[builder4580]

Left running for 10hrs - still the same message
scanning for infected files
this typically doesn't take more than 10 minutes.
However scan times for badly infected machines may easily double

But ... before this message appeared, I briefly noticed a message that
said Access denied. Administration permissions are needed to use the
selected options ... the the program continued and the above 'scanning
for infected files..' appeared, so didn't pay it any attention.
The 'Access denied' has appeared on all ComboFix scans to date.

[edit]The AVG warning popup is still appearing prior to beginning the scan.

Edited by builder4580, 14 January 2012 - 08:01 PM.

[Advertisements]

Yes, 20 minutes may just not be enough.

[Jintan]

Yes, 20 minutes may just not be enough.

[builder4580]

Did you see my post on page 3?

[Jintan]

No, missed it earlier. AVG may have a leftover, inactive setting , and that s what ComboFix is picking up. We can address that in a while. Did you right click ComboFix.exe, and select "Run as administrator"?

[builder4580]

Yes. I ran as admin - that is when I got the access denied message momentarily,
then the scanning for infected files message - so I assumed everything was scanning.
When no log file after 10 hours, I thought maybe the Access Denied may be significant.

[Jintan]

It's likely some malware monitoring going on, but let's check, before we change tactics. Sorry about these delays in the repairs.

Go to Start Search, type cmd.exe in the Start Search box. Cmd.exe will appear at the top of the Menu. Rightclick on it and choose "Run as administrator". At the prompt copy/paste the following, pressing Enter after each:

net user administrator /active:yes

Then type exit and press Enter to close that window.

Reboot to Safe Mode, and log in as the Administrator account. Then try ComboFix again please.

[builder4580]

Now when I restart or reboot my computer, I get a popup - The recycle bin on C:\ is corrupted.
Do you want to empty the recycle bin for this drive - I have been clicking OK, the I get another popup
- Windows needs to install driver software for your Matshita DVD+ -RW UJ-857G ATA drive. When I click the install option I get a message that the software was installed successfully.... but I get this same message and same
result every time I start/reboot. I realize the system is still not recognizing the dvd drive, so don't know where the successful installation is going! Now I just x out of dvd driver popup.

[Jintan]

We're cross posting. We will address all those issues as we go. For now, try my previous steps please.

[builder4580]

Ran Combofix overnight - 8.5hrs. No change.
still at the same progress message .....
scanning for infected files
this typically doesn't take more than 10 minutes.
However scan times for badly infected machines may easily double.

Not at all worried about the delays - just extremely thankful to
finally be getting help, and also a thorough clean.

[Jintan]

I did another check of TDSSkiller's results, and see that cdrom driver was not likely a malware trick after all. But not seeing what is causing ComboFix to hang yet.

Go to Start Search, type cmd.exe in the Start Search box. Cmd.exe will appear at the top of the Menu. Rightclick on it and choose "Run as administrator". At the prompt copy/paste the following, pressing Enter after each:

sc config cdrom start= system

You should get a "Success" confirmation. Then just type exit and press Enter to close the command window.

-----------

Let's see if other scans lead us to some problem sources.

Open and update Malwarebytes.

* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform quick scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by Malwarebytes and can be viewed by clicking the Logs tab in Malwarebytes.
* Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.

---------------

Disable your antivirus program and click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file to run the scanner.

If you accept the Terms of Use, check the box and click Start. It will take a couple minutes for the scanner to get ready. When the Computer scan settings display shows, check the following boxes:

Remove found threats
Scan unwanted applications

Next to "Current scan targets: Operating memory, Local drives", click the "Change" word. Make sure you place a check next to all disk drives, including any external drives that are attached (no need to check off the floppy or DVD/CD-Rom drives).

Then click the Advanced option, the place a check next to the following (if it is not already checked):

Enable Anti-Stealth technology

Click Start. This scan may take a while, so please be patient.

If infection is found, at the end of the scan click "List of found threats".

In that display, at the bottom, select the option to save the results as a text file, and save that to your desktop. Post that back here please.

Post that log and the Malwarebytes log please.

[builder4580]

Here's my MBAM log - continuing with other instructions.

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.15.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
cormact :: CORMACT-PC [administrator]

1/15/2012 9:33:42 PM
mbam-log-2012-01-15 (21-33-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 189084
Time elapsed: 6 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

[builder4580]

Eset - no threats found in second run, no log generated.
I started first run, and after about 43% done realized I hadn't
adjusted the settings per instructions, so stopped and restarted with correct settings. The first run had detected the threat Win32/DownloadAdmin.A.Gen application.
Here is the log of that run:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=598bce765abe234b82691b710c4f6ca5
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-16 05:12:47
# local_time=2012-01-15 11:12:47 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1024 16777215 100 0 8286837 8286837 0 0
# compatibility_mode=5892 16776574 66 100 20477227 163294538 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=149783
# found=1
# cleaned=1
# scan_time=3757
C:\Users\cormact\Downloads\vlcmediaplayer-setup.exe Win32/DownloadAdmin.A.Gen application (deleted - quarantined) 00000000000000000000000000000000 C
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=598bce765abe234b82691b710c4f6ca5
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-16 06:48:53
# local_time=2012-01-16 12:48:53 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1024 16777215 100 0 8291016 8291016 0 0
# compatibility_mode=5892 16776574 66 100 20481406 163298717 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=179633
# found=0
# cleaned=0
# scan_time=5343

Edited by builder4580, 16 January 2012 - 08:47 AM.

[Jintan]

No hints in those, though they also located no active malware.

Click here and download jpshortstuff's SystemLook to your desktop, then click that file to open the scan display. In the open textbox, copy and paste the following (inside the Code box below):

:regfind
NewStartPanel

Then click Look. Once the scan completes Notepad will open - copy/paste those contents back here please. That will also be saved as a log where you have the scan file, named SystemLook.txt.

---------

Go here and download Mark Russinovich's Handle, unzip that, and place a copy of handle.exe directly in your C drive folder (so it will then be C:\handle.exe).

Go to Start Search, type cmd.exe in the Start Search box. Cmd.exe will appear at the top of the Menu. Rightclick on it and choose "Run as administrator". At the prompt copy/paste the following, pressing Enter after each:

cd\

handle.exe > c:\oboo.txt&c:\oboo.txt

When that scan completes a textbox will open (also located at C:\oboo.txt).

That will likely be a corker of a log file. If so, please zip a copy of it, and send it to jintan AT malwarecrypt.com as an attachment. Please place "Submitted Files -builder4580/g2g/handle" as the email Subject.

May want to try posting it here first, to make things easier if it isn't too large to post.

[builder4580]

SystemLook 30.07.11 by jpshortstuff
Log created at 18:08 on 16/01/2012 by cormact
Administrator - Elevation successful

========== regfind ==========

Searching for "NewStartPanel"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\HideDesktopIcons\NewStartPanel]

-= EOF =-

[builder4580]

Do you still want the file zipped?

