Scribd
Upload
236 views24 pages

Handle

Uploaded by

taw1021966m
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
236 views24 pages

Handle

Uploaded by

taw1021966m
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd

Handle v3.

42
Copyright (C) 1997-2008 Mark Russinovich
Sysinternals - [Link]
-----------------------------------------------------------------------------System pid: 4 NT AUTHORITY\SYSTEM
98: File (-WD) C:\WINDOWS\system32\drivers\[Link]
524: File (R--) C:\System Volume Information\_restore{B6705E1A-C2D9-4762-83
B2-49803872FE9A}\RP473\[Link]
844: File (RW-) C:\Program Files\eScan\vxp64db
848: File (RW-) C:\Program Files\eScan\Warns
84C: File (RW-) C:\Program Files\eScan\w2kdb
850: File (RW-) C:\Program Files\eScan\vdb64
854: File (RW-) C:\Program Files\eScan\vista32DB
858: File (RW-) C:\Program Files\eScan\Vista
860: File (RW-) C:\Program Files\eScan\vdb32
868: File (RW-) C:\Program Files\eScan\TSpam
878: File (RW-) C:\Program Files\Common Files\MicroWorld\WGWIN
884: File (RW-) C:\Program Files\Common Files\MicroWorld\Agent
88C: File (RW-) C:\Documents and Settings\All Users\Application Data\MicroW
orld\eScanBD\plugins
890: File (RW-) C:\Program Files\eScan\DEBUG
894: File (RW-) C:\Documents and Settings\All Users\Application Data\MicroW
orld\eScanBD\AVCBack
898: File (R--) C:\WINDOWS\system32\drivers\[Link]
89C: File (RW-) C:\Program Files\eScan\Groups
8A4: File (RW-) C:\Program Files\eScan\FTPTEMP
8A8: File (RW-) C:\Program Files\eScan\EMLTEMP
8B4: File (RW-) C:\Documents and Settings\All Users\Application Data\MicroW
orld\eScanBD\AVCBack\plugins
8B8: File (R--) C:\WINDOWS\system32\drivers\[Link]
97C: File (RW-) C:\Program Files\eScan
994: File (RW-) C:\Documents and Settings\All Users\Application Data\MicroW
orld\eScanBD
9A4: File (RW-) C:\Program Files\eScan\img
9AC: File (RW-) C:\Program Files\eScan\INFECTED
9B8: File (RW-) C:\Program Files\eScan\SETUP
9BC: File (RW-) C:\Program Files\eScan\FBackup
9C0: File (R--) C:\WINDOWS\system32\drivers\etc\hosts
9C4: File (RW-) C:\Program Files\eScan\QUARANT
9C8: File (RW-) C:\Program Files\eScan\JOBS
9CC: File (RW-) C:\Program Files\eScan\Lan
9D0: File (RW-) C:\Program Files\eScan\plugins
9D4: File (RW-) C:\Program Files\eScan\REPORT
9D8: File (RW-) C:\Program Files\eScan\SOUNDS
9DC: File (RW-) C:\Program Files\eScan\SPOOLOUT
9E0: File (RW-) C:\Program Files\eScan\SETUPTMP
109C: File (RW-) C:\Program Files\eScan\THam
16D4: File (--D) C:\WINDOWS\system32\drivers\[Link]
16DC: File (-W-) C:\[Link]
16E4: File (---) C:\WINDOWS\system32\config\[Link]
16E8: File (---) C:\WINDOWS\system32\config\SECURITY
16F4: File (---) C:\WINDOWS\system32\config\system
16F8: File (---) C:\WINDOWS\system32\config\software
16FC: File (---) C:\WINDOWS\system32\config\[Link]
1708: File (---) C:\WINDOWS\system32\config\SAM
170C: File (---) C:\WINDOWS\system32\config\[Link]
1710: File (---) C:\WINDOWS\system32\config\default
1714: File (---) C:\WINDOWS\system32\config\[Link]

1718: File (---) C:\WINDOWS\system32\config\[Link]


178C: File (---) C:\Documents and Settings\NetworkService\Local Settings\App
lication Data\Microsoft\Windows\[Link]
1790: File (---) C:\Documents and Settings\NetworkService\Local Settings\App
lication Data\Microsoft\Windows\[Link]
1798: File (---) C:\Documents and Settings\NetworkService\[Link]
17A4: File (---) C:\Documents and Settings\NetworkService\[Link]
17B0: File (RWD) C:\WINDOWS\system32\drivers
1838: File (---) C:\Documents and Settings\LocalService\Local Settings\Appli
cation Data\Microsoft\Windows\[Link]
1840: File (---) C:\Documents and Settings\LocalService\Local Settings\Appli
cation Data\Microsoft\Windows\[Link]
1844: File (---) C:\Documents and Settings\LocalService\[Link]
1854: File (---) C:\Documents and Settings\LocalService\[Link]
1920: File (RW-) C:\WINDOWS\CSC\00000001
193C: File (---) C:\Documents and Settings\[Link]\[Link]
1948: File (---) C:\Documents and Settings\[Link]\Local Settings\Applica
tion Data\Microsoft\Windows\[Link]
194C: File (---) C:\Documents and Settings\[Link]\[Link]
1954: File (---) C:\Documents and Settings\[Link]\Local Settings\Applica
tion Data\Microsoft\Windows\[Link]
1980: File (---) C:\WINDOWS\system32\drivers\[Link]
1984: File (---) C:\WINDOWS\system32\drivers\[Link]
1988: File (---) C:\WINDOWS\Temp\hlktmp
1994: File (---) C:\WINDOWS\system32\drivers\[Link]
199C: File (---) C:\WINDOWS\system32\drivers\[Link]
-----------------------------------------------------------------------------[Link] pid: 1592 NT AUTHORITY\SYSTEM
8: File (RW-) C:\WINDOWS
1C: File (RW-) C:\WINDOWS\system32
-----------------------------------------------------------------------------[Link] pid: 1680 NT AUTHORITY\SYSTEM
-----------------------------------------------------------------------------[Link] pid: 1704 NT AUTHORITY\SYSTEM
F8: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
128: Section
\BaseNamedObjects\WDMAUD_Callbacks
184: Section
\BaseNamedObjects\ShimSharedMemory
1E8: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
20C: File (RW-) C:\WINDOWS\system32\dllcache
210: File (RW-) C:\WINDOWS\system32
214: File (RW-) C:\WINDOWS\AppPatch
218: File (RW-) C:\Program Files\Common Files\Microsoft Shared\web server e
xtensions\40\isapi\_vti_adm
21C: File (RW-) C:\Program Files\Common Files\Microsoft Shared\web server e
xtensions\40\_vti_bin\_vti_adm
220: File (RW-) C:\WINDOWS\Help
224: File (RW-) C:\Program Files\Common Files\Microsoft Shared\web server e
xtensions\40\isapi\_vti_aut
228: File (RW-) C:\Program Files\Common Files\Microsoft Shared\web server e
xtensions\40\_vti_bin\_vti_aut
22C: File (RW-) C:\WINDOWS\system32\inetsrv
230: File (RW-) C:\Program Files\Common Files\Microsoft Shared\web server e
xtensions\40\bin
234: File (RW-) C:\WINDOWS\Fonts
238: File (RW-) C:\WINDOWS\system32\drivers
23C: File (RW-) C:\Program Files\Common Files\Microsoft Shared\web server e
xtensions\40\servsupp
240: File (RW-) C:\Program Files\Common Files\Microsoft Shared\web server e

