Handle v3.

42
Copyright (C) 1997-2008 Mark Russinovich
Sysinternals - www.sysinternals.com
-----------------------------------------------------------------------------System pid: 4 NT AUTHORITY\SYSTEM
98: File (-WD) C:\WINDOWS\system32\drivers\sptd.sys
524: File (R--) C:\System Volume Information\_restore{B6705E1A-C2D9-4762-83
B2-49803872FE9A}\RP473\change.log
844: File (RW-) C:\Program Files\eScan\vxp64db
848: File (RW-) C:\Program Files\eScan\Warns
84C: File (RW-) C:\Program Files\eScan\w2kdb
850: File (RW-) C:\Program Files\eScan\vdb64
854: File (RW-) C:\Program Files\eScan\vista32DB
858: File (RW-) C:\Program Files\eScan\Vista
860: File (RW-) C:\Program Files\eScan\vdb32
868: File (RW-) C:\Program Files\eScan\TSpam
878: File (RW-) C:\Program Files\Common Files\MicroWorld\WGWIN
884: File (RW-) C:\Program Files\Common Files\MicroWorld\Agent
88C: File (RW-) C:\Documents and Settings\All Users\Application Data\MicroW
orld\eScanBD\plugins
890: File (RW-) C:\Program Files\eScan\DEBUG
894: File (RW-) C:\Documents and Settings\All Users\Application Data\MicroW
orld\eScanBD\AVCBack
898: File (R--) C:\WINDOWS\system32\drivers\bdfsfltr.sys
89C: File (RW-) C:\Program Files\eScan\Groups
8A4: File (RW-) C:\Program Files\eScan\FTPTEMP
8A8: File (RW-) C:\Program Files\eScan\EMLTEMP
8B4: File (RW-) C:\Documents and Settings\All Users\Application Data\MicroW
orld\eScanBD\AVCBack\plugins
8B8: File (R--) C:\WINDOWS\system32\drivers\econceal.sys
97C: File (RW-) C:\Program Files\eScan
994: File (RW-) C:\Documents and Settings\All Users\Application Data\MicroW
orld\eScanBD
9A4: File (RW-) C:\Program Files\eScan\img
9AC: File (RW-) C:\Program Files\eScan\INFECTED
9B8: File (RW-) C:\Program Files\eScan\SETUP
9BC: File (RW-) C:\Program Files\eScan\FBackup
9C0: File (R--) C:\WINDOWS\system32\drivers\etc\hosts
9C4: File (RW-) C:\Program Files\eScan\QUARANT
9C8: File (RW-) C:\Program Files\eScan\JOBS
9CC: File (RW-) C:\Program Files\eScan\Lan
9D0: File (RW-) C:\Program Files\eScan\plugins
9D4: File (RW-) C:\Program Files\eScan\REPORT
9D8: File (RW-) C:\Program Files\eScan\SOUNDS
9DC: File (RW-) C:\Program Files\eScan\SPOOLOUT
9E0: File (RW-) C:\Program Files\eScan\SETUPTMP
109C: File (RW-) C:\Program Files\eScan\THam
16D4: File (--D) C:\WINDOWS\system32\drivers\sptd1581.sys
16DC: File (-W-) C:\pagefile.sys
16E4: File (---) C:\WINDOWS\system32\config\software.LOG
16E8: File (---) C:\WINDOWS\system32\config\SECURITY
16F4: File (---) C:\WINDOWS\system32\config\system
16F8: File (---) C:\WINDOWS\system32\config\software
16FC: File (---) C:\WINDOWS\system32\config\system.LOG
1708: File (---) C:\WINDOWS\system32\config\SAM
170C: File (---) C:\WINDOWS\system32\config\SECURITY.LOG
1710: File (---) C:\WINDOWS\system32\config\default
1714: File (---) C:\WINDOWS\system32\config\SAM.LOG

1718: File (---) C:\WINDOWS\system32\config\default.LOG

178C: File (---) C:\Documents and Settings\NetworkService\Local Settings\App
lication Data\Microsoft\Windows\UsrClass.dat.LOG
1790: File (---) C:\Documents and Settings\NetworkService\Local Settings\App
lication Data\Microsoft\Windows\UsrClass.dat
1798: File (---) C:\Documents and Settings\NetworkService\ntuser.dat.LOG
17A4: File (---) C:\Documents and Settings\NetworkService\NTUSER.DAT
17B0: File (RWD) C:\WINDOWS\system32\drivers
1838: File (---) C:\Documents and Settings\LocalService\Local Settings\Appli
cation Data\Microsoft\Windows\UsrClass.dat.LOG
1840: File (---) C:\Documents and Settings\LocalService\Local Settings\Appli
cation Data\Microsoft\Windows\UsrClass.dat
1844: File (---) C:\Documents and Settings\LocalService\NTUSER.DAT
1854: File (---) C:\Documents and Settings\LocalService\ntuser.dat.LOG
1920: File (RW-) C:\WINDOWS\CSC\00000001
193C: File (---) C:\Documents and Settings\Eng.Tawfik\NTUSER.DAT
1948: File (---) C:\Documents and Settings\Eng.Tawfik\Local Settings\Applica
tion Data\Microsoft\Windows\UsrClass.dat
194C: File (---) C:\Documents and Settings\Eng.Tawfik\ntuser.dat.LOG
1954: File (---) C:\Documents and Settings\Eng.Tawfik\Local Settings\Applica
tion Data\Microsoft\Windows\UsrClass.dat.LOG
1980: File (---) C:\WINDOWS\system32\drivers\fidbox.dat
1984: File (---) C:\WINDOWS\system32\drivers\fidbox2.idx
1988: File (---) C:\WINDOWS\Temp\hlktmp
1994: File (---) C:\WINDOWS\system32\drivers\fidbox.idx
199C: File (---) C:\WINDOWS\system32\drivers\fidbox2.dat
-----------------------------------------------------------------------------smss.exe pid: 1592 NT AUTHORITY\SYSTEM
8: File (RW-) C:\WINDOWS
1C: File (RW-) C:\WINDOWS\system32
-----------------------------------------------------------------------------csrss.exe pid: 1680 NT AUTHORITY\SYSTEM
-----------------------------------------------------------------------------winlogon.exe pid: 1704 NT AUTHORITY\SYSTEM
F8: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
128: Section
\BaseNamedObjects\WDMAUD_Callbacks
184: Section
\BaseNamedObjects\ShimSharedMemory
1E8: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
20C: File (RW-) C:\WINDOWS\system32\dllcache
210: File (RW-) C:\WINDOWS\system32
214: File (RW-) C:\WINDOWS\AppPatch
218: File (RW-) C:\Program Files\Common Files\Microsoft Shared\web server e
xtensions\40\isapi\_vti_adm
21C: File (RW-) C:\Program Files\Common Files\Microsoft Shared\web server e
xtensions\40\_vti_bin\_vti_adm
220: File (RW-) C:\WINDOWS\Help
224: File (RW-) C:\Program Files\Common Files\Microsoft Shared\web server e
xtensions\40\isapi\_vti_aut
228: File (RW-) C:\Program Files\Common Files\Microsoft Shared\web server e
xtensions\40\_vti_bin\_vti_aut
22C: File (RW-) C:\WINDOWS\system32\inetsrv
230: File (RW-) C:\Program Files\Common Files\Microsoft Shared\web server e
xtensions\40\bin
234: File (RW-) C:\WINDOWS\Fonts
238: File (RW-) C:\WINDOWS\system32\drivers
23C: File (RW-) C:\Program Files\Common Files\Microsoft Shared\web server e
xtensions\40\servsupp
240: File (RW-) C:\Program Files\Common Files\Microsoft Shared\web server e