Handle v3.46
Copyright © 1997-2011 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
System pid: 4 \<unable to open process>
30: File (---) C:\System Volume Information\{4ec1765e-3ebd-11e1-b574-001dd9eb1240}{3808876b-c176-4e48-b7ae-04046e6cc752}
34: File (---) C:\System Volume Information\{8c705da4-2731-11e1-b4c4-001dd9eb1240}{3808876b-c176-4e48-b7ae-04046e6cc752}
38: File (---) C:\System Volume Information\{8c705da0-2731-11e1-b4c4-001dd9eb1240}{3808876b-c176-4e48-b7ae-04046e6cc752}
3C: File (---) C:\System Volume Information\{91e6f48e-28d3-11e1-8db4-001dd9eb1240}{3808876b-c176-4e48-b7ae-04046e6cc752}
40: File (---) C:\System Volume Information\{8c705dab-2731-11e1-b4c4-001dd9eb1240}{3808876b-c176-4e48-b7ae-04046e6cc752}
44: File (---) C:\System Volume Information\{8c705db2-2731-11e1-b4c4-001dd9eb1240}{3808876b-c176-4e48-b7ae-04046e6cc752}
4C: File (---) C:\System Volume Information\{760ad084-2f1b-11e1-8e04-001dd9eb1240}{3808876b-c176-4e48-b7ae-04046e6cc752}
50: File (---) C:\System Volume Information\{f97c4172-27f8-11e1-b601-001dd9eb1240}{3808876b-c176-4e48-b7ae-04046e6cc752}
5C: File (---) C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
64: File (---) C:\System Volume Information\{8c705d9c-2731-11e1-b4c4-001dd9eb1240}{3808876b-c176-4e48-b7ae-04046e6cc752}
74: File (RW-) \clfs
78: File (RWD) \clfs
7C: File (RWD) \clfs
80: File (RWD) C:\$Extend\$RmMetadata\$Txf
84: File (RWD) \clfs
88: File (R--) C:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000004
8C: File (R--) C:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000002
90: File (R--) C:\$Extend\$RmMetadata\$TxfLog\$TxfLog.blf
94: File (R--) \clfs
D8: File (---) C:\System Volume Information\{3a5f82db-33c1-11e1-9d12-001dd9eb1240}{3808876b-c176-4e48-b7ae-04046e6cc752}
DC: File (---) C:\System Volume Information\{1ba6af0c-3c0c-11e1-a30c-001dd9eb1240}{3808876b-c176-4e48-b7ae-04046e6cc752}
E4: File (R-D) C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
EC: File (---) C:\System Volume Information\{4d637ce5-3f95-11e1-b4cf-001dd9eb1240}{3808876b-c176-4e48-b7ae-04046e6cc752}
F0: File (---) C:\System Volume Information\{e4171a5e-3d98-11e1-b184-001dd9eb1240}{3808876b-c176-4e48-b7ae-04046e6cc752}
F4: File (---) C:\System Volume Information\{462cf46f-3a16-11e1-8f0b-001dd9eb1240}{3808876b-c176-4e48-b7ae-04046e6cc752}
100: File (---) C:\System Volume Information\{462cf47d-3a16-11e1-8f0b-001dd9eb1240}{3808876b-c176-4e48-b7ae-04046e6cc752}
114: File (R--) D:\$Extend\$RmMetadata\$TxfLog\$TxfLog.blf
134: File (RWD) \clfs
138: File (RWD) \clfs
13C: File (RWD) D:\$Extend\$RmMetadata\$Txf
140: File (R--) \clfs
144: File (RWD) \clfs
154: File (R--) C:\Windows\System32\config\TxR\{e8c9b366-2159-11e1-8b98-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
158: File (R--) D:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000001
15C: File (---) C:\Windows\bootstat.dat
160: File (R-D) C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
168: File (R--) D:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000002
170: File (-W-) C:\pagefile.sys
184: File (---) C:\Windows\System32\config\DEFAULT.LOG2
188: File (RW-) \clfs
18C: File (R-D) C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
190: File (R-D) C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
194: File (---) C:\Windows\System32\config\sam
198: File (---) C:\Windows\System32\config\security
19C: File (---) C:\Windows\System32\config\COMPONENTS.LOG1
1A0: File (---) C:\Windows\System32\config\components
1A4: File (---) C:\Windows\System32\config\software
1A8: File (---) C:\Windows\System32\config\system
1AC: File (---) C:\Windows\System32\config\default
1B0: File (---) C:\Windows\System32\config\SAM.LOG1
1B4: File (---) C:\Windows\System32\config\SECURITY.LOG1
1B8: File (---) C:\Windows\System32\config\SOFTWARE.LOG1
1BC: File (---) C:\Windows\System32\config\SECURITY.LOG2
1C0: File (---) C:\Windows\System32\config\COMPONENTS.LOG2
1C4: File (---) C:\Windows\System32\config\DEFAULT.LOG1
1C8: File (---) C:\Windows\System32\config\SAM.LOG2
1CC: File (---) C:\Windows\System32\config\SOFTWARE.LOG2
1D0: File (---) C:\Windows\System32\config\SYSTEM.LOG1
1D4: File (---) C:\Windows\System32\config\SYSTEM.LOG2
1EC: File (R--) C:\Windows\System32\config\TxR\{e8c9b366-2159-11e1-8b98-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
1F0: File (R--) C:\Windows\System32\config\TxR\{e8c9b366-2159-11e1-8b98-806e6f6e6963}.TM.blf
1F8: File (R--) C:\Windows\System32\Msdtc\KtmRmTm.blf
214: File (RWD) \clfs
218: File (RW-) \clfs
21C: File (R-D) C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.001
22C: File (---) C:\hiberfil.sys
230: File (---) C:\Boot\BCD
23C: File (---) C:\Boot\BCD.LOG
26C: File (R-D) C:\Windows\System32\en-US\win32k.sys.mui
28C: File (R-D) C:\Windows\tracing\kerberos\CORMACT-PC_kerberos_1_6_0_6002_2_0_Service Pack 2_300_6_0_6000_16386__vista_rtm_061101_2205_.etl
29C: File (R-D) C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTkerberos.etl
2A0: File (R-D) C:\Windows\System32\LogFiles\Scm\SCM.EVM
2AC: File (R--) C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TM.blf
2B0: File (RWD) C:
2C0: File (---) C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
2C4: File (---) C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
2C8: File (---) C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2
2CC: File (R--) C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
2D0: File (R--) C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
2D8: File (RWD) \clfs
2DC: File (RW-) \clfs
2F0: File (R--) C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TM.blf
2FC: File (---) C:\Windows\ServiceProfiles\LocalService\ntuser.dat
300: File (---) C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
304: File (---) C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2
30C: File (R--) C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
310: File (R--) C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
31C: File (RWD) \clfs
320: File (RW-) \clfs
354: File (---) C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
364: File (---) C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
3A0: File (R-D) C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl
4AC: File (R-D) C:\Windows\System32\SLsvc.exe
4B4: File (R-D) C:\Windows\System32\ntdll.dll
4BC: File (R-D) C:\Windows\System32\kernel32.dll
4C4: File (R-D) C:\Windows\System32\advapi32.dll
4CC: File (R-D) C:\Windows\System32\rpcrt4.dll
4D4: File (R-D) C:\Windows\System32\SLC.dll
4D8: File (R-D) C:\Windows\System32\msvcrt.dll
4E4: File (R-D) C:\Windows\System32\user32.dll
4EC: File (R-D) C:\Windows\System32\gdi32.dll
4F4: File (R-D) C:\Windows\System32\dnsapi.dll
4FC: File (R-D) C:\Windows\System32\ws2_32.dll
504: File (R-D) C:\Windows\System32\nsi.dll
50C: File (R-D) C:\Windows\System32\imm32.dll
514: File (R-D) C:\Windows\System32\msctf.dll
51C: File (R-D) C:\Windows\System32\lpk.dll
524: File (R-D) C:\Windows\System32\usp10.dll
534: File (R-D) C:\Windows\System32\rsaenh.dll
578: File (---) \Device\Mup
584: File (---) \Device\Mup
5AC: File (R-D) C:\Windows\System32\shell32.dll
5B4: File (R-D) C:\Windows\System32\shlwapi.dll
5BC: File (R-D) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
5C4: File (R-D) C:\Windows\System32\ole32.dll
5CC: File (R-D) C:\Windows\System32\userenv.dll
5D4: File (R-D) C:\Windows\System32\secur32.dll
5F0: File (RWD) C:\
778: File (R-D) C:\Windows\System32\wbem\Logs\WMITracing.log
77C: File (R-D) C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMuroc System Trace.etl
840: File (RWD) \clfs
848: File (RW-) \clfs
84C: File (R--) C:\Windows\System32\config\TxR\{e8c9b365-2159-11e1-8b98-806e6f6e6963}.TxR.1.regtrans-ms
874: File (R--) C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000001
884: File (---) C:\Windows\System32\config\RegBack\SECURITY
8EC: File (---) \clfs
908: File (---) C:\Windows\System32\config\RegBack\DEFAULT
934: File (---) C:\Windows\System32\config\RegBack\SAM
940: File (---) C:\Windows\System32\config\RegBack\SYSTEM
944: File (R--) C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000002
948: File (---) C:\Windows\System32\config\RegBack\COMPONENTS
950: File (---) C:\Windows\System32\config\RegBack\SOFTWARE
978: File (R--) C:\Users\cormact\ntuser.dat{e8c9b374-2159-11e1-8b98-001dd9eb1240}.TM.blf
980: File (---) C:\Users\cormact\ntuser.dat
984: File (---) C:\Users\cormact\ntuser.dat.LOG1
988: File (---) C:\Users\cormact\ntuser.dat.LOG2
98C: File (R--) C:\Users\cormact\ntuser.dat{e8c9b374-2159-11e1-8b98-001dd9eb1240}.TMContainer00000000000000000001.regtrans-ms
990: File (R--) C:\Users\cormact\ntuser.dat{e8c9b374-2159-11e1-8b98-001dd9eb1240}.TMContainer00000000000000000002.regtrans-ms
998: File (RWD) \clfs
99C: File (RW-) \clfs
9A8: File (R--) C:\Users\cormact\AppData\Local\Microsoft\Windows\UsrClass.dat{46fd7cc5-243e-11dd-a23c-001dd9eb1240}.TM.blf
9AC: File (---) C:\Users\cormact\AppData\Local\Microsoft\Windows\UsrClass.dat
9B0: File (---) C:\Users\cormact\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1
9B4: File (---) C:\Users\cormact\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2
9B8: File (R--) C:\Users\cormact\AppData\Local\Microsoft\Windows\UsrClass.dat{46fd7cc5-243e-11dd-a23c-001dd9eb1240}.TMContainer00000000000000000001.regtrans-ms
9BC: File (R--) C:\Users\cormact\AppData\Local\Microsoft\Windows\UsrClass.dat{46fd7cc5-243e-11dd-a23c-001dd9eb1240}.TMContainer00000000000000000002.regtrans-ms
9C4: File (RWD) \clfs
9C8: File (RW-) \clfs
9E8: File (R-D) C:\Windows\System32\spool\SpoolerETW.etl
A10: File (RWD) C:\Users\cormact\AppData\Local\VirtualStore
A44: File (RWD) C:\Users\cormact\AppData\Local\VirtualStore
A48: File (RWD) C:\
1D24: File (R--) C:\Windows\System32\config\TxR\{e8c9b365-2159-11e1-8b98-806e6f6e6963}.TxR.blf
1D30: File (R--) C:\Windows\System32\config\TxR\{e8c9b365-2159-11e1-8b98-806e6f6e6963}.TxR.0.regtrans-ms
1D38: File (R--) C:\Windows\System32\config\TxR\{e8c9b365-2159-11e1-8b98-806e6f6e6963}.TxR.2.regtrans-ms
------------------------------------------------------------------------------
smss.exe pid: 444 NT AUTHORITY\SYSTEM
4: File (RW-) C:\Windows
------------------------------------------------------------------------------
csrss.exe pid: 572 NT AUTHORITY\SYSTEM
8: File (RW-) C:\Windows\System32
28: Section \Windows\SharedSection
4C: File (R-D) C:\Windows\System32\en-US\csrss.exe.mui
16C: File (R-D) C:\Windows\System32\en-US\user32.dll.mui
------------------------------------------------------------------------------
wininit.exe pid: 640 NT AUTHORITY\SYSTEM
8: File (RW-) C:\Windows\System32
90: File (R-D) C:\Windows\System32\en-US\user32.dll.mui
------------------------------------------------------------------------------
csrss.exe pid: 652 NT AUTHORITY\SYSTEM
8: File (RW-) C:\Windows\System32
28: Section \Sessions\1\Windows\SharedSection
4DC: File (R-D) C:\Windows\System32\en-US\user32.dll.mui
8B0: File (R-D) C:\Windows\System32\en-US\kernel32.dll.mui
------------------------------------------------------------------------------
services.exe pid: 684 NT AUTHORITY\SYSTEM
8: File (RW-) C:\Windows\System32
------------------------------------------------------------------------------
lsass.exe pid: 712 NT AUTHORITY\SYSTEM
8: File (RW-) C:\Windows\System32
90: Section \BaseNamedObjects\Debug.Memory.2c8
C4: Section \LsaPerformance
1F8: Section \BaseNamedObjects\Debug.Trace.Memory.2c8
200: File (R-D) C:\Windows\System32\en-US\kerberos.dll.mui
2D8: File (RW-) C:\Windows\Debug\PASSWD.LOG
524: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
530: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
540: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773
544: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
554: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
558: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
55C: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
8F0: File (RWD) C:\Users\cormact\AppData\Local\Microsoft\Credentials
8F8: File (RWD) C:\Users\cormact\AppData\Roaming\Microsoft\Credentials
------------------------------------------------------------------------------
lsm.exe pid: 720 NT AUTHORITY\SYSTEM
8: File (RW-) C:\Windows\System32
------------------------------------------------------------------------------
svchost.exe pid: 872 NT AUTHORITY\SYSTEM
8: File (RW-) C:\Windows\System32
64: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui
320: Section \BaseNamedObjects\RotHintTable
3F0: Section \BaseNamedObjects\__ComCatalogCache__
40C: Section \BaseNamedObjects\{A64C7F33-DA35-459b-96CA-63B51FB0CDB9}
478: Section \BaseNamedObjects\__ComCatalogCache__
47C: Section \BaseNamedObjects\__ComCatalogCache__
------------------------------------------------------------------------------
svchost.exe pid: 932 NT AUTHORITY\NETWORK SERVICE
8: File (RW-) C:\Windows\System32
6C: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui
260: Section \BaseNamedObjects\__ComCatalogCache__
264: Section \BaseNamedObjects\__ComCatalogCache__
440: Section \BaseNamedObjects\RotHintTable
------------------------------------------------------------------------------
svchost.exe pid: 988 NT AUTHORITY\LOCAL SERVICE
8: File (RW-) C:\Windows\System32
6C: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui
78: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx
108: File (---) C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
214: File (R--) C:\Windows\System32\winevt\Logs\System.evtx
218: File (R--) C:\Windows\System32\winevt\Logs\Application.evtx
234: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx
23C: File (R--) C:\Windows\System32\winevt\Logs\Security.evtx
248: File (R--) C:\Windows\System32\winevt\Logs\Internet Explorer.evtx
24C: File (R--) C:\Windows\System32\winevt\Logs\Windows PowerShell.evtx
250: File (R--) C:\Windows\System32\winevt\Logs\Media Center.evtx