xtensions\40\bots\vinavbar
244: File (RW-) C:\Program Files\microsoft frontpage\version3.0\bin
248: File (RW-) C:\Program Files\Common Files\Microsoft Shared\web server e
xtensions\40\_vti_bin
24C: File (RW-) C:\Program Files\Common Files\Microsoft Shared\web server e
xtensions\40\bin\1033
250: File (RW-) C:\Program Files\Common Files\Microsoft Shared\web server e
xtensions\40\isapi
254: File (RW-) C:\WINDOWS
258: File (RW-) C:\Program Files\Common Files\Microsoft Shared\DAO
25C: File (RW-) C:\Program Files\Windows Media Player
260: File (RW-) C:\Program Files\Common Files\System\msadc
264: File (RW-) C:\Program Files\Common Files\System\ado
268: File (RW-) C:\Program Files\Common Files\System\Ole DB
26C: File (RW-) C:\WINDOWS\inf
270: File (RW-) C:\WINDOWS\system
274: File (RW-) C:\WINDOWS\msagent
278: File (RW-) C:\WINDOWS\msagent\intl
27C: File (RW-) C:\Program Files\MSN Gaming Zone\Windows
280: File (RW-) C:\WINDOWS\pchealth\helpctr\binaries
284: File (RW-) C:\Program Files\NetMeeting
288: File (RW-) C:\WINDOWS\system32\drivers\disdn
28C: File (RW-) C:\WINDOWS\ime\CHTIME\Applets
290: File (RW-) C:\WINDOWS\system32\wbem
294: File (RW-) C:\WINDOWS\system32\IME\CINTLGNT
298: File (RW-) C:\WINDOWS\system32\Com
29C: File (RW-) C:\WINDOWS\system32\Setup
2A0: File (RW-) C:\WINDOWS\ime\imjp8_1
2A4: File (RW-) C:\Program Files\Common Files\Microsoft Shared\Triedit
2A8: File (RW-) C:\Program Files\Windows NT
2AC: File (RW-) C:\Program Files\Common Files\System
2B0: File (RW-) C:\WINDOWS\system32\1033
2B4: File (RW-) C:\Program Files\Common Files\Microsoft Shared\web server e
xtensions\40\admcgi\scripts
2B8: File (RW-) C:\Program Files\Common Files\Microsoft Shared\web server e
xtensions\40\admisapi\scripts
2BC: File (RW-) C:\WINDOWS\system32\usmt
2C0: File (RW-) C:\WINDOWS\ime\imkr6_1\dicts
2D8: File (RW-) C:\WINDOWS\system32\mui\0009
2DC: File (RW-) C:\Program Files\Internet Explorer
2E0: File (RW-) C:\WINDOWS\ime\imjp8_1\applets
2E4: File (RW-) C:\WINDOWS\ime\imkr6_1\applets
2E8: File (RW-) C:\WINDOWS\system32\xircom
2EC: File (RW-) C:\Program Files\Internet Explorer\Connection Wizard
2F0: File (RW-) C:\Program Files\Common Files\Microsoft Shared\MSInfo
2F4: File (RW-) C:\WINDOWS\ime\imkr6_1
2F8: File (RW-) C:\WINDOWS\ime\shared
2FC: File (RW-) C:\WINDOWS\system32\IME\PINTLGNT
300: File (RW-) C:\Program Files\Common Files\SpeechEngines\Microsoft\Lexic
on\1033
304: File (RW-) C:\WINDOWS\Resources\Themes\Luna
308: File (RW-) C:\Program Files\Movie Maker
30C: File (RW-) C:\WINDOWS\ime
310: File (RW-) C:\WINDOWS\srchasst
314: File (RW-) C:\Program Files\Outlook Express
318: File (RW-) C:\WINDOWS\system32\oobe
31C: File (RW-) C:\Program Files\Common Files\MSSoap\Binaries
320: File (RW-) C:\Program Files\Common Files\MSSoap\Binaries\Resources\103
3
324: File (RW-) C:\WINDOWS\mui

328: File (RW-) C:\WINDOWS\system32\npp


32C: File (RW-) C:\WINDOWS\ime\shared\res
330: File (RW-) C:\Program Files\Windows NT\Pinball
334: File (RW-) C:\WINDOWS\ime\chsime\applets
338: File (RW-) C:\WINDOWS\system32\Restore
33C: File (RW-) C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS\1
033
340: File (RW-) C:\Program Files\Common Files\Microsoft Shared\Speech
344: File (RW-) C:\WINDOWS\Resources\Themes\Luna\Shell\NormalColor
348: File (RW-) C:\WINDOWS\Resources\Themes\Luna\Shell\Homestead
34C: File (RW-) C:\WINDOWS\Resources\Themes\Luna\Shell\Metallic
350: File (RW-) C:\WINDOWS\system32\wbem\snmp
354: File (RW-) C:\Program Files\Common Files\SpeechEngines\Microsoft
358: File (RW-) C:\Program Files\Common Files\Microsoft Shared\Speech\1033
35C: File (RW-) C:\WINDOWS\PeerNet
360: File (RW-) C:\WINDOWS\system32\spool\drivers\color
364: File (RW-) C:\WINDOWS\system32\IME\TINTLGNT
368: File (RW-) C:\WINDOWS\Help\Tours\mmTour
36C: File (RW-) C:\WINDOWS\pchealth\UploadLB\Binaries
370: File (RW-) C:\Program Files\Common Files\Microsoft Shared\VGX
374: File (RW-) C:\WINDOWS\system32\wbem\xml
378: File (RW-) C:\Program Files\Windows NT\Accessories
37C: File (RW-) C:\WINDOWS\system32\mui\0401
380: File (RW-) C:\WINDOWS\system32\mui\0404
384: File (RW-) C:\WINDOWS\system32\mui\0405
388: File (RW-) C:\WINDOWS\system32\mui\0406
38C: File (RW-) C:\WINDOWS\system32\mui\0407
390: File (RW-) C:\WINDOWS\system32\mui\0408
394: File (RW-) C:\WINDOWS\system32\mui\040b
398: File (RW-) C:\WINDOWS\system32\mui\040C
39C: File (RW-) C:\WINDOWS\system32\mui\040D
3A0: File (RW-) C:\WINDOWS\system32\mui\040e
3A4: File (RW-) C:\WINDOWS\system32\mui\0410
3A8: File (RW-) C:\WINDOWS\system32\mui\0411
3AC: File (RW-) C:\WINDOWS\system32\mui\0412
3B0: File (RW-) C:\WINDOWS\system32\mui\0413
3B4: File (RW-) C:\WINDOWS\system32\mui\0414
3B8: File (RW-) C:\WINDOWS\system32\mui\0415
3BC: File (RW-) C:\WINDOWS\system32\mui\0416
3C0: File (RW-) C:\WINDOWS\system32\mui\0419
3C4: File (RW-) C:\WINDOWS\system32\mui\041b
3C8: File (RW-) C:\WINDOWS\system32\mui\041D
3CC: File (RW-) C:\WINDOWS\system32\mui\041f
3D0: File (RW-) C:\WINDOWS\system32\mui\0424
3D4: File (RW-) C:\WINDOWS\system32\mui\0804
3D8: File (RW-) C:\WINDOWS\system32\mui\0816
3DC: File (RW-) C:\WINDOWS\system32\mui\0C0A
3E0: File (RW-) C:\WINDOWS\system32\mui\0402
3E4: File (RW-) C:\WINDOWS\system32\mui\0418
3E8: File (RW-) C:\WINDOWS\system32\mui\041a
3EC: File (RW-) C:\WINDOWS\system32\mui\041e
3F0: File (RW-) C:\WINDOWS\system32\mui\0425
3F4: File (RW-) C:\WINDOWS\system32\mui\0426
3F8: File (RW-) C:\WINDOWS\system32\mui\0427
3FC: File (RW-) C:\Program Files\xerox\nwwia
418: File (RW-) C:\WINDOWS\WinSxS
618: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
7E4: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83

