Win XP SP3 Infection - Desktop shortcuts not working, all start menu shortcuts not working, STARTUP in startmenu not working.

I visited a web site to download roguekiller and clicked on the wrong icon.  I downloaded some other program and when I uninstalled it, my pc suddenly got much slower AND my shortcuts stopped working.  
They don't work in the start menu.   They don't work in the cascading menu inside of  All Programs in the start menu.
The programs that are supposed to
And the shortcuts also don't work on the desktop.

Also, my quick launch area is gone.
I want to:
1.  Bring back the functionality of my shortcuts on my desktop
2.  Bring back the functionality of my start menu items and the folders inside my start menu.
brothertruffle880Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Russell_VenableCommented:
Can you see the icon being displayed on the shortcuts or are they blank? Did you run Roguekiller too?
0
RobOwner (Aidellio)Commented:
give this a crack: http://www.malwarebytes.org/ it removes the malware rather than just terminating processes.  you have to make sure your system is clean before anythign else.  Do you run an up to date anti-virus?
0
brothertruffle880Author Commented:
When I try installing malwarebytes, I get the error message shown in the graphic several times.
 
err
0
Defend Against the Q2 Top Security Threats

Were you aware that overall malware worldwide was down a surprising 42% from Q1'18? Every quarter, the WatchGuard Threat Lab releases an Internet Security Report that analyzes the top threat trends impacting companies worldwide. Learn more by viewing our on-demand webinar today!

brothertruffle880Author Commented:
Russell:
When I ran roguekiller, here's what it came up with as errors.

err2
----------------
Russell:
I can see all shortcuts on the desktop and the icons are all there in the start menu.  It's just that when I double-click them, they don't do anything.  When I examine the task manager I don't see the exe files of the apps I'm attempting to run.
0
Russell_VenableCommented:
What program did you uninstall? Was this a 3rd party site or Tigzys website?
0
RobOwner (Aidellio)Commented:
Start here with this tool to fix the malwarebytes issue: http://www.pcmmc.com/cocreateinstance-failed-0x80040154.php

Are you running an up to date antivirus??
0
brothertruffle880Author Commented:
tagit:
- I'm running Norton Internet security v19.9.
- I have live update running and it is working.
- I will run the software you listed for fixing the malwarebytes issue.  Thanks!!!
0
RobOwner (Aidellio)Commented:
Did a scan with NIS pick up anything?
0
☠ MASQ ☠Commented:
Russell, looks to me like something's hijacked the executive CLSID {20D04FE0-3AEA-1069-A2D8-08002B30309D} to gain admin control of the Windows Shell - what do you think?

brothertruffle880 - opening multiple questions dealing with the individual symptoms of your damaged operating system is probably not as helpful as keeping all the posts in a single thread, it takes a while to join up everything that's going on and participants in each of your open questions are only seeing a small part of the story.
0
Russell_VenableCommented:
Hi Masqueraid,
I was thinking that too. Just wanted to gain more info before suggesting anything. This doesn't sound like tigzy's site and I would live to find out where Brothertruffle880 picked this up from.

Brothertruffle880,
Can you answer my last few questions? It's pretty importantant we get a full picture here.
0
Russell_VenableCommented:
Brothertruffle880,
I am not sure of all the details. You can download my tool here. From my tool download tdsskiller and select options and check 'Check for TDLFS file system' and then start the scan. Post the log here.
0
brothertruffle880Author Commented:
Hi Russell:
1.  on http://tigzy.geekstogo.com/roguekiller.php there was a huge icon that said download here.    This downloaded something onto my pc called Win7Zip.  I inadvertently clicked on that icon and wound up installing this zip thing.
I think -- not sure-- but I think the problem started when I uninstalled  that win7 zip thing.  

2.  Ran TDSSkiller and I checked all the options.  Tell me what to delete or quarantine.
Here are the results:
err
0
Russell_VenableCommented:
Can you post the log it outputs?
0
brothertruffle880Author Commented:
Russell:

Here goes:
11:00:46.0421 2756  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
11:00:46.0578 2756  ============================================================
11:00:46.0578 2756  Current date / time: 2012/11/06 11:00:46.0578
11:00:46.0578 2756  SystemInfo:
11:00:46.0578 2756  
11:00:46.0578 2756  OS Version: 5.1.2600 ServicePack: 3.0
11:00:46.0578 2756  Product type: Workstation
11:00:46.0578 2756  ComputerName: SEPT2005
11:00:46.0578 2756  UserName: Student
11:00:46.0578 2756  Windows directory: C:\WINDOWS
11:00:46.0578 2756  System windows directory: C:\WINDOWS
11:00:46.0578 2756  Processor architecture: Intel x86
11:00:46.0578 2756  Number of processors: 1
11:00:46.0578 2756  Page size: 0x1000
11:00:46.0578 2756  Boot type: Normal boot
11:00:46.0578 2756  ============================================================
11:00:53.0781 2756  BG loaded
11:00:54.0609 2756  Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2861, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
11:00:54.0656 2756  Drive \Device\Harddisk1\DR1 - Size: 0x12A3F92000 (74.56 Gb), SectorSize: 0x200, Cylinders: 0x2865, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
11:00:54.0921 2756  ============================================================
11:00:54.0921 2756  \Device\Harddisk0\DR0:
11:00:55.0593 2756  MBR partitions:
11:00:55.0593 2756  \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0xDF1931
11:00:55.0593 2756  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xDF1970, BlocksNum 0x8718C90
11:00:55.0593 2756  \Device\Harddisk1\DR1:
11:00:55.0593 2756  MBR partitions:
11:00:55.0593 2756  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0xB1E0F1
11:00:55.0593 2756  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0xB1E130, BlocksNum 0x89FB110
11:00:55.0593 2756  ============================================================
11:00:55.0718 2756  C: <-> \Device\Harddisk0\DR0\Partition2
11:00:55.0734 2756  D: <-> \Device\Harddisk0\DR0\Partition1
11:00:55.0890 2756  F: <-> \Device\Harddisk1\DR1\Partition2
11:00:55.0890 2756  G: <-> \Device\Harddisk1\DR1\Partition1
11:00:55.0890 2756  ============================================================
11:00:55.0890 2756  Initialize success
11:00:55.0890 2756  ============================================================
11:01:06.0375 3476  ============================================================
11:01:06.0375 3476  Scan started
11:01:06.0375 3476  Mode: Manual; SigCheck; TDLFS;
11:01:06.0375 3476  ============================================================
11:01:08.0000 3476  ================ Scan system memory ========================
11:01:08.0015 3476  System memory - ok
11:01:08.0015 3476  ================ Scan services =============================
11:01:08.0312 3476  Abiosdsk - ok
11:01:08.0328 3476  abp480n5 - ok
11:01:08.0390 3476  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:01:17.0796 3476  ACPI - ok
11:01:17.0828 3476  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
11:01:18.0062 3476  ACPIEC - ok
11:01:18.0078 3476  adpu160m - ok
11:01:18.0218 3476  [ 96A0FF09E226B023DC6ACA253AACEE2E ] ADVService      C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
11:01:18.0250 3476  ADVService ( UnsignedFile.Multi.Generic ) - warning
11:01:18.0250 3476  ADVService - detected UnsignedFile.Multi.Generic (1)
11:01:18.0312 3476  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
11:01:18.0531 3476  aec - ok
11:01:18.0562 3476  [ 322D0E36693D6E24A2398BEE62A268CD ] AFD             C:\WINDOWS\System32\drivers\afd.sys
11:01:18.0765 3476  AFD - ok
11:01:19.0000 3476  [ 593AEFC67283D409F34CC1245D00A509 ] AgereSoftModem  C:\WINDOWS\system32\DRIVERS\AGRSM.sys
11:01:19.0218 3476  AgereSoftModem - ok
11:01:19.0218 3476  Aha154x - ok
11:01:19.0250 3476  aic78u2 - ok
11:01:19.0265 3476  aic78xx - ok
11:01:19.0421 3476  [ 8D6C30E515717248E0E52B85FD7AC466 ] ALCXWDM         C:\WINDOWS\system32\drivers\ALCXWDM.SYS
11:01:19.0812 3476  ALCXWDM - ok
11:01:19.0859 3476  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
11:01:20.0062 3476  Alerter - ok
11:01:20.0109 3476  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
11:01:20.0312 3476  ALG - ok
11:01:20.0328 3476  AliIde - ok
11:01:20.0343 3476  amsint - ok
11:01:20.0359 3476  AppMgmt - ok
11:01:20.0421 3476  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:01:20.0609 3476  Arp1394 - ok
11:01:20.0625 3476  asc - ok
11:01:20.0640 3476  asc3350p - ok
11:01:20.0656 3476  asc3550 - ok
11:01:20.0859 3476  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:01:20.0906 3476  aspnet_state - ok
11:01:20.0937 3476  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:01:21.0140 3476  AsyncMac - ok
11:01:21.0171 3476  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
11:01:21.0359 3476  atapi - ok
11:01:21.0375 3476  Atdisk - ok
11:01:21.0406 3476  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:01:21.0609 3476  Atmarpc - ok
11:01:21.0656 3476  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
11:01:21.0828 3476  AudioSrv - ok
11:01:21.0859 3476  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
11:01:22.0062 3476  audstub - ok
11:01:22.0093 3476  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
11:01:22.0296 3476  Beep - ok
11:01:22.0500 3476  [ 684B12018A54ADC1F856372EC5762B48 ] BHDrvx86        C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20121030.002\BHDrvx86.sys
11:01:22.0609 3476  BHDrvx86 - ok
11:01:22.0656 3476  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
11:01:22.0906 3476  BITS - ok
11:01:22.0937 3476  [ CAC61BDD786A6928989451871FBCEDB8 ] Brother XP spl Service C:\WINDOWS\system32\brsvc01a.exe
11:01:23.0000 3476  Brother XP spl Service - ok
11:01:23.0046 3476  [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser         C:\WINDOWS\System32\browser.dll
11:01:23.0218 3476  Browser - ok
11:01:23.0265 3476  [ 2FE6D5BE0629F706197B30C0AA05DE30 ] BrPar           C:\WINDOWS\System32\drivers\BrPar.sys
11:01:23.0296 3476  BrPar ( UnsignedFile.Multi.Generic ) - warning
11:01:23.0296 3476  BrPar - detected UnsignedFile.Multi.Generic (1)
11:01:24.0484 3476  catchme - ok
11:01:24.0609 3476  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
11:01:24.0796 3476  cbidf2k - ok
11:01:24.0875 3476  [ ACE85AF1C31F68BDFEE9333F6592917E ] ccSet_NIS       C:\WINDOWS\system32\drivers\NIS\1309000.009\ccSetx86.sys
11:01:24.0890 3476  ccSet_NIS - ok
11:01:24.0906 3476  cd20xrnt - ok
11:01:24.0921 3476  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
11:01:25.0125 3476  Cdaudio - ok
11:01:25.0171 3476  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
11:01:25.0312 3476  Cdfs - ok
11:01:25.0343 3476  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:01:25.0500 3476  Cdrom - ok
11:01:25.0500 3476  Changer - ok
11:01:25.0546 3476  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
11:01:25.0687 3476  CiSvc - ok
11:01:25.0734 3476  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
11:01:25.0890 3476  ClipSrv - ok
11:01:26.0515 3476  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:01:26.0687 3476  clr_optimization_v2.0.50727_32 - ok
11:01:26.0796 3476  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:01:26.0812 3476  clr_optimization_v4.0.30319_32 - ok
11:01:26.0828 3476  CmdIde - ok
11:01:26.0843 3476  COMSysApp - ok
11:01:26.0875 3476  Cpqarray - ok
11:01:26.0906 3476  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
11:01:27.0078 3476  CryptSvc - ok
11:01:27.0078 3476  dac2w2k - ok
11:01:27.0093 3476  dac960nt - ok
11:01:27.0156 3476  [ 2589FE6015A316C0F5D5112B4DA7B509 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
11:01:27.0343 3476  DcomLaunch - ok
11:01:27.0406 3476  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
11:01:27.0562 3476  Dhcp - ok
11:01:27.0593 3476  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
11:01:27.0750 3476  Disk - ok
11:01:27.0765 3476  dmadmin - ok
11:01:27.0843 3476  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
11:01:28.0062 3476  dmboot - ok
11:01:28.0093 3476  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
11:01:28.0265 3476  dmio - ok
11:01:28.0296 3476  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
11:01:28.0500 3476  dmload - ok
11:01:28.0562 3476  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
11:01:28.0703 3476  dmserver - ok
11:01:28.0734 3476  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
11:01:28.0890 3476  DMusic - ok
11:01:28.0937 3476  [ 474B4DC3983173E4B4C9740B0DAC98A6 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
11:01:29.0078 3476  Dnscache - ok
11:01:29.0140 3476  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
11:01:29.0312 3476  Dot3svc - ok
11:01:29.0312 3476  dpti2o - ok
11:01:29.0359 3476  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
11:01:29.0515 3476  drmkaud - ok
11:01:29.0562 3476  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
11:01:29.0734 3476  EapHost - ok
11:01:29.0859 3476  [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
11:01:29.0890 3476  eeCtrl - ok
11:01:29.0953 3476  [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
11:01:29.0953 3476  EraserUtilRebootDrv - ok
11:01:30.0000 3476  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
11:01:30.0156 3476  ERSvc - ok
11:01:30.0203 3476  [ 0E776ED5F7CC9F94299E70461B7B8185 ] Eventlog        C:\WINDOWS\system32\services.exe
11:01:30.0390 3476  Eventlog - ok
11:01:30.0468 3476  [ 19A799805B24990867B00C120D300C3A ] EventSystem     C:\WINDOWS\system32\es.dll
11:01:30.0625 3476  EventSystem - ok
11:01:30.0656 3476  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
11:01:30.0812 3476  Fastfat - ok
11:01:30.0843 3476  [ 1926899BF9FFE2602B63074971700412 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
11:01:31.0015 3476  FastUserSwitchingCompatibility - ok
11:01:31.0062 3476  [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax             C:\WINDOWS\system32\fxssvc.exe
11:01:31.0234 3476  Fax - ok
11:01:31.0281 3476  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
11:01:31.0437 3476  Fdc - ok
11:01:31.0453 3476  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
11:01:31.0609 3476  Fips - ok
11:01:31.0671 3476  [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
11:01:31.0750 3476  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
11:01:31.0750 3476  FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
11:01:31.0812 3476  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:01:31.0968 3476  Flpydisk - ok
11:01:32.0015 3476  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
11:01:32.0171 3476  FltMgr - ok
11:01:32.0250 3476  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:01:32.0265 3476  FontCache3.0.0.0 - ok
11:01:32.0312 3476  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:01:32.0500 3476  Fs_Rec - ok
11:01:32.0531 3476  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:01:32.0718 3476  Ftdisk - ok
11:01:32.0765 3476  [ 2FB04DB459C71F416EE8B05448CA4AC3 ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
11:01:32.0781 3476  GEARAspiWDM - ok
11:01:32.0828 3476  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:01:32.0968 3476  Gpc - ok
11:01:33.0031 3476  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:01:33.0171 3476  helpsvc - ok
11:01:33.0203 3476  HidServ - ok
11:01:33.0234 3476  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:01:33.0390 3476  HidUsb - ok
11:01:33.0468 3476  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
11:01:33.0625 3476  hkmsvc - ok
11:01:33.0640 3476  hpn - ok
11:01:33.0750 3476  [ 58D4765AB87347DB835D5693ADF652C1 ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
11:01:33.0781 3476  hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
11:01:33.0781 3476  hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
11:01:33.0828 3476  [ F6AACF5BCE2893E0C1754AFEB672E5C9 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
11:01:33.0984 3476  HTTP - ok
11:01:34.0015 3476  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
11:01:34.0156 3476  HTTPFilter - ok
11:01:34.0187 3476  i2omgmt - ok
11:01:34.0203 3476  i2omp - ok
11:01:34.0234 3476  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:01:34.0390 3476  i8042prt - ok
11:01:34.0468 3476  [ D4405BD2B6E95EFDC8E674ED4032874F ] ialm            C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
11:01:34.0562 3476  ialm - ok
11:01:34.0640 3476  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:01:34.0734 3476  idsvc - ok
11:01:34.0906 3476  [ C19BF2A07BE972A110220DF6B1E89D14 ] IDSxpx86        C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20121103.001\IDSxpx86.sys
11:01:34.0937 3476  IDSxpx86 - ok
11:01:34.0953 3476  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
11:01:35.0093 3476  Imapi - ok
11:01:35.0140 3476  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
11:01:35.0296 3476  ImapiService - ok
11:01:35.0312 3476  ini910u - ok
11:01:35.0343 3476  [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
11:01:35.0500 3476  IntelIde - ok
11:01:35.0546 3476  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:01:35.0687 3476  intelppm - ok
11:01:35.0718 3476  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
11:01:35.0859 3476  Ip6Fw - ok
11:01:35.0890 3476  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:01:36.0078 3476  IpFilterDriver - ok
11:01:36.0109 3476  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:01:36.0250 3476  IpInIp - ok
11:01:36.0281 3476  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:01:36.0421 3476  IpNat - ok
11:01:36.0468 3476  [ 6D1DD86EA58AD1B2F57301042D819436 ] iPodService     C:\Program Files\iPod\bin\iPodService.exe
11:01:36.0515 3476  iPodService ( UnsignedFile.Multi.Generic ) - warning
11:01:36.0515 3476  iPodService - detected UnsignedFile.Multi.Generic (1)
11:01:36.0531 3476  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:01:36.0703 3476  IPSec - ok
11:01:36.0734 3476  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
11:01:36.0890 3476  IRENUM - ok
11:01:36.0921 3476  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:01:37.0062 3476  isapnp - ok
11:01:37.0125 3476  [ F59C3569A2F2C464BB78CB1BDCDCA55E ] Iviaspi         C:\WINDOWS\system32\drivers\iviaspi.sys
11:01:37.0140 3476  Iviaspi ( UnsignedFile.Multi.Generic ) - warning
11:01:37.0140 3476  Iviaspi - detected UnsignedFile.Multi.Generic (1)
11:01:37.0234 3476  [ DE5D05FD449798EF88CC34AD4B1E7F85 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
11:01:37.0250 3476  JavaQuickStarterService - ok
11:01:37.0281 3476  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:01:37.0421 3476  Kbdclass - ok
11:01:37.0453 3476  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
11:01:37.0593 3476  kmixer - ok
11:01:37.0640 3476  [ 1705745D900DABF2D89F90EBADDC7517 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
11:01:37.0796 3476  KSecDD - ok
11:01:37.0828 3476  [ F385F4B02C535BFFE1D70CAB80838123 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
11:01:37.0968 3476  lanmanserver - ok
11:01:38.0015 3476  [ 1B67B632786FEF1C1BBAEF46C2F3F2E6 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
11:01:38.0156 3476  lanmanworkstation - ok
11:01:38.0171 3476  lbrtfdc - ok
11:01:38.0203 3476  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
11:01:38.0359 3476  LmHosts - ok
11:01:38.0406 3476  [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
11:01:38.0421 3476  MBAMProtector - ok
11:01:38.0484 3476  [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
11:01:38.0515 3476  MBAMScheduler - ok
11:01:38.0562 3476  [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
11:01:38.0609 3476  MBAMService - ok
11:01:38.0703 3476  [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM             C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
11:01:38.0765 3476  MDM ( UnsignedFile.Multi.Generic ) - warning
11:01:38.0765 3476  MDM - detected UnsignedFile.Multi.Generic (1)
11:01:38.0796 3476  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
11:01:38.0953 3476  Messenger - ok
11:01:39.0000 3476  Microsoft SharePoint Workspace Audit Service - ok
11:01:39.0046 3476  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
11:01:39.0234 3476  mnmdd - ok
11:01:39.0265 3476  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
11:01:39.0406 3476  mnmsrvc - ok
11:01:39.0421 3476  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
11:01:39.0578 3476  Modem - ok
11:01:39.0593 3476  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:01:39.0750 3476  Mouclass - ok
11:01:39.0812 3476  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
11:01:39.0968 3476  MountMgr - ok
11:01:40.0046 3476  [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:01:40.0062 3476  MozillaMaintenance - ok
11:01:40.0062 3476  mraid35x - ok
11:01:40.0093 3476  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:01:40.0250 3476  MRxDAV - ok
11:01:40.0281 3476  [ 68755F0FF16070178B54674FE5B847B0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:01:40.0453 3476  MRxSmb - ok
11:01:40.0500 3476  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
11:01:40.0625 3476  MSDTC - ok
11:01:40.0671 3476  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
11:01:40.0828 3476  Msfs - ok
11:01:40.0843 3476  MSIServer - ok
11:01:40.0859 3476  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:01:41.0015 3476  MSKSSRV - ok
11:01:41.0031 3476  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:01:41.0171 3476  MSPCLOCK - ok
11:01:41.0203 3476  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
11:01:41.0328 3476  MSPQM - ok
11:01:41.0359 3476  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:01:41.0500 3476  mssmbios - ok
11:01:41.0546 3476  [ 2F625D11385B1A94360BFC70AAEFDEE1 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
11:01:41.0703 3476  Mup - ok
11:01:41.0734 3476  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
11:01:41.0906 3476  napagent - ok
11:01:42.0015 3476  [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG          C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121105.023\NAVENG.SYS
11:01:42.0031 3476  NAVENG - ok
11:01:42.0093 3476  [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15         C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121105.023\NAVEX15.SYS
11:01:42.0203 3476  NAVEX15 - ok
11:01:42.0218 3476  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
11:01:42.0375 3476  NDIS - ok
11:01:42.0390 3476  [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:01:42.0531 3476  NdisTapi - ok
11:01:42.0562 3476  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:01:42.0703 3476  Ndisuio - ok
11:01:42.0750 3476  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:01:42.0890 3476  NdisWan - ok
11:01:42.0921 3476  [ 6215023940CFD3702B46ABC304E1D45A ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
11:01:43.0062 3476  NDProxy - ok
11:01:43.0093 3476  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
11:01:43.0234 3476  NetBIOS - ok
11:01:43.0265 3476  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
11:01:43.0406 3476  NetBT - ok
11:01:43.0453 3476  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
11:01:43.0640 3476  NetDDE - ok
11:01:43.0656 3476  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
11:01:43.0812 3476  NetDDEdsdm - ok
11:01:43.0843 3476  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
11:01:44.0000 3476  Netlogon - ok
11:01:44.0031 3476  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
11:01:44.0187 3476  Netman - ok
11:01:44.0234 3476  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:01:44.0250 3476  NetTcpPortSharing - ok
11:01:44.0312 3476  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:01:44.0468 3476  NIC1394 - ok
11:01:44.0546 3476  [ F2840DBFE9322F35557219AE82CC4597 ] NIS             C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
11:01:44.0562 3476  NIS - ok
11:01:44.0609 3476  [ B4138E99236F0F57D4CF49BAE98A0746 ] Nla             C:\WINDOWS\System32\mswsock.dll
11:01:44.0750 3476  Nla - ok
11:01:44.0781 3476  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
11:01:44.0921 3476  Npfs - ok
11:01:44.0968 3476  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
11:01:45.0156 3476  Ntfs - ok
11:01:45.0171 3476  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
11:01:45.0312 3476  NtLmSsp - ok
11:01:45.0359 3476  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
11:01:45.0546 3476  NtmsSvc - ok
11:01:45.0578 3476  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
11:01:45.0734 3476  Null - ok
11:01:45.0765 3476  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:01:45.0937 3476  NwlnkFlt - ok
11:01:45.0968 3476  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:01:46.0140 3476  NwlnkFwd - ok
11:01:46.0218 3476  [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:01:46.0250 3476  odserv - ok
11:01:46.0296 3476  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:01:46.0437 3476  ohci1394 - ok
11:01:46.0484 3476  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:01:46.0500 3476  ose - ok
11:01:46.0687 3476  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:01:47.0046 3476  osppsvc - ok
11:01:47.0093 3476  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
11:01:47.0234 3476  Parport - ok
11:01:47.0281 3476  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
11:01:47.0437 3476  PartMgr - ok
11:01:47.0453 3476  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
11:01:47.0625 3476  ParVdm - ok
11:01:47.0656 3476  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
11:01:47.0796 3476  PCI - ok
11:01:47.0812 3476  PCIDump - ok
11:01:47.0875 3476  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
11:01:48.0031 3476  PCIIde - ok
11:01:48.0062 3476  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
11:01:48.0203 3476  Pcmcia - ok
11:01:48.0218 3476  PDCOMP - ok
11:01:48.0234 3476  PDFRAME - ok
11:01:48.0250 3476  PDRELI - ok
11:01:48.0265 3476  PDRFRAME - ok
11:01:48.0281 3476  perc2 - ok
11:01:48.0296 3476  perc2hib - ok
11:01:48.0375 3476  [ 444F122E68DB44C0589227781F3C8B3F ] Pfc             C:\WINDOWS\system32\drivers\pfc.sys
11:01:48.0390 3476  Pfc ( UnsignedFile.Multi.Generic ) - warning
11:01:48.0390 3476  Pfc - detected UnsignedFile.Multi.Generic (1)
11:01:48.0453 3476  [ 0E776ED5F7CC9F94299E70461B7B8185 ] PlugPlay        C:\WINDOWS\system32\services.exe
11:01:48.0593 3476  PlugPlay - ok
11:01:48.0609 3476  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
11:01:48.0750 3476  PolicyAgent - ok
11:01:48.0781 3476  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:01:48.0937 3476  PptpMiniport - ok
11:01:48.0953 3476  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
11:01:49.0078 3476  ProtectedStorage - ok
11:01:49.0140 3476  [ 9B793A1FFD480155FE9EE5261153F21B ] Ps2             C:\WINDOWS\system32\DRIVERS\PS2.sys
11:01:49.0187 3476  Ps2 - ok
11:01:49.0234 3476  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
11:01:49.0375 3476  PSched - ok
11:01:49.0406 3476  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:01:49.0562 3476  Ptilink - ok
11:01:49.0625 3476  [ 30CBAE0A34359F1CD19D1576245149ED ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
11:01:49.0640 3476  PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
11:01:49.0640 3476  PxHelp20 - detected UnsignedFile.Multi.Generic (1)
11:01:49.0656 3476  ql1080 - ok
11:01:49.0687 3476  Ql10wnt - ok
11:01:49.0703 3476  ql12160 - ok
11:01:49.0718 3476  ql1240 - ok
11:01:49.0734 3476  ql1280 - ok
11:01:49.0765 3476  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:01:49.0937 3476  RasAcd - ok
11:01:49.0968 3476  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
11:01:50.0125 3476  RasAuto - ok
11:01:50.0156 3476  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:01:50.0296 3476  Rasl2tp - ok
11:01:50.0328 3476  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
11:01:50.0468 3476  RasMan - ok
11:01:50.0500 3476  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:01:50.0656 3476  RasPppoe - ok
11:01:50.0703 3476  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
11:01:50.0843 3476  Raspti - ok
11:01:50.0875 3476  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:01:51.0015 3476  Rdbss - ok
11:01:51.0031 3476  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:01:51.0203 3476  RDPCDD - ok
11:01:51.0250 3476  [ 6728E45B66F93C08F11DE2E316FC70DD ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
11:01:51.0406 3476  RDPWD - ok
11:01:51.0453 3476  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
11:01:51.0593 3476  RDSessMgr - ok
11:01:51.0593 3476  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
11:01:51.0750 3476  redbook - ok
11:01:51.0796 3476  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
11:01:51.0937 3476  RemoteAccess - ok
11:01:51.0984 3476  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
11:01:52.0109 3476  RpcLocator - ok
11:01:52.0156 3476  [ 2589FE6015A316C0F5D5112B4DA7B509 ] RpcSs           C:\WINDOWS\System32\rpcss.dll
11:01:52.0328 3476  RpcSs - ok
11:01:52.0390 3476  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
11:01:52.0515 3476  RSVP - ok
11:01:52.0562 3476  [ 2EF9C0DC26B30B2318B1FC3FAA1F0AE7 ] rtl8139         C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
11:01:52.0609 3476  rtl8139 - ok
11:01:52.0625 3476  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
11:01:52.0765 3476  SamSs - ok
11:01:52.0781 3476  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
11:01:52.0937 3476  SCardSvr - ok
11:01:52.0968 3476  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
11:01:53.0125 3476  Schedule - ok
11:01:53.0156 3476  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:01:53.0296 3476  Secdrv - ok
11:01:53.0343 3476  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
11:01:53.0500 3476  seclogon - ok
11:01:53.0531 3476  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
11:01:53.0687 3476  SENS - ok
11:01:53.0703 3476  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
11:01:53.0828 3476  Serenum - ok
11:01:53.0859 3476  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
11:01:54.0000 3476  Serial - ok
11:01:54.0078 3476  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
11:01:54.0234 3476  Sfloppy - ok
11:01:54.0265 3476  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
11:01:54.0437 3476  SharedAccess - ok
11:01:54.0468 3476  [ 1926899BF9FFE2602B63074971700412 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:01:54.0625 3476  ShellHWDetection - ok
11:01:54.0640 3476  Simbad - ok
11:01:54.0687 3476  [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1        C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
11:01:54.0843 3476  SONYPVU1 - ok
11:01:54.0843 3476  Sparrow - ok
11:01:54.0875 3476  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
11:01:55.0015 3476  splitter - ok
11:01:55.0062 3476  [ D8E14A61ACC1D4A6CD0D38AEBAC7FA3B ] Spooler         C:\WINDOWS\system32\spoolsv.exe
11:01:55.0187 3476  Spooler - ok
11:01:55.0218 3476  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
11:01:55.0375 3476  sr - ok
11:01:55.0406 3476  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
11:01:55.0546 3476  srservice - ok
11:01:55.0609 3476  [ 7BB297CADA42903328E92425D9761DA6 ] SRTSP           C:\WINDOWS\System32\Drivers\NIS\1309000.009\SRTSP.SYS
11:01:55.0640 3476  SRTSP - ok
11:01:55.0671 3476  [ 475FCF0F28D845BF1C8ABAC27F19003E ] SRTSPX          C:\WINDOWS\system32\drivers\NIS\1309000.009\SRTSPX.SYS
11:01:55.0671 3476  SRTSPX - ok
11:01:55.0718 3476  [ 5252605079810904E31C332E241CD59B ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
11:01:55.0906 3476  Srv - ok
11:01:55.0953 3476  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
11:01:56.0093 3476  SSDPSRV - ok
11:01:56.0156 3476  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
11:01:56.0312 3476  stisvc - ok
11:01:56.0343 3476  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
11:01:56.0500 3476  swenum - ok
11:01:56.0515 3476  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
11:01:56.0671 3476  swmidi - ok
11:01:56.0687 3476  SwPrv - ok
11:01:56.0703 3476  symc810 - ok
11:01:56.0718 3476  symc8xx - ok
11:01:56.0796 3476  [ 690FA0E61B90084C4D9A721BD4F3D779 ] SymDS           C:\WINDOWS\system32\drivers\NIS\1309000.009\SYMDS.SYS
11:01:56.0828 3476  SymDS - ok
11:01:56.0906 3476  [ 8F88EDB211B12537D2DC2A6D73D6067C ] SymEFA          C:\WINDOWS\system32\drivers\NIS\1309000.009\SYMEFA.SYS
11:01:56.0968 3476  SymEFA - ok
11:01:57.0015 3476  [ 74E2521E96176A4449570E50BE91954D ] SymEvent        C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
11:01:57.0031 3476  SymEvent - ok
11:01:57.0062 3476  [ 2C356CCA706505CF63CBE39D532B9236 ] SymIRON         C:\WINDOWS\system32\drivers\NIS\1309000.009\Ironx86.SYS
11:01:57.0078 3476  SymIRON - ok
11:01:57.0125 3476  [ 508BD882040F9CB12319E3A4FC78EDB9 ] SYMTDI          C:\WINDOWS\System32\Drivers\NIS\1309000.009\SYMTDI.SYS
11:01:57.0140 3476  SYMTDI - ok
11:01:57.0156 3476  sym_hi - ok
11:01:57.0171 3476  sym_u3 - ok
11:01:57.0203 3476  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
11:01:57.0343 3476  sysaudio - ok
11:01:57.0390 3476  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
11:01:57.0546 3476  SysmonLog - ok
11:01:57.0593 3476  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
11:01:57.0734 3476  TapiSrv - ok
11:01:57.0765 3476  [ 93EA8D04EC73A85DB02EB8805988F733 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:01:57.0937 3476  Tcpip - ok
11:01:57.0984 3476  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
11:01:58.0125 3476  TDPIPE - ok
11:01:58.0156 3476  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
11:01:58.0296 3476  TDTCP - ok
11:01:58.0328 3476  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
11:01:58.0484 3476  TermDD - ok
11:01:58.0546 3476  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
11:01:58.0703 3476  TermService - ok
11:01:58.0734 3476  [ 1926899BF9FFE2602B63074971700412 ] Themes          C:\WINDOWS\System32\shsvcs.dll
11:01:58.0875 3476  Themes - ok
11:01:58.0890 3476  TosIde - ok
11:01:58.0921 3476  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
11:01:59.0062 3476  TrkWks - ok
11:01:59.0125 3476  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
11:01:59.0265 3476  Udfs - ok
11:01:59.0281 3476  ultra - ok
11:01:59.0343 3476  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
11:01:59.0515 3476  Update - ok
11:01:59.0562 3476  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
11:01:59.0718 3476  upnphost - ok
11:01:59.0734 3476  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
11:01:59.0875 3476  UPS - ok
11:01:59.0921 3476  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:02:00.0062 3476  usbccgp - ok
11:02:00.0093 3476  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:02:00.0234 3476  usbehci - ok
11:02:00.0281 3476  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:02:00.0421 3476  usbhub - ok
11:02:00.0453 3476  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:02:00.0593 3476  usbprint - ok
11:02:00.0609 3476  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:02:00.0750 3476  usbscan - ok
11:02:00.0765 3476  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:02:00.0921 3476  USBSTOR - ok
11:02:00.0937 3476  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:02:01.0078 3476  usbuhci - ok
11:02:01.0125 3476  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
11:02:01.0265 3476  VgaSave - ok
11:02:01.0296 3476  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
11:02:01.0437 3476  ViaIde - ok
11:02:01.0484 3476  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
11:02:01.0640 3476  VolSnap - ok
11:02:01.0687 3476  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
11:02:01.0828 3476  VSS - ok
11:02:01.0859 3476  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
11:02:02.0015 3476  W32Time - ok
11:02:02.0046 3476  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:02:02.0187 3476  Wanarp - ok
11:02:02.0203 3476  WDICA - ok
11:02:02.0234 3476  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
11:02:02.0375 3476  wdmaud - ok
11:02:02.0437 3476  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
11:02:02.0578 3476  WebClient - ok
11:02:02.0656 3476  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
11:02:02.0796 3476  winmgmt - ok
11:02:02.0843 3476  [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
11:02:02.0890 3476  WmdmPmSN - ok
11:02:02.0937 3476  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:02:03.0078 3476  WmiApSrv - ok
11:02:03.0187 3476  [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
11:02:03.0281 3476  WMPNetworkSvc - ok
11:02:03.0328 3476  [ C60DC16D4E406810FAD54B98DC92D5EC ] WpdUsb          C:\WINDOWS\system32\Drivers\wpdusb.sys
11:02:03.0359 3476  WpdUsb - ok
11:02:03.0453 3476  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
11:02:03.0531 3476  WPFFontCache_v0400 - ok
11:02:03.0562 3476  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:02:03.0718 3476  WS2IFSL - ok
11:02:03.0765 3476  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
11:02:03.0906 3476  wscsvc - ok
11:02:03.0921 3476  WSearch - ok
11:02:03.0968 3476  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
11:02:04.0109 3476  wuauserv - ok
11:02:04.0140 3476  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:02:04.0187 3476  WudfPf - ok
11:02:04.0218 3476  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:02:04.0250 3476  WudfRd - ok
11:02:04.0281 3476  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
11:02:04.0328 3476  WudfSvc - ok
11:02:04.0406 3476  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
11:02:04.0546 3476  WZCSVC - ok
11:02:04.0593 3476  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
11:02:04.0750 3476  xmlprov - ok
11:02:04.0765 3476  ================ Scan global ===============================
11:02:04.0812 3476  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
11:02:04.0859 3476  [ 1618F36D4F7F6CCCEB3EE44BA95BE85C ] C:\WINDOWS\system32\winsrv.dll
11:02:04.0890 3476  [ 1618F36D4F7F6CCCEB3EE44BA95BE85C ] C:\WINDOWS\system32\winsrv.dll
11:02:04.0906 3476  [ 0E776ED5F7CC9F94299E70461B7B8185 ] C:\WINDOWS\system32\services.exe
11:02:04.0906 3476  [Global] - ok
11:02:04.0921 3476  ================ Scan MBR ==================================
11:02:04.0937 3476  [ 0AC6D996BCE152AED9600E6D6B797E2E ] \Device\Harddisk0\DR0
11:02:05.0187 3476  \Device\Harddisk0\DR0 - ok
11:02:05.0187 3476  [ B716B775FCBDABF0E2DDFF76F15C6790 ] \Device\Harddisk1\DR1
11:02:05.0484 3476  \Device\Harddisk1\DR1 - ok
11:02:05.0500 3476  ================ Scan VBR ==================================
11:02:05.0515 3476  [ FAAD51FC827A446459357C79154417DE ] \Device\Harddisk0\DR0\Partition1
11:02:05.0515 3476  \Device\Harddisk0\DR0\Partition1 - ok
11:02:05.0531 3476  [ 07958B862DE87D4649A2A855B6698276 ] \Device\Harddisk0\DR0\Partition2
11:02:05.0546 3476  \Device\Harddisk0\DR0\Partition2 - ok
11:02:05.0578 3476  [ 06637F31990795E60045281DDF67DED1 ] \Device\Harddisk1\DR1\Partition1
11:02:05.0578 3476  \Device\Harddisk1\DR1\Partition1 - ok
11:02:05.0609 3476  [ 61A3395243DA32C74BAE4D2AB32D5690 ] \Device\Harddisk1\DR1\Partition2
11:02:05.0609 3476  \Device\Harddisk1\DR1\Partition2 - ok
11:02:05.0609 3476  ================ Scan active images ========================
11:02:05.0609 3476  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] C:\WINDOWS\system32\drivers\nic1394.sys
11:02:05.0609 3476  C:\WINDOWS\system32\drivers\nic1394.sys - ok
11:02:05.0625 3476  [ 8C953733D8F36EB2133F5BB58808B66B ] C:\WINDOWS\system32\drivers\intelppm.sys
11:02:05.0625 3476  C:\WINDOWS\system32\drivers\intelppm.sys - ok
11:02:05.0640 3476  [ E28726B72C46821A28830E077D39A55B ] C:\WINDOWS\system32\drivers\videoprt.sys
11:02:05.0640 3476  C:\WINDOWS\system32\drivers\videoprt.sys - ok
11:02:05.0656 3476  [ D4405BD2B6E95EFDC8E674ED4032874F ] C:\WINDOWS\system32\drivers\ialmnt5.sys
11:02:05.0656 3476  C:\WINDOWS\system32\drivers\ialmnt5.sys - ok
11:02:05.0656 3476  [ 791912E524CC2CC6F50B5F2B52D1EB71 ] C:\WINDOWS\system32\drivers\usbport.sys
11:02:05.0656 3476  C:\WINDOWS\system32\drivers\usbport.sys - ok
11:02:05.0671 3476  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] C:\WINDOWS\system32\drivers\usbehci.sys
11:02:05.0671 3476  C:\WINDOWS\system32\drivers\usbehci.sys - ok
11:02:05.0687 3476  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] C:\WINDOWS\system32\drivers\usbuhci.sys
11:02:05.0687 3476  C:\WINDOWS\system32\drivers\usbuhci.sys - ok
11:02:05.0687 3476  [ 593AEFC67283D409F34CC1245D00A509 ] C:\WINDOWS\system32\drivers\AGRSM.sys
11:02:05.0687 3476  C:\WINDOWS\system32\drivers\AGRSM.sys - ok
11:02:05.0703 3476  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] C:\WINDOWS\system32\drivers\modem.sys
11:02:05.0703 3476  C:\WINDOWS\system32\drivers\modem.sys - ok
11:02:05.0718 3476  [ 2EF9C0DC26B30B2318B1FC3FAA1F0AE7 ] C:\WINDOWS\system32\drivers\R8139n51.sys
11:02:05.0718 3476  C:\WINDOWS\system32\drivers\R8139n51.sys - ok
11:02:05.0718 3476  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] C:\WINDOWS\system32\drivers\serenum.sys
11:02:05.0718 3476  C:\WINDOWS\system32\drivers\serenum.sys - ok
11:02:05.0734 3476  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] C:\WINDOWS\system32\drivers\serial.sys
11:02:05.0734 3476  C:\WINDOWS\system32\drivers\serial.sys - ok
11:02:05.0750 3476  [ 4A0B06AA8943C1E332520F7440C0AA30 ] C:\WINDOWS\system32\drivers\i8042prt.sys
11:02:05.0750 3476  C:\WINDOWS\system32\drivers\i8042prt.sys - ok
11:02:05.0750 3476  [ 463C1EC80CD17420A542B7F36A36F128 ] C:\WINDOWS\system32\drivers\kbdclass.sys
11:02:05.0750 3476  C:\WINDOWS\system32\drivers\kbdclass.sys - ok
11:02:05.0765 3476  [ 35C9E97194C8CFB8430125F8DBC34D04 ] C:\WINDOWS\system32\drivers\mouclass.sys
11:02:05.0765 3476  C:\WINDOWS\system32\drivers\mouclass.sys - ok
11:02:05.0781 3476  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] C:\WINDOWS\system32\drivers\parport.sys
11:02:05.0781 3476  C:\WINDOWS\system32\drivers\parport.sys - ok
11:02:05.0796 3476  [ 9B793A1FFD480155FE9EE5261153F21B ] C:\WINDOWS\system32\drivers\PS2.sys
11:02:05.0796 3476  C:\WINDOWS\system32\drivers\PS2.sys - ok
11:02:05.0796 3476  [ 1F4260CC5B42272D71F79E570A27A4FE ] C:\WINDOWS\system32\drivers\cdrom.sys
11:02:05.0796 3476  C:\WINDOWS\system32\drivers\cdrom.sys - ok
11:02:05.0812 3476  [ 083A052659F5310DD8B6A6CB05EDCF8E ] C:\WINDOWS\system32\drivers\imapi.sys
11:02:05.0812 3476  C:\WINDOWS\system32\drivers\imapi.sys - ok
11:02:05.0828 3476  [ F59C3569A2F2C464BB78CB1BDCDCA55E ] C:\WINDOWS\system32\drivers\iviaspi.sys
11:02:05.0828 3476  C:\WINDOWS\system32\drivers\iviaspi.sys - ok
11:02:05.0828 3476  [ 0753515F78DF7F271A5E61C20BCD36A1 ] C:\WINDOWS\system32\drivers\ks.sys
11:02:05.0828 3476  C:\WINDOWS\system32\drivers\ks.sys - ok
11:02:05.0843 3476  [ 444F122E68DB44C0589227781F3C8B3F ] C:\WINDOWS\system32\drivers\pfc.sys
11:02:05.0843 3476  C:\WINDOWS\system32\drivers\pfc.sys - ok
11:02:05.0859 3476  [ F828DD7E1419B6653894A8F97A0094C5 ] C:\WINDOWS\system32\drivers\redbook.sys
11:02:05.0859 3476  C:\WINDOWS\system32\drivers\redbook.sys - ok
11:02:05.0859 3476  [ 2FB04DB459C71F416EE8B05448CA4AC3 ] C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
11:02:05.0859 3476  C:\WINDOWS\system32\drivers\GEARAspiWDM.sys - ok
11:02:05.0875 3476  [ 6CB08593487F5701D2D2254E693EAFCE ] C:\WINDOWS\system32\drivers\drmk.sys
11:02:05.0875 3476  C:\WINDOWS\system32\drivers\drmk.sys - ok
11:02:05.0890 3476  [ 8D6C30E515717248E0E52B85FD7AC466 ] C:\WINDOWS\system32\drivers\ALCXWDM.SYS
11:02:05.0890 3476  C:\WINDOWS\system32\drivers\ALCXWDM.SYS - ok
11:02:05.0890 3476  [ E82A496C3961EFC6828B508C310CE98F ] C:\WINDOWS\system32\drivers\portcls.sys
11:02:05.0890 3476  C:\WINDOWS\system32\drivers\portcls.sys - ok
11:02:05.0906 3476  [ D9F724AA26C010A217C97606B160ED68 ] C:\WINDOWS\system32\drivers\audstub.sys
11:02:05.0906 3476  C:\WINDOWS\system32\drivers\audstub.sys - ok
11:02:05.0921 3476  [ 1AB3D00C991AB086E69DB84B6C0ED78F ] C:\WINDOWS\system32\drivers\ndistapi.sys
11:02:05.0921 3476  C:\WINDOWS\system32\drivers\ndistapi.sys - ok
11:02:05.0921 3476  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] C:\WINDOWS\system32\drivers\rasl2tp.sys
11:02:05.0921 3476  C:\WINDOWS\system32\drivers\rasl2tp.sys - ok
11:02:05.0937 3476  [ EDC1531A49C80614B2CFDA43CA8659AB ] C:\WINDOWS\system32\drivers\ndiswan.sys
11:02:05.0937 3476  C:\WINDOWS\system32\drivers\ndiswan.sys - ok
11:02:05.0953 3476  [ 5BC962F2654137C9909C3D4603587DEE ] C:\WINDOWS\system32\drivers\raspppoe.sys
11:02:05.0953 3476  C:\WINDOWS\system32\drivers\raspppoe.sys - ok
11:02:05.0953 3476  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] C:\WINDOWS\system32\drivers\raspptp.sys
11:02:05.0953 3476  C:\WINDOWS\system32\drivers\raspptp.sys - ok
11:02:05.0968 3476  [ 0539D5E53587F82D1B4FD74C5BE205CF ] C:\WINDOWS\system32\drivers\tdi.sys
11:02:05.0968 3476  C:\WINDOWS\system32\drivers\tdi.sys - ok
11:02:05.0984 3476  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] C:\WINDOWS\system32\drivers\msgpc.sys
11:02:05.0984 3476  C:\WINDOWS\system32\drivers\msgpc.sys - ok
11:02:05.0984 3476  [ 09298EC810B07E5D582CB3A3F9255424 ] C:\WINDOWS\system32\drivers\psched.sys
11:02:05.0984 3476  C:\WINDOWS\system32\drivers\psched.sys - ok
11:02:06.0000 3476  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\system32\drivers\ptilink.sys
11:02:06.0000 3476  C:\WINDOWS\system32\drivers\ptilink.sys - ok
11:02:06.0015 3476  [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\system32\drivers\raspti.sys
11:02:06.0015 3476  C:\WINDOWS\system32\drivers\raspti.sys - ok
11:02:06.0031 3476  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] C:\WINDOWS\system32\drivers\swenum.sys
11:02:06.0031 3476  C:\WINDOWS\system32\drivers\swenum.sys - ok
11:02:06.0031 3476  [ 88155247177638048422893737429D9E ] C:\WINDOWS\system32\drivers\termdd.sys
11:02:06.0031 3476  C:\WINDOWS\system32\drivers\termdd.sys - ok
11:02:06.0046 3476  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] C:\WINDOWS\system32\drivers\update.sys
11:02:06.0046 3476  C:\WINDOWS\system32\drivers\update.sys - ok
11:02:06.0062 3476  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] C:\WINDOWS\system32\drivers\mssmbios.sys
11:02:06.0062 3476  C:\WINDOWS\system32\drivers\mssmbios.sys - ok
11:02:06.0062 3476  [ 6215023940CFD3702B46ABC304E1D45A ] C:\WINDOWS\system32\drivers\ndproxy.sys
11:02:06.0062 3476  C:\WINDOWS\system32\drivers\ndproxy.sys - ok
11:02:06.0078 3476  [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\system32\drivers\usbd.sys
11:02:06.0078 3476  C:\WINDOWS\system32\drivers\usbd.sys - ok
11:02:06.0093 3476  [ 1AB3CDDE553B6E064D2E754EFE20285C ] C:\WINDOWS\system32\drivers\usbhub.sys
11:02:06.0093 3476  C:\WINDOWS\system32\drivers\usbhub.sys - ok
11:02:06.0093 3476  [ ACE85AF1C31F68BDFEE9333F6592917E ] C:\WINDOWS\system32\drivers\NIS\1309000.009\ccsetx86.sys
11:02:06.0093 3476  C:\WINDOWS\system32\drivers\NIS\1309000.009\ccsetx86.sys - ok
11:02:06.0109 3476  [ 8E6B8C671615D126FDC553D1E2DE5562 ] C:\WINDOWS\system32\drivers\sfloppy.sys
11:02:06.0109 3476  C:\WINDOWS\system32\drivers\sfloppy.sys - ok
11:02:06.0125 3476  [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\system32\drivers\cdaudio.sys
11:02:06.0125 3476  C:\WINDOWS\system32\drivers\cdaudio.sys - ok
11:02:06.0125 3476  [ 2C356CCA706505CF63CBE39D532B9236 ] C:\WINDOWS\system32\drivers\NIS\1309000.009\ironx86.sys
11:02:06.0125 3476  C:\WINDOWS\system32\drivers\NIS\1309000.009\ironx86.sys - ok
11:02:06.0140 3476  [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\system32\drivers\beep.sys
11:02:06.0140 3476  C:\WINDOWS\system32\drivers\beep.sys - ok
11:02:06.0156 3476  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\system32\drivers\fs_rec.sys
11:02:06.0156 3476  C:\WINDOWS\system32\drivers\fs_rec.sys - ok
11:02:06.0171 3476  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\system32\drivers\null.sys
11:02:06.0171 3476  C:\WINDOWS\system32\drivers\null.sys - ok
11:02:06.0171 3476  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\system32\drivers\mnmdd.sys
11:02:06.0171 3476  C:\WINDOWS\system32\drivers\mnmdd.sys - ok
11:02:06.0187 3476  [ C941EA2454BA8350021D774DAF0F1027 ] C:\WINDOWS\system32\drivers\msfs.sys
11:02:06.0187 3476  C:\WINDOWS\system32\drivers\msfs.sys - ok
11:02:06.0187 3476  [ 3182D64AE053D6FB034F44B6DEF8034A ] C:\WINDOWS\system32\drivers\npfs.sys
11:02:06.0187 3476  C:\WINDOWS\system32\drivers\npfs.sys - ok
11:02:06.0203 3476  [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\system32\drivers\rdpcdd.sys
11:02:06.0203 3476  C:\WINDOWS\system32\drivers\rdpcdd.sys - ok
11:02:06.0218 3476  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] C:\WINDOWS\system32\drivers\vga.sys
11:02:06.0218 3476  C:\WINDOWS\system32\drivers\vga.sys - ok
11:02:06.0218 3476  [ 23C74D75E36E7158768DD63D92789A91 ] C:\WINDOWS\system32\drivers\ipsec.sys
11:02:06.0218 3476  C:\WINDOWS\system32\drivers\ipsec.sys - ok
11:02:06.0234 3476  [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\system32\drivers\rasacd.sys
11:02:06.0234 3476  C:\WINDOWS\system32\drivers\rasacd.sys - ok
11:02:06.0250 3476  [ 93EA8D04EC73A85DB02EB8805988F733 ] C:\WINDOWS\system32\drivers\tcpip.sys
11:02:06.0250 3476  C:\WINDOWS\system32\drivers\tcpip.sys - ok
11:02:06.0250 3476  [ 508BD882040F9CB12319E3A4FC78EDB9 ] C:\WINDOWS\system32\drivers\NIS\1309000.009\symtdi.sys
11:02:06.0265 3476  C:\WINDOWS\system32\drivers\NIS\1309000.009\symtdi.sys - ok
11:02:06.0265 3476  [ 74E2521E96176A4449570E50BE91954D ] C:\WINDOWS\system32\drivers\SYMEVENT.SYS
11:02:06.0265 3476  C:\WINDOWS\system32\drivers\SYMEVENT.SYS - ok
11:02:06.0281 3476  [ C19BF2A07BE972A110220DF6B1E89D14 ] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20121103.001\IDSXpx86.sys
11:02:06.0281 3476  C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20121103.001\IDSXpx86.sys - ok
11:02:06.0296 3476  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] C:\WINDOWS\system32\drivers\netbt.sys
11:02:06.0296 3476  C:\WINDOWS\system32\drivers\netbt.sys - ok
11:02:06.0296 3476  [ CC748EA12C6EFFDE940EE98098BF96BB ] C:\WINDOWS\system32\drivers\ipnat.sys
11:02:06.0296 3476  C:\WINDOWS\system32\drivers\ipnat.sys - ok
11:02:06.0312 3476  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] C:\WINDOWS\system32\drivers\ws2ifsl.sys
11:02:06.0312 3476  C:\WINDOWS\system32\drivers\ws2ifsl.sys - ok
11:02:06.0328 3476  [ 322D0E36693D6E24A2398BEE62A268CD ] C:\WINDOWS\system32\drivers\afd.sys
11:02:06.0328 3476  C:\WINDOWS\system32\drivers\afd.sys - ok
11:02:06.0328 3476  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] C:\WINDOWS\system32\drivers\netbios.sys
11:02:06.0328 3476  C:\WINDOWS\system32\drivers\netbios.sys - ok
11:02:06.0343 3476  [ 475FCF0F28D845BF1C8ABAC27F19003E ] C:\WINDOWS\system32\drivers\NIS\1309000.009\srtspx.sys
11:02:06.0343 3476  C:\WINDOWS\system32\drivers\NIS\1309000.009\srtspx.sys - ok
11:02:06.0359 3476  [ 7AD224AD1A1437FE28D89CF22B17780A ] C:\WINDOWS\system32\drivers\rdbss.sys
11:02:06.0359 3476  C:\WINDOWS\system32\drivers\rdbss.sys - ok
11:02:06.0359 3476  [ 68755F0FF16070178B54674FE5B847B0 ] C:\WINDOWS\system32\drivers\mrxsmb.sys
11:02:06.0359 3476  C:\WINDOWS\system32\drivers\mrxsmb.sys - ok
11:02:06.0375 3476  [ D45926117EB9FA946A6AF572FBE1CAA3 ] C:\WINDOWS\system32\drivers\fips.sys
11:02:06.0375 3476  C:\WINDOWS\system32\drivers\fips.sys - ok
11:02:06.0390 3476  [ 85B8B4032A895A746D46A288A9B30DED ] C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
11:02:06.0390 3476  C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys - ok
11:02:06.0406 3476  [ B5A8A04A6E5B4E86B95B1553AA918F5F ] C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
11:02:06.0406 3476  C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys - ok
11:02:06.0406 3476  [ 684B12018A54ADC1F856372EC5762B48 ] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20121030.002\BHDrvx86.sys
11:02:06.0406 3476  C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20121030.002\BHDrvx86.sys - ok
11:02:06.0421 3476  [ 5F816C1F539266D2D4C78694239DA0B5 ] C:\WINDOWS\system32\smss.exe
11:02:06.0421 3476  C:\WINDOWS\system32\smss.exe - ok
11:02:06.0421 3476  [ E20B95BAEDB550F32DD489265C1DA1F6 ] C:\WINDOWS\system32\drivers\wanarp.sys
11:02:06.0421 3476  C:\WINDOWS\system32\drivers\wanarp.sys - ok
11:02:06.0437 3476  [ 27D9ED8CB8B62D1E0A8E5ACE6CF52E2F ] C:\WINDOWS\system32\ntdll.dll
11:02:06.0437 3476  C:\WINDOWS\system32\ntdll.dll - ok
11:02:06.0453 3476  [ B5B8A80875C1DEDEDA8B02765642C32F ] C:\WINDOWS\system32\drivers\arp1394.sys
11:02:06.0453 3476  C:\WINDOWS\system32\drivers\arp1394.sys - ok
11:02:06.0453 3476  [ 23043C91A0F9DFB4B9E9F87B680863B4 ] C:\WINDOWS\system32\autochk.exe
11:02:06.0453 3476  C:\WINDOWS\system32\autochk.exe - ok
11:02:06.0468 3476  [ 38D332A6D56AF32635675F132548343E ] C:\WINDOWS\system32\drivers\fastfat.sys
11:02:06.0468 3476  C:\WINDOWS\system32\drivers\fastfat.sys - ok
11:02:06.0484 3476  [ A32426D9B14A089EAA1D922E0C5801A9 ] C:\WINDOWS\system32\drivers\usbstor.sys
11:02:06.0484 3476  C:\WINDOWS\system32\drivers\usbstor.sys - ok
11:02:06.0500 3476  [ 9DD07AF82244867CA36681EA2D29CE79 ] C:\WINDOWS\system32\sfcfiles.dll
11:02:06.0500 3476  C:\WINDOWS\system32\sfcfiles.dll - ok
11:02:06.0500 3476  [ 2F31B7F954BED437F2C75026C65CAF7B ] C:\WINDOWS\system32\drivers\wmilib.sys
11:02:06.0500 3476  C:\WINDOWS\system32\drivers\wmilib.sys - ok
11:02:06.0515 3476  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] C:\WINDOWS\system32\drivers\atapi.sys
11:02:06.0515 3476  C:\WINDOWS\system32\drivers\atapi.sys - ok
11:02:06.0531 3476  [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys
11:02:06.0531 3476  C:\WINDOWS\system32\drivers\dxapi.sys - ok
11:02:06.0531 3476  [ 9A10AACBFDC4922715375FB4065EC930 ] C:\WINDOWS\system32\watchdog.sys
11:02:06.0531 3476  C:\WINDOWS\system32\watchdog.sys - ok
11:02:06.0546 3476  [ DE01D79A607C7B9AE7FF88E934D0FFB2 ] C:\WINDOWS\system32\win32k.sys
11:02:06.0546 3476  C:\WINDOWS\system32\win32k.sys - ok
11:02:06.0562 3476  [ 44F275C64738EA2056E3D9580C23B60F ] C:\WINDOWS\system32\csrss.exe
11:02:06.0562 3476  C:\WINDOWS\system32\csrss.exe - ok
11:02:06.0562 3476  [ 05B100F8DD7073BFD7B3E46D0E36AD0C ] C:\WINDOWS\system32\csrsrv.dll
11:02:06.0562 3476  C:\WINDOWS\system32\csrsrv.dll - ok
11:02:06.0578 3476  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
11:02:06.0578 3476  C:\WINDOWS\system32\basesrv.dll - ok
11:02:06.0593 3476  [ 1618F36D4F7F6CCCEB3EE44BA95BE85C ] C:\WINDOWS\system32\winsrv.dll
11:02:06.0593 3476  C:\WINDOWS\system32\winsrv.dll - ok
11:02:06.0593 3476  [ B015B9134DAD7E29E7D2D6B5F5C8C2FC ] C:\WINDOWS\system32\gdi32.dll
11:02:06.0593 3476  C:\WINDOWS\system32\gdi32.dll - ok
11:02:06.0609 3476  [ C24B983D211C34DA8FCC1AC38477971D ] C:\WINDOWS\system32\kernel32.dll
11:02:06.0609 3476  C:\WINDOWS\system32\kernel32.dll - ok
11:02:06.0625 3476  [ B26B135FF1B9F60C9388B4A7D16F600B ] C:\WINDOWS\system32\user32.dll
11:02:06.0625 3476  C:\WINDOWS\system32\user32.dll - ok
11:02:06.0640 3476  [ AC7280566A7BB85CB3291F04DDC1198E ] C:\WINDOWS\system32\drivers\dxg.sys
11:02:06.0640 3476  C:\WINDOWS\system32\drivers\dxg.sys - ok
11:02:06.0656 3476  [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys
11:02:06.0656 3476  C:\WINDOWS\system32\drivers\dxgthk.sys - ok
11:02:06.0656 3476  [ CD48842175B32BCB097EF132E5396A8E ] C:\WINDOWS\system32\ialmdnt5.dll
11:02:06.0656 3476  C:\WINDOWS\system32\ialmdnt5.dll - ok
11:02:06.0671 3476  [ B011D180E5002BE748A35E6A4504DA2D ] C:\WINDOWS\system32\ialmrnt5.dll
11:02:06.0671 3476  C:\WINDOWS\system32\ialmrnt5.dll - ok
11:02:06.0671 3476  [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\system32\vga.dll
11:02:06.0671 3476  C:\WINDOWS\system32\vga.dll - ok
11:02:06.0687 3476  [ 69E0B3782DACC1F84D08B55A4FA07447 ] C:\WINDOWS\system32\ialmdev5.dll
11:02:06.0687 3476  C:\WINDOWS\system32\ialmdev5.dll - ok
11:02:06.0703 3476  [ 32739F227865B2D2944520CC3E6FB98C ] C:\WINDOWS\system32\ialmdd5.dll
11:02:06.0703 3476  C:\WINDOWS\system32\ialmdd5.dll - ok
11:02:06.0718 3476  [ ED0EF0A136DEC83DF69F04118870003E ] C:\WINDOWS\system32\winlogon.exe
11:02:06.0718 3476  C:\WINDOWS\system32\winlogon.exe - ok
11:02:06.0718 3476  [ BAB489A5FE26F2D0C910CF7AF7E4CF92 ] C:\WINDOWS\system32\advapi32.dll
11:02:06.0718 3476  C:\WINDOWS\system32\advapi32.dll - ok
11:02:06.0734 3476  [ B979D9D1C8073DA21A7F80345F306A1D ] C:\WINDOWS\system32\rpcrt4.dll
11:02:06.0734 3476  C:\WINDOWS\system32\rpcrt4.dll - ok
11:02:06.0750 3476  [ 7459C16CC3EF4651CAB7C9260E43FC58 ] C:\WINDOWS\system32\secur32.dll
11:02:06.0750 3476  C:\WINDOWS\system32\secur32.dll - ok
11:02:06.0750 3476  [ 714705F29A917993536A6AB2DEDB0B7F ] C:\WINDOWS\system32\authz.dll
11:02:06.0750 3476  C:\WINDOWS\system32\authz.dll - ok
11:02:06.0765 3476  [ 355EDBB4D412B01F1740C17E3F50FA00 ] C:\WINDOWS\system32\msvcrt.dll
11:02:06.0765 3476  C:\WINDOWS\system32\msvcrt.dll - ok
11:02:06.0781 3476  [ BDAAF79DD63F194434D31A74B9BB8B77 ] C:\WINDOWS\system32\crypt32.dll
11:02:06.0781 3476  C:\WINDOWS\system32\crypt32.dll - ok
11:02:06.0781 3476  [ A11F1EA5346165347BF54C1F959C3FBC ] C:\WINDOWS\system32\msasn1.dll
11:02:06.0781 3476  C:\WINDOWS\system32\msasn1.dll - ok
11:02:06.0796 3476  [ 013C1148C1EC025596896E093F60F608 ] C:\WINDOWS\system32\nddeapi.dll
11:02:06.0796 3476  C:\WINDOWS\system32\nddeapi.dll - ok
11:02:06.0812 3476  [ FCFA1C55971CC229D353B3A15ACCD995 ] C:\WINDOWS\system32\profmap.dll
11:02:06.0812 3476  C:\WINDOWS\system32\profmap.dll - ok
11:02:06.0812 3476  [ 6DB7788FA7E2566267516FA635C3797E ] C:\WINDOWS\system32\netapi32.dll
11:02:06.0812 3476  C:\WINDOWS\system32\netapi32.dll - ok
11:02:06.0828 3476  [ 43D13C80EBEC0135A3611E0F616F179B ] C:\WINDOWS\system32\userenv.dll
11:02:06.0828 3476  C:\WINDOWS\system32\userenv.dll - ok
11:02:06.0843 3476  [ 9CFCB3CA3D83B4EAA133F0644A2C6F31 ] C:\WINDOWS\system32\psapi.dll
11:02:06.0843 3476  C:\WINDOWS\system32\psapi.dll - ok
11:02:06.0859 3476  [ AF11C591F2F4AFF4A6CF699D376F618B ] C:\WINDOWS\system32\regapi.dll
11:02:06.0859 3476  C:\WINDOWS\system32\regapi.dll - ok
11:02:06.0859 3476  [ 24192246760E0E64435522E246B1D6C2 ] C:\WINDOWS\system32\setupapi.dll
11:02:06.0859 3476  C:\WINDOWS\system32\setupapi.dll - ok
11:02:06.0875 3476  [ C7CE131408739B0B3A318BE2D0032719 ] C:\WINDOWS\system32\version.dll
11:02:06.0875 3476  C:\WINDOWS\system32\version.dll - ok
11:02:06.0890 3476  [ 430CEB794F6E6EF8AC86958C242366D6 ] C:\WINDOWS\system32\winsta.dll
11:02:06.0890 3476  C:\WINDOWS\system32\winsta.dll - ok
11:02:06.0890 3476  [ CA648BD638245EB83F971FF71B031BEC ] C:\WINDOWS\system32\imagehlp.dll
11:02:06.0890 3476  C:\WINDOWS\system32\imagehlp.dll - ok
11:02:06.0906 3476  [ B25D14DCBBB6623C1A63CD07A97DF32B ] C:\WINDOWS\system32\wintrust.dll
11:02:06.0906 3476  C:\WINDOWS\system32\wintrust.dll - ok
11:02:06.0921 3476  [ 2CCC474EB85CEAA3E1FA1726580A3E5A ] C:\WINDOWS\system32\ws2_32.dll
11:02:06.0921 3476  C:\WINDOWS\system32\ws2_32.dll - ok
11:02:06.0921 3476  [ 9789E95E1D88EEB4B922BF3EA7779C28 ] C:\WINDOWS\system32\ws2help.dll
11:02:06.0921 3476  C:\WINDOWS\system32\ws2help.dll - ok
11:02:06.0937 3476  [ 0DA85218E92526972A821587E6A8BF8F ] C:\WINDOWS\system32\imm32.dll
11:02:06.0937 3476  C:\WINDOWS\system32\imm32.dll - ok
11:02:06.0937 3476  [ 56C5B179FE3308B655EB6208C3256FEC ] C:\WINDOWS\system32\kbdus.dll
11:02:06.0937 3476  C:\WINDOWS\system32\kbdus.dll - ok
11:02:06.0953 3476  [ D7B7A57C0E57C836F18CF12A4C62A1CA ] C:\WINDOWS\system32\msgina.dll
11:02:06.0953 3476  C:\WINDOWS\system32\msgina.dll - ok
11:02:06.0968 3476  [ 06F247492BC786CE5C24A23E178C711A ] C:\WINDOWS\system32\comctl32.dll
11:02:06.0968 3476  C:\WINDOWS\system32\comctl32.dll - ok
11:02:06.0984 3476  [ 86987A5000DFA3EBE2275C0456BCF2FE ] C:\WINDOWS\system32\comdlg32.dll
11:02:06.0984 3476  C:\WINDOWS\system32\comdlg32.dll - ok
11:02:06.0984 3476  [ 52A5A388661FF3A889593185367B7226 ] C:\WINDOWS\system32\odbc32.dll
11:02:06.0984 3476  C:\WINDOWS\system32\odbc32.dll - ok
11:02:07.0000 3476  [ 0CF50B1F45DAB08430C1DBB79FE2CA5B ] C:\WINDOWS\system32\shell32.dll
11:02:07.0000 3476  C:\WINDOWS\system32\shell32.dll - ok
11:02:07.0015 3476  [ 72EDAE61E761C14714BFD0CB4BA3C0DB ] C:\WINDOWS\system32\shlwapi.dll
11:02:07.0015 3476  C:\WINDOWS\system32\shlwapi.dll - ok
11:02:07.0015 3476  [ 694503348B586E99D56C0E30AB5B3EF8 ] C:\WINDOWS\system32\sxs.dll
11:02:07.0015 3476  C:\WINDOWS\system32\sxs.dll - ok
11:02:07.0031 3476  [ BD38D1EBE24A46BD3EDA059560AFBA12 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
11:02:07.0031 3476  C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll - ok
11:02:07.0046 3476  [ 6B7C6B32F8E84D56C6260D684019FEA2 ] C:\WINDOWS\system32\odbcint.dll
11:02:07.0046 3476  C:\WINDOWS\system32\odbcint.dll - ok
11:02:07.0046 3476  [ 96E1C926F22EE1BFBAE82901A35F6BF3 ] C:\WINDOWS\system32\sfc.dll
11:02:07.0046 3476  C:\WINDOWS\system32\sfc.dll - ok
11:02:07.0062 3476  [ 1926899BF9FFE2602B63074971700412 ] C:\WINDOWS\system32\shsvcs.dll
11:02:07.0062 3476  C:\WINDOWS\system32\shsvcs.dll - ok
11:02:07.0078 3476  [ ECCE74BC6168375016450A86A164D976 ] C:\WINDOWS\system32\ole32.dll
11:02:07.0078 3476  C:\WINDOWS\system32\ole32.dll - ok
11:02:07.0078 3476  [ 6B5DB6789177A4FD0DEBC248041D0739 ] C:\WINDOWS\system32\sfc_os.dll
11:02:07.0078 3476  C:\WINDOWS\system32\sfc_os.dll - ok
11:02:07.0093 3476  [ CF492D7E9AF1C628B3536D20EF6F5CC7 ] C:\WINDOWS\system32\apphelp.dll
11:02:07.0093 3476  C:\WINDOWS\system32\apphelp.dll - ok
11:02:07.0109 3476  [ 0E776ED5F7CC9F94299E70461B7B8185 ] C:\WINDOWS\system32\services.exe
11:02:07.0109 3476  C:\WINDOWS\system32\services.exe - ok
11:02:07.0125 3476  [ BF2466B3E18E970D8A976FB95FC1CA85 ] C:\WINDOWS\system32\lsass.exe
11:02:07.0125 3476  C:\WINDOWS\system32\lsass.exe - ok
11:02:07.0125 3476  [ EA9AAA0B9BBF9B24FD3CAECC7FD69A1E ] C:\WINDOWS\system32\lsasrv.dll
11:02:07.0125 3476  C:\WINDOWS\system32\lsasrv.dll - ok
11:02:07.0140 3476  [ EC29A79F1E76DC509E24D401F29D0678 ] C:\WINDOWS\system32\ncobjapi.dll
11:02:07.0140 3476  C:\WINDOWS\system32\ncobjapi.dll - ok
11:02:07.0156 3476  [ F404830F3CD9BF8F2515E489C0CDA297 ] C:\WINDOWS\system32\msvcp60.dll
11:02:07.0156 3476  C:\WINDOWS\system32\msvcp60.dll - ok
11:02:07.0156 3476  [ DD7BD97FB8BD800963789158A5E4B41D ] C:\WINDOWS\system32\mpr.dll
11:02:07.0156 3476  C:\WINDOWS\system32\mpr.dll - ok
11:02:07.0171 3476  [ B24A42A413E694AD73FDFB7FBD492C31 ] C:\WINDOWS\system32\scesrv.dll
11:02:07.0171 3476  C:\WINDOWS\system32\scesrv.dll - ok
11:02:07.0171 3476  [ EC4C0D9BFD9F7E33F8B395AD54E13063 ] C:\WINDOWS\system32\ntdsapi.dll
11:02:07.0171 3476  C:\WINDOWS\system32\ntdsapi.dll - ok
11:02:07.0187 3476  [ 0A3325D38DB90792BBBE01334F273974 ] C:\WINDOWS\system32\dnsapi.dll
11:02:07.0187 3476  C:\WINDOWS\system32\dnsapi.dll - ok
11:02:07.0203 3476  [ 0492CF5870F0E616B0C71695A433D162 ] C:\WINDOWS\system32\wldap32.dll
11:02:07.0203 3476  C:\WINDOWS\system32\wldap32.dll - ok
11:02:07.0203 3476  [ 2EDFC2A8893435723AD80481803C6D5C ] C:\WINDOWS\system32\umpnpmgr.dll
11:02:07.0203 3476  C:\WINDOWS\system32\umpnpmgr.dll - ok
11:02:07.0218 3476  [ 8329A39D5A402A75A74301D6A62ECDA1 ] C:\WINDOWS\system32\samlib.dll
11:02:07.0218 3476  C:\WINDOWS\system32\samlib.dll - ok
11:02:07.0234 3476  [ F05B8CDB7FE0E55DCCFB1D946CE80064 ] C:\WINDOWS\system32\samsrv.dll
11:02:07.0234 3476  C:\WINDOWS\system32\samsrv.dll - ok
11:02:07.0250 3476  [ 1F03103598BD817B1078DAB1326DDE11 ] C:\WINDOWS\system32\shimeng.dll
11:02:07.0250 3476  C:\WINDOWS\system32\shimeng.dll - ok
11:02:07.0250 3476  [ EA9EE60B408878E5F2012F9C783836DB ] C:\WINDOWS\AppPatch\acadproc.dll
11:02:07.0250 3476  C:\WINDOWS\AppPatch\acadproc.dll - ok
11:02:07.0265 3476  [ 310C15FD8358B2C4CD7A5B98A112883F ] C:\WINDOWS\AppPatch\acgenral.dll
11:02:07.0265 3476  C:\WINDOWS\AppPatch\acgenral.dll - ok
11:02:07.0281 3476  [ 17A1D675C12BBF80CAAC54A4855C41D0 ] C:\WINDOWS\system32\cryptdll.dll
11:02:07.0281 3476  C:\WINDOWS\system32\cryptdll.dll - ok
11:02:07.0281 3476  [ F1300D0B4C40754A01DF16F350F0EF60 ] C:\WINDOWS\system32\winmm.dll
11:02:07.0281 3476  C:\WINDOWS\system32\winmm.dll - ok
11:02:07.0296 3476  [ 387006CF9983000BAB76DD250D424045 ] C:\WINDOWS\system32\oleaut32.dll
11:02:07.0296 3476  C:\WINDOWS\system32\oleaut32.dll - ok
11:02:07.0312 3476  [ 2098AB52BD5316E59AA36F3437B13BE6 ] C:\WINDOWS\system32\msacm32.dll
11:02:07.0312 3476  C:\WINDOWS\system32\msacm32.dll - ok
11:02:07.0312 3476  [ 7A2CC3719B255E6B5D74396183B7715B ] C:\WINDOWS\system32\uxtheme.dll
11:02:07.0312 3476  C:\WINDOWS\system32\uxtheme.dll - ok
11:02:07.0328 3476  [ C61E8ECFFDBF05FF71D079BBD35396B3 ] C:\WINDOWS\system32\schannel.dll
11:02:07.0328 3476  C:\WINDOWS\system32\schannel.dll - ok
11:02:07.0343 3476  [ C6BB1D1500DB4A0E224CB65E6C7E8A80 ] C:\WINDOWS\system32\msprivs.dll
11:02:07.0343 3476  C:\WINDOWS\system32\msprivs.dll - ok
11:02:07.0359 3476  [ 5733177BCF16EE78B99543C9B0AB81EA ] C:\WINDOWS\system32\msctfime.ime
11:02:07.0359 3476  C:\WINDOWS\system32\msctfime.ime - ok
11:02:07.0359 3476  [ B17DEFD576AE373E7A1A2C75665E4549 ] C:\WINDOWS\system32\kerberos.dll
11:02:07.0359 3476  C:\WINDOWS\system32\kerberos.dll - ok
11:02:07.0375 3476  [ 34EF4739A4D9D09A96069198F42B8D99 ] C:\WINDOWS\system32\atmfd.dll
11:02:07.0375 3476  C:\WINDOWS\system32\atmfd.dll - ok
11:02:07.0390 3476  [ 0F152F4E57FDF9E8E8BDFEA583A4926B ] C:\WINDOWS\system32\msv1_0.dll
11:02:07.0390 3476  C:\WINDOWS\system32\msv1_0.dll - ok
11:02:07.0390 3476  [ AF07DC9B7CC455629E732340C7B15F3A ] C:\WINDOWS\system32\iphlpapi.dll
11:02:07.0390 3476  C:\WINDOWS\system32\iphlpapi.dll - ok
11:02:07.0406 3476  [ 1B7F071C51B77C272875C3A23E1E4550 ] C:\WINDOWS\system32\netlogon.dll
11:02:07.0406 3476  C:\WINDOWS\system32\netlogon.dll - ok
11:02:07.0421 3476  [ 54AF4B1D5459500EF0937F6D33B1914F ] C:\WINDOWS\system32\w32time.dll
11:02:07.0421 3476  C:\WINDOWS\system32\w32time.dll - ok
11:02:07.0421 3476  [ CEFCC6A64983EB8119F3A07A0C1EDE30 ] C:\WINDOWS\system32\wdigest.dll
11:02:07.0421 3476  C:\WINDOWS\system32\wdigest.dll - ok
11:02:07.0437 3476  [ 54DAE3EA34802B4ED9AE1C6B1209FA56 ] C:\WINDOWS\system32\rsaenh.dll
11:02:07.0437 3476  C:\WINDOWS\system32\rsaenh.dll - ok
11:02:07.0437 3476  [ 02988B904C386B500CD08639C4C20EEA ] C:\WINDOWS\system32\winscard.dll
11:02:07.0453 3476  C:\WINDOWS\system32\winscard.dll - ok
11:02:07.0453 3476  [ 0E2735281FBB9A764D5584C2A5DCBA59 ] C:\WINDOWS\system32\wtsapi32.dll
11:02:07.0453 3476  C:\WINDOWS\system32\wtsapi32.dll - ok
11:02:07.0468 3476  [ A86BB5E61BF3E39B62AB4C7E7085A084 ] C:\WINDOWS\system32\scecli.dll
11:02:07.0468 3476  C:\WINDOWS\system32\scecli.dll - ok
11:02:07.0484 3476  [ 500D089CE760D83DA2B6CBA681AA9949 ] C:\WINDOWS\system32\drivers\mbam.sys
11:02:07.0484 3476  C:\WINDOWS\system32\drivers\mbam.sys - ok
11:02:07.0484 3476  [ 27C6D03BCDB8CFEB96B716F3D8BE3E18 ] C:\WINDOWS\system32\svchost.exe
11:02:07.0484 3476  C:\WINDOWS\system32\svchost.exe - ok
11:02:07.0500 3476  [ 549290DBC280C887681D7652978DBBE0 ] C:\WINDOWS\system32\ntmarta.dll
11:02:07.0500 3476  C:\WINDOWS\system32\ntmarta.dll - ok
11:02:07.0515 3476  [ 2589FE6015A316C0F5D5112B4DA7B509 ] C:\WINDOWS\system32\rpcss.dll
11:02:07.0515 3476  C:\WINDOWS\system32\rpcss.dll - ok
11:02:07.0515 3476  [ 6D4FEB43EE538FC5428CC7F0565AA656 ] C:\WINDOWS\system32\eventlog.dll
11:02:07.0515 3476  C:\WINDOWS\system32\eventlog.dll - ok
11:02:07.0531 3476  [ 16403217AB6FC5C30C14C6B12098AD4B ] C:\WINDOWS\system32\xpsp2res.dll
11:02:07.0531 3476  C:\WINDOWS\system32\xpsp2res.dll - ok
11:02:07.0546 3476  [ 104F866DEDEDA8191AEC7B706A3FEDE7 ] C:\WINDOWS\system32\acaptuser32.dll
11:02:07.0546 3476  C:\WINDOWS\system32\acaptuser32.dll - ok
11:02:07.0546 3476  [ B4138E99236F0F57D4CF49BAE98A0746 ] C:\WINDOWS\system32\mswsock.dll
11:02:07.0546 3476  C:\WINDOWS\system32\mswsock.dll - ok
11:02:07.0562 3476  [ 3CB32D3B8CBE79899D63280BB7A83CD9 ] C:\WINDOWS\system32\hnetcfg.dll
11:02:07.0562 3476  C:\WINDOWS\system32\hnetcfg.dll - ok
11:02:07.0578 3476  [ 4E3D06D6E68EEDB52565080F55B460D3 ] C:\WINDOWS\system32\wshtcpip.dll
11:02:07.0578 3476  C:\WINDOWS\system32\wshtcpip.dll - ok
11:02:07.0593 3476  [ D72B9EC3337B247A666F098F3D6B43DE ] C:\WINDOWS\system32\winrnr.dll
11:02:07.0593 3476  C:\WINDOWS\system32\winrnr.dll - ok
11:02:07.0593 3476  [ 6F9BEF24C578D5D6740E080BEDD6A448 ] C:\WINDOWS\system32\rasadhlp.dll
11:02:07.0593 3476  C:\WINDOWS\system32\rasadhlp.dll - ok
11:02:07.0609 3476  [ F927A4434C5028758A842943EF1A3849 ] C:\WINDOWS\system32\drivers\ndisuio.sys
11:02:07.0609 3476  C:\WINDOWS\system32\drivers\ndisuio.sys - ok
11:02:07.0625 3476  [ 2081A5B5E4ABA206A0A8A1A97DF0FB23 ] C:\WINDOWS\system32\logonui.exe
11:02:07.0625 3476  C:\WINDOWS\system32\logonui.exe - ok
11:02:07.0625 3476  [ 515A7FAE2070C2B0242B2353443E2F11 ] C:\WINDOWS\system32\cscdll.dll
11:02:07.0625 3476  C:\WINDOWS\system32\cscdll.dll - ok
11:02:07.0640 3476  [ 5E38D7684A49CACFB752B046357E0589 ] C:\WINDOWS\system32\dhcpcsvc.dll
11:02:07.0640 3476  C:\WINDOWS\system32\dhcpcsvc.dll - ok
11:02:07.0656 3476  [ E2092F0A1D7ABC243F9C2362483D150D ] C:\WINDOWS\system32\dimsntfy.dll
11:02:07.0656 3476  C:\WINDOWS\system32\dimsntfy.dll - ok
11:02:07.0671 3476  [ 2CC34E8BB667EEF78899546E12649196 ] C:\WINDOWS\system32\wlnotify.dll
11:02:07.0671 3476  C:\WINDOWS\system32\wlnotify.dll - ok
11:02:07.0671 3476  [ BD83ABA61E8ACCC8D9FFB869F29418CE ] C:\WINDOWS\system32\winspool.drv
11:02:07.0671 3476  C:\WINDOWS\system32\winspool.drv - ok
11:02:07.0703 3476  [ 3D41A9326F0376FC73AF961DD23B1FB1 ] C:\WINDOWS\system32\duser.dll
11:02:07.0703 3476  C:\WINDOWS\system32\duser.dll - ok
11:02:07.0703 3476  [ AFFC87E2501FCE8F09D4C10BA6421CCF ] C:\WINDOWS\system32\msimg32.dll
11:02:07.0703 3476  C:\WINDOWS\system32\msimg32.dll - ok
11:02:07.0703 3476  [ 5F2DBE3CB563741C8084657BF956CE64 ] C:\WINDOWS\system32\oleacc.dll
11:02:07.0703 3476  C:\WINDOWS\system32\oleacc.dll - ok
11:02:07.0703 3476  [ 474B4DC3983173E4B4C9740B0DAC98A6 ] C:\WINDOWS\system32\dnsrslvr.dll
11:02:07.0703 3476  C:\WINDOWS\system32\dnsrslvr.dll - ok
11:02:07.0703 3476  [ F137A0CA70003DB20448D540651FA003 ] C:\WINDOWS\system32\clbcatq.dll
11:02:07.0703 3476  C:\WINDOWS\system32\clbcatq.dll - ok
11:02:07.0718 3476  [ 1280A158C722FA95A80FB7AEBE78FA7D ] C:\WINDOWS\system32\comres.dll
11:02:07.0718 3476  C:\WINDOWS\system32\comres.dll - ok
11:02:07.0718 3476  [ E5EDBD51476DB5001ABF5C82AE5C3DD1 ] C:\WINDOWS\system32\shgina.dll
11:02:07.0718 3476  C:\WINDOWS\system32\shgina.dll - ok
11:02:07.0718 3476  [ A7DB739AE99A796D91580147E919CC59 ] C:\WINDOWS\system32\lmhsvc.dll
11:02:07.0718 3476  C:\WINDOWS\system32\lmhsvc.dll - ok
11:02:07.0734 3476  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] C:\WINDOWS\system32\wzcsvc.dll
11:02:07.0734 3476  C:\WINDOWS\system32\wzcsvc.dll - ok
11:02:07.0734 3476  [ 876CCF164E08D6B903CD14398E056DD2 ] C:\WINDOWS\system32\rtutils.dll
11:02:07.0734 3476  C:\WINDOWS\system32\rtutils.dll - ok
11:02:07.0750 3476  [ 7B0770526801F05D58C51A3DFB87B4BD ] C:\WINDOWS\system32\wmi.dll
11:02:07.0750 3476  C:\WINDOWS\system32\wmi.dll - ok
11:02:07.0750 3476  [ E6EF7BC927D9F8F9BA1584BFC39E0C6F ] C:\WINDOWS\system32\eapolqec.dll
11:02:07.0750 3476  C:\WINDOWS\system32\eapolqec.dll - ok
11:02:07.0750 3476  [ 14EE0E012E7298FC1448A88E9FE53322 ] C:\WINDOWS\system32\atl.dll
11:02:07.0750 3476  C:\WINDOWS\system32\atl.dll - ok
11:02:07.0765 3476  [ 8E2CC37BA87D8F681066E0E9C8A19F73 ] C:\WINDOWS\system32\dot3api.dll
11:02:07.0765 3476  C:\WINDOWS\system32\dot3api.dll - ok
11:02:07.0765 3476  [ F5B754CDEA20BBB3A31E16A776EDE6D6 ] C:\WINDOWS\system32\esent.dll
11:02:07.0765 3476  C:\WINDOWS\system32\esent.dll - ok
11:02:07.0765 3476  [ 8AE93AACC648921BAACB8602991AC4B3 ] C:\WINDOWS\system32\qutil.dll
11:02:07.0765 3476  C:\WINDOWS\system32\qutil.dll - ok
11:02:07.0781 3476  [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3 ] C:\WINDOWS\system32\cryptui.dll
11:02:07.0781 3476  C:\WINDOWS\system32\cryptui.dll - ok
11:02:07.0781 3476  [ 036D3962F2086BF2A98E2873CE153828 ] C:\WINDOWS\system32\rastls.dll
11:02:07.0781 3476  C:\WINDOWS\system32\rastls.dll - ok
11:02:07.0796 3476  [ 6CE32F7778061CCC5814D5E0F282D369 ] C:\WINDOWS\system32\wininet.dll
11:02:07.0796 3476  C:\WINDOWS\system32\wininet.dll - ok
11:02:07.0812 3476  [ 10753A3ADC3E39A3B10CC3F08E98E6B4 ] C:\WINDOWS\system32\normaliz.dll
11:02:07.0812 3476  C:\WINDOWS\system32\normaliz.dll - ok
11:02:07.0812 3476  [ 05642AE6A7BDAA7541A7451F5A4C6512 ] C:\WINDOWS\system32\urlmon.dll
11:02:07.0812 3476  C:\WINDOWS\system32\urlmon.dll - ok
11:02:07.0828 3476  [ 58BD4689E1DCD40A903721D7EF45F2EC ] C:\WINDOWS\system32\iertutil.dll
11:02:07.0828 3476  C:\WINDOWS\system32\iertutil.dll - ok
11:02:07.0828 3476  [ 2CDAE321B8E878A278BA2D2FA013060B ] C:\WINDOWS\system32\activeds.dll
11:02:07.0828 3476  C:\WINDOWS\system32\activeds.dll - ok
11:02:07.0828 3476  [ 0D84657DBF93DB98673DEFDF2B29E25A ] C:\WINDOWS\system32\adsldpc.dll
11:02:07.0828 3476  C:\WINDOWS\system32\adsldpc.dll - ok
11:02:07.0843 3476  [ EA5B8BECA3F279C757578CD7F1E95855 ] C:\WINDOWS\system32\mprapi.dll
11:02:07.0843 3476  C:\WINDOWS\system32\mprapi.dll - ok
11:02:07.0843 3476  [ 92C4F48B62B0B876194584C3FF09CCB6 ] C:\WINDOWS\system32\rasapi32.dll
11:02:07.0843 3476  C:\WINDOWS\system32\rasapi32.dll - ok
11:02:07.0859 3476  [ 4DEF926F6A0545AE486A03C84F2EE482 ] C:\WINDOWS\system32\rasman.dll
11:02:07.0859 3476  C:\WINDOWS\system32\rasman.dll - ok
11:02:07.0859 3476  [ 00AABF131B4823785818DB99A075A313 ] C:\WINDOWS\system32\tapi32.dll
11:02:07.0859 3476  C:\WINDOWS\system32\tapi32.dll - ok
11:02:07.0875 3476  [ C1FAEA15E41F62D7BFA7FBC395C24BA6 ] C:\WINDOWS\system32\riched20.dll
11:02:07.0875 3476  C:\WINDOWS\system32\riched20.dll - ok
11:02:07.0875 3476  [ ED43F00CD77E72483A8625AC4F32D8D8 ] C:\WINDOWS\system32\raschap.dll
11:02:07.0875 3476  C:\WINDOWS\system32\raschap.dll - ok
11:02:07.0875 3476  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] C:\WINDOWS\system32\schedsvc.dll
11:02:07.0875 3476  C:\WINDOWS\system32\schedsvc.dll - ok
11:02:07.0890 3476  [ E47E364C96467FD54FA44D59F927C3AB ] C:\WINDOWS\system32\msidle.dll
11:02:07.0890 3476  C:\WINDOWS\system32\msidle.dll - ok
11:02:07.0890 3476  [ D8E14A61ACC1D4A6CD0D38AEBAC7FA3B ] C:\WINDOWS\system32\spoolsv.exe
11:02:07.0890 3476  C:\WINDOWS\system32\spoolsv.exe - ok
11:02:07.0906 3476  [ DEF7A7882BEC100FE0B2CE2549188F9D ] C:\WINDOWS\system32\audiosrv.dll
11:02:07.0906 3476  C:\WINDOWS\system32\audiosrv.dll - ok
11:02:07.0906 3476  [ 1B67B632786FEF1C1BBAEF46C2F3F2E6 ] C:\WINDOWS\system32\wkssvc.dll
11:02:07.0906 3476  C:\WINDOWS\system32\wkssvc.dll - ok
11:02:07.0921 3476  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] C:\WINDOWS\system32\drivers\mrxdav.sys
11:02:07.0921 3476  C:\WINDOWS\system32\drivers\mrxdav.sys - ok
11:02:07.0921 3476  [ 77A354E28153AD2D5E120A5A8687BC06 ] C:\WINDOWS\system32\webclnt.dll
11:02:07.0921 3476  C:\WINDOWS\system32\webclnt.dll - ok
11:02:07.0921 3476  [ 2FE6D5BE0629F706197B30C0AA05DE30 ] C:\WINDOWS\system32\drivers\BRPAR.SYS
11:02:07.0921 3476  C:\WINDOWS\system32\drivers\BRPAR.SYS - ok
11:02:07.0937 3476  [ C5A75EB48E2344ABDC162BDA79E16841 ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:02:07.0937 3476  C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok
11:02:07.0937 3476  [ A9A3DAA780CA6C9671A19D52456705B4 ] C:\WINDOWS\system32\alrsvc.dll
11:02:07.0937 3476  C:\WINDOWS\system32\alrsvc.dll - ok
11:02:07.0953 3476  [ E5F7C30EDF0892667933BE879F067D67 ] C:\WINDOWS\system32\msvcr100_clr0400.dll
11:02:07.0953 3476  C:\WINDOWS\system32\msvcr100_clr0400.dll - ok
11:02:07.0953 3476  [ B04DB1F0B2652FCBCCC5FD0C46579F0F ] C:\WINDOWS\system32\mscoree.dll
11:02:07.0953 3476  C:\WINDOWS\system32\mscoree.dll - ok
11:02:07.0968 3476  [ DE5D05FD449798EF88CC34AD4B1E7F85 ] C:\Program Files\Java\jre6\bin\jqs.exe
11:02:07.0968 3476  C:\Program Files\Java\jre6\bin\jqs.exe - ok
11:02:07.0968 3476  [ 3D4E199942E29207970E04315D02AD3B ] C:\WINDOWS\system32\cryptsvc.dll
11:02:07.0968 3476  C:\WINDOWS\system32\cryptsvc.dll - ok
11:02:07.0968 3476  [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Program Files\Java\jre6\bin\msvcr71.dll
11:02:07.0968 3476  C:\Program Files\Java\jre6\bin\msvcr71.dll - ok
11:02:07.0984 3476  [ 00709952D444EAE14DBBD30D36FBAE0F ] C:\WINDOWS\system32\certcli.dll
11:02:07.0984 3476  C:\WINDOWS\system32\certcli.dll - ok
11:02:07.0984 3476  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
11:02:07.0984 3476  C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll - ok
11:02:08.0000 3476  [ 5454607F90878D7CD0BCDB6E0D3F235F ] C:\WINDOWS\system32\pdh.dll
11:02:08.0000 3476  C:\WINDOWS\system32\pdh.dll - ok
11:02:08.0000 3476  [ 19A799805B24990867B00C120D300C3A ] C:\WINDOWS\system32\es.dll
11:02:08.0000 3476  C:\WINDOWS\system32\es.dll - ok
11:02:08.0015 3476  [ BC93B4A066477954555966D77FEC9ECB ] C:\WINDOWS\system32\ersvc.dll
11:02:08.0015 3476  C:\WINDOWS\system32\ersvc.dll - ok
11:02:08.0015 3476  [ 369F7B1A4F358B976176556A1A331F36 ] C:\WINDOWS\system32\odbcbcp.dll
11:02:08.0015 3476  C:\WINDOWS\system32\odbcbcp.dll - ok
11:02:08.0015 3476  [ C0F7C25EEFB1C5FD554AAA801201A83C ] C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
11:02:08.0015 3476  C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll - ok
11:02:08.0031 3476  [ 85B16A92B117A5A800032ECD904B86DB ] C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
11:02:08.0031 3476  C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe - ok
11:02:08.0031 3476  [ F385F4B02C535BFFE1D70CAB80838123 ] C:\WINDOWS\system32\srvsvc.dll
11:02:08.0031 3476  C:\WINDOWS\system32\srvsvc.dll - ok
11:02:08.0046 3476  [ A8AD2773202A3913D1E1564BD5703183 ] C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll
11:02:08.0046 3476  C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll - ok
11:02:08.0046 3476  [ 20FD44370267CCD0A64A1B31861C21D2 ] C:\WINDOWS\system32\netmsg.dll
11:02:08.0046 3476  C:\WINDOWS\system32\netmsg.dll - ok
11:02:08.0062 3476  [ 5252605079810904E31C332E241CD59B ] C:\WINDOWS\system32\drivers\srv.sys
11:02:08.0062 3476  C:\WINDOWS\system32\drivers\srv.sys - ok
11:02:08.0062 3476  [ ACDAFCD14EC0ECE89198503746A5C147 ] C:\WINDOWS\system32\perfos.dll
11:02:08.0062 3476  C:\WINDOWS\system32\perfos.dll - ok
11:02:08.0062 3476  [ ABFB673B24A9B3287761D497529FB5B9 ] C:\WINDOWS\system32\perfdisk.dll
11:02:08.0062 3476  C:\WINDOWS\system32\perfdisk.dll - ok
11:02:08.0078 3476  [ 20E2469DB709FC675E655CEAA11BE312 ] C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
11:02:08.0078 3476  C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe - ok
11:02:08.0078 3476  [ 8EB9DF4D405524D5EF69AE9ECB0EDD16 ] C:\Program Files\Malwarebytes' Anti-Malware\mbamcore.dll
11:02:08.0078 3476  C:\Program Files\Malwarebytes' Anti-Malware\mbamcore.dll - ok
11:02:08.0093 3476  [ 7CF1B716372B89568AE4C0FE769F5869 ] C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
11:02:08.0093 3476  C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe - ok
11:02:08.0093 3476  [ 40DFAED0B3CB29209608C841C1AA515B ] C:\Program Files\Java\jre6\bin\awt.dll
11:02:08.0093 3476  C:\Program Files\Java\jre6\bin\awt.dll - ok
11:02:08.0109 3476  [ F758EC896516BCD745603132AB2E4B02 ] C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\csm.dll
11:02:08.0109 3476  C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\csm.dll - ok
11:02:08.0109 3476  [ ADD6A4BDEB0E92A426EDDB0E51A6072C ] C:\Program Files\Java\jre6\bin\client\jvm.dll
11:02:08.0109 3476  C:\Program Files\Java\jre6\bin\client\jvm.dll - ok
11:02:08.0109 3476  [ FA8A2FE296CDDB1D6A38794709A8D983 ] C:\Program Files\Java\jre6\bin\dcpr.dll
11:02:08.0109 3476  C:\Program Files\Java\jre6\bin\dcpr.dll - ok
11:02:08.0125 3476  [ 50473A39CB76903D1E2527D3E74AB7EC ] C:\Program Files\Java\jre6\bin\deploy.dll
11:02:08.0125 3476  C:\Program Files\Java\jre6\bin\deploy.dll - ok
11:02:08.0125 3476  [ EE8616902241F0DA856FE5339441354F ] C:\Program Files\Java\jre6\bin\fontmanager.dll
11:02:08.0125 3476  C:\Program Files\Java\jre6\bin\fontmanager.dll - ok
11:02:08.0140 3476  [ 81EF660875D019FCDAA1A83CBFEC94C3 ] C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\msdbg2.dll
11:02:08.0140 3476  C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\msdbg2.dll - ok
11:02:08.0140 3476  [ F2840DBFE9322F35557219AE82CC4597 ] C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe
11:02:08.0140 3476  C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe - ok
11:02:08.0156 3476  [ 13C5552B250DD22A39313ABB991D6A89 ] C:\Program Files\Java\jre6\bin\hpi.dll
11:02:08.0156 3476  C:\Program Files\Java\jre6\bin\hpi.dll - ok
11:02:08.0156 3476  [ B2EEE3DEE31F50E082E9C720A6D7757D ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
11:02:08.0156 3476  C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll - ok
11:02:08.0171 3476  [ 8EC6C44469DD0D5BAEA92EC8E1AF19A0 ] C:\Program Files\Java\jre6\bin\java.dll
11:02:08.0171 3476  C:\Program Files\Java\jre6\bin\java.dll - ok
11:02:08.0171 3476  [ 647203A4393BA299C1F006EE485ECAD5 ] C:\Program Files\Java\jre6\bin\javaw.exe
11:02:08.0171 3476  C:\Program Files\Java\jre6\bin\javaw.exe - ok
11:02:08.0171 3476  [ 69972A7B3F0F85833B0FD56FA791D5B3 ] C:\Program Files\Java\jre6\bin\jp2native.dll
11:02:08.0171 3476  C:\Program Files\Java\jre6\bin\jp2native.dll - ok
11:02:08.0187 3476  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] C:\WINDOWS\system32\netman.dll
11:02:08.0187 3476  C:\WINDOWS\system32\netman.dll - ok
11:02:08.0187 3476  [ BAE6DC953AA8C1D7D5CB4EB6603BDFB2 ] C:\Program Files\Java\jre6\bin\jpeg.dll
11:02:08.0187 3476  C:\Program Files\Java\jre6\bin\jpeg.dll - ok
11:02:08.0187 3476  [ D81DB2FF5F34DD9CC81F0543C8433B83 ] C:\Program Files\Java\jre6\bin\net.dll
11:02:08.0187 3476  C:\Program Files\Java\jre6\bin\net.dll - ok
11:02:08.0203 3476  [ F5A1D718D0AECFD164A1A8C33DF75D96 ] C:\Program Files\Java\jre6\bin\nio.dll
11:02:08.0203 3476  C:\Program Files\Java\jre6\bin\nio.dll - ok
11:02:08.0203 3476  [ C52DB18ECA89CBDADE1D434910DB65CF ] C:\Program Files\Java\jre6\bin\regutils.dll
11:02:08.0203 3476  C:\Program Files\Java\jre6\bin\regutils.dll - ok
11:02:08.0218 3476  [ 5FFBE662214D694E905545B3FD6BFBC3 ] C:\Program Files\Java\jre6\bin\verify.dll
11:02:08.0218 3476  C:\Program Files\Java\jre6\bin\verify.dll - ok
11:02:08.0218 3476  [ 890C93AB6FC0DCF06A8AD11598AF7C1C ] C:\Program Files\Java\jre6\bin\zip.dll
11:02:08.0218 3476  C:\Program Files\Java\jre6\bin\zip.dll - ok
11:02:08.0234 3476  [ 7538050656FE5D63CB4B80349DD1CFE3 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
11:02:08.0234 3476  C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll - ok
11:02:08.0234 3476  [ 4853FAA23868E66FD66DC81B8DD42333 ] C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccl110u.dll
11:02:08.0234 3476  C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccl110u.dll - ok
11:02:08.0234 3476  [ B6E6F3F5B63053D5DC1F4EE32992492F ] C:\WINDOWS\system32\dbghelp.dll
11:02:08.0234 3476  C:\WINDOWS\system32\dbghelp.dll - ok
11:02:08.0250 3476  [ 332760FBA1655FCFD35BD6F4FD871300 ] C:\WINDOWS\system32\ipsecsvc.dll
11:02:08.0250 3476  C:\WINDOWS\system32\ipsecsvc.dll - ok
11:02:08.0250 3476  [ 33CEB89B62589E8B12AEE9E2D523DADE ] C:\WINDOWS\system32\oakley.dll
11:02:08.0250 3476  C:\WINDOWS\system32\oakley.dll - ok
11:02:08.0265 3476  [ 2257C98561EBAC594A8BB797970D6D54 ] C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccvrtrst.dll
11:02:08.0265 3476  C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccvrtrst.dll - ok
11:02:08.0265 3476  [ 8B8EEDA3D4B9C32170918B4EB8EF023B ] C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccsvc.dll
11:02:08.0265 3476  C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccsvc.dll - ok
11:02:08.0281 3476  [ 52364B2BBA5D1CB4E6A55076EB184D90 ] C:\Program Files\Norton Internet Security\Engine\19.9.0.9\efacli.dll
11:02:08.0281 3476  C:\Program Files\Norton Internet Security\Engine\19.9.0.9\efacli.dll - ok
11:02:08.0281 3476  [ 65D64BB840ABF8AA317E1A56595C5E28 ] C:\Program Files\Norton Internet Security\Engine\19.9.0.9\srtsp32.dll
11:02:08.0281 3476  C:\Program Files\Norton Internet Security\Engine\19.9.0.9\srtsp32.dll - ok
11:02:08.0281 3476  [ 79ED7408D94471522D5C34BA10BCC7B9 ] C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccipc.dll
11:02:08.0281 3476  C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccipc.dll - ok
11:02:08.0296 3476  [ 284DAE55DED345F240DF806D45711E0B ] C:\Program Files\Norton Internet Security\Engine\19.9.0.9\dimaster.dll
11:02:08.0296 3476  C:\Program Files\Norton Internet Security\Engine\19.9.0.9\dimaster.dll - ok
11:02:08.0296 3476  [ 5684762CF40116976A0007EECD5A587D ] C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccset.dll
11:02:08.0296 3476  C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccset.dll - ok
11:02:08.0312 3476  [ 83020C1F1FD615BC300D1F50AF187FAA ] C:\Program Files\Norton Internet Security\Engine\19.9.0.9\isdatasv.dll
11:02:08.0312 3476  C:\Program Files\Norton Internet Security\Engine\19.9.0.9\isdatasv.dll - ok
11:02:08.0312 3476  [ 062F837C1FBDB6A0A75F82EFC2EE8E74 ] C:\WINDOWS\system32\netshell.dll
11:02:08.0312 3476  C:\WINDOWS\system32\netshell.dll - ok
11:02:08.0328 3476  [ 248712EA6BA17B9FF0C542A3828375DD ] C:\WINDOWS\system32\winipsec.dll
11:02:08.0328 3476  C:\WINDOWS\system32\winipsec.dll - ok
11:02:08.0328 3476  [ D29F2889BAA10E19AD9FF70C8D5ECF50 ] C:\WINDOWS\system32\winhttp.dll
11:02:08.0328 3476  C:\WINDOWS\system32\winhttp.dll - ok
11:02:08.0328 3476  [ 853D0D0C6F02D7BFDF1CF99DD7553732 ] C:\WINDOWS\system32\pstorsvc.dll
11:02:08.0328 3476  C:\WINDOWS\system32\pstorsvc.dll - ok
11:02:08.0343 3476  [ 22D89D84E8E081CDA529DBF8C0255A38 ] C:\WINDOWS\system32\psbase.dll
11:02:08.0343 3476  C:\WINDOWS\system32\psbase.dll - ok
11:02:08.0343 3476  [ FEDE68BF80052BAD393AFD5C2E60DCB0 ] C:\WINDOWS\system32\dssenh.dll
11:02:08.0343 3476  C:\WINDOWS\system32\dssenh.dll - ok
11:02:08.0359 3476  [ 235892E493845D64D890163CFEF90E97 ] C:\WINDOWS\system32\credui.dll
11:02:08.0359 3476  C:\WINDOWS\system32\credui.dll - ok
11:02:08.0359 3476  [ 4E8F3230BAC8C1CAADF01A8C728E1C5C ] C:\WINDOWS\system32\dot3dlg.dll
11:02:08.0359 3476  C:\WINDOWS\system32\dot3dlg.dll - ok
11:02:08.0375 3476  [ CA04959077AFE36369D37B3504740C87 ] C:\WINDOWS\system32\onex.dll
11:02:08.0375 3476  C:\WINDOWS\system32\onex.dll - ok
11:02:08.0375 3476  [ CCFEB334938BB93C0B8FF5A5BC928931 ] C:\Program Files\Norton Internet Security\Engine\19.9.0.9\isdatapr.dll
11:02:08.0375 3476  C:\Program Files\Norton Internet Security\Engine\19.9.0.9\isdatapr.dll - ok
11:02:08.0375 3476  [ 5DB625E7D095604010CF84DE2D8ACFA6 ] C:\WINDOWS\system32\eappcfg.dll
11:02:08.0375 3476  C:\WINDOWS\system32\eappcfg.dll - ok
11:02:08.0390 3476  [ ABC4206543450C0666D152F4B65833B8 ] C:\WINDOWS\system32\eappprxy.dll
11:02:08.0390 3476  C:\WINDOWS\system32\eappprxy.dll - ok
11:02:08.0390 3476  [ 767FF54A552732CE772C2302025FA82F ] C:\WINDOWS\system32\wzcsapi.dll
11:02:08.0390 3476  C:\WINDOWS\system32\wzcsapi.dll - ok
11:02:08.0406 3476  [ 96A0FF09E226B023DC6ACA253AACEE2E ] C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
11:02:08.0406 3476  C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe - ok
11:02:08.0406 3476  [ 83BA5E873164A3711B44052F58C8FE9F ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
11:02:08.0406 3476  C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll - ok
11:02:08.0421 3476  [ 67BF0C8BDA19A0E61BF2DE5B499049E4 ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
11:02:08.0421 3476  C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll - ok
11:02:08.0421 3476  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] C:\WINDOWS\system32\wuauserv.dll
11:02:08.0421 3476  C:\WINDOWS\system32\wuauserv.dll - ok
11:02:08.0421 3476  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] C:\WINDOWS\system32\wiaservc.dll
11:02:08.0421 3476  C:\WINDOWS\system32\wiaservc.dll - ok
11:02:08.0437 3476  [ C9564CF4976E7E96B4052737AA2492B4 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
11:02:08.0437 3476  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll - ok
11:02:08.0437 3476  [ 5F0CE62E0831CF972EC6949FD3E37DA7 ] C:\WINDOWS\system32\cfgmgr32.dll
11:02:08.0437 3476  C:\WINDOWS\system32\cfgmgr32.dll - ok
11:02:08.0453 3476  [ 2D0E4ED081963804CCC196A0929275B5 ] C:\WINDOWS\system32\wbem\wmisvc.dll
11:02:08.0453 3476  C:\WINDOWS\system32\wbem\wmisvc.dll - ok
11:02:08.0453 3476  [ 9333DBAEDD617899C3562E937949D068 ] C:\WINDOWS\system32\mscms.dll
11:02:08.0453 3476  C:\WINDOWS\system32\mscms.dll - ok
11:02:08.0453 3476  [ ACACB8B14E66109B8ACD6644B5574B9A ] C:\WINDOWS\system32\vssapi.dll
11:02:08.0453 3476  C:\WINDOWS\system32\vssapi.dll - ok
11:02:08.0468 3476  [ D3BC53216811710E24046C80C3907785 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll
11:02:08.0468 3476  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll - ok
11:02:08.0468 3476  [ D2F77E5DC1800BBC2CFFB5E76586B293 ] C:\WINDOWS\system32\wuaueng.dll
11:02:08.0468 3476  C:\WINDOWS\system32\wuaueng.dll - ok
11:02:08.0468 3476  [ 8FED1E0A491D4990853D23F21C59C730 ] C:\WINDOWS\system32\advpack.dll
11:02:08.0468 3476  C:\WINDOWS\system32\advpack.dll - ok
11:02:08.0484 3476  [ F9D3C78CFE15271D80790677C893CE45 ] C:\WINDOWS\system32\cabinet.dll
11:02:08.0484 3476  C:\WINDOWS\system32\cabinet.dll - ok
11:02:08.0484 3476  [ B85E95679B5ADC12311BCD3F5385D623 ] C:\WINDOWS\system32\mspatcha.dll
11:02:08.0484 3476  C:\WINDOWS\system32\mspatcha.dll - ok
11:02:08.0500 3476  [ C14AA05881A35B6D6BB8D55B117EE22D ] C:\WINDOWS\system32\shfolder.dll
11:02:08.0500 3476  C:\WINDOWS\system32\shfolder.dll - ok
11:02:08.0500 3476  [ 912B67BB8249925A5C972FC5839EAE09 ] C:\WINDOWS\system32\actxprxy.dll
11:02:08.0500 3476  C:\WINDOWS\system32\actxprxy.dll - ok
11:02:08.0500 3476  [ 55BCA12F7F523D35CA3CB833C725F54E ] C:\WINDOWS\system32\trkwks.dll
11:02:08.0500 3476  C:\WINDOWS\system32\trkwks.dll - ok
11:02:08.0515 3476  [ 3805DF0AC4296A34BA4BF93B346CC378 ] C:\WINDOWS\system32\srsvc.dll
11:02:08.0515 3476  C:\WINDOWS\system32\srsvc.dll - ok
11:02:08.0515 3476  [ 50A166237A0FA771261275A405646CC0 ] C:\WINDOWS\system32\powrprof.dll
11:02:08.0515 3476  C:\WINDOWS\system32\powrprof.dll - ok
11:02:08.0531 3476  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] C:\WINDOWS\system32\sens.dll
11:02:08.0531 3476  C:\WINDOWS\system32\sens.dll - ok
11:02:08.0531 3476  [ CBE612E2BB6A10E3563336191EDA1250 ] C:\WINDOWS\system32\seclogon.dll
11:02:08.0531 3476  C:\WINDOWS\system32\seclogon.dll - ok
11:02:08.0531 3476  [ 1B328AC82718850510881289BF8533FD ] C:\WINDOWS\system32\msxml3.dll
11:02:08.0531 3476  C:\WINDOWS\system32\msxml3.dll - ok
11:02:08.0546 3476  [ ED0C0DF222209E43AD9AFBF3FE87DDE0 ] C:\WINDOWS\system32\comsvcs.dll
11:02:08.0546 3476  C:\WINDOWS\system32\comsvcs.dll - ok
11:02:08.0546 3476  [ F282D4EDD85D53E20D902CC92190C5F5 ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
11:02:08.0546 3476  C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll - ok
11:02:08.0562 3476  [ 690D97864735E8ECD87F55777E266690 ] C:\WINDOWS\system32\colbact.dll
11:02:08.0562 3476  C:\WINDOWS\system32\colbact.dll - ok
11:02:08.0562 3476  [ 72CD04A8789BEFAB99F06658A41D10C9 ] C:\WINDOWS\system32\mtxclu.dll
11:02:08.0562 3476  C:\WINDOWS\system32\mtxclu.dll - ok
11:02:08.0562 3476  [ C14350FC0D47D806699C4F907FC6785B ] C:\WINDOWS\system32\cryptnet.dll
11:02:08.0562 3476  C:\WINDOWS\system32\cryptnet.dll - ok
11:02:08.0578 3476  [ DF82E222578DBE59FCBBD69A02E4C806 ] C:\WINDOWS\system32\clusapi.dll
11:02:08.0578 3476  C:\WINDOWS\system32\clusapi.dll - ok
11:02:08.0578 3476  [ 3CBA2210FA39C6ED7895634842E930DD ] C:\WINDOWS\system32\sensapi.dll
11:02:08.0578 3476  C:\WINDOWS\system32\sensapi.dll - ok
11:02:08.0578 3476  [ 67156D5A9AC356DC99D7BCCB388E3316 ] C:\WINDOWS\system32\wsock32.dll
11:02:08.0578 3476  C:\WINDOWS\system32\wsock32.dll - ok
11:02:08.0593 3476  [ F51EBB6FC536A6B2D588FD668D3A8249 ] C:\WINDOWS\system32\resutils.dll
11:02:08.0593 3476  C:\WINDOWS\system32\resutils.dll - ok
11:02:08.0593 3476  [ 989CAEAA4ADA032D649395A3311FF98B ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
11:02:08.0593 3476  C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll - ok
11:02:08.0609 3476  [ D234CE89C6BF195B4C7EA2A883C228DF ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll
11:02:08.0609 3476  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll - ok
11:02:08.0609 3476  [ 9CAE2153CC9EA8308C637549633D281E ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\a9e71dda6389403be4db7b567592e3b8\System.ServiceProcess.ni.dll
11:02:08.0609 3476  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\a9e71dda6389403be4db7b567592e3b8\System.ServiceProcess.ni.dll - ok
11:02:08.0625 3476  [ 705B65759E29771F00B8A0BE3510674C ] C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientDll.dll
11:02:08.0625 3476  C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientDll.dll - ok
11:02:08.0625 3476  [ A06CE3399D16DB864F55FAEB1F1927A9 ] C:\WINDOWS\system32\browser.dll
11:02:08.0625 3476  C:\WINDOWS\system32\browser.dll - ok
11:02:08.0625 3476  [ 7589B5E4EEA83AC65F7E0391BDE78418 ] C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientAppRoot.dll
11:02:08.0625 3476  C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientAppRoot.dll - ok
11:02:08.0640 3476  [ 71C5E0AE7B8C90795DCE874FEB69B15F ] C:\Program Files\Amazon\Amazon Unbox Video\LimelightDownloadManager.dll
11:02:08.0640 3476  C:\Program Files\Amazon\Amazon Unbox Video\LimelightDownloadManager.dll - ok
11:02:08.0640 3476  [ FA93BC3B3867980B4021E6894F39BD42 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\36f3953f24d4f0b767bf172331ad6f3e\System.Xml.ni.dll
11:02:08.0640 3476  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\36f3953f24d4f0b767bf172331ad6f3e\System.Xml.ni.dll - ok
11:02:08.0656 3476  [ 7C278E6408D1DCE642230C0585A854D5 ] C:\WINDOWS\system32\wscsvc.dll
11:02:08.0656 3476  C:\WINDOWS\system32\wscsvc.dll - ok
11:02:08.0656 3476  [ ED9F4B38227B793DA5F1F404E6651065 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb4cb21d14767292e079366a5d3d76cd\System.Configuration.ni.dll
11:02:08.0656 3476  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb4cb21d14767292e079366a5d3d76cd\System.Configuration.ni.dll - ok
11:02:08.0656 3476  [ 97AF50CCDEC0D3AC1F436AF55A7DFF84 ] C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientAppRoot.XmlSerializers.dll
11:02:08.0656 3476  C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientAppRoot.XmlSerializers.dll - ok
11:02:08.0671 3476  [ 219AF0F9A54EBEEB3E7E20025D801034 ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll
11:02:08.0671 3476  C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll - ok
11:02:08.0671 3476  [ 51301ACC5E5FDA65CFA1968395E5D951 ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe
11:02:08.0671 3476  C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe - ok
11:02:08.0671 3476  [ 98B17BDA1D0BEA2FC8313DB218C0139F ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
11:02:08.0671 3476  C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscomp.dll - ok
11:02:08.0687 3476  [ 30B5A2254561E21CCC7BA21F80165D0B ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\alink.dll
11:02:08.0687 3476  C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\alink.dll - ok
11:02:08.0687 3476  [ 44DE39CB56D1919346C09C92A4B57C69 ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
11:02:08.0687 3476  C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll - ok
11:02:08.0703 3476  [ 88E05F3B2031980A48D458EB78C67659 ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
11:02:08.0703 3476  C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cvtres.exe - ok
11:02:08.0703 3476  [ 860FAD57B4668A9F5F350A9D5444AE89 ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
11:02:08.0703 3476  C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll - ok
11:02:08.0703 3476  [ 303A63F4B913AA5D8998161CB77A8CE7 ] C:\WINDOWS\system32\feclient.dll
11:02:08.0703 3476  C:\WINDOWS\system32\feclient.dll - ok
11:02:08.0718 3476  [ DAC5A22A1D17BD8CCB161CF630BD26EF ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\1dad08772eb89d48a8a0cfe9b0467eb0\System.Web.Services.ni.dll
11:02:08.0718 3476  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\1dad08772eb89d48a8a0cfe9b0467eb0\System.Web.Services.ni.dll - ok
11:02:08.0718 3476  [ 8C22083ED515DC94D575438662F0BE6A ] C:\WINDOWS\system32\msi.dll
11:02:08.0718 3476  C:\WINDOWS\system32\msi.dll - ok
11:02:08.0734 3476  [ 83F41D0D89645D7235C051AB1D9523AC ] C:\WINDOWS\system32\ipnathlp.dll
11:02:08.0734 3476  C:\WINDOWS\system32\ipnathlp.dll - ok
11:02:08.0734 3476  [ 205ADD80FF8099B1A8101EB490B933D1 ] C:\WINDOWS\system32\wbem\wbemprox.dll
11:02:08.0734 3476  C:\WINDOWS\system32\wbem\wbemprox.dll - ok
11:02:08.0734 3476  [ D95C71052E5EF63B55997FB31483D02F ] C:\WINDOWS\system32\wbem\wbemcomn.dll
11:02:08.0734 3476  C:\WINDOWS\system32\wbem\wbemcomn.dll - ok
11:02:08.0750 3476  [ F0BF811622F2DD6C8E26EE4600D83731 ] C:\WINDOWS\system32\wbem\wbemcore.dll
11:02:08.0750 3476  C:\WINDOWS\system32\wbem\wbemcore.dll - ok
11:02:08.0750 3476  [ E4616430709F440CF1809D88DC2366EA ] C:\WINDOWS\system32\wbem\esscli.dll
11:02:08.0750 3476  C:\WINDOWS\system32\wbem\esscli.dll - ok
11:02:08.0765 3476  [ 60027BEA3E76D7DD8D96C02432BFDE82 ] C:\WINDOWS\system32\wbem\fastprox.dll
11:02:08.0765 3476  C:\WINDOWS\system32\wbem\fastprox.dll - ok
11:02:08.0765 3476  [ 010472D0AE758227C6F6E6933549C219 ] C:\WINDOWS\system32\wbem\wbemsvc.dll
11:02:08.0765 3476  C:\WINDOWS\system32\wbem\wbemsvc.dll - ok
11:02:08.0765 3476  [ 3273D1565BF30225C115B480A3BB2C9D ] C:\WINDOWS\system32\wbem\wmiutils.dll
11:02:08.0765 3476  C:\WINDOWS\system32\wbem\wmiutils.dll - ok
11:02:08.0781 3476  [ 942A17D2901A31EA68627CBFFCD268CC ] C:\WINDOWS\system32\wbem\repdrvfs.dll
11:02:08.0781 3476  C:\WINDOWS\system32\wbem\repdrvfs.dll - ok
11:02:08.0781 3476  [ C2A4FDBD76953411000A01EB047DDC12 ] C:\WINDOWS\system32\wbem\wmiprvsd.dll
11:02:08.0781 3476  C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok
11:02:08.0796 3476  [ 26D881D27CBE51D3614E68D7313EA026 ] C:\WINDOWS\system32\wbem\wbemess.dll
11:02:08.0796 3476  C:\WINDOWS\system32\wbem\wbemess.dll - ok
11:02:08.0796 3476  [ 8C515081584A38AA007909CD02020B3D ] C:\WINDOWS\system32\alg.exe
11:02:08.0796 3476  C:\WINDOWS\system32\alg.exe - ok
11:02:08.0796 3476  [ 8C54260D3263ED4E9BEA132FEB3BFCB1 ] C:\WINDOWS\system32\wuapi.dll
11:02:08.0796 3476  C:\WINDOWS\system32\wuapi.dll - ok
11:02:08.0812 3476  [ 37A62C6092AADD2EFDE0468DD8818E99 ] C:\WINDOWS\system32\netcfgx.dll
11:02:08.0812 3476  C:\WINDOWS\system32\netcfgx.dll - ok
11:02:08.0812 3476  [ D26451B540720A7313A9BCBE794DAF62 ] C:\WINDOWS\system32\wbem\ncprov.dll
11:02:08.0812 3476  C:\WINDOWS\system32\wbem\ncprov.dll - ok
11:02:08.0828 3476  [ 6404807ABC7AF52FA3792697AE638B50 ] C:\WINDOWS\system32\wbem\wbemcons.dll
11:02:08.0828 3476  C:\WINDOWS\system32\wbem\wbemcons.dll - ok
11:02:08.0828 3476  [ 085ED2E391A871C7BAE87E0228B546BA ] C:\WINDOWS\system32\cscui.dll
11:02:08.0828 3476  C:\WINDOWS\system32\cscui.dll - ok
11:02:08.0843 3476  [ 3E2F3E2F4A82B7FAE23BAB864FB0F837 ] C:\WINDOWS\system32\dpcdll.dll
11:02:08.0843 3476  C:\WINDOWS\system32\dpcdll.dll - ok
11:02:08.0843 3476  [ FF3477C03BE7201C294C35F684B3479F ] C:\WINDOWS\system32\termsrv.dll
11:02:08.0843 3476  C:\WINDOWS\system32\termsrv.dll - ok
11:02:08.0843 3476  [ 6768ACF64B18196494413695F0C3A00F ] C:\WINDOWS\system32\drivers\wdmaud.sys
11:02:08.0843 3476  C:\WINDOWS\system32\drivers\wdmaud.sys - ok
11:02:08.0859 3476  [ 680B56A8B62D1BCF4A0B2AAAD03D88E4 ] C:\WINDOWS\system32\wdmaud.drv
11:02:08.0859 3476  C:\WINDOWS\system32\wdmaud.drv - ok
11:02:08.0859 3476  [ DF6551E4C4C46655A0C76194F1FCEA5D ] C:\WINDOWS\system32\icaapi.dll
11:02:08.0859 3476  C:\WINDOWS\system32\icaapi.dll - ok
11:02:08.0859 3476  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] C:\WINDOWS\system32\drivers\sysaudio.sys
11:02:08.0875 3476  C:\WINDOWS\system32\drivers\sysaudio.sys - ok
11:02:08.0875 3476  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] C:\WINDOWS\system32\drivers\splitter.sys
11:02:08.0875 3476  C:\WINDOWS\system32\drivers\splitter.sys - ok
11:02:08.0875 3476  [ 8BED39E3C35D6A489438B8141717A557 ] C:\WINDOWS\system32\drivers\aec.sys
11:02:08.0875 3476  C:\WINDOWS\system32\drivers\aec.sys - ok
11:02:08.0890 3476  [ 0FFAE66E6D5B1C87CBD22D1F3B6079FD ] C:\WINDOWS\system32\wbem\wmiprvse.exe
11:02:08.0890 3476  C:\WINDOWS\system32\wbem\wmiprvse.exe - ok
11:02:08.0890 3476  [ A93AEE1928A9D7CE3E16D24EC7380F89 ] C:\WINDOWS\system32\userinit.exe
11:02:08.0890 3476  C:\WINDOWS\system32\userinit.exe - ok
11:02:08.0890 3476  [ 12E33DD823D74680DE6F33BFA359EFB3 ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
11:02:08.0906 3476  C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe - ok
11:02:08.0906 3476  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] C:\WINDOWS\system32\drivers\swmidi.sys
11:02:08.0906 3476  C:\WINDOWS\system32\drivers\swmidi.sys - ok
11:02:08.0906 3476  [ 8A208DFCF89792A484E76C40E5F50B45 ] C:\WINDOWS\system32\drivers\dmusic.sys
11:02:08.0906 3476  C:\WINDOWS\system32\drivers\dmusic.sys - ok
11:02:08.0921 3476  [ 2D65D56C2F8B6CC5EBFF8E7200C30304 ] C:\WINDOWS\system32\mstlsapi.dll
11:02:08.0921 3476  C:\WINDOWS\system32\mstlsapi.dll - ok
11:02:08.0921 3476  [ 692BCF44383D056AED41B045A323D378 ] C:\WINDOWS\system32\drivers\kmixer.sys
11:02:08.0921 3476  C:\WINDOWS\system32\drivers\kmixer.sys - ok
11:02:08.0937 3476  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] C:\WINDOWS\system32\drivers\drmkaud.sys
11:02:08.0937 3476  C:\WINDOWS\system32\drivers\drmkaud.sys - ok
11:02:08.0937 3476  [ 9A3BD5F55AADFF859539142F6328A66E ] C:\WINDOWS\system32\msacm32.drv
11:02:08.0937 3476  C:\WINDOWS\system32\msacm32.drv - ok
11:02:08.0937 3476  [ 5C12660A97822F6E61576943B49AAAD6 ] C:\WINDOWS\system32\midimap.dll
11:02:08.0937 3476  C:\WINDOWS\system32\midimap.dll - ok
11:02:08.0953 3476  [ 12896823FB95BFB3DC9B46BCAEDC9923 ] C:\WINDOWS\explorer.exe
11:02:08.0953 3476  C:\WINDOWS\explorer.exe - ok
11:02:08.0953 3476  [ E837FDBB92E9873E538395B623F45462 ] C:\WINDOWS\system32\wbem\cimwin32.dll
11:02:08.0953 3476  C:\WINDOWS\system32\wbem\cimwin32.dll - ok
11:02:08.0968 3476  [ 4306FA2F1099D7C606139255FDB62B19 ] C:\WINDOWS\system32\wbem\framedyn.dll
11:02:08.0968 3476  C:\WINDOWS\system32\wbem\framedyn.dll - ok
11:02:08.0968 3476  [ F92E1076C42FCD6DB3D72D8CFE9816D5 ] C:\WINDOWS\system32\wscntfy.exe
11:02:08.0968 3476  C:\WINDOWS\system32\wscntfy.exe - ok
11:02:08.0968 3476  [ E392E172687BE172F8600C5F41AB03D9 ] C:\WINDOWS\system32\browseui.dll
11:02:08.0968 3476  C:\WINDOWS\system32\browseui.dll - ok
11:02:08.0984 3476  [ 26CB10FA893F940AB09713FF46DCDADE ] C:\WINDOWS\system32\shdocvw.dll
11:02:08.0984 3476  C:\WINDOWS\system32\shdocvw.dll - ok
11:02:08.0984 3476  [ 3CB78C17BB664637787C9A1C98F79C38 ] C:\WINDOWS\system32\tapisrv.dll
11:02:08.0984 3476  C:\WINDOWS\system32\tapisrv.dll - ok
11:02:09.0000 3476  [ F6CC2FD47787F6E7045D544E1B568458 ] C:\Program Files\Real\RealUpgrade\realupgrade.exe
11:02:09.0000 3476  C:\Program Files\Real\RealUpgrade\realupgrade.exe - ok
11:02:09.0000 3476  [ 731F22BA402EE4B62748ADAF6363C182 ] C:\WINDOWS\system32\drivers\ipfltdrv.sys
11:02:09.0000 3476  C:\WINDOWS\system32\drivers\ipfltdrv.sys - ok
11:02:09.0000 3476  [ 8A4FC52B98E8CA135B90008FFB979C2A ] C:\Program Files\Real\RealUpgrade\Common\hxmedpltfm.dll
11:02:09.0000 3476  C:\Program Files\Real\RealUpgrade\Common\hxmedpltfm.dll - ok
11:02:09.0015 3476  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] C:\WINDOWS\system32\rasmans.dll
11:02:09.0015 3476  C:\WINDOWS\system32\rasmans.dll - ok
11:02:09.0015 3476  [ 5F7692CEC90E2E9AA32CD58321E234B8 ] C:\WINDOWS\system32\rastapi.dll
11:02:09.0015 3476  C:\WINDOWS\system32\rastapi.dll - ok
11:02:09.0031 3476  [ 9B799C2D73A9BC4ED8213A6FC664BB52 ] C:\Program Files\Real\RealUpgrade\Plugins\upgrade.dll
11:02:09.0031 3476  C:\Program Files\Real\RealUpgrade\Plugins\upgrade.dll - ok
11:02:09.0031 3476  [ AACE07FE34FADDDF973CE068A6424957 ] C:\WINDOWS\system32\unimdm.tsp
11:02:09.0031 3476  C:\WINDOWS\system32\unimdm.tsp - ok
11:02:09.0031 3476  [ 995252FCC4692B5B97EE17D596C9386E ] C:\WINDOWS\system32\uniplat.dll
11:02:09.0031 3476  C:\WINDOWS\system32\uniplat.dll - ok
11:02:09.0046 3476  [ AA5312B5B37F8E8C97615F8357EA65A8 ] C:\PROGRA~1\MIC279~1\Office14\GROOVEEX.DLL
11:02:09.0046 3476  C:\PROGRA~1\MIC279~1\Office14\GROOVEEX.DLL - ok
11:02:09.0046 3476  [ 79E3A8C328E7E569C32B0998377D9742 ] C:\WINDOWS\system32\spoolss.dll
11:02:09.0046 3476  C:\WINDOWS\system32\spoolss.dll - ok
11:02:09.0062 3476  [ 78B62E4C13378F737603136975A07E1A ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
11:02:09.0062 3476  C:\WINDOWS\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll - ok
11:02:09.0062 3476  [ 19AE6CBA05B9005698A6DEDCC88F202E ] C:\WINDOWS\system32\unimdmat.dll
11:02:09.0062 3476  C:\WINDOWS\system32\unimdmat.dll - ok
11:02:09.0062 3476  [ FE4A73CDBC882A19D070F1C01586E81A ] C:\WINDOWS\system32\modemui.dll
11:02:09.0062 3476  C:\WINDOWS\system32\modemui.dll - ok
11:02:09.0078 3476  [ 76EC97C5068D3D9FAA7774B0F659D31A ] C:\WINDOWS\system32\kmddsp.tsp
11:02:09.0078 3476  C:\WINDOWS\system32\kmddsp.tsp - ok
11:02:09.0078 3476  [ D8AD3D7F927C686B8C233221513DA628 ] C:\WINDOWS\system32\localspl.dll
11:02:09.0078 3476  C:\WINDOWS\system32\localspl.dll - ok
11:02:09.0093 3476  [ 4589963D84F2984FA5949A72162BA4F4 ] C:\WINDOWS\system32\ndptsp.tsp
11:02:09.0093 3476  C:\WINDOWS\system32\ndptsp.tsp - ok
11:02:09.0093 3476  [ 8B8A45DF7CEF36D93C7BD3E4C84003B8 ] C:\WINDOWS\system32\ipconf.tsp
11:02:09.0093 3476  C:\WINDOWS\system32\ipconf.tsp - ok
11:02:09.0109 3476  [ FAE8CE40221A470EB2EE88CEEC691532 ] C:\Program Files\Norton Internet Security\Engine\19.9.0.9\npctray.dll
11:02:09.0109 3476  C:\Program Files\Norton Internet Security\Engine\19.9.0.9\npctray.dll - ok
11:02:09.0109 3476  [ 8BC2B02DC11C98D14CEE43B8E8393FF3 ] C:\WINDOWS\system32\h323.tsp
11:02:09.0109 3476  C:\WINDOWS\system32\h323.tsp - ok
11:02:09.0109 3476  [ 6B552ED3BEE5AA3C4560478FF779BA98 ] C:\WINDOWS\system32\hidphone.tsp
11:02:09.0109 3476  C:\WINDOWS\system32\hidphone.tsp - ok
11:02:09.0125 3476  [ E9901A7E569C4156FDA69F5C9356B8ED ] C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\OFFICE.ODF
11:02:09.0125 3476  C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\OFFICE.ODF - ok
11:02:09.0125 3476  [ 8973122796E3B5D6B5900FC186E55FEA ] C:\WINDOWS\system32\hid.dll
11:02:09.0125 3476  C:\WINDOWS\system32\hid.dll - ok
11:02:09.0140 3476  [ C0D44791C969D65E63F250BC8BA0DC57 ] C:\WINDOWS\system32\AdobePDF.dll
11:02:09.0140 3476  C:\WINDOWS\system32\AdobePDF.dll - ok
11:02:09.0140 3476  [ 5D3D1AB0EF4EA55B731863050482C111 ] C:\WINDOWS\system32\cnbjmon.dll
11:02:09.0140 3476  C:\WINDOWS\system32\cnbjmon.dll - ok
11:02:09.0140 3476  [ AB1B2885B4FF77D97327F08EFEBC3FB1 ] C:\WINDOWS\system32\mdimon.dll
11:02:09.0140 3476  C:\WINDOWS\system32\mdimon.dll - ok
11:02:09.0156 3476  [ CC6292CA575E851E5B74BF8883AB967A ] C:\WINDOWS\system32\fxsmon.dll
11:02:09.0156 3476  C:\WINDOWS\system32\fxsmon.dll - ok
11:02:09.0156 3476  [ D0545A010ED2259A740C8414899A938F ] C:\WINDOWS\system32\rasppp.dll
11:02:09.0156 3476  C:\WINDOWS\system32\rasppp.dll - ok
11:02:09.0171 3476  [ BDB83C844EDEC9BD01A94750D2C38DDF ] C:\WINDOWS\system32\fxsevent.dll
11:02:09.0171 3476  C:\WINDOWS\system32\fxsevent.dll - ok
11:02:09.0171 3476  [ B464BD425D5D09ABE4192234D1577B22 ] C:\WINDOWS\system32\ntlsapi.dll
11:02:09.0171 3476  C:\WINDOWS\system32\ntlsapi.dll - ok
11:02:09.0171 3476  [ 222DE7F5EDB9DDBE628384A1A8BE59CE ] C:\WINDOWS\system32\pjlmon.dll
11:02:09.0171 3476  C:\WINDOWS\system32\pjlmon.dll - ok
11:02:09.0171 3476  [ AE0382AD9C73D343D85E1A50C80B7C20 ] C:\WINDOWS\system32\tcpmon.dll
11:02:09.0171 3476  C:\WINDOWS\system32\tcpmon.dll - ok
11:02:09.0187 3476  [ A04568B628414538007FB6BB028EAC85 ] C:\Program Files\Norton Internet Security\Engine\19.9.0.9\npcstats.dll
11:02:09.0187 3476  C:\Program Files\Norton Internet Security\Engine\19.9.0.9\npcstats.dll - ok
11:02:09.0187 3476  [ A655C88AA555BB8EF8957BD29408827F ] C:\WINDOWS\system32\rasqec.dll
11:02:09.0187 3476  C:\WINDOWS\system32\rasqec.dll - ok
11:02:09.0203 3476  [ F26385E8BA4549B5186B774EC0E45D86 ] C:\WINDOWS\system32\usbmon.dll
11:02:09.0203 3476  C:\WINDOWS\system32\usbmon.dll - ok
11:02:09.0203 3476  [ 676CCC08D9E9A3F4CA39CB04E97048DF ] C:\PROGRA~1\MIC279~1\Office14\1033\GrooveIntlResource.dll
11:02:09.0203 3476  C:\PROGRA~1\MIC279~1\Office14\1033\GrooveIntlResource.dll - ok
11:02:09.0203 3476  [ 6200528732C743F5CA459B0BD3B998BF ] C:\WINDOWS\system32\spool\prtprocs\w32x86\BRPP2KA.DLL
11:02:09.0203 3476  C:\WINDOWS\system32\spool\prtprocs\w32x86\BRPP2KA.DLL - ok
11:02:09.0218 3476  [ B4ED498E3BFEE64E952BC44FC6057DB8 ] C:\WINDOWS\system32\desk.cpl
11:02:09.0218 3476  C:\WINDOWS\system32\desk.cpl - ok
11:02:09.0218 3476  [ 4424AE65F7AF8181AC99FE46BC2700C9 ] C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
11:02:09.0218 3476  C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll - ok
11:02:09.0234 3476  [ A314EEA2A503A8E04085201E436384A5 ] C:\WINDOWS\system32\themeui.dll
11:02:09.0234 3476  C:\WINDOWS\system32\themeui.dll - ok
11:02:09.0234 3476  [ EEE7F12D9FF46F68FBC0DA059A359E9E ] C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
11:02:09.0234 3476  C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll - ok
11:02:09.0234 3476  [ 22DD6D7D4BFE2B8CE705CC950C8AEA4C ] C:\WINDOWS\system32\win32spl.dll
11:02:09.0234 3476  C:\WINDOWS\system32\win32spl.dll - ok
11:02:09.0250 3476  [ B41D53899E37CC43DA85DA19998BEE81 ] C:\WINDOWS\system32\netrap.dll
11:02:09.0250 3476  C:\WINDOWS\system32\netrap.dll - ok
11:02:09.0250 3476  [ 4044E880593FE1AC9942190FCE414BE7 ] C:\WINDOWS\system32\mstask.dll
11:02:09.0250 3476  C:\WINDOWS\system32\mstask.dll - ok
11:02:09.0265 3476  [ EE4C651A217B01D636B5364AC77DA892 ] C:\WINDOWS\system32\inetpp.dll
11:02:09.0265 3476  C:\WINDOWS\system32\inetpp.dll - ok
11:02:09.0265 3476  [ 16050F458FBF88A752CA329F01A2BAA5 ] C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
11:02:09.0265 3476  C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll - ok
11:02:09.0265 3476  [ ED7262E52C31CF1625B65039102BC16C ] C:\WINDOWS\system32\wuauclt.exe
11:02:09.0265 3476  C:\WINDOWS\system32\wuauclt.exe - ok
11:02:09.0281 3476  [ B3AFD779E404C8CAE092BA875782A55C ] C:\WINDOWS\system32\wuaucpl.cpl
11:02:09.0281 3476  C:\WINDOWS\system32\wuaucpl.cpl - ok
11:02:09.0281 3476  [ 6D778E0F95447E6546553EEEA709D03C ] C:\WINDOWS\system32\cmd.exe
11:02:09.0281 3476  C:\WINDOWS\system32\cmd.exe - ok
11:02:09.0296 3476  [ 729DA5D23A9AD20A6AA353156A126420 ] C:\WINDOWS\system32\ieframe.dll
11:02:09.0296 3476  C:\WINDOWS\system32\ieframe.dll - ok
11:02:09.0296 3476  [ 6487A19E0EA3228515394A4B1A780B17 ] C:\Program Files\Norton Internet Security\Engine\19.9.0.9\symhtml.dll
11:02:09.0296 3476  C:\Program Files\Norton Internet Security\Engine\19.9.0.9\symhtml.dll - ok
11:02:09.0296 3476  [ 7A7A6853855986ADFFC484DFB54FD9AD ] C:\WINDOWS\system32\wups.dll
11:02:09.0296 3476  C:\WINDOWS\system32\wups.dll - ok
11:02:09.0312 3476  [ DFD4815F0E0E60420C2E8C9DDF3CABCA ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\894d87c08a9a5b5923e7104055a616d2\System.Management.ni.dll
11:02:09.0312 3476  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\894d87c08a9a5b5923e7104055a616d2\System.Management.ni.dll - ok
11:02:09.0312 3476  [ 1F2E949C9A1A71E34C5D01377B461CAB ] C:\Program Files\Amazon\Amazon Unbox Video\Interop.WMPLib.dll
11:02:09.0312 3476  C:\Program Files\Amazon\Amazon Unbox Video\Interop.WMPLib.dll - ok
11:02:09.0328 3476  [ 35A936C7C029A5B705D3FFD40518D660 ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
11:02:09.0328 3476  C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll - ok
11:02:09.0328 3476  [ EBC984F0CE40E0DAF0454D806EC2A7EC ] C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\F90BDE37-B839-47DD-B6F2-1A8B329A86BF.exe
11:02:09.0328 3476  C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\F90BDE37-B839-47DD-B6F2-1A8B329A86BF.exe - ok
11:02:09.0328 3476  [ 8BCD11D38FCE43A519246A91CC40DE6A ] C:\WINDOWS\system32\security.dll
11:02:09.0343 3476  C:\WINDOWS\system32\security.dll - ok
11:02:09.0343 3476  [ F3370C98F4981EDA6036689D298E67B9 ] C:\WINDOWS\system32\browselc.dll
11:02:09.0343 3476  C:\WINDOWS\system32\browselc.dll - ok
11:02:09.0343 3476  [ C3104BE7D2B689EBE47E2AAC64C07530 ] C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
11:02:09.0343 3476  C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - ok
11:02:09.0359 3476  [ 1AF17E5A327C4AF6D930E2CFD709C74A ] C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
11:02:09.0359 3476  C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll - ok
11:02:09.0359 3476  [ B5625560CDA13A81D367B32E6F9FC4AC ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\GdiPlus.dll
11:02:09.0359 3476  C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\GdiPlus.dll - ok
11:02:09.0375 3476  [ 2D03FFFDEE8E6B2439D0836A644E8038 ] C:\WINDOWS\system32\wmp.dll
11:02:09.0375 3476  C:\WINDOWS\system32\wmp.dll - ok
11:02:09.0375 3476  [ 235B2311786AC007AD644B12A2DA8AC7 ] C:\WINDOWS\system32\msvfw32.dll
11:02:09.0375 3476  C:\WINDOWS\system32\msvfw32.dll - ok
11:02:09.0375 3476  [ 855F6333E3A4DFC6F3C8B0520C261FCD ] C:\WINDOWS\system32\msftedit.dll
11:02:09.0375 3476  C:\WINDOWS\system32\msftedit.dll - ok
11:02:09.0390 3476  [ A70A2D85AD143D6BB823C246CEB699A5 ] C:\WINDOWS\system32\ntshrui.dll
11:02:09.0390 3476  C:\WINDOWS\system32\ntshrui.dll - ok
11:02:09.0390 3476  [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\system32\drivers\76199816.sys
11:02:09.0390 3476  C:\WINDOWS\system32\drivers\76199816.sys - ok
11:02:09.0406 3476  [ C38FDD6F1C51F75F2A63B6E53971A4CC ] C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
11:02:09.0406 3476  C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll - ok
11:02:09.0406 3476  [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
11:02:09.0406 3476  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll - ok
11:02:09.0406 3476  [ 3F476505B239F65C5D67B6686AF097D4 ] C:\WINDOWS\system32\wmploc.dll
11:02:09.0406 3476  C:\WINDOWS\system32\wmploc.dll - ok
11:02:09.0421 3476  [ 4C5F00366C6B31AC238D78ECC9E24BFA ] C:\Program Files\Amazon\Amazon Unbox Video\Interop.MSNETOBJLib.dll
11:02:09.0421 3476  C:\Program Files\Amazon\Amazon Unbox Video\Interop.MSNETOBJLib.dll - ok
11:02:09.0421 3476  [ FF575E76DA89A3CEDE920BB71EE2F3C7 ] C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.dll
11:02:09.0421 3476  C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.dll - ok
11:02:09.0421 3476  [ 86659A7AAD5173AA82A9F3FDB49C76E3 ] C:\WINDOWS\system32\msnetobj.dll
11:02:09.0437 3476  C:\WINDOWS\system32\msnetobj.dll - ok
11:02:09.0437 3476  [ 2DC5A8019E2387987905F77C664E4BE2 ] C:\WINDOWS\system32\linkinfo.dll
11:02:09.0437 3476  C:\WINDOWS\system32\linkinfo.dll - ok
11:02:09.0437 3476  [ ADC5D27EB04A03368163C7C41F5CA1A8 ] C:\WINDOWS\system32\MFPLAT.dll
11:02:09.0437 3476  C:\WINDOWS\system32\MFPLAT.dll - ok
11:02:09.0453 3476  [ 6BC36540B0319492F1153E86D8D42F72 ] C:\WINDOWS\system32\drmv2clt.dll
11:02:09.0453 3476  C:\WINDOWS\system32\drmv2clt.dll - ok
11:02:09.0453 3476  [ 06A1ECB63DF139EC639E084D4AB3C9D7 ] C:\WINDOWS\system\hpsysdrv.exe
11:02:09.0453 3476  C:\WINDOWS\system\hpsysdrv.exe - ok
11:02:09.0453 3476  [ D7ACBC053673F37505B6E2B3C4444F74 ] C:\WINDOWS\system32\hkcmd.exe
11:02:09.0453 3476  C:\WINDOWS\system32\hkcmd.exe - ok
11:02:09.0468 3476  [ E7BE65BF79906AEBC698E077D53F6A1C ] C:\WINDOWS\AGRSMMSG.exe
11:02:09.0468 3476  C:\WINDOWS\AGRSMMSG.exe - ok
11:02:09.0468 3476  [ 93C088C2AEB2F23E720BDA7E32BD5117 ] C:\WINDOWS\system32\upnp.dll
11:02:09.0468 3476  C:\WINDOWS\system32\upnp.dll - ok
11:02:09.0484 3476  [ 4A95F15B706B8FD9EC8715B6401EAB7B ] C:\hp\KBD\kbd.exe
11:02:09.0484 3476  C:\hp\KBD\kbd.exe - ok
11:02:09.0484 3476  [ 3D075865DCC26931972F6476AD0497BE ] C:\WINDOWS\system32\ssdpapi.dll
11:02:09.0484 3476  C:\WINDOWS\system32\ssdpapi.dll - ok
11:02:09.0484 3476  [ F6AACF5BCE2893E0C1754AFEB672E5C9 ] C:\WINDOWS\system32\drivers\http.sys
11:02:09.0484 3476  C:\WINDOWS\system32\drivers\http.sys - ok
11:02:09.0500 3476  [ 0A5679B3714EDAB99E357057EE88FCA6 ] C:\WINDOWS\system32\ssdpsrv.dll
11:02:09.0500 3476  C:\WINDOWS\system32\ssdpsrv.dll - ok
11:02:09.0500 3476  [ EF04693D2AEA5731984F74E1A852CF68 ] C:\Documents and Settings\All Users\DRM\Cache\Indiv01.key
11:02:09.0500 3476  C:\Documents and Settings\All Users\DRM\Cache\Indiv01.key - ok
11:02:09.0515 3476  [ C55679163A58D52F345A7410D777AEC9 ] C:\WINDOWS\system32\hccutils.dll
11:02:09.0515 3476  C:\WINDOWS\system32\hccutils.dll - ok
11:02:09.0515 3476  [ 310F1E8A0781887BA1C217448C0E4D48 ] C:\WINDOWS\SMINST\Recguard.exe
11:02:09.0515 3476  C:\WINDOWS\SMINST\Recguard.exe - ok
11:02:09.0515 3476  [ 7B8875A5B04932AC73AFD8079864DB68 ] C:\WINDOWS\ALCXMNTR.EXE
11:02:09.0515 3476  C:\WINDOWS\ALCXMNTR.EXE - ok
11:02:09.0531 3476  [ 2A5C36E2799F7C0B8AB1F2288C502C9D ] C:\WINDOWS\system32\igfxdev.dll
11:02:09.0531 3476  C:\WINDOWS\system32\igfxdev.dll - ok
11:02:09.0531 3476  [ 8B3D67651581347878CD7D8FBF016A64 ] C:\WINDOWS\system32\ps2.EXE
11:02:09.0531 3476  C:\WINDOWS\system32\ps2.EXE - ok
11:02:09.0531 3476  [ CAA835CE8FC23FC27277865FFDD5DC9F ] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
11:02:09.0546 3476  C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe - ok
11:02:09.0546 3476  [ 91F37FD6912030DE26AC282F34294900 ] C:\WINDOWS\system32\igfxsrvc.dll
11:02:09.0546 3476  C:\WINDOWS\system32\igfxsrvc.dll - ok
11:02:09.0546 3476  [ F68A3F0D63BE926ED65ED1C8C5B03A3D ] C:\hp\KBD\led.dll
11:02:09.0546 3476  C:\hp\KBD\led.dll - ok
11:02:09.0562 3476  [ F9932C3C8F1C78738F27EB6360ACF681 ] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
11:02:09.0562 3476  C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe - ok
11:02:09.0562 3476  [ D1EAECFBC6777802079CB4EE5EA3E31D ] C:\hp\KBD\usb.dll
11:02:09.0562 3476  C:\hp\KBD\usb.dll - ok
11:02:09.0562 3476  [ 0B467F470CC9918FDCEEDCFD7DC4D697 ] C:\WINDOWS\system32\oledlg.dll
11:02:09.0562 3476  C:\WINDOWS\system32\oledlg.dll - ok
11:02:09.0578 3476  [ AD1D7022F22BF38799A2B2B9ED41F643 ] C:\WINDOWS\system32\igfxhk.dll
11:02:09.0578 3476  C:\WINDOWS\system32\igfxhk.dll - ok
11:02:09.0578 3476  [ C885B02847F5D2FD45A24E219ED93B32 ] C:\WINDOWS\system32\drivers\cdfs.sys
11:02:09.0578 3476  C:\WINDOWS\system32\drivers\cdfs.sys - ok
11:02:09.0593 3476  [ 5652F6CE1D9E9D8068B9D29BC21B5409 ] C:\WINDOWS\system32\olepro32.dll
11:02:09.0593 3476  C:\WINDOWS\system32\olepro32.dll - ok
11:02:09.0593 3476  [ 2AE54F20144B2AF570587A8478D02885 ] C:\hp\KBD\PS2.dll
11:02:09.0593 3476  C:\hp\KBD\PS2.dll - ok
11:02:09.0593 3476  [ B9CCD891CBB14C1AABAE5E72C6527E68 ] C:\WINDOWS\system32\igfxres.dll
11:02:09.0593 3476  C:\WINDOWS\system32\igfxres.dll - ok
11:02:09.0609 3476  [ CC8915DB4E33E8FB29CA0D2DBF75306E ] C:\WINDOWS\system32\webcheck.dll
11:02:09.0609 3476  C:\WINDOWS\system32\webcheck.dll - ok
11:02:09.0609 3476  [ 205DB5A0DD15DF2657EFD4B64D0CC4A3 ] C:\hp\KBD\msg.dll
11:02:09.0609 3476  C:\hp\KBD\msg.dll - ok
11:02:09.0625 3476  [ 4D83ED8BDDEC431FC8AD907B47CFB6E3 ] C:\WINDOWS\system32\dsound.dll
11:02:09.0625 3476  C:\WINDOWS\system32\dsound.dll - ok
11:02:09.0625 3476  [ 5048DB37A482447EE60D23EE4356D23E ] C:\hp\KBD\OSD.DLL
11:02:09.0625 3476  C:\hp\KBD\OSD.DLL - ok
11:02:09.0640 3476  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] C:\WINDOWS\system32\imapi.exe
11:02:09.0640 3476  C:\WINDOWS\system32\imapi.exe - ok
11:02:09.0640 3476  [ B714735C12A70171DE28657948FD91F1 ] C:\WINDOWS\system32\mlang.dll
11:02:09.0640 3476  C:\WINDOWS\system32\mlang.dll - ok
11:02:09.0640 3476  [ 3C73C6447195D2006802F4FF452496A7 ] C:\hp\KBD\sct.dll
11:02:09.0656 3476  C:\hp\KBD\sct.dll - ok
11:02:09.0656 3476  [ 50512FC9B7878E3C2C147BC17326A7DB ] C:\WINDOWS\system32\stobject.dll
11:02:09.0656 3476  C:\WINDOWS\system32\stobject.dll - ok
11:02:09.0656 3476  [ 22467B6E808F7B4160F9D2775A1DC47B ] C:\hp\KBD\onl.dll
11:02:09.0656 3476  C:\hp\KBD\onl.dll - ok
11:02:09.0671 3476  [ 231A0B0E3BA7ABFE469A8262FAA1FD71 ] C:\WINDOWS\system32\batmeter.dll
11:02:09.0671 3476  C:\WINDOWS\system32\batmeter.dll - ok
11:02:09.0671 3476  [ 9DBB99E127077208C525A95A2CD6CE2F ] C:\hp\KBD\aol.dll
11:02:09.0671 3476  C:\hp\KBD\aol.dll - ok
11:02:09.0671 3476  [ 0E280A4A6805A752F30F2981D6C4603C ] C:\hp\KBD\url.dll
11:02:09.0671 3476  C:\hp\KBD\url.dll - ok
11:02:09.0687 3476  [ BAD6BEA0DE1F69C82BDB74378CE0C20A ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
11:02:09.0687 3476  C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok
11:02:09.0687 3476  [ D7D69F304A604387B86BE991CBF07663 ] C:\WINDOWS\system32\WPDShServiceObj.dll
11:02:09.0687 3476  C:\WINDOWS\system32\WPDShServiceObj.dll - ok
11:02:09.0687 3476  [ 261E5E3602941656A1442B255C936B9E ] C:\hp\KBD\cfg.dll
11:02:09.0687 3476  C:\hp\KBD\cfg.dll - ok
11:02:09.0703 3476  [ 538A270F35A713C360B7ED4168BB7521 ] C:\WINDOWS\system32\mydocs.dll
11:02:09.0703 3476  C:\WINDOWS\system32\mydocs.dll - ok
11:02:09.0703 3476  [ 60DB5561F7B646FA217E9EA6561E6705 ] C:\hp\KBD\msikbdif.dll
11:02:09.0703 3476  C:\hp\KBD\msikbdif.dll - ok
11:02:09.0718 3476  [ 901AA7A38CE13F14B6BBEC38C0595698 ] C:\Program Files\Microsoft Office2010\Office14\BCSSync.exe
11:02:09.0718 3476  C:\Program Files\Microsoft Office2010\Office14\BCSSync.exe - ok
11:02:09.0718 3476  [ 585992D78B671AAA075C02241309795D ] C:\WINDOWS\system32\msvcirt.dll
11:02:09.0718 3476  C:\WINDOWS\system32\msvcirt.dll - ok
11:02:09.0718 3476  [ A687C458B80C7D55CBE39649D952ED2A ] C:\WINDOWS\system32\PortableDeviceTypes.dll
11:02:09.0718 3476  C:\WINDOWS\system32\PortableDeviceTypes.dll - ok
11:02:09.0734 3476  [ FB6EE278BC2046E0952F320AC62D3E07 ] C:\WINDOWS\system32\dskquota.dll
11:02:09.0734 3476  C:\WINDOWS\system32\dskquota.dll - ok
11:02:09.0734 3476  [ 91930168B16E0EBF11A648F75E82E549 ] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU
11:02:09.0734 3476  C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU - ok
11:02:09.0734 3476  [ 387132F6BD26F3C947749CA8FC180AEB ] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA
11:02:09.0734 3476  C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA - ok
11:02:09.0750 3476  [ E132AD94798E72ACB650E985984C7F58 ] C:\WINDOWS\system32\PortableDeviceApi.dll
11:02:09.0750 3476  C:\WINDOWS\system32\PortableDeviceApi.dll - ok
11:02:09.0750 3476  [ D3D046D058BB890CB42D92D2084179CC ] C:\Program Files\Adobe\Acrobat 9.0\Esl\Aiod.dll
11:02:09.0750 3476  C:\Program Files\Adobe\Acrobat 9.0\Esl\Aiod.dll - ok
11:02:09.0765 3476  [ F7DD2D785280DB73DC9060F80361BEFB ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
11:02:09.0765 3476  C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe - ok
11:02:09.0765 3476  [ CD3EDEA21F9AC29A59CA906C88099E41 ] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrodist.exe
11:02:09.0765 3476  C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrodist.exe - ok
11:02:09.0765 3476  [ 605C6370240FC79CADBCD34960A741D2 ] C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll
11:02:09.0765 3476  C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll - ok
11:02:09.0781 3476  [ 8B22CF51B907E3A221267CF1E502993A ] C:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dll
11:02:09.0781 3476  C:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dll - ok
11:02:09.0781 3476  [ 054B87C872292A960B9B8A834B34DFA7 ] C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll
11:02:09.0781 3476  C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll - ok
11:02:09.0796 3476  ============================================================
11:02:09.0796 3476  Scan finished
11:02:09.0796 3476  ============================================================
11:02:09.0921 3440  Detected object count: 9
11:02:09.0921 3440  Actual detected object count: 9
11:02:23.0468 3440  ADVService ( UnsignedFile.Multi.Generic ) - skipped by user
11:02:23.0468 3440  ADVService ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:02:23.0468 3440  BrPar ( UnsignedFile.Multi.Generic ) - skipped by user
11:02:23.0468 3440  BrPar ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:02:23.0468 3440  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
11:02:23.0468 3440  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:02:23.0468 3440  hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
11:02:23.0468 3440  hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:02:23.0484 3440  iPodService ( UnsignedFile.Multi.Generic ) - skipped by user
11:02:23.0484 3440  iPodService ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:02:23.0484 3440  Iviaspi ( UnsignedFile.Multi.Generic ) - skipped by user
11:02:23.0484 3440  Iviaspi ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:02:23.0484 3440  MDM ( UnsignedFile.Multi.Generic ) - skipped by user
11:02:23.0484 3440  MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:02:23.0500 3440  Pfc ( UnsignedFile.Multi.Generic ) - skipped by user
11:02:23.0500 3440  Pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:02:23.0500 3440  PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
11:02:23.0500 3440  PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
0
brothertruffle880Author Commented:
Update:
I just rebooted in safe mode to create a new user account.
Turns out the shortcuts on the admin account and start menu aren't working either.  Going into start menu/accessories also doesn't allow me launch any of those apps.  
The only way I can launch an app is by navigating into the C:\program files\ actual EXE file.
0
Russell_VenableCommented:
Ok, try this. Place this file on your desktop and right click and select Merge. Then reboot.