254: File (R--) C:\Windows\System32\winevt\Logs\Key Management Service.evtx
258: File (---) C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
25C: File (R--) C:\Windows\System32\winevt\Logs\HardwareEvents.evtx
260: File (R--) C:\Windows\System32\winevt\Logs\DFS Replication.evtx
280: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx
2A4: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
2D0: Section \BaseNamedObjects\__ComCatalogCache__
300: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx
37C: Section \BaseNamedObjects\mmGlobalPnpInfo
4E8: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx
4F0: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx
4F8: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx
534: Section \BaseNamedObjects\__ComCatalogCache__
574: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx
5A0: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx
5BC: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx
5D4: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx
60C: File (RW-) C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WindowsUpdate.log
61C: Section \BaseNamedObjects\windows_shell_global_counters
630: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx
634: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx
670: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx
69C: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx
6C0: File (R--) C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx
------------------------------------------------------------------------------
svchost.exe pid: 1012 NT AUTHORITY\SYSTEM
8: File (RW-) C:\Windows\System32
3C: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui
DC: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
F8: Section \BaseNamedObjects\__ComCatalogCache__
120: Section \BaseNamedObjects\__ComCatalogCache__
254: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773
2FC: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
3B8: File (R-D) C:\Windows\System32\en-US\kernel32.dll.mui
544: Section \BaseNamedObjects\windows_shell_global_counters
764: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
78C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
7A0: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
7A8: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
7C8: File (R--) C:\Windows\tracing\RASDLG.LOG
------------------------------------------------------------------------------
svchost.exe pid: 1024 NT AUTHORITY\SYSTEM
8: File (RW-) C:\Windows\System32
3C: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui
198: Section \BaseNamedObjects\SENS Information Cache
1F8: Section \BaseNamedObjects\__ComCatalogCache__
220: Section \BaseNamedObjects\__ComCatalogCache__
284: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436
298: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
3BC: File (R--) C:\Windows\Tasks\SCHEDLGU.TXT
3D4: File (RW-) C:
3DC: File (RW-) C:\Windows\Tasks
4D8: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
4E4: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
5A0: File (RWD) C:\Windows\System32\wbem\MOF
67C: File (R--) C:\Windows\System32\wbem\repository\MAPPING2.MAP
680: File (R--) C:\Windows\System32\wbem\repository\MAPPING1.MAP
684: File (R--) C:\Windows\System32\wbem\repository\OBJECTS.DATA
688: File (R--) C:\Windows\System32\wbem\repository\INDEX.BTR
6A4: Section \BaseNamedObjects\Wmi Provider Sub System Counters
AC8: File (R--) C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
BF0: Section \BaseNamedObjects\MMF_BITS_s
BF4: Section \BaseNamedObjects\windows_shell_global_counters
C20: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
C40: File (R--) C:\Windows\tracing\RASTAPI.LOG
C54: File (R--) C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C64: File (R--) C:\Windows\tracing\tapi32.LOG
CE0: File (R--) C:\Windows\tracing\RASQEC.LOG
D00: File (R--) C:\Windows\tracing\RASMAN.LOG
D28: File (R--) C:\Windows\tracing\PPP.LOG
D38: File (R--) C:\Windows\tracing\BAP.LOG
D64: File (R--) C:\Windows\tracing\RASPAP.LOG
D74: File (R--) C:\Windows\tracing\RASEAP.LOG
D84: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
D94: File (R--) C:\Windows\tracing\svchost_RASTLS.LOG
D9C: File (R--) C:\Windows\tracing\RASCCP.LOG
DA4: File (R-D) C:\Windows\System32\en-US\rastls.dll.mui
DA8: File (R-D) C:\Windows\System32\en-US\raschap.dll.mui
DBC: File (R--) C:\Windows\tracing\svchost_RASCHAP.LOG
DCC: File (R--) C:\Windows\tracing\RASBACP.LOG
DEC: File (R--) C:\Windows\tracing\RASIPHLP.LOG
E04: File (R--) C:\Windows\tracing\RASIPCP.LOG
E14: File (R--) C:\Windows\tracing\RASIPV6CP.LOG
E80: File (R-D) C:\Windows\System32\en-US\kernel32.dll.mui
F48: File (R--) C:\Windows\SoftwareDistribution\ReportingEvents.log
FE4: File (RW-) C:\Windows\WindowsUpdate.log
12C8: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
------------------------------------------------------------------------------
audiodg.exe pid: 1112 \<unable to open process>
4: File (RW-) C:\Windows
34: File (R-D) C:\Windows\System32\en-US\audiodg.exe.mui
EC: Section \BaseNamedObjects\__ComCatalogCache__
124: Section \BaseNamedObjects\__ComCatalogCache__
210: Section \BaseNamedObjects\windows_shell_global_counters
------------------------------------------------------------------------------
svchost.exe pid: 1132 NT AUTHORITY\SYSTEM
8: File (RW-) C:\Windows\System32
3C: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui
------------------------------------------------------------------------------
SLsvc.exe pid: 1156 NT AUTHORITY\NETWORK SERVICE
8: File (RW-) C:\Windows\System32
DC: File (RWD) C:\Windows\System32
100: File (R--) C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
130: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
150: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
160: Section \BaseNamedObjects\windows_shell_global_counters
------------------------------------------------------------------------------
svchost.exe pid: 1176 NT AUTHORITY\LOCAL SERVICE
8: File (RW-) C:\Windows\System32
3C: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui
10C: Section \BaseNamedObjects\__ComCatalogCache__
214: File (---) \Device\Mup
274: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
2B0: Section \BaseNamedObjects\__ComCatalogCache__
378: File (R-D) C:\Windows\System32\en-US\kernel32.dll.mui
510: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
6D4: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
------------------------------------------------------------------------------
winlogon.exe pid: 1292 NT AUTHORITY\SYSTEM
8: File (RW-) C:\Windows\System32
98: File (R-D) C:\Windows\System32\en-US\user32.dll.mui
------------------------------------------------------------------------------
svchost.exe pid: 1352 NT AUTHORITY\NETWORK SERVICE
8: File (RW-) C:\Windows\System32
3C: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui
160: File (RWD) C:\Windows\System32\drivers\etc
284: Section \BaseNamedObjects\__ComCatalogCache__
290: Section \BaseNamedObjects\__ComCatalogCache__
2B0: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
59C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
5A0: Section \BaseNamedObjects\windows_shell_global_counters
5B8: File (RWD) C:\Users\cormact\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
5CC: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
5F0: File (R--) C:\Windows\tracing\tapisrv.LOG
668: File (R--) C:\Windows\tracing\KMDDSP.LOG
728: File (R--) C:\Windows\tracing\NDPTSP.LOG
7C4: File (R-D) C:\Windows\System32\en-US\hidphone.tsp.mui
888: File (---) C:\Windows\System32\catroot2\edb.log
898: File (---) C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
8A0: File (---) C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
------------------------------------------------------------------------------
wlanext.exe pid: 1512 NT AUTHORITY\SYSTEM
8: File (RW-) C:\Windows\System32
38: File (R-D) C:\Windows\System32\en-US\wlanext.exe.mui
134: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436
18C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
1A8: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
1B4: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773
29C: Section \BaseNamedObjects\{8A7ECA6A-FA03-4578-9037-A970D4F60B18}
2DC: Section \BaseNamedObjects\LoudonIWMSInterface_Vista
338: Section \BaseNamedObjects\{CD9DB0FB-E7F1-46fc-AAE5-ED539EFDB118}
33C: Section \BaseNamedObjects\{3E0A4509-B2A4-4328-8DE0-33FBF8FBAA0F}
340: Section \BaseNamedObjects\{29488612-CDEB-486e-A426-92220D0B9291}
364: Section \BaseNamedObjects\__ComCatalogCache__
370: Section \BaseNamedObjects\__ComCatalogCache__
3BC: File (R-D) C:\Windows\System32\en-US\odbcji32.dll.mui
590: Section \BaseNamedObjects\windows_shell_global_counters
5F8: File (RWD) C:\Program Files\Common Files
------------------------------------------------------------------------------
spoolsv.exe pid: 1608 NT AUTHORITY\SYSTEM
8: File (RW-) C:\Windows\System32
184: Section \BaseNamedObjects\__ComCatalogCache__
188: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
228: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
2E4: Section \BaseNamedObjects\__ComCatalogCache__
2FC: File (R-D) C:\Windows\System32\en-US\kernel32.dll.mui
348: File (R-D) C:\Windows\System32\en-US\usbmon.dll.mui
------------------------------------------------------------------------------
upeksvr.exe pid: 1820 NT AUTHORITY\SYSTEM
8: File (RW-) C:\Program Files\Fingerprint Reader Suite
10: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
38: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
44: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
54: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
78: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
7C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773
80: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
94: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
BC: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
D0: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
DC: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
108: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
10C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
19C: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
1E8: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
210: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
234: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
40C: File (R-D) C:\Windows\System32\en-US\kernel32.dll.mui
------------------------------------------------------------------------------
ACService.exe pid: 1164 NT AUTHORITY\SYSTEM
8: File (RW-) C:\Windows\System32
3C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
58: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
9C: Section \BaseNamedObjects\windows_shell_global_counters
------------------------------------------------------------------------------
armsvc.exe pid: 632 NT AUTHORITY\SYSTEM
8: File (RW-) C:\Windows\System32
10: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
40: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
5C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
------------------------------------------------------------------------------
AEstSrv.exe pid: 1340 NT AUTHORITY\SYSTEM
8: File (RW-) C:\Windows\System32
------------------------------------------------------------------------------
svchost.exe pid: 1456 NT AUTHORITY\LOCAL SERVICE
8: File (RW-) C:\Windows\System32
60: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui
------------------------------------------------------------------------------
svchost.exe pid: 1808 NT AUTHORITY\LOCAL SERVICE
8: File (RW-) C:\Windows\System32
64: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui
B0: Section \BaseNamedObjects\__ComCatalogCache__
B4: Section \BaseNamedObjects\__ComCatalogCache__
BC: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
12C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
1B8: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
1BC: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
1C8: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
1F8: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
1FC: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
220: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
------------------------------------------------------------------------------
EvtEng.exe pid: 1844 NT AUTHORITY\SYSTEM
8: File (RW-) C:\Windows\System32
10: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436
7C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
98: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
118: Section \BaseNamedObjects\__ComCatalogCache__
154: Section \BaseNamedObjects\__ComCatalogCache__
194: File (R-D) C:\Windows\System32\en-US\odbcji32.dll.mui
270: Section \BaseNamedObjects\windows_shell_global_counters
2F4: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773
338: File (RWD) C:\Program Files\Intel\Wireless\AutoImport
------------------------------------------------------------------------------
svchost.exe pid: 2032 NT AUTHORITY\LOCAL SERVICE
8: File (RW-) C:\Windows\System32
60: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui
E4: Section \BaseNamedObjects\HPZinw12.dllCommandMapPort
------------------------------------------------------------------------------
svchost.exe pid: 528 NT AUTHORITY\LOCAL SERVICE
8: File (RW-) C:\Windows\System32
60: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui
D4: Section \BaseNamedObjects\HPZipm12.exeCommandMapPort
------------------------------------------------------------------------------
RegSrvc.exe pid: 756 NT AUTHORITY\SYSTEM
8: File (RW-) C:\Windows\System32
C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436
74: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
90: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