7F4: Section
\BaseNamedObjects\mmGlobalPnpInfo
880: File (RW-) C:\WINDOWS\system32
8B4: Section
\BaseNamedObjects\f4448e25_0
-----------------------------------------------------------------------------[Link] pid: 1752 NT AUTHORITY\SYSTEM
C: File (RW-) C:\WINDOWS\system32
294: Section
\BaseNamedObjects\ShimSharedMemory
2CC: File (R--) C:\WINDOWS\system32\config\[Link]
2DC: File (R--) C:\WINDOWS\system32\config\[Link]
2EC: File (R--) C:\WINDOWS\system32\config\[Link]
2FC: File (R--) C:\WINDOWS\system32\config\[Link]
30C: File (R--) C:\WINDOWS\system32\config\[Link]
31C: File (R--) C:\WINDOWS\system32\config\[Link]
32C: File (R--) C:\WINDOWS\system32\config\[Link]
33C: File (R--) C:\WINDOWS\system32\config\[Link]
524: Section
\BaseNamedObjects\f4448e25_0
600: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
60C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
-----------------------------------------------------------------------------[Link] pid: 1764 NT AUTHORITY\SYSTEM
C: File (RW-) C:\WINDOWS\system32
80: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
158: Section
\BaseNamedObjects\[Link].6e4
244: File (RW-) C:\WINDOWS\Debug\[Link]
5D0: Section
\BaseNamedObjects\VA_CONFIG_XML
-----------------------------------------------------------------------------[Link] pid: 1960 NT AUTHORITY\SYSTEM
C: File (RW-) C:\WINDOWS\system32
68: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
108: File (---) \Dfs
154: Section
\BaseNamedObjects\RotHintTable
168: Section
\BaseNamedObjects\{A64C7F33-DA35-459b-96CA-63B51FB0CDB9}
388: Section
\BaseNamedObjects\ShimSharedMemory
3BC: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
3C8: Section
\BaseNamedObjects\f4448e25_0
-----------------------------------------------------------------------------[Link] pid: 172 NT AUTHORITY\NETWORK SERVICE
C: File (RW-) C:\WINDOWS\system32
64: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
C8: File (---) \Dfs
17C: Section
\BaseNamedObjects\VA_CONFIG_XML
34C: Section
\BaseNamedObjects\RotHintTable
51C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
-----------------------------------------------------------------------------[Link] pid: 388 NT AUTHORITY\SYSTEM
C: File (RW-) C:\WINDOWS\system32
68: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
210: Section
\BaseNamedObjects\VA_CONFIG_XML
240: File (R--) C:\System Volume Information\[Link]
278: Section
\BaseNamedObjects\AtlDebugAllocator_FileMappingNameStatic3_
184
44C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659

5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
474: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
498: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
4D8: File (R--) C:\WINDOWS\[Link]
578: File (RWD) C:\WINDOWS\Tasks
60C: Section
\BaseNamedObjects\mmGlobalPnpInfo
6C8: Section
\BaseNamedObjects\ShimSharedMemory
788: File (RWD) C:\WINDOWS\pchealth\helpctr\BATCH
7EC: Section
\BaseNamedObjects\RotHintTable
894: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
89C: Section
\BaseNamedObjects\AtlDebugAllocator_FileMappingNameStatic3_
184
8A0: Section
\BaseNamedObjects\AtlDebugAllocator_FileMappingNameStatic3_
184
8B4: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
924: Section
\BaseNamedObjects\SENS Information Cache
968: File (---) \FileSystem\Filters\SystemRestore
A4C: File (RWD) C:\WINDOWS\system32\wbem\mof
A78: Section
\BaseNamedObjects\AtlDebugAllocator_FileMappingNameStatic3_
184
A80: File (RW-) C:\WINDOWS\[Link]
A84: File (RW-) C:\WINDOWS\[Link]
A88: File (RW-) C:\WINDOWS\[Link]
A8C: File (RW-) C:\WINDOWS\[Link]
A90: File (RW-) C:\WINDOWS\[Link]
AA0: File (RW-) C:\WINDOWS\[Link]
AA4: File (RW-) C:\WINDOWS\[Link]
AA8: File (RW-) C:\WINDOWS\[Link]
AAC: File (RW-) C:\WINDOWS\[Link]
AB0: File (RW-) C:\WINDOWS\[Link]
AB4: File (RW-) C:\WINDOWS\[Link]
AB8: File (RW-) C:\WINDOWS\[Link]
ABC: File (RW-) C:\WINDOWS\[Link]
AC0: File (RW-) C:\WINDOWS\[Link]
AC4: File (RW-) C:\WINDOWS\[Link]
AC8: File (RW-) C:\WINDOWS\[Link]
ACC: File (RW-) C:\WINDOWS\[Link]
AE4: File (RW-) C:\WINDOWS\[Link]
AF8: File (RW-) C:\WINDOWS\[Link]
AFC: File (RW-) C:\WINDOWS\[Link]
B00: File (RW-) C:\WINDOWS\[Link]
B04: File (RW-) C:\WINDOWS\[Link]
B10: File (RW-) C:\WINDOWS\[Link]
B70: File (R--) C:\WINDOWS\system32\wbem\Repository\FS\[Link]
B74: File (R--) C:\WINDOWS\system32\wbem\Repository\FS\[Link]
B78: File (R--) C:\WINDOWS\system32\wbem\Repository\FS\[Link]
B7C: File (R--) C:\WINDOWS\system32\wbem\Repository\FS\[Link]
B80: File (R--) C:\WINDOWS\system32\wbem\Repository\FS\[Link]
B84: File (R--) C:\WINDOWS\system32\wbem\Repository\FS\[Link]
B88: File (R--) C:\WINDOWS\system32\wbem\Repository\FS\[Link]
BEC: Section
\BaseNamedObjects\Wmi Provider Sub System Counters
C80: File (R--) C:\WINDOWS\SoftwareDistribution\[Link]
E10: File (---) C:\WINDOWS\system32\CatRoot2\[Link]
E84: File (R--) C:\Documents and Settings\All Users\Application Data\Micros
oft\Network\Downloader\[Link]
E88: File (R--) C:\Documents and Settings\All Users\Application Data\Micros