LNK-Fix.reg
0
brothertruffle880Author Commented:
Hi Russell:
Merged the reg file.  No difference.  Shortcuts still not working on desktop or in start menu. Menu items in start menu also not working.

Also, I, once again, tried to load combofix and it looked like everything was loading properly.  It asked me if I wanted to get updates for combofix and I said "yes"  Then after seeing the progress bar move towards success. the box displaying the progress bars disappeared and nothing happened.  Waited a few minutes and then when I went into task manager, there were two files which --I believe-- are part of combofix-- just sitting there, not doing anything. (see graphic).

err
0
Russell_VenableCommented:
Yes, Those are part of combofix. Ok, now from my tool select the menu item go->Online Antivirus scan-> ESET, install the setup and run the online scanner. I post your results.
0
brothertruffle880Author Commented:
Ok will do.
0
RobOwner (Aidellio)Commented:
Just a side note for when you are posting log files and code to use the "code" snippet in the format or just attach it as a log file.  THis will make it easier for other experts to see the flow of the question.
0
RobOwner (Aidellio)Commented:
How did you go getting malwarebytes to run?
0
brothertruffle880Author Commented:
Russell:
ESET Online scanner still moving forward on my pc.  14 hours and counting.   16% done.

Tagit:
I haven't yet installed the error correcting module you pointed me to.
0
RobOwner (Aidellio)Commented:
No worries, one thing at a time.  Let the online scan finish
0
brothertruffle880Author Commented:
Russell:
ESET found the following:
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP473\A0134913.exe      

a variant of Win32/InstallIQ application      cleaned by deleting - quarantined

I rebooted and my situation remains the same.  Shortcuts on desktop and in start menu are not working.
I even re-merged the reg file you posted yesterday and rebooted.
What's next?
0
RobOwner (Aidellio)Commented:
Have you tried running a system restore back to before you had this issue?  What the result shows is the malware has been captured when your computer was creating a restore point so you would have to be careful to go back before you downloaded the issue ie a month ago
0
RobOwner (Aidellio)Commented:
from this blog it seems that it's not malicious but may provide an avenue for other malware to enter your computer

http://security.stackexchange.com/questions/8602/how-serious-is-installiq
0
brothertruffle880Author Commented:
Hi Russell:

Here are the results of the combofix run.  I am unable to do a system restore.  What's my next step in resolving this problem?

ComboFix 12-11-06.03 - Compaq_Owner 11/07/2012  16:28:23.2.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2039.1364 [GMT -5:00]
Running from: c:\temp\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
(((((((((((((((((((((((((   Files Created from 2012-10-07 to 2012-11-07  )))))))))))))))))))))))))))))))
.
.
2012-11-07 20:30 . 2012-11-07 20:30	--------	d-----w-	c:\documents and settings\Compaq_Owner\Application Data\DriverCure
2012-11-07 20:30 . 2012-11-07 20:30	--------	d-----w-	c:\documents and settings\Compaq_Owner\Application Data\SpeedyPC Software
2012-11-07 20:29 . 2012-11-07 20:29	--------	d-----w-	c:\program files\Common Files\SpeedyPC Software
2012-11-07 20:29 . 2012-11-07 20:29	--------	d-----w-	c:\documents and settings\All Users\Application Data\SpeedyPC Software
2012-11-07 20:29 . 2012-11-07 20:29	--------	d-----w-	c:\program files\SpeedyPC Software
2012-11-06 03:20 . 2008-04-14 10:42	116224	----a-w-	c:\windows\system32\dllcache\xrxwiadr.dll
2012-11-06 03:20 . 2001-08-18 03:36	23040	----a-w-	c:\windows\system32\dllcache\xrxwbtmp.dll
2012-11-06 03:20 . 2008-04-14 10:42	18944	----a-w-	c:\windows\system32\dllcache\xrxscnui.dll
2012-11-06 03:20 . 2001-08-18 03:37	27648	----a-w-	c:\windows\system32\dllcache\xrxftplt.exe
2012-11-06 03:20 . 2001-08-18 03:37	4608	----a-w-	c:\windows\system32\dllcache\xrxflnch.exe
2012-11-06 03:19 . 2001-08-18 03:37	99865	----a-w-	c:\windows\system32\dllcache\xlog.exe
2012-11-06 03:19 . 2001-08-17 17:11	16970	----a-w-	c:\windows\system32\dllcache\xem336n5.sys
2012-11-06 03:19 . 2008-04-14 03:04	19455	----a-w-	c:\windows\system32\dllcache\wvchntxx.sys
2012-11-06 03:19 . 2008-04-14 05:16	19200	----a-w-	c:\windows\system32\dllcache\wstcodec.sys
2012-11-06 03:19 . 2008-04-14 03:04	12063	----a-w-	c:\windows\system32\dllcache\wsiintxx.sys
2012-11-06 03:19 . 2008-04-14 10:42	8192	----a-w-	c:\windows\system32\dllcache\wshirda.dll
2012-11-06 03:19 . 2008-04-14 05:06	8832	----a-w-	c:\windows\system32\dllcache\wmiacpi.sys
2012-11-06 03:19 . 2008-04-14 03:05	154624	----a-w-	c:\windows\system32\dllcache\wlluc48.sys
2012-11-06 03:19 . 2001-08-17 17:12	34890	----a-w-	c:\windows\system32\dllcache\wlandrv2.sys
2012-11-06 03:19 . 2001-08-17 18:28	771581	----a-w-	c:\windows\system32\dllcache\winacisa.sys
2012-11-06 03:19 . 2001-08-18 03:36	53760	----a-w-	c:\windows\system32\dllcache\wiamsmud.dll
2012-11-06 03:19 . 2001-08-18 03:36	87040	----a-w-	c:\windows\system32\dllcache\wiafbdrv.dll
2012-11-06 03:17 . 2008-04-14 10:42	53760	----a-w-	c:\windows\system32\dllcache\vfwwdm32.dll
2012-11-06 03:16 . 2001-08-18 03:36	69632	----a-w-	c:\windows\system32\dllcache\umaxu12.dll
2012-11-06 03:15 . 2001-08-17 17:12	34375	----a-w-	c:\windows\system32\dllcache\tpro4.sys
2012-11-06 03:14 . 2001-08-17 18:49	30464	----a-w-	c:\windows\system32\dllcache\tbatm155.sys
2012-11-06 03:13 . 2001-08-18 03:36	155648	----a-w-	c:\windows\system32\dllcache\stlnprop.dll
2012-11-06 03:13 . 2001-08-18 03:36	53248	----a-w-	c:\windows\system32\dllcache\stlncoin.dll
2012-11-06 03:13 . 2001-08-17 17:18	285760	----a-w-	c:\windows\system32\dllcache\stlnata.sys
2012-11-06 03:13 . 2001-08-17 18:51	16896	----a-w-	c:\windows\system32\dllcache\stcusb.sys
2012-11-06 03:13 . 2001-08-17 17:11	48736	----a-w-	c:\windows\system32\dllcache\srwlnd5.sys
2012-11-06 03:13 . 2001-08-18 03:36	99328	----a-w-	c:\windows\system32\dllcache\srusd.dll
2012-11-06 03:13 . 2001-08-18 03:36	24660	----a-w-	c:\windows\system32\dllcache\spxupchk.dll
2012-11-06 03:13 . 2001-08-17 18:51	61824	----a-w-	c:\windows\system32\dllcache\speed.sys
2012-11-06 03:13 . 2001-08-18 03:36	106584	----a-w-	c:\windows\system32\dllcache\spdports.dll
2012-11-06 03:13 . 2001-08-17 19:07	19072	----a-w-	c:\windows\system32\dllcache\sparrow.sys
2012-11-06 03:13 . 2001-08-17 17:51	37040	----a-w-	c:\windows\system32\dllcache\sonypi.sys
2012-11-06 03:13 . 2001-08-18 03:36	114688	----a-w-	c:\windows\system32\dllcache\sonypi.dll
2012-11-06 03:13 . 2001-08-17 17:51	20752	----a-w-	c:\windows\system32\dllcache\sonync.sys
2012-11-06 03:11 . 2008-04-14 05:16	11136	----a-w-	c:\windows\system32\dllcache\slip.sys
2012-11-06 03:10 . 2001-08-17 17:51	98080	----a-w-	c:\windows\system32\dllcache\sgiulnt5.sys
2012-11-06 03:09 . 2001-08-17 19:56	198400	----a-w-	c:\windows\system32\dllcache\s3sav4.dll
2012-11-06 03:08 . 2008-04-14 05:10	79104	----a-w-	c:\windows\system32\dllcache\rocket.sys
2012-11-06 03:07 . 2001-08-17 18:28	130942	----a-w-	c:\windows\system32\dllcache\ptserlv.sys
2012-11-06 03:06 . 2008-04-14 10:40	259328	----a-w-	c:\windows\system32\dllcache\perm3dd.dll
2012-11-06 03:05 . 2001-08-17 19:05	351616	----a-w-	c:\windows\system32\dllcache\ovcodek2.sys
2012-11-06 03:05 . 2001-08-18 03:36	116736	----a-w-	c:\windows\system32\dllcache\ovcodec2.dll
2012-11-06 03:05 . 2001-08-17 19:05	31872	----a-w-	c:\windows\system32\dllcache\ovce.sys
2012-11-06 03:05 . 2001-08-17 19:05	28032	----a-w-	c:\windows\system32\dllcache\ovcd.sys
2012-11-06 03:05 . 2001-08-17 19:05	48000	----a-w-	c:\windows\system32\dllcache\ovcam2.sys
2012-11-06 03:05 . 2001-08-17 19:05	25088	----a-w-	c:\windows\system32\dllcache\ovca.sys
2012-11-06 03:05 . 2001-08-17 18:28	54186	----a-w-	c:\windows\system32\dllcache\otcsercb.sys
2012-11-06 03:05 . 2001-08-17 17:12	43689	----a-w-	c:\windows\system32\dllcache\otceth5.sys
2012-11-06 03:05 . 2001-08-17 17:12	27209	----a-w-	c:\windows\system32\dllcache\otc06x5.sys
2012-11-06 03:05 . 2001-08-17 17:20	54528	----a-w-	c:\windows\system32\dllcache\opl3sax.sys
2012-11-06 03:05 . 2001-08-17 17:50	198144	----a-w-	c:\windows\system32\dllcache\nv3.sys
2012-11-06 03:05 . 2001-08-18 03:36	123776	----a-w-	c:\windows\system32\dllcache\nv3.dll
2012-11-06 03:03 . 2001-08-17 19:56	91488	----a-w-	c:\windows\system32\dllcache\n9i3disp.dll
2012-11-06 03:02 . 2001-08-17 19:00	2944	----a-w-	c:\windows\system32\dllcache\msmpu401.sys
2012-11-06 03:02 . 2008-04-14 05:24	22016	----a-w-	c:\windows\system32\dllcache\msircomm.sys
2012-11-06 03:02 . 2004-08-04 04:00	98304	----a-w-	c:\windows\system32\dllcache\msir3jp.dll
2012-11-06 03:02 . 2001-08-17 19:02	35200	----a-w-	c:\windows\system32\dllcache\msgame.sys
2012-11-06 03:02 . 2001-08-17 18:48	6016	----a-w-	c:\windows\system32\dllcache\msfsio.sys
2012-11-06 03:02 . 2008-04-14 05:16	51200	----a-w-	c:\windows\system32\dllcache\msdv.sys
2012-11-06 03:02 . 2001-08-17 18:52	17280	----a-w-	c:\windows\system32\dllcache\mraid35x.sys
2012-11-06 03:02 . 2008-04-14 05:16	15232	----a-w-	c:\windows\system32\dllcache\mpe.sys
2012-11-06 03:02 . 2001-08-17 18:48	12160	----a-w-	c:\windows\system32\dllcache\mouhid.sys
2012-11-06 03:02 . 2001-08-17 18:57	16128	----a-w-	c:\windows\system32\dllcache\modemcsa.sys
2012-11-06 03:02 . 2001-08-17 18:52	6528	----a-w-	c:\windows\system32\dllcache\miniqic.sys
2012-11-06 03:00 . 2001-08-17 17:12	70730	----a-w-	c:\windows\system32\dllcache\lne100tx.sys
2012-11-06 02:59 . 2008-04-14 10:39	6144	----a-w-	c:\windows\system32\dllcache\kbd106.dll
2012-11-06 02:58 . 2004-08-04 04:00	471102	----a-w-	c:\windows\system32\dllcache\imskdic.dll
2012-11-06 02:57 . 2001-08-17 17:11	28700	----a-w-	c:\windows\system32\dllcache\ibmexmp.sys
2012-11-06 02:56 . 2001-08-18 03:36	19456	----a-w-	c:\windows\system32\dllcache\hr1w.dll
2012-11-06 02:55 . 2004-08-04 04:00	36864	----a-w-	c:\windows\system32\dllcache\hanjadic.dll
2012-11-06 02:54 . 2001-08-18 03:36	71680	----a-w-	c:\windows\system32\dllcache\fnfilter.dll
2012-11-06 02:53 . 2001-08-17 17:19	72192	----a-w-	c:\windows\system32\dllcache\es1969.sys
2012-11-06 02:52 . 2001-08-17 17:20	334208	----a-w-	c:\windows\system32\dllcache\ds1wdm.sys
2012-11-06 02:51 . 2001-08-18 03:36	65622	----a-w-	c:\windows\system32\dllcache\digiasyn.dll
2012-11-06 02:50 . 2008-04-14 10:41	249856	----a-w-	c:\windows\system32\dllcache\ctmasetp.dll
2012-11-06 02:49 . 2008-04-14 05:11	8192	----a-w-	c:\windows\system32\dllcache\changer.sys
2012-11-06 02:48 . 2001-08-17 18:51	13824	----a-w-	c:\windows\system32\dllcache\bulltlp3.sys
2012-11-06 02:47 . 2008-04-14 05:06	14208	----a-w-	c:\windows\system32\dllcache\battc.sys
2012-11-06 02:46 . 2001-08-17 18:51	5248	----a-w-	c:\windows\system32\dllcache\aliide.sys
2012-11-06 02:45 . 2001-08-17 19:56	66048	----a-w-	c:\windows\system32\dllcache\s3legacy.dll
2012-11-06 02:45 . 2008-04-14 05:54	2145280	----a-w-	c:\windows\system32\dllcache\ntkrnlmp.exe
2012-11-05 20:17 . 2012-11-05 20:44	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-11-05 20:17 . 2012-09-30 00:54	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-10-22 00:29 . 2012-10-22 00:29	--------	d-----w-	c:\documents and settings\Administrator
2012-10-21 21:55 . 2012-10-21 21:55	--------	d-----w-	c:\program files\ESET
2012-10-21 16:51 . 2012-10-21 16:51	--------	d-----w-	c:\documents and settings\Compaq_Owner\Application Data\Malwarebytes
2012-10-21 16:51 . 2012-10-21 16:51	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-03 00:15 . 2012-04-02 15:16	696760	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-11-03 00:15 . 2011-05-13 17:10	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-27 23:51 . 2012-08-27 23:51	7	------w-	c:\documents and settings\All Users\Application Data\XRS.exe
2012-10-27 02:22 . 2012-10-27 02:22	261600	------w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"PS2"="c:\windows\system32\ps2.exe" [2003-09-12 98304]
"BCSSync"="c:\program files\Microsoft Office2010\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
.
c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk -  [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Snagit 10.lnk -  [N/A]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office2010\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office2010\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office2010\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1309000.009\symds.sys [10/1/2012 5:41 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1309000.009\symefa.sys [10/1/2012 5:41 PM 924320]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20121030.002\BHDrvx86.sys [11/5/2012 2:23 PM 995488]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1309000.009\ccsetx86.sys [10/1/2012 5:41 PM 132768]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1309000.009\ironx86.sys [10/1/2012 5:41 PM 149624]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [11/5/2012 3:17 PM 399432]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/5/2012 3:17 PM 676936]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe [10/1/2012 5:41 PM 138272]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/9/2012 4:59 AM 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20121106.001\IDSXpx86.sys [11/6/2012 7:58 PM 373728]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/5/2012 3:17 PM 22856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-159024265-2488318755-2983370235-1009Core.job
- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-01 17:19]
.
2012-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-159024265-2488318755-2983370235-1009UA.job
- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-01 17:19]
.
2012-11-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-159024265-2488318755-2983370235-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-06-21 16:00]
.
2012-11-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-159024265-2488318755-2983370235-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-06-21 16:00]
.
2012-11-07 c:\windows\Tasks\SpeedyPC Pro.job
- c:\program files\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-10-04 20:42]
.
2012-11-07 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll [2012-10-04 20:42]
.
2012-11-07 c:\windows\Tasks\SpeedyPC Update Version3 Startup Task.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-10-04 20:42]
.
2012-11-07 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-10-04 20:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://by147w.bay147.mail.live.com/default.aspx?wa=wsignin1.0
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MIC279~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MIC279~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 68.237.161.12 71.243.0.12
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-02398012.sys
SafeBoot-82901451.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-07 16:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.9.0.9\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3692)
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MIC279~1\Office14\1033\GrooveIntlResource.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-11-07  16:47:04
ComboFix-quarantined-files.txt  2012-11-07 21:46
ComboFix2.txt  2012-10-21 21:42
.
Pre-Run: 41,183,895,552 bytes free
Post-Run: 41,248,272,384 bytes free
.
- - End Of File - - 421BB0128267CF8728B0D6D5BEF5CD1D

Open in new window

0
brothertruffle880Author Commented:
Hi Russell:
What is my next step.
0
brothertruffle880Author Commented:
Hi Russell:
Just as an experiment, I tried creating shortcuts in c:\temp to see if they would work in a location other than my desktop.  They didn't .  
No matter where I create shortcuts, they don't work.
What's my next step.
0
Russell_VenableCommented:
Try running the Microsoft fixit and see if that helps.
0
RobOwner (Aidellio)Commented:
Did you try restoring your system?
0
brothertruffle880Author Commented:
Tagit:
The last time I restored my system, it hung endlessly.  I'm very, Very, VERY hesitant to try it again.  I may have to but I'm really trying to avoid it.
0
brothertruffle880Author Commented:
Hi Russell:
Okay will do.
0
brothertruffle880Author Commented:
Hi russell:
I ran Fixit, completely and then I re-merged the REG file you posted a couple days back.  Still my shortcuts are not working on my desktop or in my start menu.
Tagit recommended doing a restore which I had a very bad experience with a few years back.  I'd really like to avoid this.

What's my next step?
0
Russell_VenableCommented:
Have you tried making new shortcuts for the programs and replace them with those?
0
brothertruffle880Author Commented:
Russell:
I will try that now.
BTW, Here's a screen cap of what Rogue Killer flagged.  
Also is a screen cap of the entire newstartpanel section of my registry
Do you think
HKLM\software\microsoft\windows\currentversio\explorer\hidedesktopicons\newstartpanel could be causing this?  


err
My current registry settings for this area:

errrrrr
0
Russell_VenableCommented:
Yes, Remove using the delete option.
0
brothertruffle880Author Commented:
Russell:
I just checked another PC I have and the Key "NewStartPanel" has 9 entries compared to the three seen above.

BTW, I'm not a registry expert, but I don't have a phobia about looking inside of it.

Also, I created a new desktop shortcut and it didn't work.
0
Russell_VenableCommented:
Just make sure your removing it with roguekiller and not directly through the registry.
0
RobOwner (Aidellio)Commented:
I can understand your hesitation using system restore and it is a lot better in Win7 than XP so we'll shelve that idea for now and use as a last resort.

The issue with deleting reg keys or killing processes is they will be recreated by the infection, even if you do this using roguekiller.  What you have to do is remove the source of the infection, which is why i strongly recommend getting malwarebytes or other anti-malware type program to run and removee it for you
0
brothertruffle880Author Commented:
Hi Russell:
Okay, RogueKiller got rid of those three registry items in my message
posted on 2012-11-09 at 14:42:12ID: 38585144
I also re-merged the reg file you posted on 2012-11-06 at 11:58:28ID: 38572574

I rebooted and my shortcuts and start menu still don't work.  And in order to open any documents, I have to be inside the application.  In other words, previously, when my pc was working properly, I could double-click a document, workbook, etc. inside of a folder and then the file would open, along with the appropriate application. Uggh.If I could only meet face-to-face the person who creates these malware packages.  

What's my next step Russell?
0
RobOwner (Aidellio)Commented:
Did you see my comment about removing the malware?  If it exists on your system after roguekiller then there is every possibility of it hijacking your pc again.

also when you ran RogueKiller did you also click "Fix Shortcuts" ???
0
brothertruffle880Author Commented:
Hi Tagit:
1.  RogueKiller got rid of the three items flagged in the screen shot I posted above.  
2.  Yes, I clicked Fix Shortcuts and RogueKiller did its thing.
I rebooted and my shortcuts and start menu still don't work.  And in order to open any documents, I have to be inside the application.  In other words, previously, when my pc was working properly, I could double-click a document, workbook, etc. inside of a folder and then the file would open, along with the appropriate application.
0
RobOwner (Aidellio)Commented:
Those 3 things showed up when i ran roguekiller as well so it's not the problem (as my pc is not infected).
It is possible that the infection has been removed by what you've done but in the process has corrupted some windows files.

Are you able to get to a command line or the run box (windows key + r)?  If so try scanning for corrupted windows files using the system file checker tool.  You may need your XP disk handy and you may need to apply windows updates depending on the extent of the corruption.

ie at the run or command prompt

sfc /scannow

=====================

Failing that, I would attempt a repair by booting to your XP disk by following the directions (to the letter) here

http://pcsupport.about.com/od/operatingsystems/ss/instxprepair1.htm
http://pcsupport.about.com/od/operatingsystems/ss/instxprepair2.htm
0
brothertruffle880Author Commented:
Hi Tagit/Russell:
- I will re-run SFC as per your post message.
0
☠ MASQ ☠Commented:
Could I suggest unhide at this point?
http://www.bleepingcomputer.com/download/unhide/
0
brothertruffle880Author Commented:
Hi Masqueraid:
I will run it when SFC is finished.
0
brothertruffle880Author Commented:
Tagit:
I ran sfc /scannow and no messaages appeared during, or after the run.
Masqueraid:
I ran unhide and here's what it came up with:
Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
  http://www.bleepingcomputer.com/forums/topic405109.html

Program started at: 11/11/2012 01:57:12 PM
Windows Version: Windows XP

Please be patient while your files are made visible again.

Processing the C:\ drive
Finished processing the C:\ drive. 137113 files processed.

Processing the D:\ drive
Finished processing the D:\ drive. 4 files processed.

Processing the F:\ drive
Finished processing the F:\ drive. 44079 files processed.

Processing the G:\ drive
Finished processing the G:\ drive. 4 files processed.

Processing the I:\ drive
Finished processing the I:\ drive. 0 files processed.

Processing the J:\ drive
Finished processing the J:\ drive. 0 files processed.

Processing the K:\ drive
Finished processing the K:\ drive. 0 files processed.

Processing the L:\ drive
Finished processing the L:\ drive. 0 files processed.

Restoring the Start Menu.
 * 0 Shortcuts and Desktop items were restored.


Searching for Windows Registry changes made by FakeHDD rogues.
 - Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
 - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
 - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
 - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
 - Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
No registry changes detected.

Restarting Explorer.exe in order to apply changes.

Program finished at: 11/11/2012 02:14:50 PM
Execution time: 0 hours(s), 17 minute(s), and 38 seconds(s)

Open in new window

0
RobOwner (Aidellio)Commented:
OK I'm not surprised the SFC didn't pick up anything but it's a necessary step.

After you reboot from running unhide is there any difference or does the start menu etc still not working?
0
RobOwner (Aidellio)Commented:
I'm sure I've come across this issue before where it's missing windows / IE dlls & exes that needed to be re-registered or copied I can't remember, however the following is worth pursuing.

Last post here states: http://www.tomshardware.com/forum/240403-45-desktop-icons-start-menu-missing-malware


1. Used Sophos Anti-Rootkit to remove a good amount of malware.

2. After running Sophos, I was now able to successfully run Malwarebytes'.

3. Explorer.exe was still completely damaged, so I copied it from C:\WINDOWS\ServicePackFiles\i386 into C:\WINDOWS. Finally got the desktop back.

4. Finished cleaning up everything and made sure Windows was running properly.
0
RobOwner (Aidellio)Commented:
Also worth looking through how others have solved similar issues:

http://windows.bigresource.com/xp-Desktop-Icons-missing-cannot-access-start-menu-ocntYleT.html
0
brothertruffle880Author Commented:
Hi Tagit/Masqueraid/Russell:
I rebooted and the icons in the start menu and desktop are still not working.  They are visible though.  There are no missing icons anywhere in my start menu or desktop.  The TOMSHARDWARE and other links posted all have users lamenting about missing or hidden icons.  My icons are all there.  They just do not work.  I right-click and examine the properties and they are correctly pointing to their appropriate locations.  Also, there's no error message generated when I double-click the shortcut icons.  There isn't even any disk i/o.  Normally, when I double-click a shortcut, my HD usually starts churning.  Now, nothing.  No sound.  When I double click any of the shortcut icons, the only thing that happens is that the icon grays slightly, until I select another shortcut icon.

Russell:  After running each of the clean up programs I re-merged the reg file you posted above.  