E8: Section \BaseNamedObjects\__ComCatalogCache__
------------------------------------------------------------------------------
stacsv.exe pid: 2088 NT AUTHORITY\SYSTEM
8: File (RW-) C:\Windows\System32
170: Section \BaseNamedObjects\__ComCatalogCache__
17C: Section \BaseNamedObjects\__ComCatalogCache__
1F0: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
------------------------------------------------------------------------------
svchost.exe pid: 2120 NT AUTHORITY\LOCAL SERVICE
8: File (RW-) C:\Windows\System32
4C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436
68: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui
8C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
A8: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
CC: File (RW-) C:\Windows\Debug\WIA\wiatrace.log
17C: Section \BaseNamedObjects\__ComCatalogCache__
188: Section \BaseNamedObjects\__ComCatalogCache__
1C0: File (R-D) C:\Windows\System32\en-US\kernel32.dll.mui
------------------------------------------------------------------------------
svchost.exe pid: 2148 NT AUTHORITY\SYSTEM
8: File (RW-) C:\Windows\System32
8C: Section \...\WerTargetListTable
A8: File (RWD) C:\Windows\System32
D8: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui
118: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
134: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
138: Section \BaseNamedObjects\windows_shell_global_counters
------------------------------------------------------------------------------
WLIDSVC.EXE pid: 2172 NT AUTHORITY\SYSTEM
8: File (RW-) C:\Windows\System32
5C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
BC: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
150: Section \BaseNamedObjects\__ComCatalogCache__
1E0: Section \BaseNamedObjects\windows_shell_global_counters
1F4: Section \BaseNamedObjects\__ComCatalogCache__
204: File (R-D) C:\Windows\System32\en-US\kernel32.dll.mui
580: File (RWD) C:\Users\cormact\AppData\Roaming\Microsoft\SystemCertificates\My
------------------------------------------------------------------------------
WLIDSVCM.EXE pid: 2276 NT AUTHORITY\SYSTEM
8: File (RW-) C:\Windows\System32
3C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
58: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
------------------------------------------------------------------------------
dwm.exe pid: 2800 cormact-PC\cormact
8: File (RW-) C:\Windows\System32
1CC: File (R-D) C:\Windows\System32\en-US\user32.dll.mui
------------------------------------------------------------------------------
taskeng.exe pid: 2844 cormact-PC\cormact
8: File (RW-) C:\Windows\System32
3C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
58: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
130: Section \BaseNamedObjects\__ComCatalogCache__
1C8: Section \BaseNamedObjects\__ComCatalogCache__
2C8: File (RW-) C:\Windows\System32
30C: Section \BaseNamedObjects\mmGlobalPnpInfo
3B0: Section \Sessions\1\BaseNamedObjects\CTF.AsmListCache.FMPDefaultS-1-5-21-1305091848-4078153160-3836742915-1000
56C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
5E8: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
------------------------------------------------------------------------------
explorer.exe pid: 2908 cormact-PC\cormact
8: File (RW-) C:\Windows\System32
C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773
40: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
5C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
88: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
B8: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
E8: Section \BaseNamedObjects\__ComCatalogCache__
EC: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
F8: Section \BaseNamedObjects\__ComCatalogCache__
FC: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
104: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
110: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
114: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
1D0: Section \BaseNamedObjects\windows_shell_global_counters
224: File (RWD) C:\Users\cormact\AppData\Local\Microsoft\Windows\Burn
228: File (RWD) C:\Users\cormact\AppData\Local\Microsoft\Windows\Burn
278: File (RWD) C:\Users\cormact\Desktop
280: File (RWD) C:\Users\cormact\Desktop
284: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
2D0: File (RWD) C:\Users\cormact\AppData\Roaming\Microsoft\Windows\Start Menu
2D4: File (RWD) C:\Users\cormact\AppData\Roaming\Microsoft\Windows\Start Menu
2E0: File (RWD) C:\ProgramData\Microsoft\Windows\Start Menu
2E4: File (RWD) C:\ProgramData\Microsoft\Windows\Start Menu
304: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
318: File (RWD) C:\Users\cormact\AppData\Local\Microsoft\Windows\GameExplorer
32C: File (RWD) C:\Users\cormact\AppData\Local\Microsoft\Windows\GameExplorer
340: Section \BaseNamedObjects\mmGlobalPnpInfo
378: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
3B8: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
3E4: File (R-D) C:\Windows\System32\en-US\kernel32.dll.mui
444: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
454: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
45C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
4C8: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
4EC: File (R-D) C:\Windows\System32\en-US\WLanConn.dll.mui
578: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.6001.18000_en-us_72e6f33f34dfabb9
57C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
584: File (R-D) C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.6001.18000_en-us_72e6f33f34dfabb9\comctl32.dll.mui
624: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
66C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
6D4: File (RWD) C:\Users\cormact\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
6D8: File (RWD) C:\Users\cormact\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
6F4: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
730: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
738: File (R-D) C:\Windows\System32\en-US\imageres.dll.mui
73C: Section \Sessions\1\BaseNamedObjects\windows_ie_global_counters
750: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
7C8: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
818: Section \Sessions\1\BaseNamedObjects\C:_Users_cormact_AppData_Local_Microsoft_Windows_Temporary Internet Files_Content.IE5_index.dat_1146880
81C: File (RW-) C:\Users\cormact\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
828: Section \Sessions\1\BaseNamedObjects\C:_Users_cormact_AppData_Roaming_Microsoft_Windows_Cookies_index.dat_32768
82C: File (RW-) C:\Users\cormact\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
830: File (RW-) C:\Users\cormact\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
838: Section \Sessions\1\BaseNamedObjects\C:_Users_cormact_AppData_Local_Microsoft_Windows_History_History.IE5_index.dat_294912
840: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
85C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
894: File (RWD) C:\Users\cormact\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
898: File (RWD) C:\Users\cormact\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
974: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
980: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
9D0: Section \Sessions\1\BaseNamedObjects\UrlZonesSM_cormact
9F0: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
A4C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
AAC: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
AF0: File (R-D) C:\Windows\System32\en-US\sendmail.dll.mui
B48: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
B64: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
BF4: Section \BaseNamedObjects\RotHintTable
C64: File (R-D) C:\Windows\System32\en-US\user32.dll.mui
C6C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
------------------------------------------------------------------------------
SynTPEnh.exe pid: 3408 cormact-PC\cormact
8: File (RW-) C:\Windows\System32
10: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436
6C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
88: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
B0: Section \BaseNamedObjects\__ComCatalogCache__
B8: Section \BaseNamedObjects\__ComCatalogCache__
D0: Section \Sessions\1\BaseNamedObjects\SynAPIArena
100: Section \Sessions\1\BaseNamedObjects\SynTPAPIMemMap
------------------------------------------------------------------------------
OEM02Mon.exe pid: 3420 cormact-PC\cormact
8: File (RW-) C:\Windows\System32
3C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
114: File (R-D) C:\Windows\System32\en-US\user32.dll.mui
------------------------------------------------------------------------------
wmdc.exe pid: 3428 cormact-PC\cormact
8: File (RW-) C:\Windows\System32
34: File (R-D) C:\Windows\WindowsMobile\en-US\wmdc.exe.mui
40: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
5C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
128: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
144: Section \BaseNamedObjects\__ComCatalogCache__
168: Section \BaseNamedObjects\__ComCatalogCache__
220: Section \BaseNamedObjects\RotHintTable
------------------------------------------------------------------------------
PCMService.exe pid: 3472 cormact-PC\cormact
8: File (RW-) C:\Windows\System32
44: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
B4: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
C0: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
FC: Section \BaseNamedObjects\__ComCatalogCache__
184: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
194: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
19C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
1A4: Section \BaseNamedObjects\__ComCatalogCache__
1D0: File (RWD) C:\Users\cormact\Contacts
1F8: File (R-D) C:\Windows\System32\en-US\kernel32.dll.mui
21C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
------------------------------------------------------------------------------
sttray.exe pid: 3480 cormact-PC\cormact
8: File (RW-) C:\Windows\System32
10: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436
68: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
8C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
C8: Section \BaseNamedObjects\__ComCatalogCache__
D0: Section \BaseNamedObjects\__ComCatalogCache__
------------------------------------------------------------------------------
ACDaemon.exe pid: 3488 cormact-PC\cormact
5C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
80: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
88: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
D4: File (RW-) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin
F8: Section \Sessions\1\BaseNamedObjects\ArcUpdateService_CmdLineMap_20080627
12C: File (RW-) C:\Users\cormact\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
130: Section \Sessions\1\BaseNamedObjects\C:_Users_cormact_AppData_Local_Microsoft_Windows_Temporary Internet Files_Content.IE5_index.dat_1146880
138: File (RW-) C:\Users\cormact\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
13C: Section \Sessions\1\BaseNamedObjects\C:_Users_cormact_AppData_Roaming_Microsoft_Windows_Cookies_index.dat_32768
144: File (RW-) C:\Users\cormact\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
148: Section \Sessions\1\BaseNamedObjects\C:_Users_cormact_AppData_Local_Microsoft_Windows_History_History.IE5_index.dat_294912
14C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
1E4: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
------------------------------------------------------------------------------
rundll32.exe pid: 3512 cormact-PC\cormact
8: File (RW-) C:\Windows\System32
3C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
58: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
------------------------------------------------------------------------------
BrStMonW.exe pid: 3520 cormact-PC\cormact
8: File (RW-) C:\Windows\System32
C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
6C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
88: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
C8: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
E8: File (RWD) C:\
140: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
144: Section \BaseNamedObjects\__ComCatalogCache__
14C: Section \BaseNamedObjects\__ComCatalogCache__
1C8: File (RWD) C:\
------------------------------------------------------------------------------
realsched.exe pid: 3548 cormact-PC\cormact
8: File (RW-) C:\Windows\System32
5C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
78: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
90: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
D0: Section \BaseNamedObjects\windows_shell_global_counters
104: Section \BaseNamedObjects\__ComCatalogCache__
158: Section \BaseNamedObjects\__ComCatalogCache__
164: Section \BaseNamedObjects\RotHintTable
------------------------------------------------------------------------------
jusched.exe pid: 3556 cormact-PC\cormact
8: File (RW-) C:\Windows\System32
3C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
80: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
------------------------------------------------------------------------------
ehtray.exe pid: 3572 cormact-PC\cormact
8: File (RW-) C:\Windows\System32
3C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
58: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
118: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
124: Section \BaseNamedObjects\windows_shell_global_counters
12C: Section \BaseNamedObjects\__ComCatalogCache__
134: Section \BaseNamedObjects\__ComCatalogCache__
------------------------------------------------------------------------------
Skype.exe pid: 3580 cormact-PC\cormact