oft\Network\Downloader\[Link]
EEC: Section
\BaseNamedObjects\f4448e25_0
F28: File (---) C:
F30: File (R--) D:\System Volume Information\[Link]
1118: File (---) D:
111C: File (RWD) D:\$Extend\$ObjId
1144: Section
\BaseNamedObjects\GDA: ESENT Performance Data Schema Versi
on 40
1160: Section
\BaseNamedObjects\IDA0: ESENT Performance Data Schema Vers
ion 40
1208: File (RWD) C:\$Extend\$ObjId
12B4: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
1468: File (R--) C:\WINDOWS\system32\[Link]
14D4: Section
\BaseNamedObjects\[Link].184
17D0: File (RW-) C:\Documents and Settings\NetworkService\Cookies\[Link]
17D4: File (---) C:\WINDOWS\system32\CatRoot2\[Link]
19D8: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
1A68: File (RW-) C:\Documents and Settings\NetworkService\Local Settings\Tem
porary Internet Files\Content.IE5\[Link]
1A6C: Section
\BaseNamedObjects\C:_Documents and Settings_NetworkService_
Local Settings_Temporary Internet Files_Content.IE5_index.dat_32768
1A78: Section
\BaseNamedObjects\C:_Documents and Settings_NetworkService_
Cookies_index.dat_16384
1A80: Section
\BaseNamedObjects\C:_Documents and Settings_NetworkService_
Local Settings_History_History.IE5_index.dat_16384
1A88: File (RW-) C:\Documents and Settings\NetworkService\Local Settings\His
tory\History.IE5\[Link]
1B1C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
1B24: File (---) E:
1B28: File (R--) E:\System Volume Information\[Link]
1B2C: File (RWD) E:\$Extend\$ObjId
-----------------------------------------------------------------------------[Link] pid: 568 NT AUTHORITY\NETWORK SERVICE
C: File (RW-) C:\WINDOWS\system32
64: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
D8: File (RWD) C:\WINDOWS\system32\drivers\etc
14C: Section
\BaseNamedObjects\VA_CONFIG_XML
1C8: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
-----------------------------------------------------------------------------[Link] pid: 744 NT AUTHORITY\LOCAL SERVICE
C: File (RW-) C:\WINDOWS\system32
64: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
168: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
198: File (RW-) C:\Documents and Settings\LocalService\Local Settings\Tempo
rary Internet Files\Content.IE5\[Link]
1A4: Section
\BaseNamedObjects\C:_Documents and Settings_LocalService_Lo
cal Settings_Temporary Internet Files_Content.IE5_index.dat_32768
1A8: File (RW-) C:\Documents and Settings\LocalService\Cookies\[Link]
1B0: Section
\BaseNamedObjects\C:_Documents and Settings_LocalService_Co
okies_index.dat_16384
1B4: File (RW-) C:\Documents and Settings\LocalService\Local Settings\Histo
ry\History.IE5\[Link]
1BC: Section
\BaseNamedObjects\C:_Documents and Settings_LocalService_Lo

cal Settings_History_History.IE5_index.dat_16384
2FC: Section
\BaseNamedObjects\VA_CONFIG_XML
-----------------------------------------------------------------------------[Link] pid: 944 NT AUTHORITY\SYSTEM
C: File (RW-) C:\WINDOWS\system32
68: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
1DC: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_e6967989
208: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_e6967989
310: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
338: Section
\BaseNamedObjects\f4448e25_0
-----------------------------------------------------------------------------[Link] pid: 1188 NT AUTHORITY\SYSTEM
C: File (RW-) C:\WINDOWS\system32
40: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
94: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
F0: Section
\BaseNamedObjects\f4448e25_0
-----------------------------------------------------------------------------[Link] pid: 1200 NT AUTHORITY\SYSTEM
68: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
B8: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
13C: File (RW-) C:\Program Files\Common Files\Akamai
1E8: File (RW-) C:\Program Files\Common Files\Akamai\Logs\[Link]
234: Section
\BaseNamedObjects\VA_CONFIG_XML
24C: File (RW-) C:\WINDOWS\Temp\Perflib_Perfdata_4b0.dat
254: Section
\BaseNamedObjects\Perflib_Perfdata_4b0
448: Section
\BaseNamedObjects\f4448e25_0
-----------------------------------------------------------------------------[Link] pid: 1216 NT AUTHORITY\SYSTEM
C: File (RW-) C:\WINDOWS\system32
6C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
A0: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
DC: Section
\BaseNamedObjects\f4448e25_0
-----------------------------------------------------------------------------[Link] pid: 1256 NT AUTHORITY\LOCAL SERVICE
C: File (RW-) C:\WINDOWS\system32
64: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
178: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
-----------------------------------------------------------------------------[Link] pid: 1408 NT AUTHORITY\SYSTEM
-----------------------------------------------------------------------------[Link] pid: 1560 NEW-TAW\[Link]
C: File (RW-) C:\WINDOWS\system32
40: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
44: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
74: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83

120: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659


5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
134: Section
\BaseNamedObjects\HA_00000618
190: File (RW-) C:\Documents and Settings\[Link]\Local Settings\Tempora
ry Internet Files\Content.IE5\[Link]
194: Section
\BaseNamedObjects\C:_Documents and Settings_Eng.Tawfik_Loca
l Settings_Temporary Internet Files_Content.IE5_index.dat_8585216
19C: File (RW-) C:\Documents and Settings\[Link]\Cookies\[Link]
1A0: Section
\BaseNamedObjects\C:_Documents and Settings_Eng.Tawfik_Cook
ies_index.dat_245760
1A8: File (RW-) C:\Documents and Settings\[Link]\Local Settings\History
\History.IE5\[Link]
1AC: Section
\BaseNamedObjects\C:_Documents and Settings_Eng.Tawfik_Loca
l Settings_History_History.IE5_index.dat_1638400
220: Section
\BaseNamedObjects\VA_CONFIG_XML
2A4: Section
\BaseNamedObjects\SBLSPACCELERATIONIPLIST2_G
2D4: Section
\BaseNamedObjects\CiceroSharedMemDefaultS-1-5-21-4847638691078081533-839522115-1003
2F0: Section
\BaseNamedObjects\[Link]-1-5-21-48476
[Link]-1-5-21-484763869-1078081533-839522115
-1003
2F4: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9
.0.30729.4148_x-ww_d495ac4e
2FC: Section
\BaseNamedObjects\ShimSharedMemory
3C0: Section
\BaseNamedObjects\f4448e25_0
-----------------------------------------------------------------------------[Link] pid: 1608 NEW-TAW\[Link]
C: File (RW-) C:\Documents and Settings\[Link]
44: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
48: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
98: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
9C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
A8: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
CC: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
D8: Section
\BaseNamedObjects\ShimSharedMemory
15C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9
.0.30729.4148_x-ww_a57c1f53
164: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3
b_9.0.30729.4148_x-ww_15fc9313
168: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9
.0.30729.4148_x-ww_d495ac4e
16C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_e6967989
174: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_e6967989
178: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_473666fd
17C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_473666fd
180: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_e6967989
18C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
1A8: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659

5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
1B8: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
274: Section
\BaseNamedObjects\[Link]
288: File (RWD) C:\Documents and Settings\[Link]\Desktop
294: Section
\BaseNamedObjects\[Link]
MFF
29C: Section
\BaseNamedObjects\[Link]
2A0: Section
\BaseNamedObjects\[Link]
MFF
2A4: File (RWD) C:\Documents and Settings\All Users\Desktop
2A8: File (RWD) C:\Documents and Settings\[Link]\Local Settings\Applica
tion Data\Microsoft\CD Burning
2C0: Section
\BaseNamedObjects\CiceroSharedMemDefaultS-1-5-21-4847638691078081533-839522115-1003
330: Section
\BaseNamedObjects\[Link]
394: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_e6967989
398: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_473666fd
3AC: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
3CC: Section
\BaseNamedObjects\UrlZonesSM_Eng.Tawfik
408: Section
\BaseNamedObjects\C:_Documents and Settings_Eng.Tawfik_Cook
ies_index.dat_245760
40C: Section
\BaseNamedObjects\windows_shell_global_counters
410: File (RWD) C:\Documents and Settings\[Link]\My Documents\TAW
418: File (RWD) C:\Documents and Settings\[Link]\My Documents
424: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
434: File (RW-) C:\Documents and Settings\[Link]\Cookies\[Link]
43C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
44C: Section
\BaseNamedObjects\C:_Documents and Settings_Eng.Tawfik_Loca
l Settings_Temporary Internet Files_Content.IE5_index.dat_8585216
458: File (RWD) C:\Documents and Settings\[Link]\Desktop\GAMES
45C: File (RW-) C:\Documents and Settings\[Link]\Local Settings\History
\History.IE5\[Link]
488: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
494: File (RW-) C:\Documents and Settings\[Link]\Local Settings\Tempora
ry Internet Files\Content.IE5\[Link]
49C: Section
\BaseNamedObjects\C:_Documents and Settings_Eng.Tawfik_Loca
l Settings_History_History.IE5_index.dat_1638400
4A0: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9
.0.30729.4148_x-ww_d495ac4e
4BC: File (RWD) C:\Documents and Settings\[Link]\Local Settings\Applica
tion Data\Microsoft\Portable Devices
4D8: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
4E4: File (RWD) C:\Documents and Settings\[Link]\Application Data\Micro
soft\Internet Explorer\Quick Launch
4F0: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9
.0.30729.4148_x-ww_d495ac4e
4F4: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
52C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
530: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83