xtensions\40\bots\vinavbar
244: File (RW-) C:\Program Files\microsoft frontpage\version3.0\bin
248: File (RW-) C:\Program Files\Common Files\Microsoft Shared\web server e
xtensions\40\_vti_bin
24C: File (RW-) C:\Program Files\Common Files\Microsoft Shared\web server e
xtensions\40\bin\1033
250: File (RW-) C:\Program Files\Common Files\Microsoft Shared\web server e
xtensions\40\isapi
254: File (RW-) C:\WINDOWS
258: File (RW-) C:\Program Files\Common Files\Microsoft Shared\DAO
25C: File (RW-) C:\Program Files\Windows Media Player
260: File (RW-) C:\Program Files\Common Files\System\msadc
264: File (RW-) C:\Program Files\Common Files\System\ado
268: File (RW-) C:\Program Files\Common Files\System\Ole DB
26C: File (RW-) C:\WINDOWS\inf
270: File (RW-) C:\WINDOWS\system
274: File (RW-) C:\WINDOWS\msagent
278: File (RW-) C:\WINDOWS\msagent\intl
27C: File (RW-) C:\Program Files\MSN Gaming Zone\Windows
280: File (RW-) C:\WINDOWS\pchealth\helpctr\binaries
284: File (RW-) C:\Program Files\NetMeeting
288: File (RW-) C:\WINDOWS\system32\drivers\disdn
28C: File (RW-) C:\WINDOWS\ime\CHTIME\Applets
290: File (RW-) C:\WINDOWS\system32\wbem
294: File (RW-) C:\WINDOWS\system32\IME\CINTLGNT
298: File (RW-) C:\WINDOWS\system32\Com
29C: File (RW-) C:\WINDOWS\system32\Setup
2A0: File (RW-) C:\WINDOWS\ime\imjp8_1
2A4: File (RW-) C:\Program Files\Common Files\Microsoft Shared\Triedit
2A8: File (RW-) C:\Program Files\Windows NT
2AC: File (RW-) C:\Program Files\Common Files\System
2B0: File (RW-) C:\WINDOWS\system32\1033
2B4: File (RW-) C:\Program Files\Common Files\Microsoft Shared\web server e
xtensions\40\admcgi\scripts
2B8: File (RW-) C:\Program Files\Common Files\Microsoft Shared\web server e
xtensions\40\admisapi\scripts
2BC: File (RW-) C:\WINDOWS\system32\usmt
2C0: File (RW-) C:\WINDOWS\ime\imkr6_1\dicts
2D8: File (RW-) C:\WINDOWS\system32\mui\0009
2DC: File (RW-) C:\Program Files\Internet Explorer
2E0: File (RW-) C:\WINDOWS\ime\imjp8_1\applets
2E4: File (RW-) C:\WINDOWS\ime\imkr6_1\applets
2E8: File (RW-) C:\WINDOWS\system32\xircom
2EC: File (RW-) C:\Program Files\Internet Explorer\Connection Wizard
2F0: File (RW-) C:\Program Files\Common Files\Microsoft Shared\MSInfo
2F4: File (RW-) C:\WINDOWS\ime\imkr6_1
2F8: File (RW-) C:\WINDOWS\ime\shared
2FC: File (RW-) C:\WINDOWS\system32\IME\PINTLGNT
300: File (RW-) C:\Program Files\Common Files\SpeechEngines\Microsoft\Lexic
on\1033
304: File (RW-) C:\WINDOWS\Resources\Themes\Luna
308: File (RW-) C:\Program Files\Movie Maker
30C: File (RW-) C:\WINDOWS\ime
310: File (RW-) C:\WINDOWS\srchasst
314: File (RW-) C:\Program Files\Outlook Express
318: File (RW-) C:\WINDOWS\system32\oobe
31C: File (RW-) C:\Program Files\Common Files\MSSoap\Binaries
320: File (RW-) C:\Program Files\Common Files\MSSoap\Binaries\Resources\103
3
324: File (RW-) C:\WINDOWS\mui

328: File (RW-) C:\WINDOWS\system32\npp

32C: File (RW-) C:\WINDOWS\ime\shared\res
330: File (RW-) C:\Program Files\Windows NT\Pinball
334: File (RW-) C:\WINDOWS\ime\chsime\applets
338: File (RW-) C:\WINDOWS\system32\Restore
33C: File (RW-) C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS\1
033
340: File (RW-) C:\Program Files\Common Files\Microsoft Shared\Speech
344: File (RW-) C:\WINDOWS\Resources\Themes\Luna\Shell\NormalColor
348: File (RW-) C:\WINDOWS\Resources\Themes\Luna\Shell\Homestead
34C: File (RW-) C:\WINDOWS\Resources\Themes\Luna\Shell\Metallic
350: File (RW-) C:\WINDOWS\system32\wbem\snmp
354: File (RW-) C:\Program Files\Common Files\SpeechEngines\Microsoft
358: File (RW-) C:\Program Files\Common Files\Microsoft Shared\Speech\1033
35C: File (RW-) C:\WINDOWS\PeerNet
360: File (RW-) C:\WINDOWS\system32\spool\drivers\color
364: File (RW-) C:\WINDOWS\system32\IME\TINTLGNT
368: File (RW-) C:\WINDOWS\Help\Tours\mmTour
36C: File (RW-) C:\WINDOWS\pchealth\UploadLB\Binaries
370: File (RW-) C:\Program Files\Common Files\Microsoft Shared\VGX
374: File (RW-) C:\WINDOWS\system32\wbem\xml
378: File (RW-) C:\Program Files\Windows NT\Accessories
37C: File (RW-) C:\WINDOWS\system32\mui\0401
380: File (RW-) C:\WINDOWS\system32\mui\0404
384: File (RW-) C:\WINDOWS\system32\mui\0405
388: File (RW-) C:\WINDOWS\system32\mui\0406
38C: File (RW-) C:\WINDOWS\system32\mui\0407
390: File (RW-) C:\WINDOWS\system32\mui\0408
394: File (RW-) C:\WINDOWS\system32\mui\040b
398: File (RW-) C:\WINDOWS\system32\mui\040C
39C: File (RW-) C:\WINDOWS\system32\mui\040D
3A0: File (RW-) C:\WINDOWS\system32\mui\040e
3A4: File (RW-) C:\WINDOWS\system32\mui\0410
3A8: File (RW-) C:\WINDOWS\system32\mui\0411
3AC: File (RW-) C:\WINDOWS\system32\mui\0412
3B0: File (RW-) C:\WINDOWS\system32\mui\0413
3B4: File (RW-) C:\WINDOWS\system32\mui\0414
3B8: File (RW-) C:\WINDOWS\system32\mui\0415
3BC: File (RW-) C:\WINDOWS\system32\mui\0416
3C0: File (RW-) C:\WINDOWS\system32\mui\0419
3C4: File (RW-) C:\WINDOWS\system32\mui\041b
3C8: File (RW-) C:\WINDOWS\system32\mui\041D
3CC: File (RW-) C:\WINDOWS\system32\mui\041f
3D0: File (RW-) C:\WINDOWS\system32\mui\0424
3D4: File (RW-) C:\WINDOWS\system32\mui\0804
3D8: File (RW-) C:\WINDOWS\system32\mui\0816
3DC: File (RW-) C:\WINDOWS\system32\mui\0C0A
3E0: File (RW-) C:\WINDOWS\system32\mui\0402
3E4: File (RW-) C:\WINDOWS\system32\mui\0418
3E8: File (RW-) C:\WINDOWS\system32\mui\041a
3EC: File (RW-) C:\WINDOWS\system32\mui\041e
3F0: File (RW-) C:\WINDOWS\system32\mui\0425
3F4: File (RW-) C:\WINDOWS\system32\mui\0426
3F8: File (RW-) C:\WINDOWS\system32\mui\0427
3FC: File (RW-) C:\Program Files\xerox\nwwia
418: File (RW-) C:\WINDOWS\WinSxS
618: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
7E4: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83

