Detecting unauthorized processes

[Don57]

I just downloaded wikileaks spy files torrent. The attached file.  I am trying to view this from a detection point of view, so I hope that I am not violating any forum rules. About 22 years ago I worked on a coprocessor based computer, the amiga, so some of my terminology nay not be correct, but I'll give it a shot. In that system all user input was handled in a chain. To get input from the user you had to add an interupt vector to the chain and assign it a priority. All processes recieved their input in order of their priority. The input was passed in a message structure, as a pointer to the structure. The input could the be consumed by the process, rendering it invisible to other processes, or returned to the chain. Sorry for being so verbose, but my question is does the windows OS user input work the same way. If so sould it not be possible to detect the program described in the attachment.

The Pdf file is too large to load, but is available from wiki leaks in the spy torrent file. The file name is  31_20xxxxxxxxxx