dinglydo
asked on
Homepage Keeps changing!!!!
Hi Everyone.
I keep having problems with my internet explorer. This time its the worst... McAfee virus scan did warn me about a Trojan, and that it deleted it... however, now everytime i start my internet explorer my home page changes to mk:@MSITStore:C:\WINDOWS\s
Thanks
ding!
I keep having problems with my internet explorer. This time its the worst... McAfee virus scan did warn me about a Trojan, and that it deleted it... however, now everytime i start my internet explorer my home page changes to mk:@MSITStore:C:\WINDOWS\s
Thanks
ding!
Check these registry entries
HKEY_CURRENT_USER\Software
HKEY_CURRENT_USER\Software
HKEY_CURRENT_USER\Software
HKCU\Software\Microsoft\In
HKCU\Software\Microsoft\In
HKCU\Software\Microsoft\In
HKCU\Software\Microsoft\In
HKCU\Software\Microsoft\In
HKEY_LOCAL_MACHINE\Softwar
and remove start.html
HKEY_CURRENT_USER\Software
HKEY_CURRENT_USER\Software
HKEY_CURRENT_USER\Software
HKCU\Software\Microsoft\In
HKCU\Software\Microsoft\In
HKCU\Software\Microsoft\In
HKCU\Software\Microsoft\In
HKCU\Software\Microsoft\In
HKEY_LOCAL_MACHINE\Softwar
and remove start.html
HI..
First, check whether any unwanted packages is installed...
delete all the unknown packages installed by the virus
go to .. control panel->add/remove program->
update the antivirus and the lastest patches from the microsoft site..
go to internet explorer->tools->windows updates
del all the *.tmp files and all the internet cookies and temporary files..
go to windows explorer->and delete the all the folder and file from temporary internet files...
set the home page to blank and reboot ur machine...
check the help sunray
First, check whether any unwanted packages is installed...
delete all the unknown packages installed by the virus
go to .. control panel->add/remove program->
update the antivirus and the lastest patches from the microsoft site..
go to internet explorer->tools->windows updates
del all the *.tmp files and all the internet cookies and temporary files..
go to windows explorer->and delete the all the folder and file from temporary internet files...
set the home page to blank and reboot ur machine...
check the help sunray
Hopefully the posts above have already solved your problem, but you may still need this registry fix:
http://www.kellys-korner-xp.com/regs_edits/iegentabs.reg
Zee
You'll need to edit your Registry for this tip.
Changes to the Registry are permanent. Back it up or you'll be outta luck if something goes wrong.
Navigate to this string:
HKEY_CURRENT_USER\Software
If the keys for Internet Explorer and Control Panel are not present, add them manually.
Right-click the Microsoft key folder, click New, and choose Key.
Name it Internet Explorer.
Right-click the Internet Explorer key folder, click New, and choose Key.
Name it Control Panel.
Right-click the Control Panel key folder and choose "new DWORD value." Rename the value "Homepage."
Right-click the Homepage value, choose Modify, and change the value from "0" to "1."
Now go into your Internet Explorer options. Your homepage is locked and unmodifiable!
Here's a shortcut if you'd rather not edit the Registry yourself. Download and double-click my file. It will make the above changes to your Registry automatically.
http://downloads.techtv.com/binaries/2004/homepagelock.zip
Changes to the Registry are permanent. Back it up or you'll be outta luck if something goes wrong.
Navigate to this string:
HKEY_CURRENT_USER\Software
If the keys for Internet Explorer and Control Panel are not present, add them manually.
Right-click the Microsoft key folder, click New, and choose Key.
Name it Internet Explorer.
Right-click the Internet Explorer key folder, click New, and choose Key.
Name it Control Panel.
Right-click the Control Panel key folder and choose "new DWORD value." Rename the value "Homepage."
Right-click the Homepage value, choose Modify, and change the value from "0" to "1."
Now go into your Internet Explorer options. Your homepage is locked and unmodifiable!
Here's a shortcut if you'd rather not edit the Registry yourself. Download and double-click my file. It will make the above changes to your Registry automatically.
http://downloads.techtv.com/binaries/2004/homepagelock.zip
ASKER
Hey! guys!
thanks for all your help.
But actually nothing is working,
what happens is a seemingly non-malicious start.chm file keeps materializing even after i delete it, so no adware, nothing detects it. I tried the regediting, but that didn't work either.
thanks for all your help.
But actually nothing is working,
what happens is a seemingly non-malicious start.chm file keeps materializing even after i delete it, so no adware, nothing detects it. I tried the regediting, but that didn't work either.
Start --> run --> Type in "msconfig" and press "Enter"
goto Startup tab
Disable all the applications there.Reboot the machine and check if the error occurs.
If not, then enable one at a time in the same startup tab and find the application that might cause this
at startup
goto Startup tab
Disable all the applications there.Reboot the machine and check if the error occurs.
If not, then enable one at a time in the same startup tab and find the application that might cause this
at startup
ASKER
hey sunray!
a friend did the msconfig thing, there doesn't seem to be anything there that is doing this...
here is my hijack log
Logfile of HijackThis v1.97.7
Scan saved at 11:14:58 AM, on 4/8/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
E:\WINDOWS\System32\smss.e
E:\WINDOWS\system32\winlog
E:\WINDOWS\system32\servic
E:\WINDOWS\system32\lsass.
E:\WINDOWS\system32\svchos
E:\WINDOWS\System32\svchos
E:\Program Files\TGTSoft\StyleXP\Styl
E:\WINDOWS\system32\spools
E:\WINDOWS\System32\driver
C:\CFusionMX\db\slserver52
C:\CFusionMX\db\slserver52
C:\CFusionMX\db\slserver52
E:\Program Files\Network Associates\Common Framework\FrameworkService
E:\Program Files\Network Associates\VirusScan\mcshi
E:\Program Files\Network Associates\VirusScan\vstsk
E:\WINDOWS\System32\nvsvc3
E:\WINDOWS\System32\tcpsvc
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\SOUNDMAN.EXE
E:\PROGRA~1\MI948F~1\GAMEC
E:\Program Files\Network Associates\VirusScan\SHSTA
E:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
E:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\Program Files\Magic Notes\Sticky32.exe
E:\WINDOWS\System32\ctfmon
E:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
E:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe
E:\Documents and Settings\User Name\Desktop\Junk\Spyware\
R0 - HKCU\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
N3 - Netscape 7: user_pref("browser.startup
N3 - Netscape 7: user_pref("browser.search.
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {6427806D-3820-11D5-9939-0
O2 - BHO: (no name) - {B930BA63-9E5A-11D3-A288-0
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SideWinderTrayV4] E:\PROGRA~1\MI948F~1\GAMEC
O4 - HKLM\..\Run: [ShStatEXE] "E:\Program Files\Network Associates\VirusScan\SHSTA
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "E:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [STYLEXP] E:\Program Files\TGTSoft\StyleXP\Styl
O4 - HKCU\..\Run: [Magic Notes] "E:\Program Files\Magic Notes\Sticky32.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\System32\ctfmon
O4 - Startup: Stardock ObjectDock.lnk = E:\Program Files\Stardock\ObjectDock\
O4 - Global Startup: Acrobat Assistant.lnk = E:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download with &DAP - E:\PROGRA~1\DAP\dapextie.h
O8 - Extra context menu item: Download &all with DAP - E:\PROGRA~1\DAP\dapextie2.
O8 - Extra context menu item: Download with &Shareaza - res://E:\Program Files\Shareaza\Plugins\Raz
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2
O8 - Extra context menu item: Sothink SWF Decompiler - E:\Program Files\SourceTec\Sothink SWF Decompiler\InternetExplore
O9 - Extra button: SWFDecompiler (HKLM)
O9 - Extra 'Tools' menuitem: Sothink SWF Decompiler (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {03F998B2-0E00-11D3-A498-0
O16 - DPF: {11260943-421B-11D0-8EAC-0
O16 - DPF: {2917297F-F02B-4B9D-81DF-4
O16 - DPF: {41F17733-B041-4099-A042-B
O16 - DPF: {8E0D4DE5-3180-4024-A327-4
O16 - DPF: {9F1C11AA-197B-4942-BA54-4
O16 - DPF: {BB47CA33-8B4D-11D0-9511-0
O16 - DPF: {C36661D7-3590-45B1-80B5-5
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
O16 - DPF: {D3D83E08-54D1-4E9D-8EAF-9
O16 - DPF: {EDD6C042-E583-42FA-9211-2
a friend did the msconfig thing, there doesn't seem to be anything there that is doing this...
here is my hijack log
Logfile of HijackThis v1.97.7
Scan saved at 11:14:58 AM, on 4/8/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
E:\WINDOWS\System32\smss.e
E:\WINDOWS\system32\winlog
E:\WINDOWS\system32\servic
E:\WINDOWS\system32\lsass.
E:\WINDOWS\system32\svchos
E:\WINDOWS\System32\svchos
E:\Program Files\TGTSoft\StyleXP\Styl
E:\WINDOWS\system32\spools
E:\WINDOWS\System32\driver
C:\CFusionMX\db\slserver52
C:\CFusionMX\db\slserver52
C:\CFusionMX\db\slserver52
E:\Program Files\Network Associates\Common Framework\FrameworkService
E:\Program Files\Network Associates\VirusScan\mcshi
E:\Program Files\Network Associates\VirusScan\vstsk
E:\WINDOWS\System32\nvsvc3
E:\WINDOWS\System32\tcpsvc
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\SOUNDMAN.EXE
E:\PROGRA~1\MI948F~1\GAMEC
E:\Program Files\Network Associates\VirusScan\SHSTA
E:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
E:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\Program Files\Magic Notes\Sticky32.exe
E:\WINDOWS\System32\ctfmon
E:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
E:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe
E:\Documents and Settings\User Name\Desktop\Junk\Spyware\
R0 - HKCU\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
N3 - Netscape 7: user_pref("browser.startup
N3 - Netscape 7: user_pref("browser.search.
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {6427806D-3820-11D5-9939-0
O2 - BHO: (no name) - {B930BA63-9E5A-11D3-A288-0
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SideWinderTrayV4] E:\PROGRA~1\MI948F~1\GAMEC
O4 - HKLM\..\Run: [ShStatEXE] "E:\Program Files\Network Associates\VirusScan\SHSTA
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "E:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [STYLEXP] E:\Program Files\TGTSoft\StyleXP\Styl
O4 - HKCU\..\Run: [Magic Notes] "E:\Program Files\Magic Notes\Sticky32.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\System32\ctfmon
O4 - Startup: Stardock ObjectDock.lnk = E:\Program Files\Stardock\ObjectDock\
O4 - Global Startup: Acrobat Assistant.lnk = E:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download with &DAP - E:\PROGRA~1\DAP\dapextie.h
O8 - Extra context menu item: Download &all with DAP - E:\PROGRA~1\DAP\dapextie2.
O8 - Extra context menu item: Download with &Shareaza - res://E:\Program Files\Shareaza\Plugins\Raz
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2
O8 - Extra context menu item: Sothink SWF Decompiler - E:\Program Files\SourceTec\Sothink SWF Decompiler\InternetExplore
O9 - Extra button: SWFDecompiler (HKLM)
O9 - Extra 'Tools' menuitem: Sothink SWF Decompiler (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {03F998B2-0E00-11D3-A498-0
O16 - DPF: {11260943-421B-11D0-8EAC-0
O16 - DPF: {2917297F-F02B-4B9D-81DF-4
O16 - DPF: {41F17733-B041-4099-A042-B
O16 - DPF: {8E0D4DE5-3180-4024-A327-4
O16 - DPF: {9F1C11AA-197B-4942-BA54-4
O16 - DPF: {BB47CA33-8B4D-11D0-9511-0
O16 - DPF: {C36661D7-3590-45B1-80B5-5
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
O16 - DPF: {D3D83E08-54D1-4E9D-8EAF-9
O16 - DPF: {EDD6C042-E583-42FA-9211-2
Its right here...
R0 - HKCU\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
Use startup control panel.
http://www.mlin.net/StartupCPL.shtml
Disable those startups from the registry and reboot.
R0 - HKCU\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
Use startup control panel.
http://www.mlin.net/StartupCPL.shtml
Disable those startups from the registry and reboot.
Hmm not sure what happened.. I posted the registry ones as above but didnot get displayed... weird
anyway delete the things aindelicato has said
anyway delete the things aindelicato has said
ASKER
Its right here...
R0 - HKCU\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
deleting it doesn't work, it keeps regenerating that code after a while..
i also noticed, the start.chm file gets created when an access[1].exe file executes (found out from its temporary appearance in the task manager)
however my computer doesn't have any access[1].exe, its like it deletes itself...
HELp!!
R0 - HKCU\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
deleting it doesn't work, it keeps regenerating that code after a while..
i also noticed, the start.chm file gets created when an access[1].exe file executes (found out from its temporary appearance in the task manager)
however my computer doesn't have any access[1].exe, its like it deletes itself...
HELp!!
Disable System Restore before you run any AV or Spyware/bot removal, or do any of the above, otherwise it will always creep itsway back.
|start menu|all programs|accessories|syste
tick "turn off system systore"
run all the AV and spyware/bot utils you can get your hands on.
|start menu|all programs|accessories|syste
tick "turn off system systore"
run all the AV and spyware/bot utils you can get your hands on.
ASKER
I tried everything. It seems to be affecting everything on my pc...
here is a filesystem log....
57515 7:26:12 PM IEXPLORE.EXE:2344 READ E:\WINDOWS\System\crlds3d.
