS32.DLL - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Active Setup\Installed Components >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
       Outlook Express(>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}) - C:\WINDOWS\system32\shmgrate.exe - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Active Setup\Installed Components >{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
       ({2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}) -  -  - [\Registry\Machine\SOFTWARE\Microsoft\Active Setup\Installed Components {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
       Microsoft Windows Media Player 6.4({22d6f312-b0f6-11d0-94ab-0080c74c7e95}) -  -  - [\Registry\Machine\SOFTWARE\Microsoft\Active Setup\Installed Components {22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
       Themes Setup({2C7339CF-2B09-4501-B3F3-F3508C9228ED}) - C:\WINDOWS\system32\regsvr32.exe - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Active Setup\Installed Components {2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
       Microsoft Outlook Express 6({44BBA840-CC51-11CF-AAFA-00AA00B6015C}) - C:\Program Files\Outlook Express\setup50.exe - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Active Setup\Installed Components {44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
       NetMeeting 3.01({44BBA842-CC51-11CF-AAFA-00AA00B6015B}) - C:\WINDOWS\system32\advpack.dll - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Active Setup\Installed Components {44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
       Windows Messenger 4.7({5945c046-1e7d-11d1-bc44-00c04fd912be}) - C:\WINDOWS\system32\advpack.dll - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Active Setup\Installed Components {5945c046-1e7d-11d1-bc44-00c04fd912be}]
       Microsoft Windows Media Player({6BF52A52-394A-11d3-B153-00C04F79FAA6}) - C:\WINDOWS\system32\advpack.dll - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Active Setup\Installed Components {6BF52A52-394A-11d3-B153-00C04F79FAA6}]
       Adres 6({7790769C-0471-11d2-AF11-00C04FA35D02}) - C:\Program Files\Outlook Express\setup50.exe - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Active Setup\Installed Components {7790769C-0471-11d2-AF11-00C04FA35D02}]
       Aktualizace plochy systmu Windows({89820200-ECBD-11cf-8B85-00AA005B4340}) - C:\WINDOWS\system32\regsvr32.exe - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Active Setup\Installed Components {89820200-ECBD-11cf-8B85-00AA005B4340}]
       Internet Explorer({89820200-ECBD-11cf-8B85-00AA005B4383}) - C:\WINDOWS\system32\ie4uinit.exe - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Active Setup\Installed Components {89820200-ECBD-11cf-8B85-00AA005B4383}]
       ({89B4C1CD-B018-4511-B0A1-5476DBF70820}) - c:\WINDOWS\system32\mscories.dll - Microsoft Corporation - [\Registry\Machine\SOFTWARE\Microsoft\Active Setup\Installed Components {89B4C1CD-B018-4511-B0A1-5476DBF70820}]
       User_Feed_Synchronization-{FDAAD6CB-4BC9-4B74-B35D-610D5E6A8BD2}.job - C:\WINDOWS\system32\msfeedssync.exe - Microsoft Corporation - [Task Scheduler]
       Scheduled Update for Ask Toolbar.job - C:\Program Files\Ask.com\UpdateTask.exe -  - [Task Scheduler]
       GoogleUpdateTaskUserS-1-5-21-861567501-261903793-682003330-1003UA.job - C:\Documents and Settings\Zuzana\Local Settings\Data aplikac\Google\Update\GoogleUpdate.exe - Google Inc. - [Task Scheduler]
       GoogleUpdateTaskUserS-1-5-21-861567501-261903793-682003330-1003Core.job - C:\Documents and Settings\Zuzana\Local Settings\Data aplikac\Google\Update\GoogleUpdate.exe - Google Inc. - [Task Scheduler]

==========================================================================================