78: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
84: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
A8: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
150: File (R-D) C:\Windows\System32\en-US\user32.dll.mui
158: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773
1B4: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
1C0: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
1D4: File (R-D) C:\Program Files\Skype\Phone\Skype.exe
1E0: Section \BaseNamedObjects\__ComCatalogCache__
1E4: Section \BaseNamedObjects\__ComCatalogCache__
1FC: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
208: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
20C: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
230: Section \BaseNamedObjects\windows_shell_global_counters
254: File (RW-) C:\Program Files\Skype\Phone
2AC: File (RWD) C:\Users\cormact\AppData\Roaming\Skype
38C: File (---) C:\Users\cormact\AppData\Roaming\Skype\shared_dynco\dc.lock
3A0: File (R--) C:\Users\cormact\AppData\Roaming\Skype\shared_dynco\dc.db
3A4: File (-W-) C:\Users\cormact\AppData\Roaming\Skype\shared_dynco\dc.db
3AC: File (R--) C:\Users\cormact\AppData\Roaming\Skype\shared_dynco\dc.db-journal
3B0: File (-W-) C:\Users\cormact\AppData\Roaming\Skype\shared_dynco\dc.db-journal
3CC: File (---) C:\Users\cormact\AppData\Roaming\Skype\shared_httpfe\queue.lock
404: File (R--) C:\Users\cormact\AppData\Roaming\Skype\shared_httpfe\queue.db
408: File (-W-) C:\Users\cormact\AppData\Roaming\Skype\shared_httpfe\queue.db
448: File (RW-) C:\Users\cormact\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
44C: Section \Sessions\1\BaseNamedObjects\C:_Users_cormact_AppData_Local_Microsoft_Windows_Temporary Internet Files_Content.IE5_index.dat_1146880
454: File (RW-) C:\Users\cormact\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
458: Section \Sessions\1\BaseNamedObjects\C:_Users_cormact_AppData_Roaming_Microsoft_Windows_Cookies_index.dat_32768
460: File (RW-) C:\Users\cormact\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
464: Section \Sessions\1\BaseNamedObjects\C:_Users_cormact_AppData_Local_Microsoft_Windows_History_History.IE5_index.dat_294912
468: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
498: File (R-D) C:\Windows\System32\iepeers.dll
534: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.6001.18000_en-us_72e6f33f34dfabb9
538: File (R-D) C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.6001.18000_en-us_72e6f33f34dfabb9\comctl32.dll.mui
54C: File (---) C:\Users\cormact\AppData\Roaming\Skype\cormac.terry\keyval.lock
558: File (RWD) C:\Users\cormact\AppData\Roaming\Skype\cormac.terry
564: File (---) C:\Users\cormact\AppData\Roaming\Skype\cormac.terry\main.lock
568: File (R--) C:\Users\cormact\AppData\Roaming\Skype\cormac.terry\main.db
56C: File (-W-) C:\Users\cormact\AppData\Roaming\Skype\cormac.terry\main.db
570: File (R--) C:\Users\cormact\AppData\Roaming\Skype\cormac.terry\keyval.db
574: File (R--) C:\Users\cormact\AppData\Roaming\Skype\cormac.terry\main.db-journal
578: File (-W-) C:\Users\cormact\AppData\Roaming\Skype\cormac.terry\main.db-journal
57C: File (R--) C:\Users\cormact\AppData\Roaming\Skype\temp-cbsn4Qhh3VyNlcpwlj3FVetm
580: File (-W-) C:\Users\cormact\AppData\Roaming\Skype\temp-cbsn4Qhh3VyNlcpwlj3FVetm
584: File (-W-) C:\Users\cormact\AppData\Roaming\Skype\temp-eNpFO7myo07fllXNP5pOlEDg
588: File (R--) C:\Users\cormact\AppData\Roaming\Skype\temp-eNpFO7myo07fllXNP5pOlEDg
58C: File (-W-) C:\Users\cormact\AppData\Roaming\Skype\cormac.terry\keyval.db
5A0: File (R--) C:\Users\cormact\AppData\Roaming\Skype\cormac.terry\keyval.db-journal
5A4: File (-W-) C:\Users\cormact\AppData\Roaming\Skype\cormac.terry\keyval.db-journal
5C0: File (---) C:\Users\cormact\AppData\Roaming\Skype\cormac.terry\griffin.lock
5C8: File (R--) C:\Users\cormact\AppData\Roaming\Skype\cormac.terry\griffin.db
5CC: File (-W-) C:\Users\cormact\AppData\Roaming\Skype\cormac.terry\griffin.db
638: File (---) C:\Users\cormact\AppData\Roaming\Skype\cormac.terry\bistats.lock
63C: File (R--) C:\Users\cormact\AppData\Roaming\Skype\cormac.terry\bistats.db
640: File (-W-) C:\Users\cormact\AppData\Roaming\Skype\cormac.terry\bistats.db
644: File (R--) C:\Users\cormact\AppData\Roaming\Skype\cormac.terry\bistats.db-journal
648: File (-W-) C:\Users\cormact\AppData\Roaming\Skype\cormac.terry\bistats.db-journal
664: File (R--) C:\Users\cormact\AppData\Roaming\Skype\cormac.terry\chatsync\1d\1de8c7c80e545bb3.dat
70C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
784: File (-W-) C:\Users\cormact\AppData\Roaming\Skype\cormac.terry\dc.db-journal
79C: File (R--) C:\Users\cormact\AppData\Roaming\Skype\cormac.terry\dc.db-journal
7AC: File (-W-) C:\Users\cormact\AppData\Roaming\Skype\cormac.terry\dc.db
7B0: File (R--) C:\Users\cormact\AppData\Roaming\Skype\cormac.terry\dc.db
840: File (R--) C:\Windows\tracing\RASAPI32.LOG
864: Section \Sessions\1\BaseNamedObjects\!PrivacIE!SharedMem!Counter
8BC: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
8C0: Section \Sessions\1\BaseNamedObjects\windows_ie_global_counters
8DC: File (R-D) C:\Windows\System32\ieframe.dll
974: File (RWD) C:\Windows\System32\mshtml.tlb
99C: Section \Sessions\1\BaseNamedObjects\UrlZonesSM_cormact
9D8: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
9E8: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
A28: File (RWD) C:\Users\cormact\AppData\Roaming\Microsoft\SystemCertificates\My
AD0: File (RW-) C:\Users\cormact\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ISSTKIZZ\home[2].htm
B50: File (RWD) C:\Users\cormact\AppData\Roaming\Microsoft\SystemCertificates\My
B9C: File (R-D) C:\Windows\System32\en-US\kernel32.dll.mui
BA8: Section \BaseNamedObjects\mmGlobalPnpInfo
BB8: Section \Sessions\1\BaseNamedObjects\MacromediaFMOmega
C28: File (R-D) C:\Windows\System32\en-US\jscript9.dll.mui
C44: File (R-D) C:\Windows\System32\stdole2.tlb
C50: Section \BaseNamedObjects\RotHintTable
C8C: Section \Sessions\1\BaseNamedObjects\MSIMGSIZECacheMap
CA4: File (RW-) C:\Users\cormact\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GPAQP8B5\index-combined[1].css
CB4: File (R-D) C:\Windows\System32\Macromed\Flash\Flash11c.ocx
D14: File (RW-) C:\Users\cormact\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ISSTKIZZ\ads-in-client[2].js
D24: File (R-D) C:\Windows\System32\dxtmsft.dll
D2C: Section \Sessions\1\BaseNamedObjects\MacromediaFMOmega
D44: File (R-D) C:\Windows\System32\dxtrans.dll
DB0: File (RW-) C:\Users\cormact\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5993UW14\frame-hider[2].htm
DB4: File (RW-) C:\Users\cormact\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2S6F8F1H\xd_proxy[1].htm
E7C: File (R--) C:\Users\cormact\AppData\Roaming\Skype\cormac.terry\chatsync\25\251f0d3d53fd09fc.dat
EC8: Section \Sessions\1\BaseNamedObjects\VIDEOMEMORY
F08: Section \Sessions\1\BaseNamedObjects\AMResourceMapping3-0000-0x000578
1054: File (RW-) C:\Users\cormact\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5GNGS2T2\facebook[1].htm
1084: Section \Sessions\1\BaseNamedObjects\MacromediaFMOmega
------------------------------------------------------------------------------
BTTray.exe pid: 3596 cormact-PC\cormact
8: File (RW-) C:\Windows\System32
C: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
10: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f
18: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
1C: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f
20: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f
24: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f
28: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
2C: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
30: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
68: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
6C: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3
C4: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
EC: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
114: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
11C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
130: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
134: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f
148: File (R-D) C:\Windows\System32\en-US\btrez.dll.mui
150: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
1D0: Section \BaseNamedObjects\__ComCatalogCache__
1D8: Section \BaseNamedObjects\__ComCatalogCache__
------------------------------------------------------------------------------
Monitor.exe pid: 3604 cormact-PC\cormact
8: File (RW-) C:\Windows\System32
C: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f
18: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
1C: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
20: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
54: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
70: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
94: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3
B0: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
BC: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
F4: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
F8: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773
11C: Section \BaseNamedObjects\__ComCatalogCache__
120: Section \BaseNamedObjects\__ComCatalogCache__
2F8: File (R-D) C:\Windows\System32\en-US\kernel32.dll.mui
------------------------------------------------------------------------------
quickset.exe pid: 3612 cormact-PC\cormact
8: File (RW-) C:\Program Files\Dell\QuickSet
C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773
10: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
44: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
A4: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
CC: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
F0: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
108: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
1B4: Section \BaseNamedObjects\__ComCatalogCache__
1D0: Section \BaseNamedObjects\__ComCatalogCache__
220: Section \Sessions\1\BaseNamedObjects\HWCONFIG_SHARED_MEM_OBJ
298: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
2B0: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
------------------------------------------------------------------------------
soffice.exe pid: 3664 cormact-PC\cormact
8: File (RW-) C:\Program Files\OpenOffice.org 3\program
C: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
40: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
5C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
------------------------------------------------------------------------------
svchost.exe pid: 3700 NT AUTHORITY\LOCAL SERVICE
8: File (RW-) C:\Windows\System32
3C: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui
10C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
1BC: Section \BaseNamedObjects\__ComCatalogCache__
204: File (R-D) C:\Windows\System32\en-US\ws2_32.dll.mui
244: Section \BaseNamedObjects\__ComCatalogCache__
------------------------------------------------------------------------------
ArcCon.ac pid: 3752 cormact-PC\cormact
8: File (RW-) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin
C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436
10: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773
6C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
90: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
DC: File (RWD) C:\Windows\System32\spool\drivers\color
E4: File (R--) C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm
F0: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
120: Section \BaseNamedObjects\__ComCatalogCache__
124: Section \BaseNamedObjects\__ComCatalogCache__
13C: File (R-D) C:\Windows\System32\en-US\kernel32.dll.mui
14C: File (R--) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\UI\ExternalMenu.aui
164: File (R--) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\UI\ArcConRes.aui
188: File (RW-) C:\Users\cormact\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
18C: Section \Sessions\1\BaseNamedObjects\C:_Users_cormact_AppData_Local_Microsoft_Windows_Temporary Internet Files_Content.IE5_index.dat_1146880
194: File (RW-) C:\Users\cormact\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
198: Section \Sessions\1\BaseNamedObjects\C:_Users_cormact_AppData_Roaming_Microsoft_Windows_Cookies_index.dat_32768
1A0: File (RW-) C:\Users\cormact\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
1A4: Section \Sessions\1\BaseNamedObjects\C:_Users_cormact_AppData_Local_Microsoft_Windows_History_History.IE5_index.dat_294912
1A8: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
234: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
------------------------------------------------------------------------------
soffice.bin pid: 3852 cormact-PC\cormact
8: File (RW-) C:\Program Files\OpenOffice.org 3\program
C: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
10: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
18: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
1C: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
20: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
24: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
28: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
2C: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
30: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
34: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
38: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
3C: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
40: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
44: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
48: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
4C: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
50: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