7F4: Section
\BaseNamedObjects\mmGlobalPnpInfo
880: File (RW-) C:\WINDOWS\system32
8B4: Section
\BaseNamedObjects\f4448e25_0
-----------------------------------------------------------------------------services.exe pid: 1752 NT AUTHORITY\SYSTEM
C: File (RW-) C:\WINDOWS\system32
294: Section
\BaseNamedObjects\ShimSharedMemory
2CC: File (R--) C:\WINDOWS\system32\config\AppEvent.Evt
2DC: File (R--) C:\WINDOWS\system32\config\Autodesk.evt
2EC: File (R--) C:\WINDOWS\system32\config\Internet.evt
2FC: File (R--) C:\WINDOWS\system32\config\ODiag.evt
30C: File (R--) C:\WINDOWS\system32\config\OSession.evt
31C: File (R--) C:\WINDOWS\system32\config\SecEvent.Evt
32C: File (R--) C:\WINDOWS\system32\config\SysEvent.Evt
33C: File (R--) C:\WINDOWS\system32\config\VedioLog.evt
524: Section
\BaseNamedObjects\f4448e25_0
600: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
60C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
-----------------------------------------------------------------------------lsass.exe pid: 1764 NT AUTHORITY\SYSTEM
C: File (RW-) C:\WINDOWS\system32
80: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
158: Section
\BaseNamedObjects\Debug.Memory.6e4
244: File (RW-) C:\WINDOWS\Debug\PASSWD.LOG
5D0: Section
\BaseNamedObjects\VA_CONFIG_XML
-----------------------------------------------------------------------------svchost.exe pid: 1960 NT AUTHORITY\SYSTEM
C: File (RW-) C:\WINDOWS\system32
68: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
108: File (---) \Dfs
154: Section
\BaseNamedObjects\RotHintTable
168: Section
\BaseNamedObjects\{A64C7F33-DA35-459b-96CA-63B51FB0CDB9}
388: Section
\BaseNamedObjects\ShimSharedMemory
3BC: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
3C8: Section
\BaseNamedObjects\f4448e25_0
-----------------------------------------------------------------------------svchost.exe pid: 172 NT AUTHORITY\NETWORK SERVICE
C: File (RW-) C:\WINDOWS\system32
64: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
C8: File (---) \Dfs
17C: Section
\BaseNamedObjects\VA_CONFIG_XML
34C: Section
\BaseNamedObjects\RotHintTable
51C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
-----------------------------------------------------------------------------svchost.exe pid: 388 NT AUTHORITY\SYSTEM
C: File (RW-) C:\WINDOWS\system32
68: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
210: Section
\BaseNamedObjects\VA_CONFIG_XML
240: File (R--) C:\System Volume Information\tracking.log
278: Section
\BaseNamedObjects\AtlDebugAllocator_FileMappingNameStatic3_
184
44C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659

5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
474: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
498: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
4D8: File (R--) C:\WINDOWS\SchedLgU.Txt
578: File (RWD) C:\WINDOWS\Tasks
60C: Section
\BaseNamedObjects\mmGlobalPnpInfo
6C8: Section
\BaseNamedObjects\ShimSharedMemory
788: File (RWD) C:\WINDOWS\pchealth\helpctr\BATCH
7EC: Section
\BaseNamedObjects\RotHintTable
894: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
89C: Section
\BaseNamedObjects\AtlDebugAllocator_FileMappingNameStatic3_
184
8A0: Section
\BaseNamedObjects\AtlDebugAllocator_FileMappingNameStatic3_
184
8B4: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
924: Section
\BaseNamedObjects\SENS Information Cache
968: File (---) \FileSystem\Filters\SystemRestore
A4C: File (RWD) C:\WINDOWS\system32\wbem\mof
A78: Section
\BaseNamedObjects\AtlDebugAllocator_FileMappingNameStatic3_
184
A80: File (RW-) C:\WINDOWS\WindowsUpdate.log
A84: File (RW-) C:\WINDOWS\WindowsUpdate.log
A88: File (RW-) C:\WINDOWS\WindowsUpdate.log
A8C: File (RW-) C:\WINDOWS\WindowsUpdate.log
A90: File (RW-) C:\WINDOWS\WindowsUpdate.log
AA0: File (RW-) C:\WINDOWS\WindowsUpdate.log
AA4: File (RW-) C:\WINDOWS\WindowsUpdate.log
AA8: File (RW-) C:\WINDOWS\WindowsUpdate.log
AAC: File (RW-) C:\WINDOWS\WindowsUpdate.log
AB0: File (RW-) C:\WINDOWS\WindowsUpdate.log
AB4: File (RW-) C:\WINDOWS\WindowsUpdate.log
AB8: File (RW-) C:\WINDOWS\WindowsUpdate.log
ABC: File (RW-) C:\WINDOWS\WindowsUpdate.log
AC0: File (RW-) C:\WINDOWS\WindowsUpdate.log
AC4: File (RW-) C:\WINDOWS\WindowsUpdate.log
AC8: File (RW-) C:\WINDOWS\WindowsUpdate.log
ACC: File (RW-) C:\WINDOWS\WindowsUpdate.log
AE4: File (RW-) C:\WINDOWS\WindowsUpdate.log
AF8: File (RW-) C:\WINDOWS\WindowsUpdate.log
AFC: File (RW-) C:\WINDOWS\WindowsUpdate.log
B00: File (RW-) C:\WINDOWS\WindowsUpdate.log
B04: File (RW-) C:\WINDOWS\WindowsUpdate.log
B10: File (RW-) C:\WINDOWS\WindowsUpdate.log
B70: File (R--) C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP
B74: File (R--) C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP
B78: File (R--) C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER
B7C: File (R--) C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP
B80: File (R--) C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP
B84: File (R--) C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA
B88: File (R--) C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR
BEC: Section
\BaseNamedObjects\Wmi Provider Sub System Counters
C80: File (R--) C:\WINDOWS\SoftwareDistribution\ReportingEvents.log
E10: File (---) C:\WINDOWS\system32\CatRoot2\tmp.edb
E84: File (R--) C:\Documents and Settings\All Users\Application Data\Micros
oft\Network\Downloader\qmgr0.dat
E88: File (R--) C:\Documents and Settings\All Users\Application Data\Micros

oft\Network\Downloader\qmgr1.dat
EEC: Section
\BaseNamedObjects\f4448e25_0
F28: File (---) C:
F30: File (R--) D:\System Volume Information\tracking.log
1118: File (---) D:
111C: File (RWD) D:\$Extend\$ObjId
1144: Section
\BaseNamedObjects\GDA: ESENT Performance Data Schema Versi
on 40
1160: Section
\BaseNamedObjects\IDA0: ESENT Performance Data Schema Vers
ion 40
1208: File (RWD) C:\$Extend\$ObjId
12B4: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
1468: File (R--) C:\WINDOWS\system32\h323log.txt
14D4: Section
\BaseNamedObjects\Debug.Memory.184
17D0: File (RW-) C:\Documents and Settings\NetworkService\Cookies\index.dat
17D4: File (---) C:\WINDOWS\system32\CatRoot2\edb.log
19D8: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
1A68: File (RW-) C:\Documents and Settings\NetworkService\Local Settings\Tem
porary Internet Files\Content.IE5\index.dat
1A6C: Section
\BaseNamedObjects\C:_Documents and Settings_NetworkService_
Local Settings_Temporary Internet Files_Content.IE5_index.dat_32768
1A78: Section
\BaseNamedObjects\C:_Documents and Settings_NetworkService_
Cookies_index.dat_16384
1A80: Section
\BaseNamedObjects\C:_Documents and Settings_NetworkService_
Local Settings_History_History.IE5_index.dat_16384
1A88: File (RW-) C:\Documents and Settings\NetworkService\Local Settings\His
tory\History.IE5\index.dat
1B1C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
1B24: File (---) E:
1B28: File (R--) E:\System Volume Information\tracking.log
1B2C: File (RWD) E:\$Extend\$ObjId
-----------------------------------------------------------------------------svchost.exe pid: 568 NT AUTHORITY\NETWORK SERVICE
C: File (RW-) C:\WINDOWS\system32
64: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
D8: File (RWD) C:\WINDOWS\system32\drivers\etc
14C: Section
\BaseNamedObjects\VA_CONFIG_XML
1C8: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
-----------------------------------------------------------------------------svchost.exe pid: 744 NT AUTHORITY\LOCAL SERVICE
C: File (RW-) C:\WINDOWS\system32
64: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
168: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
198: File (RW-) C:\Documents and Settings\LocalService\Local Settings\Tempo
rary Internet Files\Content.IE5\index.dat
1A4: Section
\BaseNamedObjects\C:_Documents and Settings_LocalService_Lo
cal Settings_Temporary Internet Files_Content.IE5_index.dat_32768
1A8: File (RW-) C:\Documents and Settings\LocalService\Cookies\index.dat
1B0: Section
\BaseNamedObjects\C:_Documents and Settings_LocalService_Co
okies_index.dat_16384
1B4: File (RW-) C:\Documents and Settings\LocalService\Local Settings\Histo
ry\History.IE5\index.dat
1BC: Section
\BaseNamedObjects\C:_Documents and Settings_LocalService_Lo