Service

       Alerter - Stopped - Disabled - C:\WINDOWS\system32\svchost.exe -k LocalService - C:\WINDOWS\system32\svchost.exe -  - 
       ALG - Started - Manual - C:\WINDOWS\system32\alg.exe - C:\WINDOWS\system32\alg.exe -  - 
       AppMgmt - Stopped - Manual - C:\WINDOWS\system32\svchost.exe -k netsvcs - C:\WINDOWS\system32\svchost.exe -  - 
       aspnet_state - Stopped - Manual - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -  - 
       AudioSrv - Started - Automatic - C:\WINDOWS\System32\svchost.exe -k netsvcs - C:\WINDOWS\System32\svchost.exe -  - 
       avast! Antivirus - Started - Automatic - "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -  - 
       BITS - Started - Manual - C:\WINDOWS\system32\svchost.exe -k netsvcs - C:\WINDOWS\system32\svchost.exe -  - 
       Browser - Stopped - Automatic - C:\WINDOWS\system32\svchost.exe -k netsvcs - C:\WINDOWS\system32\svchost.exe -  - 
       CiSvc - Stopped - Manual - C:\WINDOWS\system32\cisvc.exe - C:\WINDOWS\system32\cisvc.exe -  - 
       ClipSrv - Stopped - Disabled - C:\WINDOWS\system32\clipsrv.exe - C:\WINDOWS\system32\clipsrv.exe -  - 
       clr_optimization_v2.0.50727_32 - Stopped - Manual - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -  - 
       COMSysApp - Stopped - Manual - C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} - C:\WINDOWS\system32\dllhost.exe -  - 
       CryptSvc - Started - Automatic - C:\WINDOWS\system32\svchost.exe -k netsvcs - C:\WINDOWS\system32\svchost.exe -  - 
       DcomLaunch - Started - Automatic - C:\WINDOWS\system32\svchost -k DcomLaunch - C:\WINDOWS\system32\svchost.exe -  - 
       Dhcp - Started - Automatic - C:\WINDOWS\system32\svchost.exe -k netsvcs - C:\WINDOWS\system32\svchost.exe -  - 
       dmadmin - Stopped - Manual - C:\WINDOWS\System32\dmadmin.exe /com - C:\WINDOWS\System32\dmadmin.exe -  - 
       dmserver - Started - Automatic - C:\WINDOWS\System32\svchost.exe -k netsvcs - C:\WINDOWS\System32\svchost.exe -  - 
       Dnscache - Started - Automatic - C:\WINDOWS\system32\svchost.exe -k NetworkService - C:\WINDOWS\system32\svchost.exe -  - 
       Dot3svc - Stopped - Manual - C:\WINDOWS\System32\svchost.exe -k dot3svc - C:\WINDOWS\System32\svchost.exe -  - 
       EapHost - Stopped - Manual - C:\WINDOWS\System32\svchost.exe -k eapsvcs - C:\WINDOWS\System32\svchost.exe -  - 
       ERSvc - Started - Automatic - C:\WINDOWS\System32\svchost.exe -k netsvcs - C:\WINDOWS\System32\svchost.exe -  - 
       Eventlog - Started - Automatic - C:\WINDOWS\system32\services.exe - C:\WINDOWS\system32\services.exe -  - 
       EventSystem - Started - Manual - C:\WINDOWS\system32\svchost.exe -k netsvcs - C:\WINDOWS\system32\svchost.exe -  - 
       FastUserSwitchingCompatibility - Started - Manual - C:\WINDOWS\System32\svchost.exe -k netsvcs - C:\WINDOWS\System32\svchost.exe -  - 
       FontCache3.0.0.0 - Stopped - Manual - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -  - 
       gusvc - Stopped - Manual - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -  - 
       helpsvc - Started - Automatic - C:\WINDOWS\System32\svchost.exe -k netsvcs - C:\WINDOWS\System32\svchost.exe -  - 
       HidServ - Stopped - Disabled - C:\WINDOWS\System32\svchost.exe -k netsvcs - C:\WINDOWS\System32\svchost.exe -  - 
       hkmsvc - Stopped - Manual - C:\WINDOWS\System32\svchost.exe -k netsvcs - C:\WINDOWS\System32\svchost.exe -  - 
       HTTPFilter - Stopped - Manual - C:\WINDOWS\System32\svchost.exe -k HTTPFilter - C:\WINDOWS\System32\svchost.exe -  - 
       idsvc - Stopped - Manual - "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -  - 
       ImapiService - Stopped - Manual - C:\WINDOWS\system32\imapi.exe - C:\WINDOWS\system32\imapi.exe -  - 