57516 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57517 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57518 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Local Settings\History\History.I
57519 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57520 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57521 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57522 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57523 7:26:12 PM IEXPLORE.EXE:2344 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\F6ATV1E7
57524 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\F6ATV1E7
57525 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57526 7:26:12 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\F6ATV1E7
57527 7:26:12 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\F6ATV1E7
57528 7:26:12 PM IEXPLORE.EXE:2344 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\F6ATV1E7
57529 7:26:12 PM IEXPLORE.EXE:2344 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\F6ATV1E7
57530 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57531 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57532 7:26:12 PM IEXPLORE.EXE:2344 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\F6ATV1E7
57533 7:26:12 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\F6ATV1E7
57534 7:26:12 PM IEXPLORE.EXE:2344 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\F6ATV1E7
57535 7:26:12 PM IEXPLORE.EXE:2344 CLOSE E:\WINDOWS\System32\iepeer
57536 7:26:12 PM IEXPLORE.EXE:2344 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\F6ATV1E7
57537 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57538 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57539 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57540 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57541 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57542 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57543 7:26:12 PM IEXPLORE.EXE:2344 OPEN E:\WINDOWS\System32\iepeer
57544 7:26:12 PM IEXPLORE.EXE:2344 READ E:\WINDOWS\System32\iepeer
57545 7:26:12 PM IEXPLORE.EXE:2344 READ E:\WINDOWS\System32\iepeer
57546 7:26:12 PM IEXPLORE.EXE:2344 READ E:\WINDOWS\System32\iepeer
57547 7:26:12 PM IEXPLORE.EXE:2344 READ E:\WINDOWS\System32\iepeer
57548 7:26:12 PM IEXPLORE.EXE:2344 READ E:\WINDOWS\System32\iepeer
57549 7:26:12 PM IEXPLORE.EXE:2344 READ E:\WINDOWS\System32\iepeer
57550 7:26:12 PM IEXPLORE.EXE:2344 READ E:\WINDOWS\System32\iepeer
57551 7:26:12 PM IEXPLORE.EXE:2344 READ E:\WINDOWS\System32\iepeer
57552 7:26:12 PM IEXPLORE.EXE:2344 READ E:\WINDOWS\System32\iepeer
57553 7:26:12 PM IEXPLORE.EXE:2344 READ E:\WINDOWS\System32\iepeer
57554 7:26:12 PM IEXPLORE.EXE:2344 READ E:\WINDOWS\System32\iepeer
57555 7:26:12 PM IEXPLORE.EXE:2344 READ E:\WINDOWS\System32\iepeer
57556 7:26:12 PM IEXPLORE.EXE:2344 READ E:\WINDOWS\System32\iepeer
57557 7:26:12 PM IEXPLORE.EXE:2344 READ E:\WINDOWS\System32\iepeer
57558 7:26:12 PM IEXPLORE.EXE:2344 READ E:\WINDOWS\System32\iepeer
57559 7:26:12 PM IEXPLORE.EXE:2344 READ E:\WINDOWS\System32\iepeer
57560 7:26:12 PM IEXPLORE.EXE:2344 READ E:\WINDOWS\System32\iepeer
57561 7:26:12 PM IEXPLORE.EXE:2344 READ E:\WINDOWS\System32\iepeer
57562 7:26:12 PM IEXPLORE.EXE:2344 READ E:\WINDOWS\System32\iepeer
57563 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\WINDOWS\System32\iepeer
57564 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\WINDOWS\System32\iepeer
57565 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57566 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Local Settings\History\History.I
57567 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57568 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Local Settings\History\History.I
57569 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57570 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Local Settings\History\History.I
57571 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57572 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Local Settings\History\History.I
57573 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57574 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Local Settings\History\History.I
57575 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57576 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Local Settings\History\History.I
57577 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57578 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Local Settings\History\History.I
57579 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57580 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Local Settings\History\History.I
57581 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57582 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Local Settings\History\History.I
57583 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57584 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Local Settings\History\History.I
57585 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57586 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Local Settings\History\History.I
57587 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57588 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Local Settings\History\History.I
57589 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57590 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57591 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Local Settings\History\History.I
57592 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57593 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Local Settings\History\History.I
57594 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57595 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Local Settings\History\History.I
57596 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57597 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Local Settings\History\History.I
57598 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57599 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Local Settings\History\History.I
57600 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57601 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Local Settings\History\History.I
57602 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57603 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Local Settings\History\History.I
57604 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57605 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57606 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57607 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Local Settings\History\History.I
57608 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57609 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57610 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Local Settings\History\History.I
57611 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57612 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Local Settings\History\History.I
57613 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57614 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57615 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57616 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Local Settings\History\History.I
57617 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57618 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Local Settings\History\History.I
57619 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57620 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Local Settings\History\History.I
57621 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57622 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Local Settings\History\History.I
57623 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57624 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57625 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57626 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57627 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Program Files\Microsoft Office\Office10\EXCEL.EXE SUCCESS Attributes: RA
57628 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\PROGRA~1\MICROS~2\Offic
57629 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\WINDOWS\notepad.exe SUCCESS Attributes: A
57630 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Program Files\Microsoft Office\Office10\WINWORD.EX
57631 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\PROGRA~1\MICROS~2\Offic
57632 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\PROGRA~1\MICROS~2\Offic
57633 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57634 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Local Settings\History\History.I
57635 7:26:13 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57636 7:26:13 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57637 7:26:13 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57638 7:26:13 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57639 7:26:15 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57640 7:26:15 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57641 7:26:15 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57642 7:26:15 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57643 7:26:17 PM explorer.exe:3188 QUERY INFORMATION E:\Program Files\Magic Notes\Sticky32.exe SUCCESS Attributes: A
57644 7:26:17 PM explorer.exe:3188 OPEN E:\Program Files\Magic Notes\Sticky32.exe SUCCESS Options: Open Access: Execute
57645 7:26:17 PM explorer.exe:3188 QUERY INFORMATION E:\Program Files\Magic Notes\Sticky32.exe SUCCESS Length: 194810
57646 7:26:17 PM explorer.exe:3188 CLOSE E:\Program Files\Magic Notes\Sticky32.exe SUCCESS
57647 7:26:17 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57648 7:26:17 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57649 7:26:17 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57650 7:26:17 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57651 7:26:19 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57652 7:26:19 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57653 7:26:19 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57654 7:26:19 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57655 7:26:21 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57656 7:26:21 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57657 7:26:21 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57658 7:26:21 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57659 7:26:23 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57660 7:26:23 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57661 7:26:23 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57662 7:26:23 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57663 7:26:25 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57664 7:26:25 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57665 7:26:25 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57666 7:26:25 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57667 7:26:27 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57668 7:26:27 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57669 7:26:27 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57670 7:26:27 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57671 7:26:29 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57672 7:26:29 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57673 7:26:29 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57674 7:26:29 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57675 7:26:31 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57676 7:26:31 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57677 7:26:31 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57678 7:26:31 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57679 7:26:32 PM explorer.exe:3188 OPEN C:\ SUCCESS Options: Open Directory Access: All
57680 7:26:32 PM explorer.exe:3188 QUERY INFORMATION C:\ SUCCESS FileFsQuotaSetInformation
57681 7:26:32 PM explorer.exe:3188 CLOSE C:\ SUCCESS
57682 7:26:32 PM explorer.exe:3188 OPEN E:\ SUCCESS Options: Open Directory Access: All
57683 7:26:32 PM explorer.exe:3188 QUERY INFORMATION E:\ SUCCESS FileFsQuotaSetInformation
57684 7:26:32 PM explorer.exe:3188 CLOSE E:\ SUCCESS
57685 7:26:32 PM explorer.exe:3188 OPEN F:\ SUCCESS Options: Open Directory Access: All
57686 7:26:32 PM explorer.exe:3188 QUERY INFORMATION F:\ SUCCESS FileFsQuotaSetInformation
57687 7:26:32 PM explorer.exe:3188 CLOSE F:\ SUCCESS
57688 7:26:32 PM explorer.exe:3188 OPEN G:\ SUCCESS Options: Open Directory Access: All
57689 7:26:32 PM explorer.exe:3188 QUERY INFORMATION G:\ SUCCESS FileFsQuotaSetInformation
57690 7:26:32 PM explorer.exe:3188 CLOSE G:\ SUCCESS
57691 7:26:32 PM explorer.exe:3188 QUERY INFORMATION E:\Program Files\Magic Notes\Sticky32.exe SUCCESS Attributes: A
57692 7:26:32 PM explorer.exe:3188 OPEN E:\Program Files\Magic Notes\Sticky32.exe SUCCESS Options: Open Access: Execute
57693 7:26:32 PM explorer.exe:3188 QUERY INFORMATION E:\Program Files\Magic Notes\Sticky32.exe SUCCESS Length: 194810
57694 7:26:32 PM explorer.exe:3188 CLOSE E:\Program Files\Magic Notes\Sticky32.exe SUCCESS
57695 7:26:33 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57696 7:26:33 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57697 7:26:33 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57698 7:26:33 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57699 7:26:35 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57700 7:26:35 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57701 7:26:35 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57702 7:26:35 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57703 7:26:37 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57704 7:26:37 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57705 7:26:37 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57706 7:26:37 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57707 7:26:39 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57708 7:26:39 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57709 7:26:39 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57710 7:26:39 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57711 7:26:40 PM vsmon.exe:3948 OPEN E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Con
57712 7:26:40 PM vsmon.exe:3948 DIRECTORY E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Con
57713 7:26:40 PM vsmon.exe:3948 OPEN E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Con
57714 7:26:40 PM vsmon.exe:3948 DIRECTORY E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Con
57715 7:26:40 PM vsmon.exe:3948 CLOSE E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Con
57716 7:26:40 PM vsmon.exe:3948 OPEN E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Con
57717 7:26:40 PM vsmon.exe:3948 READ E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Con
57718 7:26:40 PM vsmon.exe:3948 CLOSE E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Con
57719 7:26:40 PM vsmon.exe:3948 DIRECTORY E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Con
57720 7:26:40 PM vsmon.exe:3948 CLOSE E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Con
57721 7:26:40 PM vsmon.exe:3948 OPEN E:\WINDOWS\System32\Ras\ SUCCESS Options: Open Directory Access: All
57722 7:26:40 PM vsmon.exe:3948 DIRECTORY E:\WINDOWS\System32\Ras\ NO SUCH FILE FileBothDirectoryInformati
57723 7:26:40 PM vsmon.exe:3948 CLOSE E:\WINDOWS\System32\Ras\ SUCCESS
57724 7:26:40 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\TEMP SUCCESS Attributes: D
57725 7:26:40 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\TEMP SUCCESS Attributes: D
57726 7:26:40 PM vsmon.exe:3948 OPEN C:\autoexec.bat SUCCESS Options: Open Access: All
57727 7:26:40 PM vsmon.exe:3948 QUERY INFORMATION C:\autoexec.bat SUCCESS Attributes: A
57728 7:26:40 PM vsmon.exe:3948 CLOSE C:\autoexec.bat SUCCESS
57729 7:26:40 PM vsmon.exe:3948 OPEN C:\autoexec.bat SUCCESS Options: Open Access: All
57730 7:26:40 PM vsmon.exe:3948 QUERY INFORMATION C:\autoexec.bat SUCCESS Length: 0
57731 7:26:40 PM vsmon.exe:3948 READ C:\autoexec.bat SUCCESS Offset: 0 Length: 0
57732 7:26:40 PM vsmon.exe:3948 CLOSE C:\autoexec.bat SUCCESS
57733 7:26:40 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\config
57734 7:26:40 PM vsmon.exe:3948 OPEN E:\WINDOWS\system32\config
57735 7:26:40 PM vsmon.exe:3948 DIRECTORY E:\WINDOWS\system32\config
57736 7:26:40 PM vsmon.exe:3948 CLOSE E:\WINDOWS\system32\config
57737 7:26:40 PM vsmon.exe:3948 OPEN E:\WINDOWS\system32\config
57738 7:26:40 PM vsmon.exe:3948 DIRECTORY E:\WINDOWS\system32\config
57739 7:26:40 PM vsmon.exe:3948 CLOSE E:\WINDOWS\system32\config
57740 7:26:40 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\config
57741 7:26:40 PM vsmon.exe:3948 OPEN E:\WINDOWS\system32\config
57742 7:26:40 PM vsmon.exe:3948 DIRECTORY E:\WINDOWS\system32\config
57743 7:26:40 PM vsmon.exe:3948 CLOSE E:\WINDOWS\system32\config
57744 7:26:40 PM vsmon.exe:3948 OPEN E:\WINDOWS\system32\config
57745 7:26:40 PM vsmon.exe:3948 DIRECTORY E:\WINDOWS\system32\config
57746 7:26:40 PM vsmon.exe:3948 CLOSE E:\WINDOWS\system32\config
57747 7:26:40 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\config
57748 7:26:40 PM vsmon.exe:3948 OPEN E:\WINDOWS\system32\config
57749 7:26:41 PM IEXPLORE.EXE:2344 READ E:\WINDOWS\system32\urlmon
57750 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57751 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57752 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57753 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57754 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Program Files\Internet Explorer\RASAPI32.DLL FILE NOT FOUND Attributes: Error
57755 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\RASAPI32.DLL FILE NOT FOUND Attributes: Error
57756 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\WINDOWS\System32\RASAPI
57757 7:26:41 PM IEXPLORE.EXE:2344 OPEN E:\WINDOWS\System32\RASAPI
57758 7:26:41 PM IEXPLORE.EXE:2344 CLOSE E:\WINDOWS\System32\RASAPI
57759 7:26:41 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\rasapi
57760 7:26:41 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\RASAPI
57761 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Program Files\Internet Explorer\rasman.dll FILE NOT FOUND Attributes: Error
57762 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\rasman.dll FILE NOT FOUND Attributes: Error
57763 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\WINDOWS\System32\rasman
57764 7:26:41 PM IEXPLORE.EXE:2344 OPEN E:\WINDOWS\System32\rasman
57765 7:26:41 PM IEXPLORE.EXE:2344 CLOSE E:\WINDOWS\System32\rasman
57766 7:26:41 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\rasman
57767 7:26:41 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\RASMAN
57768 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Program Files\Internet Explorer\NETAPI32.dll FILE NOT FOUND Attributes: Error
57769 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\NETAPI32.dll FILE NOT FOUND Attributes: Error
57770 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\WINDOWS\System32\NETAPI
57771 7:26:41 PM IEXPLORE.EXE:2344 OPEN E:\WINDOWS\System32\NETAPI
57772 7:26:41 PM IEXPLORE.EXE:2344 CLOSE E:\WINDOWS\System32\NETAPI
57773 7:26:41 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\netapi
57774 7:26:41 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\NETAPI
57775 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Program Files\Internet Explorer\TAPI32.dll FILE NOT FOUND Attributes: Error
57776 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\TAPI32.dll FILE NOT FOUND Attributes: Error
57777 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\WINDOWS\System32\TAPI32
57778 7:26:41 PM IEXPLORE.EXE:2344 OPEN E:\WINDOWS\System32\TAPI32
57779 7:26:41 PM IEXPLORE.EXE:2344 CLOSE E:\WINDOWS\System32\TAPI32
57780 7:26:41 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\tapi32
57781 7:26:41 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\TAPI32
57782 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Program Files\Internet Explorer\rtutils.dll FILE NOT FOUND Attributes: Error
57783 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\rtutils.dll FILE NOT FOUND Attributes: Error
57784 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\WINDOWS\System32\rtutil
57785 7:26:41 PM IEXPLORE.EXE:2344 OPEN E:\WINDOWS\System32\rtutil
57786 7:26:41 PM IEXPLORE.EXE:2344 CLOSE E:\WINDOWS\System32\rtutil
57787 7:26:41 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\rtutil
57788 7:26:41 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\RTUTIL
57789 7:26:41 PM IEXPLORE.EXE:2344 OPEN E:\WINDOWS\System32\TAPI32