54: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
58: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
5C: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
60: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
64: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
68: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773
6C: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
70: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
74: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
78: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
7C: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
80: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
84: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
88: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
8C: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
90: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
94: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
C4: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
118: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
158: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
15C: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
170: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
174: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
178: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
17C: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
180: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
198: File (R--) C:\Program Files\OpenOffice.org 3\Basis\program\resource\fween-US.res
19C: File (R--) C:\Program Files\OpenOffice.org 3\Basis\program\resource\ofaen-US.res
1A0: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
1B4: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
1B8: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
1C0: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
200: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
208: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
20C: File (R--) C:\Program Files\OpenOffice.org 3\Basis\program\resource\sfxen-US.res
210: File (R--) C:\Program Files\OpenOffice.org 3\program\resource\oooen-US.res
214: File (R--) C:\Program Files\OpenOffice.org 3\Basis\program\resource\stten-US.res
218: File (R--) C:\Program Files\OpenOffice.org 3\Basis\program\resource\sben-US.res
224: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
228: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
22C: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
230: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
234: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
238: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
23C: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
240: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
244: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
248: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
24C: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
258: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
25C: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
260: File (RW-) C:\Program Files\OpenOffice.org 3\Basis\share\config\images.zip
264: File (RW-) C:\Program Files\OpenOffice.org 3\share\config\images_brand.zip
268: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
26C: File (R--) C:\Program Files\OpenOffice.org 3\Basis\program\resource\vclen-US.res
27C: File (R--) C:\Program Files\OpenOffice.org 3\Basis\program\resource\svten-US.res
288: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
28C: Section \BaseNamedObjects\windows_shell_global_counters
2B0: Section \BaseNamedObjects\__ComCatalogCache__
2B4: Section \BaseNamedObjects\__ComCatalogCache__
2DC: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
2F8: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
300: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
310: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
314: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
320: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
33C: File (R--) C:\Users\cormact\AppData\Roaming\OpenOffice.org\3\user\org.openoffice.oooimprovement.Core.UiEventsLogger.log
344: File (R--) C:\Users\cormact\AppData\Roaming\OpenOffice.org\3\user\temp\Feedback\Current.csv
348: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
34C: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
350: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
354: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
358: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
35C: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
360: File (R--) C:\Program Files\OpenOffice.org 3\Basis\program\resource\scen-US.res
364: File (R--) C:\Program Files\OpenOffice.org 3\Basis\program\resource\svxen-US.res
368: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
36C: File (R--) C:\Program Files\OpenOffice.org 3\Basis\program\resource\editengen-US.res
370: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
390: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
394: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
398: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
3A8: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
3B0: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
3B4: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
3B8: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
3BC: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
3C0: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
3C4: File (R--) C:\Users\cormact\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\log.txt
3C8: File (R--) C:\Program Files\OpenOffice.org 3\Basis\program\resource\deploymenten-US.res
3CC: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
3D4: File (RWD) C:\Users\cormact\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\registry\com.sun.star.comp.deployment.configuration.PackageRegistryBackend\registered_packages.db
3D8: File (RWD) C:\Users\cormact\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\registry\com.sun.star.comp.deployment.configuration.PackageRegistryBackend\registered_packages.db
3DC: File (RWD) C:\Users\cormact\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages.db
3E0: File (RWD) C:\Users\cormact\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages.db
3E4: File (R--) C:\Users\cormact\AppData\Roaming\OpenOffice.org\3\user\extensions\shared\log.txt
3E8: File (RWD) C:\Users\cormact\AppData\Roaming\OpenOffice.org\3\user\extensions\shared\registry\com.sun.star.comp.deployment.configuration.PackageRegistryBackend\registered_packages.db
3EC: File (RWD) C:\Users\cormact\AppData\Roaming\OpenOffice.org\3\user\extensions\shared\registry\com.sun.star.comp.deployment.configuration.PackageRegistryBackend\registered_packages.db
3F0: File (RWD) C:\Users\cormact\AppData\Roaming\OpenOffice.org\3\user\extensions\shared\extensions.db
3F4: File (RWD) C:\Users\cormact\AppData\Roaming\OpenOffice.org\3\user\extensions\shared\extensions.db
3F8: File (RWD) C:\Users\cormact\AppData\Roaming\OpenOffice.org\3\user\extensions\bundled\registry\com.sun.star.comp.deployment.configuration.PackageRegistryBackend\registered_packages.db
3FC: File (RWD) C:\Users\cormact\AppData\Roaming\OpenOffice.org\3\user\extensions\bundled\registry\com.sun.star.comp.deployment.configuration.PackageRegistryBackend\registered_packages.db
400: File (RWD) C:\Users\cormact\AppData\Roaming\OpenOffice.org\3\user\extensions\bundled\extensions.db
404: File (RWD) C:\Users\cormact\AppData\Roaming\OpenOffice.org\3\user\extensions\bundled\extensions.db
408: File (RWD) C:\Users\cormact\AppData\Roaming\OpenOffice.org\3\user\extensions\tmp\registry\com.sun.star.comp.deployment.configuration.PackageRegistryBackend\registered_packages.db
40C: File (RWD) C:\Users\cormact\AppData\Roaming\OpenOffice.org\3\user\extensions\tmp\registry\com.sun.star.comp.deployment.configuration.PackageRegistryBackend\registered_packages.db
410: File (RWD) C:\Users\cormact\AppData\Roaming\OpenOffice.org\3\user\extensions\tmp\extensions.db
414: File (RWD) C:\Users\cormact\AppData\Roaming\OpenOffice.org\3\user\extensions\tmp\extensions.db
418: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
42C: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
448: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
44C: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
468: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
46C: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
4CC: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
4E0: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
4E4: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
4E8: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
4EC: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
4F0: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
4F4: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
4F8: File (R-D) C:\Windows\System32\en-US\user32.dll.mui
4FC: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
500: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
528: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
5A0: File (R--) C:\Program Files\OpenOffice.org 3\Basis\program\resource\dateen-US.res
5A8: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
5D0: File (R--) C:\Program Files\OpenOffice.org 3\Basis\program\resource\analysisen-US.res
5DC: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
5E4: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
5E8: File (R--) C:\Program Files\OpenOffice.org 3\Basis\program\resource\cuien-US.res
608: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
628: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
62C: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
638: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
640: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
644: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
648: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
64C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
654: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
66C: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
674: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
690: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
6C0: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
6C8: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
718: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
744: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
748: Section \Sessions\1\BaseNamedObjects\windows_ie_global_counters
7B4: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436
7DC: File (RW-) C:\Users\cormact\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
7F0: Section \Sessions\1\BaseNamedObjects\C:_Users_cormact_AppData_Local_Microsoft_Windows_Temporary Internet Files_Content.IE5_index.dat_1146880
7F8: File (RW-) C:\Users\cormact\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
7FC: Section \Sessions\1\BaseNamedObjects\C:_Users_cormact_AppData_Roaming_Microsoft_Windows_Cookies_index.dat_32768
80C: File (RW-) C:\Users\cormact\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
810: Section \Sessions\1\BaseNamedObjects\C:_Users_cormact_AppData_Local_Microsoft_Windows_History_History.IE5_index.dat_294912
814: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
870: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
8AC: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
9C4: File (RW-) C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57
------------------------------------------------------------------------------
ehmsas.exe pid: 3932 cormact-PC\cormact
8: File (RW-) C:\Windows\System32
84: Section \BaseNamedObjects\__ComCatalogCache__
EC: Section \BaseNamedObjects\__ComCatalogCache__
------------------------------------------------------------------------------
psqltray.exe pid: 3944 cormact-PC\cormact
8: File (RW-) C:\Program Files\Fingerprint Reader Suite
C: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
60: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
7C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
A0: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
A4: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
C4: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
C8: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773
CC: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
D0: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
F4: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
F8: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
110: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
124: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
15C: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
180: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
198: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
19C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
1C8: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
1DC: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
1F0: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
260: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
300: Section \BaseNamedObjects\__ComCatalogCache__
334: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
338: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
360: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
364: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
368: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
36C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
374: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
380: Section \BaseNamedObjects\__ComCatalogCache__
388: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
38C: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
394: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