568: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659


5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
5A4: Section
\BaseNamedObjects\mmGlobalPnpInfo
5C8: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
5CC: File (RWD) C:\Documents and Settings\[Link]\PrintHood
5E4: Section
\BaseNamedObjects\WDMAUD_Callbacks
60C: Section
\BaseNamedObjects\[Link]-1-5-21-48476
[Link]-1-5-21-484763869-1078081533-839522115
-1003
614: Section
\BaseNamedObjects\[Link]-1-5-21-484
763869-1078081533-839522115-1003
618: Section
\BaseNamedObjects\AtlDebugAllocator_FileMappingNameStatic3_
648
624: Section
\BaseNamedObjects\AtlDebugAllocator_FileMappingNameStatic3_
648
65C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
660: File (---) \Dfs
670: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
674: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9
.0.30729.4148_x-ww_d495ac4e
688: Section
\BaseNamedObjects\C:_Documents and Settings_Eng.Tawfik_Loca
l Settings_History_History.IE5_MSHist012011071320110714_index.dat_32768
68C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9
.0.30729.4148_x-ww_d495ac4e
698: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9
.0.30729.4148_x-ww_d495ac4e
6A4: Section
\BaseNamedObjects\[Link]
6A8: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_e6967989
6B0: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_473666fd
6D4: Section
\BaseNamedObjects\[Link]
6DC: Section
\BaseNamedObjects\[Link]
700: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_e6967989
70C: Section
\BaseNamedObjects\[Link]
724: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9
.0.30729.4148_x-ww_d495ac4e
734: Section
\BaseNamedObjects\[Link]..LBFAB
74C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
758: Section
\BaseNamedObjects\DfSharedHeap59824
780: File (RWD) C:\Documents and Settings\[Link]\Start Menu
788: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9
.0.30729.4148_x-ww_353599c2
794: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9
.0.30729.4148_x-ww_d495ac4e
7A8: File (RWD) C:\Documents and Settings\All Users\Start Menu
7B4: Section
\BaseNamedObjects\[Link]
7CC: Section
\BaseNamedObjects\[Link]
MFF
7D4: Section
\BaseNamedObjects\[Link]
7DC: Section
\BaseNamedObjects\[Link]
84C: Section
\BaseNamedObjects\[Link]
OE
860: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144c
cf1df_1.0.2600.5512_x-ww_dfb54e0c

890: Section
\BaseNamedObjects\[Link]
MFF
898: Section
\BaseNamedObjects\[Link]
MFF
8B8: File (RW-) C:\Documents and Settings\[Link]\Local Settings\History
\History.IE5\MSHist012011071320110714\[Link]
8BC: Section
\BaseNamedObjects\[Link]
8C0: Section
\BaseNamedObjects\[Link]
KJF
8C8: Section
\BaseNamedObjects\[Link]
8F0: Section
\BaseNamedObjects\[Link]
90C: File (RWD) C:\Documents and Settings\[Link]\Application Data\Micro
soft\SystemCertificates\My
940: Section
\BaseNamedObjects\[Link]
950: Section
\BaseNamedObjects\f4448e25_0
9C4: Section
\BaseNamedObjects\[Link]
BF
A6C: File (RWD) C:\
A74: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
AD8: Section
\BaseNamedObjects\[Link]
B18: Section
\BaseNamedObjects\SENS Information Cache
B4C: Section
\BaseNamedObjects\[Link]
B70: Section
\BaseNamedObjects\VA_CONFIG_XML
B8C: Section
\BaseNamedObjects\[Link]
BAC: File (RWD) C:\Documents and Settings\[Link]\Application Data\Micro
soft\SystemCertificates\My
BC8: Section
\BaseNamedObjects\[Link]
C34: Section
\BaseNamedObjects\[Link]
-----------------------------------------------------------------------------[Link] pid: 1788 NT AUTHORITY\SYSTEM
-----------------------------------------------------------------------------[Link] pid: 1844 NT AUTHORITY\SYSTEM
-----------------------------------------------------------------------------[Link] pid: 1768 NEW-TAW\[Link]
C: File (RW-) C:\Documents and Settings\[Link]
54: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
CC: Section
\BaseNamedObjects\ShimSharedMemory
F4: Section
\BaseNamedObjects\mmGlobalPnpInfo
118: Section
\BaseNamedObjects\WDMAUD_Callbacks
14C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9
.0.30729.4148_x-ww_d495ac4e
1D0: Section
\BaseNamedObjects\DirectSound Administrator shared thread a
rray
258: Section
\BaseNamedObjects\f4448e25_0
260: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
2D4: Section
\BaseNamedObjects\[Link]-1-5-21-48476
[Link]-1-5-21-484763869-1078081533-839522115
-1003
2F8: Section
\BaseNamedObjects\DirectSound Administrator capture focus a
rray
300: Section
\BaseNamedObjects\CiceroSharedMemDefaultS-1-5-21-4847638691078081533-839522115-1003
-----------------------------------------------------------------------------[Link] pid: 280 NEW-TAW\[Link]
C: File (RW-) C:\Documents and Settings\[Link]
10: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_e6967989

1C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8


.0.50727.4053_x-ww_e6967989
20: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_473666fd
24: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_473666fd
28: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_e6967989
54: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
84: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
98: Section
\BaseNamedObjects\ShimSharedMemory
170: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_e6967989
178: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_473666fd
17C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
180: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_e6967989
184: Section
\BaseNamedObjects\Groove:FileWatermark:[KwjfssMQlBJxWR6BbEb
VcO+uxPI=]
18C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_473666fd
19C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
1A0: File (RWD) C:\Documents and Settings\[Link]\Recent
1A4: Section
\BaseNamedObjects\CiceroSharedMemDefaultS-1-5-21-4847638691078081533-839522115-1003
1C0: Section
\BaseNamedObjects\f4448e25_0
1D4: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
-----------------------------------------------------------------------------[Link] pid: 372 NEW-TAW\[Link]
C: File (RW-) C:\Documents and Settings\[Link]
64: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
94: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
98: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
A0: Section
\BaseNamedObjects\ShimSharedMemory
11C: Section
\BaseNamedObjects\CiceroSharedMemDefaultS-1-5-21-4847638691078081533-839522115-1003
134: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
168: Section
\BaseNamedObjects\f4448e25_0
-----------------------------------------------------------------------------[Link] pid: 484 NEW-TAW\[Link]
4C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
5C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
60: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
AC: File (RW-) C:\Program Files\Common Files\ArcSoft\Connection Service\Bi
n
B8: Section
\BaseNamedObjects\ShimSharedMemory
D0: Section
\BaseNamedObjects\ArcUpdateService_CmdLineMap_20080627