57790 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\WINDOWS\System32\TAPI32
57791 7:26:41 PM IEXPLORE.EXE:2344 OPEN E:\WINDOWS\System32\TAPI32
57792 7:26:41 PM IEXPLORE.EXE:2344 OPEN E:\WINDOWS\System32\TAPI32
57793 7:26:41 PM csrss.exe:480 OPEN E:\WINDOWS\WinSxS\Policies
57794 7:26:41 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\System32\en-US FILE NOT FOUND Attributes: Error
57795 7:26:41 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\System32\en FILE NOT FOUND Attributes: Error
57796 7:26:41 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\System32\ SUCCESS Attributes: D
57797 7:26:41 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\System32\ SUCCESS Attributes: D
57798 7:26:41 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\WinSxS\Manifest
57799 7:26:41 PM csrss.exe:480 OPEN E:\WINDOWS\WinSxS\Policies
57800 7:26:41 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\WinSxS\Manifest
57801 7:26:41 PM csrss.exe:480 OPEN E:\WINDOWS\WinSxS\Policies
57802 7:26:41 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\WinSxS\Manifest
57803 7:26:41 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\WinSxS\Manifest
57804 7:26:41 PM csrss.exe:480 OPEN E:\WINDOWS\WinSxS\Policies
57805 7:26:41 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\WinSxS\Manifest
57806 7:26:41 PM csrss.exe:480 OPEN E:\WINDOWS\WinSxS\Policies
57807 7:26:41 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\WinSxS\Manifest
57808 7:26:41 PM csrss.exe:480 OPEN E:\WINDOWS\WinSxS\Manifest
57809 7:26:41 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\WinSxS\Manifest
57810 7:26:41 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\WinSxS\Manifest
57811 7:26:41 PM csrss.exe:480 READ E:\WINDOWS\WinSxS\Manifest
57812 7:26:41 PM csrss.exe:480 READ E:\WINDOWS\WinSxS\Manifest
57813 7:26:41 PM csrss.exe:480 CLOSE E:\WINDOWS\WinSxS\Manifest
57814 7:26:41 PM IEXPLORE.EXE:2344 CLOSE E:\WINDOWS\System32\TAPI32
57815 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Program Files\Internet Explorer\iexplore.exe.Loca
57816 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\WINDOWS\WinSxS\x86_Micr
57817 7:26:41 PM IEXPLORE.EXE:2344 OPEN E:\WINDOWS\WinSxS\x86_Micr
57818 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Program Files\Internet Explorer\sensapi.dll FILE NOT FOUND Attributes: Error
57819 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\sensapi.dll FILE NOT FOUND Attributes: Error
57820 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\WINDOWS\System32\sensap
57821 7:26:41 PM IEXPLORE.EXE:2344 OPEN E:\WINDOWS\System32\sensap
57822 7:26:41 PM IEXPLORE.EXE:2344 CLOSE E:\WINDOWS\System32\sensap
57823 7:26:41 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\sensap
57824 7:26:41 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\SENSAP
57825 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57826 7:26:41 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\useren
57827 7:26:41 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\USEREN
57828 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\WINDOWS\TEMP SUCCESS Attributes: D
57829 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\WINDOWS\TEMP SUCCESS Attributes: D
57830 7:26:41 PM IEXPLORE.EXE:2344 OPEN C:\autoexec.bat SUCCESS Options: Open Access: All
57831 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION C:\autoexec.bat SUCCESS Attributes: A
57832 7:26:41 PM IEXPLORE.EXE:2344 CLOSE C:\autoexec.bat SUCCESS
57833 7:26:41 PM IEXPLORE.EXE:2344 OPEN C:\autoexec.bat SUCCESS Options: Open Access: All
57834 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION C:\autoexec.bat SUCCESS Length: 0
57835 7:26:41 PM IEXPLORE.EXE:2344 READ C:\autoexec.bat SUCCESS Offset: 0 Length: 0
57836 7:26:41 PM IEXPLORE.EXE:2344 CLOSE C:\autoexec.bat SUCCESS
57837 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Local Settings\Temp SUCCESS Attributes: D
57838 7:26:41 PM IEXPLORE.EXE:2344 OPEN E:\ SUCCESS Options: Open Directory Access: All
57839 7:26:41 PM IEXPLORE.EXE:2344 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
57840 7:26:41 PM IEXPLORE.EXE:2344 CLOSE E:\ SUCCESS
57841 7:26:41 PM IEXPLORE.EXE:2344 OPEN E:\Documents and Settings\ SUCCESS Options: Open Directory Access: All
57842 7:26:41 PM IEXPLORE.EXE:2344 DIRECTORY E:\Documents and Settings\ SUCCESS FileBothDirectoryInformati
57843 7:26:41 PM IEXPLORE.EXE:2344 CLOSE E:\Documents and Settings\ SUCCESS
57844 7:26:41 PM IEXPLORE.EXE:2344 OPEN E:\Documents and Settings\User Name\ SUCCESS Options: Open Directory Access: All
57845 7:26:41 PM IEXPLORE.EXE:2344 DIRECTORY E:\Documents and Settings\User Name\ SUCCESS FileBothDirectoryInformati
57846 7:26:41 PM IEXPLORE.EXE:2344 CLOSE E:\Documents and Settings\User Name\ SUCCESS
57847 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Local Settings\Temp SUCCESS Attributes: D
57848 7:26:41 PM IEXPLORE.EXE:2344 OPEN E:\ SUCCESS Options: Open Directory Access: All
57849 7:26:41 PM IEXPLORE.EXE:2344 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
57850 7:26:41 PM IEXPLORE.EXE:2344 CLOSE E:\ SUCCESS
57851 7:26:41 PM IEXPLORE.EXE:2344 OPEN E:\Documents and Settings\ SUCCESS Options: Open Directory Access: All
57852 7:26:41 PM IEXPLORE.EXE:2344 DIRECTORY E:\Documents and Settings\ SUCCESS FileBothDirectoryInformati
57853 7:26:41 PM IEXPLORE.EXE:2344 CLOSE E:\Documents and Settings\ SUCCESS
57854 7:26:41 PM IEXPLORE.EXE:2344 OPEN E:\Documents and Settings\User Name\ SUCCESS Options: Open Directory Access: All
57855 7:26:41 PM IEXPLORE.EXE:2344 DIRECTORY E:\Documents and Settings\User Name\ SUCCESS FileBothDirectoryInformati
57856 7:26:41 PM IEXPLORE.EXE:2344 CLOSE E:\Documents and Settings\User Name\ SUCCESS
57857 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\All Users\Application Data SUCCESS Attributes: DRH
57858 7:26:41 PM IEXPLORE.EXE:2344 OPEN E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Con
57859 7:26:41 PM IEXPLORE.EXE:2344 DIRECTORY E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Con
57860 7:26:41 PM IEXPLORE.EXE:2344 OPEN E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Con
57861 7:26:41 PM IEXPLORE.EXE:2344 DIRECTORY E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Con
57862 7:26:41 PM IEXPLORE.EXE:2344 CLOSE E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Con
57863 7:26:41 PM IEXPLORE.EXE:2344 OPEN E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Con
57864 7:26:41 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Con
57865 7:26:41 PM IEXPLORE.EXE:2344 CLOSE E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Con
57866 7:26:41 PM IEXPLORE.EXE:2344 DIRECTORY E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Con
57867 7:26:41 PM IEXPLORE.EXE:2344 CLOSE E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Con
57868 7:26:41 PM IEXPLORE.EXE:2344 OPEN E:\WINDOWS\System32\Ras\ SUCCESS Options: Open Directory Access: All
57869 7:26:41 PM IEXPLORE.EXE:2344 DIRECTORY E:\WINDOWS\System32\Ras\ NO SUCH FILE FileBothDirectoryInformati
57870 7:26:41 PM IEXPLORE.EXE:2344 CLOSE E:\WINDOWS\System32\Ras\ SUCCESS
57871 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\WINDOWS\TEMP SUCCESS Attributes: D
57872 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\WINDOWS\TEMP SUCCESS Attributes: D
57873 7:26:41 PM IEXPLORE.EXE:2344 OPEN C:\autoexec.bat SUCCESS Options: Open Access: All
57874 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION C:\autoexec.bat SUCCESS Attributes: A
57875 7:26:41 PM IEXPLORE.EXE:2344 CLOSE C:\autoexec.bat SUCCESS
57876 7:26:41 PM IEXPLORE.EXE:2344 OPEN C:\autoexec.bat SUCCESS Options: Open Access: All
57877 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION C:\autoexec.bat SUCCESS Length: 0
57878 7:26:41 PM IEXPLORE.EXE:2344 READ C:\autoexec.bat SUCCESS Offset: 0 Length: 0
57879 7:26:41 PM IEXPLORE.EXE:2344 CLOSE C:\autoexec.bat SUCCESS
57880 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Local Settings\Temp SUCCESS Attributes: D
57881 7:26:41 PM IEXPLORE.EXE:2344 OPEN E:\ SUCCESS Options: Open Directory Access: All
57882 7:26:41 PM IEXPLORE.EXE:2344 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
57883 7:26:41 PM IEXPLORE.EXE:2344 CLOSE E:\ SUCCESS
57884 7:26:41 PM IEXPLORE.EXE:2344 OPEN E:\Documents and Settings\ SUCCESS Options: Open Directory Access: All
57885 7:26:41 PM IEXPLORE.EXE:2344 DIRECTORY E:\Documents and Settings\ SUCCESS FileBothDirectoryInformati
57886 7:26:41 PM IEXPLORE.EXE:2344 CLOSE E:\Documents and Settings\ SUCCESS
57887 7:26:41 PM IEXPLORE.EXE:2344 OPEN E:\Documents and Settings\User Name\ SUCCESS Options: Open Directory Access: All
57888 7:26:41 PM IEXPLORE.EXE:2344 DIRECTORY E:\Documents and Settings\User Name\ SUCCESS FileBothDirectoryInformati
57889 7:26:41 PM IEXPLORE.EXE:2344 CLOSE E:\Documents and Settings\User Name\ SUCCESS
57890 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Local Settings\Temp SUCCESS Attributes: D
57891 7:26:41 PM IEXPLORE.EXE:2344 OPEN E:\ SUCCESS Options: Open Directory Access: All
57892 7:26:41 PM IEXPLORE.EXE:2344 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
57893 7:26:41 PM IEXPLORE.EXE:2344 CLOSE E:\ SUCCESS
57894 7:26:41 PM IEXPLORE.EXE:2344 OPEN E:\Documents and Settings\ SUCCESS Options: Open Directory Access: All
57895 7:26:41 PM IEXPLORE.EXE:2344 DIRECTORY E:\Documents and Settings\ SUCCESS FileBothDirectoryInformati
57896 7:26:41 PM IEXPLORE.EXE:2344 CLOSE E:\Documents and Settings\ SUCCESS
57897 7:26:41 PM IEXPLORE.EXE:2344 OPEN E:\Documents and Settings\User Name\ SUCCESS Options: Open Directory Access: All
57898 7:26:41 PM IEXPLORE.EXE:2344 DIRECTORY E:\Documents and Settings\User Name\ SUCCESS FileBothDirectoryInformati
57899 7:26:41 PM IEXPLORE.EXE:2344 CLOSE E:\Documents and Settings\User Name\ SUCCESS
57900 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Application Data SUCCESS Attributes: DA
57901 7:26:41 PM IEXPLORE.EXE:2344 OPEN E:\Documents and Settings\User Name\Application Data\Microsoft\Network\Con
57902 7:26:41 PM IEXPLORE.EXE:2344 SET INFORMATION E:\Documents and Settings\User Name\NTUSER.DAT.LOG SUCCESS Length: 8192
57903 7:26:41 PM IEXPLORE.EXE:2344 SET INFORMATION E:\Documents and Settings\User Name\NTUSER.DAT.LOG SUCCESS Length: 8192
57904 7:26:41 PM IEXPLORE.EXE:2344 SET INFORMATION E:\Documents and Settings\User Name\NTUSER.DAT.LOG SUCCESS Length: 16384
57905 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57906 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57907 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Cookies\index.dat SUCCESS Length: 262144
57908 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Cookies\index.dat SUCCESS Length: 262144
57909 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Cookies\index.dat SUCCESS Length: 262144
57910 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57911 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\WINDOWS\System32\mswsoc
57912 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Program Files\Internet Explorer\DNSAPI.dll FILE NOT FOUND Attributes: Error
57913 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\DNSAPI.dll FILE NOT FOUND Attributes: Error
57914 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\WINDOWS\System32\DNSAPI
57915 7:26:41 PM IEXPLORE.EXE:2344 OPEN E:\WINDOWS\System32\DNSAPI
57916 7:26:41 PM IEXPLORE.EXE:2344 CLOSE E:\WINDOWS\System32\DNSAPI
57917 7:26:41 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\dnsapi
57918 7:26:41 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\DNSAPI
57919 7:26:41 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57920 7:26:41 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57921 7:26:41 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57922 7:26:41 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57923 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\WINDOWS\System32\winrnr
57924 7:26:41 PM IEXPLORE.EXE:2344 OPEN E:\WINDOWS\System32\winrnr
57925 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\WINDOWS\System32\winrnr
57926 7:26:41 PM IEXPLORE.EXE:2344 CLOSE E:\WINDOWS\System32\winrnr
57927 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\WINDOWS\System32\winrnr
57928 7:26:41 PM IEXPLORE.EXE:2344 OPEN E:\WINDOWS\System32\winrnr
57929 7:26:41 PM IEXPLORE.EXE:2344 CLOSE E:\WINDOWS\System32\winrnr
57930 7:26:41 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\winrnr
57931 7:26:41 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\WINRNR
57932 7:26:41 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\wldap3
57933 7:26:41 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\WLDAP3
57934 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\WINDOWS\System32\mswsoc
57935 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Program Files\Internet Explorer\rasadhlp.dll FILE NOT FOUND Attributes: Error
57936 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\rasadhlp.dll FILE NOT FOUND Attributes: Error
57937 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\WINDOWS\System32\rasadh
57938 7:26:41 PM IEXPLORE.EXE:2344 OPEN E:\WINDOWS\System32\rasadh
57939 7:26:41 PM IEXPLORE.EXE:2344 CLOSE E:\WINDOWS\System32\rasadh
57940 7:26:41 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\rasadh
57941 7:26:41 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\RASADH
57942 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\WINDOWS\system32\mswsoc
57943 7:26:41 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\mswsoc
57944 7:26:42 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57945 7:26:42 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57946 7:26:42 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57947 7:26:42 PM IEXPLORE.EXE:2344 CREATE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57948 7:26:42 PM explorer.exe:3188 DIRECTORY E:\Documents and Settings\User Name\Desktop NOTIFY ENUM DIR Change Notify
57949 7:26:42 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57950 7:26:42 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57951 7:26:42 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57952 7:26:42 PM IEXPLORE.EXE:2344 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57953 7:26:42 PM mcshield.exe:1336 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57954 7:26:42 PM mcshield.exe:1336 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57955 7:26:42 PM mcshield.exe:1336 SET INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57956 7:26:42 PM mcshield.exe:1336 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57957 7:26:42 PM mcshield.exe:1336 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57958 7:26:42 PM mcshield.exe:1336 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57959 7:26:42 PM mcshield.exe:1336 SET INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57960 7:26:42 PM mcshield.exe:1336 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57961 7:26:42 PM mcshield.exe:1336 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57962 7:26:42 PM mcshield.exe:1336 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57963 7:26:42 PM mcshield.exe:1336 SET INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57964 7:26:42 PM mcshield.exe:1336 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57965 7:26:42 PM mcshield.exe:1336 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57966 7:26:42 PM mcshield.exe:1336 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57967 7:26:42 PM mcshield.exe:1336 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57968 7:26:42 PM mcshield.exe:1336 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57969 7:26:42 PM mcshield.exe:1336 SET INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57970 7:26:42 PM mcshield.exe:1336 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57971 7:26:42 PM mcshield.exe:1336 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57972 7:26:42 PM IEXPLORE.EXE:2344 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57973 7:26:42 PM mcshield.exe:1336 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57974 7:26:42 PM mcshield.exe:1336 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57975 7:26:42 PM mcshield.exe:1336 SET INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57976 7:26:42 PM mcshield.exe:1336 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57977 7:26:42 PM mcshield.exe:1336 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57978 7:26:42 PM mcshield.exe:1336 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57979 7:26:42 PM mcshield.exe:1336 SET INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57980 7:26:42 PM mcshield.exe:1336 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57981 7:26:42 PM mcshield.exe:1336 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57982 7:26:42 PM mcshield.exe:1336 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57983 7:26:42 PM mcshield.exe:1336 SET INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57984 7:26:42 PM mcshield.exe:1336 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57985 7:26:42 PM mcshield.exe:1336 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57986 7:26:42 PM mcshield.exe:1336 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57987 7:26:42 PM mcshield.exe:1336 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57988 7:26:42 PM mcshield.exe:1336 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57989 7:26:42 PM mcshield.exe:1336 SET INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57990 7:26:42 PM mcshield.exe:1336 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57991 7:26:42 PM mcshield.exe:1336 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57992 7:26:42 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57993 7:26:42 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57994 7:26:42 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57995 7:26:42 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57996 7:26:42 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57997 7:26:42 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57998 7:26:42 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57999 7:26:42 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58000 7:26:42 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58001 7:26:42 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58002 7:26:42 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58003 7:26:43 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58004 7:26:43 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58005 7:26:43 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58006 7:26:43 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58007 7:26:43 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58008 7:26:43 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58009 7:26:43 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58010 7:26:43 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58011 7:26:43 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58012 7:26:43 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58013 7:26:43 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58014 7:26:43 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58015 7:26:43 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\ SUCCESS Options: Open Directory Access: All
58016 7:26:43 PM explorer.exe:3188 DIRECTORY E:\Documents and Settings\User Name\Desktop\ SUCCESS FileBothDirectoryInformati
58017 7:26:43 PM explorer.exe:3188 OPEN E:\Documents and Settings\All Users\Desktop\ SUCCESS Options: Open Directory Access: All
58018 7:26:43 PM explorer.exe:3188 DIRECTORY E:\Documents and Settings\All Users\Desktop\ SUCCESS FileBothDirectoryInformati
58019 7:26:43 PM explorer.exe:3188 DIRECTORY E:\Documents and Settings\User Name\Desktop\ SUCCESS FileBothDirectoryInformati
58020 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Exercise\desk
58021 7:26:43 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\Exercise\desk
58022 7:26:43 PM explorer.exe:3188 LOCK E:\Documents and Settings\User Name\Desktop\Exercise\desk
58023 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Exercise\desk
58024 7:26:43 PM explorer.exe:3188 READ E:\Documents and Settings\User Name\Desktop\Exercise\desk
58025 7:26:43 PM explorer.exe:3188 UNLOCK E:\Documents and Settings\User Name\Desktop\Exercise\desk
58026 7:26:43 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\Exercise\desk
58027 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Exercise\desk
58028 7:26:43 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\Exercise\desk
58029 7:26:43 PM explorer.exe:3188 LOCK E:\Documents and Settings\User Name\Desktop\Exercise\desk
58030 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Exercise\desk