cal Settings_History_History.IE5_index.dat_16384
2FC: Section
\BaseNamedObjects\VA_CONFIG_XML
-----------------------------------------------------------------------------spoolsv.exe pid: 944 NT AUTHORITY\SYSTEM
C: File (RW-) C:\WINDOWS\system32
68: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
1DC: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_e6967989
208: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_e6967989
310: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
338: Section
\BaseNamedObjects\f4448e25_0
-----------------------------------------------------------------------------ACService.exe pid: 1188 NT AUTHORITY\SYSTEM
C: File (RW-) C:\WINDOWS\system32
40: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
94: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
F0: Section
\BaseNamedObjects\f4448e25_0
-----------------------------------------------------------------------------svchost.exe pid: 1200 NT AUTHORITY\SYSTEM
68: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
B8: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
13C: File (RW-) C:\Program Files\Common Files\Akamai
1E8: File (RW-) C:\Program Files\Common Files\Akamai\Logs\debug.log
234: Section
\BaseNamedObjects\VA_CONFIG_XML
24C: File (RW-) C:\WINDOWS\Temp\Perflib_Perfdata_4b0.dat
254: Section
\BaseNamedObjects\Perflib_Perfdata_4b0
448: Section
\BaseNamedObjects\f4448e25_0
-----------------------------------------------------------------------------BTNtService.exe pid: 1216 NT AUTHORITY\SYSTEM
C: File (RW-) C:\WINDOWS\system32
6C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
A0: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
DC: Section
\BaseNamedObjects\f4448e25_0
-----------------------------------------------------------------------------svchost.exe pid: 1256 NT AUTHORITY\LOCAL SERVICE
C: File (RW-) C:\WINDOWS\system32
64: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
178: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
-----------------------------------------------------------------------------econser.exe pid: 1408 NT AUTHORITY\SYSTEM
-----------------------------------------------------------------------------Sxuhua.exe pid: 1560 NEW-TAW\Eng.Tawfik
C: File (RW-) C:\WINDOWS\system32
40: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
44: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
74: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83

120: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659

5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
134: Section
\BaseNamedObjects\HA_00000618
190: File (RW-) C:\Documents and Settings\Eng.Tawfik\Local Settings\Tempora
ry Internet Files\Content.IE5\index.dat
194: Section
\BaseNamedObjects\C:_Documents and Settings_Eng.Tawfik_Loca
l Settings_Temporary Internet Files_Content.IE5_index.dat_8585216
19C: File (RW-) C:\Documents and Settings\Eng.Tawfik\Cookies\index.dat
1A0: Section
\BaseNamedObjects\C:_Documents and Settings_Eng.Tawfik_Cook
ies_index.dat_245760
1A8: File (RW-) C:\Documents and Settings\Eng.Tawfik\Local Settings\History
\History.IE5\index.dat
1AC: Section
\BaseNamedObjects\C:_Documents and Settings_Eng.Tawfik_Loca
l Settings_History_History.IE5_index.dat_1638400
220: Section
\BaseNamedObjects\VA_CONFIG_XML
2A4: Section
\BaseNamedObjects\SBLSPACCELERATIONIPLIST2_G
2D4: Section
\BaseNamedObjects\CiceroSharedMemDefaultS-1-5-21-4847638691078081533-839522115-1003
2F0: Section
\BaseNamedObjects\CTF.TimListCache.FMPDefaultS-1-5-21-48476
3869-1078081533-839522115-1003SFM.DefaultS-1-5-21-484763869-1078081533-839522115
-1003
2F4: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9
.0.30729.4148_x-ww_d495ac4e
2FC: Section
\BaseNamedObjects\ShimSharedMemory
3C0: Section
\BaseNamedObjects\f4448e25_0
-----------------------------------------------------------------------------explorer.exe pid: 1608 NEW-TAW\Eng.Tawfik
C: File (RW-) C:\Documents and Settings\Eng.Tawfik
44: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
48: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
98: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
9C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
A8: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
CC: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
D8: Section
\BaseNamedObjects\ShimSharedMemory
15C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9
.0.30729.4148_x-ww_a57c1f53
164: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3
b_9.0.30729.4148_x-ww_15fc9313
168: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9
.0.30729.4148_x-ww_d495ac4e
16C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_e6967989
174: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_e6967989
178: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_473666fd
17C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_473666fd
180: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_e6967989
18C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
1A8: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659

5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
1B8: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
274: Section
\BaseNamedObjects\MSCTF.Shared.SFM.AIG
288: File (RWD) C:\Documents and Settings\Eng.Tawfik\Desktop
294: Section
\BaseNamedObjects\MSCTF.MarshalInterface.FileMap.MIG.HB.DLF
MFF
29C: Section
\BaseNamedObjects\MSCTF.Shared.SFM.ANAB
2A0: Section
\BaseNamedObjects\MSCTF.MarshalInterface.FileMap.MIG.GB.DLF
MFF
2A4: File (RWD) C:\Documents and Settings\All Users\Desktop
2A8: File (RWD) C:\Documents and Settings\Eng.Tawfik\Local Settings\Applica
tion Data\Microsoft\CD Burning
2C0: Section
\BaseNamedObjects\CiceroSharedMemDefaultS-1-5-21-4847638691078081533-839522115-1003
330: Section
\BaseNamedObjects\MSCTF.Shared.SFM.AFH
394: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_e6967989
398: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_473666fd
3AC: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
3CC: Section
\BaseNamedObjects\UrlZonesSM_Eng.Tawfik
408: Section
\BaseNamedObjects\C:_Documents and Settings_Eng.Tawfik_Cook
ies_index.dat_245760
40C: Section
\BaseNamedObjects\windows_shell_global_counters
410: File (RWD) C:\Documents and Settings\Eng.Tawfik\My Documents\TAW
418: File (RWD) C:\Documents and Settings\Eng.Tawfik\My Documents
424: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
434: File (RW-) C:\Documents and Settings\Eng.Tawfik\Cookies\index.dat
43C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
44C: Section
\BaseNamedObjects\C:_Documents and Settings_Eng.Tawfik_Loca
l Settings_Temporary Internet Files_Content.IE5_index.dat_8585216
458: File (RWD) C:\Documents and Settings\Eng.Tawfik\Desktop\GAMES
45C: File (RW-) C:\Documents and Settings\Eng.Tawfik\Local Settings\History
\History.IE5\index.dat
488: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
494: File (RW-) C:\Documents and Settings\Eng.Tawfik\Local Settings\Tempora
ry Internet Files\Content.IE5\index.dat
49C: Section
\BaseNamedObjects\C:_Documents and Settings_Eng.Tawfik_Loca
l Settings_History_History.IE5_index.dat_1638400
4A0: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9
.0.30729.4148_x-ww_d495ac4e
4BC: File (RWD) C:\Documents and Settings\Eng.Tawfik\Local Settings\Applica
tion Data\Microsoft\Portable Devices
4D8: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
4E4: File (RWD) C:\Documents and Settings\Eng.Tawfik\Application Data\Micro
soft\Internet Explorer\Quick Launch
4F0: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9
.0.30729.4148_x-ww_d495ac4e
4F4: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
52C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
530: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83