D8: Section
\BaseNamedObjects\CiceroSharedMemDefaultS-1-5-21-4847638691078081533-839522115-1003
10C: File (RW-) C:\Documents and Settings\[Link]\Local Settings\Tempora
ry Internet Files\Content.IE5\[Link]
110: Section
\BaseNamedObjects\C:_Documents and Settings_Eng.Tawfik_Loca
l Settings_Temporary Internet Files_Content.IE5_index.dat_8585216
118: File (RW-) C:\Documents and Settings\[Link]\Cookies\[Link]
11C: Section
\BaseNamedObjects\C:_Documents and Settings_Eng.Tawfik_Cook
ies_index.dat_245760
124: File (RW-) C:\Documents and Settings\[Link]\Local Settings\History
\History.IE5\[Link]
128: Section
\BaseNamedObjects\C:_Documents and Settings_Eng.Tawfik_Loca
l Settings_History_History.IE5_index.dat_1638400
17C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
1B4: Section
\BaseNamedObjects\SENS Information Cache
1C4: Section
\BaseNamedObjects\f4448e25_0
-----------------------------------------------------------------------------[Link] pid: 528 NEW-TAW\[Link]
C: File (RW-) C:\Documents and Settings\[Link]
44: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
AC: Section
\BaseNamedObjects\ShimSharedMemory
D4: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
154: Section
\BaseNamedObjects\RotHintTable
1B0: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9
.0.30729.4148_x-ww_d495ac4e
1B4: Section
\BaseNamedObjects\CiceroSharedMemDefaultS-1-5-21-4847638691078081533-839522115-1003
1F8: Section
\BaseNamedObjects\f4448e25_0
-----------------------------------------------------------------------------[Link] pid: 556 NEW-TAW\[Link]
C: File (RW-) C:\Documents and Settings\[Link]
68: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
78: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
88: Section
\BaseNamedObjects\f4448e25_0
-----------------------------------------------------------------------------[Link] pid: 684 NT AUTHORITY\SYSTEM
-----------------------------------------------------------------------------[Link] pid: 1032 NT AUTHORITY\SYSTEM
C: File (RW-) C:\WINDOWS\system32
10: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_e6967989
70: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
84: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
D8: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
298: File (RWD) C:\WINDOWS\system32\config\systemprofile\Application Data\M
icrosoft\SystemCertificates\My
358: Section
\BaseNamedObjects\f4448e25_0
-----------------------------------------------------------------------------[Link] pid: 1120 NEW-TAW\[Link]
-----------------------------------------------------------------------------[Link] pid: 1840 NT AUTHORITY\SYSTEM
C: File (RW-) C:\WINDOWS\system32

8C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659


5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
BC: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
C8: Section
\BaseNamedObjects\f4448e25_0
-----------------------------------------------------------------------------[Link] pid: 2124 NT AUTHORITY\SYSTEM
C: File (RW-) C:\WINDOWS\system32
50: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
FC: Section
\BaseNamedObjects\VA_CONFIG_XML
110: File (RW-) C:\WINDOWS\Temp\Perflib_Perfdata_84c.dat
114: Section
\BaseNamedObjects\Perflib_Perfdata_84c
28C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
294: Section
\BaseNamedObjects\ShimSharedMemory
29C: Section
\BaseNamedObjects\f4448e25_0
-----------------------------------------------------------------------------[Link] pid: 2260 NT AUTHORITY\SYSTEM
C: File (RW-) C:\WINDOWS\system32
10: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_e6967989
1C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_e6967989
20: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_e6967989
4C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
B4: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
C0: Section
\BaseNamedObjects\f4448e25_0
-----------------------------------------------------------------------------[Link] pid: 2376 NT AUTHORITY\SYSTEM
-----------------------------------------------------------------------------[Link] pid: 2380 NT AUTHORITY\SYSTEM
C: File (RW-) C:\WINDOWS\system32
40: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
DC: Section
\BaseNamedObjects\McciLogger::Logger::Mapping::3.0
1C8: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
1D0: Section
\BaseNamedObjects\f4448e25_0
-----------------------------------------------------------------------------[Link] pid: 2500 NEW-TAW\[Link]
C: File (RW-) C:\Documents and Settings\[Link]
3C: Section
\BaseNamedObjects\CiceroSharedMemDefaultS-1-5-21-4847638691078081533-839522115-1003
78: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
80: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
90: Section
\BaseNamedObjects\[Link]-1-5-21-48476
[Link]-1-5-21-484763869-1078081533-839522115
-1003
98: Section
\BaseNamedObjects\[Link]-1-5-21-484
763869-1078081533-839522115-1003
A4: Section
\BaseNamedObjects\[Link]-1-5-21-48476
3869-1078081533-839522115-1003
A8: Section
\BaseNamedObjects\[Link]-1-5-21-48476
3869-1078081533-839522115-1003

110: Section
\BaseNamedObjects\ShimSharedMemory
118: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9
.0.30729.4148_x-ww_d495ac4e
11C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
154: Section
\BaseNamedObjects\f4448e25_0
-----------------------------------------------------------------------------[Link] pid: 2544 NEW-TAW\[Link]
C: File (RW-) C:\Documents and Settings\[Link]
7C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
C0: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
CC: Section
\BaseNamedObjects\CiceroSharedMemDefaultS-1-5-21-4847638691078081533-839522115-1003
E8: Section
\BaseNamedObjects\[Link]-1-5-21-48476
[Link]-1-5-21-484763869-1078081533-839522115
-1003
EC: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
F0: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9
.0.30729.4148_x-ww_d495ac4e
F4: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
1C0: Section
\BaseNamedObjects\ShimSharedMemory
318: Section
\BaseNamedObjects\f4448e25_0
-----------------------------------------------------------------------------[Link] pid: 2716 NT AUTHORITY\SYSTEM
C: File (RW-) C:\WINDOWS\system32
44: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
124: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
188: Section
\BaseNamedObjects\f4448e25_0
-----------------------------------------------------------------------------[Link] pid: 2784 NT AUTHORITY\SYSTEM
-----------------------------------------------------------------------------[Link] pid: 2964 NT AUTHORITY\SYSTEM
C: File (RW-) C:\WINDOWS\system32
90: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
C0: Section
\BaseNamedObjects\ShimSharedMemory
1D0: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
1F8: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
200: Section
\BaseNamedObjects\f4448e25_0
-----------------------------------------------------------------------------[Link] pid: 2996 NT AUTHORITY\SYSTEM
-----------------------------------------------------------------------------[Link] pid: 3092 NT AUTHORITY\SYSTEM
C: File (RW-) C:\WINDOWS\system32
3C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
40: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
74: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
2F0: File (RWD) C:\WINDOWS\system32\config\systemprofile\Application Data\M
icrosoft\SystemCertificates\My

2F4: Section
\BaseNamedObjects\SENS Information Cache
30C: File (RW-) C:\Documents and Settings\LocalService\Local Settings\Histo
ry\History.IE5\[Link]
320: File (RW-) C:\Documents and Settings\LocalService\Local Settings\Tempo
rary Internet Files\Content.IE5\[Link]
328: Section
\BaseNamedObjects\C:_Documents and Settings_LocalService_Lo
cal Settings_Temporary Internet Files_Content.IE5_index.dat_32768
32C: File (RW-) C:\Documents and Settings\LocalService\Cookies\[Link]
330: Section
\BaseNamedObjects\C:_Documents and Settings_LocalService_Co
okies_index.dat_16384
338: Section
\BaseNamedObjects\C:_Documents and Settings_LocalService_Lo
cal Settings_History_History.IE5_index.dat_16384
398: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
42C: Section
\BaseNamedObjects\f4448e25_0
450: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
46C: Section
\BaseNamedObjects\UrlZonesSM_SYSTEM
4AC: Section
\BaseNamedObjects\VA_CONFIG_XML
-----------------------------------------------------------------------------[Link] pid: 3140 NEW-TAW\[Link]
C: File (RW-) C:\Documents and Settings\[Link]
40: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
44: Section
\BaseNamedObjects\CiceroSharedMemDefaultS-1-5-21-4847638691078081533-839522115-1003
60: Section
\BaseNamedObjects\[Link]-1-5-21-48476
[Link]-1-5-21-484763869-1078081533-839522115
-1003
68: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9
.0.30729.4148_x-ww_d495ac4e
6C: Section
\BaseNamedObjects\ShimSharedMemory
74: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
A8: Section
\BaseNamedObjects\f4448e25_0
-----------------------------------------------------------------------------[Link] pid: 3436 NEW-TAW\[Link]
C: File (RW-) C:\Program Files\IVT Corporation\BlueSoleil
1C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144c
cf1df_1.0.2600.5512_x-ww_dfb54e0c
80: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
8C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
E0: Section
\BaseNamedObjects\CiceroSharedMemDefaultS-1-5-21-4847638691078081533-839522115-1003
14C: Section
\BaseNamedObjects\[Link]-1-5-21-48476
[Link]-1-5-21-484763869-1078081533-839522115
-1003
154: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9
.0.30729.4148_x-ww_d495ac4e
17C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
184: Section
\BaseNamedObjects\ShimSharedMemory
23C: Section
\BaseNamedObjects\mmGlobalPnpInfo
24C: Section
\BaseNamedObjects\WDMAUD_Callbacks
29C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
2A0: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83