58031 7:26:43 PM explorer.exe:3188 READ E:\Documents and Settings\User Name\Desktop\Exercise\desk
58032 7:26:43 PM explorer.exe:3188 UNLOCK E:\Documents and Settings\User Name\Desktop\Exercise\desk
58033 7:26:43 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\Exercise\desk
58034 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Exercise\desk
58035 7:26:43 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\Exercise\desk
58036 7:26:43 PM explorer.exe:3188 LOCK E:\Documents and Settings\User Name\Desktop\Exercise\desk
58037 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Exercise\desk
58038 7:26:43 PM explorer.exe:3188 READ E:\Documents and Settings\User Name\Desktop\Exercise\desk
58039 7:26:43 PM explorer.exe:3188 UNLOCK E:\Documents and Settings\User Name\Desktop\Exercise\desk
58040 7:26:43 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\Exercise\desk
58041 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Exercise\desk
58042 7:26:43 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\Exercise\desk
58043 7:26:43 PM explorer.exe:3188 LOCK E:\Documents and Settings\User Name\Desktop\Exercise\desk
58044 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Exercise\desk
58045 7:26:43 PM explorer.exe:3188 READ E:\Documents and Settings\User Name\Desktop\Exercise\desk
58046 7:26:43 PM explorer.exe:3188 UNLOCK E:\Documents and Settings\User Name\Desktop\Exercise\desk
58047 7:26:43 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\Exercise\desk
58048 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Exercise\desk
58049 7:26:43 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\Exercise\desk
58050 7:26:43 PM explorer.exe:3188 LOCK E:\Documents and Settings\User Name\Desktop\Exercise\desk
58051 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Exercise\desk
58052 7:26:43 PM explorer.exe:3188 READ E:\Documents and Settings\User Name\Desktop\Exercise\desk
58053 7:26:43 PM explorer.exe:3188 UNLOCK E:\Documents and Settings\User Name\Desktop\Exercise\desk
58054 7:26:43 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\Exercise\desk
58055 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58056 7:26:43 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58057 7:26:43 PM explorer.exe:3188 LOCK E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58058 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58059 7:26:43 PM explorer.exe:3188 READ E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58060 7:26:43 PM explorer.exe:3188 UNLOCK E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58061 7:26:43 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58062 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58063 7:26:43 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58064 7:26:43 PM explorer.exe:3188 LOCK E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58065 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58066 7:26:43 PM explorer.exe:3188 READ E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58067 7:26:43 PM explorer.exe:3188 UNLOCK E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58068 7:26:43 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58069 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58070 7:26:43 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58071 7:26:43 PM explorer.exe:3188 LOCK E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58072 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58073 7:26:43 PM explorer.exe:3188 READ E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58074 7:26:43 PM explorer.exe:3188 UNLOCK E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58075 7:26:43 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58076 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58077 7:26:43 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58078 7:26:43 PM explorer.exe:3188 LOCK E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58079 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58080 7:26:43 PM explorer.exe:3188 READ E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58081 7:26:43 PM explorer.exe:3188 UNLOCK E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58082 7:26:43 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58083 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58084 7:26:43 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58085 7:26:43 PM explorer.exe:3188 LOCK E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58086 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58087 7:26:43 PM explorer.exe:3188 READ E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58088 7:26:43 PM explorer.exe:3188 UNLOCK E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58089 7:26:43 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58090 7:26:43 PM explorer.exe:3188 DIRECTORY E:\Documents and Settings\User Name\Desktop\ NO MORE FILES FileBothDirectoryInformati
58091 7:26:43 PM explorer.exe:3188 DIRECTORY E:\Documents and Settings\All Users\Desktop\ SUCCESS FileBothDirectoryInformati
58092 7:26:43 PM explorer.exe:3188 DIRECTORY E:\Documents and Settings\All Users\Desktop\ NO MORE FILES FileBothDirectoryInformati
58093 7:26:43 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\ SUCCESS
58094 7:26:43 PM explorer.exe:3188 CLOSE E:\Documents and Settings\All Users\Desktop\ SUCCESS
58095 7:26:43 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58096 7:26:43 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58097 7:26:43 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58098 7:26:43 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58099 7:26:43 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58100 7:26:43 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58101 7:26:43 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58102 7:26:43 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58103 7:26:43 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58104 7:26:43 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58105 7:26:43 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58106 7:26:43 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58107 7:26:43 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58108 7:26:43 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58109 7:26:43 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58110 7:26:43 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58111 7:26:43 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58112 7:26:43 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58113 7:26:43 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58114 7:26:43 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58115 7:26:43 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58116 7:26:43 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58117 7:26:43 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
58118 7:26:43 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
58119 7:26:43 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
58120 7:26:43 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
58121 7:26:43 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58122 7:26:43 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58123 7:26:43 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58124 7:26:43 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58125 7:26:43 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58126 7:26:43 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58127 7:26:43 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58128 7:26:43 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58129 7:26:43 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58130 7:26:43 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58131 7:26:43 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58132 7:26:43 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58133 7:26:43 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58134 7:26:43 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58135 7:26:43 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58136 7:26:43 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58137 7:26:43 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\WINDOWS\system32\rpcss.
58138 7:26:43 PM IEXPLORE.EXE:2344 OPEN E:\WINDOWS\system32\rpcss.
58139 7:26:43 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\WINDOWS\system32\rpcss.
58140 7:26:43 PM IEXPLORE.EXE:2344 CLOSE E:\WINDOWS\system32\rpcss.
58141 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\WINDOWS\system32\rpcss.
58142 7:26:43 PM explorer.exe:3188 OPEN E:\WINDOWS\system32\rpcss.
58143 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\WINDOWS\system32\rpcss.
58144 7:26:43 PM explorer.exe:3188 CLOSE E:\WINDOWS\system32\rpcss.
58145 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk SUCCESS Attributes: DR
58146 7:26:43 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58147 7:26:43 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58148 7:26:43 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58149 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\WINDOWS\system32\rpcss.
58150 7:26:43 PM explorer.exe:3188 OPEN E:\WINDOWS\system32\rpcss.
58151 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\WINDOWS\system32\rpcss.
58152 7:26:43 PM explorer.exe:3188 CLOSE E:\WINDOWS\system32\rpcss.
58153 7:26:43 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\ SUCCESS Options: Open Directory Access: All
58154 7:26:43 PM explorer.exe:3188 DIRECTORY E:\Documents and Settings\User Name\Desktop\ SUCCESS FileBothDirectoryInformati
58155 7:26:43 PM explorer.exe:3188 DIRECTORY E:\Documents and Settings\User Name\Desktop\ SUCCESS FileBothDirectoryInformati
58156 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Exercise\desk
58157 7:26:43 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\Exercise\desk
58158 7:26:43 PM explorer.exe:3188 LOCK E:\Documents and Settings\User Name\Desktop\Exercise\desk
58159 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Exercise\desk
58160 7:26:43 PM explorer.exe:3188 READ E:\Documents and Settings\User Name\Desktop\Exercise\desk
58161 7:26:43 PM explorer.exe:3188 UNLOCK E:\Documents and Settings\User Name\Desktop\Exercise\desk
58162 7:26:43 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\Exercise\desk
58163 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Exercise\desk
58164 7:26:43 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\Exercise\desk
58165 7:26:43 PM explorer.exe:3188 LOCK E:\Documents and Settings\User Name\Desktop\Exercise\desk
58166 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Exercise\desk
58167 7:26:43 PM explorer.exe:3188 READ E:\Documents and Settings\User Name\Desktop\Exercise\desk
58168 7:26:43 PM explorer.exe:3188 UNLOCK E:\Documents and Settings\User Name\Desktop\Exercise\desk
58169 7:26:43 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\Exercise\desk
58170 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Exercise\desk
58171 7:26:43 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\Exercise\desk
58172 7:26:43 PM explorer.exe:3188 LOCK E:\Documents and Settings\User Name\Desktop\Exercise\desk
58173 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Exercise\desk
58174 7:26:43 PM explorer.exe:3188 READ E:\Documents and Settings\User Name\Desktop\Exercise\desk
58175 7:26:43 PM explorer.exe:3188 UNLOCK E:\Documents and Settings\User Name\Desktop\Exercise\desk
58176 7:26:43 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\Exercise\desk
58177 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Exercise\desk
58178 7:26:43 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\Exercise\desk
58179 7:26:43 PM explorer.exe:3188 LOCK E:\Documents and Settings\User Name\Desktop\Exercise\desk
58180 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Exercise\desk
58181 7:26:43 PM explorer.exe:3188 READ E:\Documents and Settings\User Name\Desktop\Exercise\desk
58182 7:26:43 PM explorer.exe:3188 UNLOCK E:\Documents and Settings\User Name\Desktop\Exercise\desk
58183 7:26:43 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\Exercise\desk
58184 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Exercise\desk
58185 7:26:43 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\Exercise\desk
58186 7:26:43 PM explorer.exe:3188 LOCK E:\Documents and Settings\User Name\Desktop\Exercise\desk
58187 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Exercise\desk
58188 7:26:43 PM explorer.exe:3188 READ E:\Documents and Settings\User Name\Desktop\Exercise\desk
58189 7:26:43 PM explorer.exe:3188 UNLOCK E:\Documents and Settings\User Name\Desktop\Exercise\desk
58190 7:26:43 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\Exercise\desk
58191 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58192 7:26:43 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58193 7:26:43 PM explorer.exe:3188 LOCK E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58194 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58195 7:26:43 PM explorer.exe:3188 READ E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58196 7:26:43 PM explorer.exe:3188 UNLOCK E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58197 7:26:43 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58198 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58199 7:26:43 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58200 7:26:43 PM explorer.exe:3188 LOCK E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58201 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58202 7:26:43 PM explorer.exe:3188 READ E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58203 7:26:43 PM explorer.exe:3188 UNLOCK E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58204 7:26:43 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58205 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58206 7:26:43 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58207 7:26:43 PM explorer.exe:3188 LOCK E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58208 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58209 7:26:43 PM explorer.exe:3188 READ E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58210 7:26:43 PM explorer.exe:3188 UNLOCK E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58211 7:26:43 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58212 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58213 7:26:43 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58214 7:26:43 PM explorer.exe:3188 LOCK E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58215 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58216 7:26:43 PM explorer.exe:3188 READ E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58217 7:26:43 PM explorer.exe:3188 UNLOCK E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58218 7:26:43 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58219 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58220 7:26:43 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58221 7:26:43 PM explorer.exe:3188 LOCK E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58222 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58223 7:26:43 PM explorer.exe:3188 READ E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58224 7:26:43 PM explorer.exe:3188 UNLOCK E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58225 7:26:43 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58226 7:26:43 PM explorer.exe:3188 DIRECTORY E:\Documents and Settings\User Name\Desktop\ NO MORE FILES FileBothDirectoryInformati
58227 7:26:43 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\ SUCCESS
58228 7:26:44 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58229 7:26:44 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58230 7:26:44 PM explorer.exe:3188 QUERY INFORMATION E:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Paint Shop Pro.exe SUCCESS Attributes: A
58231 7:26:44 PM explorer.exe:3188 QUERY INFORMATION E:\Program Files\Jasc Software Inc\Animation Shop 3\anim.exe SUCCESS Attributes: A
58232 7:26:44 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58233 7:26:44 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58234 7:26:44 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58235 7:26:44 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58236 7:26:44 PM explorer.exe:3188 QUERY INFORMATION E:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Paint Shop Pro.exe SUCCESS Attributes: A
58237 7:26:44 PM explorer.exe:3188 QUERY INFORMATION E:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe SUCCESS Attributes: A
58238 7:26:44 PM explorer.exe:3188 QUERY INFORMATION E:\Program Files\SmartFTP\SmartFTP.exe SUCCESS Attributes: A
58239 7:26:44 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58240 7:26:44 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58241 7:26:44 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58242 7:26:44 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58243 7:26:44 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58244 7:26:44 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58245 7:26:44 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58246 7:26:44 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58247 7:26:44 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58248 7:26:44 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58249 7:26:44 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58250 7:26:44 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58251 7:26:44 PM IEXPLORE.EXE:2344 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58252 7:26:44 PM mcshield.exe:1336 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58253 7:26:44 PM mcshield.exe:1336 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58254 7:26:44 PM mcshield.exe:1336 SET INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58255 7:26:44 PM mcshield.exe:1336 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58256 7:26:44 PM mcshield.exe:1336 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58257 7:26:44 PM mcshield.exe:1336 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58258 7:26:44 PM mcshield.exe:1336 SET INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58259 7:26:44 PM mcshield.exe:1336 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58260 7:26:44 PM mcshield.exe:1336 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58261 7:26:44 PM mcshield.exe:1336 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58262 7:26:44 PM mcshield.exe:1336 SET INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58263 7:26:44 PM mcshield.exe:1336 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58264 7:26:44 PM mcshield.exe:1336 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58265 7:26:44 PM mcshield.exe:1336 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58266 7:26:44 PM mcshield.exe:1336 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58267 7:26:44 PM mcshield.exe:1336 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58268 7:26:44 PM mcshield.exe:1336 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58269 7:26:44 PM mcshield.exe:1336 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58270 7:26:44 PM mcshield.exe:1336 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58271 7:26:44 PM mcshield.exe:1336 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58272 7:26:44 PM mcshield.exe:1336 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58273 7:26:44 PM mcshield.exe:1336 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58274 7:26:44 PM mcshield.exe:1336 SET INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58275 7:26:44 PM mcshield.exe:1336 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58276 7:26:44 PM mcshield.exe:1336 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58277 7:26:44 PM explorer.exe:3188 DIRECTORY E:\Documents and Settings\User Name\Desktop NOTIFY ENUM DIR Change Notify
58278 7:26:44 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
58279 7:26:44 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
58280 7:26:44 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
58281 7:26:44 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
58282 7:26:44 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58283 7:26:44 PM IEXPLORE.EXE:2344 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58284 7:26:44 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
58285 7:26:44 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
58286 7:26:44 PM IEXPLORE.EXE:2344 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58287 7:26:44 PM IEXPLORE.EXE:2344 READ E:\WINDOWS\system32\kernel
58288 7:26:44 PM explorer.exe:3188 QUERY INFORMATION E:\Program Files\PBStudio3\PBStudio3.