Tagit:  I don't have a XP startup disk and my recovery partition has long ceased to be usable.  And I have no idea what my product key is.  So, my situation there is pretty bleak.  That's why I'm not such a happy camper.
0
RobOwner (Aidellio)Commented:
Find out the product key first

1) there are many apps out there to do this, eg start here: http://pcsupport.about.com/od/tipstricks/ht/findxpkey.htm

2) Surely someone you know has the same version of XP as you Home, Prof etc and you can copy the disk.  Failing that you may be able to download an image either from Microsoft or somewhere else.

As long as your product key is valid then it is legal to use another XP disk for repair and possible re-installation.
0
Russell_VenableCommented:
I think at this point its best to find a XP Install cd and replace shell32.dll with a fresh copy. I think its corrupt somehow. You can also try re-install it by using the command. You must be logged in as the administrator.

regsvr32 /i shell32.dll

Open in new window


Replacing the actual shell32.dll with a new copy is slightly difficult as you need to rename the current file through the recovery console and copy the new one to the same folder as the renamed shell32.dll( I.E: Shell32.dll.old)
0
brothertruffle880Author Commented:
Russell:
Thank you.  Will do.
Few questions:
1.  Do I run regsvr32 /i shell32.dll  in XP Normal mode?  Safe Mode?
2.  Should I do both of the following?  
      a)  run regsvr32 /i shell32.dll , and
      b)  replace the shell32.dll file through the recovery console?
      c) or will either one suffice.
3.  Is there a site that lists the proper date/size for shell32.dll?  I did a google search and found a bunch of "GET YOUR LATEST UNINFECTED DLL's HERE!" which looked really suspicious so I didn't go there.
4.  I have shell32.DL_ 2,533KB dated 8/3/2004.  On another PC.  Can I rename this file to shell32.dll and use it?  
5.  If I download XP SP3, can you give me the command to extract Shell32.dll from that module?

Thank you.
0
Russell_VenableCommented:
1.) Doesn't matter as long as your administrator
2.) Yes, do both. Do the replace first then re-install using that command
3.) To keep yourself safe that was the best choice.
4.) That's fine. You can use that one it wont harm you in any way.

5.) Err, That I don't know off hand. Haven't had a need to do that yet. I would assume you would need to extract from the MSI package using something like a batch file like this.

msiexec /a %1 /qb TARGETDIR=%2

Open in new window

And at the command prompt ( same directory as batch file).  
batch.cmd c:\ <folder to extract too>

Open in new window

The actual file is going to be long in MSI package from what I can remember.
0
brothertruffle880Author Commented:
Hi Russell:

1.  I replaced the existing shell32.dll with a clean copy I got from the MS site.  (I expanded the XP SP 3 file and got the file from one of the install folders.
2.  I ran regsvr32 /i shell32.dll  and it completed successfully.
3.  I also remerged the above reg file you posted above and rebooted.
No change.  My shortcuts still don't work on the desktop or in the start menu.

What's my next step?
0
Russell_VenableCommented:
Lets see what is going on then. If any. Download Xuetr and Open XT and locate the "Computer Examination" tab and select the "Generate Examination Report" and attach that report here.
0
RobOwner (Aidellio)Commented:
@brothertruffle880, What is the point in trying to find out the exact cause of what is stopping your icons appearing by replacing files and analysing your system? Are you pressed for time to get this done?  

Basically Windows is corrupted and something is stopping explorer doing its job.  You could continue to introduce new programs and replacing files but it might just add to the problem.

From my experience it is almost guaranteed to fix your problem to get your hands on a XP disk and do a repair.  Then patch your system.  It has worked for me in countless other times when XP has crapped itself and won't co-operate.
0
brothertruffle880Author Commented:
Thank you, again, for your help Russell:
Here is the report from Xuetr.  I have also attached it as a txt file
XT --- Computer Examination Report
Examination Date: 2012-11-15 04:38
OS Information: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Internet Explorer: 8.0.6001.18702

Examination Items:
      Process
      Process Modules
      Process Threads
      Kernel Module
      Notify Routine
      Filter
      DPC Timer
      Worker Thread
      Object Hijack
      Direct IO
      GDT
      SSDT
      Shadow SSDT
      FSD
      Keyboard
      Mouclass
      Classpnp
      Atapi
      Acpi
      Scsi
      Kernel Hook
      Object Type
      IDT
      Message Hook
      Process Hook
      KernelCallbackTable
      Port
      Tcpip
      IE Plugin
      IE Shell
      Spi
      Hosts File
      Startup
      Service
      File Association
      IFEO
      IME
      Firewall Rule
      Scan MBR Rootkit

==========================================================================================

Process

       System - System - 
       AGRSMMSG.exe - C:\WINDOWS\AGRSMMSG.exe - Agere Systems
       svchost.exe - C:\WINDOWS\system32\svchost.exe - Microsoft Corporation
       kbd.exe - C:\hp\KBD\kbd.exe - Hewlett-Packard Company
       ccsvchst.exe - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe - Symantec Corporation
       svchost.exe - C:\WINDOWS\system32\svchost.exe - Microsoft Corporation
       explorer.exe - C:\WINDOWS\explorer.exe - Microsoft Corporation
       ALCXMNTR.EXE - C:\WINDOWS\ALCXMNTR.EXE - Realtek Semiconductor Corp.
       services.exe - C:\WINDOWS\system32\services.exe - Microsoft Corporation
       smss.exe - C:\WINDOWS\system32\smss.exe - Microsoft Corporation
       svchost.exe - C:\WINDOWS\system32\svchost.exe - Microsoft Corporation
       winlogon.exe - C:\WINDOWS\system32\winlogon.exe - Microsoft Corporation
       csrss.exe - C:\WINDOWS\system32\csrss.exe - Microsoft Corporation
       lsass.exe - C:\WINDOWS\system32\lsass.exe - Microsoft Corporation
       hkcmd.exe - C:\WINDOWS\system32\hkcmd.exe - Intel Corporation
       XueTr-+=-¦¦-+˜¦µ¦+.exe - C:\Documents and Settings\Compaq_Owner\Desktop\XueTr-+=-¦¦-+˜¦µ¦+.exe - Email: linxer@163.com
       svchost.exe - C:\WINDOWS\system32\svchost.exe - Microsoft Corporation
       svchost.exe - C:\WINDOWS\system32\svchost.exe - Microsoft Corporation
       svchost.exe - C:\WINDOWS\system32\svchost.exe - Microsoft Corporation
       spoolsv.exe - C:\WINDOWS\system32\spoolsv.exe - Microsoft Corporation
       jqs.exe - C:\Program Files\Java\jre6\bin\jqs.exe - Sun Microsystems, Inc.
       mdm.exe - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe - Microsoft Corporation
       hpsysdrv.exe - C:\WINDOWS\system\hpsysdrv.exe - Hewlett-Packard Company
       alg.exe - C:\WINDOWS\system32\alg.exe - Microsoft Corporation
       wscntfy.exe - C:\WINDOWS\system32\wscntfy.exe - Microsoft Corporation
       Idle - Idle - 

==========================================================================================

Process Modules

      Image File Name[System]Modules
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[AGRSMMSG.exe]Modules
             AGRSMMSG.exe - C:\WINDOWS\AGRSMMSG.exe - Agere Systems
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             USER32.dll - C:\WINDOWS\system32\USER32.dll - Microsoft Corporation
             GDI32.dll - C:\WINDOWS\system32\GDI32.dll - Microsoft Corporation
             ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             Secur32.dll - C:\WINDOWS\system32\Secur32.dll - Microsoft Corporation
             SHELL32.dll - C:\WINDOWS\system32\SHELL32.dll - Microsoft Corporation
             msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             SHLWAPI.dll - C:\WINDOWS\system32\SHLWAPI.dll - Microsoft Corporation
             WINMM.dll - C:\WINDOWS\system32\WINMM.dll - Microsoft Corporation
             IMM32.DLL - C:\WINDOWS\system32\IMM32.DLL - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\system32\comctl32.dll - Microsoft Corporation
             uxtheme.dll - C:\WINDOWS\system32\uxtheme.dll - Microsoft Corporation
             msctfime.ime - C:\WINDOWS\system32\msctfime.ime - Microsoft Corporation
             ole32.dll - C:\WINDOWS\system32\ole32.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[svchost.exe]Modules
             svchost.exe - C:\WINDOWS\System32\svchost.exe - Microsoft Corporation
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             Secur32.dll - C:\WINDOWS\system32\Secur32.dll - Microsoft Corporation
             ShimEng.dll - C:\WINDOWS\System32\ShimEng.dll - Microsoft Corporation
             AcGenral.DLL - C:\WINDOWS\AppPatch\AcGenral.DLL - Microsoft Corporation
             USER32.dll - C:\WINDOWS\system32\USER32.dll - Microsoft Corporation
             GDI32.dll - C:\WINDOWS\system32\GDI32.dll - Microsoft Corporation
             WINMM.dll - C:\WINDOWS\System32\WINMM.dll - Microsoft Corporation
             ole32.dll - C:\WINDOWS\system32\ole32.dll - Microsoft Corporation
             msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             OLEAUT32.dll - C:\WINDOWS\system32\OLEAUT32.dll - Microsoft Corporation
             MSACM32.dll - C:\WINDOWS\System32\MSACM32.dll - Microsoft Corporation
             VERSION.dll - C:\WINDOWS\system32\VERSION.dll - Microsoft Corporation
             SHELL32.dll - C:\WINDOWS\system32\SHELL32.dll - Microsoft Corporation
             SHLWAPI.dll - C:\WINDOWS\system32\SHLWAPI.dll - Microsoft Corporation
             USERENV.dll - C:\WINDOWS\system32\USERENV.dll - Microsoft Corporation
             UxTheme.dll - C:\WINDOWS\System32\UxTheme.dll - Microsoft Corporation
             IMM32.DLL - C:\WINDOWS\system32\IMM32.DLL - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\system32\comctl32.dll - Microsoft Corporation
             NTMARTA.DLL - C:\WINDOWS\System32\NTMARTA.DLL - Microsoft Corporation
             SAMLIB.dll - C:\WINDOWS\System32\SAMLIB.dll - Microsoft Corporation
             WLDAP32.dll - C:\WINDOWS\system32\WLDAP32.dll - Microsoft Corporation
             xpsp2res.dll - C:\WINDOWS\System32\xpsp2res.dll - Microsoft Corporation
             shsvcs.dll - c:\windows\system32\shsvcs.dll - Microsoft Corporation
             WINSTA.dll - C:\WINDOWS\System32\WINSTA.dll - Microsoft Corporation
             NETAPI32.dll - C:\WINDOWS\System32\NETAPI32.dll - Microsoft Corporation
             rsaenh.dll - C:\WINDOWS\System32\rsaenh.dll - Microsoft Corporation
             dhcpcsvc.dll - c:\windows\system32\dhcpcsvc.dll - Microsoft Corporation
             DNSAPI.dll - c:\windows\system32\DNSAPI.dll - Microsoft Corporation
             WS2_32.dll - c:\windows\system32\WS2_32.dll - Microsoft Corporation
             WS2HELP.dll - c:\windows\system32\WS2HELP.dll - Microsoft Corporation
             iphlpapi.dll - c:\windows\system32\iphlpapi.dll - Microsoft Corporation
             mswsock.dll - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation
             hnetcfg.dll - C:\WINDOWS\System32\hnetcfg.dll - Microsoft Corporation
             wshtcpip.dll - C:\WINDOWS\System32\wshtcpip.dll - Microsoft Corporation
             wzcsvc.dll - c:\windows\system32\wzcsvc.dll - Microsoft Corporation
             rtutils.dll - c:\windows\system32\rtutils.dll - Microsoft Corporation
             WMI.dll - c:\windows\system32\WMI.dll - Microsoft Corporation
             CRYPT32.dll - c:\windows\system32\CRYPT32.dll - Microsoft Corporation
             MSASN1.dll - c:\windows\system32\MSASN1.dll - Microsoft Corporation
             EapolQec.dll - c:\windows\system32\EapolQec.dll - Microsoft Corporation
             ATL.DLL - c:\windows\system32\ATL.DLL - Microsoft Corporation
             QUtil.dll - c:\windows\system32\QUtil.dll - Microsoft Corporation
             MSVCP60.dll - c:\windows\system32\MSVCP60.dll - Microsoft Corporation
             dot3api.dll - c:\windows\system32\dot3api.dll - Microsoft Corporation
             WTSAPI32.dll - c:\windows\system32\WTSAPI32.dll - Microsoft Corporation
             ESENT.dll - c:\windows\system32\ESENT.dll - Microsoft Corporation
             CLBCATQ.DLL - C:\WINDOWS\System32\CLBCATQ.DLL - Microsoft Corporation
             COMRes.dll - C:\WINDOWS\System32\COMRes.dll - Microsoft Corporation
             rastls.dll - C:\WINDOWS\System32\rastls.dll - Microsoft Corporation
             CRYPTUI.dll - C:\WINDOWS\System32\CRYPTUI.dll - Microsoft Corporation
             WININET.dll - C:\WINDOWS\system32\WININET.dll - Microsoft Corporation
             Normaliz.dll - C:\WINDOWS\system32\Normaliz.dll - Microsoft Corporation
             urlmon.dll - C:\WINDOWS\system32\urlmon.dll - Microsoft Corporation
             iertutil.dll - C:\WINDOWS\system32\iertutil.dll - Microsoft Corporation
             WINTRUST.dll - C:\WINDOWS\System32\WINTRUST.dll - Microsoft Corporation
             IMAGEHLP.dll - C:\WINDOWS\system32\IMAGEHLP.dll - Microsoft Corporation
             MPRAPI.dll - C:\WINDOWS\System32\MPRAPI.dll - Microsoft Corporation
             ACTIVEDS.dll - C:\WINDOWS\System32\ACTIVEDS.dll - Microsoft Corporation
             adsldpc.dll - C:\WINDOWS\System32\adsldpc.dll - Microsoft Corporation
             SETUPAPI.dll - C:\WINDOWS\System32\SETUPAPI.dll - Microsoft Corporation
             RASAPI32.dll - C:\WINDOWS\System32\RASAPI32.dll - Microsoft Corporation
             rasman.dll - C:\WINDOWS\System32\rasman.dll - Microsoft Corporation
             TAPI32.dll - C:\WINDOWS\System32\TAPI32.dll - Microsoft Corporation
             SCHANNEL.dll - C:\WINDOWS\System32\SCHANNEL.dll - Microsoft Corporation
             WinSCard.dll - C:\WINDOWS\System32\WinSCard.dll - Microsoft Corporation
             PSAPI.DLL - C:\WINDOWS\System32\PSAPI.DLL - Microsoft Corporation
             raschap.dll - C:\WINDOWS\System32\raschap.dll - Microsoft Corporation
             msv1_0.dll - C:\WINDOWS\system32\msv1_0.dll - Microsoft Corporation
             schedsvc.dll - c:\windows\system32\schedsvc.dll - Microsoft Corporation
             NTDSAPI.dll - c:\windows\system32\NTDSAPI.dll - Microsoft Corporation
             MSIDLE.DLL - C:\WINDOWS\System32\MSIDLE.DLL - Microsoft Corporation
             audiosrv.dll - c:\windows\system32\audiosrv.dll - Microsoft Corporation
             wkssvc.dll - c:\windows\system32\wkssvc.dll - Microsoft Corporation
             cryptsvc.dll - c:\windows\system32\cryptsvc.dll - Microsoft Corporation
             certcli.dll - c:\windows\system32\certcli.dll - Microsoft Corporation
             pchsvc.dll - c:\windows\pchealth\helpctr\binaries\pchsvc.dll - Microsoft Corporation
             es.dll - c:\windows\system32\es.dll - Microsoft Corporation
             ersvc.dll - c:\windows\system32\ersvc.dll - Microsoft Corporation
             srvsvc.dll - c:\windows\system32\srvsvc.dll - Microsoft Corporation
             netman.dll - c:\windows\system32\netman.dll - Microsoft Corporation
             netshell.dll - c:\windows\system32\netshell.dll - Microsoft Corporation
             credui.dll - c:\windows\system32\credui.dll - Microsoft Corporation
             dot3dlg.dll - c:\windows\system32\dot3dlg.dll - Microsoft Corporation
             OneX.DLL - c:\windows\system32\OneX.DLL - Microsoft Corporation
             eappcfg.dll - c:\windows\system32\eappcfg.dll - Microsoft Corporation
             eappprxy.dll - c:\windows\system32\eappprxy.dll - Microsoft Corporation
             WZCSAPI.DLL - c:\windows\system32\WZCSAPI.DLL - Microsoft Corporation
             seclogon.dll - c:\windows\system32\seclogon.dll - Microsoft Corporation
             srsvc.dll - c:\windows\system32\srsvc.dll - Microsoft Corporation
             POWRPROF.dll - c:\windows\system32\POWRPROF.dll - Microsoft Corporation
             sens.dll - c:\windows\system32\sens.dll - Microsoft Corporation
             wuauserv.dll - c:\windows\system32\wuauserv.dll - Microsoft Corporation
             wmisvc.dll - c:\windows\system32\wbem\wmisvc.dll - Microsoft Corporation
             VSSAPI.DLL - C:\WINDOWS\system32\VSSAPI.DLL - Microsoft Corporation
             wuaueng.dll - C:\WINDOWS\system32\wuaueng.dll - Microsoft Corporation
             ADVPACK.dll - C:\WINDOWS\System32\ADVPACK.dll - Microsoft Corporation
             Cabinet.dll - C:\WINDOWS\System32\Cabinet.dll - Microsoft Corporation
             mspatcha.dll - C:\WINDOWS\System32\mspatcha.dll - Microsoft Corporation
             sfc.dll - C:\WINDOWS\System32\sfc.dll - Microsoft Corporation
             sfc_os.dll - C:\WINDOWS\System32\sfc_os.dll - Microsoft Corporation
             SHFOLDER.dll - C:\WINDOWS\System32\SHFOLDER.dll - Microsoft Corporation
             WINHTTP.dll - C:\WINDOWS\System32\WINHTTP.dll - Microsoft Corporation
             WINSPOOL.DRV - C:\WINDOWS\System32\WINSPOOL.DRV - Microsoft Corporation
             w32time.dll - c:\windows\system32\w32time.dll - Microsoft Corporation
             trkwks.dll - c:\windows\system32\trkwks.dll - Microsoft Corporation
             SXS.DLL - C:\WINDOWS\System32\SXS.DLL - Microsoft Corporation
             comsvcs.dll - C:\WINDOWS\system32\comsvcs.dll - Microsoft Corporation
             colbact.DLL - C:\WINDOWS\system32\colbact.DLL - Microsoft Corporation
             MTXCLU.DLL - C:\WINDOWS\system32\MTXCLU.DLL - Microsoft Corporation
             WSOCK32.dll - C:\WINDOWS\system32\WSOCK32.dll - Microsoft Corporation
             CLUSAPI.DLL - C:\WINDOWS\System32\CLUSAPI.DLL - Microsoft Corporation
             RESUTILS.DLL - C:\WINDOWS\System32\RESUTILS.DLL - Microsoft Corporation
             wbemcomn.dll - C:\WINDOWS\system32\wbem\wbemcomn.dll - Microsoft Corporation
             wbemcore.dll - C:\WINDOWS\system32\wbem\wbemcore.dll - Microsoft Corporation
             esscli.dll - C:\WINDOWS\system32\wbem\esscli.dll - Microsoft Corporation
             FastProx.dll - C:\WINDOWS\system32\wbem\FastProx.dll - Microsoft Corporation
             wbemsvc.dll - C:\WINDOWS\system32\wbem\wbemsvc.dll - Microsoft Corporation
             wmiutils.dll - C:\WINDOWS\system32\wbem\wmiutils.dll - Microsoft Corporation
             repdrvfs.dll - C:\WINDOWS\system32\wbem\repdrvfs.dll - Microsoft Corporation
             wmiprvsd.dll - C:\WINDOWS\system32\wbem\wmiprvsd.dll - Microsoft Corporation
             NCObjAPI.DLL - C:\WINDOWS\system32\NCObjAPI.DLL - Microsoft Corporation
             wbemess.dll - C:\WINDOWS\system32\wbem\wbemess.dll - Microsoft Corporation
             netcfgx.dll - C:\WINDOWS\system32\netcfgx.dll - Microsoft Corporation
             rasmans.dll - C:\WINDOWS\System32\rasmans.dll - Microsoft Corporation
             WINIPSEC.DLL - C:\WINDOWS\System32\WINIPSEC.DLL - Microsoft Corporation
             browser.dll - c:\windows\system32\browser.dll - Microsoft Corporation
             wscsvc.dll - c:\windows\system32\wscsvc.dll - Microsoft Corporation
             msi.dll - c:\windows\system32\msi.dll - Microsoft Corporation
             ipnathlp.dll - c:\windows\system32\ipnathlp.dll - Microsoft Corporation
             AUTHZ.dll - c:\windows\system32\AUTHZ.dll - Microsoft Corporation
             ncprov.dll - C:\WINDOWS\system32\wbem\ncprov.dll - Microsoft Corporation
             tapisrv.dll - c:\windows\system32\tapisrv.dll - Microsoft Corporation
             rastapi.dll - C:\WINDOWS\System32\rastapi.dll - Microsoft Corporation
             unimdm.tsp - C:\WINDOWS\System32\unimdm.tsp - Microsoft Corporation
             uniplat.dll - C:\WINDOWS\System32\uniplat.dll - Microsoft Corporation
             unimdmat.dll - C:\WINDOWS\System32\unimdmat.dll - Microsoft Corporation
             modemui.dll - C:\WINDOWS\system32\modemui.dll - Microsoft Corporation
             kmddsp.tsp - C:\WINDOWS\System32\kmddsp.tsp - Microsoft Corporation
             ndptsp.tsp - C:\WINDOWS\System32\ndptsp.tsp - Microsoft Corporation
             ipconf.tsp - C:\WINDOWS\System32\ipconf.tsp - Microsoft Corporation
             h323.tsp - C:\WINDOWS\System32\h323.tsp - Microsoft Corporation
             hidphone.tsp - C:\WINDOWS\System32\hidphone.tsp - Microsoft Corporation
             HID.DLL - C:\WINDOWS\System32\HID.DLL - Microsoft Corporation
             rasppp.dll - C:\WINDOWS\System32\rasppp.dll - Microsoft Corporation
             ntlsapi.dll - C:\WINDOWS\System32\ntlsapi.dll - Microsoft Corporation
             kerberos.dll - C:\WINDOWS\system32\kerberos.dll - Microsoft Corporation
             cryptdll.dll - C:\WINDOWS\System32\cryptdll.dll - Microsoft Corporation
             RASQEC.DLL - C:\WINDOWS\System32\RASQEC.DLL - Microsoft Corporation
             rasadhlp.dll - C:\WINDOWS\System32\rasadhlp.dll - Microsoft Corporation
             RASDLG.dll - C:\WINDOWS\System32\RASDLG.dll - Microsoft Corporation
             Apphelp.dll - C:\WINDOWS\system32\Apphelp.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[kbd.exe]Modules
             KBD.EXE - C:\HP\KBD\KBD.EXE - Hewlett-Packard Company
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             USER32.dll - C:\WINDOWS\system32\USER32.dll - Microsoft Corporation
             GDI32.dll - C:\WINDOWS\system32\GDI32.dll - Microsoft Corporation
             SHELL32.dll - C:\WINDOWS\system32\SHELL32.dll - Microsoft Corporation
             ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             Secur32.dll - C:\WINDOWS\system32\Secur32.dll - Microsoft Corporation
             msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             SHLWAPI.dll - C:\WINDOWS\system32\SHLWAPI.dll - Microsoft Corporation
             IMM32.DLL - C:\WINDOWS\system32\IMM32.DLL - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\system32\comctl32.dll - Microsoft Corporation
             uxtheme.dll - C:\WINDOWS\system32\uxtheme.dll - Microsoft Corporation
             msctfime.ime - C:\WINDOWS\system32\msctfime.ime - Microsoft Corporation
             ole32.dll - C:\WINDOWS\system32\ole32.dll - Microsoft Corporation
             led.dll - C:\HP\KBD\led.dll - Hewlett-Packard Company
             USB.dll - C:\HP\KBD\USB.dll - Hewlett-Packard Company
             CFGMGR32.dll - C:\WINDOWS\system32\CFGMGR32.dll - Microsoft Corporation
             setupapi.dll - C:\WINDOWS\system32\setupapi.dll - Microsoft Corporation
             HID.DLL - C:\WINDOWS\system32\HID.DLL - Microsoft Corporation
             ps2.dll - C:\HP\KBD\ps2.dll - Hewlett-Packard Company
             msg.dll - C:\HP\KBD\msg.dll - Hewlett-Packard Company
             osd.dll - C:\HP\KBD\osd.dll - Hewlett-Packard Company
             WINMM.dll - C:\WINDOWS\system32\WINMM.dll - Microsoft Corporation
             sct.dll - C:\HP\KBD\sct.dll - Hewlett-Packard Company
             OLEAUT32.dll - C:\WINDOWS\system32\OLEAUT32.dll - Microsoft Corporation
             onl.dll - C:\HP\KBD\onl.dll - Hewlett-Packard Company
             aol.dll - C:\HP\KBD\aol.dll - Hewlett-Packard Company
             WININET.dll - C:\WINDOWS\system32\WININET.dll - Microsoft Corporation
             Normaliz.dll - C:\WINDOWS\system32\Normaliz.dll - Microsoft Corporation
             urlmon.dll - C:\WINDOWS\system32\urlmon.dll - Microsoft Corporation
             iertutil.dll - C:\WINDOWS\system32\iertutil.dll - Microsoft Corporation
             url.dll - C:\HP\KBD\url.dll - Hewlett-Packard Company
             cfg.dll - C:\HP\KBD\cfg.dll - Hewlett-Packard Company
             sensapi.dll - C:\WINDOWS\system32\sensapi.dll - Microsoft Corporation
             WINTRUST.dll - C:\WINDOWS\system32\WINTRUST.dll - Microsoft Corporation
             CRYPT32.dll - C:\WINDOWS\system32\CRYPT32.dll - Microsoft Corporation
             MSASN1.dll - C:\WINDOWS\system32\MSASN1.dll - Microsoft Corporation
             IMAGEHLP.dll - C:\WINDOWS\system32\IMAGEHLP.dll - Microsoft Corporation
             CLBCATQ.DLL - C:\WINDOWS\system32\CLBCATQ.DLL - Microsoft Corporation
             COMRes.dll - C:\WINDOWS\system32\COMRes.dll - Microsoft Corporation
             VERSION.dll - C:\WINDOWS\system32\VERSION.dll - Microsoft Corporation
             MSIKBDIF.DLL - C:\HP\KBD\MSIKBDIF.DLL - Hewlett-Packard Company
             MSVCIRT.dll - C:\WINDOWS\system32\MSVCIRT.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[ccsvchst.exe]Modules
             ccSvcHst.exe - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe - Symantec Corporation
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             USER32.dll - C:\WINDOWS\system32\USER32.dll - Microsoft Corporation
             GDI32.dll - C:\WINDOWS\system32\GDI32.dll - Microsoft Corporation
             ole32.dll - C:\WINDOWS\system32\ole32.dll - Microsoft Corporation
             ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             Secur32.dll - C:\WINDOWS\system32\Secur32.dll - Microsoft Corporation
             msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             MSVCP90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCP90.dll - Microsoft Corporation
             MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             IMM32.DLL - C:\WINDOWS\system32\IMM32.DLL - Microsoft Corporation
             ccL110U.dll - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccL110U.dll - Symantec Corporation
             OLEAUT32.dll - C:\WINDOWS\system32\OLEAUT32.dll - Microsoft Corporation
             ws2_32.dll - C:\WINDOWS\system32\ws2_32.dll - Microsoft Corporation
             WS2HELP.dll - C:\WINDOWS\system32\WS2HELP.dll - Microsoft Corporation
             SHLWAPI.dll - C:\WINDOWS\system32\SHLWAPI.dll - Microsoft Corporation
             DBGHELP.DLL - C:\WINDOWS\system32\DBGHELP.DLL - Microsoft Corporation
             VERSION.dll - C:\WINDOWS\system32\VERSION.dll - Microsoft Corporation
             xpsp2res.dll - C:\WINDOWS\system32\xpsp2res.dll - Microsoft Corporation
             PSAPI.DLL - C:\WINDOWS\system32\PSAPI.DLL - Microsoft Corporation
             ccVrTrst.dll - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccVrTrst.dll - Symantec Corporation
             EFACli.dll - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\EFACli.dll - Symantec Corporation
             ccSvc.dll - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccSvc.dll - Symantec Corporation
             srtsp32.dll - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\srtsp32.dll - Symantec Corporation
             SHELL32.dll - C:\WINDOWS\system32\SHELL32.dll - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll - Microsoft Corporation
             ccIPC.dll - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccIPC.dll - Symantec Corporation
             DIMASTER.DLL - C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.9.0.9\DIMASTER.DLL - Symantec Corporation
             IPHLPAPI.DLL - C:\WINDOWS\system32\IPHLPAPI.DLL - Microsoft Corporation
             WTSAPI32.dll - C:\WINDOWS\system32\WTSAPI32.dll - Microsoft Corporation
             WINSTA.dll - C:\WINDOWS\system32\WINSTA.dll - Microsoft Corporation
             NETAPI32.dll - C:\WINDOWS\system32\NETAPI32.dll - Microsoft Corporation
             ccSet.dll - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccSet.dll - Symantec Corporation
             msv1_0.dll - C:\WINDOWS\system32\msv1_0.dll - Microsoft Corporation
             ISDATASV.DLL - C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.9.0.9\ISDATASV.DLL - Symantec Corporation
             WINHTTP.dll - C:\WINDOWS\system32\WINHTTP.dll - Microsoft Corporation
             USERENV.dll - C:\WINDOWS\system32\USERENV.dll - Microsoft Corporation
             isDataPr.dll - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\isDataPr.dll - Symantec Corporation
             CRYPT32.dll - C:\WINDOWS\system32\CRYPT32.dll - Microsoft Corporation
             MSASN1.dll - C:\WINDOWS\system32\MSASN1.dll - Microsoft Corporation
             CLBCATQ.DLL - C:\WINDOWS\system32\CLBCATQ.DLL - Microsoft Corporation
             COMRes.dll - C:\WINDOWS\system32\COMRes.dll - Microsoft Corporation
             wbemprox.dll - C:\WINDOWS\system32\wbem\wbemprox.dll - Microsoft Corporation
             wbemcomn.dll - C:\WINDOWS\system32\wbem\wbemcomn.dll - Microsoft Corporation
             wbemsvc.dll - C:\WINDOWS\system32\wbem\wbemsvc.dll - Microsoft Corporation
             fastprox.dll - C:\WINDOWS\system32\wbem\fastprox.dll - Microsoft Corporation
             MSVCP60.dll - C:\WINDOWS\system32\MSVCP60.dll - Microsoft Corporation
             NTDSAPI.dll - C:\WINDOWS\system32\NTDSAPI.dll - Microsoft Corporation
             DNSAPI.dll - C:\WINDOWS\system32\DNSAPI.dll - Microsoft Corporation
             WLDAP32.dll - C:\WINDOWS\system32\WLDAP32.dll - Microsoft Corporation
             COSVCPLG.DLL - C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.9.0.9\COSVCPLG.DLL - Symantec Corporation
             CCGEVT.DLL - C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.9.0.9\CCGEVT.DLL - Symantec Corporation
             uxtheme.dll - C:\WINDOWS\system32\uxtheme.dll - Microsoft Corporation
             appHelp.dll - C:\WINDOWS\system32\appHelp.dll - Microsoft Corporation
             shdocvw.dll - C:\WINDOWS\system32\shdocvw.dll - Microsoft Corporation
             CRYPTUI.dll - C:\WINDOWS\system32\CRYPTUI.dll - Microsoft Corporation
             WININET.dll - C:\WINDOWS\system32\WININET.dll - Microsoft Corporation
             Normaliz.dll - C:\WINDOWS\system32\Normaliz.dll - Microsoft Corporation
             urlmon.dll - C:\WINDOWS\system32\urlmon.dll - Microsoft Corporation
             iertutil.dll - C:\WINDOWS\system32\iertutil.dll - Microsoft Corporation
             WINTRUST.dll - C:\WINDOWS\system32\WINTRUST.dll - Microsoft Corporation
             IMAGEHLP.dll - C:\WINDOWS\system32\IMAGEHLP.dll - Microsoft Corporation
             ccGLog.dll - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccGLog.dll - Symantec Corporation
             mydocs.dll - C:\WINDOWS\system32\mydocs.dll - Microsoft Corporation
             ntshrui.dll - C:\WINDOWS\system32\ntshrui.dll - Microsoft Corporation
             ATL.DLL - C:\WINDOWS\system32\ATL.DLL - Microsoft Corporation
             CCJOBMGR.DLL - C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.9.0.9\CCJOBMGR.DLL - Symantec Corporation
             CCSUBENG.DLL - C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.9.0.9\CCSUBENG.DLL - Symantec Corporation
             rsaenh.dll - C:\WINDOWS\system32\rsaenh.dll - Microsoft Corporation
             CCEMLPXY.DLL - C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.9.0.9\CCEMLPXY.DLL - Symantec Corporation
             IRON.DLL - C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.9.0.9\IRON.DLL - Symantec Corporation
             SymRedir.dll - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\SymRedir.dll - Symantec Corporation
             SNDSVC.DLL - C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.9.0.9\SNDSVC.DLL - Symantec Corporation
             RASAPI32.DLL - C:\WINDOWS\system32\RASAPI32.DLL - Microsoft Corporation
             rasman.dll - C:\WINDOWS\system32\rasman.dll - Microsoft Corporation
             TAPI32.dll - C:\WINDOWS\system32\TAPI32.dll - Microsoft Corporation
             rtutils.dll - C:\WINDOWS\system32\rtutils.dll - Microsoft Corporation
             WINMM.dll - C:\WINDOWS\system32\WINMM.dll - Microsoft Corporation
             netman.dll - C:\WINDOWS\system32\netman.dll - Microsoft Corporation
             MPRAPI.dll - C:\WINDOWS\system32\MPRAPI.dll - Microsoft Corporation
             ACTIVEDS.dll - C:\WINDOWS\system32\ACTIVEDS.dll - Microsoft Corporation
             adsldpc.dll - C:\WINDOWS\system32\adsldpc.dll - Microsoft Corporation
             SAMLIB.dll - C:\WINDOWS\system32\SAMLIB.dll - Microsoft Corporation
             SETUPAPI.dll - C:\WINDOWS\system32\SETUPAPI.dll - Microsoft Corporation
             netshell.dll - C:\WINDOWS\system32\netshell.dll - Microsoft Corporation
             credui.dll - C:\WINDOWS\system32\credui.dll - Microsoft Corporation
             dot3api.dll - C:\WINDOWS\system32\dot3api.dll - Microsoft Corporation
             dot3dlg.dll - C:\WINDOWS\system32\dot3dlg.dll - Microsoft Corporation
             OneX.DLL - C:\WINDOWS\system32\OneX.DLL - Microsoft Corporation
             eappcfg.dll - C:\WINDOWS\system32\eappcfg.dll - Microsoft Corporation
             eappprxy.dll - C:\WINDOWS\system32\eappprxy.dll - Microsoft Corporation
             WZCSAPI.DLL - C:\WINDOWS\system32\WZCSAPI.DLL - Microsoft Corporation
             WZCSvc.DLL - C:\WINDOWS\system32\WZCSvc.DLL - Microsoft Corporation
             WMI.dll - C:\WINDOWS\system32\WMI.dll - Microsoft Corporation
             DHCPCSVC.DLL - C:\WINDOWS\system32\DHCPCSVC.DLL - Microsoft Corporation
             EapolQec.dll - C:\WINDOWS\system32\EapolQec.dll - Microsoft Corporation
             QUtil.dll - C:\WINDOWS\system32\QUtil.dll - Microsoft Corporation
             ESENT.dll - C:\WINDOWS\system32\ESENT.dll - Microsoft Corporation
             SYMRDRSV.DLL - C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.9.0.9\SYMRDRSV.DLL - Symantec Corporation
             HNCORE.DLL - C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.9.0.9\HNCORE.DLL - Symantec Corporation
             SymNeti.dll - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\SymNeti.dll - Symantec Corporation
             APPMGR32.DLL - C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.9.0.9\APPMGR32.DLL - Symantec Corporation
             avModule.dll - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\avModule.dll - Symantec Corporation
             NCW.DLL - C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.9.0.9\NCW.DLL - Symantec Corporation
             MPR.dll - C:\WINDOWS\system32\MPR.dll - Microsoft Corporation
             cltPE.dll - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\cltPE.dll - Symantec Corporation
             AVPSVC32.DLL - C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.9.0.9\AVPSVC32.DLL - Symantec Corporation
             POWRPROF.dll - C:\WINDOWS\system32\POWRPROF.dll - Microsoft Corporation
             IDSxpx86.dll - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20121114.001\IDSxpx86.dll - Symantec Corporation
             AVIfc.dll - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\AVIfc.dll - Symantec Corporation
             coDataPr.dll - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\coDataPr.dll - Symantec Corporation
             coShdObj.dll - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\coShdObj.dll - Symantec Corporation
             SQSVC.DLL - C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.9.0.9\SQSVC.DLL - Symantec Corporation
             QSPLUGIN.DLL - C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.9.0.9\QSPLUGIN.DLL - Symantec Corporation
             CLTLMS.DLL - C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.9.0.9\CLTLMS.DLL - Symantec Corporation
             mswsock.dll - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation
             hnetcfg.dll - C:\WINDOWS\system32\hnetcfg.dll - Microsoft Corporation
             wshtcpip.dll - C:\WINDOWS\System32\wshtcpip.dll - Microsoft Corporation
             AVMail.dll - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\AVMail.dll - Symantec Corporation
             asEngine.dll - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\asEngine.dll - Symantec Corporation
             BHSVCPLG.DLL - C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.9.0.9\BHSVCPLG.DLL - Symantec Corporation
             SPOCCLNT.DLL - C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.9.0.9\SPOCCLNT.DLL - Symantec Corporation
             DATASTOR.DLL - C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.9.0.9\DATASTOR.DLL - Symantec Corporation
             DSCli.dll - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\DSCli.dll - Symantec Corporation
             BHClient.dll - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\BHClient.dll - Symantec Corporation
             SQLite.dll - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\SQLite.dll - Symantec Corporation
             COMM.DLL - C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.9.0.9\COMM.DLL - Symantec Corporation
             USERLOG.DLL - C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.9.0.9\USERLOG.DLL - Symantec Corporation
             IPSPLUG.DLL - C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.9.0.9\IPSPLUG.DLL - Symantec Corporation
             FWCORE.DLL - C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.9.0.9\FWCORE.DLL - Symantec Corporation
             ProxyClt.dll - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ProxyClt.dll - Symantec Corporation
             FWGenPlg.dll - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\FWGenPlg.dll - Symantec Corporation
             BHEngine.dll - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20121106.001\BHEngine.dll - Symantec Corporation
             NTMARTA.DLL - C:\WINDOWS\system32\NTMARTA.DLL - Microsoft Corporation
             FWSetup.dll - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\FWSetup.dll - Symantec Corporation
             diStRptr.dll - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\diStRptr.dll - Symantec Corporation
             rasadhlp.dll - C:\WINDOWS\system32\rasadhlp.dll - Microsoft Corporation
             QBackup.dll - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\QBackup.dll - Symantec Corporation
             IMCfg.dll - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\IMCfg.dll - Symantec Corporation
             PDH.DLL - C:\WINDOWS\system32\PDH.DLL - Microsoft Corporation
             comdlg32.dll - C:\WINDOWS\system32\comdlg32.dll - Microsoft Corporation
             ODBC32.dll - C:\WINDOWS\system32\ODBC32.dll - Microsoft Corporation
             odbcbcp.dll - C:\WINDOWS\system32\odbcbcp.dll - Microsoft Corporation
             odbcint.dll - C:\WINDOWS\system32\odbcint.dll - Microsoft Corporation
             AVPAPP32.dll - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\AVPAPP32.dll - Symantec Corporation
             asHelper.dll - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\asHelper.dll - Symantec Corporation
             schannel.dll - C:\WINDOWS\system32\schannel.dll - Microsoft Corporation
             dssenh.dll - C:\WINDOWS\system32\dssenh.dll - Microsoft Corporation
             ccScanw.dll - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccScanw.dll - Symantec Corporation
             ecmldr32.dll - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ecmldr32.dll - Symantec Corporation
             ecmsvr32.dll - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121114.008\ecmsvr32.dll - Symantec Corporation
             NAVEX32a.DLL - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121114.008\NAVEX32a.DLL - Symantec Corporation
             NAVENG32.DLL - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121114.008\NAVENG32.DLL - Symantec Corporation
             dec_abi.dll - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\dec_abi.dll - Symantec Corporation
             msl.dll - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\msl.dll - Symantec Corporation
             perfdisk.dll - C:\WINDOWS\system32\perfdisk.dll - Microsoft Corporation
             msxml3.dll - C:\WINDOWS\system32\msxml3.dll - Microsoft Corporation
             ccEraser.dll - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121114.008\ccEraser.dll - Symantec Corporation
             winrnr.dll - C:\WINDOWS\System32\winrnr.dll - Microsoft Corporation
             NUMEng.dll - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\NUMEng.dll - Symantec Corporation
             LUE.DLL - C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.9.0.9\LUE.DLL - Symantec Corporation
             FltLib.dll - C:\WINDOWS\system32\FltLib.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[svchost.exe]Modules
             svchost.exe - C:\WINDOWS\system32\svchost.exe - Microsoft Corporation
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             Secur32.dll - C:\WINDOWS\system32\Secur32.dll - Microsoft Corporation
             ShimEng.dll - C:\WINDOWS\system32\ShimEng.dll - Microsoft Corporation
             AcGenral.DLL - C:\WINDOWS\AppPatch\AcGenral.DLL - Microsoft Corporation
             USER32.dll - C:\WINDOWS\system32\USER32.dll - Microsoft Corporation
             GDI32.dll - C:\WINDOWS\system32\GDI32.dll - Microsoft Corporation
             WINMM.dll - C:\WINDOWS\system32\WINMM.dll - Microsoft Corporation
             ole32.dll - C:\WINDOWS\system32\ole32.dll - Microsoft Corporation
             msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             OLEAUT32.dll - C:\WINDOWS\system32\OLEAUT32.dll - Microsoft Corporation
             MSACM32.dll - C:\WINDOWS\system32\MSACM32.dll - Microsoft Corporation
             VERSION.dll - C:\WINDOWS\system32\VERSION.dll - Microsoft Corporation
             SHELL32.dll - C:\WINDOWS\system32\SHELL32.dll - Microsoft Corporation
             SHLWAPI.dll - C:\WINDOWS\system32\SHLWAPI.dll - Microsoft Corporation
             USERENV.dll - C:\WINDOWS\system32\USERENV.dll - Microsoft Corporation
             UxTheme.dll - C:\WINDOWS\system32\UxTheme.dll - Microsoft Corporation
             IMM32.DLL - C:\WINDOWS\system32\IMM32.DLL - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\system32\comctl32.dll - Microsoft Corporation
             wiaservc.dll - c:\windows\system32\wiaservc.dll - Microsoft Corporation
             CFGMGR32.dll - c:\windows\system32\CFGMGR32.dll - Microsoft Corporation
             setupapi.DLL - c:\windows\system32\setupapi.DLL - Microsoft Corporation
             mscms.dll - c:\windows\system32\mscms.dll - Microsoft Corporation
             WINSPOOL.DRV - c:\windows\system32\WINSPOOL.DRV - Microsoft Corporation
             WINSTA.dll - c:\windows\system32\WINSTA.dll - Microsoft Corporation
             NETAPI32.dll - c:\windows\system32\NETAPI32.dll - Microsoft Corporation
             xpsp2res.dll - C:\WINDOWS\system32\xpsp2res.dll - Microsoft Corporation
             CLBCATQ.DLL - C:\WINDOWS\system32\CLBCATQ.DLL - Microsoft Corporation
             COMRes.dll - C:\WINDOWS\system32\COMRes.dll - Microsoft Corporation
             WINTRUST.dll - C:\WINDOWS\system32\WINTRUST.dll - Microsoft Corporation
             CRYPT32.dll - C:\WINDOWS\system32\CRYPT32.dll - Microsoft Corporation
             MSASN1.dll - C:\WINDOWS\system32\MSASN1.dll - Microsoft Corporation
             IMAGEHLP.dll - C:\WINDOWS\system32\IMAGEHLP.dll - Microsoft Corporation
             actxprxy.dll - C:\WINDOWS\system32\actxprxy.dll - Microsoft Corporation
             sti.dll - C:\WINDOWS\system32\sti.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[explorer.exe]Modules
             Explorer.EXE - C:\WINDOWS\Explorer.EXE - Microsoft Corporation
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             Secur32.dll - C:\WINDOWS\system32\Secur32.dll - Microsoft Corporation
             BROWSEUI.dll - C:\WINDOWS\system32\BROWSEUI.dll - Microsoft Corporation
             GDI32.dll - C:\WINDOWS\system32\GDI32.dll - Microsoft Corporation
             USER32.dll - C:\WINDOWS\system32\USER32.dll - Microsoft Corporation
             msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             ole32.dll - C:\WINDOWS\system32\ole32.dll - Microsoft Corporation
             SHLWAPI.dll - C:\WINDOWS\system32\SHLWAPI.dll - Microsoft Corporation
             OLEAUT32.dll - C:\WINDOWS\system32\OLEAUT32.dll - Microsoft Corporation
             SHDOCVW.dll - C:\WINDOWS\system32\SHDOCVW.dll - Microsoft Corporation
             CRYPT32.dll - C:\WINDOWS\system32\CRYPT32.dll - Microsoft Corporation
             MSASN1.dll - C:\WINDOWS\system32\MSASN1.dll - Microsoft Corporation
             CRYPTUI.dll - C:\WINDOWS\system32\CRYPTUI.dll - Microsoft Corporation
             NETAPI32.dll - C:\WINDOWS\system32\NETAPI32.dll - Microsoft Corporation
             VERSION.dll - C:\WINDOWS\system32\VERSION.dll - Microsoft Corporation
             WININET.dll - C:\WINDOWS\system32\WININET.dll - Microsoft Corporation
             Normaliz.dll - C:\WINDOWS\system32\Normaliz.dll - Microsoft Corporation
             urlmon.dll - C:\WINDOWS\system32\urlmon.dll - Microsoft Corporation
             iertutil.dll - C:\WINDOWS\system32\iertutil.dll - Microsoft Corporation
             WINTRUST.dll - C:\WINDOWS\system32\WINTRUST.dll - Microsoft Corporation
             IMAGEHLP.dll - C:\WINDOWS\system32\IMAGEHLP.dll - Microsoft Corporation
             WLDAP32.dll - C:\WINDOWS\system32\WLDAP32.dll - Microsoft Corporation
             SHELL32.dll - C:\WINDOWS\system32\SHELL32.dll - Microsoft Corporation
             UxTheme.dll - C:\WINDOWS\system32\UxTheme.dll - Microsoft Corporation
             ShimEng.dll - C:\WINDOWS\system32\ShimEng.dll - Microsoft Corporation
             AcGenral.DLL - C:\WINDOWS\AppPatch\AcGenral.DLL - Microsoft Corporation
             WINMM.dll - C:\WINDOWS\system32\WINMM.dll - Microsoft Corporation
             MSACM32.dll - C:\WINDOWS\system32\MSACM32.dll - Microsoft Corporation
             USERENV.dll - C:\WINDOWS\system32\USERENV.dll - Microsoft Corporation
             IMM32.DLL - C:\WINDOWS\system32\IMM32.DLL - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\system32\comctl32.dll - Microsoft Corporation
             msctfime.ime - C:\WINDOWS\system32\msctfime.ime - Microsoft Corporation
             appHelp.dll - C:\WINDOWS\system32\appHelp.dll - Microsoft Corporation
             CLBCATQ.DLL - C:\WINDOWS\system32\CLBCATQ.DLL - Microsoft Corporation
             COMRes.dll - C:\WINDOWS\system32\COMRes.dll - Microsoft Corporation
             GROOVEEX.DLL - C:\PROGRA~1\MIC279~1\Office14\GROOVEEX.DLL - Microsoft Corporation
             MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             MSVCP90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCP90.dll - Microsoft Corporation
             ATL90.DLL - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\ATL90.DLL - Microsoft Corporation
             office.odf - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf - 
             GrooveIntlResource.dll - C:\PROGRA~1\MIC279~1\Office14\1033\GrooveIntlResource.dll - 
             cscui.dll - C:\WINDOWS\System32\cscui.dll - Microsoft Corporation
             CSCDLL.dll - C:\WINDOWS\System32\CSCDLL.dll - Microsoft Corporation
             themeui.dll - C:\WINDOWS\system32\themeui.dll - Microsoft Corporation
             MSIMG32.dll - C:\WINDOWS\system32\MSIMG32.dll - Microsoft Corporation
             xpsp2res.dll - C:\WINDOWS\system32\xpsp2res.dll - Microsoft Corporation
             rsaenh.dll - C:\WINDOWS\system32\rsaenh.dll - Microsoft Corporation
             ntshrui.dll - C:\WINDOWS\system32\ntshrui.dll - Microsoft Corporation
             ATL.DLL - C:\WINDOWS\system32\ATL.DLL - Microsoft Corporation
             SETUPAPI.dll - C:\WINDOWS\system32\SETUPAPI.dll - Microsoft Corporation
             LINKINFO.dll - C:\WINDOWS\system32\LINKINFO.dll - Microsoft Corporation
             msxml3.dll - C:\WINDOWS\system32\msxml3.dll - Microsoft Corporation
             ieframe.dll - C:\WINDOWS\system32\ieframe.dll - Microsoft Corporation
             msi.dll - C:\WINDOWS\system32\msi.dll - Microsoft Corporation
             NETSHELL.dll - C:\WINDOWS\system32\NETSHELL.dll - Microsoft Corporation
             credui.dll - C:\WINDOWS\system32\credui.dll - Microsoft Corporation
             dot3api.dll - C:\WINDOWS\system32\dot3api.dll - Microsoft Corporation
             rtutils.dll - C:\WINDOWS\system32\rtutils.dll - Microsoft Corporation
             dot3dlg.dll - C:\WINDOWS\system32\dot3dlg.dll - Microsoft Corporation
             OneX.DLL - C:\WINDOWS\system32\OneX.DLL - Microsoft Corporation
             WTSAPI32.dll - C:\WINDOWS\system32\WTSAPI32.dll - Microsoft Corporation
             WINSTA.dll - C:\WINDOWS\system32\WINSTA.dll - Microsoft Corporation
             eappcfg.dll - C:\WINDOWS\system32\eappcfg.dll - Microsoft Corporation
             MSVCP60.dll - C:\WINDOWS\system32\MSVCP60.dll - Microsoft Corporation
             eappprxy.dll - C:\WINDOWS\system32\eappprxy.dll - Microsoft Corporation
             iphlpapi.dll - C:\WINDOWS\system32\iphlpapi.dll - Microsoft Corporation
             WS2_32.dll - C:\WINDOWS\system32\WS2_32.dll - Microsoft Corporation
             WS2HELP.dll - C:\WINDOWS\system32\WS2HELP.dll - Microsoft Corporation
             webcheck.dll - C:\WINDOWS\system32\webcheck.dll - Microsoft Corporation
             MLANG.dll - C:\WINDOWS\system32\MLANG.dll - Microsoft Corporation
             stobject.dll - C:\WINDOWS\system32\stobject.dll - Microsoft Corporation
             BatMeter.dll - C:\WINDOWS\system32\BatMeter.dll - Microsoft Corporation
             POWRPROF.dll - C:\WINDOWS\system32\POWRPROF.dll - Microsoft Corporation
             WPDShServiceObj.dll - C:\WINDOWS\system32\WPDShServiceObj.dll - Microsoft Corporation
             WINHTTP.dll - C:\WINDOWS\system32\WINHTTP.dll - Microsoft Corporation
             mydocs.dll - C:\WINDOWS\system32\mydocs.dll - Microsoft Corporation
             PortableDeviceTypes.dll - C:\WINDOWS\system32\PortableDeviceTypes.dll - Microsoft Corporation
             PortableDeviceApi.dll - C:\WINDOWS\system32\PortableDeviceApi.dll - Microsoft Corporation
             wdmaud.drv - C:\WINDOWS\system32\wdmaud.drv - Microsoft Corporation
             msacm32.drv - C:\WINDOWS\system32\msacm32.drv - Microsoft Corporation
             midimap.dll - C:\WINDOWS\system32\midimap.dll - Microsoft Corporation
             fxsst.dll - C:\WINDOWS\system32\fxsst.dll - Microsoft Corporation
             WINSPOOL.DRV - C:\WINDOWS\system32\WINSPOOL.DRV - Microsoft Corporation
             FXSAPI.dll - C:\WINDOWS\system32\FXSAPI.dll - Microsoft Corporation
             NTMARTA.DLL - C:\WINDOWS\system32\NTMARTA.DLL - Microsoft Corporation
             SAMLIB.dll - C:\WINDOWS\system32\SAMLIB.dll - Microsoft Corporation
             MPR.dll - C:\WINDOWS\system32\MPR.dll - Microsoft Corporation
             drprov.dll - C:\WINDOWS\System32\drprov.dll - Microsoft Corporation
             ntlanman.dll - C:\WINDOWS\System32\ntlanman.dll - Microsoft Corporation
             NETUI0.dll - C:\WINDOWS\System32\NETUI0.dll - Microsoft Corporation
             NETUI1.dll - C:\WINDOWS\System32\NETUI1.dll - Microsoft Corporation
             NETRAP.dll - C:\WINDOWS\System32\NETRAP.dll - Microsoft Corporation
             davclnt.dll - C:\WINDOWS\System32\davclnt.dll - Microsoft Corporation
             SXS.DLL - C:\WINDOWS\system32\SXS.DLL - Microsoft Corporation
             browselc.dll - C:\WINDOWS\system32\browselc.dll - Microsoft Corporation
             AcroIEHelper.dll - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - Adobe Systems Incorporated
             MSVCR80.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll - Microsoft Corporation
             MSFTEDIT.DLL - C:\WINDOWS\system32\MSFTEDIT.DLL - Microsoft Corporation
             DUSER.dll - C:\WINDOWS\system32\DUSER.dll - Microsoft Corporation
             MSGINA.dll - C:\WINDOWS\system32\MSGINA.dll - Microsoft Corporation
             ODBC32.dll - C:\WINDOWS\system32\ODBC32.dll - Microsoft Corporation
             comdlg32.dll - C:\WINDOWS\system32\comdlg32.dll - Microsoft Corporation
             odbcint.dll - C:\WINDOWS\system32\odbcint.dll - Microsoft Corporation
             sti.dll - C:\WINDOWS\system32\sti.dll - Microsoft Corporation
             CFGMGR32.dll - C:\WINDOWS\system32\CFGMGR32.dll - Microsoft Corporation
             PDFShell.dll - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll - Adobe Systems, Inc.
             MSNLNamespaceMgr.dll - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[ALCXMNTR.EXE]Modules
             ALCXMNTR.EXE - C:\WINDOWS\ALCXMNTR.EXE - Realtek Semiconductor Corp.
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             DSOUND.dll - C:\WINDOWS\system32\DSOUND.dll - Microsoft Corporation
             ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             Secur32.dll - C:\WINDOWS\system32\Secur32.dll - Microsoft Corporation
             msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             ole32.dll - C:\WINDOWS\system32\ole32.dll - Microsoft Corporation
             GDI32.dll - C:\WINDOWS\system32\GDI32.dll - Microsoft Corporation
             USER32.dll - C:\WINDOWS\system32\USER32.dll - Microsoft Corporation
             VERSION.dll - C:\WINDOWS\system32\VERSION.dll - Microsoft Corporation
             WINMM.dll - C:\WINDOWS\system32\WINMM.dll - Microsoft Corporation
             SETUPAPI.dll - C:\WINDOWS\system32\SETUPAPI.dll - Microsoft Corporation
             SHELL32.dll - C:\WINDOWS\system32\SHELL32.dll - Microsoft Corporation
             SHLWAPI.dll - C:\WINDOWS\system32\SHLWAPI.dll - Microsoft Corporation
             IMM32.DLL - C:\WINDOWS\system32\IMM32.DLL - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\system32\comctl32.dll - Microsoft Corporation
             WINTRUST.dll - C:\WINDOWS\system32\WINTRUST.dll - Microsoft Corporation
             CRYPT32.dll - C:\WINDOWS\system32\CRYPT32.dll - Microsoft Corporation
             MSASN1.dll - C:\WINDOWS\system32\MSASN1.dll - Microsoft Corporation
             IMAGEHLP.dll - C:\WINDOWS\system32\IMAGEHLP.dll - Microsoft Corporation
             uxtheme.dll - C:\WINDOWS\system32\uxtheme.dll - Microsoft Corporation
             msctfime.ime - C:\WINDOWS\system32\msctfime.ime - Microsoft Corporation
             wdmaud.drv - C:\WINDOWS\system32\wdmaud.drv - Microsoft Corporation
             msacm32.drv - C:\WINDOWS\system32\msacm32.drv - Microsoft Corporation
             MSACM32.dll - C:\WINDOWS\system32\MSACM32.dll - Microsoft Corporation
             midimap.dll - C:\WINDOWS\system32\midimap.dll - Microsoft Corporation
             KsUser.dll - C:\WINDOWS\system32\KsUser.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[services.exe]Modules
             services.exe - C:\WINDOWS\system32\services.exe - Microsoft Corporation
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             Secur32.dll - C:\WINDOWS\system32\Secur32.dll - Microsoft Corporation
             msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             NCObjAPI.DLL - C:\WINDOWS\system32\NCObjAPI.DLL - Microsoft Corporation
             MSVCP60.dll - C:\WINDOWS\system32\MSVCP60.dll - Microsoft Corporation
             SCESRV.dll - C:\WINDOWS\system32\SCESRV.dll - Microsoft Corporation
             AUTHZ.dll - C:\WINDOWS\system32\AUTHZ.dll - Microsoft Corporation
             USER32.dll - C:\WINDOWS\system32\USER32.dll - Microsoft Corporation
             GDI32.dll - C:\WINDOWS\system32\GDI32.dll - Microsoft Corporation
             USERENV.dll - C:\WINDOWS\system32\USERENV.dll - Microsoft Corporation
             umpnpmgr.dll - C:\WINDOWS\system32\umpnpmgr.dll - Microsoft Corporation
             WINSTA.dll - C:\WINDOWS\system32\WINSTA.dll - Microsoft Corporation
             NETAPI32.dll - C:\WINDOWS\system32\NETAPI32.dll - Microsoft Corporation
             ShimEng.dll - C:\WINDOWS\system32\ShimEng.dll - Microsoft Corporation
             AcAdProc.dll - C:\WINDOWS\AppPatch\AcAdProc.dll - Microsoft Corporation
             IMM32.DLL - C:\WINDOWS\system32\IMM32.DLL - Microsoft Corporation
             Apphelp.dll - C:\WINDOWS\system32\Apphelp.dll - Microsoft Corporation
             VERSION.dll - C:\WINDOWS\system32\VERSION.dll - Microsoft Corporation
             eventlog.dll - C:\WINDOWS\system32\eventlog.dll - Microsoft Corporation
             PSAPI.DLL - C:\WINDOWS\system32\PSAPI.DLL - Microsoft Corporation
             WS2_32.dll - C:\WINDOWS\system32\WS2_32.dll - Microsoft Corporation
             WS2HELP.dll - C:\WINDOWS\system32\WS2HELP.dll - Microsoft Corporation
             wtsapi32.dll - C:\WINDOWS\system32\wtsapi32.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[smss.exe]Modules
             smss.exe - C:\WINDOWS\System32\smss.exe - Microsoft Corporation
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[svchost.exe]Modules
             svchost.exe - C:\WINDOWS\system32\svchost.exe - Microsoft Corporation
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             Secur32.dll - C:\WINDOWS\system32\Secur32.dll - Microsoft Corporation
             ShimEng.dll - C:\WINDOWS\system32\ShimEng.dll - Microsoft Corporation
             AcGenral.DLL - C:\WINDOWS\AppPatch\AcGenral.DLL - Microsoft Corporation
             USER32.dll - C:\WINDOWS\system32\USER32.dll - Microsoft Corporation
             GDI32.dll - C:\WINDOWS\system32\GDI32.dll - Microsoft Corporation
             WINMM.dll - C:\WINDOWS\system32\WINMM.dll - Microsoft Corporation
             ole32.dll - C:\WINDOWS\system32\ole32.dll - Microsoft Corporation
             msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             OLEAUT32.dll - C:\WINDOWS\system32\OLEAUT32.dll - Microsoft Corporation
             MSACM32.dll - C:\WINDOWS\system32\MSACM32.dll - Microsoft Corporation
             VERSION.dll - C:\WINDOWS\system32\VERSION.dll - Microsoft Corporation
             SHELL32.dll - C:\WINDOWS\system32\SHELL32.dll - Microsoft Corporation
             SHLWAPI.dll - C:\WINDOWS\system32\SHLWAPI.dll - Microsoft Corporation
             USERENV.dll - C:\WINDOWS\system32\USERENV.dll - Microsoft Corporation
             UxTheme.dll - C:\WINDOWS\system32\UxTheme.dll - Microsoft Corporation
             IMM32.DLL - C:\WINDOWS\system32\IMM32.DLL - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\system32\comctl32.dll - Microsoft Corporation
             NTMARTA.DLL - C:\WINDOWS\system32\NTMARTA.DLL - Microsoft Corporation
             SAMLIB.dll - C:\WINDOWS\system32\SAMLIB.dll - Microsoft Corporation
             WLDAP32.dll - C:\WINDOWS\system32\WLDAP32.dll - Microsoft Corporation
             rpcss.dll - c:\windows\system32\rpcss.dll - Microsoft Corporation
             WS2_32.dll - c:\windows\system32\WS2_32.dll - Microsoft Corporation
             WS2HELP.dll - c:\windows\system32\WS2HELP.dll - Microsoft Corporation
             xpsp2res.dll - C:\WINDOWS\system32\xpsp2res.dll - Microsoft Corporation
             CLBCATQ.DLL - C:\WINDOWS\system32\CLBCATQ.DLL - Microsoft Corporation
             COMRes.dll - C:\WINDOWS\system32\COMRes.dll - Microsoft Corporation
             termsrv.dll - c:\windows\system32\termsrv.dll - Microsoft Corporation
             ICAAPI.dll - c:\windows\system32\ICAAPI.dll - Microsoft Corporation
             SETUPAPI.dll - c:\windows\system32\SETUPAPI.dll - Microsoft Corporation
             WINTRUST.dll - c:\windows\system32\WINTRUST.dll - Microsoft Corporation
             CRYPT32.dll - c:\windows\system32\CRYPT32.dll - Microsoft Corporation
             MSASN1.dll - c:\windows\system32\MSASN1.dll - Microsoft Corporation
             IMAGEHLP.dll - C:\WINDOWS\system32\IMAGEHLP.dll - Microsoft Corporation
             AUTHZ.dll - c:\windows\system32\AUTHZ.dll - Microsoft Corporation
             mstlsapi.dll - c:\windows\system32\mstlsapi.dll - Microsoft Corporation
             ACTIVEDS.dll - c:\windows\system32\ACTIVEDS.dll - Microsoft Corporation
             adsldpc.dll - c:\windows\system32\adsldpc.dll - Microsoft Corporation
             NETAPI32.dll - c:\windows\system32\NETAPI32.dll - Microsoft Corporation
             ATL.DLL - c:\windows\system32\ATL.DLL - Microsoft Corporation
             REGAPI.dll - C:\WINDOWS\system32\REGAPI.dll - Microsoft Corporation
             rsaenh.dll - C:\WINDOWS\system32\rsaenh.dll - Microsoft Corporation
             Apphelp.dll - C:\WINDOWS\system32\Apphelp.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[winlogon.exe]Modules
             winlogon.exe - C:\WINDOWS\system32\winlogon.exe - Microsoft Corporation
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             Secur32.dll - C:\WINDOWS\system32\Secur32.dll - Microsoft Corporation
             AUTHZ.dll - C:\WINDOWS\system32\AUTHZ.dll - Microsoft Corporation
             msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             CRYPT32.dll - C:\WINDOWS\system32\CRYPT32.dll - Microsoft Corporation
             MSASN1.dll - C:\WINDOWS\system32\MSASN1.dll - Microsoft Corporation
             USER32.dll - C:\WINDOWS\system32\USER32.dll - Microsoft Corporation
             GDI32.dll - C:\WINDOWS\system32\GDI32.dll - Microsoft Corporation
             NDdeApi.dll - C:\WINDOWS\system32\NDdeApi.dll - Microsoft Corporation
             PROFMAP.dll - C:\WINDOWS\system32\PROFMAP.dll - Microsoft Corporation
             NETAPI32.dll - C:\WINDOWS\system32\NETAPI32.dll - Microsoft Corporation
             USERENV.dll - C:\WINDOWS\system32\USERENV.dll - Microsoft Corporation
             PSAPI.DLL - C:\WINDOWS\system32\PSAPI.DLL - Microsoft Corporation
             REGAPI.dll - C:\WINDOWS\system32\REGAPI.dll - Microsoft Corporation
             SETUPAPI.dll - C:\WINDOWS\system32\SETUPAPI.dll - Microsoft Corporation
             VERSION.dll - C:\WINDOWS\system32\VERSION.dll - Microsoft Corporation
             WINSTA.dll - C:\WINDOWS\system32\WINSTA.dll - Microsoft Corporation
             WINTRUST.dll - C:\WINDOWS\system32\WINTRUST.dll - Microsoft Corporation
             IMAGEHLP.dll - C:\WINDOWS\system32\IMAGEHLP.dll - Microsoft Corporation
             WS2_32.dll - C:\WINDOWS\system32\WS2_32.dll - Microsoft Corporation
             WS2HELP.dll - C:\WINDOWS\system32\WS2HELP.dll - Microsoft Corporation
             IMM32.DLL - C:\WINDOWS\system32\IMM32.DLL - Microsoft Corporation
             MSGINA.dll - C:\WINDOWS\system32\MSGINA.dll - Microsoft Corporation
             COMCTL32.dll - C:\WINDOWS\system32\COMCTL32.dll - Microsoft Corporation
             ODBC32.dll - C:\WINDOWS\system32\ODBC32.dll - Microsoft Corporation
             comdlg32.dll - C:\WINDOWS\system32\comdlg32.dll - Microsoft Corporation
             SHELL32.dll - C:\WINDOWS\system32\SHELL32.dll - Microsoft Corporation
             SHLWAPI.dll - C:\WINDOWS\system32\SHLWAPI.dll - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll - Microsoft Corporation
             odbcint.dll - C:\WINDOWS\system32\odbcint.dll - Microsoft Corporation
             SHSVCS.dll - C:\WINDOWS\system32\SHSVCS.dll - Microsoft Corporation
             sfc.dll - C:\WINDOWS\system32\sfc.dll - Microsoft Corporation
             sfc_os.dll - C:\WINDOWS\system32\sfc_os.dll - Microsoft Corporation
             ole32.dll - C:\WINDOWS\system32\ole32.dll - Microsoft Corporation
             Apphelp.dll - C:\WINDOWS\system32\Apphelp.dll - Microsoft Corporation
             msctfime.ime - C:\WINDOWS\system32\msctfime.ime - Microsoft Corporation
             WINSCARD.DLL - C:\WINDOWS\system32\WINSCARD.DLL - Microsoft Corporation
             WTSAPI32.dll - C:\WINDOWS\system32\WTSAPI32.dll - Microsoft Corporation
             WINMM.dll - C:\WINDOWS\system32\WINMM.dll - Microsoft Corporation
             sxs.dll - C:\WINDOWS\system32\sxs.dll - Microsoft Corporation
             uxtheme.dll - C:\WINDOWS\system32\uxtheme.dll - Microsoft Corporation
             cscdll.dll - C:\WINDOWS\system32\cscdll.dll - Microsoft Corporation
             dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll - Microsoft Corporation
             rsaenh.dll - C:\WINDOWS\system32\rsaenh.dll - Microsoft Corporation
             WlNotify.dll - C:\WINDOWS\system32\WlNotify.dll - Microsoft Corporation
             MPR.dll - C:\WINDOWS\system32\MPR.dll - Microsoft Corporation
             WINSPOOL.DRV - C:\WINDOWS\system32\WINSPOOL.DRV - Microsoft Corporation
             SAMLIB.dll - C:\WINDOWS\system32\SAMLIB.dll - Microsoft Corporation
             msv1_0.dll - C:\WINDOWS\system32\msv1_0.dll - Microsoft Corporation
             iphlpapi.dll - C:\WINDOWS\system32\iphlpapi.dll - Microsoft Corporation
             cscui.dll - C:\WINDOWS\system32\cscui.dll - Microsoft Corporation
             xpsp2res.dll - C:\WINDOWS\system32\xpsp2res.dll - Microsoft Corporation
             NTMARTA.DLL - C:\WINDOWS\system32\NTMARTA.DLL - Microsoft Corporation
             WLDAP32.dll - C:\WINDOWS\system32\WLDAP32.dll - Microsoft Corporation
             wdmaud.drv - C:\WINDOWS\system32\wdmaud.drv - Microsoft Corporation
             msacm32.drv - C:\WINDOWS\system32\msacm32.drv - Microsoft Corporation
             MSACM32.dll - C:\WINDOWS\system32\MSACM32.dll - Microsoft Corporation
             midimap.dll - C:\WINDOWS\system32\midimap.dll - Microsoft Corporation
             COMRes.dll - C:\WINDOWS\system32\COMRes.dll - Microsoft Corporation
             OLEAUT32.dll - C:\WINDOWS\system32\OLEAUT32.dll - Microsoft Corporation
             CLBCATQ.DLL - C:\WINDOWS\system32\CLBCATQ.DLL - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[csrss.exe]Modules
             csrss.exe - C:\WINDOWS\system32\csrss.exe - Microsoft Corporation
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             CSRSRV.dll - C:\WINDOWS\system32\CSRSRV.dll - Microsoft Corporation
             basesrv.dll - C:\WINDOWS\system32\basesrv.dll - Microsoft Corporation
             winsrv.dll - C:\WINDOWS\system32\winsrv.dll - Microsoft Corporation
             GDI32.dll - C:\WINDOWS\system32\GDI32.dll - Microsoft Corporation
             KERNEL32.dll - C:\WINDOWS\system32\KERNEL32.dll - Microsoft Corporation
             USER32.dll - C:\WINDOWS\system32\USER32.dll - Microsoft Corporation
             sxs.dll - C:\WINDOWS\system32\sxs.dll - Microsoft Corporation
             ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             Secur32.dll - C:\WINDOWS\system32\Secur32.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[lsass.exe]Modules
             lsass.exe - C:\WINDOWS\system32\lsass.exe - Microsoft Corporation
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             Secur32.dll - C:\WINDOWS\system32\Secur32.dll - Microsoft Corporation
             LSASRV.dll - C:\WINDOWS\system32\LSASRV.dll - Microsoft Corporation
             MPR.dll - C:\WINDOWS\system32\MPR.dll - Microsoft Corporation
             USER32.dll - C:\WINDOWS\system32\USER32.dll - Microsoft Corporation
             GDI32.dll - C:\WINDOWS\system32\GDI32.dll - Microsoft Corporation
             MSASN1.dll - C:\WINDOWS\system32\MSASN1.dll - Microsoft Corporation
             msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             NETAPI32.dll - C:\WINDOWS\system32\NETAPI32.dll - Microsoft Corporation
             NTDSAPI.dll - C:\WINDOWS\system32\NTDSAPI.dll - Microsoft Corporation
             DNSAPI.dll - C:\WINDOWS\system32\DNSAPI.dll - Microsoft Corporation
             WS2_32.dll - C:\WINDOWS\system32\WS2_32.dll - Microsoft Corporation
             WS2HELP.dll - C:\WINDOWS\system32\WS2HELP.dll - Microsoft Corporation
             WLDAP32.dll - C:\WINDOWS\system32\WLDAP32.dll - Microsoft Corporation
             SAMLIB.dll - C:\WINDOWS\system32\SAMLIB.dll - Microsoft Corporation
             SAMSRV.dll - C:\WINDOWS\system32\SAMSRV.dll - Microsoft Corporation
             cryptdll.dll - C:\WINDOWS\system32\cryptdll.dll - Microsoft Corporation
             ShimEng.dll - C:\WINDOWS\system32\ShimEng.dll - Microsoft Corporation
             AcGenral.DLL - C:\WINDOWS\AppPatch\AcGenral.DLL - Microsoft Corporation
             WINMM.dll - C:\WINDOWS\system32\WINMM.dll - Microsoft Corporation
             ole32.dll - C:\WINDOWS\system32\ole32.dll - Microsoft Corporation
             OLEAUT32.dll - C:\WINDOWS\system32\OLEAUT32.dll - Microsoft Corporation
             MSACM32.dll - C:\WINDOWS\system32\MSACM32.dll - Microsoft Corporation
             VERSION.dll - C:\WINDOWS\system32\VERSION.dll - Microsoft Corporation
             SHELL32.dll - C:\WINDOWS\system32\SHELL32.dll - Microsoft Corporation
             SHLWAPI.dll - C:\WINDOWS\system32\SHLWAPI.dll - Microsoft Corporation
             USERENV.dll - C:\WINDOWS\system32\USERENV.dll - Microsoft Corporation
             UxTheme.dll - C:\WINDOWS\system32\UxTheme.dll - Microsoft Corporation
             IMM32.DLL - C:\WINDOWS\system32\IMM32.DLL - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\system32\comctl32.dll - Microsoft Corporation
             msprivs.dll - C:\WINDOWS\system32\msprivs.dll - Microsoft Corporation
             kerberos.dll - C:\WINDOWS\system32\kerberos.dll - Microsoft Corporation
             msv1_0.dll - C:\WINDOWS\system32\msv1_0.dll - Microsoft Corporation
             iphlpapi.dll - C:\WINDOWS\system32\iphlpapi.dll - Microsoft Corporation
             netlogon.dll - C:\WINDOWS\system32\netlogon.dll - Microsoft Corporation
             w32time.dll - C:\WINDOWS\system32\w32time.dll - Microsoft Corporation
             MSVCP60.dll - C:\WINDOWS\system32\MSVCP60.dll - Microsoft Corporation
             schannel.dll - C:\WINDOWS\system32\schannel.dll - Microsoft Corporation
             CRYPT32.dll - C:\WINDOWS\system32\CRYPT32.dll - Microsoft Corporation
             wdigest.dll - C:\WINDOWS\system32\wdigest.dll - Microsoft Corporation
             rsaenh.dll - C:\WINDOWS\system32\rsaenh.dll - Microsoft Corporation
             scecli.dll - C:\WINDOWS\system32\scecli.dll - Microsoft Corporation
             SETUPAPI.dll - C:\WINDOWS\system32\SETUPAPI.dll - Microsoft Corporation
             ipsecsvc.dll - C:\WINDOWS\system32\ipsecsvc.dll - Microsoft Corporation
             AUTHZ.dll - C:\WINDOWS\system32\AUTHZ.dll - Microsoft Corporation
             oakley.DLL - C:\WINDOWS\system32\oakley.DLL - Microsoft Corporation
             WINIPSEC.DLL - C:\WINDOWS\system32\WINIPSEC.DLL - Microsoft Corporation
             mswsock.dll - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation
             hnetcfg.dll - C:\WINDOWS\system32\hnetcfg.dll - Microsoft Corporation
             wshtcpip.dll - C:\WINDOWS\System32\wshtcpip.dll - Microsoft Corporation
             pstorsvc.dll - C:\WINDOWS\system32\pstorsvc.dll - Microsoft Corporation
             psbase.dll - C:\WINDOWS\system32\psbase.dll - Microsoft Corporation
             dssenh.dll - C:\WINDOWS\system32\dssenh.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[hkcmd.exe]Modules
             hkcmd.exe - C:\WINDOWS\system32\hkcmd.exe - Intel Corporation
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             COMCTL32.dll - C:\WINDOWS\system32\COMCTL32.dll - Microsoft Corporation
             ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             Secur32.dll - C:\WINDOWS\system32\Secur32.dll - Microsoft Corporation
             GDI32.dll - C:\WINDOWS\system32\GDI32.dll - Microsoft Corporation
             USER32.dll - C:\WINDOWS\system32\USER32.dll - Microsoft Corporation
             ole32.dll - C:\WINDOWS\system32\ole32.dll - Microsoft Corporation
             msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             OLEAUT32.dll - C:\WINDOWS\system32\OLEAUT32.dll - Microsoft Corporation
             hccutils.DLL - C:\WINDOWS\system32\hccutils.DLL - Intel Corporation
             IMM32.DLL - C:\WINDOWS\system32\IMM32.DLL - Microsoft Corporation
             uxtheme.dll - C:\WINDOWS\system32\uxtheme.dll - Microsoft Corporation
             CLBCATQ.DLL - C:\WINDOWS\system32\CLBCATQ.DLL - Microsoft Corporation
             COMRes.dll - C:\WINDOWS\system32\COMRes.dll - Microsoft Corporation
             VERSION.dll - C:\WINDOWS\system32\VERSION.dll - Microsoft Corporation
             igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll - Intel Corporation
             NTMARTA.DLL - C:\WINDOWS\system32\NTMARTA.DLL - Microsoft Corporation
             SAMLIB.dll - C:\WINDOWS\system32\SAMLIB.dll - Microsoft Corporation
             WLDAP32.dll - C:\WINDOWS\system32\WLDAP32.dll - Microsoft Corporation
             msctfime.ime - C:\WINDOWS\system32\msctfime.ime - Microsoft Corporation
             igfxsrvc.dll - C:\WINDOWS\system32\igfxsrvc.dll - Intel Corporation
             SHELL32.dll - C:\WINDOWS\system32\SHELL32.dll - Microsoft Corporation
             SHLWAPI.dll - C:\WINDOWS\system32\SHLWAPI.dll - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll - Microsoft Corporation
             igfxhk.dll - C:\WINDOWS\system32\igfxhk.dll - Intel Corporation
             igfxres.dll - C:\WINDOWS\system32\igfxres.dll - Intel Corporation