2A4: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659


5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
39C: Section
\BaseNamedObjects\f4448e25_0
-----------------------------------------------------------------------------[Link] pid: 3480 NT AUTHORITY\SYSTEM
C: File (RW-) C:\WINDOWS\system32
68: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
BC: File (RW-) C:\WINDOWS\Sti_Trace.log
170: File (RW-) C:\WINDOWS\[Link]
1B8: File (RW-) C:\WINDOWS\Sti_Trace.log
1D4: File (RW-) C:\WINDOWS\[Link]
22C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
238: Section
\BaseNamedObjects\f4448e25_0
-----------------------------------------------------------------------------[Link] pid: 3648 NT AUTHORITY\SYSTEM
C: File (RW-) C:\WINDOWS\system32
40: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
F8: Section
\BaseNamedObjects\VA_CONFIG_XML
118: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
20C: Section
\BaseNamedObjects\ShimSharedMemory
290: File (RW-) C:\Documents and Settings\LocalService\Local Settings\Tempo
rary Internet Files\Content.IE5\[Link]
2E8: Section
\BaseNamedObjects\C:_Documents and Settings_LocalService_Lo
cal Settings_Temporary Internet Files_Content.IE5_index.dat_32768
2F4: File (RW-) C:\Documents and Settings\LocalService\Cookies\[Link]
2F8: Section
\BaseNamedObjects\C:_Documents and Settings_LocalService_Lo
cal Settings_History_History.IE5_index.dat_16384
2FC: Section
\BaseNamedObjects\C:_Documents and Settings_LocalService_Co
okies_index.dat_16384
304: File (RW-) C:\Documents and Settings\LocalService\Local Settings\Histo
ry\History.IE5\[Link]
35C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
404: Section
\BaseNamedObjects\SENS Information Cache
444: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
464: Section
\BaseNamedObjects\UrlZonesSM_SYSTEM
46C: Section
\BaseNamedObjects\f4448e25_0
-----------------------------------------------------------------------------[Link] pid: 3716 NT AUTHORITY\SYSTEM
C: File (RW-) C:\WINDOWS\system32
40: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
19C: Section
\BaseNamedObjects\f4448e25_0
1F4: Section
\BaseNamedObjects\VA_CONFIG_XML
214: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
398: File (RWD) C:\WINDOWS\system32\config\systemprofile\Application Data\M
icrosoft\SystemCertificates\My
-----------------------------------------------------------------------------[Link] pid: 2840 NEW-TAW\[Link]
-----------------------------------------------------------------------------[Link] pid: 2832 NT AUTHORITY\LOCAL SERVICE
C: File (RW-) C:\WINDOWS\system32
64: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83

1E0: Section
\BaseNamedObjects\VA_CONFIG_XML
1F4: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
-----------------------------------------------------------------------------[Link] pid: 4044 NEW-TAW\[Link]
C: File (RW-) C:\WINDOWS\system32
3C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
40: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
70: Section
\BaseNamedObjects\CiceroSharedMemDefaultS-1-5-21-4847638691078081533-839522115-1003
8C: Section
\BaseNamedObjects\[Link]-1-5-21-48476
[Link]-1-5-21-484763869-1078081533-839522115
-1003
94: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9
.0.30729.4148_x-ww_d495ac4e
98: Section
\BaseNamedObjects\ShimSharedMemory
CC: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
D4: Section
\BaseNamedObjects\f4448e25_0
-----------------------------------------------------------------------------[Link] pid: 3172 NT AUTHORITY\SYSTEM
C: File (RW-) C:\WINDOWS\system32
68: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
188: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
194: Section
\BaseNamedObjects\f4448e25_0
-----------------------------------------------------------------------------Ymsgr_tray.exe pid: 2688 NEW-TAW\[Link]
C: File (RW-) C:\Documents and Settings\[Link]
10: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_e6967989
1C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
20: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_e6967989
48: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
7C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
90: Section
\BaseNamedObjects\FM_VerboseSharedMemory_2688
98: File (R--) C:\Documents and Settings\[Link]\Local Settings\Applica
tion Data\Yahoo\Y!Msgr\[Link]
A8: Section
\BaseNamedObjects\FM_VerboseSharedMemory_2688
BC: Section
\BaseNamedObjects\CiceroSharedMemDefaultS-1-5-21-4847638691078081533-839522115-1003
D8: Section
\BaseNamedObjects\[Link]-1-5-21-48476
[Link]-1-5-21-484763869-1078081533-839522115
-1003
E0: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9
.0.30729.4148_x-ww_d495ac4e
E4: Section
\BaseNamedObjects\ShimSharedMemory
104: Section
\BaseNamedObjects\f4448e25_0
-----------------------------------------------------------------------------[Link] pid: 3980 NEW-TAW\[Link]
C: File (RW-) C:\DOCUME~1\ENG~[Link]\LOCALS~1\Temp
44: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83

70: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659


5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
80: Section
\BaseNamedObjects\f4448e25_0
C4: Section
\BaseNamedObjects\ShimSharedMemory
-----------------------------------------------------------------------------[Link] pid: 4200 NEW-TAW\[Link]
C: File (RW-) C:\DOCUME~1\ENG~[Link]\LOCALS~1\Temp
490: Section
\BaseNamedObjects\ShimSharedMemory
494: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9
.0.30729.4148_x-ww_d495ac4e
49C: Section
\BaseNamedObjects\[Link]-1-5-21-48476
[Link]-1-5-21-484763869-1078081533-839522115
-1003
4C4: Section
\BaseNamedObjects\CiceroSharedMemDefaultS-1-5-21-4847638691078081533-839522115-1003
4F4: Section
\BaseNamedObjects\SBLSPACCELERATIONIPLIST2_G
580: Section
\BaseNamedObjects\VA_CONFIG_XML
5BC: Section
\BaseNamedObjects\UrlZonesSM_Eng.Tawfik
5DC: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
66C: Section
\BaseNamedObjects\SENS Information Cache
6A4: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
708: Section
\BaseNamedObjects\C:_Documents and Settings_Eng.Tawfik_Loca
l Settings_History_History.IE5_index.dat_1638400
70C: File (RW-) C:\Documents and Settings\[Link]\Local Settings\History
\History.IE5\[Link]
714: Section
\BaseNamedObjects\C:_Documents and Settings_Eng.Tawfik_Cook
ies_index.dat_245760
718: File (RW-) C:\Documents and Settings\[Link]\Cookies\[Link]
720: Section
\BaseNamedObjects\C:_Documents and Settings_Eng.Tawfik_Loca
l Settings_Temporary Internet Files_Content.IE5_index.dat_8585216
728: File (RW-) C:\Documents and Settings\[Link]\Local Settings\Tempora
ry Internet Files\Content.IE5\[Link]
788: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
78C: Section
\BaseNamedObjects\f4448e25_0
794: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
-----------------------------------------------------------------------------[Link] pid: 5124 NEW-TAW\[Link]
C: File (RW-) C:\Documents and Settings\[Link]
48: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
4C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
98: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
9C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
A8: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
CC: Section
\BaseNamedObjects\f4448e25_0
FC: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
114: Section
\BaseNamedObjects\CiceroSharedMemDefaultS-1-5-21-4847638691078081533-839522115-1003
12C: Section
\BaseNamedObjects\[Link]-1-5-21-48476
[Link]-1-5-21-484763869-1078081533-839522115
-1003