568: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659

5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
5A4: Section
\BaseNamedObjects\mmGlobalPnpInfo
5C8: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
5CC: File (RWD) C:\Documents and Settings\Eng.Tawfik\PrintHood
5E4: Section
\BaseNamedObjects\WDMAUD_Callbacks
60C: Section
\BaseNamedObjects\CTF.TimListCache.FMPDefaultS-1-5-21-48476
3869-1078081533-839522115-1003SFM.DefaultS-1-5-21-484763869-1078081533-839522115
-1003
614: Section
\BaseNamedObjects\MSCTF.GCompartListSFM.DefaultS-1-5-21-484
763869-1078081533-839522115-1003
618: Section
\BaseNamedObjects\AtlDebugAllocator_FileMappingNameStatic3_
648
624: Section
\BaseNamedObjects\AtlDebugAllocator_FileMappingNameStatic3_
648
65C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
660: File (---) \Dfs
670: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
674: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9
.0.30729.4148_x-ww_d495ac4e
688: Section
\BaseNamedObjects\C:_Documents and Settings_Eng.Tawfik_Loca
l Settings_History_History.IE5_MSHist012011071320110714_index.dat_32768
68C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9
.0.30729.4148_x-ww_d495ac4e
698: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9
.0.30729.4148_x-ww_d495ac4e
6A4: Section
\BaseNamedObjects\MSCTF.Shared.SFM.EEG
6A8: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_e6967989
6B0: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_473666fd
6D4: Section
\BaseNamedObjects\MSCTF.Shared.SFM.ANHB
6DC: Section
\BaseNamedObjects\MSCTF.Shared.SFM.MIG
700: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_e6967989
70C: Section
\BaseNamedObjects\MSCTF.Shared.SFM.MIG
724: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9
.0.30729.4148_x-ww_d495ac4e
734: Section
\BaseNamedObjects\MSCTF.MarshalInterface.FileMap.EEG..LBFAB
74C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
758: Section
\BaseNamedObjects\DfSharedHeap59824
780: File (RWD) C:\Documents and Settings\Eng.Tawfik\Start Menu
788: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9
.0.30729.4148_x-ww_353599c2
794: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9
.0.30729.4148_x-ww_d495ac4e
7A8: File (RWD) C:\Documents and Settings\All Users\Start Menu
7B4: Section
\BaseNamedObjects\MSCTF.Shared.SFM.EEG
7CC: Section
\BaseNamedObjects\MSCTF.MarshalInterface.FileMap.MIG.IB.DLF
MFF
7D4: Section
\BaseNamedObjects\MSCTF.Shared.SFM.MIG
7DC: Section
\BaseNamedObjects\MSCTF.Shared.SFM.EDL
84C: Section
\BaseNamedObjects\MSCTF.MarshalInterface.FileMap.MIG.B.KGGI
OE
860: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144c
cf1df_1.0.2600.5512_x-ww_dfb54e0c

890: Section
\BaseNamedObjects\MSCTF.MarshalInterface.FileMap.MIG.FB.DLF
MFF
898: Section
\BaseNamedObjects\MSCTF.MarshalInterface.FileMap.MIG.EB.DLF
MFF
8B8: File (RW-) C:\Documents and Settings\Eng.Tawfik\Local Settings\History
\History.IE5\MSHist012011071320110714\index.dat
8BC: Section
\BaseNamedObjects\MSCTF.Shared.SFM.ECAB
8C0: Section
\BaseNamedObjects\MSCTF.MarshalInterface.FileMap.MIG.KB.JGC
KJF
8C8: Section
\BaseNamedObjects\MSCTF.Shared.SFM.AODB
8F0: Section
\BaseNamedObjects\MSCTF.Shared.SFM.AFEB
90C: File (RWD) C:\Documents and Settings\Eng.Tawfik\Application Data\Micro
soft\SystemCertificates\My
940: Section
\BaseNamedObjects\MSCTF.Shared.SFM.MCJ
950: Section
\BaseNamedObjects\f4448e25_0
9C4: Section
\BaseNamedObjects\MSCTF.MarshalInterface.FileMap.MIG.L.BKAO
BF
A6C: File (RWD) C:\
A74: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
AD8: Section
\BaseNamedObjects\MSCTF.Shared.SFM.IFCB
B18: Section
\BaseNamedObjects\SENS Information Cache
B4C: Section
\BaseNamedObjects\MSCTF.Shared.SFM.IGI
B70: Section
\BaseNamedObjects\VA_CONFIG_XML
B8C: Section
\BaseNamedObjects\MSCTF.Shared.SFM.EHL
BAC: File (RWD) C:\Documents and Settings\Eng.Tawfik\Application Data\Micro
soft\SystemCertificates\My
BC8: Section
\BaseNamedObjects\MSCTF.Shared.SFM.ICH
C34: Section
\BaseNamedObjects\MSCTF.Shared.SFM.ELP
-----------------------------------------------------------------------------econceal.exe pid: 1788 NT AUTHORITY\SYSTEM
-----------------------------------------------------------------------------avpmapp.exe pid: 1844 NT AUTHORITY\SYSTEM
-----------------------------------------------------------------------------RTHDCPL.exe pid: 1768 NEW-TAW\Eng.Tawfik
C: File (RW-) C:\Documents and Settings\Eng.Tawfik
54: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
CC: Section
\BaseNamedObjects\ShimSharedMemory
F4: Section
\BaseNamedObjects\mmGlobalPnpInfo
118: Section
\BaseNamedObjects\WDMAUD_Callbacks
14C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9
.0.30729.4148_x-ww_d495ac4e
1D0: Section
\BaseNamedObjects\DirectSound Administrator shared thread a
rray
258: Section
\BaseNamedObjects\f4448e25_0
260: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
2D4: Section
\BaseNamedObjects\CTF.TimListCache.FMPDefaultS-1-5-21-48476
3869-1078081533-839522115-1003SFM.DefaultS-1-5-21-484763869-1078081533-839522115
-1003
2F8: Section
\BaseNamedObjects\DirectSound Administrator capture focus a
rray
300: Section
\BaseNamedObjects\CiceroSharedMemDefaultS-1-5-21-4847638691078081533-839522115-1003
-----------------------------------------------------------------------------GrooveMonitor.exe pid: 280 NEW-TAW\Eng.Tawfik
C: File (RW-) C:\Documents and Settings\Eng.Tawfik
10: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_e6967989

1C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8

.0.50727.4053_x-ww_e6967989
20: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_473666fd
24: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_473666fd
28: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_e6967989
54: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
84: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
98: Section
\BaseNamedObjects\ShimSharedMemory
170: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_e6967989
178: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_473666fd
17C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
180: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_e6967989
184: Section
\BaseNamedObjects\Groove:FileWatermark:[KwjfssMQlBJxWR6BbEb
VcO+uxPI=]
18C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_473666fd
19C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
1A0: File (RWD) C:\Documents and Settings\Eng.Tawfik\Recent
1A4: Section
\BaseNamedObjects\CiceroSharedMemDefaultS-1-5-21-4847638691078081533-839522115-1003
1C0: Section
\BaseNamedObjects\f4448e25_0
1D4: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
-----------------------------------------------------------------------------rundll32.exe pid: 372 NEW-TAW\Eng.Tawfik
C: File (RW-) C:\Documents and Settings\Eng.Tawfik
64: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
94: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
98: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
A0: Section
\BaseNamedObjects\ShimSharedMemory
11C: Section
\BaseNamedObjects\CiceroSharedMemDefaultS-1-5-21-4847638691078081533-839522115-1003
134: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
168: Section
\BaseNamedObjects\f4448e25_0
-----------------------------------------------------------------------------ACDaemon.exe pid: 484 NEW-TAW\Eng.Tawfik
4C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
5C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
60: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
AC: File (RW-) C:\Program Files\Common Files\ArcSoft\Connection Service\Bi
n
B8: Section
\BaseNamedObjects\ShimSharedMemory
D0: Section
\BaseNamedObjects\ArcUpdateService_CmdLineMap_20080627