       lanmanserver - Started - Automatic - C:\WINDOWS\system32\svchost.exe -k netsvcs - C:\WINDOWS\system32\svchost.exe -  - 
       lanmanworkstation - Started - Automatic - C:\WINDOWS\system32\svchost.exe -k netsvcs - C:\WINDOWS\system32\svchost.exe -  - 
       LmHosts - Started - Automatic - C:\WINDOWS\system32\svchost.exe -k LocalService - C:\WINDOWS\system32\svchost.exe -  - 
       Messenger - Stopped - Disabled - C:\WINDOWS\system32\svchost.exe -k netsvcs - C:\WINDOWS\system32\svchost.exe -  - 
       mnmsrvc - Stopped - Manual - C:\WINDOWS\system32\mnmsrvc.exe - C:\WINDOWS\system32\mnmsrvc.exe -  - 
       MozillaMaintenance - Stopped - Manual - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -  - 
       MSDTC - Stopped - Manual - C:\WINDOWS\system32\msdtc.exe - C:\WINDOWS\system32\msdtc.exe -  - 
       MSIServer - Stopped - Manual - C:\WINDOWS\system32\msiexec.exe /V - C:\WINDOWS\system32\msiexec.exe -  - 
       napagent - Stopped - Manual - C:\WINDOWS\System32\svchost.exe -k netsvcs - C:\WINDOWS\System32\svchost.exe -  - 
       NetDDE - Stopped - Disabled - C:\WINDOWS\system32\netdde.exe - C:\WINDOWS\system32\netdde.exe -  - 
       NetDDEdsdm - Stopped - Disabled - C:\WINDOWS\system32\netdde.exe - C:\WINDOWS\system32\netdde.exe -  - 
       Netlogon - Stopped - Manual - C:\WINDOWS\system32\lsass.exe - C:\WINDOWS\system32\lsass.exe -  - 
       Netman - Started - Manual - C:\WINDOWS\System32\svchost.exe -k netsvcs - C:\WINDOWS\System32\svchost.exe -  - 
       NetTcpPortSharing - Stopped - Disabled - "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -  - 
       Nla - Started - Manual - C:\WINDOWS\system32\svchost.exe -k netsvcs - C:\WINDOWS\system32\svchost.exe -  - 
       NtLmSsp - Stopped - Manual - C:\WINDOWS\system32\lsass.exe - C:\WINDOWS\system32\lsass.exe -  - 
       NtmsSvc - Stopped - Manual - C:\WINDOWS\system32\svchost.exe -k netsvcs - C:\WINDOWS\system32\svchost.exe -  - 
       PlugPlay - Started - Automatic - C:\WINDOWS\system32\services.exe - C:\WINDOWS\system32\services.exe -  - 
       PolicyAgent - Started - Automatic - C:\WINDOWS\system32\lsass.exe - C:\WINDOWS\system32\lsass.exe -  - 
       ProtectedStorage - Started - Automatic - C:\WINDOWS\system32\lsass.exe - C:\WINDOWS\system32\lsass.exe -  - 
       RasAuto - Stopped - Manual - C:\WINDOWS\system32\svchost.exe -k netsvcs - C:\WINDOWS\system32\svchost.exe -  - 
       RasMan - Started - Manual - C:\WINDOWS\system32\svchost.exe -k netsvcs - C:\WINDOWS\system32\svchost.exe -  - 
       RDSessMgr - Stopped - Manual - C:\WINDOWS\system32\sessmgr.exe - C:\WINDOWS\system32\sessmgr.exe -  - 
       RemoteAccess - Stopped - Disabled - C:\WINDOWS\system32\svchost.exe -k netsvcs - C:\WINDOWS\system32\svchost.exe -  - 
       RemoteRegistry - Started - Automatic - C:\WINDOWS\system32\svchost.exe -k LocalService - C:\WINDOWS\system32\svchost.exe -  - 
       RpcLocator - Stopped - Manual - C:\WINDOWS\system32\locator.exe - C:\WINDOWS\system32\locator.exe -  - 
       RpcSs - Started - Automatic - C:\WINDOWS\system32\svchost -k rpcss - C:\WINDOWS\system32\svchost.exe -  - 
       RSVP - Stopped - Manual - C:\WINDOWS\system32\rsvp.exe - C:\WINDOWS\system32\rsvp.exe -  - 
       SamSs - Started - Automatic - C:\WINDOWS\system32\lsass.exe - C:\WINDOWS\system32\lsass.exe -  - 
       SCardSvr - Stopped - Manual - C:\WINDOWS\system32\scardsvr.exe - C:\WINDOWS\system32\scardsvr.exe -  - 
       Schedule - Started - Automatic - C:\WINDOWS\System32\svchost.exe -k netsvcs - C:\WINDOWS\System32\svchost.exe -  - 
       seclogon - Started - Automatic - C:\WINDOWS\System32\svchost.exe -k netsvcs - C:\WINDOWS\System32\svchost.exe -  - 