134: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9


.0.30729.4148_x-ww_d495ac4e
138: Section
\BaseNamedObjects\ShimSharedMemory
1C8: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
244: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
254: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
274: File (RW-) C:\Documents and Settings\[Link]\Local Settings\Tempora
ry Internet Files\Content.IE5\[Link]
278: Section
\BaseNamedObjects\C:_Documents and Settings_Eng.Tawfik_Loca
l Settings_Temporary Internet Files_Content.IE5_index.dat_8585216
280: File (RW-) C:\Documents and Settings\[Link]\Cookies\[Link]
284: Section
\BaseNamedObjects\C:_Documents and Settings_Eng.Tawfik_Cook
ies_index.dat_245760
28C: File (RW-) C:\Documents and Settings\[Link]\Local Settings\History
\History.IE5\[Link]
290: Section
\BaseNamedObjects\C:_Documents and Settings_Eng.Tawfik_Loca
l Settings_History_History.IE5_index.dat_1638400
2E4: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9
.0.30729.4148_x-ww_a57c1f53
2E8: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9
.0.30729.4148_x-ww_d495ac4e
2EC: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3
b_9.0.30729.4148_x-ww_15fc9313
2F0: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_e6967989
2F4: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_e6967989
2F8: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_473666fd
2FC: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_473666fd
300: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_e6967989
30C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
328: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
37C: Section
\BaseNamedObjects\AskSBar:SrchAs:Shared07042949646954
390: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144c
cf1df_1.0.2600.5512_x-ww_dfb54e0c
3A8: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_e6967989
3B8: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_473666fd
3BC: Section
\BaseNamedObjects\Groove:FileWatermark:[51yBT4wxWJKHjyMo+lj
gGNBEJ/U=]
3C4: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_e6967989
3DC: Section
\BaseNamedObjects\Groove:FileWatermark:[KwjfssMQlBJxWR6BbEb
VcO+uxPI=]
3E8: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_e6967989
3F4: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_473666fd
4B4: Section
\BaseNamedObjects\UrlZonesSM_Eng.Tawfik
4E8: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83

4F4: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9


.0.30729.4148_x-ww_d495ac4e
4F8: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9
.0.30729.4148_x-ww_d495ac4e
4FC: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9
.0.30729.4148_x-ww_d495ac4e
500: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9
.0.30729.4148_x-ww_d495ac4e
508: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9
.0.30729.4148_x-ww_d495ac4e
50C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9
.0.30729.4148_x-ww_353599c2
514: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9
.0.30729.4148_x-ww_d495ac4e
518: Section
\BaseNamedObjects\[Link]
618: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
620: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
668: Section
\BaseNamedObjects\[Link]..CEGL
OD
678: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
68C: Section
\BaseNamedObjects\[Link]-1-5-21-484
763869-1078081533-839522115-1003
698: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
69C: Section
\BaseNamedObjects\WDMAUD_Callbacks
6C0: File (---) \Dfs
6CC: Section
\BaseNamedObjects\[Link]
6E0: Section
\BaseNamedObjects\mmGlobalPnpInfo
720: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
778: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
77C: Section
\BaseNamedObjects\AtlDebugAllocator_FileMappingNameStatic3_
1404
7A4: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_e6967989
7EC: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
860: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
868: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
894: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
-----------------------------------------------------------------------------[Link] pid: 5048 NEW-TAW\[Link]
10: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
68: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
A4: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
B0: Section
\BaseNamedObjects\f4448e25_0
E4: Section
\BaseNamedObjects\CiceroSharedMemDefaultS-1-5-21-4847638691078081533-839522115-1003
FC: Section
\BaseNamedObjects\[Link]-1-5-21-48476
[Link]-1-5-21-484763869-1078081533-839522115

-1003
104: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9
.0.30729.4148_x-ww_d495ac4e
120: Section
\BaseNamedObjects\ShimSharedMemory
1CC: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
22C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
260: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
270: Section
\BaseNamedObjects\DirectSound Administrator shared thread a
rray
27C: Section
\BaseNamedObjects\mmGlobalPnpInfo
28C: Section
\BaseNamedObjects\WDMAUD_Callbacks
320: Section
\BaseNamedObjects\[Link]
328: Section
\BaseNamedObjects\[Link]
334: Section
\BaseNamedObjects\[Link]-1-5-21-484
763869-1078081533-839522115-1003
338: Section
\BaseNamedObjects\[Link]
OBF
344: File (RW-) C:\downloads\virus
390: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
3C0: File (RW-) C:\WINDOWS\system32\[Link]
3C8: File (RW-) C:\WINDOWS\system32\Macromed\Flash\[Link]
3E4: Section
\BaseNamedObjects\DirectSound Administrator capture focus a
rray
-----------------------------------------------------------------------------[Link] pid: 504 NEW-TAW\[Link]
C: File (RW-) C:\downloads\virus
10: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
54: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
88: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
94: Section
\BaseNamedObjects\f4448e25_0
CC: File (RW-) C:\DOCUME~1\ENG~[Link]\LOCALS~1\Temp\Perflib_Perfdata_1f8.da
t
D0: Section
\BaseNamedObjects\Perflib_Perfdata_1f8
1DC: Section
\BaseNamedObjects\CiceroSharedMemDefaultS-1-5-21-4847638691078081533-839522115-1003
1F4: Section
\BaseNamedObjects\[Link]-1-5-21-48476
[Link]-1-5-21-484763869-1078081533-839522115
-1003
1FC: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9
.0.30729.4148_x-ww_d495ac4e
200: Section
\BaseNamedObjects\ShimSharedMemory
21C: Section
\BaseNamedObjects\[Link]-1-5-21-484
763869-1078081533-839522115-1003
228: Section
\BaseNamedObjects\[Link]
22C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
278: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_e6967989
2E4: Section
\BaseNamedObjects\RSVP_STATS
2E8: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_e6967989
2EC: Section
\BaseNamedObjects\MSIDLPM_STATS
304: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8

.0.50727.4053_x-ww_e6967989
3BC: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_e6967989
3F0: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9
.0.30729.4148_x-ww_a57c1f53
3F4: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9
.0.30729.4148_x-ww_d495ac4e
3F8: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3
b_9.0.30729.4148_x-ww_15fc9313
3FC: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_e6967989
400: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_473666fd
404: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_e6967989
408: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_473666fd
40C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8
.0.50727.4053_x-ww_e6967989
418: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
434: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
45C: Section
\BaseNamedObjects\[Link]
-----------------------------------------------------------------------------[Link] pid: 4476 NEW-TAW\[Link]
C: File (RW-) C:\Documents and Settings\[Link]
68: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
98: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
A4: Section
\BaseNamedObjects\f4448e25_0
E0: File (R--) C:\[Link]
E8: Section
\BaseNamedObjects\ShimSharedMemory
-----------------------------------------------------------------------------[Link] pid: 5116 NEW-TAW\[Link]
C: File (RW-) C:\Documents and Settings\[Link]
E0: File (R--) C:\[Link]
784: Section
\BaseNamedObjects\f4448e25_0
794: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
7C0: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.[Link]-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83

You might also like