398: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
3A0: File (R-D) C:\Windows\System32\en-US\kernel32.dll.mui
3A4: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
3B0: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
3CC: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
3D0: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
------------------------------------------------------------------------------
BrYNSvc.exe pid: 4052 NT AUTHORITY\SYSTEM
8: File (RW-) C:\Windows\System32
3C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
58: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
E4: Section \BaseNamedObjects\__ComCatalogCache__
114: Section \BaseNamedObjects\windows_shell_global_counters
164: File (RWD) C:\
178: Section \BaseNamedObjects\__ComCatalogCache__
1B0: File (RWD) C:\
------------------------------------------------------------------------------
WmiPrvSE.exe pid: 2056 NT AUTHORITY\SYSTEM
8: File (RW-) C:\Windows\System32
C8: File (R-D) C:\Windows\System32\en-US\user32.dll.mui
104: Section \BaseNamedObjects\Wmi Provider Sub System Counters
130: Section \BaseNamedObjects\__ComCatalogCache__
138: Section \BaseNamedObjects\__ComCatalogCache__
------------------------------------------------------------------------------
wmpnscfg.exe pid: 532 cormact-PC\cormact
8: File (RW-) C:\Windows\System32
C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773
60: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
E8: Section \BaseNamedObjects\__ComCatalogCache__
F0: Section \BaseNamedObjects\__ComCatalogCache__
14C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
------------------------------------------------------------------------------
wmpnetwk.exe pid: 1172 NT AUTHORITY\NETWORK SERVICE
8: File (RW-) C:\Windows\System32
78: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
150: Section \BaseNamedObjects\__ComCatalogCache__
158: Section \BaseNamedObjects\__ComCatalogCache__
22C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436
240: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
260: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773
------------------------------------------------------------------------------
BTStackServer.exe pid: 368 cormact-PC\cormact
8: File (RW-) C:\Windows\System32
C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436
10: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f
18: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f
1C: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
20: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
78: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
90: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
BC: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
C8: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3
118: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
174: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
178: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f
17C: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f
180: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
184: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
188: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f
1BC: Section \BaseNamedObjects\__ComCatalogCache__
248: File (R-D) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
250: File (R-D) C:\Windows\System32\stdole2.tlb
258: Section \BaseNamedObjects\mmGlobalPnpInfo
------------------------------------------------------------------------------
SearchIndexer.exe pid: 220 NT AUTHORITY\SYSTEM
8: File (RW-) C:\Windows\System32
88: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
C0: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
11C: Section \BaseNamedObjects\windows_shell_global_counters
1EC: Section \BaseNamedObjects\UGATHERER
1F0: Section \BaseNamedObjects\UGathererObj
234: Section \BaseNamedObjects\UGTHRSVC
238: Section \BaseNamedObjects\UGthrSvcObj
23C: Section \BaseNamedObjects\__ComCatalogCache__
244: Section \BaseNamedObjects\__ComCatalogCache__
2A0: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010019.ci
2A4: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid
2C0: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010012.wid
400: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000
410: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000
474: File (R--) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy27.gthr
4A4: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.ci
4A8: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010015.wid
4B8: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
4E4: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001A.dir
53C: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010022.wid
540: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid
55C: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid
564: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001D.dir
574: Section \BaseNamedObjects\windows_shell_global_counters
61C: Section \BaseNamedObjects\windows_shell_global_counters
67C: File (R--) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.16.gthr
680: File (R--) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.16.Crwl
6C8: File (---) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
710: File (---) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
774: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000
788: Section \BaseNamedObjects\WSearchIdxPi
78C: Section \BaseNamedObjects\WseIdxPm
794: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000
7B0: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.wid
7BC: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.wsb
7C0: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.ci
7C4: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.dir
868: File (R--) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr
86C: File (R--) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr
890: File (RW-) C:
934: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.dir
948: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010016.wid
95C: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010014.dir
9A4: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001E.wid
9D4: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid
9F4: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001E.ci
9F8: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.ci
A1C: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001C.dir
A3C: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010017.ci
A60: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010018.dir
A68: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010017.dir
A78: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001A.ci
A7C: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010015.dir
A84: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010016.dir
A88: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010013.ci
A94: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid
A98: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001C.ci
AC8: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010014.ci
AD0: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010018.ci
B20: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010018.wid
B38: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.dir
B3C: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001E.dir
B40: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.dir
B50: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001F.dir
B70: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.dir
B78: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001F.ci
B7C: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010016.ci
BC8: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.ci
BDC: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001D.wid
BE0: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.dir
BF0: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001C.wid
C20: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid
C24: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010014.wid
C78: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010013.dir
D08: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.ci
D1C: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010012.ci
D2C: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.dir
D4C: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid
D5C: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.dir
D64: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid
D68: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001F.wid
D74: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010022.ci
D84: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010019.dir
D8C: File (---) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
D98: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.ci
DCC: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.ci
DD8: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010019.wid
E58: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.ci
F00: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001D.ci
F14: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001A.wid
F24: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.dir
F68: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010015.ci
F6C: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010012.dir
F80: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010017.wid
F84: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010013.wid
F8C: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.ci
FA0: File (---) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
FC8: File (RW-) C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010022.dir
------------------------------------------------------------------------------
unsecapp.exe pid: 3508 cormact-PC\cormact
8: File (RW-) C:\Windows\System32
A8: Section \BaseNamedObjects\__ComCatalogCache__
13C: Section \BaseNamedObjects\__ComCatalogCache__
------------------------------------------------------------------------------
svchost.exe pid: 4128 NT AUTHORITY\LOCAL SERVICE
8: File (RW-) C:\Windows\System32
3C: File (R-D) C:\Windows\System32\en-US\svchost.exe.mui
10C: File (RWD) C:\Windows\Fonts
110: Section \BaseNamedObjects\FntCache-f0aec22c-f8eb-496c-b29e-5298be8a4870
124: Section \BaseNamedObjects\FntCache-1354ef02-776f-442c-b529-38109766d8ac
------------------------------------------------------------------------------
taskeng.exe pid: 4864 NT AUTHORITY\SYSTEM
8: File (RW-) C:\Windows\System32
3C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
58: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
134: Section \BaseNamedObjects\__ComCatalogCache__
160: Section \BaseNamedObjects\__ComCatalogCache__
1C8: File (RW-) C:\Windows\System32
------------------------------------------------------------------------------
firefox.exe pid: 6028 cormact-PC\cormact
8: File (R-D) C:\Users\cormact\AppData\Local\Temp\hsperfdata_cormact\6028
C: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
3C: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
40: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
44: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
70: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
74: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
78: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
7C: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
80: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
84: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
88: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
8C: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
90: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
94: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
98: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
9C: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
A8: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
BC: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
114: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
138: File (RW-) C:\Users\cormact\AppData\Roaming\Mozilla\Firefox\Profiles\njucu1qh.default\cookies.sqlite-wal
13C: Section \BaseNamedObjects\windows_shell_global_counters
174: File (RW-) C:\Users\cormact\AppData\Roaming\Mozilla\Firefox\Profiles\njucu1qh.default\cookies.sqlite
194: Section \BaseNamedObjects\__ComCatalogCache__
198: File (---) C:\Users\cormact\AppData\Roaming\Mozilla\Firefox\Profiles\njucu1qh.default\parent.lock
1C0: Section \BaseNamedObjects\__ComCatalogCache__
238: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
258: File (RW-) C:\Users\cormact\AppData\Roaming\Mozilla\Firefox\Profiles\njucu1qh.default\permissions.sqlite
270: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773
274: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
278: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
27C: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
360: File (RW-) C:\Users\cormact\AppData\Roaming\Mozilla\Firefox\Profiles\njucu1qh.default\formhistory.sqlite
368: File (RW-) C:\Users\cormact\AppData\Roaming\Mozilla\Firefox\Profiles\njucu1qh.default\search.sqlite
398: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
39C: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
3A0: File (RW-) C:\Users\cormact\AppData\Roaming\Mozilla\Firefox\Profiles\NJUCU1~1.DEF\cert8.db
3A4: File (RW-) C:\Users\cormact\AppData\Roaming\Mozilla\Firefox\Profiles\NJUCU1~1.DEF\key3.db
3A8: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
3C8: File (RW-) C:\Users\cormact\AppData\Roaming\Mozilla\Firefox\Profiles\njucu1qh.default\places.sqlite
3D0: File (RW-) C:\Users\cormact\AppData\Roaming\Mozilla\Firefox\Profiles\njucu1qh.default\places.sqlite-wal
3D4: File (RW-) C:\Users\cormact\AppData\Roaming\Mozilla\Firefox\Profiles\njucu1qh.default\places.sqlite-shm