------------------------------------------------------------------------------------------

      Image File Name[XueTr-+=-¦¦-+˜¦µ¦+.exe]Modules
             XueTr-+=-¦¦-+˜¦µ¦+.exe - C:\Documents and Settings\Compaq_Owner\Desktop\XueTr-+=-¦¦-+˜¦µ¦+.exe - Email: linxer@163.com
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             MFC42u.DLL - C:\WINDOWS\system32\MFC42u.DLL - Microsoft Corporation
             msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             GDI32.dll - C:\WINDOWS\system32\GDI32.dll - Microsoft Corporation
             USER32.dll - C:\WINDOWS\system32\USER32.dll - Microsoft Corporation
             ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             Secur32.dll - C:\WINDOWS\system32\Secur32.dll - Microsoft Corporation
             SHELL32.dll - C:\WINDOWS\system32\SHELL32.dll - Microsoft Corporation
             SHLWAPI.dll - C:\WINDOWS\system32\SHLWAPI.dll - Microsoft Corporation
             COMCTL32.dll - C:\WINDOWS\system32\COMCTL32.dll - Microsoft Corporation
             ole32.dll - C:\WINDOWS\system32\ole32.dll - Microsoft Corporation
             MSVCP60.dll - C:\WINDOWS\system32\MSVCP60.dll - Microsoft Corporation
             VERSION.dll - C:\WINDOWS\system32\VERSION.dll - Microsoft Corporation
             WININET.dll - C:\WINDOWS\system32\WININET.dll - Microsoft Corporation
             Normaliz.dll - C:\WINDOWS\system32\Normaliz.dll - Microsoft Corporation
             urlmon.dll - C:\WINDOWS\system32\urlmon.dll - Microsoft Corporation
             OLEAUT32.dll - C:\WINDOWS\system32\OLEAUT32.dll - Microsoft Corporation
             iertutil.dll - C:\WINDOWS\system32\iertutil.dll - Microsoft Corporation
             WS2_32.dll - C:\WINDOWS\system32\WS2_32.dll - Microsoft Corporation
             WS2HELP.dll - C:\WINDOWS\system32\WS2HELP.dll - Microsoft Corporation
             IMM32.DLL - C:\WINDOWS\system32\IMM32.DLL - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll - Microsoft Corporation
             RICHED32.DLL - C:\WINDOWS\system32\RICHED32.DLL - Microsoft Corporation
             RICHED20.dll - C:\WINDOWS\system32\RICHED20.dll - Microsoft Corporation
             msctfime.ime - C:\WINDOWS\system32\msctfime.ime - Microsoft Corporation
             wintrust.dll - C:\WINDOWS\system32\wintrust.dll - Microsoft Corporation
             CRYPT32.dll - C:\WINDOWS\system32\CRYPT32.dll - Microsoft Corporation
             MSASN1.dll - C:\WINDOWS\system32\MSASN1.dll - Microsoft Corporation
             IMAGEHLP.dll - C:\WINDOWS\system32\IMAGEHLP.dll - Microsoft Corporation
             appHelp.dll - C:\WINDOWS\system32\appHelp.dll - Microsoft Corporation
             CLBCATQ.DLL - C:\WINDOWS\system32\CLBCATQ.DLL - Microsoft Corporation
             COMRes.dll - C:\WINDOWS\system32\COMRes.dll - Microsoft Corporation
             GROOVEEX.DLL - C:\PROGRA~1\MIC279~1\Office14\GROOVEEX.DLL - Microsoft Corporation
             MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             MSVCP90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCP90.dll - Microsoft Corporation
             ATL90.DLL - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\ATL90.DLL - Microsoft Corporation
             UxTheme.dll - C:\WINDOWS\system32\UxTheme.dll - Microsoft Corporation
             office.odf - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf - 
             GrooveIntlResource.dll - C:\PROGRA~1\MIC279~1\Office14\1033\GrooveIntlResource.dll - 
             SETUPAPI.dll - C:\WINDOWS\system32\SETUPAPI.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[svchost.exe]Modules
             svchost.exe - C:\WINDOWS\system32\svchost.exe - Microsoft Corporation
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             Secur32.dll - C:\WINDOWS\system32\Secur32.dll - Microsoft Corporation
             ShimEng.dll - C:\WINDOWS\system32\ShimEng.dll - Microsoft Corporation
             AcGenral.DLL - C:\WINDOWS\AppPatch\AcGenral.DLL - Microsoft Corporation
             USER32.dll - C:\WINDOWS\system32\USER32.dll - Microsoft Corporation
             GDI32.dll - C:\WINDOWS\system32\GDI32.dll - Microsoft Corporation
             WINMM.dll - C:\WINDOWS\system32\WINMM.dll - Microsoft Corporation
             ole32.dll - C:\WINDOWS\system32\ole32.dll - Microsoft Corporation
             msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             OLEAUT32.dll - C:\WINDOWS\system32\OLEAUT32.dll - Microsoft Corporation
             MSACM32.dll - C:\WINDOWS\system32\MSACM32.dll - Microsoft Corporation
             VERSION.dll - C:\WINDOWS\system32\VERSION.dll - Microsoft Corporation
             SHELL32.dll - C:\WINDOWS\system32\SHELL32.dll - Microsoft Corporation
             SHLWAPI.dll - C:\WINDOWS\system32\SHLWAPI.dll - Microsoft Corporation
             USERENV.dll - C:\WINDOWS\system32\USERENV.dll - Microsoft Corporation
             UxTheme.dll - C:\WINDOWS\system32\UxTheme.dll - Microsoft Corporation
             IMM32.DLL - C:\WINDOWS\system32\IMM32.DLL - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\system32\comctl32.dll - Microsoft Corporation
             rpcss.dll - c:\windows\system32\rpcss.dll - Microsoft Corporation
             WS2_32.dll - c:\windows\system32\WS2_32.dll - Microsoft Corporation
             WS2HELP.dll - c:\windows\system32\WS2HELP.dll - Microsoft Corporation
             xpsp2res.dll - C:\WINDOWS\system32\xpsp2res.dll - Microsoft Corporation
             rsaenh.dll - C:\WINDOWS\system32\rsaenh.dll - Microsoft Corporation
             mswsock.dll - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation
             hnetcfg.dll - C:\WINDOWS\system32\hnetcfg.dll - Microsoft Corporation
             wshtcpip.dll - C:\WINDOWS\System32\wshtcpip.dll - Microsoft Corporation
             DNSAPI.dll - C:\WINDOWS\system32\DNSAPI.dll - Microsoft Corporation
             iphlpapi.dll - C:\WINDOWS\system32\iphlpapi.dll - Microsoft Corporation
             winrnr.dll - C:\WINDOWS\System32\winrnr.dll - Microsoft Corporation
             WLDAP32.dll - C:\WINDOWS\system32\WLDAP32.dll - Microsoft Corporation
             rasadhlp.dll - C:\WINDOWS\system32\rasadhlp.dll - Microsoft Corporation
             CLBCATQ.DLL - C:\WINDOWS\system32\CLBCATQ.DLL - Microsoft Corporation
             COMRes.dll - C:\WINDOWS\system32\COMRes.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[svchost.exe]Modules
             svchost.exe - C:\WINDOWS\system32\svchost.exe - Microsoft Corporation
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             Secur32.dll - C:\WINDOWS\system32\Secur32.dll - Microsoft Corporation
             ShimEng.dll - C:\WINDOWS\system32\ShimEng.dll - Microsoft Corporation
             AcGenral.DLL - C:\WINDOWS\AppPatch\AcGenral.DLL - Microsoft Corporation
             USER32.dll - C:\WINDOWS\system32\USER32.dll - Microsoft Corporation
             GDI32.dll - C:\WINDOWS\system32\GDI32.dll - Microsoft Corporation
             WINMM.dll - C:\WINDOWS\system32\WINMM.dll - Microsoft Corporation
             ole32.dll - C:\WINDOWS\system32\ole32.dll - Microsoft Corporation
             msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             OLEAUT32.dll - C:\WINDOWS\system32\OLEAUT32.dll - Microsoft Corporation
             MSACM32.dll - C:\WINDOWS\system32\MSACM32.dll - Microsoft Corporation
             VERSION.dll - C:\WINDOWS\system32\VERSION.dll - Microsoft Corporation
             SHELL32.dll - C:\WINDOWS\system32\SHELL32.dll - Microsoft Corporation
             SHLWAPI.dll - C:\WINDOWS\system32\SHLWAPI.dll - Microsoft Corporation
             USERENV.dll - C:\WINDOWS\system32\USERENV.dll - Microsoft Corporation
             UxTheme.dll - C:\WINDOWS\system32\UxTheme.dll - Microsoft Corporation
             IMM32.DLL - C:\WINDOWS\system32\IMM32.DLL - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\system32\comctl32.dll - Microsoft Corporation
             dnsrslvr.dll - c:\windows\system32\dnsrslvr.dll - Microsoft Corporation
             DNSAPI.dll - c:\windows\system32\DNSAPI.dll - Microsoft Corporation
             WS2_32.dll - c:\windows\system32\WS2_32.dll - Microsoft Corporation
             WS2HELP.dll - c:\windows\system32\WS2HELP.dll - Microsoft Corporation
             iphlpapi.dll - c:\windows\system32\iphlpapi.dll - Microsoft Corporation
             rsaenh.dll - C:\WINDOWS\system32\rsaenh.dll - Microsoft Corporation
             mswsock.dll - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation
             hnetcfg.dll - C:\WINDOWS\system32\hnetcfg.dll - Microsoft Corporation
             wshtcpip.dll - C:\WINDOWS\System32\wshtcpip.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[svchost.exe]Modules
             svchost.exe - C:\WINDOWS\system32\svchost.exe - Microsoft Corporation
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             Secur32.dll - C:\WINDOWS\system32\Secur32.dll - Microsoft Corporation
             ShimEng.dll - C:\WINDOWS\system32\ShimEng.dll - Microsoft Corporation
             AcGenral.DLL - C:\WINDOWS\AppPatch\AcGenral.DLL - Microsoft Corporation
             USER32.dll - C:\WINDOWS\system32\USER32.dll - Microsoft Corporation
             GDI32.dll - C:\WINDOWS\system32\GDI32.dll - Microsoft Corporation
             WINMM.dll - C:\WINDOWS\system32\WINMM.dll - Microsoft Corporation
             ole32.dll - C:\WINDOWS\system32\ole32.dll - Microsoft Corporation
             msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             OLEAUT32.dll - C:\WINDOWS\system32\OLEAUT32.dll - Microsoft Corporation
             MSACM32.dll - C:\WINDOWS\system32\MSACM32.dll - Microsoft Corporation
             VERSION.dll - C:\WINDOWS\system32\VERSION.dll - Microsoft Corporation
             SHELL32.dll - C:\WINDOWS\system32\SHELL32.dll - Microsoft Corporation
             SHLWAPI.dll - C:\WINDOWS\system32\SHLWAPI.dll - Microsoft Corporation
             USERENV.dll - C:\WINDOWS\system32\USERENV.dll - Microsoft Corporation
             UxTheme.dll - C:\WINDOWS\system32\UxTheme.dll - Microsoft Corporation
             IMM32.DLL - C:\WINDOWS\system32\IMM32.DLL - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\system32\comctl32.dll - Microsoft Corporation
             NTMARTA.DLL - C:\WINDOWS\system32\NTMARTA.DLL - Microsoft Corporation
             SAMLIB.dll - C:\WINDOWS\system32\SAMLIB.dll - Microsoft Corporation
             WLDAP32.dll - C:\WINDOWS\system32\WLDAP32.dll - Microsoft Corporation
             xpsp2res.dll - C:\WINDOWS\system32\xpsp2res.dll - Microsoft Corporation
             lmhsvc.dll - c:\windows\system32\lmhsvc.dll - Microsoft Corporation
             iphlpapi.dll - c:\windows\system32\iphlpapi.dll - Microsoft Corporation
             WS2_32.dll - c:\windows\system32\WS2_32.dll - Microsoft Corporation
             WS2HELP.dll - c:\windows\system32\WS2HELP.dll - Microsoft Corporation
             webclnt.dll - c:\windows\system32\webclnt.dll - Microsoft Corporation
             WININET.dll - C:\WINDOWS\system32\WININET.dll - Microsoft Corporation
             Normaliz.dll - C:\WINDOWS\system32\Normaliz.dll - Microsoft Corporation
             urlmon.dll - C:\WINDOWS\system32\urlmon.dll - Microsoft Corporation
             iertutil.dll - C:\WINDOWS\system32\iertutil.dll - Microsoft Corporation
             alrsvc.dll - c:\windows\system32\alrsvc.dll - Microsoft Corporation
             NETAPI32.dll - c:\windows\system32\NETAPI32.dll - Microsoft Corporation
             ssdpsrv.dll - c:\windows\system32\ssdpsrv.dll - Microsoft Corporation
             hnetcfg.dll - C:\WINDOWS\system32\hnetcfg.dll - Microsoft Corporation
             CLBCATQ.DLL - C:\WINDOWS\system32\CLBCATQ.DLL - Microsoft Corporation
             COMRes.dll - C:\WINDOWS\system32\COMRes.dll - Microsoft Corporation
             mswsock.dll - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation
             wshtcpip.dll - C:\WINDOWS\System32\wshtcpip.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[spoolsv.exe]Modules
             spoolsv.exe - C:\WINDOWS\system32\spoolsv.exe - Microsoft Corporation
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             Secur32.dll - C:\WINDOWS\system32\Secur32.dll - Microsoft Corporation
             GDI32.dll - C:\WINDOWS\system32\GDI32.dll - Microsoft Corporation
             USER32.dll - C:\WINDOWS\system32\USER32.dll - Microsoft Corporation
             msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             ShimEng.dll - C:\WINDOWS\system32\ShimEng.dll - Microsoft Corporation
             AcGenral.DLL - C:\WINDOWS\AppPatch\AcGenral.DLL - Microsoft Corporation
             WINMM.dll - C:\WINDOWS\system32\WINMM.dll - Microsoft Corporation
             ole32.dll - C:\WINDOWS\system32\ole32.dll - Microsoft Corporation
             OLEAUT32.dll - C:\WINDOWS\system32\OLEAUT32.dll - Microsoft Corporation
             MSACM32.dll - C:\WINDOWS\system32\MSACM32.dll - Microsoft Corporation
             VERSION.dll - C:\WINDOWS\system32\VERSION.dll - Microsoft Corporation
             SHELL32.dll - C:\WINDOWS\system32\SHELL32.dll - Microsoft Corporation
             SHLWAPI.dll - C:\WINDOWS\system32\SHLWAPI.dll - Microsoft Corporation
             USERENV.dll - C:\WINDOWS\system32\USERENV.dll - Microsoft Corporation
             UxTheme.dll - C:\WINDOWS\system32\UxTheme.dll - Microsoft Corporation
             IMM32.DLL - C:\WINDOWS\system32\IMM32.DLL - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\system32\comctl32.dll - Microsoft Corporation
             SPOOLSS.DLL - C:\WINDOWS\system32\SPOOLSS.DLL - Microsoft Corporation
             WS2_32.dll - C:\WINDOWS\system32\WS2_32.dll - Microsoft Corporation
             WS2HELP.dll - C:\WINDOWS\system32\WS2HELP.dll - Microsoft Corporation
             DNSAPI.dll - C:\WINDOWS\system32\DNSAPI.dll - Microsoft Corporation
             rasadhlp.dll - C:\WINDOWS\system32\rasadhlp.dll - Microsoft Corporation
             localspl.dll - C:\WINDOWS\system32\localspl.dll - Microsoft Corporation
             sfc_os.dll - C:\WINDOWS\system32\sfc_os.dll - Microsoft Corporation
             WINTRUST.dll - C:\WINDOWS\system32\WINTRUST.dll - Microsoft Corporation
             CRYPT32.dll - C:\WINDOWS\system32\CRYPT32.dll - Microsoft Corporation
             MSASN1.dll - C:\WINDOWS\system32\MSASN1.dll - Microsoft Corporation
             IMAGEHLP.dll - C:\WINDOWS\system32\IMAGEHLP.dll - Microsoft Corporation
             winspool.drv - C:\WINDOWS\system32\winspool.drv - Microsoft Corporation
             netapi32.dll - C:\WINDOWS\system32\netapi32.dll - Microsoft Corporation
             AdobePDF.dll - C:\WINDOWS\system32\AdobePDF.dll - Adobe Systems Inc
             cnbjmon.dll - C:\WINDOWS\system32\cnbjmon.dll - Microsoft Corporation
             mdimon.dll - C:\WINDOWS\system32\mdimon.dll - Microsoft Corporation
             MSVCR80.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll - Microsoft Corporation
             msi.dll - C:\WINDOWS\system32\msi.dll - Microsoft Corporation
             FXSMON.DLL - C:\WINDOWS\system32\FXSMON.DLL - Microsoft Corporation
             FXSEVENT.dll - C:\WINDOWS\system32\FXSEVENT.dll - Microsoft Corporation
             pjlmon.dll - C:\WINDOWS\system32\pjlmon.dll - Microsoft Corporation
             tcpmon.dll - C:\WINDOWS\system32\tcpmon.dll - Microsoft Corporation
             usbmon.dll - C:\WINDOWS\system32\usbmon.dll - Microsoft Corporation
             BRPP2KA.DLL - C:\WINDOWS\System32\spool\PRTPROCS\W32X86\BRPP2KA.DLL - Brother Industries ,Ltd 
             mdippr.dll - C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll - Microsoft Corporation
             filterpipelineprintproc.dll - C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll - Microsoft Corporation
             mswsock.dll - C:\WINDOWS\System32\mswsock.dll - Microsoft Corporation
             winrnr.dll - C:\WINDOWS\System32\winrnr.dll - Microsoft Corporation
             WLDAP32.dll - C:\WINDOWS\system32\WLDAP32.dll - Microsoft Corporation
             win32spl.dll - C:\WINDOWS\system32\win32spl.dll - Microsoft Corporation
             NETRAP.dll - C:\WINDOWS\system32\NETRAP.dll - Microsoft Corporation
             NTDSAPI.dll - C:\WINDOWS\system32\NTDSAPI.dll - Microsoft Corporation
             CLBCATQ.DLL - C:\WINDOWS\system32\CLBCATQ.DLL - Microsoft Corporation
             COMRes.dll - C:\WINDOWS\system32\COMRes.dll - Microsoft Corporation
             inetpp.dll - C:\WINDOWS\system32\inetpp.dll - Microsoft Corporation
             xpsp2res.dll - C:\WINDOWS\system32\xpsp2res.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[jqs.exe]Modules
             jqs.exe - C:\Program Files\Java\jre6\bin\jqs.exe - Sun Microsystems, Inc.
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             WS2_32.dll - C:\WINDOWS\system32\WS2_32.dll - Microsoft Corporation
             ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             Secur32.dll - C:\WINDOWS\system32\Secur32.dll - Microsoft Corporation
             msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             WS2HELP.dll - C:\WINDOWS\system32\WS2HELP.dll - Microsoft Corporation
             ole32.dll - C:\WINDOWS\system32\ole32.dll - Microsoft Corporation
             GDI32.dll - C:\WINDOWS\system32\GDI32.dll - Microsoft Corporation
             USER32.dll - C:\WINDOWS\system32\USER32.dll - Microsoft Corporation
             MSVCR71.dll - C:\Program Files\Java\jre6\bin\MSVCR71.dll - Microsoft Corporation
             IMM32.DLL - C:\WINDOWS\system32\IMM32.DLL - Microsoft Corporation
             psapi.dll - C:\WINDOWS\system32\psapi.dll - Microsoft Corporation
             pdh.dll - C:\WINDOWS\system32\pdh.dll - Microsoft Corporation
             comdlg32.dll - C:\WINDOWS\system32\comdlg32.dll - Microsoft Corporation
             COMCTL32.dll - C:\WINDOWS\system32\COMCTL32.dll - Microsoft Corporation
             SHELL32.dll - C:\WINDOWS\system32\SHELL32.dll - Microsoft Corporation
             SHLWAPI.dll - C:\WINDOWS\system32\SHLWAPI.dll - Microsoft Corporation
             CRYPT32.dll - C:\WINDOWS\system32\CRYPT32.dll - Microsoft Corporation
             MSASN1.dll - C:\WINDOWS\system32\MSASN1.dll - Microsoft Corporation
             ODBC32.dll - C:\WINDOWS\system32\ODBC32.dll - Microsoft Corporation
             odbcbcp.dll - C:\WINDOWS\system32\odbcbcp.dll - Microsoft Corporation
             VERSION.dll - C:\WINDOWS\system32\VERSION.dll - Microsoft Corporation
             OLEAUT32.dll - C:\WINDOWS\system32\OLEAUT32.dll - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll - Microsoft Corporation
             odbcint.dll - C:\WINDOWS\system32\odbcint.dll - Microsoft Corporation
             mswsock.dll - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation
             hnetcfg.dll - C:\WINDOWS\system32\hnetcfg.dll - Microsoft Corporation
             wshtcpip.dll - C:\WINDOWS\System32\wshtcpip.dll - Microsoft Corporation
             perfos.dll - C:\WINDOWS\system32\perfos.dll - Microsoft Corporation
             perfdisk.dll - C:\WINDOWS\system32\perfdisk.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[mdm.exe]Modules
             MDM.EXE - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE - Microsoft Corporation
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             ole32.dll - C:\WINDOWS\system32\ole32.dll - Microsoft Corporation
             ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             Secur32.dll - C:\WINDOWS\system32\Secur32.dll - Microsoft Corporation
             GDI32.dll - C:\WINDOWS\system32\GDI32.dll - Microsoft Corporation
             USER32.dll - C:\WINDOWS\system32\USER32.dll - Microsoft Corporation
             msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             OLEAUT32.dll - C:\WINDOWS\system32\OLEAUT32.dll - Microsoft Corporation
             VERSION.dll - C:\WINDOWS\system32\VERSION.dll - Microsoft Corporation
             SHLWAPI.dll - C:\WINDOWS\system32\SHLWAPI.dll - Microsoft Corporation
             IMM32.DLL - C:\WINDOWS\system32\IMM32.DLL - Microsoft Corporation
             psapi.dll - C:\WINDOWS\system32\psapi.dll - Microsoft Corporation
             xpsp2res.dll - C:\WINDOWS\system32\xpsp2res.dll - Microsoft Corporation
             CLBCATQ.DLL - C:\WINDOWS\system32\CLBCATQ.DLL - Microsoft Corporation
             COMRes.dll - C:\WINDOWS\system32\COMRes.dll - Microsoft Corporation
             csm.dll - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\csm.dll - Microsoft Corporation
             msdbg2.dll - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\msdbg2.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[hpsysdrv.exe]Modules
             hpsysdrv.exe - C:\windows\system\hpsysdrv.exe - Hewlett-Packard Company
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             USER32.dll - C:\WINDOWS\system32\USER32.dll - Microsoft Corporation
             GDI32.dll - C:\WINDOWS\system32\GDI32.dll - Microsoft Corporation
             IMM32.DLL - C:\WINDOWS\system32\IMM32.DLL - Microsoft Corporation
             ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             Secur32.dll - C:\WINDOWS\system32\Secur32.dll - Microsoft Corporation
             uxtheme.dll - C:\WINDOWS\system32\uxtheme.dll - Microsoft Corporation
             msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             msctfime.ime - C:\WINDOWS\system32\msctfime.ime - Microsoft Corporation
             ole32.dll - C:\WINDOWS\system32\ole32.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[alg.exe]Modules
             alg.exe - C:\WINDOWS\System32\alg.exe - Microsoft Corporation
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             ATL.DLL - C:\WINDOWS\System32\ATL.DLL - Microsoft Corporation
             USER32.dll - C:\WINDOWS\system32\USER32.dll - Microsoft Corporation
             GDI32.dll - C:\WINDOWS\system32\GDI32.dll - Microsoft Corporation
             ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             Secur32.dll - C:\WINDOWS\system32\Secur32.dll - Microsoft Corporation
             ole32.dll - C:\WINDOWS\system32\ole32.dll - Microsoft Corporation
             OLEAUT32.dll - C:\WINDOWS\system32\OLEAUT32.dll - Microsoft Corporation
             WSOCK32.dll - C:\WINDOWS\System32\WSOCK32.dll - Microsoft Corporation
             WS2_32.dll - C:\WINDOWS\System32\WS2_32.dll - Microsoft Corporation
             WS2HELP.dll - C:\WINDOWS\System32\WS2HELP.dll - Microsoft Corporation
             MSWSOCK.DLL - C:\WINDOWS\System32\MSWSOCK.DLL - Microsoft Corporation
             ShimEng.dll - C:\WINDOWS\System32\ShimEng.dll - Microsoft Corporation
             AcGenral.DLL - C:\WINDOWS\AppPatch\AcGenral.DLL - Microsoft Corporation
             WINMM.dll - C:\WINDOWS\System32\WINMM.dll - Microsoft Corporation
             MSACM32.dll - C:\WINDOWS\System32\MSACM32.dll - Microsoft Corporation
             VERSION.dll - C:\WINDOWS\system32\VERSION.dll - Microsoft Corporation
             SHELL32.dll - C:\WINDOWS\system32\SHELL32.dll - Microsoft Corporation
             SHLWAPI.dll - C:\WINDOWS\system32\SHLWAPI.dll - Microsoft Corporation
             USERENV.dll - C:\WINDOWS\system32\USERENV.dll - Microsoft Corporation
             UxTheme.dll - C:\WINDOWS\System32\UxTheme.dll - Microsoft Corporation
             IMM32.DLL - C:\WINDOWS\system32\IMM32.DLL - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\system32\comctl32.dll - Microsoft Corporation
             CLBCATQ.DLL - C:\WINDOWS\System32\CLBCATQ.DLL - Microsoft Corporation
             COMRes.dll - C:\WINDOWS\System32\COMRes.dll - Microsoft Corporation
             xpsp2res.dll - C:\WINDOWS\System32\xpsp2res.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[wscntfy.exe]Modules
             wscntfy.exe - C:\WINDOWS\system32\wscntfy.exe - Microsoft Corporation
             ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             USER32.dll - C:\WINDOWS\system32\USER32.dll - Microsoft Corporation
             GDI32.dll - C:\WINDOWS\system32\GDI32.dll - Microsoft Corporation
             SHELL32.dll - C:\WINDOWS\system32\SHELL32.dll - Microsoft Corporation
             ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             Secur32.dll - C:\WINDOWS\system32\Secur32.dll - Microsoft Corporation
             SHLWAPI.dll - C:\WINDOWS\system32\SHLWAPI.dll - Microsoft Corporation
             IMM32.DLL - C:\WINDOWS\system32\IMM32.DLL - Microsoft Corporation
             comctl32.dll - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll - Microsoft Corporation
             xpsp2res.dll - C:\WINDOWS\system32\xpsp2res.dll - Microsoft Corporation
             uxtheme.dll - C:\WINDOWS\system32\uxtheme.dll - Microsoft Corporation
             msctfime.ime - C:\WINDOWS\system32\msctfime.ime - Microsoft Corporation
             ole32.dll - C:\WINDOWS\system32\ole32.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[Idle]Modules

==========================================================================================

Process Threads

      Image File Name[System]Threads
             8 - Ready - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             12 - Terminate - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             16 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             20 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             24 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             28 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             32 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             36 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             40 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             44 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             48 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             52 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             56 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             60 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             64 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             68 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             72 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             76 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             80 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             84 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             88 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             92 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             96 - Wait - ACPI.sys - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
             100 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             104 - Wait - SYMDS.SYS - C:\WINDOWS\system32\drivers\SYMDS.SYS - File not found
             108 - Wait - NDIS.sys - C:\WINDOWS\system32\drivers\NDIS.sys - Microsoft Corporation
             112 - Wait - SYMEFA.SYS - C:\WINDOWS\system32\drivers\SYMEFA.SYS - File not found
             120 - Wait - AGRSM.sys - C:\WINDOWS\system32\DRIVERS\AGRSM.sys - Agere Systems
             124 - Wait - AGRSM.sys - C:\WINDOWS\system32\DRIVERS\AGRSM.sys - Agere Systems
             128 - Wait - redbook.sys - C:\WINDOWS\system32\DRIVERS\redbook.sys - Microsoft Corporation
             144 - Wait - ALCXWDM.SYS - C:\WINDOWS\system32\drivers\ALCXWDM.SYS - Realtek Semiconductor Corp.
             148 - Wait - ALCXWDM.SYS - C:\WINDOWS\system32\drivers\ALCXWDM.SYS - Realtek Semiconductor Corp.
             152 - Wait - raspptp.sys - C:\WINDOWS\system32\DRIVERS\raspptp.sys - Microsoft Corporation
             156 - Wait - raspptp.sys - C:\WINDOWS\system32\DRIVERS\raspptp.sys - Microsoft Corporation
             264 - Wait - HTTP.sys - C:\WINDOWS\System32\Drivers\HTTP.sys - Microsoft Corporation
             268 - Wait - USBPORT.SYS - C:\WINDOWS\system32\DRIVERS\USBPORT.SYS - Microsoft Corporation
             284 - Wait - USBPORT.SYS - C:\WINDOWS\system32\DRIVERS\USBPORT.SYS - Microsoft Corporation
             288 - Wait - USBPORT.SYS - C:\WINDOWS\system32\DRIVERS\USBPORT.SYS - Microsoft Corporation
             292 - Wait - USBPORT.SYS - C:\WINDOWS\system32\DRIVERS\USBPORT.SYS - Microsoft Corporation
             296 - Wait - parport.sys - C:\WINDOWS\system32\DRIVERS\parport.sys - Microsoft Corporation
             304 - Wait - rasacd.sys - C:\WINDOWS\system32\DRIVERS\rasacd.sys - Microsoft Corporation
             368 - Wait - rdbss.sys - C:\WINDOWS\system32\DRIVERS\rdbss.sys - Microsoft Corporation
             372 - Wait - rdbss.sys - C:\WINDOWS\system32\DRIVERS\rdbss.sys - Microsoft Corporation
             376 - Wait - rdbss.sys - C:\WINDOWS\system32\DRIVERS\rdbss.sys - Microsoft Corporation
             380 - Wait - rdbss.sys - C:\WINDOWS\system32\DRIVERS\rdbss.sys - Microsoft Corporation
             384 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             448 - Wait - eeCtrl.sys - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys - Symantec Corporation
             452 - Wait - BHDrvx86.sys - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20121106.001\BHDrvx86.sys - Symantec Corporation
             456 - Terminate - BHDrvx86.sys - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20121106.001\BHDrvx86.sys - Symantec Corporation
             460 - Wait - ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
             668 - Wait - HTTP.sys - C:\WINDOWS\System32\Drivers\HTTP.sys - Microsoft Corporation
             684 - Wait - HTTP.sys - C:\WINDOWS\System32\Drivers\HTTP.sys - Microsoft Corporation
             908 - Wait - HTTP.sys - C:\WINDOWS\System32\Drivers\HTTP.sys - Microsoft Corporation
             912 - Wait - HTTP.sys - C:\WINDOWS\System32\Drivers\HTTP.sys - Microsoft Corporation
             1480 - Wait - mrxdav.sys - C:\WINDOWS\system32\DRIVERS\mrxdav.sys - Microsoft Corporation
             1484 - Wait - mrxdav.sys - C:\WINDOWS\system32\DRIVERS\mrxdav.sys - Microsoft Corporation
             1488 - Wait - mrxdav.sys - C:\WINDOWS\system32\DRIVERS\mrxdav.sys - Microsoft Corporation
             1492 - Wait - mrxdav.sys - C:\WINDOWS\system32\DRIVERS\mrxdav.sys - Microsoft Corporation
             1544 - Wait - mrxdav.sys - C:\WINDOWS\system32\DRIVERS\mrxdav.sys - Microsoft Corporation
             1716 - Wait - srv.sys - C:\WINDOWS\system32\DRIVERS\srv.sys - Microsoft Corporation
             1720 - Wait - srv.sys - C:\WINDOWS\system32\DRIVERS\srv.sys - Microsoft Corporation
             1768 - Wait - IDSxpx86.sys - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20121114.001\IDSxpx86.sys - Symantec Corporation
             1780 - Wait - SRTSP.SYS - C:\WINDOWS\System32\Drivers\NIS\1309000.009\SRTSP.SYS - Symantec Corporation
             2256 - Terminate - SYMEFA.SYS - C:\WINDOWS\system32\drivers\SYMEFA.SYS - File not found
             2320 - Terminate - SRTSP.SYS - C:\WINDOWS\System32\Drivers\NIS\1309000.009\SRTSP.SYS - Symantec Corporation
             2788 - Terminate - SYMEFA.SYS - C:\WINDOWS\system32\drivers\SYMEFA.SYS - File not found
             3236 - Terminate - SRTSP.SYS - C:\WINDOWS\System32\Drivers\NIS\1309000.009\SRTSP.SYS - Symantec Corporation
             3408 - Wait - SRTSP.SYS - C:\WINDOWS\System32\Drivers\NIS\1309000.009\SRTSP.SYS - Symantec Corporation
             3420 - Wait - SRTSP.SYS - C:\WINDOWS\System32\Drivers\NIS\1309000.009\SRTSP.SYS - Symantec Corporation
             3432 - Wait - SRTSP.SYS - C:\WINDOWS\System32\Drivers\NIS\1309000.009\SRTSP.SYS - Symantec Corporation
             3444 - Wait - SRTSP.SYS - C:\WINDOWS\System32\Drivers\NIS\1309000.009\SRTSP.SYS - Symantec Corporation
             1116 - Wait -  -  - 

------------------------------------------------------------------------------------------

      Image File Name[AGRSMMSG.exe]Threads
             116 - Wait - AGRSMMSG.exe - C:\WINDOWS\AGRSMMSG.exe - Agere Systems
             1960 - Wait - AGRSMMSG.exe - C:\WINDOWS\AGRSMMSG.exe - Agere Systems

------------------------------------------------------------------------------------------

      Image File Name[svchost.exe]Threads
             132 - Wait - ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             332 - Wait - USERENV.dll - C:\WINDOWS\system32\USERENV.dll - Microsoft Corporation
             340 - Terminate - es.dll - c:\windows\system32\es.dll - Microsoft Corporation
             416 - Wait - ole32.dll - C:\WINDOWS\system32\ole32.dll - Microsoft Corporation
             584 - Terminate - es.dll - c:\windows\system32\es.dll - Microsoft Corporation
             724 - Wait - ncprov.dll - C:\WINDOWS\system32\wbem\ncprov.dll - Microsoft Corporation
             944 - Wait - svchost.exe - C:\WINDOWS\System32\svchost.exe - Microsoft Corporation
             948 - Wait -  -  - 
             952 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             956 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             964 - Wait -  -  - 
             988 - Wait - ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             1056 - Wait - dhcpcsvc.dll - c:\windows\system32\dhcpcsvc.dll - Microsoft Corporation
             1060 - Wait - RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             1068 - Terminate - hnetcfg.dll - C:\WINDOWS\System32\hnetcfg.dll - Microsoft Corporation
             1172 - Wait - EapolQec.dll - c:\windows\system32\EapolQec.dll - Microsoft Corporation
             1176 - Wait - QUtil.dll - c:\windows\system32\QUtil.dll - Microsoft Corporation
             1180 - Wait - RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             1188 - Wait - ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             1204 - Wait - AUTHZ.dll - c:\windows\system32\AUTHZ.dll - Microsoft Corporation
             1208 - Wait - ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             1212 - Wait -  -  - 
             1216 - Wait -  -  - 
             1220 - Wait -  -  - 
             1224 - Wait - schedsvc.dll - c:\windows\system32\schedsvc.dll - Microsoft Corporation
             1228 - Wait - schedsvc.dll - c:\windows\system32\schedsvc.dll - Microsoft Corporation
             1232 - Wait - schedsvc.dll - c:\windows\system32\schedsvc.dll - Microsoft Corporation
             1292 - Wait - NCObjAPI.DLL - C:\WINDOWS\system32\NCObjAPI.DLL - Microsoft Corporation
             1320 - Wait -  -  - 
             1376 - Wait - wscsvc.dll - c:\windows\system32\wscsvc.dll - Microsoft Corporation
             1392 - Wait - wscsvc.dll - c:\windows\system32\wscsvc.dll - Microsoft Corporation
             1408 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             1472 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             1496 - Wait - NCObjAPI.DLL - C:\WINDOWS\system32\NCObjAPI.DLL - Microsoft Corporation
             1508 - Wait - RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             1592 - Terminate - NCObjAPI.DLL - C:\WINDOWS\system32\NCObjAPI.DLL - Microsoft Corporation
             1596 - Wait - ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             1608 - Wait - RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             1612 - Wait - ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             1632 - Wait -  -  - 
             1724 - Wait - kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             1736 - Terminate - NCObjAPI.DLL - C:\WINDOWS\system32\NCObjAPI.DLL - Microsoft Corporation
             1784 - Wait - ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             1816 - Wait - RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             1928 - Wait - w32time.dll - c:\windows\system32\w32time.dll - Microsoft Corporation
             1932 - Wait - rasppp.dll - C:\WINDOWS\System32\rasppp.dll - Microsoft Corporation
             2040 - Wait - ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             2448 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             2460 - Wait - ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             2464 - Wait - shsvcs.dll - c:\windows\system32\shsvcs.dll - Microsoft Corporation
             2716 - Wait - tapisrv.dll - c:\windows\system32\tapisrv.dll - Microsoft Corporation
             2720 - Wait - kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             2744 - Wait - ESENT.dll - c:\windows\system32\ESENT.dll - Microsoft Corporation
             2748 - Wait - ESENT.dll - c:\windows\system32\ESENT.dll - Microsoft Corporation
             2752 - Wait - ESENT.dll - c:\windows\system32\ESENT.dll - Microsoft Corporation
             2756 - Wait - ESENT.dll - c:\windows\system32\ESENT.dll - Microsoft Corporation
             2884 - Wait - kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             3280 - Wait - kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             3560 - Wait - kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             3700 - Wait - ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             3716 - Wait - RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             3744 - Wait - rastapi.dll - C:\WINDOWS\System32\rastapi.dll - Microsoft Corporation
             3788 - Wait - msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             3800 - Wait - kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             3804 - Wait - unimdm.tsp - C:\WINDOWS\System32\unimdm.tsp - Microsoft Corporation
             3900 - Wait - uniplat.dll - C:\WINDOWS\System32\uniplat.dll - Microsoft Corporation
             3904 - Wait - uniplat.dll - C:\WINDOWS\System32\uniplat.dll - Microsoft Corporation
             3924 - Wait - kmddsp.tsp - C:\WINDOWS\System32\kmddsp.tsp - Microsoft Corporation
             3932 - Wait - ndptsp.tsp - C:\WINDOWS\System32\ndptsp.tsp - Microsoft Corporation
             3984 - Wait - h323.tsp - C:\WINDOWS\System32\h323.tsp - Microsoft Corporation
             3996 - Wait - hidphone.tsp - C:\WINDOWS\System32\hidphone.tsp - Microsoft Corporation
             4000 - Wait - TAPI32.dll - C:\WINDOWS\System32\TAPI32.dll - Microsoft Corporation
             4092 - Wait - RASQEC.DLL - C:\WINDOWS\System32\RASQEC.DLL - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[kbd.exe]Threads
             160 - Wait - osd.dll - C:\HP\KBD\osd.dll - Hewlett-Packard Company
             180 - Wait - msg.dll - C:\HP\KBD\msg.dll - Hewlett-Packard Company
             184 - Wait - led.dll - C:\HP\KBD\led.dll - Hewlett-Packard Company
             188 - Wait - USB.dll - C:\HP\KBD\USB.dll - Hewlett-Packard Company
             192 - Wait - ps2.dll - C:\HP\KBD\ps2.dll - Hewlett-Packard Company
             196 - Wait - ps2.dll - C:\HP\KBD\ps2.dll - Hewlett-Packard Company
             208 - Wait - cfg.dll - C:\HP\KBD\cfg.dll - Hewlett-Packard Company
             212 - Wait - sct.dll - C:\HP\KBD\sct.dll - Hewlett-Packard Company
             216 - Wait - onl.dll - C:\HP\KBD\onl.dll - Hewlett-Packard Company
             220 - Wait - aol.dll - C:\HP\KBD\aol.dll - Hewlett-Packard Company
             224 - Wait - url.dll - C:\HP\KBD\url.dll - Hewlett-Packard Company
             228 - Wait - cfg.dll - C:\HP\KBD\cfg.dll - Hewlett-Packard Company
             2016 - Wait - KBD.EXE - C:\HP\KBD\KBD.EXE - Hewlett-Packard Company

------------------------------------------------------------------------------------------

      Image File Name[ccsvchst.exe]Threads
             164 - Terminate - WINHTTP.dll - C:\WINDOWS\system32\WINHTTP.dll - Microsoft Corporation
             172 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             248 - Wait - mswsock.dll - C:\WINDOWS\system32\mswsock.dll - Microsoft Corporation
             400 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             436 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             520 - Terminate - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             536 - Terminate - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             744 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             748 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             756 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             764 - Wait - RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             772 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             796 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             992 - Terminate - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             1104 - Terminate - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             1280 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             1288 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             1324 - Wait - kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             1356 - Terminate - WINHTTP.dll - C:\WINDOWS\system32\WINHTTP.dll - Microsoft Corporation
             1360 - Terminate - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             1432 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             1464 - Terminate - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             1664 - Terminate - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             1776 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             1808 - Wait - ccSvcHst.exe - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe - Symantec Corporation
             1856 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             1900 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             1908 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             1912 - Wait - ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             2068 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             2076 - Wait - APPMGR32.DLL - C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.9.0.9\APPMGR32.DLL - Symantec Corporation
             2084 - Terminate - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             2088 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             2108 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             2120 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             2124 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             2140 - Wait - APPMGR32.DLL - C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.9.0.9\APPMGR32.DLL - Symantec Corporation
             2184 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             2212 - Terminate - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             2224 - Terminate - ccEraser.dll - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121114.008\ccEraser.dll - Symantec Corporation
             2240 - Terminate - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             2268 - Terminate - IPSPLUG.DLL - C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.9.0.9\IPSPLUG.DLL - Symantec Corporation
             2304 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             2348 - Terminate - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             2380 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             2468 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             2512 - Terminate - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             2576 - Terminate - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             2580 - Wait - ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             2584 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             2616 - Wait - IPSPLUG.DLL - C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.9.0.9\IPSPLUG.DLL - Symantec Corporation
             2628 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             2660 - Wait - IDSxpx86.dll - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20121114.001\IDSxpx86.dll - Symantec Corporation
             2732 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             2736 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             2768 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             2772 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             2776 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             2792 - Wait - BHEngine.dll - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20121106.001\BHEngine.dll - Symantec Corporation
             2804 - Wait - BHEngine.dll - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20121106.001\BHEngine.dll - Symantec Corporation
             2808 - Wait - BHEngine.dll - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20121106.001\BHEngine.dll - Symantec Corporation
             2852 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             2880 - Terminate - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             2892 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             2916 - Wait - ole32.dll - C:\WINDOWS\system32\ole32.dll - Microsoft Corporation
             2932 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             2944 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             3004 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             3036 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             3060 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             3100 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             3112 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             3116 - Wait - ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             3136 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             3148 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             3152 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             3168 - Wait - RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             3252 - Terminate - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             3256 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             3364 - Terminate - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             3424 - Terminate - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             3604 - Terminate - APPMGR32.DLL - C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.9.0.9\APPMGR32.DLL - Symantec Corporation
             3664 - Terminate - APPMGR32.DLL - C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.9.0.9\APPMGR32.DLL - Symantec Corporation
             3668 - Wait - APPMGR32.DLL - C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.9.0.9\APPMGR32.DLL - Symantec Corporation
             3780 - Terminate - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             3848 - Wait - USERENV.dll - C:\WINDOWS\system32\USERENV.dll - Microsoft Corporation
             3856 - Terminate - WINHTTP.dll - C:\WINDOWS\system32\WINHTTP.dll - Microsoft Corporation
             3860 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             3872 - Wait -  -  - 
             3952 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             4052 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             4056 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             4060 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             4084 - Wait - APPMGR32.DLL - C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.9.0.9\APPMGR32.DLL - Symantec Corporation

------------------------------------------------------------------------------------------

      Image File Name[svchost.exe]Threads
             232 - Wait - wiaservc.dll - c:\windows\system32\wiaservc.dll - Microsoft Corporation
             812 - Wait -  -  - 
             2004 - Wait - svchost.exe - C:\WINDOWS\system32\svchost.exe - Microsoft Corporation
             2024 - Wait - ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             3220 - Wait - RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[explorer.exe]Threads
             244 - Wait - msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             388 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             1528 - Wait - Explorer.EXE - C:\WINDOWS\Explorer.EXE - Microsoft Corporation
             1656 - Wait - SHLWAPI.dll - C:\WINDOWS\system32\SHLWAPI.dll - Microsoft Corporation
             1660 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             1668 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             1740 - Wait - SHLWAPI.dll - C:\WINDOWS\system32\SHLWAPI.dll - Microsoft Corporation
             1788 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             1860 - Wait - stobject.dll - C:\WINDOWS\system32\stobject.dll - Microsoft Corporation
             1864 - Wait - SHLWAPI.dll - C:\WINDOWS\system32\SHLWAPI.dll - Microsoft Corporation
             1868 - Wait - SHLWAPI.dll - C:\WINDOWS\system32\SHLWAPI.dll - Microsoft Corporation
             1968 - Wait - wdmaud.drv - C:\WINDOWS\system32\wdmaud.drv - Microsoft Corporation
             1972 - Wait - WINMM.dll - C:\WINDOWS\system32\WINMM.dll - Microsoft Corporation
             2436 - Wait - fxsst.dll - C:\WINDOWS\system32\fxsst.dll - Microsoft Corporation
             3108 - Wait - RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             3132 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             3656 - Wait - BROWSEUI.dll - C:\WINDOWS\system32\BROWSEUI.dll - Microsoft Corporation
             3764 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation
             4080 - Wait - MSVCR90.dll - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\MSVCR90.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[ALCXMNTR.EXE]Threads
             272 - Wait - wdmaud.drv - C:\WINDOWS\system32\wdmaud.drv - Microsoft Corporation
             488 - Wait - ALCXMNTR.EXE - C:\WINDOWS\ALCXMNTR.EXE - Realtek Semiconductor Corp.
             928 - Wait - ALCXMNTR.EXE - C:\WINDOWS\ALCXMNTR.EXE - Realtek Semiconductor Corp.