58289 7:26:44 PM IEXPLORE.EXE:2344 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58290 7:26:44 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58291 7:26:44 PM IEXPLORE.EXE:2344 WRITE E:\$ConvertToNonresident SUCCESS Offset: 77824 Length: 65536
58292 7:26:44 PM IEXPLORE.EXE:2344 WRITE E:\$ConvertToNonresident SUCCESS Offset: 143360 Length: 53248
58293 7:26:44 PM IEXPLORE.EXE:2344 WRITE E:\$ConvertToNonresident SUCCESS Offset: 77824 Length: 65536
58294 7:26:44 PM IEXPLORE.EXE:2344 WRITE E:\$ConvertToNonresident SUCCESS Offset: 143360 Length: 53248
58295 7:26:44 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\WINDOWS\system32\Apphel
58296 7:26:44 PM IEXPLORE.EXE:2344 OPEN E:\WINDOWS\AppPatch\sysmai
58297 7:26:44 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\WINDOWS\AppPatch\sysmai
58298 7:26:44 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\WINDOWS\AppPatch\sysmai
58299 7:26:44 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\WINDOWS\AppPatch\sysmai
58300 7:26:44 PM IEXPLORE.EXE:2344 OPEN E:\WINDOWS\AppPatch\systes
58301 7:26:44 PM IEXPLORE.EXE:2344 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58302 7:26:44 PM IEXPLORE.EXE:2344 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58303 7:26:44 PM IEXPLORE.EXE:2344 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58304 7:26:44 PM explorer.exe:3188 DIRECTORY E:\Documents and Settings\User Name\Desktop NOTIFY ENUM DIR Change Notify
58305 7:26:44 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58306 7:26:44 PM IEXPLORE.EXE:2344 OPEN E:\Documents and Settings\User Name\ SUCCESS Options: Open Directory Access: All
58307 7:26:44 PM IEXPLORE.EXE:2344 DIRECTORY E:\Documents and Settings\User Name\ SUCCESS FileBothDirectoryInformati
58308 7:26:44 PM IEXPLORE.EXE:2344 CLOSE E:\Documents and Settings\User Name\ SUCCESS
58309 7:26:44 PM IEXPLORE.EXE:2344 OPEN E:\Documents and Settings\User Name\Desktop\ SUCCESS Options: Open Directory Access: All
58310 7:26:44 PM IEXPLORE.EXE:2344 DIRECTORY E:\Documents and Settings\User Name\Desktop\ SUCCESS FileBothDirectoryInformati
58311 7:26:44 PM IEXPLORE.EXE:2344 CLOSE E:\Documents and Settings\User Name\Desktop\ SUCCESS
58312 7:26:44 PM IEXPLORE.EXE:2344 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\ SUCCESS Options: Open Directory Access: All
58313 7:26:44 PM IEXPLORE.EXE:2344 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\ SUCCESS FileBothDirectoryInformati
58314 7:26:44 PM IEXPLORE.EXE:2344 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\ SUCCESS
58315 7:26:44 PM IEXPLORE.EXE:2344 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\ SUCCESS Options: Open Directory Access: All
58316 7:26:44 PM IEXPLORE.EXE:2344 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\ SUCCESS FileBothDirectoryInformati
58317 7:26:44 PM IEXPLORE.EXE:2344 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\ SUCCESS
58318 7:26:44 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58319 7:26:44 PM IEXPLORE.EXE:2344 OPEN E:\Documents and Settings\User Name\ SUCCESS Options: Open Directory Access: All
58320 7:26:44 PM IEXPLORE.EXE:2344 DIRECTORY E:\Documents and Settings\User Name\ SUCCESS FileBothDirectoryInformati
58321 7:26:44 PM IEXPLORE.EXE:2344 CLOSE E:\Documents and Settings\User Name\ SUCCESS
58322 7:26:44 PM IEXPLORE.EXE:2344 OPEN E:\Documents and Settings\User Name\Desktop\ SUCCESS Options: Open Directory Access: All
58323 7:26:44 PM IEXPLORE.EXE:2344 DIRECTORY E:\Documents and Settings\User Name\Desktop\ SUCCESS FileBothDirectoryInformati
58324 7:26:44 PM IEXPLORE.EXE:2344 CLOSE E:\Documents and Settings\User Name\Desktop\ SUCCESS
58325 7:26:44 PM IEXPLORE.EXE:2344 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\ SUCCESS Options: Open Directory Access: All
58326 7:26:44 PM IEXPLORE.EXE:2344 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\ SUCCESS FileBothDirectoryInformati
58327 7:26:44 PM IEXPLORE.EXE:2344 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\ SUCCESS
58328 7:26:44 PM IEXPLORE.EXE:2344 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\ SUCCESS Options: Open Directory Access: All
58329 7:26:44 PM IEXPLORE.EXE:2344 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\ SUCCESS FileBothDirectoryInformati
58330 7:26:44 PM IEXPLORE.EXE:2344 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\ SUCCESS
58331 7:26:44 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58332 7:26:44 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58333 7:26:44 PM IEXPLORE.EXE:2344 CLOSE E:\WINDOWS\AppPatch\sysmai
58334 7:26:44 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58335 7:26:44 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58336 7:26:44 PM IEXPLORE.EXE:2344 OPEN E:\Documents and Settings\User Name\ SUCCESS Options: Open Directory Access: All
58337 7:26:44 PM IEXPLORE.EXE:2344 DIRECTORY E:\Documents and Settings\User Name\ SUCCESS FileBothDirectoryInformati
58338 7:26:44 PM IEXPLORE.EXE:2344 CLOSE E:\Documents and Settings\User Name\ SUCCESS
58339 7:26:44 PM IEXPLORE.EXE:2344 OPEN E:\Documents and Settings\User Name\Desktop\ SUCCESS Options: Open Directory Access: All
58340 7:26:44 PM IEXPLORE.EXE:2344 DIRECTORY E:\Documents and Settings\User Name\Desktop\ SUCCESS FileBothDirectoryInformati
58341 7:26:44 PM IEXPLORE.EXE:2344 CLOSE E:\Documents and Settings\User Name\Desktop\ SUCCESS
58342 7:26:44 PM IEXPLORE.EXE:2344 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\ SUCCESS Options: Open Directory Access: All
58343 7:26:44 PM IEXPLORE.EXE:2344 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\ SUCCESS FileBothDirectoryInformati
58344 7:26:44 PM IEXPLORE.EXE:2344 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\ SUCCESS
58345 7:26:44 PM IEXPLORE.EXE:2344 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\ SUCCESS Options: Open Directory Access: All
58346 7:26:44 PM IEXPLORE.EXE:2344 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\ SUCCESS FileBothDirectoryInformati
58347 7:26:44 PM IEXPLORE.EXE:2344 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\ SUCCESS
58348 7:26:44 PM IEXPLORE.EXE:2344 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58349 7:26:44 PM access[1].exe:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58350 7:26:44 PM vsmon.exe:3948 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58351 7:26:44 PM vsmon.exe:3948 OPEN E:\Documents and Settings\User Name\ SUCCESS Options: Open Directory Access: All
58352 7:26:44 PM vsmon.exe:3948 DIRECTORY E:\Documents and Settings\User Name\ SUCCESS FileBothDirectoryInformati
58353 7:26:44 PM vsmon.exe:3948 CLOSE E:\Documents and Settings\User Name\ SUCCESS
58354 7:26:44 PM vsmon.exe:3948 OPEN E:\Documents and Settings\User Name\Desktop\ SUCCESS Options: Open Directory Access: All
58355 7:26:44 PM vsmon.exe:3948 DIRECTORY E:\Documents and Settings\User Name\Desktop\ SUCCESS FileBothDirectoryInformati
58356 7:26:44 PM vsmon.exe:3948 CLOSE E:\Documents and Settings\User Name\Desktop\ SUCCESS
58357 7:26:44 PM vsmon.exe:3948 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\ SUCCESS Options: Open Directory Access: All
58358 7:26:44 PM vsmon.exe:3948 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\ SUCCESS FileBothDirectoryInformati
58359 7:26:44 PM vsmon.exe:3948 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\ SUCCESS
58360 7:26:44 PM vsmon.exe:3948 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\ SUCCESS Options: Open Directory Access: All
58361 7:26:44 PM vsmon.exe:3948 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\ SUCCESS FileBothDirectoryInformati
58362 7:26:44 PM vsmon.exe:3948 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\ SUCCESS
58363 7:26:44 PM IEXPLORE.EXE:2344 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58364 7:26:44 PM access[1].exe:2872 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58365 7:26:44 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\NTDLL.
58366 7:26:44 PM access[1].exe:2872 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58367 7:26:44 PM access[1].exe:2872 OPEN E:\WINDOWS\Prefetch\ACCESS
58368 7:26:44 PM access[1].exe:2872 OPEN E:\Documents and Settings\User Name\Desktop\ SUCCESS Options: Open Directory Access: Traverse
58369 7:26:44 PM access[1].exe:2872 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58370 7:26:44 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\kernel
58371 7:26:44 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\KERNEL
58372 7:26:44 PM access[1].exe:2872 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58373 7:26:44 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\advapi
58374 7:26:44 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\ADVAPI
58375 7:26:44 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\rpcrt4
58376 7:26:44 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\RPCRT4
58377 7:26:44 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\shell3
58378 7:26:44 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\SHELL3
58379 7:26:44 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\msvcrt
58380 7:26:44 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\MSVCRT
58381 7:26:44 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\gdi32.
58382 7:26:44 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\GDI32.