D8: Section
\BaseNamedObjects\CiceroSharedMemDefaultS-1-5-21-4847638691078081533-839522115-1003
10C: File (RW-) C:\Documents and Settings\Eng.Tawfik\Local Settings\Tempora
ry Internet Files\Content.IE5\index.dat
110: Section
\BaseNamedObjects\C:_Documents and Settings_Eng.Tawfik_Loca
l Settings_Temporary Internet Files_Content.IE5_index.dat_8585216
118: File (RW-) C:\Documents and Settings\Eng.Tawfik\Cookies\index.dat
11C: Section
\BaseNamedObjects\C:_Documents and Settings_Eng.Tawfik_Cook
ies_index.dat_245760
124: File (RW-) C:\Documents and Settings\Eng.Tawfik\Local Settings\History
\History.IE5\index.dat
128: Section
\BaseNamedObjects\C:_Documents and Settings_Eng.Tawfik_Loca
l Settings_History_History.IE5_index.dat_1638400
17C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
1B4: Section
\BaseNamedObjects\SENS Information Cache
1C4: Section
\BaseNamedObjects\f4448e25_0
-----------------------------------------------------------------------------realsched.exe pid: 528 NEW-TAW\Eng.Tawfik
C: File (RW-) C:\Documents and Settings\Eng.Tawfik
44: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
AC: Section
\BaseNamedObjects\ShimSharedMemory
D4: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
154: Section
\BaseNamedObjects\RotHintTable
1B0: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9
.0.30729.4148_x-ww_d495ac4e
1B4: Section
\BaseNamedObjects\CiceroSharedMemDefaultS-1-5-21-4847638691078081533-839522115-1003
1F8: Section
\BaseNamedObjects\f4448e25_0
-----------------------------------------------------------------------------jusched.exe pid: 556 NEW-TAW\Eng.Tawfik
C: File (RW-) C:\Documents and Settings\Eng.Tawfik
68: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
78: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
88: Section
\BaseNamedObjects\f4448e25_0
-----------------------------------------------------------------------------TRAYSSER.EXE pid: 684 NT AUTHORITY\SYSTEM
-----------------------------------------------------------------------------fsssvc.exe pid: 1032 NT AUTHORITY\SYSTEM
C: File (RW-) C:\WINDOWS\system32
10: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_e6967989
70: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
84: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
D8: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
298: File (RWD) C:\WINDOWS\system32\config\systemprofile\Application Data\M
icrosoft\SystemCertificates\My
358: Section
\BaseNamedObjects\f4448e25_0
-----------------------------------------------------------------------------TRAYICOS.EXE pid: 1120 NEW-TAW\Eng.Tawfik
-----------------------------------------------------------------------------IEGLicSrv.exe pid: 1840 NT AUTHORITY\SYSTEM
C: File (RW-) C:\WINDOWS\system32

8C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659

5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
BC: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
C8: Section
\BaseNamedObjects\f4448e25_0
-----------------------------------------------------------------------------jqs.exe pid: 2124 NT AUTHORITY\SYSTEM
C: File (RW-) C:\WINDOWS\system32
50: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
FC: Section
\BaseNamedObjects\VA_CONFIG_XML
110: File (RW-) C:\WINDOWS\Temp\Perflib_Perfdata_84c.dat
114: Section
\BaseNamedObjects\Perflib_Perfdata_84c
28C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
294: Section
\BaseNamedObjects\ShimSharedMemory
29C: Section
\BaseNamedObjects\f4448e25_0
-----------------------------------------------------------------------------LSSrvc.exe pid: 2260 NT AUTHORITY\SYSTEM
C: File (RW-) C:\WINDOWS\system32
10: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_e6967989
1C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_e6967989
20: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_e6967989
4C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
B4: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
C0: Section
\BaseNamedObjects\f4448e25_0
-----------------------------------------------------------------------------CONSCTL.EXE pid: 2376 NT AUTHORITY\SYSTEM
-----------------------------------------------------------------------------McciCMService.exe pid: 2380 NT AUTHORITY\SYSTEM
C: File (RW-) C:\WINDOWS\system32
40: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
DC: Section
\BaseNamedObjects\McciLogger::Logger::Mapping::3.0
1C8: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
1D0: Section
\BaseNamedObjects\f4448e25_0
-----------------------------------------------------------------------------ctfmon.exe pid: 2500 NEW-TAW\Eng.Tawfik
C: File (RW-) C:\Documents and Settings\Eng.Tawfik
3C: Section
\BaseNamedObjects\CiceroSharedMemDefaultS-1-5-21-4847638691078081533-839522115-1003
78: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
80: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
90: Section
\BaseNamedObjects\CTF.TimListCache.FMPDefaultS-1-5-21-48476
3869-1078081533-839522115-1003SFM.DefaultS-1-5-21-484763869-1078081533-839522115
-1003
98: Section
\BaseNamedObjects\MSCTF.GCompartListSFM.DefaultS-1-5-21-484
763869-1078081533-839522115-1003
A4: Section
\BaseNamedObjects\CTF.AsmListCache.FMPDefaultS-1-5-21-48476
3869-1078081533-839522115-1003
A8: Section
\BaseNamedObjects\CTF.LayoutsCache.FMPDefaultS-1-5-21-48476
3869-1078081533-839522115-1003

110: Section
\BaseNamedObjects\ShimSharedMemory
118: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9
.0.30729.4148_x-ww_d495ac4e
11C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
154: Section
\BaseNamedObjects\f4448e25_0
-----------------------------------------------------------------------------GoogleToolbarNotifier.exe pid: 2544 NEW-TAW\Eng.Tawfik
C: File (RW-) C:\Documents and Settings\Eng.Tawfik
7C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
C0: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
CC: Section
\BaseNamedObjects\CiceroSharedMemDefaultS-1-5-21-4847638691078081533-839522115-1003
E8: Section
\BaseNamedObjects\CTF.TimListCache.FMPDefaultS-1-5-21-48476
3869-1078081533-839522115-1003SFM.DefaultS-1-5-21-484763869-1078081533-839522115
-1003
EC: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
F0: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9
.0.30729.4148_x-ww_d495ac4e
F4: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
1C0: Section
\BaseNamedObjects\ShimSharedMemory
318: Section
\BaseNamedObjects\f4448e25_0
-----------------------------------------------------------------------------MDM.EXE pid: 2716 NT AUTHORITY\SYSTEM
C: File (RW-) C:\WINDOWS\system32
44: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
124: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
188: Section
\BaseNamedObjects\f4448e25_0
-----------------------------------------------------------------------------MWASER.EXE pid: 2784 NT AUTHORITY\SYSTEM
-----------------------------------------------------------------------------nvsvc32.exe pid: 2964 NT AUTHORITY\SYSTEM
C: File (RW-) C:\WINDOWS\system32
90: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
C0: Section
\BaseNamedObjects\ShimSharedMemory
1D0: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
1F8: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
200: Section
\BaseNamedObjects\f4448e25_0
-----------------------------------------------------------------------------MWAGENT.EXE pid: 2996 NT AUTHORITY\SYSTEM
-----------------------------------------------------------------------------SeaPort.exe pid: 3092 NT AUTHORITY\SYSTEM
C: File (RW-) C:\WINDOWS\system32
3C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
40: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
74: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
2F0: File (RWD) C:\WINDOWS\system32\config\systemprofile\Application Data\M
icrosoft\SystemCertificates\My

2F4: Section
\BaseNamedObjects\SENS Information Cache
30C: File (RW-) C:\Documents and Settings\LocalService\Local Settings\Histo
ry\History.IE5\index.dat
320: File (RW-) C:\Documents and Settings\LocalService\Local Settings\Tempo
rary Internet Files\Content.IE5\index.dat
328: Section
\BaseNamedObjects\C:_Documents and Settings_LocalService_Lo
cal Settings_Temporary Internet Files_Content.IE5_index.dat_32768
32C: File (RW-) C:\Documents and Settings\LocalService\Cookies\index.dat
330: Section
\BaseNamedObjects\C:_Documents and Settings_LocalService_Co
okies_index.dat_16384
338: Section
\BaseNamedObjects\C:_Documents and Settings_LocalService_Lo
cal Settings_History_History.IE5_index.dat_16384
398: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
42C: Section
\BaseNamedObjects\f4448e25_0
450: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
46C: Section
\BaseNamedObjects\UrlZonesSM_SYSTEM
4AC: Section
\BaseNamedObjects\VA_CONFIG_XML
-----------------------------------------------------------------------------acrotray.exe pid: 3140 NEW-TAW\Eng.Tawfik
C: File (RW-) C:\Documents and Settings\Eng.Tawfik
40: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
44: Section
\BaseNamedObjects\CiceroSharedMemDefaultS-1-5-21-4847638691078081533-839522115-1003
60: Section
\BaseNamedObjects\CTF.TimListCache.FMPDefaultS-1-5-21-48476
3869-1078081533-839522115-1003SFM.DefaultS-1-5-21-484763869-1078081533-839522115
-1003
68: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9
.0.30729.4148_x-ww_d495ac4e
6C: Section
\BaseNamedObjects\ShimSharedMemory
74: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
A8: Section
\BaseNamedObjects\f4448e25_0
-----------------------------------------------------------------------------BlueSoleil.exe pid: 3436 NEW-TAW\Eng.Tawfik
C: File (RW-) C:\Program Files\IVT Corporation\BlueSoleil
1C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144c
cf1df_1.0.2600.5512_x-ww_dfb54e0c
80: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
8C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
E0: Section
\BaseNamedObjects\CiceroSharedMemDefaultS-1-5-21-4847638691078081533-839522115-1003
14C: Section
\BaseNamedObjects\CTF.TimListCache.FMPDefaultS-1-5-21-48476
3869-1078081533-839522115-1003SFM.DefaultS-1-5-21-484763869-1078081533-839522115
-1003
154: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9
.0.30729.4148_x-ww_d495ac4e
17C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
184: Section
\BaseNamedObjects\ShimSharedMemory
23C: Section
\BaseNamedObjects\mmGlobalPnpInfo
24C: Section
\BaseNamedObjects\WDMAUD_Callbacks
29C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
2A0: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83