       SENS - Started - Automatic - C:\WINDOWS\system32\svchost.exe -k netsvcs - C:\WINDOWS\system32\svchost.exe -  - 
       SharedAccess - Started - Automatic - C:\WINDOWS\system32\svchost.exe -k netsvcs - C:\WINDOWS\system32\svchost.exe -  - 
       ShellHWDetection - Started - Automatic - C:\WINDOWS\System32\svchost.exe -k netsvcs - C:\WINDOWS\System32\svchost.exe -  - 
       Spooler - Started - Automatic - C:\WINDOWS\system32\spoolsv.exe - C:\WINDOWS\system32\spoolsv.exe -  - 
       sp_rssrv - Started - Automatic - "C:\Program Files\Spyware Terminator\sp_rsser.exe" - C:\Program Files\Spyware Terminator\sp_rsser.exe -  - 
       srservice - Started - Automatic - C:\WINDOWS\system32\svchost.exe -k netsvcs - C:\WINDOWS\system32\svchost.exe -  - 
       SSDPSRV - Started - Manual - C:\WINDOWS\system32\svchost.exe -k LocalService - C:\WINDOWS\system32\svchost.exe -  - 
       stisvc - Stopped - Manual - C:\WINDOWS\system32\svchost.exe -k imgsvc - C:\WINDOWS\system32\svchost.exe -  - 
       SwPrv - Stopped - Manual - C:\WINDOWS\system32\dllhost.exe /Processid:{055AB8E5-9AA8-4B80-820E-D5DA6E18863B} - C:\WINDOWS\system32\dllhost.exe -  - 
       SysmonLog - Stopped - Manual - C:\WINDOWS\system32\smlogsvc.exe - C:\WINDOWS\system32\smlogsvc.exe -  - 
       TapiSrv - Started - Manual - C:\WINDOWS\System32\svchost.exe -k netsvcs - C:\WINDOWS\System32\svchost.exe -  - 
       TermService - Started - Manual - C:\WINDOWS\System32\svchost -k DComLaunch - C:\WINDOWS\System32\svchost.exe -  - 
       Themes - Started - Automatic - C:\WINDOWS\System32\svchost.exe -k netsvcs - C:\WINDOWS\System32\svchost.exe -  - 
       TlntSvr - Stopped - Disabled - C:\WINDOWS\system32\tlntsvr.exe - C:\WINDOWS\system32\tlntsvr.exe -  - 
       TrkWks - Started - Automatic - C:\WINDOWS\system32\svchost.exe -k netsvcs - C:\WINDOWS\system32\svchost.exe -  - 
       upnphost - Stopped - Manual - C:\WINDOWS\system32\svchost.exe -k LocalService - C:\WINDOWS\system32\svchost.exe -  - 
       UPS - Stopped - Manual - C:\WINDOWS\system32\ups.exe - C:\WINDOWS\system32\ups.exe -  - 
       VSS - Stopped - Manual - C:\WINDOWS\system32\vssvc.exe - C:\WINDOWS\system32\vssvc.exe -  - 
       W32Time - Started - Automatic - C:\WINDOWS\System32\svchost.exe -k netsvcs - C:\WINDOWS\System32\svchost.exe -  - 
       WebClient - Started - Automatic - C:\WINDOWS\system32\svchost.exe -k LocalService - C:\WINDOWS\system32\svchost.exe -  - 
       winmgmt - Started - Automatic - C:\WINDOWS\system32\svchost.exe -k netsvcs - C:\WINDOWS\system32\svchost.exe -  - 
       WmdmPmSN - Stopped - Manual - C:\WINDOWS\System32\svchost.exe -k netsvcs - C:\WINDOWS\System32\svchost.exe -  - 
       Wmi - Stopped - Manual - C:\WINDOWS\System32\svchost.exe -k netsvcs - C:\WINDOWS\System32\svchost.exe -  - 
       WmiApSrv - Stopped - Manual - C:\WINDOWS\system32\wbem\wmiapsrv.exe - C:\WINDOWS\system32\wbem\wmiapsrv.exe -  - 
       WMPNetworkSvc - Stopped - Manual - "C:\Program Files\Windows Media Player\WMPNetwk.exe" - C:\Program Files\Windows Media Player\WMPNetwk.exe -  - 
       wscsvc - Started - Automatic - C:\WINDOWS\System32\svchost.exe -k netsvcs - C:\WINDOWS\System32\svchost.exe -  - 
       wuauserv - Started - Automatic - C:\WINDOWS\system32\svchost.exe -k netsvcs - C:\WINDOWS\system32\svchost.exe -  - 
       WudfSvc - Stopped - Manual - C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup - C:\WINDOWS\system32\svchost.exe -  - 
       WZCSVC - Started - Automatic - C:\WINDOWS\System32\svchost.exe -k netsvcs - C:\WINDOWS\System32\svchost.exe -  - 
       xmlprov - Stopped - Manual - C:\WINDOWS\System32\svchost.exe -k netsvcs - C:\WINDOWS\System32\svchost.exe -  - 