3DC: File (RW-) C:\Users\cormact\AppData\Roaming\Mozilla\Firefox\Profiles\njucu1qh.default\places.sqlite
3E0: File (RW-) C:\Users\cormact\AppData\Roaming\Mozilla\Firefox\Profiles\njucu1qh.default\places.sqlite-wal
3F4: File (RW-) C:\Users\cormact\AppData\Roaming\Mozilla\Firefox\Profiles\njucu1qh.default\content-prefs.sqlite
404: File (RW-) C:\Users\cormact\AppData\Roaming\Mozilla\Firefox\Profiles\njucu1qh.default\places.sqlite
408: File (RW-) C:\Users\cormact\AppData\Roaming\Mozilla\Firefox\Profiles\njucu1qh.default\places.sqlite-wal
40C: File (RW-) C:\Users\cormact\AppData\Roaming\Mozilla\Firefox\Profiles\njucu1qh.default\places.sqlite
410: File (RW-) C:\Users\cormact\AppData\Roaming\Mozilla\Firefox\Profiles\njucu1qh.default\places.sqlite-wal
41C: File (RW-) C:\Users\cormact\AppData\Roaming\Mozilla\Firefox\Profiles\njucu1qh.default\webappsstore.sqlite
420: File (RW-) C:\Users\cormact\AppData\Roaming\Mozilla\Firefox\Profiles\njucu1qh.default\chromeappsstore.sqlite
490: Section \BaseNamedObjects\mmGlobalPnpInfo
49C: File (RW-) C:\Users\cormact\AppData\Roaming\Mozilla\Firefox\Profiles\njucu1qh.default\cookies.sqlite-shm
4D4: File (RW-) C:\Users\cormact\AppData\Local\Mozilla\Firefox\Profiles\njucu1qh.default\Cache\_CACHE_MAP_
4D8: File (RW-) C:\Users\cormact\AppData\Local\Mozilla\Firefox\Profiles\njucu1qh.default\Cache\_CACHE_001_
4DC: File (RW-) C:\Users\cormact\AppData\Local\Mozilla\Firefox\Profiles\njucu1qh.default\Cache\_CACHE_002_
4E0: File (RW-) C:\Users\cormact\AppData\Local\Mozilla\Firefox\Profiles\njucu1qh.default\Cache\_CACHE_003_
4F4: File (RW-) C:\Users\cormact\AppData\Roaming\Mozilla\Firefox\Profiles\njucu1qh.default\downloads.sqlite
500: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
520: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
530: File (RW-) C:\Users\cormact\AppData\Local\Mozilla\Firefox\Profiles\njucu1qh.default\urlclassifier3.sqlite
558: Section \Sessions\1\BaseNamedObjects\C:_Users_cormact_AppData_Local_Microsoft_Windows_Temporary Internet Files_Content.IE5_index.dat_1146880
588: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
5E8: File (RW-) C:\Program Files\Mozilla Firefox
5F8: Section \Sessions\1\BaseNamedObjects\hsperfdata_cormact_6028
600: File (R--) C:\PROGRA~1\Java\jre6\lib\rt.jar
62C: File (RW-) C:\Program Files\Java\jre6\lib\rt.jar
6FC: File (RW-) C:\Program Files\Java\jre6\lib\deploy.jar
700: File (RW-) C:\Program Files\Java\jre6\lib\javaws.jar
704: File (RW-) C:\Program Files\Java\jre6\lib\plugin.jar
7FC: File (RW-) C:\Program Files\Java\jre6\lib\jsse.jar
8D4: Section \Sessions\1\BaseNamedObjects\UrlZonesSM_cormact
8F8: File (RW-) C:\Users\cormact\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
92C: Section \Sessions\1\BaseNamedObjects\C:_Users_cormact_AppData_Local_Microsoft_Windows_History_History.IE5_index.dat_294912
950: Section \Sessions\1\BaseNamedObjects\C:_Users_cormact_AppData_Roaming_Microsoft_Windows_Cookies_index.dat_32768
954: File (RW-) C:\Users\cormact\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
96C: File (RW-) C:\Users\cormact\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
A4C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
------------------------------------------------------------------------------
plugin-container.exe pid: 4768 cormact-PC\cormact
C: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
10: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
18: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
1C: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
20: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
24: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
28: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
2C: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
30: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
34: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
38: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
3C: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
40: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
48: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
A0: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
B4: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
15C: File (RW-) C:\Program Files\Mozilla Firefox
168: Section \BaseNamedObjects\__ComCatalogCache__
170: Section \BaseNamedObjects\__ComCatalogCache__
------------------------------------------------------------------------------
jp2launcher.exe pid: 3192 cormact-PC\cormact
8: File (RW-) C:\Program Files\Mozilla Firefox
64: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
80: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
A4: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
3A0: File (RW-) C:\Users\cormact\AppData\Roaming\Mozilla\Firefox\Profiles\NJUCU1~1.DEF\cert8.db
3A4: File (RW-) C:\Users\cormact\AppData\Roaming\Mozilla\Firefox\Profiles\NJUCU1~1.DEF\key3.db
------------------------------------------------------------------------------
java.exe pid: 1668 cormact-PC\cormact
8: File (RW-) C:\Program Files\Mozilla Firefox
40: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
5C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
C4: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
F8: File (R-D) C:\Users\cormact\AppData\Local\Temp\hsperfdata_cormact\1668
FC: Section \Sessions\1\BaseNamedObjects\hsperfdata_cormact_1668
158: File (RW-) C:\Program Files\Java\jre6\lib\rt.jar
234: File (RW-) C:\Program Files\Java\jre6\lib\deploy.jar
238: File (RW-) C:\Program Files\Java\jre6\lib\javaws.jar
23C: File (RW-) C:\Program Files\Java\jre6\lib\plugin.jar
24C: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
300: File (R-D) C:\Windows\System32\en-US\kernel32.dll.mui
3A0: File (RW-) C:\Users\cormact\AppData\Roaming\Mozilla\Firefox\Profiles\NJUCU1~1.DEF\cert8.db
3A4: File (RW-) C:\Users\cormact\AppData\Roaming\Mozilla\Firefox\Profiles\NJUCU1~1.DEF\key3.db
460: File (RW-) C:\Windows\Fonts\simsun.ttc
464: File (RW-) C:\Windows\Fonts\mingliu.ttc
468: File (RW-) C:\Program Files\Java\jre6\lib\jsse.jar
484: File (RW-) C:\Windows\Fonts\symbol.ttf
4B8: File (RW-) C:\Windows\Fonts\arial.ttf
58C: File (RW-) C:\Program Files\Java\jre6\lib\jce.jar
590: File (RW-) C:\Program Files\Java\jre6\lib\ext\sunjce_provider.jar
594: File (RW-) C:\Program Files\Java\jre6\lib\ext\sunmscapi.jar
59C: File (RW-) C:\Windows\Fonts\gulim.ttc
5A8: File (RW-) C:\Windows\Fonts\gulim.ttc
5C8: File (RW-) C:\Users\cormact\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\7aac85af-31db6f39
620: File (RW-) C:\Program Files\Java\jre6\lib\ext\localedata.jar
640: File (RW-) C:\Windows\Fonts\msgothic.ttc
644: File (RW-) C:\Windows\Fonts\msgothic.ttc
64C: File (RW-) C:\Windows\Fonts\arialbd.ttf
758: File (RW-) C:\Windows\Fonts\simsun.ttc
7AC: File (RW-) C:\Program Files\Java\jre6\lib\fonts\LucidaSansRegular.ttf
7B4: File (RW-) C:\Windows\Fonts\mingliu.ttc
7BC: File (RW-) C:\Windows\Fonts\mingliu.ttc
868: File (RW-) C:\Windows\Fonts\msgothic.ttc
86C: File (RW-) C:\Windows\Fonts\gulim.ttc
8B8: File (RW-) C:\Windows\Fonts\gulim.ttc
8BC: File (RW-) C:\Windows\Fonts\mingliub.ttc
8C0: File (RW-) C:\Windows\Fonts\mingliub.ttc
8C4: File (RW-) C:\Windows\Fonts\mingliub.ttc
8C8: File (RW-) C:\Windows\Fonts\simsunb.ttf
------------------------------------------------------------------------------
plugin-container.exe pid: 5320 cormact-PC\cormact
C: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
10: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
18: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
1C: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
20: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
24: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
28: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
2C: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
30: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
34: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
38: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
3C: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
40: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
48: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
A0: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
B4: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
134: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
164: File (RW-) C:\Program Files\Mozilla Firefox
170: Section \BaseNamedObjects\__ComCatalogCache__
178: Section \BaseNamedObjects\__ComCatalogCache__
238: File (RW-) C:\Users\cormact\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
23C: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
248: Section \Sessions\1\BaseNamedObjects\C:_Users_cormact_AppData_Local_Microsoft_Windows_Temporary Internet Files_Content.IE5_index.dat_1146880
24C: File (RW-) C:\Users\cormact\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
250: Section \Sessions\1\BaseNamedObjects\C:_Users_cormact_AppData_Roaming_Microsoft_Windows_Cookies_index.dat_32768
258: File (RW-) C:\Users\cormact\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
25C: Section \Sessions\1\BaseNamedObjects\C:_Users_cormact_AppData_Local_Microsoft_Windows_History_History.IE5_index.dat_294912
264: Section \Sessions\1\BaseNamedObjects\UrlZonesSM_cormact
278: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
2C0: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
3F0: Section \BaseNamedObjects\Cor_Private_IPCBlock_v4_5320_643C0000
444: File (R-D) C:\Program Files\Microsoft Silverlight\4.0.60831.0\mscorlib.dll
448: File (R-D) C:\Program Files\Microsoft Silverlight\4.0.60831.0\mscorlib.ni.dll
470: File (R-D) C:\Program Files\Microsoft Silverlight\4.0.60831.0\System.Windows.Browser.dll
474: File (R-D) C:\Program Files\Microsoft Silverlight\4.0.60831.0\System.Windows.Browser.ni.dll
47C: File (R-D) C:\Program Files\Microsoft Silverlight\4.0.60831.0\system.dll
480: File (R-D) C:\Program Files\Microsoft Silverlight\4.0.60831.0\System.ni.dll
488: File (R-D) C:\Program Files\Microsoft Silverlight\4.0.60831.0\System.Windows.dll
48C: File (R-D) C:\Program Files\Microsoft Silverlight\4.0.60831.0\System.Windows.ni.dll
494: File (R-D) C:\Program Files\Microsoft Silverlight\4.0.60831.0\System.Net.dll
498: File (R-D) C:\Program Files\Microsoft Silverlight\4.0.60831.0\System.Net.ni.dll
4A0: File (R-D) C:\Program Files\Microsoft Silverlight\4.0.60831.0\System.Core.dll
4A4: File (R-D) C:\Program Files\Microsoft Silverlight\4.0.60831.0\System.Core.ni.dll
4AC: File (R-D) C:\Program Files\Microsoft Silverlight\4.0.60831.0\System.Xml.dll
4B0: File (R-D) C:\Program Files\Microsoft Silverlight\4.0.60831.0\System.Xml.ni.dll
4B8: File (R-D) C:\Program Files\Microsoft Silverlight\4.0.60831.0\System.Runtime.Serialization.dll
4BC: File (R-D) C:\Program Files\Microsoft Silverlight\4.0.60831.0\System.Runtime.Serialization.ni.dll
4C4: File (R-D) C:\Program Files\Microsoft Silverlight\4.0.60831.0\System.ServiceModel.Web.dll
4C8: File (R-D) C:\Program Files\Microsoft Silverlight\4.0.60831.0\System.ServiceModel.Web.ni.dll
4D0: File (R-D) C:\Windows\System32\en-US\kernel32.dll.mui
4D4: File (R-D) C:\Program Files\Microsoft Silverlight\4.0.60831.0\Microsoft.VisualBasic.dll
534: File (R--) C:\Windows\Fonts\verdanab.ttf
610: File (R-D) C:\Program Files\Microsoft Silverlight\4.0.60831.0\System.ServiceModel.dll
614: File (R-D) C:\Program Files\Microsoft Silverlight\4.0.60831.0\System.ServiceModel.ni.dll
6F8: File (R--) C:\Windows\Fonts\arial.ttf
738: File (R--) C:\Windows\Fonts\trebuc.ttf
9EC: File (R--) C:\Windows\Fonts\verdanai.ttf
A64: File (R--) C:\Windows\Fonts\verdana.ttf
------------------------------------------------------------------------------
plugin-container.exe pid: 5196 cormact-PC\cormact
C: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
10: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
18: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
1C: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
20: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
24: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
28: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
2C: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
30: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
34: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
38: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
3C: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
40: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
48: File (RW-) C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a
A0: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
B4: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
15C: Section \BaseNamedObjects\__ComCatalogCache__
164: Section \BaseNamedObjects\__ComCatalogCache__
1B0: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
1B8: Section \Sessions\1\BaseNamedObjects\windows_shell_global_counters
270: File (RW-) C:\Program Files\Mozilla Firefox
2B0: Section \BaseNamedObjects\mmGlobalPnpInfo
------------------------------------------------------------------------------
taskeng.exe pid: 4596 cormact-PC\cormact
8: File (RW-) C:\Windows\System32
3C: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
58: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
138: Section \BaseNamedObjects\__ComCatalogCache__
------------------------------------------------------------------------------
cmd.exe pid: 5596 cormact-PC\cormact
8: File (R--) C:\oboo.txt
40: File (RW-) C:\
------------------------------------------------------------------------------
handle.exe pid: 4100 cormact-PC\cormact
8: File (R--) C:\oboo.txt
C: File (RW-) C:\
14: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436
48: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3
64: File (RW-) C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.60