58383 7:26:44 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\user32
58384 7:26:44 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\USER32
58385 7:26:44 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\shlwap
58386 7:26:44 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\SHLWAP
58387 7:26:44 PM access[1].exe:2872 OPEN E:\WINDOWS\system32\SHELL3
58388 7:26:44 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\system32\SHELL3
58389 7:26:44 PM access[1].exe:2872 OPEN E:\WINDOWS\system32\SHELL3
58390 7:26:44 PM access[1].exe:2872 OPEN E:\WINDOWS\system32\SHELL3
58391 7:26:44 PM csrss.exe:480 OPEN E:\WINDOWS\WinSxS\Policies
58392 7:26:44 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\system32\en-US FILE NOT FOUND Attributes: Error
58393 7:26:44 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\system32\en FILE NOT FOUND Attributes: Error
58394 7:26:44 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\system32\ SUCCESS Attributes: D
58395 7:26:44 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\system32\ SUCCESS Attributes: D
58396 7:26:44 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\WinSxS\Manifest
58397 7:26:44 PM csrss.exe:480 OPEN E:\WINDOWS\WinSxS\Policies
58398 7:26:44 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\WinSxS\Manifest
58399 7:26:44 PM csrss.exe:480 OPEN E:\WINDOWS\WinSxS\Policies
58400 7:26:44 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\WinSxS\Manifest
58401 7:26:44 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\WinSxS\Manifest
58402 7:26:44 PM csrss.exe:480 OPEN E:\WINDOWS\WinSxS\Policies
58403 7:26:44 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\WinSxS\Manifest
58404 7:26:44 PM csrss.exe:480 OPEN E:\WINDOWS\WinSxS\Policies
58405 7:26:44 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\WinSxS\Manifest
58406 7:26:44 PM csrss.exe:480 OPEN E:\WINDOWS\WinSxS\Manifest
58407 7:26:44 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\WinSxS\Manifest
58408 7:26:44 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\WinSxS\Manifest
58409 7:26:44 PM csrss.exe:480 READ E:\WINDOWS\WinSxS\Manifest
58410 7:26:44 PM csrss.exe:480 READ E:\WINDOWS\WinSxS\Manifest
58411 7:26:44 PM csrss.exe:480 CLOSE E:\WINDOWS\WinSxS\Manifest
58412 7:26:44 PM access[1].exe:2872 CLOSE E:\WINDOWS\system32\SHELL3
58413 7:26:44 PM access[1].exe:2872 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58414 7:26:44 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\WinSxS\x86_Micr
58415 7:26:44 PM access[1].exe:2872 OPEN E:\WINDOWS\WinSxS\x86_Micr
58416 7:26:44 PM access[1].exe:2872 OPEN E:\WINDOWS\WinSxS\x86_Micr
58417 7:26:44 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\WinSxS\x86_Micr
58418 7:26:44 PM access[1].exe:2872 CLOSE E:\WINDOWS\WinSxS\x86_Micr
58419 7:26:44 PM access[1].exe:2872 OPEN E:\WINDOWS\WinSxS\x86_Micr
58420 7:26:44 PM access[1].exe:2872 CLOSE E:\WINDOWS\WinSxS\x86_Micr
58421 7:26:44 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\WinSxS\x86_Micr
58422 7:26:44 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\WINSXS\X86_MICR
58423 7:26:44 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\WindowsShell.Ma
58424 7:26:44 PM access[1].exe:2872 OPEN E:\WINDOWS\WindowsShell.Ma
58425 7:26:44 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\WindowsShell.Ma
58426 7:26:44 PM access[1].exe:2872 CLOSE E:\WINDOWS\WindowsShell.Ma
58427 7:26:44 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\WindowsShell.Ma
58428 7:26:44 PM access[1].exe:2872 OPEN E:\WINDOWS\WindowsShell.Ma
58429 7:26:44 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\WindowsShell.Ma
58430 7:26:44 PM access[1].exe:2872 CLOSE E:\WINDOWS\WindowsShell.Ma
58431 7:26:44 PM access[1].exe:2872 OPEN E:\WINDOWS\WindowsShell.Ma
58432 7:26:44 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\WindowsShell.Ma
58433 7:26:44 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\WindowsShell.Ma
58434 7:26:44 PM access[1].exe:2872 OPEN E:\WINDOWS\WindowsShell.Co
58435 7:26:44 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\WindowsShell.Ma
58436 7:26:44 PM csrss.exe:480 OPEN E:\WINDOWS\WinSxS\Policies
58437 7:26:44 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\en-US FILE NOT FOUND Attributes: Error
58438 7:26:44 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\en FILE NOT FOUND Attributes: Error
58439 7:26:44 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\ SUCCESS Attributes: D
58440 7:26:44 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\ SUCCESS Attributes: D
58441 7:26:44 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\WinSxS\Manifest
58442 7:26:44 PM csrss.exe:480 OPEN E:\WINDOWS\WinSxS\Policies
58443 7:26:44 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\WinSxS\Manifest
58444 7:26:44 PM csrss.exe:480 OPEN E:\WINDOWS\WinSxS\Policies
58445 7:26:44 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\WinSxS\Manifest
58446 7:26:44 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\WinSxS\Manifest
58447 7:26:44 PM csrss.exe:480 OPEN E:\WINDOWS\WinSxS\Policies
58448 7:26:44 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\WinSxS\Manifest
58449 7:26:44 PM csrss.exe:480 OPEN E:\WINDOWS\WinSxS\Policies
58450 7:26:44 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\WinSxS\Manifest
58451 7:26:44 PM csrss.exe:480 OPEN E:\WINDOWS\WinSxS\Manifest
58452 7:26:44 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\WinSxS\Manifest
58453 7:26:44 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\WinSxS\Manifest
58454 7:26:44 PM csrss.exe:480 READ E:\WINDOWS\WinSxS\Manifest
58455 7:26:44 PM csrss.exe:480 READ E:\WINDOWS\WinSxS\Manifest
58456 7:26:44 PM csrss.exe:480 CLOSE E:\WINDOWS\WinSxS\Manifest
58457 7:26:44 PM access[1].exe:2872 CLOSE E:\WINDOWS\WindowsShell.Ma
58458 7:26:44 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\comctl
58459 7:26:44 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\COMCTL
58460 7:26:44 PM access[1].exe:2872 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58461 7:26:44 PM explorer.exe:3188 QUERY INFORMATION E:\Program Files\PBStudio3\PBStudio3.
58462 7:26:44 PM access[1].exe:2872 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58463 7:26:44 PM access[1].exe:2872 CREATE E:\WINDOWS\start.chm SUCCESS Options: OverwriteIf Access: All
58464 7:26:44 PM access[1].exe:2872 WRITE E:\WINDOWS\start.chm SUCCESS Offset: 0 Length: 157865
58465 7:26:44 PM access[1].exe:2872 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58466 7:26:44 PM winlogon.exe:504 DIRECTORY E:\WINDOWS SUCCESS Change Notify
58467 7:26:44 PM access[1].exe:2872 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58468 7:26:44 PM access[1].exe:2872 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58469 7:26:44 PM access[1].exe:2872 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58470 7:26:44 PM vsmon.exe:3948 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58471 7:26:44 PM vsmon.exe:3948 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58472 7:26:44 PM vsmon.exe:3948 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58473 7:26:44 PM vsmon.exe:3948 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58474 7:26:44 PM vsmon.exe:3948 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58475 7:26:44 PM vsmon.exe:3948 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58476 7:26:44 PM vsmon.exe:3948 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58477 7:26:44 PM vsmon.exe:3948 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58478 7:26:44 PM access[1].exe:2872 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58479 7:26:45 PM access[1].exe:2872 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58480 7:26:45 PM access[1].exe:2872 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58481 7:26:45 PM access[1].exe:2872 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58482 7:26:45 PM access[1].exe:2872 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58483 7:26:45 PM access[1].exe:2872 CREATE E:\WINDOWS\start.html SUCCESS Options: OverwriteIf Access: All
58484 7:26:45 PM access[1].exe:2872 WRITE E:\WINDOWS\start.html SUCCESS Offset: 0 Length: 1115
58485 7:26:45 PM winlogon.exe:504 DIRECTORY E:\WINDOWS SUCCESS Change Notify
58486 7:26:45 PM access[1].exe:2872 SET INFORMATION E:\Documents and Settings\User Name\NTUSER.DAT.LOG SUCCESS Length: 20480
58487 7:26:45 PM access[1].exe:2872 SET INFORMATION E:\Documents and Settings\User Name\NTUSER.DAT.LOG SUCCESS Length: 24576
58488 7:26:45 PM access[1].exe:2872 SET INFORMATION E:\Documents and Settings\User Name\NTUSER.DAT.LOG SUCCESS Length: 28672
58489 7:26:45 PM access[1].exe:2872 CLOSE E:\WINDOWS\start.chm SUCCESS
58490 7:26:45 PM winlogon.exe:504 DIRECTORY E:\WINDOWS SUCCESS Change Notify
58491 7:26:45 PM mcshield.exe:1336 OPEN E:\WINDOWS\start.chm SUCCESS Options: Open Access: All
58492 7:26:45 PM mcshield.exe:1336 QUERY INFORMATION E:\WINDOWS\start.chm SUCCESS FileBasicInformation
58493 7:26:45 PM mcshield.exe:1336 SET INFORMATION E:\WINDOWS\start.chm SUCCESS FileBasicInformation
58494 7:26:45 PM mcshield.exe:1336 QUERY INFORMATION E:\WINDOWS\start.chm SUCCESS FileStandardInformation
58495 7:26:45 PM mcshield.exe:1336 CLOSE E:\WINDOWS\start.chm SUCCESS
58496 7:26:45 PM mcshield.exe:1336 OPEN E:\WINDOWS\start.chm SUCCESS Options: Open Access: All
58497 7:26:45 PM mcshield.exe:1336 SET INFORMATION E:\WINDOWS\start.chm SUCCESS FileBasicInformation
58498 7:26:45 PM mcshield.exe:1336 QUERY INFORMATION E:\WINDOWS\start.chm SUCCESS FileStandardInformation
58499 7:26:45 PM mcshield.exe:1336 CLOSE E:\WINDOWS\start.chm SUCCESS
58500 7:26:45 PM mcshield.exe:1336 OPEN E:\WINDOWS\start.chm SUCCESS Options: Open Access: All
58501 7:26:45 PM mcshield.exe:1336 SET INFORMATION E:\WINDOWS\start.chm SUCCESS FileBasicInformation
58502 7:26:45 PM mcshield.exe:1336 READ E:\WINDOWS\start.chm SUCCESS Offset: 0 Length: 4096
58503 7:26:45 PM mcshield.exe:1336 READ E:\WINDOWS\start.chm SUCCESS Offset: 4096 Length: 4096
58504 7:26:45 PM mcshield.exe:1336 READ E:\WINDOWS\start.chm SUCCESS Offset: 8192 Length: 4096
58505 7:26:45 PM mcshield.exe:1336 READ E:\WINDOWS\start.chm SUCCESS Offset: 49152 Length: 4096
58506 7:26:45 PM mcshield.exe:1336 READ E:\WINDOWS\start.chm SUCCESS Offset: 20480 Length: 4096
58507 7:26:45 PM mcshield.exe:1336 READ E:\WINDOWS\start.chm SUCCESS Offset: 16384 Length: 4096
58508 7:26:45 PM mcshield.exe:1336 READ E:\WINDOWS\start.chm SUCCESS Offset: 61440 Length: 4096
58509 7:26:45 PM mcshield.exe:1336 CLOSE E:\WINDOWS\start.chm SUCCESS
58510 7:26:45 PM mcshield.exe:1336 OPEN E:\WINDOWS\start.chm SUCCESS Options: Open Access: All
58511 7:26:45 PM mcshield.exe:1336 SET INFORMATION E:\WINDOWS\start.chm SUCCESS FileBasicInformation
58512 7:26:45 PM mcshield.exe:1336 QUERY INFORMATION E:\WINDOWS\start.chm SUCCESS FileBasicInformation
58513 7:26:45 PM mcshield.exe:1336 CLOSE E:\WINDOWS\start.chm SUCCESS
58514 7:26:45 PM access[1].exe:2872 OPEN E:\DOCUME~1\USER~1\LOCALS~
58515 7:26:45 PM access[1].exe:2872 DIRECTORY E:\DOCUME~1\USER~1\LOCALS~
58516 7:26:45 PM access[1].exe:2872 CLOSE E:\DOCUME~1\USER~1\LOCALS~
58517 7:26:45 PM access[1].exe:2872 OPEN E:\DOCUME~1\USER~1\LOCALS~
58518 7:26:45 PM access[1].exe:2872 WRITE E:\DOCUME~1\USER~1\LOCALS~
58519 7:26:45 PM access[1].exe:2872 CLOSE E:\DOCUME~1\USER~1\LOCALS~
58520 7:26:45 PM mcshield.exe:1336 OPEN E:\DOCUME~1\USER~1\LOCALS~
58521 7:26:45 PM mcshield.exe:1336 QUERY INFORMATION E:\DOCUME~1\USER~1\LOCALS~
58522 7:26:45 PM mcshield.exe:1336 SET INFORMATION E:\DOCUME~1\USER~1\LOCALS~
58523 7:26:45 PM mcshield.exe:1336 QUERY INFORMATION E:\DOCUME~1\USER~1\LOCALS~
58524 7:26:45 PM mcshield.exe:1336 CLOSE E:\DOCUME~1\USER~1\LOCALS~
58525 7:26:45 PM mcshield.exe:1336 OPEN E:\ SUCCESS Options: Open Directory Access: All
58526 7:26:45 PM mcshield.exe:1336 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
58527 7:26:45 PM mcshield.exe:1336 CLOSE E:\ SUCCESS
58528 7:26:45 PM mcshield.exe:1336 OPEN E:\Documents and Settings\ SUCCESS Options: Open Directory Access: All
58529 7:26:45 PM mcshield.exe:1336 DIRECTORY E:\Documents and Settings\ SUCCESS FileBothDirectoryInformati
58530 7:26:45 PM mcshield.exe:1336 CLOSE E:\Documents and Settings\ SUCCESS
58531 7:26:45 PM mcshield.exe:1336 OPEN E:\Documents and Settings\User Name\ SUCCESS Options: Open Directory Access: All
58532 7:26:45 PM mcshield.exe:1336 DIRECTORY E:\Documents and Settings\User Name\ SUCCESS FileBothDirectoryInformati
58533 7:26:45 PM mcshield.exe:1336 CLOSE E:\Documents and Settings\User Name\ SUCCESS
58534 7:26:45 PM mcshield.exe:1336 OPEN E:\DOCUME~1\USER~1\LOCALS~
58535 7:26:45 PM mcshield.exe:1336 SET INFORMATION E:\DOCUME~1\USER~1\LOCALS~
58536 7:26:45 PM mcshield.exe:1336 QUERY INFORMATION E:\DOCUME~1\USER~1\LOCALS~
58537 7:26:45 PM mcshield.exe:1336 CLOSE E:\DOCUME~1\USER~1\LOCALS~
58538 7:26:45 PM mcshield.exe:1336 OPEN E:\DOCUME~1\USER~1\LOCALS~
58539 7:26:45 PM mcshield.exe:1336 SET INFORMATION E:\DOCUME~1\USER~1\LOCALS~
58540 7:26:45 PM mcshield.exe:1336 READ E:\DOCUME~1\USER~1\LOCALS~
58541 7:26:45 PM mcshield.exe:1336 READ E:\DOCUME~1\USER~1\LOCALS~
58542 7:26:45 PM mcshield.exe:1336 CLOSE E:\DOCUME~1\USER~1\LOCALS~
58543 7:26:45 PM mcshield.exe:1336 OPEN E:\DOCUME~1\USER~1\LOCALS~
58544 7:26:45 PM mcshield.exe:1336 SET INFORMATION E:\DOCUME~1\USER~1\LOCALS~
58545 7:26:45 PM mcshield.exe:1336 QUERY INFORMATION E:\DOCUME~1\USER~1\LOCALS~
58546 7:26:45 PM mcshield.exe:1336 CLOSE E:\DOCUME~1\USER~1\LOCALS~
58547 7:26:45 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\ole32.
58548 7:26:45 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\OLE32.
58549 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58550 7:26:45 PM zlclient.exe:3384 OPEN E:\ SUCCESS Options: Open Directory Access: All
58551 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
58552 7:26:45 PM zlclient.exe:3384 CLOSE E:\ SUCCESS
58553 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\ SUCCESS Options: Open Directory Access: All
58554 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\ SUCCESS FileBothDirectoryInformati
58555 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\ SUCCESS
58556 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS Options: Open Directory Access: All
58557 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS FileBothDirectoryInformati
58558 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS
58559 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS Options: Open Directory Access: All
58560 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS FileBothDirectoryInformati
58561 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS
58562 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58563 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58564 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58565 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\Program Files\Adobe\Acrobat 6.0\Acrobat\Acrobat.exe SUCCESS Attributes: A
58566 7:26:45 PM zlclient.exe:3384 OPEN E:\ SUCCESS Options: Open Directory Access: All
58567 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
58568 7:26:45 PM zlclient.exe:3384 CLOSE E:\ SUCCESS
58569 7:26:45 PM zlclient.exe:3384 OPEN E:\Program Files\Adobe\ SUCCESS Options: Open Directory Access: All
58570 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Program Files\Adobe\ SUCCESS FileBothDirectoryInformati
58571 7:26:45 PM zlclient.exe:3384 CLOSE E:\Program Files\Adobe\ SUCCESS
58572 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58573 7:26:45 PM zlclient.exe:3384 OPEN E:\ SUCCESS Options: Open Directory Access: All
58574 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
58575 7:26:45 PM zlclient.exe:3384 CLOSE E:\ SUCCESS
58576 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\ SUCCESS Options: Open Directory Access: All
58577 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\ SUCCESS FileBothDirectoryInformati
58578 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\ SUCCESS
58579 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS Options: Open Directory Access: All
58580 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS FileBothDirectoryInformati
58581 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS
58582 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS Options: Open Directory Access: All
58583 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS FileBothDirectoryInformati
58584 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS
58585 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58586 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58587 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58588 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\WINDOWS\system32\csrss.