2A4: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659

5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
39C: Section
\BaseNamedObjects\f4448e25_0
-----------------------------------------------------------------------------svchost.exe pid: 3480 NT AUTHORITY\SYSTEM
C: File (RW-) C:\WINDOWS\system32
68: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
BC: File (RW-) C:\WINDOWS\Sti_Trace.log
170: File (RW-) C:\WINDOWS\wiaservc.log
1B8: File (RW-) C:\WINDOWS\Sti_Trace.log
1D4: File (RW-) C:\WINDOWS\wiadebug.log
22C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
238: Section
\BaseNamedObjects\f4448e25_0
-----------------------------------------------------------------------------VideoAcceleratorService.exe pid: 3648 NT AUTHORITY\SYSTEM
C: File (RW-) C:\WINDOWS\system32
40: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
F8: Section
\BaseNamedObjects\VA_CONFIG_XML
118: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
20C: Section
\BaseNamedObjects\ShimSharedMemory
290: File (RW-) C:\Documents and Settings\LocalService\Local Settings\Tempo
rary Internet Files\Content.IE5\index.dat
2E8: Section
\BaseNamedObjects\C:_Documents and Settings_LocalService_Lo
cal Settings_Temporary Internet Files_Content.IE5_index.dat_32768
2F4: File (RW-) C:\Documents and Settings\LocalService\Cookies\index.dat
2F8: Section
\BaseNamedObjects\C:_Documents and Settings_LocalService_Lo
cal Settings_History_History.IE5_index.dat_16384
2FC: Section
\BaseNamedObjects\C:_Documents and Settings_LocalService_Co
okies_index.dat_16384
304: File (RW-) C:\Documents and Settings\LocalService\Local Settings\Histo
ry\History.IE5\index.dat
35C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
404: Section
\BaseNamedObjects\SENS Information Cache
444: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
464: Section
\BaseNamedObjects\UrlZonesSM_SYSTEM
46C: Section
\BaseNamedObjects\f4448e25_0
-----------------------------------------------------------------------------YahooAUService.exe pid: 3716 NT AUTHORITY\SYSTEM
C: File (RW-) C:\WINDOWS\system32
40: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
19C: Section
\BaseNamedObjects\f4448e25_0
1F4: Section
\BaseNamedObjects\VA_CONFIG_XML
214: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
398: File (RWD) C:\WINDOWS\system32\config\systemprofile\Application Data\M
icrosoft\SystemCertificates\My
-----------------------------------------------------------------------------escanmon.exe pid: 2840 NEW-TAW\Eng.Tawfik
-----------------------------------------------------------------------------alg.exe pid: 2832 NT AUTHORITY\LOCAL SERVICE
C: File (RW-) C:\WINDOWS\system32
64: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83

1E0: Section
\BaseNamedObjects\VA_CONFIG_XML
1F4: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
-----------------------------------------------------------------------------wscntfy.exe pid: 4044 NEW-TAW\Eng.Tawfik
C: File (RW-) C:\WINDOWS\system32
3C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
40: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
70: Section
\BaseNamedObjects\CiceroSharedMemDefaultS-1-5-21-4847638691078081533-839522115-1003
8C: Section
\BaseNamedObjects\CTF.TimListCache.FMPDefaultS-1-5-21-48476
3869-1078081533-839522115-1003SFM.DefaultS-1-5-21-484763869-1078081533-839522115
-1003
94: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9
.0.30729.4148_x-ww_d495ac4e
98: Section
\BaseNamedObjects\ShimSharedMemory
CC: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
D4: Section
\BaseNamedObjects\f4448e25_0
-----------------------------------------------------------------------------svchost.exe pid: 3172 NT AUTHORITY\SYSTEM
C: File (RW-) C:\WINDOWS\system32
68: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
188: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
194: Section
\BaseNamedObjects\f4448e25_0
-----------------------------------------------------------------------------Ymsgr_tray.exe pid: 2688 NEW-TAW\Eng.Tawfik
C: File (RW-) C:\Documents and Settings\Eng.Tawfik
10: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_e6967989
1C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
20: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_e6967989
48: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
7C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
90: Section
\BaseNamedObjects\FM_VerboseSharedMemory_2688
98: File (R--) C:\Documents and Settings\Eng.Tawfik\Local Settings\Applica
tion Data\Yahoo\Y!Msgr\merlin.log
A8: Section
\BaseNamedObjects\FM_VerboseSharedMemory_2688
BC: Section
\BaseNamedObjects\CiceroSharedMemDefaultS-1-5-21-4847638691078081533-839522115-1003
D8: Section
\BaseNamedObjects\CTF.TimListCache.FMPDefaultS-1-5-21-48476
3869-1078081533-839522115-1003SFM.DefaultS-1-5-21-484763869-1078081533-839522115
-1003
E0: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9
.0.30729.4148_x-ww_d495ac4e
E4: Section
\BaseNamedObjects\ShimSharedMemory
104: Section
\BaseNamedObjects\f4448e25_0
-----------------------------------------------------------------------------cmd.exe pid: 3980 NEW-TAW\Eng.Tawfik
C: File (RW-) C:\DOCUME~1\ENG~1.TAW\LOCALS~1\Temp
44: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83

70: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659

5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
80: Section
\BaseNamedObjects\f4448e25_0
C4: Section
\BaseNamedObjects\ShimSharedMemory
-----------------------------------------------------------------------------svchoost.exe pid: 4200 NEW-TAW\Eng.Tawfik
C: File (RW-) C:\DOCUME~1\ENG~1.TAW\LOCALS~1\Temp
490: Section
\BaseNamedObjects\ShimSharedMemory
494: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9
.0.30729.4148_x-ww_d495ac4e
49C: Section
\BaseNamedObjects\CTF.TimListCache.FMPDefaultS-1-5-21-48476
3869-1078081533-839522115-1003SFM.DefaultS-1-5-21-484763869-1078081533-839522115
-1003
4C4: Section
\BaseNamedObjects\CiceroSharedMemDefaultS-1-5-21-4847638691078081533-839522115-1003
4F4: Section
\BaseNamedObjects\SBLSPACCELERATIONIPLIST2_G
580: Section
\BaseNamedObjects\VA_CONFIG_XML
5BC: Section
\BaseNamedObjects\UrlZonesSM_Eng.Tawfik
5DC: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
66C: Section
\BaseNamedObjects\SENS Information Cache
6A4: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
708: Section
\BaseNamedObjects\C:_Documents and Settings_Eng.Tawfik_Loca
l Settings_History_History.IE5_index.dat_1638400
70C: File (RW-) C:\Documents and Settings\Eng.Tawfik\Local Settings\History
\History.IE5\index.dat
714: Section
\BaseNamedObjects\C:_Documents and Settings_Eng.Tawfik_Cook
ies_index.dat_245760
718: File (RW-) C:\Documents and Settings\Eng.Tawfik\Cookies\index.dat
720: Section
\BaseNamedObjects\C:_Documents and Settings_Eng.Tawfik_Loca
l Settings_Temporary Internet Files_Content.IE5_index.dat_8585216
728: File (RW-) C:\Documents and Settings\Eng.Tawfik\Local Settings\Tempora
ry Internet Files\Content.IE5\index.dat
788: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
78C: Section
\BaseNamedObjects\f4448e25_0
794: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
-----------------------------------------------------------------------------explorer.exe pid: 5124 NEW-TAW\Eng.Tawfik
C: File (RW-) C:\Documents and Settings\Eng.Tawfik
48: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
4C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
98: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
9C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
A8: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
CC: Section
\BaseNamedObjects\f4448e25_0
FC: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
114: Section
\BaseNamedObjects\CiceroSharedMemDefaultS-1-5-21-4847638691078081533-839522115-1003
12C: Section
\BaseNamedObjects\CTF.TimListCache.FMPDefaultS-1-5-21-48476
3869-1078081533-839522115-1003SFM.DefaultS-1-5-21-484763869-1078081533-839522115
-1003