------------------------------------------------------------------------------------------

      Image File Name[services.exe]Threads
             356 - Wait - kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             632 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             636 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             640 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             728 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             752 - Wait - kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             760 - Wait - AUTHZ.dll - C:\WINDOWS\system32\AUTHZ.dll - Microsoft Corporation
             768 - Terminate - NCObjAPI.DLL - C:\WINDOWS\system32\NCObjAPI.DLL - Microsoft Corporation
             788 - Wait - services.exe - C:\WINDOWS\system32\services.exe - Microsoft Corporation
             864 - Wait -  -  - 
             1004 - Wait - umpnpmgr.dll - C:\WINDOWS\system32\umpnpmgr.dll - Microsoft Corporation
             1008 - Wait - umpnpmgr.dll - C:\WINDOWS\system32\umpnpmgr.dll - Microsoft Corporation
             1316 - Wait - kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             1456 - Terminate - NCObjAPI.DLL - C:\WINDOWS\system32\NCObjAPI.DLL - Microsoft Corporation
             1680 - Wait - NCObjAPI.DLL - C:\WINDOWS\system32\NCObjAPI.DLL - Microsoft Corporation
             1712 - Wait - NCObjAPI.DLL - C:\WINDOWS\system32\NCObjAPI.DLL - Microsoft Corporation
             2136 - Wait - RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[smss.exe]Threads
             468 - Wait - smss.exe - C:\WINDOWS\System32\smss.exe - Microsoft Corporation
             472 - Wait - smss.exe - C:\WINDOWS\System32\smss.exe - Microsoft Corporation
             476 - Wait -  -  - 

------------------------------------------------------------------------------------------

      Image File Name[svchost.exe]Threads
             500 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             516 - Wait - kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             780 - Wait - svchost.exe - C:\WINDOWS\system32\svchost.exe - Microsoft Corporation
             792 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             800 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             2060 - Wait - kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             2232 - Wait - RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             2484 - Wait - termsrv.dll - c:\windows\system32\termsrv.dll - Microsoft Corporation
             2492 - Wait -  -  - 
             2496 - Wait - kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             2500 - Wait - termsrv.dll - c:\windows\system32\termsrv.dll - Microsoft Corporation
             2504 - Wait - termsrv.dll - c:\windows\system32\termsrv.dll - Microsoft Corporation
             2508 - Wait - termsrv.dll - c:\windows\system32\termsrv.dll - Microsoft Corporation
             2516 - Wait - kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             2520 - Wait - USERENV.dll - C:\WINDOWS\system32\USERENV.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[winlogon.exe]Threads
             504 - Wait - RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             568 - Wait - winlogon.exe - C:\WINDOWS\system32\winlogon.exe - Microsoft Corporation
             592 - Wait - RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             596 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             600 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             604 - Wait - RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             616 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             852 - Wait - sfc_os.dll - C:\WINDOWS\system32\sfc_os.dll - Microsoft Corporation
             856 - Wait - sfc_os.dll - C:\WINDOWS\system32\sfc_os.dll - Microsoft Corporation
             860 - Wait - sfc_os.dll - C:\WINDOWS\system32\sfc_os.dll - Microsoft Corporation
             868 - Wait -  -  - 
             980 - Wait - winlogon.exe - C:\WINDOWS\system32\winlogon.exe - Microsoft Corporation
             1016 - Wait - cscdll.dll - C:\WINDOWS\system32\cscdll.dll - Microsoft Corporation
             1312 - Terminate - winlogon.exe - C:\WINDOWS\system32\winlogon.exe - Microsoft Corporation
             1348 - Terminate - WlNotify.dll - C:\WINDOWS\system32\WlNotify.dll - Microsoft Corporation
             1500 - Wait - wdmaud.drv - C:\WINDOWS\system32\wdmaud.drv - Microsoft Corporation
             1516 - Wait - WINMM.dll - C:\WINDOWS\system32\WINMM.dll - Microsoft Corporation
             3768 - Wait - RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[csrss.exe]Threads
             548 - Wait - winsrv.dll - C:\WINDOWS\system32\winsrv.dll - Microsoft Corporation
             552 - Wait - winsrv.dll - C:\WINDOWS\system32\winsrv.dll - Microsoft Corporation
             556 - Wait - CSRSRV.dll - C:\WINDOWS\system32\CSRSRV.dll - Microsoft Corporation
             560 - Wait - CSRSRV.dll - C:\WINDOWS\system32\CSRSRV.dll - Microsoft Corporation
             572 - Wait - CSRSRV.dll - C:\WINDOWS\system32\CSRSRV.dll - Microsoft Corporation
             576 - Wait - winsrv.dll - C:\WINDOWS\system32\winsrv.dll - Microsoft Corporation
             580 - Wait - winsrv.dll - C:\WINDOWS\system32\winsrv.dll - Microsoft Corporation
             628 - Wait - winsrv.dll - C:\WINDOWS\system32\winsrv.dll - Microsoft Corporation
             1184 - Wait - CSRSRV.dll - C:\WINDOWS\system32\CSRSRV.dll - Microsoft Corporation
             1536 - Wait - winsrv.dll - C:\WINDOWS\system32\winsrv.dll - Microsoft Corporation
             1832 - Wait - winsrv.dll - C:\WINDOWS\system32\winsrv.dll - Microsoft Corporation
             2532 - Wait - winsrv.dll - C:\WINDOWS\system32\winsrv.dll - Microsoft Corporation
             2696 - Wait -  -  - 

------------------------------------------------------------------------------------------

      Image File Name[lsass.exe]Threads
             644 - Wait - LSASRV.dll - C:\WINDOWS\system32\LSASRV.dll - Microsoft Corporation
             648 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             652 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             656 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             660 - Wait - LSASRV.dll - C:\WINDOWS\system32\LSASRV.dll - Microsoft Corporation
             676 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             688 - Wait -  -  - 
             700 - Wait -  -  - 
             712 - Wait - LSASRV.dll - C:\WINDOWS\system32\LSASRV.dll - Microsoft Corporation
             816 - Wait - RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             1284 - Wait - LSASRV.dll - C:\WINDOWS\system32\LSASRV.dll - Microsoft Corporation
             1452 - Wait - kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             1512 - Wait - RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             1916 - Wait - ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             1976 - Terminate - hnetcfg.dll - C:\WINDOWS\system32\hnetcfg.dll - Microsoft Corporation
             1980 - Wait - msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             1984 - Wait - msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             1988 - Wait - msvcrt.dll - C:\WINDOWS\system32\msvcrt.dll - Microsoft Corporation
             2596 - Wait - USERENV.dll - C:\WINDOWS\system32\USERENV.dll - Microsoft Corporation
             3504 - Wait -  -  - 

------------------------------------------------------------------------------------------

      Image File Name[hkcmd.exe]Threads
             736 - Wait - hkcmd.exe - C:\WINDOWS\system32\hkcmd.exe - Intel Corporation
             1892 - Wait - hkcmd.exe - C:\WINDOWS\system32\hkcmd.exe - Intel Corporation

------------------------------------------------------------------------------------------

      Image File Name[XueTr-+=-¦¦-+˜¦µ¦+.exe]Threads
             784 - Run - XueTr-+=-¦¦-+˜¦µ¦+.exe - C:\Documents and Settings\Compaq_Owner\Desktop\XueTr-+=-¦¦-+˜¦µ¦+.exe - Email: linxer@163.com
             2900 - Wait - XueTr-+=-¦¦-+˜¦µ¦+.exe - C:\Documents and Settings\Compaq_Owner\Desktop\XueTr-+=-¦¦-+˜¦µ¦+.exe - Email: linxer@163.com
             3336 - Wait - ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[svchost.exe]Threads
             876 - Wait - svchost.exe - C:\WINDOWS\system32\svchost.exe - Microsoft Corporation
             880 - Wait - ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             884 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             888 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             892 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             904 - Wait - kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             1692 - Wait - kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             2832 - Wait - RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             3588 - Wait - kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[svchost.exe]Threads
             1040 - Wait - svchost.exe - C:\WINDOWS\system32\svchost.exe - Microsoft Corporation
             1112 - Wait - dnsrslvr.dll - c:\windows\system32\dnsrslvr.dll - Microsoft Corporation
             1116 - Wait - dnsrslvr.dll - c:\windows\system32\dnsrslvr.dll - Microsoft Corporation
             1332 - Wait - kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             1580 - Wait - kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             1772 - Wait -  -  - 
             2116 - Terminate - hnetcfg.dll - C:\WINDOWS\system32\hnetcfg.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[svchost.exe]Threads
             1084 - Wait - ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             1132 - Wait - svchost.exe - C:\WINDOWS\system32\svchost.exe - Microsoft Corporation
             1148 - Wait - ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             1160 - Wait - lmhsvc.dll - c:\windows\system32\lmhsvc.dll - Microsoft Corporation
             1400 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             1416 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             1548 - Wait - webclnt.dll - c:\windows\system32\webclnt.dll - Microsoft Corporation
             1552 - Wait - webclnt.dll - c:\windows\system32\webclnt.dll - Microsoft Corporation
             1556 - Wait - RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             1560 - Wait - ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             1752 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             2180 - Terminate - hnetcfg.dll - C:\WINDOWS\system32\hnetcfg.dll - Microsoft Corporation
             2192 - Wait - RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             2204 - Wait - ssdpsrv.dll - c:\windows\system32\ssdpsrv.dll - Microsoft Corporation
             2432 - Wait - ntdll.dll - C:\WINDOWS\system32\ntdll.dll - Microsoft Corporation
             3796 - Wait - RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[spoolsv.exe]Threads
             1240 - Wait - spoolsv.exe - C:\WINDOWS\system32\spoolsv.exe - Microsoft Corporation
             1252 - Wait - ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             1256 - Wait - kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             1268 - Wait - spoolsv.exe - C:\WINDOWS\system32\spoolsv.exe - Microsoft Corporation
             1444 - Wait - spoolsv.exe - C:\WINDOWS\system32\spoolsv.exe - Microsoft Corporation
             2188 - Wait - usbmon.dll - C:\WINDOWS\system32\usbmon.dll - Microsoft Corporation
             2272 - Wait - localspl.dll - C:\WINDOWS\system32\localspl.dll - Microsoft Corporation
             2276 - Wait - localspl.dll - C:\WINDOWS\system32\localspl.dll - Microsoft Corporation
             2620 - Wait - RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation
             2656 - Wait - RPCRT4.dll - C:\WINDOWS\system32\RPCRT4.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[jqs.exe]Threads
             1620 - Wait - jqs.exe - C:\Program Files\Java\jre6\bin\jqs.exe - Sun Microsystems, Inc.
             1628 - Wait - ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             1756 - Wait - MSVCR71.dll - C:\Program Files\Java\jre6\bin\MSVCR71.dll - Microsoft Corporation
             1852 - Wait - ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             2020 - Wait - MSVCR71.dll - C:\Program Files\Java\jre6\bin\MSVCR71.dll - Microsoft Corporation
             2896 - Terminate - MSVCR71.dll - C:\Program Files\Java\jre6\bin\MSVCR71.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[mdm.exe]Threads
             1708 - Wait - MDM.EXE - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE - Microsoft Corporation
             1792 - Wait - ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             1796 - Wait - MDM.EXE - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE - Microsoft Corporation
             1812 - Wait - kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation
             1828 - Wait - csm.dll - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\csm.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[hpsysdrv.exe]Threads
             1844 - Wait - hpsysdrv.exe - C:\windows\system\hpsysdrv.exe - Hewlett-Packard Company

------------------------------------------------------------------------------------------

      Image File Name[alg.exe]Threads
             2100 - Wait - alg.exe - C:\WINDOWS\System32\alg.exe - Microsoft Corporation
             3308 - Wait - ADVAPI32.dll - C:\WINDOWS\system32\ADVAPI32.dll - Microsoft Corporation
             3704 - Wait - kernel32.dll - C:\WINDOWS\system32\kernel32.dll - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[wscntfy.exe]Threads
             2728 - Wait - wscntfy.exe - C:\WINDOWS\system32\wscntfy.exe - Microsoft Corporation

------------------------------------------------------------------------------------------

      Image File Name[Idle]Threads

==========================================================================================

Kernel Module

       ntoskrnl.exe - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       hal.dll - C:\WINDOWS\system32\hal.dll - Microsoft Corporation
       KDCOM.DLL - C:\WINDOWS\system32\KDCOM.DLL - Microsoft Corporation
       BOOTVID.dll - C:\WINDOWS\system32\BOOTVID.dll - Microsoft Corporation
       ACPI.sys - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       WMILIB.SYS - C:\WINDOWS\system32\DRIVERS\WMILIB.SYS - Microsoft Corporation
       pci.sys - C:\WINDOWS\system32\drivers\pci.sys - Microsoft Corporation
       isapnp.sys - C:\WINDOWS\system32\drivers\isapnp.sys - Microsoft Corporation
       intelide.sys - C:\WINDOWS\system32\drivers\intelide.sys - Microsoft Corporation
       PCIIDEX.SYS - C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS - Microsoft Corporation
       MountMgr.sys - C:\WINDOWS\system32\drivers\MountMgr.sys - Microsoft Corporation
       ftdisk.sys - C:\WINDOWS\system32\drivers\ftdisk.sys - Microsoft Corporation
       PartMgr.sys - C:\WINDOWS\system32\drivers\PartMgr.sys - Microsoft Corporation
       VolSnap.sys - C:\WINDOWS\system32\drivers\VolSnap.sys - Microsoft Corporation
       atapi.sys - C:\WINDOWS\system32\drivers\atapi.sys - Microsoft Corporation
       disk.sys - C:\WINDOWS\system32\drivers\disk.sys - Microsoft Corporation
       CLASSPNP.SYS - C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS - Microsoft Corporation
       fltmgr.sys - C:\WINDOWS\system32\drivers\fltmgr.sys - Microsoft Corporation
       SYMDS.SYS - C:\WINDOWS\system32\drivers\SYMDS.SYS - File not found
       sr.sys - C:\WINDOWS\system32\drivers\sr.sys - Microsoft Corporation
       SYMEFA.SYS - C:\WINDOWS\system32\drivers\SYMEFA.SYS - File not found
       PxHelp20.sys - C:\WINDOWS\system32\drivers\PxHelp20.sys - Sonic Solutions
       KSecDD.sys - C:\WINDOWS\system32\drivers\KSecDD.sys - Microsoft Corporation
       Ntfs.sys - C:\WINDOWS\system32\drivers\Ntfs.sys - Microsoft Corporation
       NDIS.sys - C:\WINDOWS\system32\drivers\NDIS.sys - Microsoft Corporation
       ohci1394.sys - C:\WINDOWS\system32\drivers\ohci1394.sys - Microsoft Corporation
       1394BUS.SYS - C:\WINDOWS\system32\DRIVERS\1394BUS.SYS - Microsoft Corporation
       Mup.sys - C:\WINDOWS\system32\drivers\Mup.sys - Microsoft Corporation
       nic1394.sys - C:\WINDOWS\system32\DRIVERS\nic1394.sys - Microsoft Corporation
       intelppm.sys - C:\WINDOWS\system32\DRIVERS\intelppm.sys - Microsoft Corporation
       ialmnt5.sys - C:\WINDOWS\system32\DRIVERS\ialmnt5.sys - Intel Corporation
       VIDEOPRT.SYS - C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS - Microsoft Corporation
       usbuhci.sys - C:\WINDOWS\system32\DRIVERS\usbuhci.sys - Microsoft Corporation
       USBPORT.SYS - C:\WINDOWS\system32\DRIVERS\USBPORT.SYS - Microsoft Corporation
       usbehci.sys - C:\WINDOWS\system32\DRIVERS\usbehci.sys - Microsoft Corporation
       AGRSM.sys - C:\WINDOWS\system32\DRIVERS\AGRSM.sys - Agere Systems
       Modem.SYS - C:\WINDOWS\System32\Drivers\Modem.SYS - Microsoft Corporation
       R8139n51.SYS - C:\WINDOWS\system32\DRIVERS\R8139n51.SYS - Realtek Semiconductor Corporation       
       serial.sys - C:\WINDOWS\system32\DRIVERS\serial.sys - Microsoft Corporation
       serenum.sys - C:\WINDOWS\system32\DRIVERS\serenum.sys - Microsoft Corporation
       parport.sys - C:\WINDOWS\system32\DRIVERS\parport.sys - Microsoft Corporation
       i8042prt.sys - C:\WINDOWS\system32\DRIVERS\i8042prt.sys - Microsoft Corporation
       mouclass.sys - C:\WINDOWS\system32\DRIVERS\mouclass.sys - Microsoft Corporation
       PS2.sys - C:\WINDOWS\system32\DRIVERS\PS2.sys - Hewlett-Packard Company
       kbdclass.sys - C:\WINDOWS\system32\DRIVERS\kbdclass.sys - Microsoft Corporation
       imapi.sys - C:\WINDOWS\system32\DRIVERS\imapi.sys - Microsoft Corporation
       pfc.sys - C:\WINDOWS\system32\drivers\pfc.sys - Padus, Inc.
       iviaspi.sys - C:\WINDOWS\system32\drivers\iviaspi.sys - InterVideo, Inc.
       cdrom.sys - C:\WINDOWS\system32\DRIVERS\cdrom.sys - Microsoft Corporation
       redbook.sys - C:\WINDOWS\system32\DRIVERS\redbook.sys - Microsoft Corporation
       ks.sys - C:\WINDOWS\system32\DRIVERS\ks.sys - Microsoft Corporation
       GEARAspiWDM.sys - C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys - GEAR Software Inc.
       ALCXWDM.SYS - C:\WINDOWS\system32\drivers\ALCXWDM.SYS - Realtek Semiconductor Corp.
       portcls.sys - C:\WINDOWS\system32\drivers\portcls.sys - Microsoft Corporation
       drmk.sys - C:\WINDOWS\system32\drivers\drmk.sys - Microsoft Corporation
       audstub.sys - C:\WINDOWS\system32\DRIVERS\audstub.sys - Microsoft Corporation
       rasl2tp.sys - C:\WINDOWS\system32\DRIVERS\rasl2tp.sys - Microsoft Corporation
       ndistapi.sys - C:\WINDOWS\system32\DRIVERS\ndistapi.sys - Microsoft Corporation
       ndiswan.sys - C:\WINDOWS\system32\DRIVERS\ndiswan.sys - Microsoft Corporation
       raspppoe.sys - C:\WINDOWS\system32\DRIVERS\raspppoe.sys - Microsoft Corporation
       raspptp.sys - C:\WINDOWS\system32\DRIVERS\raspptp.sys - Microsoft Corporation
       TDI.SYS - C:\WINDOWS\system32\DRIVERS\TDI.SYS - Microsoft Corporation
       psched.sys - C:\WINDOWS\system32\DRIVERS\psched.sys - Microsoft Corporation
       msgpc.sys - C:\WINDOWS\system32\DRIVERS\msgpc.sys - Microsoft Corporation
       ptilink.sys - C:\WINDOWS\system32\DRIVERS\ptilink.sys - Parallel Technologies, Inc.
       raspti.sys - C:\WINDOWS\system32\DRIVERS\raspti.sys - Microsoft Corporation
       termdd.sys - C:\WINDOWS\system32\DRIVERS\termdd.sys - Microsoft Corporation
       swenum.sys - C:\WINDOWS\system32\DRIVERS\swenum.sys - Microsoft Corporation
       update.sys - C:\WINDOWS\system32\DRIVERS\update.sys - Microsoft Corporation
       mssmbios.sys - C:\WINDOWS\system32\DRIVERS\mssmbios.sys - Microsoft Corporation
       NDProxy.SYS - C:\WINDOWS\System32\Drivers\NDProxy.SYS - Microsoft Corporation
       usbhub.sys - C:\WINDOWS\system32\DRIVERS\usbhub.sys - Microsoft Corporation
       USBD.SYS - C:\WINDOWS\system32\DRIVERS\USBD.SYS - Microsoft Corporation
       ccSetx86.sys - C:\WINDOWS\system32\drivers\NIS\1309000.009\ccSetx86.sys - Symantec Corporation
       Ironx86.SYS - C:\WINDOWS\system32\drivers\NIS\1309000.009\Ironx86.SYS - Symantec Corporation
       Fs_Rec.SYS - C:\WINDOWS\System32\Drivers\Fs_Rec.SYS - Microsoft Corporation
       Null.SYS - C:\WINDOWS\System32\Drivers\Null.SYS - Microsoft Corporation
       Beep.SYS - C:\WINDOWS\System32\Drivers\Beep.SYS - Microsoft Corporation
       vga.sys - C:\WINDOWS\System32\drivers\vga.sys - Microsoft Corporation
       mnmdd.SYS - C:\WINDOWS\System32\Drivers\mnmdd.SYS - Microsoft Corporation
       RDPCDD.sys - C:\WINDOWS\System32\DRIVERS\RDPCDD.sys - Microsoft Corporation
       Msfs.SYS - C:\WINDOWS\System32\Drivers\Msfs.SYS - Microsoft Corporation
       Npfs.SYS - C:\WINDOWS\System32\Drivers\Npfs.SYS - Microsoft Corporation
       rasacd.sys - C:\WINDOWS\system32\DRIVERS\rasacd.sys - Microsoft Corporation
       ipsec.sys - C:\WINDOWS\system32\DRIVERS\ipsec.sys - Microsoft Corporation
       tcpip.sys - C:\WINDOWS\system32\DRIVERS\tcpip.sys - Microsoft Corporation
       SYMTDI.SYS - C:\WINDOWS\System32\Drivers\NIS\1309000.009\SYMTDI.SYS - Symantec Corporation
       SYMEVENT.SYS - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS - Symantec Corporation
       IDSxpx86.sys - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20121114.001\IDSxpx86.sys - Symantec Corporation
       ipnat.sys - C:\WINDOWS\system32\DRIVERS\ipnat.sys - Microsoft Corporation
       wanarp.sys - C:\WINDOWS\system32\DRIVERS\wanarp.sys - Microsoft Corporation
       netbt.sys - C:\WINDOWS\system32\DRIVERS\netbt.sys - Microsoft Corporation
       ws2ifsl.sys - C:\WINDOWS\System32\drivers\ws2ifsl.sys - Microsoft Corporation
       afd.sys - C:\WINDOWS\System32\drivers\afd.sys - Microsoft Corporation
       netbios.sys - C:\WINDOWS\system32\DRIVERS\netbios.sys - Microsoft Corporation
       SRTSPX.SYS - C:\WINDOWS\system32\drivers\NIS\1309000.009\SRTSPX.SYS - Symantec Corporation
       rdbss.sys - C:\WINDOWS\system32\DRIVERS\rdbss.sys - Microsoft Corporation
       mrxsmb.sys - C:\WINDOWS\system32\DRIVERS\mrxsmb.sys - Microsoft Corporation
       Fips.SYS - C:\WINDOWS\System32\Drivers\Fips.SYS - Microsoft Corporation
       arp1394.sys - C:\WINDOWS\system32\DRIVERS\arp1394.sys - Microsoft Corporation
       eeCtrl.sys - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys - Symantec Corporation
       EraserUtilRebootDrv.sys - C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys - Symantec Corporation
       BHDrvx86.sys - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20121106.001\BHDrvx86.sys - Symantec Corporation
       USBSTOR.SYS - C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Microsoft Corporation
       Fastfat.SYS - C:\WINDOWS\System32\Drivers\Fastfat.SYS - Microsoft Corporation
       dump_atapi.sys - C:\WINDOWS\System32\Drivers\dump_atapi.sys - File not found
       dump_WMILIB.SYS - C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS - File not found
       win32k.sys - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       Dxapi.sys - C:\WINDOWS\System32\drivers\Dxapi.sys - Microsoft Corporation
       watchdog.sys - C:\WINDOWS\System32\watchdog.sys - Microsoft Corporation
       dxg.sys - C:\WINDOWS\System32\drivers\dxg.sys - Microsoft Corporation
       dxgthk.sys - C:\WINDOWS\System32\drivers\dxgthk.sys - Microsoft Corporation
       ialmdnt5.dll - C:\WINDOWS\System32\ialmdnt5.dll - Intel Corporation
       ialmrnt5.dll - C:\WINDOWS\System32\ialmrnt5.dll - Intel Corporation
       ialmdev5.DLL - C:\WINDOWS\System32\ialmdev5.DLL - Intel Corporation
       ialmdd5.DLL - C:\WINDOWS\System32\ialmdd5.DLL - Intel Corporation
       ATMFD.DLL - C:\WINDOWS\System32\ATMFD.DLL - Adobe Systems Incorporated
       ndisuio.sys - C:\WINDOWS\system32\DRIVERS\ndisuio.sys - Microsoft Corporation
       wdmaud.sys - C:\WINDOWS\system32\drivers\wdmaud.sys - Microsoft Corporation
       sysaudio.sys - C:\WINDOWS\system32\drivers\sysaudio.sys - Microsoft Corporation
       mrxdav.sys - C:\WINDOWS\system32\DRIVERS\mrxdav.sys - Microsoft Corporation
       BrPar.sys - C:\WINDOWS\System32\drivers\BrPar.sys - Brother Industries Ltd.
       srv.sys - C:\WINDOWS\system32\DRIVERS\srv.sys - Microsoft Corporation
       Cdfs.SYS - C:\WINDOWS\System32\Drivers\Cdfs.SYS - Microsoft Corporation
       ipfltdrv.sys - C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys - Microsoft Corporation
       HTTP.sys - C:\WINDOWS\System32\Drivers\HTTP.sys - Microsoft Corporation
       SRTSP.SYS - C:\WINDOWS\System32\Drivers\NIS\1309000.009\SRTSP.SYS - Symantec Corporation
       NAVEX15.SYS - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121114.008\NAVEX15.SYS - Symantec Corporation
       NAVENG.SYS - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121114.008\NAVENG.SYS - Symantec Corporation
       XueTr-+=-¦¦-+˜¦µ¦+.sys - C:\Documents and Settings\Compaq_Owner\Desktop\XueTr-+=-¦¦-+˜¦µ¦+.sys - File not found

==========================================================================================

Notify Routine

       CreateProcess - 0xB191F9A0 - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS - Symantec Corporation
       CreateProcess - 0xB15D1570 - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20121106.001\BHDrvx86.sys - Symantec Corporation
       CreateThread - 0xB191F930 - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS - Symantec Corporation
       LoadImage - 0xB191F4E0 - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS - Symantec Corporation
       LoadImage - 0xB15D14A0 - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20121106.001\BHDrvx86.sys - Symantec Corporation
       BugCheckCallback - 0xBAF4A5EF - C:\WINDOWS\system32\drivers\NDIS.sys - Microsoft Corporation
       BugCheckCallback - 0x806F57CC - C:\WINDOWS\system32\hal.dll - Microsoft Corporation
       BugCheckReasonCallback - 0xB1943B60 - C:\WINDOWS\System32\Drivers\NIS\1309000.009\SYMTDI.SYS - Symantec Corporation
       BugCheckReasonCallback - 0xBAE1CAB8 - C:\WINDOWS\system32\DRIVERS\mssmbios.sys - Microsoft Corporation
       BugCheckReasonCallback - 0xBAE1CA70 - C:\WINDOWS\system32\DRIVERS\mssmbios.sys - Microsoft Corporation
       BugCheckReasonCallback - 0xBAE1CA28 - C:\WINDOWS\system32\DRIVERS\mssmbios.sys - Microsoft Corporation
       BugCheckReasonCallback - 0xBA0061BE - C:\WINDOWS\system32\DRIVERS\USBPORT.SYS - Microsoft Corporation
       BugCheckReasonCallback - 0xBA00611E - C:\WINDOWS\system32\DRIVERS\USBPORT.SYS - Microsoft Corporation
       BugCheckReasonCallback - 0xBA01D522 - C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS - Microsoft Corporation
       SeFileSystem - 0xB16F63CF - C:\WINDOWS\system32\DRIVERS\mrxsmb.sys - Microsoft Corporation
       Shutdown - 0xF753AC74 - C:\WINDOWS\System32\Drivers\Cdfs.SYS - Microsoft Corporation
       Shutdown - 0xBA029C6A - C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS - Microsoft Corporation
       Shutdown - 0xBA029C6A - C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS - Microsoft Corporation
       Shutdown - 0xBA029C6A - C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS - Microsoft Corporation
       Shutdown - 0xF79DD5BE - C:\WINDOWS\System32\Drivers\Fs_Rec.SYS - Microsoft Corporation
       Shutdown - 0xF79DD5BE - C:\WINDOWS\System32\Drivers\Fs_Rec.SYS - Microsoft Corporation
       Shutdown - 0xF79DD5BE - C:\WINDOWS\System32\Drivers\Fs_Rec.SYS - Microsoft Corporation
       Shutdown - 0xF79DD5BE - C:\WINDOWS\System32\Drivers\Fs_Rec.SYS - Microsoft Corporation
       Shutdown - 0xF79DD5BE - C:\WINDOWS\System32\Drivers\Fs_Rec.SYS - Microsoft Corporation
       Shutdown - 0xB1A5315A - C:\WINDOWS\system32\drivers\NIS\1309000.009\ccSetx86.sys - Symantec Corporation
       Shutdown - 0xBA029C6A - C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS - Microsoft Corporation
       Shutdown - 0xBAF3D8F1 - C:\WINDOWS\system32\drivers\Mup.sys - Microsoft Corporation
       Shutdown - 0xF74D92BE - C:\WINDOWS\system32\drivers\ftdisk.sys - Microsoft Corporation
       Shutdown - 0xF760773A - C:\WINDOWS\system32\drivers\MountMgr.sys - Microsoft Corporation
       Shutdown - 0x806303D5 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Shutdown - 0x8063FD57 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       PlugPlay - 0xB14C3FCC - C:\WINDOWS\system32\drivers\sysaudio.sys - Microsoft Corporation
       PlugPlay - 0x805D4441 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       PlugPlay - 0x805D4441 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       PlugPlay - 0xBF89F827 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       PlugPlay - 0x805D4441 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       PlugPlay - 0xB118C44E - C:\WINDOWS\system32\drivers\wdmaud.sys - Microsoft Corporation
       PlugPlay - 0xB118C44E - C:\WINDOWS\system32\drivers\wdmaud.sys - Microsoft Corporation
       PlugPlay - 0xB118C44E - C:\WINDOWS\system32\drivers\wdmaud.sys - Microsoft Corporation
       PlugPlay - 0xBF89F827 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       PlugPlay - 0xBF8A044E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       PlugPlay - 0xF76DAAC0 - C:\WINDOWS\system32\DRIVERS\redbook.sys - Microsoft Corporation
       PlugPlay - 0xF760FC26 - C:\WINDOWS\system32\drivers\MountMgr.sys - Microsoft Corporation
       PlugPlay - 0xF761F544 - C:\WINDOWS\system32\drivers\VolSnap.sys - Microsoft Corporation
       PlugPlay - 0xBF89F827 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       PlugPlay - 0x805D4441 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       PlugPlay - 0xF771085E - C:\WINDOWS\system32\drivers\PartMgr.sys - Microsoft Corporation
       PlugPlay - 0xB14C3FCC - C:\WINDOWS\system32\drivers\sysaudio.sys - Microsoft Corporation
       FsNotifyChange - 0xF74B04B8 - C:\WINDOWS\system32\drivers\fltmgr.sys - Microsoft Corporation
       FsNotifyChange - 0xF7442876 - C:\WINDOWS\system32\drivers\sr.sys - Microsoft Corporation
       FsNotifyChange - 0xF74B04B8 - C:\WINDOWS\system32\drivers\fltmgr.sys - Microsoft Corporation

==========================================================================================

Filter

       File - \FileSystem\FltMgr->\FileSystem\Ntfs - 0x8A611C70 - C:\WINDOWS\system32\drivers\fltmgr.sys - Microsoft Corporation
       File - \FileSystem\sr->\FileSystem\FltMgr - 0x8A563DD0 - C:\WINDOWS\system32\drivers\sr.sys - Microsoft Corporation
       File - \FileSystem\FltMgr->\FileSystem\sr - 0x8A5B5EE8 - C:\WINDOWS\system32\drivers\fltmgr.sys - Microsoft Corporation
       Disk - \Driver\PartMgr->\Driver\Disk - 0x8A5FA168 - C:\WINDOWS\system32\drivers\PartMgr.sys - Microsoft Corporation
       Volume - \Driver\VolSnap->\Driver\Ftdisk - 0x8A5AC020 - C:\WINDOWS\system32\drivers\VolSnap.sys - Microsoft Corporation
       I8042prt - \Driver\Ps2->\Driver\i8042prt - 0x8A38D7E8 - C:\WINDOWS\system32\DRIVERS\PS2.sys - Hewlett-Packard Company
       I8042prt - \Driver\Kbdclass->\Driver\Ps2 - 0x8A390398 - C:\WINDOWS\system32\DRIVERS\kbdclass.sys - Microsoft Corporation
       I8042prt - \Driver\Mouclass->\Driver\i8042prt - 0x8A389300 - C:\WINDOWS\system32\DRIVERS\mouclass.sys - Microsoft Corporation
       Tcpip - \Driver\SYMTDI->\Driver\Tcpip - 0x8A300020 - C:\WINDOWS\System32\Drivers\NIS\1309000.009\SYMTDI.SYS - Symantec Corporation
       Tcpip - \Driver\SYMTDI->\Driver\Tcpip - 0x8A29B140 - C:\WINDOWS\System32\Drivers\NIS\1309000.009\SYMTDI.SYS - Symantec Corporation
       Tcpip - \Driver\SYMTDI->\Driver\Tcpip - 0x8A56C020 - C:\WINDOWS\System32\Drivers\NIS\1309000.009\SYMTDI.SYS - Symantec Corporation
       Tcpip - \Driver\SYMTDI->\Driver\Tcpip - 0x8A268020 - C:\WINDOWS\System32\Drivers\NIS\1309000.009\SYMTDI.SYS - Symantec Corporation
       PnpManager - \Driver\mssmbios->\Driver\PnpManager - 0x8A52F020 - C:\WINDOWS\system32\DRIVERS\mssmbios.sys - Microsoft Corporation
       PnpManager - \Driver\Update->\Driver\PnpManager - 0x8A338B98 - C:\WINDOWS\system32\DRIVERS\update.sys - Microsoft Corporation
       PnpManager - \Driver\swenum->\Driver\PnpManager - 0x8A34F808 - C:\WINDOWS\system32\DRIVERS\swenum.sys - Microsoft Corporation
       PnpManager - \Driver\TermDD->\Driver\PnpManager - 0x8A5A9590 - C:\WINDOWS\system32\DRIVERS\termdd.sys - Microsoft Corporation
       PnpManager - \Driver\Mouclass->\Driver\TermDD - 0x8A4BFA48 - C:\WINDOWS\system32\DRIVERS\mouclass.sys - Microsoft Corporation
       PnpManager - \Driver\TermDD->\Driver\PnpManager - 0x8A355470 - C:\WINDOWS\system32\DRIVERS\termdd.sys - Microsoft Corporation
       PnpManager - \Driver\Kbdclass->\Driver\TermDD - 0x8A2B9688 - C:\WINDOWS\system32\DRIVERS\kbdclass.sys - Microsoft Corporation
       PnpManager - \Driver\Raspti->\Driver\PnpManager - 0x8A2F42F8 - C:\WINDOWS\system32\DRIVERS\raspti.sys - Microsoft Corporation
       PnpManager - \Driver\PSched->\Driver\PnpManager - 0x8A30A648 - C:\WINDOWS\system32\DRIVERS\psched.sys - Microsoft Corporation
       PnpManager - \Driver\PSched->\Driver\PnpManager - 0x8A30C570 - C:\WINDOWS\system32\DRIVERS\psched.sys - Microsoft Corporation
       PnpManager - \Driver\PptpMiniport->\Driver\PnpManager - 0x8A2979D0 - C:\WINDOWS\system32\DRIVERS\raspptp.sys - Microsoft Corporation
       PnpManager - \Driver\RasPppoe->\Driver\PnpManager - 0x8A294030 - C:\WINDOWS\system32\DRIVERS\raspppoe.sys - Microsoft Corporation
       PnpManager - \Driver\NdisWan->\Driver\PnpManager - 0x8A296030 - C:\WINDOWS\system32\DRIVERS\ndiswan.sys - Microsoft Corporation
       PnpManager - \Driver\Rasl2tp->\Driver\PnpManager - 0x8A2993B8 - C:\WINDOWS\system32\DRIVERS\rasl2tp.sys - Microsoft Corporation
       PnpManager - \Driver\audstub->\Driver\PnpManager - 0x8A3A3CE0 - C:\WINDOWS\system32\DRIVERS\audstub.sys - Microsoft Corporation
       PnpManager - \Driver\audstub->\Driver\PnpManager - 0x8A34E950 - C:\WINDOWS\system32\DRIVERS\audstub.sys - Microsoft Corporation
       PnpManager - \Driver\audstub->\Driver\PnpManager - 0x8A31E4A0 - C:\WINDOWS\system32\DRIVERS\audstub.sys - Microsoft Corporation
       PnpManager - \Driver\audstub->\Driver\PnpManager - 0x8A29A2E0 - C:\WINDOWS\system32\DRIVERS\audstub.sys - Microsoft Corporation
       PnpManager - \Driver\audstub->\Driver\PnpManager - 0x8A29B2E0 - C:\WINDOWS\system32\DRIVERS\audstub.sys - Microsoft Corporation
       PnpManager - \Driver\Ftdisk->\Driver\PnpManager - 0x8A5FAD40 - C:\WINDOWS\system32\drivers\ftdisk.sys - Microsoft Corporation
       PnpManager - \Driver\ACPI_HAL->\Driver\PnpManager - 0x8A612A80 -  - 

==========================================================================================

DPC Timer

       0xB07A8BE0 - 0xB0798418 - C:\WINDOWS\System32\Drivers\HTTP.sys - Microsoft Corporation
       0xB07A8990 - 0xB07911F8 - C:\WINDOWS\System32\Drivers\HTTP.sys - Microsoft Corporation
       0x8A315E48 - 0xB17C648A - C:\WINDOWS\system32\DRIVERS\netbt.sys - Microsoft Corporation
       0x896A9338 - 0x804E59A7 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       0x80562400 - 0x80518161 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       0x8A2961A0 - 0xBAF5EF6F - C:\WINDOWS\system32\drivers\NDIS.sys - Microsoft Corporation
       0x8A299528 - 0xBAF5EF6F - C:\WINDOWS\system32\drivers\NDIS.sys - Microsoft Corporation
       0x80558950 - 0x804ED0D5 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       0x8A24E338 - 0x804E59A7 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       0x8A2F4468 - 0xBAF5EF6F - C:\WINDOWS\system32\drivers\NDIS.sys - Microsoft Corporation
       0x8A30A7B8 - 0xBAF5EF6F - C:\WINDOWS\system32\drivers\NDIS.sys - Microsoft Corporation
       0x894BE620 - 0x804E59A7 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       0x894B4950 - 0x804E59A7 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       0x8A240E30 - 0x804E59A7 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       0x8A2DA640 - 0x804E59A7 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       0x89756D68 - 0x804E59A7 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       0xB07AB260 - 0xB079C832 - C:\WINDOWS\System32\Drivers\HTTP.sys - Microsoft Corporation
       0x8055B0C0 - 0x805175EB - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       0x8A443808 - 0x804E59A7 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       0x80561260 - 0x804E6461 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       0xBAF93270 - 0xBAF751B4 - C:\WINDOWS\system32\drivers\Ntfs.sys - Microsoft Corporation
       0x8A5611A0 - 0xF74A423C - C:\WINDOWS\system32\drivers\fltmgr.sys - Microsoft Corporation
       0xBAF932D0 - 0xBAF753D8 - C:\WINDOWS\system32\drivers\Ntfs.sys - Microsoft Corporation
       0x8A5B81A0 - 0xF74A423C - C:\WINDOWS\system32\drivers\fltmgr.sys - Microsoft Corporation
       0x8A286538 - 0xB9C18DC8 - C:\WINDOWS\system32\drivers\ALCXWDM.SYS - Realtek Semiconductor Corp.
       0xB17832A0 - 0xB1779385 - C:\WINDOWS\system32\DRIVERS\rdbss.sys - Microsoft Corporation
       0xB19E3F90 - 0xB199B3DD - C:\WINDOWS\system32\DRIVERS\tcpip.sys - Microsoft Corporation
       0xB0E1D990 - 0xB0E0E385 - C:\WINDOWS\system32\DRIVERS\srv.sys - Microsoft Corporation
       0xB1A03D70 - 0xB19F43E7 - C:\WINDOWS\system32\DRIVERS\ipsec.sys - Microsoft Corporation
       0xB1A03D08 - 0xB19F43E7 - C:\WINDOWS\system32\DRIVERS\ipsec.sys - Microsoft Corporation
       0xB1A041C0 - 0xB19F4471 - C:\WINDOWS\system32\DRIVERS\ipsec.sys - Microsoft Corporation
       0x8A295898 - 0xF77473F0 - C:\WINDOWS\system32\DRIVERS\TDI.SYS - Microsoft Corporation
       0xB198C768 - 0xB194C4E0 - C:\WINDOWS\System32\Drivers\NIS\1309000.009\SYMTDI.SYS - Symantec Corporation
       0x8A315D28 - 0xB17C648A - C:\WINDOWS\system32\DRIVERS\netbt.sys - Microsoft Corporation
       0x8A2A5140 - 0xF77473F0 - C:\WINDOWS\system32\DRIVERS\TDI.SYS - Microsoft Corporation
       0x8A4D5A88 - 0xF77473F0 - C:\WINDOWS\system32\DRIVERS\TDI.SYS - Microsoft Corporation
       0xB18A5D60 - 0xB189D266 - C:\WINDOWS\system32\DRIVERS\ipnat.sys - Microsoft Corporation
       0x8A29AB78 - 0xB18BB380 - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20121114.001\IDSxpx86.sys - Symantec Corporation
       0x8A401730 - 0xB9FFD6DC - C:\WINDOWS\system32\DRIVERS\USBPORT.SYS - Microsoft Corporation
       0x89716D50 - 0x804E59A7 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       0x8A3F6730 - 0xB9FFD6DC - C:\WINDOWS\system32\DRIVERS\USBPORT.SYS - Microsoft Corporation
       0x8A3EB730 - 0xB9FFD6DC - C:\WINDOWS\system32\DRIVERS\USBPORT.SYS - Microsoft Corporation
       0x8A5761A0 - 0xBAF5EF6F - C:\WINDOWS\system32\drivers\NDIS.sys - Microsoft Corporation
       0x8A40C730 - 0xB9FFD6DC - C:\WINDOWS\system32\DRIVERS\USBPORT.SYS - Microsoft Corporation
       0x8A356480 - 0xBAF5F6BC - C:\WINDOWS\system32\drivers\NDIS.sys - Microsoft Corporation
       0x80558A80 - 0x804E3EF7 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       0x8A297B40 - 0xBAF5EF6F - C:\WINDOWS\system32\drivers\NDIS.sys - Microsoft Corporation
       0x8A2941A0 - 0xBAF5EF6F - C:\WINDOWS\system32\drivers\NDIS.sys - Microsoft Corporation
       0x8A1E32E0 - 0x804E59A7 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       0x8A1F0A88 - 0x804E59A7 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       0x80560AE0 - 0x804E4D40 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       0x8A5BFAE8 - 0xF743792E - C:\WINDOWS\system32\drivers\sr.sys - Microsoft Corporation
       0x80557308 - 0x804E5230 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       0x8A1CF690 - 0xBA10FD8E - C:\WINDOWS\system32\DRIVERS\arp1394.sys - Microsoft Corporation
       0x8A190EB8 - 0xB17A4385 - C:\WINDOWS\System32\drivers\afd.sys - Microsoft Corporation
       0x8A315EE8 - 0xB17C648A - C:\WINDOWS\system32\DRIVERS\netbt.sys - Microsoft Corporation
       0xB07AB1C0 - 0xB079E9FC - C:\WINDOWS\System32\Drivers\HTTP.sys - Microsoft Corporation
       0xB095BA20 - 0xB0959E1A - C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys - Microsoft Corporation
       0x892BC8B0 - 0x804E59A7 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       0x8960D328 - 0x804E59A7 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       0x8A250580 - 0xF77B76C4 - C:\WINDOWS\System32\watchdog.sys - Microsoft Corporation
       0x8A2DDC10 - 0xF77B76C4 - C:\WINDOWS\System32\watchdog.sys - Microsoft Corporation
       0x80562480 - 0x80546F3B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       0x80562500 - 0x80546F10 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       0x8A30C6E0 - 0xBAF5EF6F - C:\WINDOWS\system32\drivers\NDIS.sys - Microsoft Corporation
       0x8A413528 - 0xBAF62708 - C:\WINDOWS\system32\drivers\NDIS.sys - Microsoft Corporation
       0xB19DF250 - 0xF77473F0 - C:\WINDOWS\system32\DRIVERS\TDI.SYS - Microsoft Corporation

==========================================================================================

Worker Thread

       CriticalWorkQueue - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CriticalWorkQueue - C:\WINDOWS\system32\drivers\Ntfs.sys - Microsoft Corporation
       DelayedWorkQueue - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       DelayedWorkQueue - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       HyperCriticalWorkQueue - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation

==========================================================================================

Object Hijack

       Nothing

==========================================================================================

Direct IO

       csrss.exe - C:\WINDOWS\system32\csrss.exe - Microsoft Corporation - IOPL

==========================================================================================

GDT

       Selector(0x0001) - Type(Code RE Ac)
       Selector(0x0002) - Type(Data RW Ac)
       Selector(0x0003) - Type(Code RE Ac)
       Selector(0x0004) - Type(Data RW Ac)
       Selector(0x0005) - Type(T5532 Busy)
       Selector(0x0006) - Type(Data RW Ac)
       Selector(0x0007) - Type(Data RW Ac)
       Selector(0x0008) - Type(Data RW)
       Selector(0x000A) - Type(T5532 Avl)
       Selector(0x000B) - Type(T5532 Avl)
       Selector(0x000C) - Type(Data RW Ac)
       Selector(0x000D) - Type(Data RW)
       Selector(0x000E) - Type(Data RW)
       Selector(0x000F) - Type(Code RE)
       Selector(0x0010) - Type(Data RW)
       Selector(0x0011) - Type(Data RW)
       Selector(0x0014) - Type(T5532 Avl)
       Selector(0x001C) - Type(Code RE CA)
       Selector(0x001D) - Type(Data RW)
       Selector(0x001E) - Type(Code EO)
       Selector(0x001F) - Type(Data RW)
       Selector(0x0020) - Type(Data RW Ac)
       Selector(0x0021) - Type(Data RW Ac)
       Selector(0x0022) - Type(Data RW Ac)

==========================================================================================

SSDT

       NtAcceptConnectPort - OK - 0x8058FDF5 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtAccessCheck - OK - 0x805790F1 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtAccessCheckAndAuditAlarm - OK - 0x80587999 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtAccessCheckByType - OK - 0x80591130 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtAccessCheckByTypeAndAuditAlarm - OK - 0x8058DA83 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtAccessCheckByTypeResultList - OK - 0x8063807E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtAccessCheckByTypeResultListAndAuditAlarm - OK - 0x8063A207 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtAccessCheckByTypeResultListAndAuditAlarmByHandle - OK - 0x8063A250 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtAddAtom - OK - 0x8057A6E4 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtAddBootEntry - OK - 0x80649047 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtAdjustGroupsToken - OK - 0x80637835 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtAdjustPrivilegesToken - OK - 0x8058D0A1 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtAlertResumeThread - ssdt hook - 0x8A30C2C0->0xB1929FA0 - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS - Symantec Corporation
       NtAlertThread - ssdt hook - 0x8A1C06F0->0xB1929FA0 - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS - Symantec Corporation
       NtAllocateLocallyUniqueId - OK - 0x80588928 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtAllocateUserPhysicalPages - OK - 0x806268FF - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtAllocateUuids - OK - 0x805DD3C9 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtAllocateVirtualMemory - ssdt hook - 0x8A1A6B28->0xB1929FA0 - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS - Symantec Corporation
       NtAreMappedFilesTheSame - OK - 0x805D9767 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtAssignProcessToJobObject - ssdt hook - 0x8A2BF638->0xB1929FA0 - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS - Symantec Corporation
       NtCallbackReturn - OK - 0x804E2CB4 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCancelDeviceWakeupRequest - OK - 0x8064905B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCancelIoFile - OK - 0x805C9B06 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCancelTimer - OK - 0x804ECFAC - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtClearEvent - OK - 0x8056966F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtClose - OK - 0x805678DD - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCloseObjectAuditAlarm - OK - 0x8058D50F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCompactKeys - OK - 0x8064E93C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCompareTokens - OK - 0x80589718 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCompleteConnectPort - OK - 0x80590B3D - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCompressKey - OK - 0x8064EBA9 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtConnectPort - ssdt hook - 0x8A306260->0xB1929FA0 - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS - Symantec Corporation
       NtContinue - OK - 0x804E1FF2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCreateDebugObject - OK - 0x8065A054 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCreateDirectoryObject - OK - 0x805A2882 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCreateEvent - OK - 0x8056D57A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCreateEventPair - OK - 0x8064914C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCreateFile - OK - 0x8056CDC0 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCreateIoCompletion - OK - 0x80591389 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCreateJobObject - OK - 0x805AB1B0 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCreateJobSet - OK - 0x8062FE27 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCreateKey - ssdt hook - 0xB192BD40 - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS - Symantec Corporation
       NtCreateMailslotFile - OK - 0x805D9658 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCreateMutant - ssdt hook - 0x8A1977B8->0xB1929FA0 - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS - Symantec Corporation
       NtCreateNamedPipeFile - OK - 0x80583F3F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCreatePagingFile - OK - 0x805BBDB7 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCreatePort - OK - 0x805975B1 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCreateProcess - OK - 0x805B135A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCreateProcessEx - OK - 0x8057FC60 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCreateProfile - OK - 0x80649783 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCreateSection - OK - 0x805652B3 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCreateSemaphore - OK - 0x8057243B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCreateSymbolicLinkObject - ssdt hook - 0x8A387A00->0xB1929FA0 - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS - Symantec Corporation
       NtCreateThread - ssdt hook - 0x8A3581D0->0xB1929FA0 - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS - Symantec Corporation
       NtCreateTimer - OK - 0x8059E5E5 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCreateToken - OK - 0x805A8B58 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCreateWaitablePort - OK - 0x805DB124 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtDebugActiveProcess - ssdt hook - 0x8A2BF718->0xB1929FA0 - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS - Symantec Corporation
       NtDebugContinue - OK - 0x8065B327 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtDelayExecution - OK - 0x80566410 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtDeleteAtom - OK - 0x80587485 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtDeleteBootEntry - OK - 0x8064905B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtDeleteFile - OK - 0x805D800B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtDeleteKey - ssdt hook - 0xB192BFC0 - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS - Symantec Corporation
       NtDeleteObjectAuditAlarm - OK - 0x8063A2AB - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtDeleteValueKey - ssdt hook - 0xB192C680 - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS - Symantec Corporation
       NtDeviceIoControlFile - OK - 0x8058EFAD - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtDisplayString - OK - 0x805BEF81 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtDuplicateObject - ssdt hook - 0x8A2DE1A8->0xB1929FA0 - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS - Symantec Corporation
       NtDuplicateToken - OK - 0x8057CFE1 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtEnumerateBootEntries - OK - 0x80649047 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtEnumerateKey - OK - 0x80570D64 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtEnumerateSystemEnvironmentValuesEx - OK - 0x80648AD3 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtEnumerateValueKey - OK - 0x8059066B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtExtendSection - OK - 0x80625720 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtFilterToken - OK - 0x805B0B3E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtFindAtom - OK - 0x805899A8 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtFlushBuffersFile - OK - 0x80587602 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtFlushInstructionCache - OK - 0x80577693 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtFlushKey - OK - 0x805DC590 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtFlushVirtualMemory - OK - 0x8059ACCC - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtFlushWriteBuffer - OK - 0x80627163 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtFreeUserPhysicalPages - OK - 0x80626CB4 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtFreeVirtualMemory - ssdt hook - 0x8A3C6280->0xB1929FA0 - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS - Symantec Corporation
       NtFsControlFile - OK - 0x8057AAB5 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtGetContextThread - OK - 0x805E03F3 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtGetDevicePowerState - OK - 0x8062C163 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtGetPlugPlayEvent - OK - 0x8059FDB8 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtGetWriteWatch - OK - 0x8053B765 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtImpersonateAnonymousToken - ssdt hook - 0x8A34D240->0xB1929FA0 - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS - Symantec Corporation
       NtImpersonateClientOfPort - OK - 0x80589184 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtImpersonateThread - ssdt hook - 0x8A34D320->0xB1929FA0 - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS - Symantec Corporation
       NtInitializeRegistry - OK - 0x805A8064 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtInitiatePowerAction - OK - 0x8062BF2F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtIsProcessInJob - OK - 0x8062FCDB - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtIsSystemResumeAutomatic - OK - 0x8062C14A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtListenPort - OK - 0x805AA6F1 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtLoadDriver - ssdt hook - 0x8A3130C8->0xB1929FA0 - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS - Symantec Corporation
       NtLoadKey - OK - 0x805AED5D - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtLoadKey2 - OK - 0x805AEB9A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtLockFile - OK - 0x8058846B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtLockProductActivationKeys - OK - 0x805B0D0E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtLockRegistryKey - OK - 0x805D0ED7 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtLockVirtualMemory - OK - 0x805B0190 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtMakePermanentObject - OK - 0x8059F945 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtMakeTemporaryObject - OK - 0x8059F8C2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtMapUserPhysicalPages - OK - 0x80625DEB - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtMapUserPhysicalPagesScatter - OK - 0x806262BF - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtMapViewOfSection - ssdt hook - 0x8A2BEE20->0xB1929FA0 - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS - Symantec Corporation
       NtModifyBootEntry - OK - 0x8064905B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtNotifyChangeDirectoryFile - OK - 0x8058A944 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtNotifyChangeKey - OK - 0x8058A68D - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtNotifyChangeMultipleKeys - OK - 0x8058A756 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtOpenDirectoryObject - OK - 0x80590A36 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtOpenEvent - ssdt hook - 0x8A1976D8->0xB1929FA0 - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS - Symantec Corporation
       NtOpenEventPair - OK - 0x8064923F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtOpenFile - OK - 0x8056CD5B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtOpenIoCompletion - OK - 0x80616783 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtOpenJobObject - OK - 0x8063007F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtOpenKey - OK - 0x80568D59 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtOpenMutant - OK - 0x805780E5 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtOpenObjectAuditAlarm - OK - 0x805953A9 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtOpenProcess - ssdt hook - 0x8A1991A0->0xB1929FA0 - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS - Symantec Corporation
       NtOpenProcessToken - ssdt hook - 0x8A1F23B0->0xB1929FA0 - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS - Symantec Corporation
       NtOpenProcessTokenEx - OK - 0x8056E0EE - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtOpenSection - ssdt hook - 0x8A2BF940->0xB1929FA0 - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS - Symantec Corporation
       NtOpenSemaphore - OK - 0x8059EFC5 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtOpenSymbolicLinkObject - OK - 0x80590902 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtOpenThread - ssdt hook - 0x8A3441A0->0xB1929FA0 - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS - Symantec Corporation
       NtOpenThreadToken - OK - 0x8056D992 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtOpenThreadTokenEx - OK - 0x8056D903 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtOpenTimer - OK - 0x80649075 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtPlugPlayControl - OK - 0x805DB2E4 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtPowerInformation - OK - 0x8059C9C6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtPrivilegeCheck - OK - 0x805DD99E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtPrivilegeObjectAuditAlarm - OK - 0x805DD238 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtPrivilegedServiceAuditAlarm - OK - 0x805AA834 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtProtectVirtualMemory - ssdt hook - 0x8A387AF0->0xB1929FA0 - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS - Symantec Corporation
       NtPulseEvent - OK - 0x805DB07C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryAttributesFile - OK - 0x805744B2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryBootEntryOrder - OK - 0x80649047 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryBootOptions - OK - 0x80649047 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryDebugFilterState - OK - 0x804F7E4D - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryDefaultLocale - OK - 0x80566B9E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryDefaultUILanguage - OK - 0x8057EA9D - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryDirectoryFile - OK - 0x80572111 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryDirectoryObject - OK - 0x805843A1 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryEaFile - OK - 0x806169D0 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryEvent - OK - 0x80590AB3 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryFullAttributesFile - OK - 0x8057C810 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryInformationAtom - OK - 0x805D76E8 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryInformationFile - OK - 0x80572C6A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryInformationJobObject - OK - 0x805808A1 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryInformationPort - OK - 0x806231E7 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryInformationProcess - OK - 0x8056DB30 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryInformationThread - OK - 0x8056BA87 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryInformationToken - OK - 0x8056E65F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryInstallUILanguage - OK - 0x8057DE21 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryIntervalProfile - OK - 0x80649C33 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryIoCompletion - OK - 0x80616844 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryKey - OK - 0x80570A6D - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryMultipleValueKey - OK - 0x8064E320 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryMutant - OK - 0x806495B8 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryObject - OK - 0x8057F4A8 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryOpenSubKeys - OK - 0x8064E529 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryPerformanceCounter - OK - 0x80567348 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryQuotaInformationFile - OK - 0x80617297 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQuerySection - OK - 0x8057D4CC - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQuerySecurityObject - OK - 0x805DD83E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQuerySemaphore - OK - 0x8064839B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQuerySymbolicLinkObject - OK - 0x80590773 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQuerySystemEnvironmentValue - OK - 0x80648AFB - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQuerySystemEnvironmentValueEx - OK - 0x80648AC0 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQuerySystemInformation - OK - 0x8057BC36 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQuerySystemTime - OK - 0x805911BA - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryTimer - OK - 0x80587206 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryTimerResolution - OK - 0x80584007 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryValueKey - OK - 0x8056A1F1 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryVirtualMemory - OK - 0x8056E1EC - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryVolumeInformationFile - OK - 0x8056D003 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueueApcThread - OK - 0x8059108B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtRaiseException - OK - 0x804E203A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtRaiseHardError - OK - 0x806480D7 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtReadFile - OK - 0x80574117 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtReadFileScatter - OK - 0x805DA82F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtReadRequestData - OK - 0x805894C9 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtReadVirtualMemory - OK - 0x8057E2CE - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtRegisterThreadTerminatePort - OK - 0x8058ED8C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtReleaseMutant - OK - 0x8056647B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtReleaseSemaphore - OK - 0x80587EFE - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtRemoveIoCompletion - OK - 0x80566FA9 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtRemoveProcessDebug - OK - 0x8065B2A2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtRenameKey - ssdt hook - 0xB192CBF0 - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS - Symantec Corporation
       NtReplaceKey - OK - 0x8064F0FA - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtReplyPort - OK - 0x8057CCDA - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtReplyWaitReceivePort - OK - 0x8056B82E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtReplyWaitReceivePortEx - OK - 0x8056B346 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtReplyWaitReplyPort - OK - 0x806232C6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtRequestDeviceWakeup - OK - 0x8062C0D7 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtRequestPort - OK - 0x805DD5F4 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtRequestWaitReplyPort - OK - 0x80576CE6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtRequestWakeupLatency - OK - 0x8062BED0 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtResetEvent - OK - 0x8059EB88 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtResetWriteWatch - OK - 0x8053BBFA - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtRestoreKey - OK - 0x8064EC91 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtResumeProcess - OK - 0x8062F91C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtResumeThread - ssdt hook - 0x8A1C07B0->0xB1929FA0 - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS - Symantec Corporation
       NtSaveKey - OK - 0x8064ED92 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSaveKeyEx - OK - 0x8064EE7D - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSaveMergedKeys - OK - 0x8064EFAA - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSecureConnectPort - OK - 0x8058F4DE - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetBootEntryOrder - OK - 0x80649047 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetBootOptions - OK - 0x80649047 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetContextThread - ssdt hook - 0x8A197A68->0xB1929FA0 - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS - Symantec Corporation
       NtSetDebugFilterState - OK - 0x8065CDEC - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetDefaultHardErrorPort - OK - 0x805D5657 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetDefaultLocale - OK - 0x805AE859 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetDefaultUILanguage - OK - 0x805AE800 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetEaFile - OK - 0x80616F1F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetEvent - OK - 0x805696BE - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetEventBoostPriority - OK - 0x8057598E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetHighEventPair - OK - 0x8064953F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetHighWaitLowEventPair - OK - 0x8064945F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetInformationDebugObject - OK - 0x8065AC43 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetInformationFile - OK - 0x8057494A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetInformationJobObject - OK - 0x805AB304 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetInformationKey - OK - 0x8064DE83 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetInformationObject - OK - 0x8057DD53 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetInformationProcess - ssdt hook - 0x8A4F7250->0xB1929FA0 - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS - Symantec Corporation
       NtSetInformationThread - OK - 0x80575576 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetInformationToken - OK - 0x805A86F0 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetIntervalProfile - OK - 0x8064975F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetIoCompletion - OK - 0x8056BD1B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetLdtEntries - OK - 0x8062E9FF - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetLowEventPair - OK - 0x806494D3 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetLowWaitHighEventPair - OK - 0x806493EB - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetQuotaInformationFile - OK - 0x8061726D - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetSecurityObject - OK - 0x8059B19B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetSystemEnvironmentValue - OK - 0x80648D98 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetSystemEnvironmentValueEx - OK - 0x80648AC0 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetSystemInformation - ssdt hook - 0x8A2BF7F8->0xB1929FA0 - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS - Symantec Corporation
       NtSetSystemPowerState - OK - 0x8066768B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetSystemTime - OK - 0x80647A21 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetThreadExecutionState - OK - 0x805E0162 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetTimer - OK - 0x804E579B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetTimerResolution - OK - 0x805E07E8 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetUuidSeed - OK - 0x805AAA1B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSetValueKey - ssdt hook - 0xB192C910 - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS - Symantec Corporation
       NtSetVolumeInformationFile - OK - 0x806177B3 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtShutdownSystem - OK - 0x8064716B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSignalAndWaitForSingleObject - OK - 0x80517361 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtStartProfile - OK - 0x806499CA - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtStopProfile - OK - 0x80649B83 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtSuspendProcess - ssdt hook - 0x8A1975F8->0xB1929FA0 - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS - Symantec Corporation
       NtSuspendThread - ssdt hook - 0x8A3342E0->0xB1929FA0 - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS - Symantec Corporation
       NtSystemDebugControl - OK - 0x80649CE3 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtTerminateJobObject - OK - 0x806301F5 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtTerminateProcess - ssdt hook - 0x8A1E3CE8->0xB1929FA0 - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS - Symantec Corporation
       NtTerminateThread - ssdt hook - 0x8A2BF3A8->0xB1929FA0 - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS - Symantec Corporation
       NtTestAlert - OK - 0x8058E799 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtTraceEvent - OK - 0x80545B18 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtTranslateFilePath - OK - 0x80648AE7 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtUnloadDriver - OK - 0x80619BD6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtUnloadKey - OK - 0x8064D9FA - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtUnloadKeyEx - OK - 0x8064DC23 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtUnlockFile - OK - 0x805885CB - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtUnlockVirtualMemory - OK - 0x806271D7 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtUnmapViewOfSection - ssdt hook - 0x8A4F7320->0xB1929FA0 - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS - Symantec Corporation
       NtVdmControl - OK - 0x805B79B7 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtWaitForDebugEvent - OK - 0x8065A98E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtWaitForMultipleObjects - OK - 0x805666E0 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtWaitForSingleObject - OK - 0x8056617C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtWaitHighEventPair - OK - 0x8064937F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtWaitLowEventPair - OK - 0x80649313 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtWriteFile - OK - 0x80574BF5 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtWriteFileGather - OK - 0x805DA465 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtWriteRequestData - OK - 0x805896B6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtWriteVirtualMemory - ssdt hook - 0x8A196628->0xB1929FA0 - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS - Symantec Corporation
       NtYieldExecution - OK - 0x804F0EA6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtCreateKeyedEvent - OK - 0x805CBD8D - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtOpenKeyedEvent - OK - 0x8058162C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtReleaseKeyedEvent - OK - 0x8064A157 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtWaitForKeyedEvent - OK - 0x8064A3F2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       NtQueryPortInformationProcess - OK - 0x8062D4BD - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation

==========================================================================================

Shadow SSDT

       NtGdiAbortDoc - OK - 0xBF935F7E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiAbortPath - OK - 0xBF947B29 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiAddFontResourceW - OK - 0xBF88CA52 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiAddRemoteFontToDC - OK - 0xBF93F6F0 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiAddFontMemResourceEx - OK - 0xBF949140 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiRemoveMergeFont - OK - 0xBF936212 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiAddRemoteMMInstanceToDC - OK - 0xBF9362B7 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiAlphaBlend - OK - 0xBF83B4CD - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiAngleArc - OK - 0xBF948A67 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiAnyLinkedFonts - OK - 0xBF934A17 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiFontIsLinked - OK - 0xBF94905F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiArcInternal - OK - 0xBF90F2F4 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiBeginPath - OK - 0xBF902318 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiBitBlt - OK - 0xBF809FDF - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCancelDC - OK - 0xBF948F31 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCheckBitmapBits - OK - 0xBF94A72D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCloseFigure - OK - 0xBF900C15 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiClearBitmapAttributes - OK - 0xBF893B44 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiClearBrushAttributes - OK - 0xBF94900F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiColorCorrectPalette - OK - 0xBF94A860 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCombineRgn - OK - 0xBF820F34 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCombineTransform - OK - 0xBF8DCB55 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiComputeXformCoefficients - OK - 0xBF87A2E4 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiConsoleTextOut - OK - 0xBF8C29A0 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiConvertMetafileRect - OK - 0xBF91052F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCreateBitmap - OK - 0xBF80E2C5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCreateClientObj - OK - 0xBF8DC7FD - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCreateColorSpace - OK - 0xBF94A525 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCreateColorTransform - OK - 0xBF94B430 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCreateCompatibleBitmap - OK - 0xBF813A71 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCreateCompatibleDC - OK - 0xBF80CF90 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCreateDIBBrush - OK - 0xBF8D14E4 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCreateDIBitmapInternal - OK - 0xBF83878F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCreateDIBSection - OK - 0xBF82D92E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCreateEllipticRgn - OK - 0xBF938E86 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCreateHalftonePalette - OK - 0xBF8B64B4 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCreateHatchBrushInternal - OK - 0xBF94C4BC - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCreateMetafileDC - OK - 0xBF8E634C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCreatePaletteInternal - OK - 0xBF878EF7 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCreatePatternBrushInternal - OK - 0xBF8B05E8 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCreatePen - OK - 0xBF84C7F6 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCreateRectRgn - OK - 0xBF840675 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCreateRoundRectRgn - OK - 0xBF883697 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCreateServerMetaFile - OK - 0xBF910434 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCreateSolidBrush - OK - 0xBF819F0B - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiD3dContextCreate - OK - 0xBF934056 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiD3dContextDestroy - OK - 0xBF934069 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiD3dContextDestroyAll - OK - 0xBF93407C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiD3dValidateTextureStageState - OK - 0xBF93408F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiD3dDrawPrimitives2 - OK - 0xBF9340A2 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdGetDriverState - OK - 0xBF9340B5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdAddAttachedSurface - OK - 0xBF933F2B - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdAlphaBlt - OK - 0xBF934175 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdAttachSurface - OK - 0xBF907B08 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdBeginMoCompFrame - OK - 0xBF934120 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdBlt - OK - 0xBF907B1B - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdCanCreateSurface - OK - 0xBF9078F5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdCanCreateD3DBuffer - OK - 0xBF93402D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdColorControl - OK - 0xBF933F3E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdCreateDirectDrawObject - OK - 0xBF8EDBC0 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdCreateSurface - OK - 0xBF8EDBD3 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdCreateD3DBuffer - OK - 0xBF934017 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdCreateMoComp - OK - 0xBF907934 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdCreateSurfaceObject - OK - 0xBF907F73 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdDeleteDirectDrawObject - OK - 0xBF8EDE1C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdDeleteSurfaceObject - OK - 0xBF907ADC - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdDestroyMoComp - OK - 0xBF907908 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdDestroySurface - OK - 0xBF8EDE06 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdDestroyD3DBuffer - OK - 0xBF934040 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdEndMoCompFrame - OK - 0xBF934133 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdFlip - OK - 0xBF908019 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdFlipToGDISurface - OK - 0xBF908724 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdGetAvailDriverMemory - OK - 0xBF907AF2 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdGetBltStatus - OK - 0xBF933F51 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdGetDC - OK - 0xBF907860 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdGetDriverInfo - OK - 0xBF90789F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdGetDxHandle - OK - 0xBF933FBF - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdGetFlipStatus - OK - 0xBF933F67 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdGetInternalMoCompInfo - OK - 0xBF93410A - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdGetMoCompBuffInfo - OK - 0xBF9340F4 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdGetMoCompGuids - OK - 0xBF90791E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdGetMoCompFormats - OK - 0xBF9340DE - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdGetScanLine - OK - 0xBF90882A - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdLock - OK - 0xBF8E40E4 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdLockD3D - OK - 0xBF933FEB - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdQueryDirectDrawObject - OK - 0xBF8EDB5F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdQueryMoCompStatus - OK - 0xBF93415F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdReenableDirectDrawObject - OK - 0xBF8EDB9A - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdReleaseDC - OK - 0xBF9079D4 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdRenderMoComp - OK - 0xBF934149 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdResetVisrgn - OK - 0xBF8E3F2A - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdSetColorKey - OK - 0xBF90802F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdSetExclusiveMode - OK - 0xBF933F7D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdSetGammaRamp - OK - 0xBF933FD5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdCreateSurfaceEx - OK - 0xBF9340C8 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdSetOverlayPosition - OK - 0xBF933F93 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdUnattachSurface - OK - 0xBF907BA8 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdUnlock - OK - 0xBF8E3EDA - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdUnlockD3D - OK - 0xBF934001 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdUpdateOverlay - OK - 0xBF908003 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDdWaitForVerticalBlank - OK - 0xBF933FA9 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDvpCanCreateVideoPort - OK - 0xBF934188 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDvpColorControl - OK - 0xBF93419E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDvpCreateVideoPort - OK - 0xBF9341B4 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDvpDestroyVideoPort - OK - 0xBF9341CA - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDvpFlipVideoPort - OK - 0xBF9341E0 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDvpGetVideoPortBandwidth - OK - 0xBF9341F6 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDvpGetVideoPortField - OK - 0xBF93420C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDvpGetVideoPortFlipStatus - OK - 0xBF934222 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDvpGetVideoPortInputFormats - OK - 0xBF934238 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDvpGetVideoPortLine - OK - 0xBF93424E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDvpGetVideoPortOutputFormats - OK - 0xBF934264 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDvpGetVideoPortConnectInfo - OK - 0xBF93427A - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDvpGetVideoSignalStatus - OK - 0xBF934290 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDvpUpdateVideoPort - OK - 0xBF9342A6 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDvpWaitForVideoPortSync - OK - 0xBF9342BC - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDvpAcquireNotification - OK - 0xBF9342D2 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDvpReleaseNotification - OK - 0xBF9342E8 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDxgGenericThunk - OK - 0xBF933F18 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDeleteClientObj - OK - 0xBF8DC91F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDeleteColorSpace - OK - 0xBF94A518 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDeleteColorTransform - OK - 0xBF94B6EC - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDeleteObjectApp - OK - 0xBF8138FE - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDescribePixelFormat - OK - 0xBF949C16 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetPerBandInfo - OK - 0xBF8FB263 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDoBanding - OK - 0xBF8FDFE7 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDoPalette - OK - 0xBF84363F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDrawEscape - OK - 0xBF948AB1 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEllipse - OK - 0xBF8D3FFB - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEnableEudc - OK - 0xBF892010 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEndDoc - OK - 0xBF8FD930 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEndPage - OK - 0xBF8FAEB7 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEndPath - OK - 0xBF9023B8 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEnumFontChunk - OK - 0xBF87E213 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEnumFontClose - OK - 0xBF87E192 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEnumFontOpen - OK - 0xBF87D821 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEnumObjects - OK - 0xBF8D17EC - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEqualRgn - OK - 0xBF938F81 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEudcLoadUnloadLink - OK - 0xBF94FCC7 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiExcludeClipRect - OK - 0xBF82D12F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiExtCreatePen - OK - 0xBF8C9BC3 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiExtCreateRegion - OK - 0xBF8409BC - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiExtEscape - OK - 0xBF881A28 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiExtFloodFill - OK - 0xBF950AE5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiExtGetObjectW - OK - 0xBF82C035 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiExtSelectClipRgn - OK - 0xBF80F185 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiExtTextOutW - OK - 0xBF8290FA - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiFillPath - OK - 0xBF947C4E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiFillRgn - OK - 0xBF851C35 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiFlattenPath - OK - 0xBF947BB3 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiFlushUserBatch - OK - 0xBF80C0B6 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiFlush - OK - 0xBF807856 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiForceUFIMapping - OK - 0xBF949AF6 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiFrameRgn - OK - 0xBF883909 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiFullscreenControl - OK - 0xBF93BC5A - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetAndSetDCDword - OK - 0xBF8C8E94 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetAppClipBox - OK - 0xBF816495 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetBitmapBits - OK - 0xBF852128 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetBitmapDimension - OK - 0xBF949A18 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetBoundsRect - OK - 0xBF8574B2 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetCharABCWidthsW - OK - 0xBF8F8FE0 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetCharacterPlacementW - OK - 0xBF9481BC - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetCharSet - OK - 0xBF80F7C0 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetCharWidthW - OK - 0xBF8EB2CB - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetCharWidthInfo - OK - 0xBF8799B5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetColorAdjustment - OK - 0xBF948DD3 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetColorSpaceforBitmap - OK - 0xBF95139A - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetDCDword - OK - 0xBF82C302 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetDCforBitmap - OK - 0xBF836102 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetDCObject - OK - 0xBF82C18F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetDCPoint - OK - 0xBF8C5245 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetDeviceCaps - OK - 0xBF948FCF - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetDeviceGammaRamp - OK - 0xBF94AAC3 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetDeviceCapsAll - OK - 0xBF8FA04D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetDIBitsInternal - OK - 0xBF845424 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetETM - OK - 0xBF9522FD - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetEudcTimeStampEx - OK - 0xBF94D769 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetFontData - OK - 0xBF8ECAB9 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetFontResourceInfoInternalW - OK - 0xBF94926E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetGlyphIndicesW - OK - 0xBF949EF9 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetGlyphIndicesWInternal - OK - 0xBF949D9C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetGlyphOutline - OK - 0xBF948BC4 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetKerningPairs - OK - 0xBF948CC9 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetLinkedUFIs - OK - 0xBF935F96 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetMiterLimit - OK - 0xBF8E63B4 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetMonitorID - OK - 0xBF93EB81 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetNearestColor - OK - 0xBF82D285 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetNearestPaletteIndex - OK - 0xBF94C542 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetObjectBitmapHandle - OK - 0xBF948D5A - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetOutlineTextMetricsInternalW - OK - 0xBF8EA9B4 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetPath - OK - 0xBF94801B - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetPixel - OK - 0xBF87882D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetRandomRgn - OK - 0xBF80F195 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetRasterizerCaps - OK - 0xBF8ED5F7 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetRealizationInfo - OK - 0xBF949FA4 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetRegionData - OK - 0xBF8712C5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetRgnBox - OK - 0xBF8C518F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetServerMetaFileBits - OK - 0xBF91068E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetSpoolMessage - OK - 0xBF887AE9 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetStats - OK - 0xBF95247A - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetStockObject - OK - 0xBF81F8A9 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetStringBitmapW - OK - 0xBF94F35B - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetSystemPaletteUse - OK - 0xBF8F4A6E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetTextCharsetInfo - OK - 0xBF837BB3 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetTextExtent - OK - 0xBF86F8BE - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetTextExtentExW - OK - 0xBF8D1052 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetTextFaceW - OK - 0xBF839C52 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetTextMetricsW - OK - 0xBF837A11 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetTransform - OK - 0xBF87F40E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetUFI - OK - 0xBF9494B5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetEmbUFI - OK - 0xBF94957E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetUFIPathname - OK - 0xBF94965E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetEmbedFonts - OK - 0xBF949436 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiChangeGhostFont - OK - 0xBF949440 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiAddEmbFontToDC - OK - 0xBF9352C2 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetFontUnicodeRanges - OK - 0xBF949F1D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetWidthTable - OK - 0xBF838E0A - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGradientFill - OK - 0xBF855A3F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiHfontCreate - OK - 0xBF8376FF - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiIcmBrushInfo - OK - 0xBF94B0A7 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiInit - OK - 0xBF8C1B4C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiInitSpool - OK - 0xBF89402E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiIntersectClipRect - OK - 0xBF815FBE - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiInvertRgn - OK - 0xBF8F852A - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiLineTo - OK - 0xBF8C6AA1 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiMakeFontDir - OK - 0xBF949C90 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiMakeInfoDC - OK - 0xBF9513D3 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiMaskBlt - OK - 0xBF838560 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiModifyWorldTransform - OK - 0xBF87F1EB - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiMonoBitmap - OK - 0xBF8E6587 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiMoveTo - OK - 0xBF948F61 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiOffsetClipRgn - OK - 0xBF8FDE82 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiOffsetRgn - OK - 0xBF836616 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiOpenDCW - OK - 0xBF838A7E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiPatBlt - OK - 0xBF8C47FD - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiPolyPatBlt - OK - 0xBF82F299 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiPathToRegion - OK - 0xBF947D28 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiPlgBlt - OK - 0xBF9438F8 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiPolyDraw - OK - 0xBF94864F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiPolyPolyDraw - OK - 0xBF84C078 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiPolyTextOutW - OK - 0xBF94874C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiPtInRegion - OK - 0xBF94904F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiPtVisible - OK - 0xBF939123 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiQueryFonts - OK - 0xBF94906F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiQueryFontAssocInfo - OK - 0xBF8C205D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiRectangle - OK - 0xBF8E3436 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiRectInRegion - OK - 0xBF8EDE6F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiRectVisible - OK - 0xBF835060 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiRemoveFontResourceW - OK - 0xBF8D092D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiRemoveFontMemResourceEx - OK - 0xBF949252 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiResetDC - OK - 0xBF8E2EA0 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiResizePalette - OK - 0xBF94C7B6 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiRestoreDC - OK - 0xBF82E67D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiRoundRect - OK - 0xBF90E4D0 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSaveDC - OK - 0xBF82E68D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiScaleViewportExtEx - OK - 0xBF941AEA - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiScaleWindowExtEx - OK - 0xBF9499A4 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSelectBitmap - OK - 0xBF808BED - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSelectBrush - OK - 0xBF948F41 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSelectClipPath - OK - 0xBF9024B3 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSelectFont - OK - 0xBF820F44 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSelectPen - OK - 0xBF948F51 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetBitmapAttributes - OK - 0xBF893A78 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetBitmapBits - OK - 0xBF8C4145 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetBitmapDimension - OK - 0xBF949A82 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetBoundsRect - OK - 0xBF8578B9 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetBrushAttributes - OK - 0xBF948FEF - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetBrushOrg - OK - 0xBF8C41E3 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetColorAdjustment - OK - 0xBF948E34 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetColorSpace - OK - 0xBF94A5DA - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetDeviceGammaRamp - OK - 0xBF94ADFF - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetDIBitsToDeviceInternal - OK - 0xBF82BA59 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetFontEnumeration - OK - 0xBF8AE71A - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetFontXform - OK - 0xBF8DCCD5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetIcmMode - OK - 0xBF8C63E4 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetLinkedUFIs - OK - 0xBF8FA9DF - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetMagicColors - OK - 0xBF94CA40 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetMetaRgn - OK - 0xBF8DCA54 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetMiterLimit - OK - 0xBF8DCA76 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetDeviceWidth - OK - 0xBF949994 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiMirrorWindowOrg - OK - 0xBF949984 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetLayout - OK - 0xBF82D037 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetPixel - OK - 0xBF878A6F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetPixelFormat - OK - 0xBF953144 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetRectRgn - OK - 0xBF94903F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetSystemPaletteUse - OK - 0xBF948FDF - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetTextJustification - OK - 0xBF95270A - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetupPublicCFONT - OK - 0xBF88F6D3 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetVirtualResolution - OK - 0xBF8DC878 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetSizeDevice - OK - 0xBF8DCD46 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiStartDoc - OK - 0xBF905CAB - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiStartPage - OK - 0xBF8FAD08 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiStretchBlt - OK - 0xBF873983 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiStretchDIBitsInternal - OK - 0xBF876F18 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiStrokeAndFillPath - OK - 0xBF90102E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiStrokePath - OK - 0xBF947F2F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSwapBuffers - OK - 0xBF9532EC - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiTransformPoints - OK - 0xBF8C4990 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiTransparentBlt - OK - 0xBF857D74 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiUnloadPrinterDriver - OK - 0xBF949B67 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiUnmapMemFont - OK - 0xBF9535AA - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiUnrealizeObject - OK - 0xBF94902F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiUpdateColors - OK - 0xBF94CA50 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiWidenPath - OK - 0xBF947E10 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserActivateKeyboardLayout - OK - 0xBF87C173 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserAlterWindowStyle - OK - 0xBF8538A8 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserAssociateInputContext - OK - 0xBF914893 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserAttachThreadInput - ssdt hook - 0x8A4654B0->0xB1929FA0 - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS - Symantec Corporation
       NtUserBeginPaint - OK - 0xBF815BA6 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserBitBltSysBmp - OK - 0xBF8F4A94 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserBlockInput - OK - 0xBF9131E6 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserBuildHimcList - OK - 0xBF9149CA - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserBuildHwndList - OK - 0xBF835F21 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserBuildNameList - OK - 0xBF8B37FB - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserBuildPropList - OK - 0xBF912FA9 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCallHwnd - OK - 0xBF85A5CB - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCallHwndLock - OK - 0xBF83655D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCallHwndOpt - OK - 0xBF891059 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCallHwndParam - OK - 0xBF836750 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCallHwndParamLock - OK - 0xBF82868B - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCallMsgFilter - OK - 0xBF8F49A3 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCallNextHookEx - OK - 0xBF8F638C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCallNoParam - OK - 0xBF80112F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCallOneParam - OK - 0xBF8010E7 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCallTwoParam - OK - 0xBF836710 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserChangeClipboardChain - OK - 0xBF8F9573 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserChangeDisplaySettings - OK - 0xBF8ACCFC - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCheckImeHotKey - OK - 0xBF8B42FE - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCheckMenuItem - OK - 0xBF8CC883 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserChildWindowFromPointEx - OK - 0xBF88A4E4 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserClipCursor - OK - 0xBF8FA7FF - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCloseClipboard - OK - 0xBF8F842F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCloseDesktop - OK - 0xBF8B34D6 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCloseWindowStation - OK - 0xBF8B3598 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserConsoleControl - OK - 0xBF8C1580 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserConvertMemHandle - OK - 0xBF8EA7E1 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCopyAcceleratorTable - OK - 0xBF90DB09 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCountClipboardFormats - OK - 0xBF8F4A48 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCreateAcceleratorTable - OK - 0xBF8B63D9 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCreateCaret - OK - 0xBF84B1D5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCreateDesktop - OK - 0xBF89371B - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCreateInputContext - OK - 0xBF9147F9 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCreateLocalMemHandle - OK - 0xBF8F98CE - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCreateWindowEx - OK - 0xBF834964 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCreateWindowStation - OK - 0xBF893D6E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserDdeGetQualityOfService - OK - 0xBF912033 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserDdeInitialize - OK - 0xBF891D0A - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserDdeSetQualityOfService - OK - 0xBF911F63 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserDeferWindowPos - OK - 0xBF8B462B - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserDefSetText - OK - 0xBF8B49F1 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserDeleteMenu - OK - 0xBF84B601 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserDestroyAcceleratorTable - OK - 0xBF8FA79E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserDestroyCursor - OK - 0xBF835CA5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserDestroyInputContext - OK - 0xBF914849 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserDestroyMenu - OK - 0xBF84D1AA - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserDestroyWindow - OK - 0xBF845873 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserDisableThreadIme - OK - 0xBF915001 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserDispatchMessage - OK - 0xBF80EC27 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserDragDetect - OK - 0xBF9130A4 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserDragObject - OK - 0xBF911527 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserDrawAnimatedRects - OK - 0xBF912203 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserDrawCaption - OK - 0xBF9122C6 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserDrawCaptionTemp - OK - 0xBF90B8B0 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserDrawIconEx - OK - 0xBF83C08F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserDrawMenuBarTemp - OK - 0xBF913271 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserEmptyClipboard - OK - 0xBF8EA466 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserEnableMenuItem - OK - 0xBF8C534A - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserEnableScrollBar - OK - 0xBF911EDE - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserEndDeferWindowPosEx - OK - 0xBF82CC25 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserEndMenu - OK - 0xBF91236F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserEndPaint - OK - 0xBF81585D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserEnumDisplayDevices - OK - 0xBF872C1D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserEnumDisplayMonitors - OK - 0xBF83566F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserEnumDisplaySettings - OK - 0xBF859356 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserEvent - OK - 0xBF9117B4 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserExcludeUpdateRgn - OK - 0xBF8F8730 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserFillWindow - OK - 0xBF8F48DA - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserFindExistingCursorIcon - OK - 0xBF81B5FA - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserFindWindowEx - OK - 0xBF8B1369 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserFlashWindowEx - OK - 0xBF91540E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetAltTabInfo - OK - 0xBF8E8688 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetAncestor - OK - 0xBF82C837 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetAppImeLevel - OK - 0xBF914D9E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetAsyncKeyState - ssdt hook - 0x8A25B358->0xB1929FA0 - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS - Symantec Corporation
       NtUserGetAtomName - OK - 0xBF834B40 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetCaretBlinkTime - OK - 0xBF84203E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetCaretPos - OK - 0xBF8C4EEE - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetClassInfo - OK - 0xBF843300 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetClassName - OK - 0xBF82C568 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetClipboardData - OK - 0xBF8F9709 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetClipboardFormatName - OK - 0xBF8EDF34 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetClipboardOwner - OK - 0xBF8EA55C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetClipboardSequenceNumber - OK - 0xBF8C4CA7 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetClipboardViewer - OK - 0xBF9123B5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetClipCursor - OK - 0xBF911E46 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetComboBoxInfo - OK - 0xBF911A7C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetControlBrush - OK - 0xBF8798CC - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetControlColor - OK - 0xBF9073E1 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetCPD - OK - 0xBF8214DB - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetCursorFrameInfo - OK - 0xBF879B6B - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetCursorInfo - OK - 0xBF911B99 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetDC - OK - 0xBF804501 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetDCEx - OK - 0xBF83A0A5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetDoubleClickTime - OK - 0xBF83B070 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetForegroundWindow - OK - 0xBF820BC1 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetGuiResources - OK - 0xBF9115F0 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetGUIThreadInfo - OK - 0xBF8B1D0D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetIconInfo - OK - 0xBF842A6C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetIconSize - OK - 0xBF842BBC - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetImeHotKey - OK - 0xBF914C5C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetImeInfoEx - OK - 0xBF914ACC - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetInternalWindowPos - OK - 0xBF911845 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetKeyboardLayoutList - OK - 0xBF835396 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetKeyboardLayoutName - OK - 0xBF8F5E25 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetKeyboardState - ssdt hook - 0x8A1CC260->0xB1929FA0 - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS - Symantec Corporation
       NtUserGetKeyNameText - OK - 0xBF90BC01 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetKeyState - ssdt hook - 0x8A2562B0->0xB1929FA0 - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS - Symantec Corporation
       NtUserGetListBoxInfo - OK - 0xBF911B45 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetMenuBarInfo - OK - 0xBF911C96 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetMenuIndex - OK - 0xBF9120EC - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetMenuItemRect - OK - 0xBF912C20 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetMessage - OK - 0xBF819E45 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetMouseMovePointsEx - OK - 0xBF9128FB - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetObjectInformation - OK - 0xBF81A0BD - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetOpenClipboardWindow - OK - 0xBF8F4A1C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetPriorityClipboardFormat - OK - 0xBF9123E1 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetProcessWindowStation - OK - 0xBF819F28 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetRawInputBuffer - OK - 0xBF915C8E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetRawInputData - ssdt hook - 0x8A1DC280->0xB1929FA0 - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS - Symantec Corporation
       NtUserGetRawInputDeviceInfo - OK - 0xBF915768 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetRawInputDeviceList - OK - 0xBF915A5D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetRegisteredRawInputDevices - OK - 0xBF915C53 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetScrollBarInfo - OK - 0xBF87840E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetSystemMenu - OK - 0xBF840875 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetThreadDesktop - OK - 0xBF81A373 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetThreadState - OK - 0xBF8239BA - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetTitleBarInfo - OK - 0xBF83A32F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetUpdateRect - OK - 0xBF83AE9D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetUpdateRgn - OK - 0xBF8C5036 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetWindowDC - OK - 0xBF8037CB - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetWindowPlacement - OK - 0xBF8F999C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetWOWClass - OK - 0xBF90DEB5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserHardErrorControl - OK - 0xBF911431 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserHideCaret - OK - 0xBF82CCFF - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserHiliteMenuItem - OK - 0xBF91246A - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserImpersonateDdeClientWindow - OK - 0xBF91320C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserInitialize - OK - 0xBF8A81D8 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserInitializeClientPfnArrays - OK - 0xBF8A2778 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserInitTask - OK - 0xBF911924 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserInternalGetWindowText - OK - 0xBF83A42B - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserInvalidateRect - OK - 0xBF814EF4 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserInvalidateRgn - OK - 0xBF84D150 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserIsClipboardFormatAvailable - OK - 0xBF8C4C6D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserKillTimer - OK - 0xBF80E8D5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserLoadKeyboardLayoutEx - OK - 0xBF884B52 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserLockWindowStation - OK - 0xBF89397D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserLockWindowUpdate - OK - 0xBF8CC7CA - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserLockWorkStation - OK - 0xBF91150A - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserMapVirtualKeyEx - OK - 0xBF8C7C71 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserMenuItemFromPoint - OK - 0xBF912CF7 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserMessageCall - ssdt hook - 0x8A1EA280->0xB1929FA0 - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS - Symantec Corporation
       NtUserMinMaximize - OK - 0xBF90FA97 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserMNDragLeave - OK - 0xBF9125BA - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserMNDragOver - OK - 0xBF91250A - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserModifyUserStartupInfoFlags - OK - 0xBF8E30A7 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserMoveWindow - OK - 0xBF838953 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserNotifyIMEStatus - OK - 0xBF914F9C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserNotifyProcessCreate - OK - 0xBF8C1B82 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserNotifyWinEvent - OK - 0xBF8C52F5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserOpenClipboard - OK - 0xBF8F83AC - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserOpenDesktop - OK - 0xBF8B3770 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserOpenInputDesktop - OK - 0xBF88FFB6 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserOpenWindowStation - OK - 0xBF8F9BE4 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserPaintDesktop - OK - 0xBF87C63F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserPeekMessage - OK - 0xBF8036BA - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserPostMessage - ssdt hook - 0x8A24F280->0xB1929FA0 - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS - Symantec Corporation
       NtUserPostThreadMessage - ssdt hook - 0x8A236280->0xB1929FA0 - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS - Symantec Corporation
       NtUserPrintWindow - OK - 0xBF8AE81D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserProcessConnect - OK - 0xBF8BF8CD - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserQueryInformationThread - OK - 0xBF912D89 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserQueryInputContext - OK - 0xBF914946 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserQuerySendMessage - OK - 0xBF913137 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserQueryUserCounters - OK - 0xBF9150A5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserQueryWindow - OK - 0xBF803B56 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserRealChildWindowFromPoint - OK - 0xBF911C58 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserRealInternalGetMessage - OK - 0xBF88FA6E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserRealWaitMessageEx - OK - 0xBF912B60 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserRedrawWindow - OK - 0xBF823B8F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserRegisterClassExWOW - OK - 0xBF81F2AC - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserRegisterUserApiHook - OK - 0xBF89415A - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserRegisterHotKey - OK - 0xBF8ADD61 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserRegisterRawInputDevices - OK - 0xBF915BA7 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserRegisterTasklist - OK - 0xBF911A48 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserRegisterWindowMessage - OK - 0xBF8079E7 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserRemoveMenu - OK - 0xBF8AE745 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserRemoveProp - OK - 0xBF832ADC - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserResolveDesktop - OK - 0xBF8885B6 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserResolveDesktopForWOW - OK - 0xBF915E9F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSBGetParms - OK - 0xBF8782B5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserScrollDC - OK - 0xBF8BF1DD - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserScrollWindowEx - OK - 0xBF8E576F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSelectPalette - OK - 0xBF8383DA - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSendInput - OK - 0xBF8C31E7 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetActiveWindow - OK - 0xBF853453 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetAppImeLevel - OK - 0xBF914D33 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetCapture - OK - 0xBF84A2FB - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetClassLong - OK - 0xBF84D3ED - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetClassWord - OK - 0xBF9125D7 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetClipboardData - OK - 0xBF8EA705 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetClipboardViewer - OK - 0xBF8F9489 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetConsoleReserveKeys - OK - 0xBF87CEF4 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetCursor - OK - 0xBF8210E7 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetCursorContents - OK - 0xBF912BD9 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetCursorIconData - OK - 0xBF842D4B - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetDbgTag - OK - 0xBF91216F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetFocus - OK - 0xBF83A821 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetImeHotKey - OK - 0xBF884A8D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetImeInfoEx - OK - 0xBF914BB1 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetImeOwnerWindow - OK - 0xBF914E08 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetInformationProcess - OK - 0xBF8C17E6 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetInformationThread - OK - 0xBF87CCBE - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetInternalWindowPos - OK - 0xBF911D65 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetKeyboardState - OK - 0xBF8F8810 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetLogonNotifyWindow - OK - 0xBF89C190 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetMenu - OK - 0xBF90BAC7 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetMenuContextHelpId - OK - 0xBF912192 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetMenuDefaultItem - OK - 0xBF8AE6DA - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetMenuFlagRtoL - OK - 0xBF9121CF - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetObjectInformation - OK - 0xBF91147C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetParent - OK - 0xBF879695 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetProcessWindowStation - OK - 0xBF8B3B62 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetProp - OK - 0xBF8282F4 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetRipFlags - OK - 0xBF91214C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetScrollInfo - OK - 0xBF80E612 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetShellWindowEx - OK - 0xBF890844 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetSysColors - OK - 0xBF912612 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetSystemCursor - OK - 0xBF912BA0 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetSystemMenu - OK - 0xBF8F5FE8 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetSystemTimer - OK - 0xBF9130FE - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetThreadDesktop - OK - 0xBF8B3BBA - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetThreadLayoutHandles - OK - 0xBF914F1B - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetThreadState - OK - 0xBF879890 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetTimer - OK - 0xBF803A65 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetWindowFNID - OK - 0xBF879740 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetWindowLong - OK - 0xBF832BEC - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetWindowPlacement - OK - 0xBF88438B - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetWindowPos - OK - 0xBF82809B - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetWindowRgn - OK - 0xBF8405CA - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetWindowsHookAW - OK - 0xBF855D0C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetWindowsHookEx - ssdt hook - 0x8A2AE7A0->0xB1929FA0 - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS - Symantec Corporation
       NtUserSetWindowStationUser - OK - 0xBF89381A - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetWindowWord - OK - 0xBF8F8DC1 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetWinEventHook - ssdt hook - 0x8A1E1270->0xB1929FA0 - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS - Symantec Corporation
       NtUserShowCaret - OK - 0xBF82CD61 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserShowScrollBar - OK - 0xBF8C556C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserShowWindow - OK - 0xBF834FA9 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserShowWindowAsync - OK - 0xBF8884A9 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSoundSentry - OK - 0xBF8E319F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSwitchDesktop - OK - 0xBF890AD9 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSystemParametersInfo - OK - 0xBF81E743 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserTestForInteractiveUser - OK - 0xBF90E040 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserThunkedMenuInfo - OK - 0xBF8F5F49 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserThunkedMenuItemInfo - OK - 0xBF83F9D3 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserToUnicodeEx - OK - 0xBF9129AB - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserTrackMouseEvent - OK - 0xBF8B437D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserTrackPopupMenuEx - OK - 0xBF9127C8 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCalcMenuBar - OK - 0xBF83A596 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserPaintMenuBar - OK - 0xBF8EED56 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserTranslateAccelerator - OK - 0xBF8F8019 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserTranslateMessage - OK - 0xBF848A01 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserUnhookWindowsHookEx - OK - 0xBF852DCF - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserUnhookWinEvent - OK - 0xBF8EDA6C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserUnloadKeyboardLayout - OK - 0xBF913076 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserUnlockWindowStation - OK - 0xBF88803F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserUnregisterClass - OK - 0xBF81FB79 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserUnregisterUserApiHook - OK - 0xBF8935F7 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserUnregisterHotKey - OK - 0xBF9128BE - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserUpdateInputContext - OK - 0xBF9148F6 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserUpdateInstance - OK - 0xBF91171F - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserUpdateLayeredWindow - OK - 0xBF8514F1 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserGetLayeredWindowAttributes - OK - 0xBF9154D0 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserSetLayeredWindowAttributes - OK - 0xBF84D286 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserUpdatePerUserSystemParameters - OK - 0xBF899377 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserUserHandleGrantAccess - OK - 0xBF912DD0 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserValidateHandleSecure - OK - 0xBF801959 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserValidateRect - OK - 0xBF8F89FF - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserValidateTimerCallback - OK - 0xBF807D0E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserVkKeyScanEx - OK - 0xBF8C3BA5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserWaitForInputIdle - OK - 0xBF90D884 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserWaitForMsgAndEvent - OK - 0xBF90C7C1 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserWaitMessage - OK - 0xBF803761 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserWin32PoolAllocationStats - OK - 0xBF911472 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserWindowFromPoint - OK - 0xBF8213A9 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserYieldTask - OK - 0xBF90DFD8 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserRemoteConnect - OK - 0xBF8903CB - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserRemoteRedrawRectangle - OK - 0xBF9112F9 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserRemoteRedrawScreen - OK - 0xBF911346 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserRemoteStopScreenUpdates - OK - 0xBF91139A - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtUserCtxDisplayIOCtl - OK - 0xBF9113E7 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngAssociateSurface - OK - 0xBF8FD7D7 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngCreateBitmap - OK - 0xBF8FE187 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngCreateDeviceSurface - OK - 0xBF8FD7A4 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngCreateDeviceBitmap - OK - 0xBF9535B5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngCreatePalette - OK - 0xBF8DEE29 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngComputeGlyphSet - OK - 0xBF8FD260 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngCopyBits - OK - 0xBF95370B - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngDeletePalette - OK - 0xBF8DF9B5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngDeleteSurface - OK - 0xBF8FD72A - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngEraseSurface - OK - 0xBF95456E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngUnlockSurface - OK - 0xBF9019E0 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngLockSurface - OK - 0xBF8FDBDC - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngBitBlt - OK - 0xBF8FC145 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngStretchBlt - OK - 0xBF901DB9 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngPlgBlt - OK - 0xBF953B03 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngMarkBandingSurface - OK - 0xBF8FE27D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngStrokePath - OK - 0xBF8FF077 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngFillPath - OK - 0xBF953CFA - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngStrokeAndFillPath - OK - 0xBF8FFD0C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngPaint - OK - 0xBF953E65 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngLineTo - OK - 0xBF953F81 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngAlphaBlend - OK - 0xBF9540AA - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngGradientFill - OK - 0xBF954229 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngTransparentBlt - OK - 0xBF954402 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngTextOut - OK - 0xBF90087D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngStretchBltROP - OK - 0xBF9538A7 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiXLATEOBJ_cGetPalette - OK - 0xBF954D20 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiXLATEOBJ_iXlate - OK - 0xBF954DDC - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiXLATEOBJ_hGetColorTransform - OK - 0xBF954CD2 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCLIPOBJ_bEnum - OK - 0xBF8FF574 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCLIPOBJ_cEnumStart - OK - 0xBF8FF621 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiCLIPOBJ_ppoGetPath - OK - 0xBF954638 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngDeletePath - OK - 0xBF954676 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngCreateClip - OK - 0xBF9546B0 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngDeleteClip - OK - 0xBF9546E2 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiBRUSHOBJ_ulGetBrushColor - OK - 0xBF8FEBDF - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiBRUSHOBJ_pvAllocRbrush - OK - 0xBF95471C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiBRUSHOBJ_pvGetRbrush - OK - 0xBF95476D - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiBRUSHOBJ_hGetColorTransform - OK - 0xBF8FD2E6 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiXFORMOBJ_bApplyXform - OK - 0xBF8FCC31 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiXFORMOBJ_iGetXform - OK - 0xBF8FAB99 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiFONTOBJ_vGetInfo - OK - 0xBF8FCDF2 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiFONTOBJ_pxoGetXform - OK - 0xBF8FAAFF - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiFONTOBJ_cGetGlyphs - OK - 0xBF8FC896 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiFONTOBJ_pifi - OK - 0xBF8FB2E5 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiFONTOBJ_pfdg - OK - 0xBF954E97 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiFONTOBJ_pQueryGlyphAttrs - OK - 0xBF954F9E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiFONTOBJ_pvTrueTypeFontFile - OK - 0xBF954C02 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiFONTOBJ_cGetAllGlyphHandles - OK - 0xBF9547BB - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSTROBJ_bEnum - OK - 0xBF955076 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSTROBJ_bEnumPositionsOnly - OK - 0xBF8FD020 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSTROBJ_bGetAdvanceWidths - OK - 0xBF8FB3D0 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSTROBJ_vEnumStart - OK - 0xBF8FD03E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSTROBJ_dwGetCodePage - OK - 0xBF954886 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiPATHOBJ_vGetBounds - OK - 0xBF954977 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiPATHOBJ_bEnum - OK - 0xBF955094 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiPATHOBJ_vEnumStart - OK - 0xBF954A08 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiPATHOBJ_vEnumStartClipLines - OK - 0xBF954A4C - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiPATHOBJ_bEnumClipLines - OK - 0xBF954AF9 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiGetDhpdev - OK - 0xBF953583 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiEngCheckAbort - OK - 0xBF954E2E - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiHT_Get8BPPFormatPalette - OK - 0xBF8FC6DB - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiHT_Get8BPPMaskPalette - OK - 0xBF9535F7 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiUpdateTransform - OK - 0xBF941CAF - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiSetPUMPDOBJ - OK - 0xBF8DD541 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiBRUSHOBJ_DeleteRbrush - OK - 0xBF9548D4 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiUnmapMemFont - OK - 0xBF9535AA - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation
       NtGdiDrawStream - OK - 0xBF817629 - C:\WINDOWS\System32\win32k.sys - Microsoft Corporation

==========================================================================================

FSD

       (Fastfat)IRP_MJ_CREATE - OK - 0xB1551D20 - C:\WINDOWS\System32\Drivers\Fastfat.SYS - Microsoft Corporation
       (Fastfat)IRP_MJ_CREATE_NAMED_PIPE - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       (Fastfat)IRP_MJ_CLOSE - OK - 0xB154E7B4 - C:\WINDOWS\System32\Drivers\Fastfat.SYS - Microsoft Corporation
       (Fastfat)IRP_MJ_READ - OK - 0xB154A60A - C:\WINDOWS\System32\Drivers\Fastfat.SYS - Microsoft Corporation
       (Fastfat)IRP_MJ_WRITE - OK - 0xB154AAED - C:\WINDOWS\System32\Drivers\Fastfat.SYS - Microsoft Corporation
       (Fastfat)IRP_MJ_QUERY_INFORMATION - OK - 0xB15559F2 - C:\WINDOWS\System32\Drivers\Fastfat.SYS - Microsoft Corporation
       (Fastfat)IRP_MJ_SET_INFORMATION - OK - 0xB15588C1 - C:\WINDOWS\System32\Drivers\Fastfat.SYS - Microsoft Corporation
       (Fastfat)IRP_MJ_QUERY_EA - OK - 0xB1561428 - C:\WINDOWS\System32\Drivers\Fastfat.SYS - Microsoft Corporation
       (Fastfat)IRP_MJ_SET_EA - OK - 0xB1560DE7 - C:\WINDOWS\System32\Drivers\Fastfat.SYS - Microsoft Corporation
       (Fastfat)IRP_MJ_FLUSH_BUFFERS - OK - 0xB155AC5F - C:\WINDOWS\System32\Drivers\Fastfat.SYS - Microsoft Corporation
       (Fastfat)IRP_MJ_QUERY_VOLUME_INFORMATION - OK - 0xB155B3D1 - C:\WINDOWS\System32\Drivers\Fastfat.SYS - Microsoft Corporation
       (Fastfat)IRP_MJ_SET_VOLUME_INFORMATION - OK - 0xB1569631 - C:\WINDOWS\System32\Drivers\Fastfat.SYS - Microsoft Corporation
       (Fastfat)IRP_MJ_DIRECTORY_CONTROL - OK - 0xB1551BCD - C:\WINDOWS\System32\Drivers\Fastfat.SYS - Microsoft Corporation
       (Fastfat)IRP_MJ_FILE_SYSTEM_CONTROL - OK - 0xB154D9C8 - C:\WINDOWS\System32\Drivers\Fastfat.SYS - Microsoft Corporation
       (Fastfat)IRP_MJ_DEVICE_CONTROL - OK - 0xB1557507 - C:\WINDOWS\System32\Drivers\Fastfat.SYS - Microsoft Corporation
       (Fastfat)IRP_MJ_INTERNAL_DEVICE_CONTROL - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       (Fastfat)IRP_MJ_SHUTDOWN - OK - 0xB15688C0 - C:\WINDOWS\System32\Drivers\Fastfat.SYS - Microsoft Corporation
       (Fastfat)IRP_MJ_LOCK_CONTROL - OK - 0xB1567CF8 - C:\WINDOWS\System32\Drivers\Fastfat.SYS - Microsoft Corporation
       (Fastfat)IRP_MJ_CLEANUP - OK - 0xB154E2E9 - C:\WINDOWS\System32\Drivers\Fastfat.SYS - Microsoft Corporation
       (Fastfat)IRP_MJ_CREATE_MAILSLOT - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       (Fastfat)IRP_MJ_QUERY_SECURITY - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       (Fastfat)IRP_MJ_SET_SECURITY - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       (Fastfat)IRP_MJ_POWER - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       (Fastfat)IRP_MJ_SYSTEM_CONTROL - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       (Fastfat)IRP_MJ_DEVICE_CHANGE - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       (Fastfat)IRP_MJ_QUERY_QUOTA - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       (Fastfat)IRP_MJ_SET_QUOTA - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       (Fastfat)IRP_MJ_PNP_POWER - OK - 0xB1568286 - C:\WINDOWS\System32\Drivers\Fastfat.SYS - Microsoft Corporation
       (Ntfs)IRP_MJ_CREATE - OK - 0xBAF98E01 - C:\WINDOWS\system32\drivers\Ntfs.sys - Microsoft Corporation
       (Ntfs)IRP_MJ_CREATE_NAMED_PIPE - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       (Ntfs)IRP_MJ_CLOSE - OK - 0xBAF982EA - C:\WINDOWS\system32\drivers\Ntfs.sys - Microsoft Corporation
       (Ntfs)IRP_MJ_READ - OK - 0xBAF75F2F - C:\WINDOWS\system32\drivers\Ntfs.sys - Microsoft Corporation
       (Ntfs)IRP_MJ_WRITE - OK - 0xBAF74B4B - C:\WINDOWS\system32\drivers\Ntfs.sys - Microsoft Corporation
       (Ntfs)IRP_MJ_QUERY_INFORMATION - OK - 0xBAF994B9 - C:\WINDOWS\system32\drivers\Ntfs.sys - Microsoft Corporation
       (Ntfs)IRP_MJ_SET_INFORMATION - OK - 0xBAF76ABB - C:\WINDOWS\system32\drivers\Ntfs.sys - Microsoft Corporation
       (Ntfs)IRP_MJ_QUERY_EA - OK - 0xBAF994B9 - C:\WINDOWS\system32\drivers\Ntfs.sys - Microsoft Corporation
       (Ntfs)IRP_MJ_SET_EA - OK - 0xBAF994B9 - C:\WINDOWS\system32\drivers\Ntfs.sys - Microsoft Corporation
       (Ntfs)IRP_MJ_FLUSH_BUFFERS - OK - 0xBAFB30E5 - C:\WINDOWS\system32\drivers\Ntfs.sys - Microsoft Corporation
       (Ntfs)IRP_MJ_QUERY_VOLUME_INFORMATION - OK - 0xBAF99604 - C:\WINDOWS\system32\drivers\Ntfs.sys - Microsoft Corporation
       (Ntfs)IRP_MJ_SET_VOLUME_INFORMATION - OK - 0xBAF99604 - C:\WINDOWS\system32\drivers\Ntfs.sys - Microsoft Corporation
       (Ntfs)IRP_MJ_DIRECTORY_CONTROL - OK - 0xBAF9B1BD - C:\WINDOWS\system32\drivers\Ntfs.sys - Microsoft Corporation
       (Ntfs)IRP_MJ_FILE_SYSTEM_CONTROL - OK - 0xBAF9D958 - C:\WINDOWS\system32\drivers\Ntfs.sys - Microsoft Corporation
       (Ntfs)IRP_MJ_DEVICE_CONTROL - OK - 0xBAF99604 - C:\WINDOWS\system32\drivers\Ntfs.sys - Microsoft Corporation
       (Ntfs)IRP_MJ_INTERNAL_DEVICE_CONTROL - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       (Ntfs)IRP_MJ_SHUTDOWN - OK - 0xBAF877F2 - C:\WINDOWS\system32\drivers\Ntfs.sys - Microsoft Corporation
       (Ntfs)IRP_MJ_LOCK_CONTROL - OK - 0xBAFECCE9 - C:\WINDOWS\system32\drivers\Ntfs.sys - Microsoft Corporation
       (Ntfs)IRP_MJ_CLEANUP - OK - 0xBAF98CB8 - C:\WINDOWS\system32\drivers\Ntfs.sys - Microsoft Corporation
       (Ntfs)IRP_MJ_CREATE_MAILSLOT - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       (Ntfs)IRP_MJ_QUERY_SECURITY - OK - 0xBAF99604 - C:\WINDOWS\system32\drivers\Ntfs.sys - Microsoft Corporation
       (Ntfs)IRP_MJ_SET_SECURITY - OK - 0xBAF99604 - C:\WINDOWS\system32\drivers\Ntfs.sys - Microsoft Corporation
       (Ntfs)IRP_MJ_POWER - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       (Ntfs)IRP_MJ_SYSTEM_CONTROL - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       (Ntfs)IRP_MJ_DEVICE_CHANGE - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       (Ntfs)IRP_MJ_QUERY_QUOTA - OK - 0xBAF994B9 - C:\WINDOWS\system32\drivers\Ntfs.sys - Microsoft Corporation
       (Ntfs)IRP_MJ_SET_QUOTA - OK - 0xBAF994B9 - C:\WINDOWS\system32\drivers\Ntfs.sys - Microsoft Corporation
       (Ntfs)IRP_MJ_PNP_POWER - OK - 0xBAFB5A0E - C:\WINDOWS\system32\drivers\Ntfs.sys - Microsoft Corporation

==========================================================================================

Keyboard

       IRP_MJ_CREATE - OK - 0xF772FDD0 - C:\WINDOWS\system32\DRIVERS\kbdclass.sys - Microsoft Corporation
       IRP_MJ_CREATE_NAMED_PIPE - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_CLOSE - OK - 0xF772FFE0 - C:\WINDOWS\system32\DRIVERS\kbdclass.sys - Microsoft Corporation
       IRP_MJ_READ - OK - 0xF7730C72 - C:\WINDOWS\system32\DRIVERS\kbdclass.sys - Microsoft Corporation
       IRP_MJ_WRITE - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_QUERY_INFORMATION - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_SET_INFORMATION - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_QUERY_EA - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_SET_EA - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_FLUSH_BUFFERS - OK - 0xF772FD4A - C:\WINDOWS\system32\DRIVERS\kbdclass.sys - Microsoft Corporation
       IRP_MJ_QUERY_VOLUME_INFORMATION - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_SET_VOLUME_INFORMATION - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_DIRECTORY_CONTROL - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_FILE_SYSTEM_CONTROL - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_DEVICE_CONTROL - OK - 0xF7731A38 - C:\WINDOWS\system32\DRIVERS\kbdclass.sys - Microsoft Corporation
       IRP_MJ_INTERNAL_DEVICE_CONTROL - OK - 0xF7731386 - C:\WINDOWS\system32\DRIVERS\kbdclass.sys - Microsoft Corporation
       IRP_MJ_SHUTDOWN - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_LOCK_CONTROL - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_CLEANUP - OK - 0xF772FD06 - C:\WINDOWS\system32\DRIVERS\kbdclass.sys - Microsoft Corporation
       IRP_MJ_CREATE_MAILSLOT - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_QUERY_SECURITY - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_SET_SECURITY - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_POWER - OK - 0xF7732180 - C:\WINDOWS\system32\DRIVERS\kbdclass.sys - Microsoft Corporation
       IRP_MJ_SYSTEM_CONTROL - OK - 0xF7731842 - C:\WINDOWS\system32\DRIVERS\kbdclass.sys - Microsoft Corporation
       IRP_MJ_DEVICE_CHANGE - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_QUERY_QUOTA - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_SET_QUOTA - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_PNP_POWER - OK - 0xF773078A - C:\WINDOWS\system32\DRIVERS\kbdclass.sys - Microsoft Corporation

==========================================================================================

Mouclass

       IRP_MJ_CREATE - OK - 0xF7817B78 - C:\WINDOWS\system32\DRIVERS\mouclass.sys - Microsoft Corporation
       IRP_MJ_CREATE_NAMED_PIPE - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_CLOSE - OK - 0xF7817D86 - C:\WINDOWS\system32\DRIVERS\mouclass.sys - Microsoft Corporation
       IRP_MJ_READ - OK - 0xF781898C - C:\WINDOWS\system32\DRIVERS\mouclass.sys - Microsoft Corporation
       IRP_MJ_WRITE - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_QUERY_INFORMATION - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_SET_INFORMATION - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_QUERY_EA - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_SET_EA - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_FLUSH_BUFFERS - OK - 0xF7817AF2 - C:\WINDOWS\system32\DRIVERS\mouclass.sys - Microsoft Corporation
       IRP_MJ_QUERY_VOLUME_INFORMATION - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_SET_VOLUME_INFORMATION - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_DIRECTORY_CONTROL - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_FILE_SYSTEM_CONTROL - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_DEVICE_CONTROL - OK - 0xF78192C6 - C:\WINDOWS\system32\DRIVERS\mouclass.sys - Microsoft Corporation
       IRP_MJ_INTERNAL_DEVICE_CONTROL - OK - 0xF7819086 - C:\WINDOWS\system32\DRIVERS\mouclass.sys - Microsoft Corporation
       IRP_MJ_SHUTDOWN - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_LOCK_CONTROL - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_CLEANUP - OK - 0xF7817AAE - C:\WINDOWS\system32\DRIVERS\mouclass.sys - Microsoft Corporation
       IRP_MJ_CREATE_MAILSLOT - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_QUERY_SECURITY - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_SET_SECURITY - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_POWER - OK - 0xF7819CC6 - C:\WINDOWS\system32\DRIVERS\mouclass.sys - Microsoft Corporation
       IRP_MJ_SYSTEM_CONTROL - OK - 0xF781978C - C:\WINDOWS\system32\DRIVERS\mouclass.sys - Microsoft Corporation
       IRP_MJ_DEVICE_CHANGE - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_QUERY_QUOTA - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_SET_QUOTA - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_PNP_POWER - OK - 0xF7818542 - C:\WINDOWS\system32\DRIVERS\mouclass.sys - Microsoft Corporation

==========================================================================================

Classpnp

       IRP_MJ_CREATE - OK - 0xF763DBB0 - C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS - Microsoft Corporation
       IRP_MJ_CREATE_NAMED_PIPE - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_CLOSE - OK - 0xF763DBB0 - C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS - Microsoft Corporation
       IRP_MJ_READ - OK - 0xF7637D1F - C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS - Microsoft Corporation
       IRP_MJ_WRITE - OK - 0xF7637D1F - C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS - Microsoft Corporation
       IRP_MJ_QUERY_INFORMATION - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_SET_INFORMATION - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_QUERY_EA - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_SET_EA - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_FLUSH_BUFFERS - OK - 0xF76382E2 - C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS - Microsoft Corporation
       IRP_MJ_QUERY_VOLUME_INFORMATION - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_SET_VOLUME_INFORMATION - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_DIRECTORY_CONTROL - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_FILE_SYSTEM_CONTROL - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_DEVICE_CONTROL - OK - 0xF76383BB - C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS - Microsoft Corporation
       IRP_MJ_INTERNAL_DEVICE_CONTROL - OK - 0xF763BF28 - C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS - Microsoft Corporation
       IRP_MJ_SHUTDOWN - OK - 0xF76382E2 - C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS - Microsoft Corporation
       IRP_MJ_LOCK_CONTROL - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_CLEANUP - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_CREATE_MAILSLOT - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_QUERY_SECURITY - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_SET_SECURITY - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_POWER - OK - 0xF7639C82 - C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS - Microsoft Corporation
       IRP_MJ_SYSTEM_CONTROL - OK - 0xF763E99E - C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS - Microsoft Corporation
       IRP_MJ_DEVICE_CHANGE - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_QUERY_QUOTA - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_SET_QUOTA - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_PNP_POWER - OK - 0xF763DC93 - C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS - Microsoft Corporation

==========================================================================================

Atapi

       IRP_MJ_CREATE - OK - 0xF74CA6F2 - C:\WINDOWS\system32\drivers\atapi.sys - Microsoft Corporation
       IRP_MJ_CREATE_NAMED_PIPE - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_CLOSE - OK - 0xF74CA6F2 - C:\WINDOWS\system32\drivers\atapi.sys - Microsoft Corporation
       IRP_MJ_READ - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_WRITE - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_QUERY_INFORMATION - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_SET_INFORMATION - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_QUERY_EA - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_SET_EA - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_FLUSH_BUFFERS - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_QUERY_VOLUME_INFORMATION - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_SET_VOLUME_INFORMATION - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_DIRECTORY_CONTROL - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_FILE_SYSTEM_CONTROL - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_DEVICE_CONTROL - OK - 0xF74CA712 - C:\WINDOWS\system32\drivers\atapi.sys - Microsoft Corporation
       IRP_MJ_INTERNAL_DEVICE_CONTROL - OK - 0xF74C6852 - C:\WINDOWS\system32\drivers\atapi.sys - Microsoft Corporation
       IRP_MJ_SHUTDOWN - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_LOCK_CONTROL - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_CLEANUP - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_CREATE_MAILSLOT - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_QUERY_SECURITY - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_SET_SECURITY - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_POWER - OK - 0xF74CA73C - C:\WINDOWS\system32\drivers\atapi.sys - Microsoft Corporation
       IRP_MJ_SYSTEM_CONTROL - OK - 0xF74D1336 - C:\WINDOWS\system32\drivers\atapi.sys - Microsoft Corporation
       IRP_MJ_DEVICE_CHANGE - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_QUERY_QUOTA - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_SET_QUOTA - OK - 0x804FA87E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IRP_MJ_PNP_POWER - OK - 0xF74D1302 - C:\WINDOWS\system32\drivers\atapi.sys - Microsoft Corporation
       DriverStartIo - OK - 0xF74C7864 - C:\WINDOWS\system32\drivers\atapi.sys - Microsoft Corporation

==========================================================================================