58589 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58590 7:26:45 PM zlclient.exe:3384 OPEN E:\ SUCCESS Options: Open Directory Access: All
58591 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
58592 7:26:45 PM zlclient.exe:3384 CLOSE E:\ SUCCESS
58593 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\ SUCCESS Options: Open Directory Access: All
58594 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\ SUCCESS FileBothDirectoryInformati
58595 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\ SUCCESS
58596 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS Options: Open Directory Access: All
58597 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS FileBothDirectoryInformati
58598 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS
58599 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS Options: Open Directory Access: All
58600 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS FileBothDirectoryInformati
58601 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS
58602 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58603 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58604 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58605 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\WINDOWS\system32\ctfmon
58606 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58607 7:26:45 PM zlclient.exe:3384 OPEN E:\ SUCCESS Options: Open Directory Access: All
58608 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
58609 7:26:45 PM zlclient.exe:3384 CLOSE E:\ SUCCESS
58610 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\ SUCCESS Options: Open Directory Access: All
58611 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\ SUCCESS FileBothDirectoryInformati
58612 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\ SUCCESS
58613 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS Options: Open Directory Access: All
58614 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and SettingsUser Name\Desktop\Junk\ SUCCESS FileBothDirectoryInformati
58615 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS
58616 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS Options: Open Directory Access: All
58617 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS FileBothDirectoryInformati
58618 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS
58619 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58620 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58621 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58622 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\Filemon.
58623 7:26:45 PM zlclient.exe:3384 OPEN E:\ SUCCESS Options: Open Directory Access: All
58624 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
58625 7:26:45 PM zlclient.exe:3384 CLOSE E:\ SUCCESS
58626 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\ SUCCESS Options: Open Directory Access: All
58627 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\ SUCCESS FileBothDirectoryInformati
58628 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\ SUCCESS
58629 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58630 7:26:45 PM zlclient.exe:3384 OPEN E:\ SUCCESS Options: Open Directory Access: All
58631 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
58632 7:26:45 PM zlclient.exe:3384 CLOSE E:\ SUCCESS
58633 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\ SUCCESS Options: Open Directory Access: All
58634 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\ SUCCESS FileBothDirectoryInformati
58635 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\ SUCCESS
58636 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS Options: Open Directory Access: All
58637 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS FileBothDirectoryInformati
58638 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS
58639 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS Options: Open Directory Access: All
58640 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS FileBothDirectoryInformati
58641 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS
58642 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58643 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58644 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58645 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Filemon.exe FILE NOT FOUND Attributes: Error
58646 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58647 7:26:45 PM zlclient.exe:3384 OPEN E:\ SUCCESS Options: Open Directory Access: All
58648 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
58649 7:26:45 PM zlclient.exe:3384 CLOSE E:\ SUCCESS
58650 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\ SUCCESS Options: Open Directory Access: All
58651 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\ SUCCESS FileBothDirectoryInformati
58652 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\ SUCCESS
58653 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS Options: Open Directory Access: All
58654 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS FileBothDirectoryInformati
58655 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS
58656 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS Options: Open Directory Access: All
58657 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS FileBothDirectoryInformati
58658 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS
58659 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58660 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58661 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58662 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\WINDOWS\system32\svchos
58663 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58664 7:26:45 PM zlclient.exe:3384 OPEN E:\ SUCCESS Options: Open Directory Access: All
58665 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
58666 7:26:45 PM zlclient.exe:3384 CLOSE E:\ SUCCESS
58667 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\ SUCCESS Options: Open Directory Access: All
58668 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\ SUCCESS FileBothDirectoryInformati
58669 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\ SUCCESS
58670 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS Options: Open Directory Access: All
58671 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS FileBothDirectoryInformati
58672 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS
58673 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS Options: Open Directory Access: All
58674 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS FileBothDirectoryInformati
58675 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS
58676 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58677 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58678 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58679 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\Program Files\Internet Explorer\IEXPLORE.EXE SUCCESS Attributes: A
58680 7:26:45 PM zlclient.exe:3384 OPEN E:\ SUCCESS Options: Open Directory Access: All
58681 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
58682 7:26:45 PM zlclient.exe:3384 CLOSE E:\ SUCCESS
58683 7:26:45 PM zlclient.exe:3384 OPEN E:\Program Files\ SUCCESS Options: Open Directory Access: All
58684 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Program Files\ SUCCESS FileBothDirectoryInformati
58685 7:26:45 PM zlclient.exe:3384 CLOSE E:\Program Files\ SUCCESS
58686 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58687 7:26:45 PM zlclient.exe:3384 OPEN E:\ SUCCESS Options: Open Directory Access: All
58688 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
58689 7:26:45 PM zlclient.exe:3384 CLOSE E:\ SUCCESS
58690 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\ SUCCESS Options: Open Directory Access: All
58691 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\ SUCCESS FileBothDirectoryInformati
58692 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\ SUCCESS
58693 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS Options: Open Directory Access: All
58694 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS FileBothDirectoryInformati
58695 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS
58696 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS Options: Open Directory Access: All
58697 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS FileBothDirectoryInformati
58698 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS
58699 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58700 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58701 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58702 7:26:45 PM zlclient.exe:3384 OPEN C:\CFusionMX\runtime\bin\j
58703 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION C:\CFusionMX\runtime\bin\j
58704 7:26:45 PM zlclient.exe:3384 CLOSE C:\CFusionMX\runtime\bin\j
58705 7:26:45 PM zlclient.exe:3384 OPEN C:\ SUCCESS Options: Open Directory Access: All
58706 7:26:45 PM zlclient.exe:3384 DIRECTORY C:\ SUCCESS FileBothDirectoryInformati
58707 7:26:45 PM zlclient.exe:3384 CLOSE C:\ SUCCESS
58708 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58709 7:26:45 PM zlclient.exe:3384 OPEN E:\ SUCCESS Options: Open Directory Access: All
58710 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
58711 7:26:45 PM zlclient.exe:3384 CLOSE E:\ SUCCESS
58712 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\ SUCCESS Options: Open Directory Access: All
58713 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\ SUCCESS FileBothDirectoryInformati
58714 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\ SUCCESS
58715 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS Options: Open Directory Access: All
58716 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS FileBothDirectoryInformati
58717 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS
58718 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS Options: Open Directory Access: All
58719 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS FileBothDirectoryInformati
58720 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS
58721 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58722 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58723 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58724 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\Program Files\RoadRunner Rhapsody\Rhapsody.exe SUCCESS Attributes: A
58725 7:26:45 PM zlclient.exe:3384 OPEN E:\ SUCCESS Options: Open Directory Access: All
58726 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
58727 7:26:45 PM zlclient.exe:3384 CLOSE E:\ SUCCESS
58728 7:26:45 PM zlclient.exe:3384 OPEN E:\Program Files\ SUCCESS Options: Open Directory Access: All
58729 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Program Files\ SUCCESS FileBothDirectoryInformati
58730 7:26:45 PM zlclient.exe:3384 CLOSE E:\Program Files\ SUCCESS
58731 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58732 7:26:45 PM zlclient.exe:3384 OPEN E:\ SUCCESS Options: Open Directory Access: All
58733 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
58734 7:26:45 PM zlclient.exe:3384 CLOSE E:\ SUCCESS
58735 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\ SUCCESS Options: Open Directory Access: All
58736 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\ SUCCESS FileBothDirectoryInformati
58737 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\ SUCCESS
58738 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS Options: Open Directory Access: All
58739 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS FileBothDirectoryInformati
58740 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS
58741 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS Options: Open Directory Access: All
58742 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS FileBothDirectoryInformati
58743 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS
58744 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58745 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58746 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58747 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\Program Files\Magic Notes\Sticky32.exe SUCCESS Attributes: A
58748 7:26:45 PM zlclient.exe:3384 OPEN E:\ SUCCESS Options: Open Directory Access: All
58749 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
58750 7:26:45 PM zlclient.exe:3384 CLOSE E:\ SUCCESS
58751 7:26:45 PM zlclient.exe:3384 OPEN E:\Program Files\ SUCCESS Options: Open Directory Access: All
58752 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Program Files\ SUCCESS FileBothDirectoryInformati
58753 7:26:45 PM zlclient.exe:3384 CLOSE E:\Program Files\ SUCCESS
58754 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58755 7:26:45 PM zlclient.exe:3384 OPEN E:\ SUCCESS Options: Open Directory Access: All
58756 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
58757 7:26:45 PM zlclient.exe:3384 CLOSE E:\ SUCCESS
58758 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\ SUCCESS Options: Open Directory Access: All
58759 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\ SUCCESS FileBothDirectoryInformati
58760 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\ SUCCESS
58761 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS Options: Open Directory Access: All
58762 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS FileBothDirectoryInformati
58763 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS
58764 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS Options: Open Directory Access: All
58765 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS FileBothDirectoryInformati
58766 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS
58767 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58768 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58769 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58770 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\Program Files\MSN Messenger\msnmsgr.exe SUCCESS Attributes: A
58771 7:26:45 PM zlclient.exe:3384 OPEN E:\ SUCCESS Options: Open Directory Access: All
58772 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
58773 7:26:45 PM zlclient.exe:3384 CLOSE E:\ SUCCESS
58774 7:26:45 PM zlclient.exe:3384 OPEN E:\Program Files\ SUCCESS Options: Open Directory Access: All
58775 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Program Files\ SUCCESS FileBothDirectoryInformati
58776 7:26:45 PM zlclient.exe:3384 CLOSE E:\Program Files\ SUCCESS
58777 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58778 7:26:45 PM zlclient.exe:3384 OPEN E:\ SUCCESS Options: Open Directory Access: All
58779 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
58780 7:26:45 PM zlclient.exe:3384 CLOSE E:\ SUCCESS
58781 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\ SUCCESS Options: Open Directory Access: All
58782 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\ SUCCESS FileBothDirectoryInformati
58783 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\ SUCCESS
58784 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS Options: Open Directory Access: All
58785 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS FileBothDirectoryInformati
58786 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS
58787 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS Options: Open Directory Access: All
58788 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS FileBothDirectoryInformati
58789 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS
58790 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58791 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58792 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58793 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\Program Files\Microsoft Office\Office10\OUTLOOK.EX
58794 7:26:45 PM zlclient.exe:3384 OPEN E:\ SUCCESS Options: Open Directory Access: All
58795 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
58796 7:26:45 PM zlclient.exe:3384 CLOSE E:\ SUCCESS
58797 7:26:45 PM zlclient.exe:3384 OPEN E:\Program Files\ SUCCESS Options: Open Directory Access: All
58798 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Program Files\ SUCCESS FileBothDirectoryInformati
58799 7:26:45 PM zlclient.exe:3384 CLOSE E:\Program Files\ SUCCESS
58800 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58801 7:26:45 PM zlclient.exe:3384 OPEN E:\ SUCCESS Options: Open Directory Access: All
58802 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
58803 7:26:45 PM zlclient.exe:3384 CLOSE E:\ SUCCESS
58804 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\ SUCCESS Options: Open Directory Access: All
58805 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\ SUCCESS FileBothDirectoryInformati
58806 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\ SUCCESS
58807 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS Options: Open Directory Access: All
58808 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS FileBothDirectoryInformati
58809 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS
58810 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS Options: Open Directory Access: All
58811 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS FileBothDirectoryInformati
58812 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS
58813 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58814 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58815 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58816 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\Program Files\Stardock\ObjectDock\
58817 7:26:45 PM zlclient.exe:3384 OPEN E:\ SUCCESS Options: Open Directory Access: All
58818 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
58819 7:26:45 PM zlclient.exe:3384 CLOSE E:\ SUCCESS
58820 7:26:45 PM zlclient.exe:3384 OPEN E:\Program Files\Stardock\ SUCCESS Options: Open Directory Access: All
58821 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Program Files\Stardock\ SUCCESS FileBothDirectoryInformati
58822 7:26:45 PM zlclient.exe:3384 CLOSE E:\Program Files\Stardock\ SUCCESS
58823 7:26:45 PM zlclient.exe:3384 OPEN E:\Program Files\Stardock\ObjectDock\
58824 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Program Files\Stardock\ObjectDock\
58825 7:26:45 PM zlclient.exe:3384 CLOSE E:\Program Files\Stardock\ObjectDock\
58826 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58827 7:26:45 PM zlclient.exe:3384 OPEN E:\ SUCCESS Options: Open Directory Access: All
58828 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
58829 7:26:45 PM zlclient.exe:3384 CLOSE E:\ SUCCESS
58830 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\ SUCCESS Options: Open Directory Access: All
58831 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\ SUCCESS FileBothDirectoryInformati
58832 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\ SUCCESS
58833 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS Options: Open Directory Access: All
58834 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS FileBothDirectoryInformati
58835 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS
58836 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS Options: Open Directory Access: All
58837 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS FileBothDirectoryInformati
58838 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS
58839 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58840 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58841 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58842 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\Program Files\Common Files\Real\Update_OB\reale
58843 7:26:45 PM zlclient.exe:3384 OPEN E:\ SUCCESS Options: Open Directory Access: All
58844 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
58845 7:26:45 PM zlclient.exe:3384 CLOSE E:\ SUCCESS
58846 7:26:45 PM zlclient.exe:3384 OPEN E:\Program Files\ SUCCESS Options: Open Directory Access: All
58847 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Program Files\ SUCCESS FileBothDirectoryInformati
58848 7:26:45 PM zlclient.exe:3384 CLOSE E:\Program Files\ SUCCESS
58849 7:26:45 PM zlclient.exe:3384 OPEN E:\Program Files\Common Files\Real\ SUCCESS Options: Open Directory Access: All
58850 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Program Files\Common Files\Real\ SUCCESS FileBothDirectoryInformati