134: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9

.0.30729.4148_x-ww_d495ac4e
138: Section
\BaseNamedObjects\ShimSharedMemory
1C8: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
244: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
254: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
274: File (RW-) C:\Documents and Settings\Eng.Tawfik\Local Settings\Tempora
ry Internet Files\Content.IE5\index.dat
278: Section
\BaseNamedObjects\C:_Documents and Settings_Eng.Tawfik_Loca
l Settings_Temporary Internet Files_Content.IE5_index.dat_8585216
280: File (RW-) C:\Documents and Settings\Eng.Tawfik\Cookies\index.dat
284: Section
\BaseNamedObjects\C:_Documents and Settings_Eng.Tawfik_Cook
ies_index.dat_245760
28C: File (RW-) C:\Documents and Settings\Eng.Tawfik\Local Settings\History
\History.IE5\index.dat
290: Section
\BaseNamedObjects\C:_Documents and Settings_Eng.Tawfik_Loca
l Settings_History_History.IE5_index.dat_1638400
2E4: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9
.0.30729.4148_x-ww_a57c1f53
2E8: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9
.0.30729.4148_x-ww_d495ac4e
2EC: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3
b_9.0.30729.4148_x-ww_15fc9313
2F0: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_e6967989
2F4: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_e6967989
2F8: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_473666fd
2FC: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_473666fd
300: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_e6967989
30C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
328: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
37C: Section
\BaseNamedObjects\AskSBar:SrchAs:Shared07042949646954
390: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144c
cf1df_1.0.2600.5512_x-ww_dfb54e0c
3A8: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_e6967989
3B8: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_473666fd
3BC: Section
\BaseNamedObjects\Groove:FileWatermark:[51yBT4wxWJKHjyMo+lj
gGNBEJ/U=]
3C4: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_e6967989
3DC: Section
\BaseNamedObjects\Groove:FileWatermark:[KwjfssMQlBJxWR6BbEb
VcO+uxPI=]
3E8: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_e6967989
3F4: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_473666fd
4B4: Section
\BaseNamedObjects\UrlZonesSM_Eng.Tawfik
4E8: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83

4F4: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9

.0.30729.4148_x-ww_d495ac4e
4F8: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9
.0.30729.4148_x-ww_d495ac4e
4FC: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9
.0.30729.4148_x-ww_d495ac4e
500: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9
.0.30729.4148_x-ww_d495ac4e
508: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9
.0.30729.4148_x-ww_d495ac4e
50C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9
.0.30729.4148_x-ww_353599c2
514: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9
.0.30729.4148_x-ww_d495ac4e
518: Section
\BaseNamedObjects\MSCTF.Shared.SFM.ECAB
618: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
620: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
668: Section
\BaseNamedObjects\MSCTF.MarshalInterface.FileMap.ECAB..CEGL
OD
678: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
68C: Section
\BaseNamedObjects\MSCTF.GCompartListSFM.DefaultS-1-5-21-484
763869-1078081533-839522115-1003
698: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
69C: Section
\BaseNamedObjects\WDMAUD_Callbacks
6C0: File (---) \Dfs
6CC: Section
\BaseNamedObjects\MSCTF.Shared.SFM.MIG
6E0: Section
\BaseNamedObjects\mmGlobalPnpInfo
720: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
778: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
77C: Section
\BaseNamedObjects\AtlDebugAllocator_FileMappingNameStatic3_
1404
7A4: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_e6967989
7EC: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
860: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
868: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
894: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
-----------------------------------------------------------------------------mpc-hc.exe pid: 5048 NEW-TAW\Eng.Tawfik
10: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
68: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
A4: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
B0: Section
\BaseNamedObjects\f4448e25_0
E4: Section
\BaseNamedObjects\CiceroSharedMemDefaultS-1-5-21-4847638691078081533-839522115-1003
FC: Section
\BaseNamedObjects\CTF.TimListCache.FMPDefaultS-1-5-21-48476
3869-1078081533-839522115-1003SFM.DefaultS-1-5-21-484763869-1078081533-839522115

-1003
104: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9
.0.30729.4148_x-ww_d495ac4e
120: Section
\BaseNamedObjects\ShimSharedMemory
1CC: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
22C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
260: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
270: Section
\BaseNamedObjects\DirectSound Administrator shared thread a
rray
27C: Section
\BaseNamedObjects\mmGlobalPnpInfo
28C: Section
\BaseNamedObjects\WDMAUD_Callbacks
320: Section
\BaseNamedObjects\MSCTF.Shared.SFM.AODB
328: Section
\BaseNamedObjects\MSCTF.Shared.SFM.MIG
334: Section
\BaseNamedObjects\MSCTF.GCompartListSFM.DefaultS-1-5-21-484
763869-1078081533-839522115-1003
338: Section
\BaseNamedObjects\MSCTF.MarshalInterface.FileMap.AODB.B.BKA
OBF
344: File (RW-) C:\downloads\virus
390: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
3C0: File (RW-) C:\WINDOWS\system32\stdole2.tlb
3C8: File (RW-) C:\WINDOWS\system32\Macromed\Flash\Flash10r.ocx
3E4: Section
\BaseNamedObjects\DirectSound Administrator capture focus a
rray
-----------------------------------------------------------------------------procexp.exe pid: 504 NEW-TAW\Eng.Tawfik
C: File (RW-) C:\downloads\virus
10: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
54: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
88: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
94: Section
\BaseNamedObjects\f4448e25_0
CC: File (RW-) C:\DOCUME~1\ENG~1.TAW\LOCALS~1\Temp\Perflib_Perfdata_1f8.da
t
D0: Section
\BaseNamedObjects\Perflib_Perfdata_1f8
1DC: Section
\BaseNamedObjects\CiceroSharedMemDefaultS-1-5-21-4847638691078081533-839522115-1003
1F4: Section
\BaseNamedObjects\CTF.TimListCache.FMPDefaultS-1-5-21-48476
3869-1078081533-839522115-1003SFM.DefaultS-1-5-21-484763869-1078081533-839522115
-1003
1FC: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9
.0.30729.4148_x-ww_d495ac4e
200: Section
\BaseNamedObjects\ShimSharedMemory
21C: Section
\BaseNamedObjects\MSCTF.GCompartListSFM.DefaultS-1-5-21-484
763869-1078081533-839522115-1003
228: Section
\BaseNamedObjects\MSCTF.Shared.SFM.MIG
22C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
278: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_e6967989
2E4: Section
\BaseNamedObjects\RSVP_STATS
2E8: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_e6967989
2EC: Section
\BaseNamedObjects\MSIDLPM_STATS
304: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8

.0.50727.4053_x-ww_e6967989
3BC: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_e6967989
3F0: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9
.0.30729.4148_x-ww_a57c1f53
3F4: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9
.0.30729.4148_x-ww_d495ac4e
3F8: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3
b_9.0.30729.4148_x-ww_15fc9313
3FC: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_e6967989
400: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_473666fd
404: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_e6967989
408: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_473666fd
40C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_e6967989
418: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
434: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
45C: Section
\BaseNamedObjects\MSCTF.Shared.SFM.ELP
-----------------------------------------------------------------------------cmd.exe pid: 4476 NEW-TAW\Eng.Tawfik
C: File (RW-) C:\Documents and Settings\Eng.Tawfik
68: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
98: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
A4: Section
\BaseNamedObjects\f4448e25_0
E0: File (R--) C:\handle.txt
E8: Section
\BaseNamedObjects\ShimSharedMemory
-----------------------------------------------------------------------------handle.exe pid: 5116 NEW-TAW\Eng.Tawfik
C: File (RW-) C:\Documents and Settings\Eng.Tawfik
E0: File (R--) C:\handle.txt
784: Section
\BaseNamedObjects\f4448e25_0
794: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
7C0: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83