==========================================================================================

File Association

       .bat - "%1" %* - HKEY_CLASSES_ROOT\.bat
       .cmd - "%1" %* - HKEY_CLASSES_ROOT\.cmd
       .com - "%1" %* - HKEY_CLASSES_ROOT\.com
       .exe - "%1" %* - HKEY_CLASSES_ROOT\.exe
       .scr - "%1" /S - HKEY_CLASSES_ROOT\.scr
       .txt - %SystemRoot%\system32\NOTEPAD.EXE %1 - HKEY_CLASSES_ROOT\.txt
       .ini - %SystemRoot%\System32\NOTEPAD.EXE %1 - HKEY_CLASSES_ROOT\.ini
       .pif - "%1" %* - HKEY_CLASSES_ROOT\.pif
       .reg - regedit.exe "%1" - HKEY_CLASSES_ROOT\.reg
       .inf - %SystemRoot%\System32\NOTEPAD.EXE %1 - HKEY_CLASSES_ROOT\.inf
       .hlp - %SystemRoot%\System32\winhlp32.exe %1 - HKEY_CLASSES_ROOT\.hlp
       .chm - "C:\WINDOWS\hh.exe" %1 - HKEY_CLASSES_ROOT\.chm
       .vbs - %SystemRoot%\System32\WScript.exe "%1" %* - HKEY_CLASSES_ROOT\.vbs
       .js - %SystemRoot%\System32\WScript.exe "%1" %* - HKEY_CLASSES_ROOT\.js
       .lnk - lnkfile - HKEY_CLASSES_ROOT\.lnk
       batfile - "%1" %* - HKEY_CLASSES_ROOT\batfile\Shell\Open\Command
       cmdfile - "%1" %* - HKEY_CLASSES_ROOT\cmdfile\Shell\Open\Command
       comfile - "%1" %* - HKEY_CLASSES_ROOT\comfile\Shell\Open\Command
       exefile - "%1" %* - HKEY_CLASSES_ROOT\exefile\Shell\Open\Command
       scrfile - "%1" /S - HKEY_CLASSES_ROOT\scrfile\Shell\Open\Command
       txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1 - HKEY_CLASSES_ROOT\txtfile\Shell\Open\Command
       inifile - %SystemRoot%\System32\NOTEPAD.EXE %1 - HKEY_CLASSES_ROOT\inifile\Shell\Open\Command
       piffile - "%1" %* - HKEY_CLASSES_ROOT\piffile\Shell\Open\Command
       regfile - regedit.exe "%1" - HKEY_CLASSES_ROOT\regfile\Shell\Open\Command
       inffile - %SystemRoot%\System32\NOTEPAD.EXE %1 - HKEY_CLASSES_ROOT\inffile\Shell\Open\Command
       hlpfile - %SystemRoot%\System32\winhlp32.exe %1 - HKEY_CLASSES_ROOT\hlpfile\Shell\Open\Command
       chm.file - "C:\WINDOWS\hh.exe" %1 - HKEY_CLASSES_ROOT\chm.file\Shell\Open\Command
       vbsfile - %SystemRoot%\System32\WScript.exe "%1" %* - HKEY_CLASSES_ROOT\vbsfile\Shell\Open\Command
       jsfile - %SystemRoot%\System32\WScript.exe "%1" %* - HKEY_CLASSES_ROOT\jsfile\Shell\Open\Command
       HKCU .txt Progid - %SystemRoot%\system32\NOTEPAD.EXE %1 - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithProgids
       HKCU .reg Progid - regedit.exe "%1" - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.reg\OpenWithProgids

==========================================================================================

IFEO

       Nothing

==========================================================================================

IME

       esk -  -  - C:\WINDOWS\system32\KBDCZ.DLL - Microsoft Corporation
       Anglick (Spojen stty) -  -  - C:\WINDOWS\system32\KBDUS.DLL - Microsoft Corporation

==========================================================================================

Firewall Rule

       %windir%\system32\sessmgr.exe - Domain App - Enabled - 
       %windir%\Network Diagnostic\xpnetdiag.exe - Domain App - Enabled - 
       %windir%\system32\sessmgr.exe - Standard App - Enabled - 
       C:\Program Files\Skype\Plugin Manager\skypePM.exe - Standard App - Enabled - 
       C:\WINDOWS\system32\rundll32.exe - Standard App - Enabled - 
       C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe - Standard App - Enabled - 
       %windir%\Network Diagnostic\xpnetdiag.exe - Standard App - Enabled - 
       C:\Program Files\Skype\Phone\Skype.exe - Standard App - Enabled - 
       1900:UDP - Open Port - Disable - 
       2869:TCP - Open Port - Disable - 

==========================================================================================

Scan MBR Rootkit

       Unknow MBR!