Acpi

       IRP_MJ_CREATE - OK - 0xF75AECB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_CREATE_NAMED_PIPE - OK - 0xF75AECB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_CLOSE - OK - 0xF75AECB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_READ - OK - 0xF75AECB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_WRITE - OK - 0xF75AECB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_QUERY_INFORMATION - OK - 0xF75AECB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_SET_INFORMATION - OK - 0xF75AECB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_QUERY_EA - OK - 0xF75AECB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_SET_EA - OK - 0xF75AECB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_FLUSH_BUFFERS - OK - 0xF75AECB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_QUERY_VOLUME_INFORMATION - OK - 0xF75AECB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_SET_VOLUME_INFORMATION - OK - 0xF75AECB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_DIRECTORY_CONTROL - OK - 0xF75AECB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_FILE_SYSTEM_CONTROL - OK - 0xF75AECB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_DEVICE_CONTROL - OK - 0xF75AECB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_INTERNAL_DEVICE_CONTROL - OK - 0xF75AECB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_SHUTDOWN - OK - 0xF75AECB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_LOCK_CONTROL - OK - 0xF75AECB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_CLEANUP - OK - 0xF75AECB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_CREATE_MAILSLOT - OK - 0xF75AECB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_QUERY_SECURITY - OK - 0xF75AECB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_SET_SECURITY - OK - 0xF75AECB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_POWER - OK - 0xF75AECB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_SYSTEM_CONTROL - OK - 0xF75AECB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_DEVICE_CHANGE - OK - 0xF75AECB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_QUERY_QUOTA - OK - 0xF75AECB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_SET_QUOTA - OK - 0xF75AECB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation
       IRP_MJ_PNP_POWER - OK - 0xF75AECB8 - C:\WINDOWS\system32\drivers\ACPI.sys - Microsoft Corporation

==========================================================================================

Scsi

       Nothing

==========================================================================================

Kernel Hook

       Inline - len(1) RtlPrefetchMemoryNonTemporal[ntoskrnl.exe] - [0x804DB03D]->[-]
       Inline - len(1) KiFastCallEntry[ntoskrnl.exe] - [0x804DE8EA]->[-]
       Inline - len(18) [ntoskrnl.exe] - [0x804DBAA2]->[-]
       Inline - len(1) [ntoskrnl.exe] - [0x804DBABA]->[-]
       Inline - len(8) [ntoskrnl.exe] - [0x804E26D8]->[-]
       Inline - len(12) [ntoskrnl.exe] - [0x804E26EC]->[-]
       Inline - len(4) [ntoskrnl.exe] - [0x804E2724]->[-]
       Inline - len(12) [ntoskrnl.exe] - [0x804E274C]->[-]
       Inline - len(8) [ntoskrnl.exe] - [0x804E2778]->[-]
       Inline - len(4) [ntoskrnl.exe] - [0x804E278C]->[-]
       Inline - len(12) [ntoskrnl.exe] - [0x804E27A4]->[-]
       Inline - len(4) [ntoskrnl.exe] - [0x804E27B8]->[-]
       Inline - len(4) [ntoskrnl.exe] - [0x804E27F4]->[-]
       Inline - len(12) [ntoskrnl.exe] - [0x804E280C]->[-]
       Inline - len(4) [ntoskrnl.exe] - [0x804E282C]->[-]
       Inline - len(4) [ntoskrnl.exe] - [0x804E2858]->[-]
       Inline - len(4) [ntoskrnl.exe] - [0x804E2870]->[-]
       Inline - len(16) [ntoskrnl.exe] - [0x804E2890]->[-]
       Inline - len(4) [ntoskrnl.exe] - [0x804E28A8]->[-]
       Inline - len(4) [ntoskrnl.exe] - [0x804E28CC]->[-]
       Inline - len(4) [ntoskrnl.exe] - [0x804E29A8]->[-]
       Inline - len(4) [ntoskrnl.exe] - [0x804E29E0]->[-]
       Inline - len(4) [ntoskrnl.exe] - [0x804E29FC]->[-]
       Inline - len(4) [ntoskrnl.exe] - [0x804E2A38]->[-]
       Inline - len(4) [ntoskrnl.exe] - [0x804E2A68]->[-]
       Inline - len(4) [ntoskrnl.exe] - [0x804E2A84]->[-]
       Inline - len(8) [ntoskrnl.exe] - [0x804E2A9C]->[-]
       Inline - len(8) [ntoskrnl.exe] - [0x804E2AAC]->[-]
       Inline - len(4) [ntoskrnl.exe] - [0x804E2AD4]->[-]
       Inline - len(4) [ntoskrnl.exe] - [0x804E2AFC]->[-]

==========================================================================================

Object Type

       CmpCloseKeyObject - CmpKeyObjectType - OK - 0x8056A581 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpDeleteKeyObject - CmpKeyObjectType - OK - 0x8056A8BB - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpParseKey - CmpKeyObjectType - OK - 0x805687E8 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpSecurityMethod - CmpKeyObjectType - OK - 0x8056A81F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpQueryKeyName - CmpKeyObjectType - OK - 0x805A65F4 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IopCloseFile - IoFileObjectType - OK - 0x8056C05C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IopDeleteFile - IoFileObjectType - OK - 0x8056BE66 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IopParseFile - IoFileObjectType - OK - 0x80577AF2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IopGetSetSecurityObject - IoFileObjectType - OK - 0x8059B3ED - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IopQueryName - IoFileObjectType - OK - 0x8057F475 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IopDeleteDriver - IoDriverObjectType - OK - 0x805C233F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - IoDriverObjectType - OK - 0x8056B84F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IopDeleteDevice - IoDeviceObjectType - OK - 0x805A0598 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IopParseDevice - IoDeviceObjectType - OK - 0x8056C1D6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IopGetSetSecurityObject - IoDeviceObjectType - OK - 0x8059B3ED - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       IopDeleteIoCompletion - IoCompletionObjectType - OK - 0x805914ED - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - IoCompletionObjectType - OK - 0x8056B84F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       PspJobClose - PsJobType - OK - 0x805D80D5 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       PspJobDelete - PsJobType - OK - 0x805D8FE4 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - PsJobType - OK - 0x8056B84F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       PspThreadDelete - PsThreadType - OK - 0x8057B43C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - PsThreadType - OK - 0x8056B84F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       PspProcessDelete - PsProcessType - OK - 0x80581D3F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - PsProcessType - OK - 0x8056B84F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       ObpDeleteObjectType - ObpTypeObjectType - OK - 0x80629AC3 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - ObpTypeObjectType - OK - 0x8056B84F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - ObpDirectoryObjectType - OK - 0x8056B84F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       ObpDeleteSymbolicLink - ObpSymbolicLinkObjectType - OK - 0x8059F7FE - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       ObpParseSymbolicLink - ObpSymbolicLinkObjectType - OK - 0x805659EA - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - ObpSymbolicLinkObjectType - OK - 0x8056B84F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       MiSectionDelete - MmSectionObjectType - OK - 0x8056478B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - MmSectionObjectType - OK - 0x8056B84F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - ExEventObjectType - OK - 0x8056B84F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       ExpDeleteMutant - ExMutantObjectType - OK - 0x804F7A25 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - ExMutantObjectType - OK - 0x8056B84F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - ExSemaphoreObjectType - OK - 0x8056B84F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SepTokenDeleteMethod - SeTokenObjectType - OK - 0x805766F2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - SeTokenObjectType - OK - 0x8056B84F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       LpcpClosePort - LpcPortObjectType - OK - 0x805904E7 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       LpcpDeletePort - LpcPortObjectType - OK - 0x805902D5 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - LpcPortObjectType - OK - 0x8056B84F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CloseProcedure - FilterCommunicationPort - OK - 0xF74B490A - C:\WINDOWS\system32\drivers\fltmgr.sys - Microsoft Corporation
       DeleteProcedure - FilterCommunicationPort - OK - 0xF74B4190 - C:\WINDOWS\system32\drivers\fltmgr.sys - Microsoft Corporation
       SeDefaultObjectMethod - FilterCommunicationPort - OK - 0x8056B84F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - Controller - OK - 0x8056B84F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       DeleteProcedure - Profile - OK - 0x80649710 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - Profile - OK - 0x8056B84F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - EventPair - OK - 0x8056B84F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       OpenProcedure - Desktop - OK - 0x805800F8 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CloseProcedure - Desktop - OK - 0x8058206B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       DeleteProcedure - Desktop - OK - 0x80645679 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - Desktop - OK - 0x8056B84F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       OkayToCloseProcedure - Desktop - OK - 0x80581FE4 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       DeleteProcedure - Timer - OK - 0x80501229 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - Timer - OK - 0x8056B84F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       OpenProcedure - WindowStation - OK - 0x805800F8 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CloseProcedure - WindowStation - OK - 0x8058206B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       DeleteProcedure - WindowStation - OK - 0x80645679 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       ParseProcedure - WindowStation - OK - 0x8058016B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - WindowStation - OK - 0x8056B84F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       OkayToCloseProcedure - WindowStation - OK - 0x80581FE4 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CloseProcedure - WmiGuid - OK - 0x8059981B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       DeleteProcedure - WmiGuid - OK - 0x805996CE - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - WmiGuid - OK - 0x80599946 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - KeyedEvent - OK - 0x8056B84F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CloseProcedure - DebugObject - OK - 0x8065ADCD - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       DeleteProcedure - DebugObject - OK - 0x805772E8 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - DebugObject - OK - 0x8056B84F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - Adapter - OK - 0x8056B84F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CloseProcedure - WaitablePort - OK - 0x805904E7 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       DeleteProcedure - WaitablePort - OK - 0x805902D5 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - WaitablePort - OK - 0x8056B84F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       DeleteProcedure - Callback - OK - 0x805772E8 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SeDefaultObjectMethod - Callback - OK - 0x8056B84F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CloseProcedure - FilterConnectionPort - OK - 0xF74B41AA - C:\WINDOWS\system32\drivers\fltmgr.sys - Microsoft Corporation
       DeleteProcedure - FilterConnectionPort - OK - 0xF74B41CA - C:\WINDOWS\system32\drivers\fltmgr.sys - Microsoft Corporation
       SeDefaultObjectMethod - FilterConnectionPort - OK - 0x8056B84F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       GetCellRoutine - HHIVE - OK - 0x8057013F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       ReleaseCellRoutine - HHIVE - OK - 0x80570277 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpAllocate - HHIVE - OK - 0x8058B24B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFree - HHIVE - OK - 0x8058B292 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileSetSize - HHIVE - OK - 0x8058BC25 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileWrite - HHIVE - OK - 0x80595B37 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileRead - HHIVE - OK - 0x805ADF62 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileFlush - HHIVE - OK - 0x80595A29 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       GetCellRoutine - HHIVE - OK - 0x8057013F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       ReleaseCellRoutine - HHIVE - OK - 0x80570277 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpAllocate - HHIVE - OK - 0x8058B24B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFree - HHIVE - OK - 0x8058B292 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileSetSize - HHIVE - OK - 0x8058BC25 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileWrite - HHIVE - OK - 0x80595B37 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileRead - HHIVE - OK - 0x805ADF62 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileFlush - HHIVE - OK - 0x80595A29 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       GetCellRoutine - HHIVE - OK - 0x8057013F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       ReleaseCellRoutine - HHIVE - OK - 0x80570277 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpAllocate - HHIVE - OK - 0x8058B24B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFree - HHIVE - OK - 0x8058B292 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileSetSize - HHIVE - OK - 0x8058BC25 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileWrite - HHIVE - OK - 0x80595B37 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileRead - HHIVE - OK - 0x805ADF62 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileFlush - HHIVE - OK - 0x80595A29 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       GetCellRoutine - HHIVE - OK - 0x8057013F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       ReleaseCellRoutine - HHIVE - OK - 0x80570277 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpAllocate - HHIVE - OK - 0x8058B24B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFree - HHIVE - OK - 0x8058B292 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileSetSize - HHIVE - OK - 0x8058BC25 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileWrite - HHIVE - OK - 0x80595B37 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileRead - HHIVE - OK - 0x805ADF62 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileFlush - HHIVE - OK - 0x80595A29 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       GetCellRoutine - HHIVE - OK - 0x8057013F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       ReleaseCellRoutine - HHIVE - OK - 0x80570277 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpAllocate - HHIVE - OK - 0x8058B24B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFree - HHIVE - OK - 0x8058B292 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileSetSize - HHIVE - OK - 0x8058BC25 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileWrite - HHIVE - OK - 0x80595B37 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileRead - HHIVE - OK - 0x805ADF62 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileFlush - HHIVE - OK - 0x80595A29 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       GetCellRoutine - HHIVE - OK - 0x8057013F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       ReleaseCellRoutine - HHIVE - OK - 0x80570277 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpAllocate - HHIVE - OK - 0x8058B24B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFree - HHIVE - OK - 0x8058B292 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileSetSize - HHIVE - OK - 0x8058BC25 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileWrite - HHIVE - OK - 0x80595B37 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileRead - HHIVE - OK - 0x805ADF62 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileFlush - HHIVE - OK - 0x80595A29 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       GetCellRoutine - HHIVE - OK - 0x8057013F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       ReleaseCellRoutine - HHIVE - OK - 0x80570277 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpAllocate - HHIVE - OK - 0x8058B24B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFree - HHIVE - OK - 0x8058B292 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileSetSize - HHIVE - OK - 0x8058BC25 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileWrite - HHIVE - OK - 0x80595B37 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileRead - HHIVE - OK - 0x805ADF62 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileFlush - HHIVE - OK - 0x80595A29 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       GetCellRoutine - HHIVE - OK - 0x8057013F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       ReleaseCellRoutine - HHIVE - OK - 0x80570277 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpAllocate - HHIVE - OK - 0x8058B24B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFree - HHIVE - OK - 0x8058B292 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileSetSize - HHIVE - OK - 0x8058BC25 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileWrite - HHIVE - OK - 0x80595B37 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileRead - HHIVE - OK - 0x805ADF62 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileFlush - HHIVE - OK - 0x80595A29 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       GetCellRoutine - HHIVE - OK - 0x8057013F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       ReleaseCellRoutine - HHIVE - OK - 0x80570277 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpAllocate - HHIVE - OK - 0x8058B24B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFree - HHIVE - OK - 0x8058B292 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileSetSize - HHIVE - OK - 0x8058BC25 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileWrite - HHIVE - OK - 0x80595B37 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileRead - HHIVE - OK - 0x805ADF62 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileFlush - HHIVE - OK - 0x80595A29 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       GetCellRoutine - HHIVE - OK - 0x8057013F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       ReleaseCellRoutine - HHIVE - OK - 0x80570277 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpAllocate - HHIVE - OK - 0x8058B24B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFree - HHIVE - OK - 0x8058B292 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileSetSize - HHIVE - OK - 0x8058BC25 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileWrite - HHIVE - OK - 0x80595B37 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileRead - HHIVE - OK - 0x805ADF62 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileFlush - HHIVE - OK - 0x80595A29 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       GetCellRoutine - HHIVE - OK - 0x805704AB - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpAllocate - HHIVE - OK - 0x8058B24B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFree - HHIVE - OK - 0x8058B292 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileSetSize - HHIVE - OK - 0x8058BC25 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileWrite - HHIVE - OK - 0x80595B37 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileRead - HHIVE - OK - 0x805ADF62 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileFlush - HHIVE - OK - 0x80595A29 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       GetCellRoutine - HHIVE - OK - 0x8057013F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       ReleaseCellRoutine - HHIVE - OK - 0x80570277 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpAllocate - HHIVE - OK - 0x8058B24B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFree - HHIVE - OK - 0x8058B292 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileSetSize - HHIVE - OK - 0x8058BC25 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileWrite - HHIVE - OK - 0x80595B37 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileRead - HHIVE - OK - 0x805ADF62 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileFlush - HHIVE - OK - 0x80595A29 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       GetCellRoutine - HHIVE - OK - 0x805704AB - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpAllocate - HHIVE - OK - 0x8058B24B - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFree - HHIVE - OK - 0x8058B292 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileSetSize - HHIVE - OK - 0x8058BC25 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileWrite - HHIVE - OK - 0x80595B37 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileRead - HHIVE - OK - 0x805ADF62 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       CmpFileFlush - HHIVE - OK - 0x80595A29 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation

==========================================================================================

IDT

       Divide error - OK - 0x804DF350 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Debug - OK - 0x804DF4CB - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Not used - OK - 0x00000000 - - - 
       Breakpoint - OK - 0x804DF89D - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Overflow - OK - 0x804DFA20 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Bounds check - OK - 0x804DFB81 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Invalid opcode - OK - 0x804DFD02 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Device not available - OK - 0x804E036A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Double fault - OK - 0x00000000 - - - 
       Coprocessor segment overrun - OK - 0x804E078F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Invalid TSS - OK - 0x804E08AC - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Segment not present - OK - 0x804E09E9 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Stack segment fault - OK - 0x804E0C42 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       General protection - OK - 0x804E0F38 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Page Fault - OK - 0x804E164F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Reserved by Intel - OK - 0x804E197C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Floating-point error - OK - 0x804E1A99 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Alignment check - OK - 0x804E1BCE - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Machine check - OK - 0x804E197C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       SIMD floating point exception - OK - 0x804E1D34 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Reserved by Intel - OK - 0x804E197C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Reserved by Intel - OK - 0x804E197C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Reserved by Intel - OK - 0x804E197C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Reserved by Intel - OK - 0x804E197C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Reserved by Intel - OK - 0x804E197C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Reserved by Intel - OK - 0x804E197C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Reserved by Intel - OK - 0x804E197C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Reserved by Intel - OK - 0x804E197C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Reserved by Intel - OK - 0x804E197C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Reserved by Intel - OK - 0x804E197C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Reserved by Intel - OK - 0x804E197C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Reserved by Intel - OK - 0x806EFFD0 - C:\WINDOWS\system32\hal.dll - Microsoft Corporation
       Not used - OK - 0x00000000 - - - 
       Not used - OK - 0x00000000 - - - 
       Not used - OK - 0x00000000 - - - 
       Not used - OK - 0x00000000 - - - 
       Not used - OK - 0x00000000 - - - 
       Not used - OK - 0x00000000 - - - 
       Not used - OK - 0x00000000 - - - 
       Not used - OK - 0x00000000 - - - 
       Not used - OK - 0x00000000 - - - 
       Not used - OK - 0x00000000 - - - 
       KiGetTickCount - OK - 0x804DEB92 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiCallbackReturn - OK - 0x804DEC95 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiSetLowWaitHighThread - OK - 0x804DEE34 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiDebugService - OK - 0x804DF77C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiSystemService - OK - 0x804DE631 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       Reserved for APIC - OK - 0x804E197C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiStartUnexpectedRange - OK - 0x804DDCF0 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt1 - OK - 0x804DDCFA - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt2 - OK - 0x804DDD04 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt3 - OK - 0x804DDD0E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt4 - OK - 0x804DDD18 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt5 - OK - 0x804DDD22 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt6 - OK - 0x804DDD2C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt7 - OK - 0x806EF728 - C:\WINDOWS\system32\hal.dll - Microsoft Corporation
       KiUnexpectedInterrupt8 - OK - 0x804DDD40 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt9 - OK - 0x804DDD4A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt10 - OK - 0x804DDD54 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt11 - OK - 0x804DDD5E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt12 - OK - 0x804DDD68 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt13 - OK - 0x806F0B70 - C:\WINDOWS\system32\hal.dll - Microsoft Corporation
       KiUnexpectedInterrupt14 - OK - 0x804DDD7C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt15 - OK - 0x804DDD86 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt16 - OK - 0x804DDD90 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt17 - OK - 0x806F09CC - C:\WINDOWS\system32\hal.dll - Microsoft Corporation
       KiUnexpectedInterrupt18 - OK - 0x804DDDA4 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt19 - OK - 0x804DDDAE - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt20 - OK - 0x804DDDB8 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt21 - OK - 0x804DDDC2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt22 - OK - 0x804DDDCC - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt23 - OK - 0x804DDDD6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt24 - OK - 0x804DDDE0 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt25 - OK - 0x804DDDEA - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt26 - OK - 0x804DDDF4 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt27 - OK - 0x804DDDFE - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt28 - OK - 0x804DDE08 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt29 - OK - 0x804DDE12 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt30 - OK - 0x804DDE1C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt31 - OK - 0x804DDE26 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt32 - OK - 0x806EF800 - C:\WINDOWS\system32\hal.dll - Microsoft Corporation
       KiUnexpectedInterrupt33 - OK - 0x804DDE3A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt34 - OK - 0x804DDE44 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt35 - OK - 0x804DDE4E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt36 - OK - 0x804DDE58 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt37 - OK - 0x804DDE62 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt38 - OK - 0x804DDE6C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt39 - OK - 0x804DDE76 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt40 - OK - 0x804DDE80 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt41 - OK - 0x804DDE8A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt42 - OK - 0x804DDE94 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt43 - OK - 0x804DDE9E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt44 - OK - 0x804DDEA8 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt45 - OK - 0x804DDEB2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt46 - OK - 0x804DDEBC - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt47 - OK - 0x804DDEC6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt48 - OK - 0x804DDED0 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt49 - OK - 0x804DDEDA - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt50 - idt hook - 0x8A5FA5E4 - unknown image - 
       KiUnexpectedInterrupt51 - idt hook - 0x8A2B3C2C - unknown image - 
       KiUnexpectedInterrupt52 - OK - 0x804DDEF8 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt53 - OK - 0x804DDF02 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt54 - OK - 0x804DDF0C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt55 - OK - 0x804DDF16 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt56 - OK - 0x804DDF20 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt57 - OK - 0x804DDF2A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt58 - OK - 0x804DDF34 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt59 - OK - 0x804DDF3E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt60 - OK - 0x804DDF48 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt61 - OK - 0x804DDF52 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt62 - OK - 0x804DDF5C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt63 - OK - 0x804DDF66 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt64 - OK - 0x804DDF70 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt65 - OK - 0x804DDF7A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt66 - OK - 0x804DDF84 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt67 - idt hook - 0x8A452DD4 - unknown image - 
       KiUnexpectedInterrupt68 - OK - 0x804DDF98 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt69 - OK - 0x804DDFA2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt70 - OK - 0x804DDFAC - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt71 - OK - 0x804DDFB6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt72 - OK - 0x804DDFC0 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt73 - OK - 0x804DDFCA - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt74 - OK - 0x804DDFD4 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt75 - OK - 0x804DDFDE - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt76 - OK - 0x804DDFE8 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt77 - OK - 0x804DDFF2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt78 - OK - 0x804DDFFC - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt79 - OK - 0x804DE006 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt80 - OK - 0x804DE010 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt81 - OK - 0x804DE01A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt82 - idt hook - 0x8A5ACDD4 - unknown image - 
       KiUnexpectedInterrupt83 - idt hook - 0x8A533AD4 - unknown image - 
       KiUnexpectedInterrupt84 - OK - 0x804DE038 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt85 - OK - 0x804DE042 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt86 - OK - 0x804DE04C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt87 - OK - 0x804DE056 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt88 - OK - 0x804DE060 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt89 - OK - 0x804DE06A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt90 - OK - 0x804DE074 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt91 - OK - 0x804DE07E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt92 - OK - 0x804DE088 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt93 - OK - 0x804DE092 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt94 - OK - 0x804DE09C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt95 - OK - 0x804DE0A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt96 - OK - 0x804DE0B0 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt97 - OK - 0x804DE0BA - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt98 - idt hook - 0x8A27430C - unknown image - 
       KiUnexpectedInterrupt99 - idt hook - 0x8A2E7524 - unknown image - 
       KiUnexpectedInterrupt100 - OK - 0x804DE0D8 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt101 - OK - 0x804DE0E2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt102 - OK - 0x804DE0EC - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt103 - OK - 0x804DE0F6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt104 - OK - 0x804DE100 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt105 - OK - 0x804DE10A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt106 - OK - 0x804DE114 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt107 - OK - 0x804DE11E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt108 - OK - 0x804DE128 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt109 - OK - 0x804DE132 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt110 - OK - 0x804DE13C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt111 - OK - 0x804DE146 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt112 - OK - 0x804DE150 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt113 - OK - 0x804DE15A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt114 - OK - 0x804DE164 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt115 - idt hook - 0x8A2B2C74 - unknown image - 
       KiUnexpectedInterrupt116 - idt hook - 0x8A33ED64 - unknown image - 
       KiUnexpectedInterrupt117 - OK - 0x804DE182 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt118 - OK - 0x804DE18C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt119 - OK - 0x804DE196 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt120 - OK - 0x804DE1A0 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt121 - OK - 0x804DE1AA - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt122 - OK - 0x804DE1B4 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt123 - OK - 0x804DE1BE - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt124 - OK - 0x804DE1C8 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt125 - OK - 0x804DE1D2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt126 - OK - 0x804DE1DC - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt127 - OK - 0x804DE1E6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt128 - OK - 0x804DE1F0 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt129 - idt hook - 0x8A5FC6F4 - unknown image - 
       KiUnexpectedInterrupt130 - OK - 0x804DE204 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt131 - OK - 0x804DE20E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt132 - idt hook - 0x8A4E91BC - unknown image - 
       KiUnexpectedInterrupt133 - OK - 0x804DE222 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt134 - OK - 0x804DE22C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt135 - OK - 0x804DE236 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt136 - OK - 0x804DE240 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt137 - OK - 0x804DE24A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt138 - OK - 0x804DE254 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt139 - OK - 0x804DE25E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt140 - OK - 0x804DE268 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt141 - OK - 0x804DE272 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt142 - OK - 0x804DE27C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt143 - OK - 0x804DE286 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt144 - OK - 0x804DE290 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt145 - OK - 0x806EF984 - C:\WINDOWS\system32\hal.dll - Microsoft Corporation
       KiUnexpectedInterrupt146 - OK - 0x804DE2A4 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt147 - OK - 0x804DE2AE - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt148 - OK - 0x804DE2B8 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt149 - OK - 0x804DE2C2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt150 - OK - 0x804DE2CC - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt151 - OK - 0x804DE2D6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt152 - OK - 0x804DE2E0 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt153 - OK - 0x804DE2EA - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt154 - OK - 0x804DE2F4 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt155 - OK - 0x804DE2FE - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt156 - OK - 0x804DE308 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt157 - OK - 0x804DE312 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt158 - OK - 0x804DE31C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt159 - OK - 0x804DE326 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt160 - OK - 0x804DE330 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt161 - OK - 0x806EED34 - C:\WINDOWS\system32\hal.dll - Microsoft Corporation
       KiUnexpectedInterrupt162 - OK - 0x804DE344 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt163 - OK - 0x804DE34E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt164 - OK - 0x804DE358 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt165 - OK - 0x804DE362 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt166 - OK - 0x804DE36C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt167 - OK - 0x804DE376 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt168 - OK - 0x804DE380 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt169 - OK - 0x804DE38A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt170 - OK - 0x804DE394 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt171 - OK - 0x804DE39E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt172 - OK - 0x804DE3A8 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt173 - OK - 0x804DE3B2 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt174 - OK - 0x804DE3BC - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt175 - OK - 0x804DE3C6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt176 - OK - 0x804DE3D0 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt177 - OK - 0x806EFF0C - C:\WINDOWS\system32\hal.dll - Microsoft Corporation
       KiUnexpectedInterrupt178 - OK - 0x804DE3E4 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt179 - OK - 0x806EFC70 - C:\WINDOWS\system32\hal.dll - Microsoft Corporation
       KiUnexpectedInterrupt180 - OK - 0x804DE3F8 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt181 - OK - 0x804DE402 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt182 - OK - 0x804DE40C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt183 - OK - 0x804DE416 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt184 - OK - 0x804DE420 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt185 - OK - 0x804DE42A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt186 - OK - 0x804DE434 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt187 - OK - 0x804DE43E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt188 - OK - 0x804DE448 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt189 - OK - 0x804DE452 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt190 - OK - 0x804DE459 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt191 - OK - 0x804DE460 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt192 - OK - 0x804DE467 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt193 - OK - 0x804DE46E - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt194 - OK - 0x804DE475 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt195 - OK - 0x804DE47C - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt196 - OK - 0x804DE483 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt197 - OK - 0x804DE48A - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt198 - OK - 0x804DE491 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt199 - OK - 0x804DE498 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt200 - OK - 0x804DE49F - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt201 - OK - 0x804DE4A6 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt202 - OK - 0x804DE4AD - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt203 - OK - 0x804DE4B4 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt204 - OK - 0x804DE4BB - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation
       KiUnexpectedInterrupt205 - OK - 0x806F0464 - C:\WINDOWS\system32\hal.dll - Microsoft Corporation
       KiUnexpectedInterrupt206 - OK - 0x806F0604 - C:\WINDOWS\system32\hal.dll - Microsoft Corporation
       KiUnexpectedInterrupt207 - OK - 0x804DE4D0 - C:\WINDOWS\system32\ntoskrnl.exe - Microsoft Corporation

==========================================================================================

Message Hook

       csrss.exe - C:\WINDOWS\system32\csrss.exe - WH_MSGFILTER - winsrv.dll
       csrss.exe - C:\WINDOWS\system32\csrss.exe - WH_MSGFILTER - winsrv.dll
       XueTr-+=-¦¦-+˜¦µ¦+.exe - C:\Documents and Settings\Compaq_Owner\Desktop\XueTr-+=-¦¦-+˜¦µ¦+.exe - WH_CBT - mfc42u.dll
       explorer.exe - C:\WINDOWS\explorer.exe - WH_CALLWNDPROC - explorer.exe
       XueTr-+=-¦¦-+˜¦µ¦+.exe - C:\Documents and Settings\Compaq_Owner\Desktop\XueTr-+=-¦¦-+˜¦µ¦+.exe - WH_MSGFILTER - mfc42u.dll

==========================================================================================

Process Hook

      Image File Name[1956 AGRSMMSG.exe]Process Hook
             Iat - SHELL32.dll->SHLWAPI.dll:[Ordinal:486] - 0x77F6C297->0x77FC01E6[C:\WINDOWS\system32\SHLWAPI.dll]

------------------------------------------------------------------------------------------

      Image File Name[940 svchost.exe]Process Hook
             Iat - SHELL32.dll->SHLWAPI.dll:[Ordinal:486] - 0x77F6C297->0x77FC01E6[C:\WINDOWS\system32\SHLWAPI.dll]

------------------------------------------------------------------------------------------

      Image File Name[2012 kbd.exe]Process Hook
             Iat - SHELL32.dll->SHLWAPI.dll:[Ordinal:486] - 0x77F6C297->0x77FC01E6[C:\WINDOWS\system32\SHLWAPI.dll]

------------------------------------------------------------------------------------------

      Image File Name[1804 ccsvchst.exe]Process Hook
             Iat - SHELL32.dll->SHLWAPI.dll:[Ordinal:486] - 0x77F6C297->0x77FC01E6[C:\WINDOWS\system32\SHLWAPI.dll]
             Iat - CLTLMS.DLL->USER32.DLL:MessageBoxA - 0x7E4507EA->0x6C2B5310[C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.9.0.9\CLTLMS.DLL]
             Iat - CLTLMS.DLL->KERNEL32.DLL:GetModuleHandleA - 0x7C80B731->0x7C80AE30[C:\WINDOWS\system32\kernel32.dll]
             Iat - CLTLMS.DLL->KERNEL32.DLL:VirtualProtect - 0x7C801AD4->0x7C80B731[C:\WINDOWS\system32\kernel32.dll]
             Iat - CLTLMS.DLL->KERNEL32.DLL:VirtualFree - 0x7C809B74->0x7C801D7B[C:\WINDOWS\system32\kernel32.dll]
             Iat - CLTLMS.DLL->KERNEL32.DLL:GetProcAddress - 0x7C80AE30->0x7C809AE1[C:\WINDOWS\system32\kernel32.dll]
             Iat - CLTLMS.DLL->KERNEL32.DLL:LoadLibraryA - 0x7C801D7B->0x7C809B74[C:\WINDOWS\system32\kernel32.dll]
             Iat - CLTLMS.DLL->KERNEL32.DLL:VirtualAlloc - 0x7C809AE1->0x7C801AD4[C:\WINDOWS\system32\kernel32.dll]
             Iat - CLTLMS.DLL->KERNEL32.DLL:ExitProcess - 0x7C81CAFA->0x6C2B5313[C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.9.0.9\CLTLMS.DLL]

------------------------------------------------------------------------------------------

      Image File Name[2000 svchost.exe]Process Hook
             Iat - SHELL32.dll->SHLWAPI.dll:[Ordinal:486] - 0x77F6C297->0x77FC01E6[C:\WINDOWS\system32\SHLWAPI.dll]

------------------------------------------------------------------------------------------

      Image File Name[1524 explorer.exe]Process Hook
             Iat - Explorer.EXE->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - Explorer.EXE->SHELL32.dll:[Ordinal:518] - 0x7C9C0000->0x7CA40206[C:\WINDOWS\system32\SHELL32.dll]
             Iat - ADVAPI32.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - RPCRT4.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - Secur32.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - BROWSEUI.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - GDI32.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - USER32.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - msvcrt.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - ole32.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - SHLWAPI.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - OLEAUT32.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - SHDOCVW.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - CRYPT32.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - MSASN1.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - CRYPTUI.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - NETAPI32.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - VERSION.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - WININET.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - urlmon.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - iertutil.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - WINTRUST.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - IMAGEHLP.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - WLDAP32.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - SHELL32.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - SHELL32.dll->SHLWAPI.dll:[Ordinal:486] - 0x77F6C297->0x77FC01E6[C:\WINDOWS\system32\SHLWAPI.dll]
             Iat - UxTheme.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - WINMM.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - MSACM32.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - USERENV.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - IMM32.DLL->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - comctl32.dll[WinSxs]->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - comctl32.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - msctfime.ime->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - appHelp.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - CLBCATQ.DLL->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - GROOVEEX.DLL->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             inline - len(4) GROOVEEX.DLL - 0x4946B8E0->_
             Iat - MSVCR90.dll[WinSxs]->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - ATL90.DLL[WinSxs]->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - cscui.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - CSCDLL.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - themeui.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - rsaenh.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - ntshrui.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - ATL.DLL->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - SETUPAPI.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - LINKINFO.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - msxml3.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - ieframe.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - msi.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - NETSHELL.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - credui.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - WTSAPI32.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - eappcfg.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - iphlpapi.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - WS2_32.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - WS2HELP.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - webcheck.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - MLANG.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - stobject.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - BatMeter.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - WPDShServiceObj.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - WINHTTP.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - mydocs.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - PortableDeviceTypes.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - PortableDeviceApi.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - wdmaud.drv->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - fxsst.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - WINSPOOL.DRV->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - FXSAPI.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - NTMARTA.DLL->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - MPR.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - ntlanman.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - NETUI0.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - davclnt.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - SXS.DLL->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - AcroIEHelper.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - MSVCR80.dll[WinSxs]->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - MSFTEDIT.DLL->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - DUSER.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - MSGINA.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - ODBC32.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - comdlg32.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - sti.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]
             Iat - MSNLNamespaceMgr.dll->KERNEL32.dll:GetProcAddress - 0x7C80AE30->0x5CB77774[C:\WINDOWS\system32\ShimEng.dll]

------------------------------------------------------------------------------------------

      Image File Name[492 ALCXMNTR.EXE]Process Hook
             Iat - SHELL32.dll->SHLWAPI.dll:[Ordinal:486] - 0x77F6C297->0x77FC01E6[C:\WINDOWS\system32\SHLWAPI.dll]

------------------------------------------------------------------------------------------

      Image File Name[608 services.exe]Process Hook
             Nothing

------------------------------------------------------------------------------------------

      Image File Name[464 smss.exe]Process Hook
             Nothing

------------------------------------------------------------------------------------------

      Image File Name[776 svchost.exe]Process Hook
             Iat - SHELL32.dll->SHLWAPI.dll:[Ordinal:486] - 0x77F6C297->0x77FC01E6[C:\WINDOWS\system32\SHLWAPI.dll]

------------------------------------------------------------------------------------------

      Image File Name[564 winlogon.exe]Process Hook
             Iat - SHELL32.dll->SHLWAPI.dll:[Ordinal:486] - 0x77F6C297->0x77FC01E6[C:\WINDOWS\system32\SHLWAPI.dll]

------------------------------------------------------------------------------------------

      Image File Name[540 csrss.exe]Process Hook
             Nothing

------------------------------------------------------------------------------------------

      Image File Name[620 lsass.exe]Process Hook
             Iat - SHELL32.dll->SHLWAPI.dll:[Ordinal:486] - 0x77F6C297->0x77FC01E6[C:\WINDOWS\system32\SHLWAPI.dll]

------------------------------------------------------------------------------------------

      Image File Name[1888 hkcmd.exe]Process Hook
             Iat - SHELL32.dll->SHLWAPI.dll:[Ordinal:486] - 0x77F6C297->0x77FC01E6[C:\WINDOWS\system32\SHLWAPI.dll]

------------------------------------------------------------------------------------------

      Image File Name[3528 XueTr-+=-¦¦-+˜¦µ¦+.exe]Process Hook
             inline - len(5) kernel32.dll->LoadLibraryExW - 0x7C801AF5->0x0040A1A0[C:\Documents and Settings\Compaq_Owner\Desktop\XueTr-+=-¦¦-+˜¦µ¦+.exe]
             Iat - SHELL32.dll->SHLWAPI.dll:[Ordinal:486] - 0x77F6C297->0x77FC01E6[C:\WINDOWS\system32\SHLWAPI.dll]
             inline - len(4) GROOVEEX.DLL - 0x4946B8E0->_

------------------------------------------------------------------------------------------

      Image File Name[872 svchost.exe]Process Hook
             Iat - SHELL32.dll->SHLWAPI.dll:[Ordinal:486] - 0x77F6C297->0x77FC01E6[C:\WINDOWS\system32\SHLWAPI.dll]

------------------------------------------------------------------------------------------

      Image File Name[1036 svchost.exe]Process Hook
             Iat - SHELL32.dll->SHLWAPI.dll:[Ordinal:486] - 0x77F6C297->0x77FC01E6[C:\WINDOWS\system32\SHLWAPI.dll]

------------------------------------------------------------------------------------------

      Image File Name[1128 svchost.exe]Process Hook
             Iat - SHELL32.dll->SHLWAPI.dll:[Ordinal:486] - 0x77F6C297->0x77FC01E6[C:\WINDOWS\system32\SHLWAPI.dll]

------------------------------------------------------------------------------------------

      Image File Name[1236 spoolsv.exe]Process Hook
             Iat - SHELL32.dll->SHLWAPI.dll:[Ordinal:486] - 0x77F6C297->0x77FC01E6[C:\WINDOWS\system32\SHLWAPI.dll]
             inline - len(4) mdimon.dll - 0x00C91410->_
             inline - len(4) mdippr.dll - 0x010F12FC->_

------------------------------------------------------------------------------------------

      Image File Name[1616 jqs.exe]Process Hook
             Iat - SHELL32.dll->SHLWAPI.dll:[Ordinal:486] - 0x77F6C297->0x77FC01E6[C:\WINDOWS\system32\SHLWAPI.dll]

------------------------------------------------------------------------------------------

      Image File Name[1704 mdm.exe]Process Hook
             Nothing

------------------------------------------------------------------------------------------

      Image File Name[1840 hpsysdrv.exe]Process Hook
             Nothing

------------------------------------------------------------------------------------------

      Image File Name[2096 alg.exe]Process Hook
             Iat - SHELL32.dll->SHLWAPI.dll:[Ordinal:486] - 0x77F6C297->0x77FC01E6[C:\WINDOWS\system32\SHLWAPI.dll]

------------------------------------------------------------------------------------------

      Image File Name[2724 wscntfy.exe]Process Hook
             Iat - SHELL32.dll->SHLWAPI.dll:[Ordinal:486] - 0x77F6C297->0x77FC01E6[C:\WINDOWS\system32\SHLWAPI.dll]

==========================================================================================

KernelCallbackTable

      Image File Name[4 System]KernelCallbackTable

------------------------------------------------------------------------------------------

      Image File Name[1956 AGRSMMSG.exe]KernelCallbackTable
             fnCOPYDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnCOPYGLOBALDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnNCDESTROY - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORDOPTINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTDRAG - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINCNTOUTSTRING - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCOMPAREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDELETEITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDRAWITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPMDICREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPMEASUREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPWINDOWPOS - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPPOINT5 - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNCCALCSIZE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINPAINTCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSIZECLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINDESTROYCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINDEVICECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNEXTMENU - OK - C:\WINDOWS\system32\USER32.dll
             fnLOGONNOTIFY - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTDWORDINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnSENTDDEMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTSTYLECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTACTIVATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPDEBUGHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMOUSEHOOKSTRUCTEX - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPKBDLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkOPTINLPEVENTMSG - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientEventCallback - OK - C:\WINDOWS\system32\USER32.dll
             ClientFindMnemChar - OK - C:\WINDOWS\system32\USER32.dll
             ClientFontSweep - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeDDEHandle - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetCharsetInfo - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEFlags - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEHookData - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetListboxString - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetMessageMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadMenu - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLocalT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadRemoteT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientPSMTextOut - OK - C:\WINDOWS\system32\USER32.dll
             ClientLpkDrawTextEx - OK - C:\WINDOWS\system32\USER32.dll
             ClientExtTextOutW - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetTextExtentPointW - OK - C:\WINDOWS\system32\USER32.dll
             ClientCharToWchar - OK - C:\WINDOWS\system32\USER32.dll
             ClientAddFontResourceW - OK - C:\WINDOWS\system32\USER32.dll
             ClientThreadSetup - OK - C:\WINDOWS\system32\USER32.dll
             ClientDeliverUserApc - OK - C:\WINDOWS\system32\USER32.dll
             ClientNoMemoryPopup - OK - C:\WINDOWS\system32\USER32.dll
             ClientMonitorEnumProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientCallWinEventProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientWaitMessageExMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWGetProcModule - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWTask16SchedNotify - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmLoadLayout - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmProcessKey - OK - C:\WINDOWS\system32\USER32.dll
             fnIMECONTROL - OK - C:\WINDOWS\system32\USER32.dll
             fnINWPARAMDBCSCHAR - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPKDRAWSWITCHWND - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadStringW - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadOLE - OK - C:\WINDOWS\system32\USER32.dll
             ClientRegisterDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             ClientRevokeDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTMENUGETOBJECT - OK - C:\WINDOWS\system32\USER32.dll
             ClientPrinterThunk - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPCOMBOBOXINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPSCROLLBARINFO - OK - C:\WINDOWS\system32\USER32.dll

------------------------------------------------------------------------------------------

      Image File Name[940 svchost.exe]KernelCallbackTable
             fnCOPYDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnCOPYGLOBALDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnNCDESTROY - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORDOPTINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTDRAG - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINCNTOUTSTRING - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCOMPAREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDELETEITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDRAWITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPMDICREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPMEASUREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPWINDOWPOS - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPPOINT5 - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNCCALCSIZE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINPAINTCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSIZECLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINDESTROYCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINDEVICECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNEXTMENU - OK - C:\WINDOWS\system32\USER32.dll
             fnLOGONNOTIFY - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTDWORDINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnSENTDDEMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTSTYLECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTACTIVATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPDEBUGHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMOUSEHOOKSTRUCTEX - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPKBDLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkOPTINLPEVENTMSG - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientEventCallback - OK - C:\WINDOWS\system32\USER32.dll
             ClientFindMnemChar - OK - C:\WINDOWS\system32\USER32.dll
             ClientFontSweep - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeDDEHandle - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetCharsetInfo - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEFlags - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEHookData - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetListboxString - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetMessageMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadMenu - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLocalT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadRemoteT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientPSMTextOut - OK - C:\WINDOWS\system32\USER32.dll
             ClientLpkDrawTextEx - OK - C:\WINDOWS\system32\USER32.dll
             ClientExtTextOutW - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetTextExtentPointW - OK - C:\WINDOWS\system32\USER32.dll
             ClientCharToWchar - OK - C:\WINDOWS\system32\USER32.dll
             ClientAddFontResourceW - OK - C:\WINDOWS\system32\USER32.dll
             ClientThreadSetup - OK - C:\WINDOWS\system32\USER32.dll
             ClientDeliverUserApc - OK - C:\WINDOWS\system32\USER32.dll
             ClientNoMemoryPopup - OK - C:\WINDOWS\system32\USER32.dll
             ClientMonitorEnumProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientCallWinEventProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientWaitMessageExMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWGetProcModule - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWTask16SchedNotify - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmLoadLayout - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmProcessKey - OK - C:\WINDOWS\system32\USER32.dll
             fnIMECONTROL - OK - C:\WINDOWS\system32\USER32.dll
             fnINWPARAMDBCSCHAR - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPKDRAWSWITCHWND - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadStringW - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadOLE - OK - C:\WINDOWS\system32\USER32.dll
             ClientRegisterDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             ClientRevokeDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTMENUGETOBJECT - OK - C:\WINDOWS\system32\USER32.dll
             ClientPrinterThunk - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPCOMBOBOXINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPSCROLLBARINFO - OK - C:\WINDOWS\system32\USER32.dll

------------------------------------------------------------------------------------------

      Image File Name[2012 kbd.exe]KernelCallbackTable
             fnCOPYDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnCOPYGLOBALDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnNCDESTROY - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORDOPTINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTDRAG - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINCNTOUTSTRING - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCOMPAREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDELETEITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDRAWITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPMDICREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPMEASUREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPWINDOWPOS - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPPOINT5 - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNCCALCSIZE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINPAINTCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSIZECLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINDESTROYCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINDEVICECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNEXTMENU - OK - C:\WINDOWS\system32\USER32.dll
             fnLOGONNOTIFY - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTDWORDINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnSENTDDEMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTSTYLECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTACTIVATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPDEBUGHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMOUSEHOOKSTRUCTEX - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPKBDLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkOPTINLPEVENTMSG - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientEventCallback - OK - C:\WINDOWS\system32\USER32.dll
             ClientFindMnemChar - OK - C:\WINDOWS\system32\USER32.dll
             ClientFontSweep - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeDDEHandle - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetCharsetInfo - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEFlags - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEHookData - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetListboxString - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetMessageMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadMenu - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLocalT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadRemoteT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientPSMTextOut - OK - C:\WINDOWS\system32\USER32.dll
             ClientLpkDrawTextEx - OK - C:\WINDOWS\system32\USER32.dll
             ClientExtTextOutW - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetTextExtentPointW - OK - C:\WINDOWS\system32\USER32.dll
             ClientCharToWchar - OK - C:\WINDOWS\system32\USER32.dll
             ClientAddFontResourceW - OK - C:\WINDOWS\system32\USER32.dll
             ClientThreadSetup - OK - C:\WINDOWS\system32\USER32.dll
             ClientDeliverUserApc - OK - C:\WINDOWS\system32\USER32.dll
             ClientNoMemoryPopup - OK - C:\WINDOWS\system32\USER32.dll
             ClientMonitorEnumProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientCallWinEventProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientWaitMessageExMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWGetProcModule - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWTask16SchedNotify - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmLoadLayout - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmProcessKey - OK - C:\WINDOWS\system32\USER32.dll
             fnIMECONTROL - OK - C:\WINDOWS\system32\USER32.dll
             fnINWPARAMDBCSCHAR - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPKDRAWSWITCHWND - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadStringW - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadOLE - OK - C:\WINDOWS\system32\USER32.dll
             ClientRegisterDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             ClientRevokeDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTMENUGETOBJECT - OK - C:\WINDOWS\system32\USER32.dll
             ClientPrinterThunk - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPCOMBOBOXINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPSCROLLBARINFO - OK - C:\WINDOWS\system32\USER32.dll

------------------------------------------------------------------------------------------

      Image File Name[1804 ccsvchst.exe]KernelCallbackTable
             fnCOPYDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnCOPYGLOBALDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnNCDESTROY - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORDOPTINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTDRAG - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINCNTOUTSTRING - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCOMPAREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDELETEITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDRAWITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPMDICREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPMEASUREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPWINDOWPOS - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPPOINT5 - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNCCALCSIZE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINPAINTCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSIZECLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINDESTROYCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINDEVICECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNEXTMENU - OK - C:\WINDOWS\system32\USER32.dll
             fnLOGONNOTIFY - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTDWORDINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnSENTDDEMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTSTYLECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTACTIVATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPDEBUGHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMOUSEHOOKSTRUCTEX - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPKBDLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkOPTINLPEVENTMSG - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientEventCallback - OK - C:\WINDOWS\system32\USER32.dll
             ClientFindMnemChar - OK - C:\WINDOWS\system32\USER32.dll
             ClientFontSweep - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeDDEHandle - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetCharsetInfo - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEFlags - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEHookData - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetListboxString - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetMessageMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadMenu - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLocalT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadRemoteT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientPSMTextOut - OK - C:\WINDOWS\system32\USER32.dll
             ClientLpkDrawTextEx - OK - C:\WINDOWS\system32\USER32.dll
             ClientExtTextOutW - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetTextExtentPointW - OK - C:\WINDOWS\system32\USER32.dll
             ClientCharToWchar - OK - C:\WINDOWS\system32\USER32.dll
             ClientAddFontResourceW - OK - C:\WINDOWS\system32\USER32.dll
             ClientThreadSetup - OK - C:\WINDOWS\system32\USER32.dll
             ClientDeliverUserApc - OK - C:\WINDOWS\system32\USER32.dll
             ClientNoMemoryPopup - OK - C:\WINDOWS\system32\USER32.dll
             ClientMonitorEnumProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientCallWinEventProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientWaitMessageExMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWGetProcModule - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWTask16SchedNotify - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmLoadLayout - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmProcessKey - OK - C:\WINDOWS\system32\USER32.dll
             fnIMECONTROL - OK - C:\WINDOWS\system32\USER32.dll
             fnINWPARAMDBCSCHAR - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPKDRAWSWITCHWND - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadStringW - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadOLE - OK - C:\WINDOWS\system32\USER32.dll
             ClientRegisterDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             ClientRevokeDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTMENUGETOBJECT - OK - C:\WINDOWS\system32\USER32.dll
             ClientPrinterThunk - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPCOMBOBOXINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPSCROLLBARINFO - OK - C:\WINDOWS\system32\USER32.dll

------------------------------------------------------------------------------------------

      Image File Name[2000 svchost.exe]KernelCallbackTable
             fnCOPYDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnCOPYGLOBALDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnNCDESTROY - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORDOPTINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTDRAG - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINCNTOUTSTRING - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCOMPAREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDELETEITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDRAWITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPMDICREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPMEASUREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPWINDOWPOS - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPPOINT5 - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNCCALCSIZE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINPAINTCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSIZECLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINDESTROYCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINDEVICECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNEXTMENU - OK - C:\WINDOWS\system32\USER32.dll
             fnLOGONNOTIFY - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTDWORDINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnSENTDDEMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTSTYLECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTACTIVATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPDEBUGHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMOUSEHOOKSTRUCTEX - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPKBDLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkOPTINLPEVENTMSG - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientEventCallback - OK - C:\WINDOWS\system32\USER32.dll
             ClientFindMnemChar - OK - C:\WINDOWS\system32\USER32.dll
             ClientFontSweep - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeDDEHandle - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetCharsetInfo - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEFlags - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEHookData - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetListboxString - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetMessageMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadMenu - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLocalT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadRemoteT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientPSMTextOut - OK - C:\WINDOWS\system32\USER32.dll
             ClientLpkDrawTextEx - OK - C:\WINDOWS\system32\USER32.dll
             ClientExtTextOutW - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetTextExtentPointW - OK - C:\WINDOWS\system32\USER32.dll
             ClientCharToWchar - OK - C:\WINDOWS\system32\USER32.dll
             ClientAddFontResourceW - OK - C:\WINDOWS\system32\USER32.dll
             ClientThreadSetup - OK - C:\WINDOWS\system32\USER32.dll
             ClientDeliverUserApc - OK - C:\WINDOWS\system32\USER32.dll
             ClientNoMemoryPopup - OK - C:\WINDOWS\system32\USER32.dll
             ClientMonitorEnumProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientCallWinEventProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientWaitMessageExMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWGetProcModule - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWTask16SchedNotify - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmLoadLayout - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmProcessKey - OK - C:\WINDOWS\system32\USER32.dll
             fnIMECONTROL - OK - C:\WINDOWS\system32\USER32.dll
             fnINWPARAMDBCSCHAR - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPKDRAWSWITCHWND - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadStringW - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadOLE - OK - C:\WINDOWS\system32\USER32.dll
             ClientRegisterDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             ClientRevokeDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTMENUGETOBJECT - OK - C:\WINDOWS\system32\USER32.dll
             ClientPrinterThunk - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPCOMBOBOXINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPSCROLLBARINFO - OK - C:\WINDOWS\system32\USER32.dll

------------------------------------------------------------------------------------------

      Image File Name[1524 explorer.exe]KernelCallbackTable
             fnCOPYDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnCOPYGLOBALDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnNCDESTROY - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORDOPTINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTDRAG - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINCNTOUTSTRING - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCOMPAREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDELETEITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDRAWITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPMDICREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPMEASUREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPWINDOWPOS - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPPOINT5 - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNCCALCSIZE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINPAINTCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSIZECLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINDESTROYCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINDEVICECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNEXTMENU - OK - C:\WINDOWS\system32\USER32.dll
             fnLOGONNOTIFY - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTDWORDINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnSENTDDEMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTSTYLECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTACTIVATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPDEBUGHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMOUSEHOOKSTRUCTEX - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPKBDLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkOPTINLPEVENTMSG - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientEventCallback - OK - C:\WINDOWS\system32\USER32.dll
             ClientFindMnemChar - OK - C:\WINDOWS\system32\USER32.dll
             ClientFontSweep - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeDDEHandle - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetCharsetInfo - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEFlags - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEHookData - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetListboxString - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetMessageMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadMenu - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLocalT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadRemoteT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientPSMTextOut - OK - C:\WINDOWS\system32\USER32.dll
             ClientLpkDrawTextEx - OK - C:\WINDOWS\system32\USER32.dll
             ClientExtTextOutW - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetTextExtentPointW - OK - C:\WINDOWS\system32\USER32.dll
             ClientCharToWchar - OK - C:\WINDOWS\system32\USER32.dll
             ClientAddFontResourceW - OK - C:\WINDOWS\system32\USER32.dll
             ClientThreadSetup - OK - C:\WINDOWS\system32\USER32.dll
             ClientDeliverUserApc - OK - C:\WINDOWS\system32\USER32.dll
             ClientNoMemoryPopup - OK - C:\WINDOWS\system32\USER32.dll
             ClientMonitorEnumProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientCallWinEventProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientWaitMessageExMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWGetProcModule - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWTask16SchedNotify - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmLoadLayout - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmProcessKey - OK - C:\WINDOWS\system32\USER32.dll
             fnIMECONTROL - OK - C:\WINDOWS\system32\USER32.dll
             fnINWPARAMDBCSCHAR - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPKDRAWSWITCHWND - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadStringW - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadOLE - OK - C:\WINDOWS\system32\USER32.dll
             ClientRegisterDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             ClientRevokeDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTMENUGETOBJECT - OK - C:\WINDOWS\system32\USER32.dll
             ClientPrinterThunk - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPCOMBOBOXINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPSCROLLBARINFO - OK - C:\WINDOWS\system32\USER32.dll

------------------------------------------------------------------------------------------

      Image File Name[492 ALCXMNTR.EXE]KernelCallbackTable
             fnCOPYDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnCOPYGLOBALDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnNCDESTROY - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORDOPTINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTDRAG - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINCNTOUTSTRING - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCOMPAREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDELETEITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDRAWITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPMDICREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPMEASUREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPWINDOWPOS - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPPOINT5 - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNCCALCSIZE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINPAINTCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSIZECLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINDESTROYCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINDEVICECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNEXTMENU - OK - C:\WINDOWS\system32\USER32.dll
             fnLOGONNOTIFY - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTDWORDINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnSENTDDEMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTSTYLECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTACTIVATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPDEBUGHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMOUSEHOOKSTRUCTEX - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPKBDLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkOPTINLPEVENTMSG - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientEventCallback - OK - C:\WINDOWS\system32\USER32.dll
             ClientFindMnemChar - OK - C:\WINDOWS\system32\USER32.dll
             ClientFontSweep - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeDDEHandle - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetCharsetInfo - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEFlags - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEHookData - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetListboxString - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetMessageMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadMenu - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLocalT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadRemoteT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientPSMTextOut - OK - C:\WINDOWS\system32\USER32.dll
             ClientLpkDrawTextEx - OK - C:\WINDOWS\system32\USER32.dll
             ClientExtTextOutW - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetTextExtentPointW - OK - C:\WINDOWS\system32\USER32.dll
             ClientCharToWchar - OK - C:\WINDOWS\system32\USER32.dll
             ClientAddFontResourceW - OK - C:\WINDOWS\system32\USER32.dll
             ClientThreadSetup - OK - C:\WINDOWS\system32\USER32.dll
             ClientDeliverUserApc - OK - C:\WINDOWS\system32\USER32.dll
             ClientNoMemoryPopup - OK - C:\WINDOWS\system32\USER32.dll
             ClientMonitorEnumProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientCallWinEventProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientWaitMessageExMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWGetProcModule - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWTask16SchedNotify - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmLoadLayout - OK - C:\WINDOWS\system32\USER32.dll
             ClientImmProcessKey - OK - C:\WINDOWS\system32\USER32.dll
             fnIMECONTROL - OK - C:\WINDOWS\system32\USER32.dll
             fnINWPARAMDBCSCHAR - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPKDRAWSWITCHWND - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadStringW - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadOLE - OK - C:\WINDOWS\system32\USER32.dll
             ClientRegisterDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             ClientRevokeDragDrop - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTMENUGETOBJECT - OK - C:\WINDOWS\system32\USER32.dll
             ClientPrinterThunk - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPCOMBOBOXINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPSCROLLBARINFO - OK - C:\WINDOWS\system32\USER32.dll

------------------------------------------------------------------------------------------

      Image File Name[608 services.exe]KernelCallbackTable
             fnCOPYDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnCOPYGLOBALDATA - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnNCDESTROY - OK - C:\WINDOWS\system32\USER32.dll
             fnDWORDOPTINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTDRAG - OK - C:\WINDOWS\system32\USER32.dll
             fnGETTEXTLENGTHS - OK - C:\WINDOWS\system32\USER32.dll
             fnINCNTOUTSTRING - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCOMPAREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDELETEITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPDRAWITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPMDICREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPMEASUREITEMSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPWINDOWPOS - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPPOINT5 - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNCCALCSIZE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTLPSCROLLINFO - OK - C:\WINDOWS\system32\USER32.dll
             fnINPAINTCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSIZECLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINDESTROYCLIPBRD - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINSTRINGNULL - OK - C:\WINDOWS\system32\USER32.dll
             fnINDEVICECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTNEXTMENU - OK - C:\WINDOWS\system32\USER32.dll
             fnLOGONNOTIFY - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOPTOUTLPDWORDOPTOUTLPDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTDWORDINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnOUTLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnINLPHLPSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnPOUTLPINT - OK - C:\WINDOWS\system32\USER32.dll
             fnSENTDDEMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnINOUTSTYLECHANGE - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINDWORD - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTACTIVATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPCBTCREATESTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPDEBUGHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMOUSEHOOKSTRUCTEX - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPKBDLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSLLHOOKSTRUCT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPMSG - OK - C:\WINDOWS\system32\USER32.dll
             fnHkINLPRECT - OK - C:\WINDOWS\system32\USER32.dll
             fnHkOPTINLPEVENTMSG - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEIn2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut1 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyDDEOut2 - OK - C:\WINDOWS\system32\USER32.dll
             ClientCopyImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientEventCallback - OK - C:\WINDOWS\system32\USER32.dll
             ClientFindMnemChar - OK - C:\WINDOWS\system32\USER32.dll
             ClientFontSweep - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeDDEHandle - OK - C:\WINDOWS\system32\USER32.dll
             ClientFreeLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetCharsetInfo - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEFlags - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetDDEHookData - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetListboxString - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetMessageMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadImage - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLibrary - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadMenu - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadLocalT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientLoadRemoteT1Fonts - OK - C:\WINDOWS\system32\USER32.dll
             ClientPSMTextOut - OK - C:\WINDOWS\system32\USER32.dll
             ClientLpkDrawTextEx - OK - C:\WINDOWS\system32\USER32.dll
             ClientExtTextOutW - OK - C:\WINDOWS\system32\USER32.dll
             ClientGetTextExtentPointW - OK - C:\WINDOWS\system32\USER32.dll
             ClientCharToWchar - OK - C:\WINDOWS\system32\USER32.dll
             ClientAddFontResourceW - OK - C:\WINDOWS\system32\USER32.dll
             ClientThreadSetup - OK - C:\WINDOWS\system32\USER32.dll
             ClientDeliverUserApc - OK - C:\WINDOWS\system32\USER32.dll
             ClientNoMemoryPopup - OK - C:\WINDOWS\system32\USER32.dll
             ClientMonitorEnumProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientCallWinEventProc - OK - C:\WINDOWS\system32\USER32.dll
             ClientWaitMessageExMPH - OK - C:\WINDOWS\system32\USER32.dll
             ClientWOWGetProcModule - OK - C:\WIN