58851 7:26:45 PM zlclient.exe:3384 CLOSE E:\Program Files\Common Files\Real\ SUCCESS
58852 7:26:45 PM zlclient.exe:3384 OPEN E:\Program Files\Common Files\Real\Update_OB\ SUCCESS Options: Open Directory Access: All
58853 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Program Files\Common Files\Real\Update_OB\ SUCCESS FileBothDirectoryInformati
58854 7:26:45 PM zlclient.exe:3384 CLOSE E:\Program Files\Common Files\Real\Update_OB\ SUCCESS
58855 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58856 7:26:45 PM zlclient.exe:3384 OPEN E:\ SUCCESS Options: Open Directory Access: All
58857 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
58858 7:26:45 PM zlclient.exe:3384 CLOSE E:\ SUCCESS
58859 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\ SUCCESS Options: Open Directory Access: All
58860 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\ SUCCESS FileBothDirectoryInformati
58861 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\ SUCCESS
58862 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS Options: Open Directory Access: All
58863 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS FileBothDirectoryInformati
58864 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS
58865 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS Options: Open Directory Access: All
58866 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS FileBothDirectoryInformati
58867 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS
58868 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58869 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58870 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58871 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\WINDOWS\system32\dumpre
58872 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58873 7:26:45 PM zlclient.exe:3384 OPEN E:\ SUCCESS Options: Open Directory Access: All
58874 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
58875 7:26:45 PM zlclient.exe:3384 CLOSE E:\ SUCCESS
58876 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\ SUCCESS Options: Open Directory Access: All
58877 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\ SUCCESS FileBothDirectoryInformati
58878 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\ SUCCESS
58879 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS Options: Open Directory Access: All
58880 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS FileBothDirectoryInformati
58881 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS
58882 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS Options: Open Directory Access: All
58883 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS FileBothDirectoryInformati
58884 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS
58885 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58886 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58887 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58888 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\WINDOWS\explorer.exe SUCCESS Attributes: A
58889 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58890 7:26:45 PM zlclient.exe:3384 OPEN E:\ SUCCESS Options: Open Directory Access: All
58891 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
58892 7:26:45 PM zlclient.exe:3384 CLOSE E:\ SUCCESS
58893 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\ SUCCESS Options: Open Directory Access: All
58894 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\ SUCCESS FileBothDirectoryInformati
58895 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\ SUCCESS
58896 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS Options: Open Directory Access: All
58897 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS FileBothDirectoryInformati
58898 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS
58899 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS Options: Open Directory Access: All
58900 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS FileBothDirectoryInformati
58901 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS
58902 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58903 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58904 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58905 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\Program Files\Windows Media Player\wmplayer.exe SUCCESS Attributes: A
58906 7:26:45 PM zlclient.exe:3384 OPEN E:\ SUCCESS Options: Open Directory Access: All
58907 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
58908 7:26:45 PM zlclient.exe:3384 CLOSE E:\ SUCCESS
58909 7:26:45 PM zlclient.exe:3384 OPEN E:\Program Files\ SUCCESS Options: Open Directory Access: All
58910 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Program Files\ SUCCESS FileBothDirectoryInformati
58911 7:26:45 PM zlclient.exe:3384 CLOSE E:\Program Files\ SUCCESS
58912 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58913 7:26:45 PM zlclient.exe:3384 OPEN E:\ SUCCESS Options: Open Directory Access: All
58914 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
58915 7:26:45 PM zlclient.exe:3384 CLOSE E:\ SUCCESS
58916 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\ SUCCESS Options: Open Directory Access: All
58917 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\ SUCCESS FileBothDirectoryInformati
58918 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\ SUCCESS
58919 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS Options: Open Directory Access: All
58920 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS FileBothDirectoryInformati
58921 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS
58922 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS Options: Open Directory Access: All
58923 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS FileBothDirectoryInformati
58924 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS
58925 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58926 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58927 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58928 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\WINDOWS\system32\taskmg
58929 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58930 7:26:45 PM zlclient.exe:3384 OPEN E:\ SUCCESS Options: Open Directory Access: All
58931 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
58932 7:26:45 PM zlclient.exe:3384 CLOSE E:\ SUCCESS
58933 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\ SUCCESS Options: Open Directory Access: All
58934 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\ SUCCESS FileBothDirectoryInformati
58935 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\ SUCCESS
58936 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS Options: Open Directory Access: All
58937 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS FileBothDirectoryInformati
58938 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS
58939 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS Options: Open Directory Access: All
58940 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS FileBothDirectoryInformati
58941 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS
58942 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58943 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58944 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58945 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\Program Files\Zone Labs\ZoneAlarm\zlclient.ex
58946 7:26:45 PM zlclient.exe:3384 OPEN E:\ SUCCESS Options: Open Directory Access: All
58947 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
58948 7:26:45 PM zlclient.exe:3384 CLOSE E:\ SUCCESS
58949 7:26:45 PM zlclient.exe:3384 OPEN E:\Program Files\ SUCCESS Options: Open Directory Access: All
58950 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Program Files\ SUCCESS FileBothDirectoryInformati
58951 7:26:45 PM zlclient.exe:3384 CLOSE E:\Program Files\ SUCCESS
58952 7:26:45 PM zlclient.exe:3384 OPEN E:\Program Files\Zone Labs\ SUCCESS Options: Open Directory Access: All
58953 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Program Files\Zone Labs\ SUCCESS FileBothDirectoryInformati
58954 7:26:45 PM zlclient.exe:3384 CLOSE E:\Program Files\Zone Labs\ SUCCESS
58955 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\WINDOWS\Internet Logs\tvDebug.log SUCCESS Length: 45117
58956 7:26:45 PM zlclient.exe:3384 WRITE E:\WINDOWS\Internet Logs\tvDebug.log SUCCESS Offset: 45117 Length: 22
58957 7:26:45 PM zlclient.exe:3384 WRITE E:\WINDOWS\Internet Logs\tvDebug.log SUCCESS Offset: 45139 Length: 202
58958 7:26:45 PM zlclient.exe:3384 WRITE E:\WINDOWS\Internet Logs\tvDebug.log SUCCESS Offset: 45341 Length: 1
58959 7:26:45 PM zlclient.exe:3384 WRITE E:\WINDOWS\Internet Logs\tvDebug.log SUCCESS Offset: 45342 Length: 1
58960 7:26:45 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\system32\rpcss.
58961 7:26:45 PM access[1].exe:2872 OPEN E:\WINDOWS\system32\rpcss.
58962 7:26:45 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\system32\rpcss.
58963 7:26:45 PM access[1].exe:2872 CLOSE E:\WINDOWS\system32\rpcss.
58964 7:26:45 PM access[1].exe:2872 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58965 7:26:45 PM access[1].exe:2872 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58966 7:26:45 PM access[1].exe:2872 SET INFORMATION E:\WINDOWS\system32\config
58967 7:26:45 PM access[1].exe:2872 SET INFORMATION E:\WINDOWS\system32\config
58968 7:26:45 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\system32\uxthem
58969 7:26:45 PM access[1].exe:2872 OPEN E:\WINDOWS\system32\uxthem
58970 7:26:45 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\system32\uxthem
58971 7:26:45 PM access[1].exe:2872 CLOSE E:\WINDOWS\system32\uxthem
58972 7:26:45 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\system32\uxthem
58973 7:26:45 PM access[1].exe:2872 OPEN E:\WINDOWS\system32\uxthem
58974 7:26:45 PM access[1].exe:2872 CLOSE E:\WINDOWS\system32\uxthem
58975 7:26:45 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\uxthem
58976 7:26:45 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\UXTHEM
58977 7:26:45 PM access[1].exe:2872 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58978 7:26:45 PM access[1].exe:2872 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\UxTheme.dll FILE NOT FOUND Attributes: Error
58979 7:26:45 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\System32\UxThem
58980 7:26:45 PM vsmon.exe:3948 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58981 7:26:45 PM vsmon.exe:3948 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58982 7:26:45 PM vsmon.exe:3948 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58983 7:26:45 PM vsmon.exe:3948 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58984 7:26:45 PM vsmon.exe:3948 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58985 7:26:45 PM vsmon.exe:3948 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58986 7:26:45 PM vsmon.exe:3948 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58987 7:26:45 PM vsmon.exe:3948 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58988 7:26:45 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\system32\uxthem
58989 7:26:45 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\system32\uxthem
58990 7:26:45 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\system32\uxthem
58991 7:26:45 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\System32\MSCTF.
58992 7:26:45 PM access[1].exe:2872 OPEN E:\WINDOWS\System32\MSCTF.
58993 7:26:45 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\System32\MSCTF.
58994 7:26:45 PM access[1].exe:2872 CLOSE E:\WINDOWS\System32\MSCTF.
58995 7:26:45 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\System32\MSCTF.
58996 7:26:45 PM access[1].exe:2872 OPEN E:\WINDOWS\System32\MSCTF.
58997 7:26:45 PM access[1].exe:2872 CLOSE E:\WINDOWS\System32\MSCTF.
58998 7:26:45 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\MSCTF.
58999 7:26:45 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\MSCTF.
59000 7:26:45 PM access[1].exe:2872 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59001 7:26:45 PM access[1].exe:2872 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\netapi32.dll FILE NOT FOUND Attributes: Error
59002 7:26:45 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\System32\netapi
59003 7:26:45 PM access[1].exe:2872 OPEN E:\WINDOWS\System32\netapi
59004 7:26:45 PM access[1].exe:2872 CLOSE E:\WINDOWS\System32\netapi
59005 7:26:45 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\netapi
59006 7:26:45 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\NETAPI
59007 7:26:45 PM access[1].exe:2872 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop SUCCESS Attributes: D
59008 7:26:45 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\system32\cmd.ex
59009 7:26:45 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\ SUCCESS Options: Open Directory Access: All
59010 7:26:45 PM explorer.exe:3188 DIRECTORY E:\Documents and Settings\User Name\Desktop\ SUCCESS FileBothDirectoryInformati
59011 7:26:45 PM explorer.exe:3188 OPEN E:\Documents and Settings\All Users\Desktop\ SUCCESS Options: Open Directory Access: All
59012 7:26:45 PM explorer.exe:3188 DIRECTORY E:\Documents and Settings\All Users\Desktop\ SUCCESS FileBothDirectoryInformati
59013 7:26:45 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
59014 7:26:45 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
59015 7:26:45 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
59016 7:26:45 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
59017 7:26:45 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\WINDOWS\system32\rpcss.
59018 7:26:45 PM IEXPLORE.EXE:2344 OPEN E:\WINDOWS\system32\rpcss.
59019 7:26:45 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\WINDOWS\system32\rpcss.
59020 7:26:45 PM IEXPLORE.EXE:2344 CLOSE E:\WINDOWS\system32\rpcss.
59021 7:26:45 PM explorer.exe:3188 QUERY INFORMATION E:\WINDOWS\system32\rpcss.
59022 7:26:45 PM explorer.exe:3188 OPEN E:\WINDOWS\system32\rpcss.
59023 7:26:45 PM explorer.exe:3188 QUERY INFORMATION E:\WINDOWS\system32\rpcss.
59024 7:26:45 PM explorer.exe:3188 CLOSE E:\WINDOWS\system32\rpcss.
59025 7:26:45 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk SUCCESS Attributes: DR
59026 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\system32\SHELL3
59027 7:26:46 PM explorer.exe:3188 QUERY INFORMATION E:\Program Files\PBStudio3\Readme.txt
59028 7:26:46 PM access[1].exe:2872 OPEN G:\ SUCCESS Options: Open Access: All
59029 7:26:46 PM access[1].exe:2872 QUERY INFORMATION G:\ SUCCESS Attributes: D
59030 7:26:46 PM access[1].exe:2872 CLOSE G:\ SUCCESS
59031 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\system32\rpcss.
59032 7:26:46 PM access[1].exe:2872 OPEN E:\WINDOWS\system32\rpcss.
59033 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\system32\rpcss.
59034 7:26:46 PM access[1].exe:2872 CLOSE E:\WINDOWS\system32\rpcss.
59035 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59036 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\SETUPAPI.dll FILE NOT FOUND Attributes: Error
59037 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\System32\SETUPA
59038 7:26:46 PM access[1].exe:2872 OPEN E:\WINDOWS\System32\SETUPA
59039 7:26:46 PM access[1].exe:2872 CLOSE E:\WINDOWS\System32\SETUPA
59040 7:26:46 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\setupa
59041 7:26:46 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\SETUPA
59042 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\ SUCCESS Attributes: D
59043 7:26:46 PM explorer.exe:3188 DIRECTORY E:\Documents and Settings\User Name\Desktop\ SUCCESS FileBothDirectoryInformati
59044 7:26:46 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Exercise\desk
59045 7:26:46 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\Exercise\desk
59046 7:26:46 PM explorer.exe:3188 LOCK E:\Documents and Settings\User Name\Desktop\Exercise\desk
59047 7:26:46 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Exercise\desk
59048 7:26:46 PM explorer.exe:3188 READ E:\Documents and Settings\User Name\Desktop\Exercise\desk
59049 7:26:46 PM explorer.exe:3188 UNLOCK E:\Documents and Settings\User Name\Desktop\Exercise\desk
59050 7:26:46 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\Exercise\desk
59051 7:26:46 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Exercise\desk
59052 7:26:46 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\Exercise\desk
59053 7:26:46 PM explorer.exe:3188 LOCK E:\Documents and Settings\User Name\Desktop\Exercise\desk
59054 7:26:46 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Exercise\desk
59055 7:26:46 PM explorer.exe:3188 READ E:\Documents and Settings\User Name\Desktop\Exercise\desk
59056 7:26:46 PM explorer.exe:3188 UNLOCK E:\Documents and Settings\User Name\Desktop\Exercise\desk
59057 7:26:46 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\Exercise\desk
59058 7:26:46 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Exercise\desk
59059 7:26:46 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\Exercise\desk
59060 7:26:46 PM explorer.exe:3188 LOCK E:\Documents and Settings\User Name\Desktop\Exercise\desk
59061 7:26:46 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Exercise\desk
59062 7:26:46 PM explorer.exe:3188 READ E:\Documents and Settings\User Name\Desktop\Exercise\desk
59063 7:26:46 PM explorer.exe:3188 UNLOCK E:\Documents and Settings\User Name\Desktop\Exercise\desk
59064 7:26:46 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\Exercise\desk
59065 7:26:46 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Exercise\desk
59066 7:26:46 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\Exercise\desk
59067 7:26:46 PM explorer.exe:3188 LOCK E:\Documents and Settings\User Name\Desktop\Exercise\desk
59068 7:26:46 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Exercise\desk
59069 7:26:46 PM explorer.exe:3188 READ E:\Documents and Settings\User Name\Desktop\Exercise\desk
59070 7:26:46 PM explorer.exe:3188 UNLOCK E:\Documents and Settings\User Name\Desktop\Exercise\desk
59071 7:26:46 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\Exercise\desk
59072 7:26:46 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Exercise\desk
59073 7:26:46 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\Exercise\desk
59074 7:26:46 PM explorer.exe:3188 LOCK E:\Documents and Settings\User Name\Desktop\Exercise\desk
59075 7:26:46 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Exercise\desk
59076 7:26:46 PM explorer.exe:3188 READ E:\Documents and Settings\User Name\Desktop\Exercise\desk
59077 7:26:46 PM explorer.exe:3188 UNLOCK E:\Documents and Settings\User Name\Desktop\Exercise\desk
59078 7:26:46 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\Exercise\desk
59079 7:26:46 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59080 7:26:46 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59081 7:26:46 PM explorer.exe:3188 LOCK E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59082 7:26:46 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59083 7:26:46 PM explorer.exe:3188 READ E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59084 7:26:46 PM explorer.exe:3188 UNLOCK E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59085 7:26:46 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59086 7:26:46 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59087 7:26:46 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59088 7:26:46 PM explorer.exe:3188 LOCK E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59089 7:26:46 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59090 7:26:46 PM explorer.exe:3188 READ E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59091 7:26:46 PM explorer.exe:3188 UNLOCK E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59092 7:26:46 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59093 7:26:46 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59094 7:26:46 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59095 7:26:46 PM explorer.exe:3188 LOCK E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59096 7:26:46 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59097 7:26:46 PM explorer.exe:3188 READ E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59098 7:26:46 PM explorer.exe:3188 UNLOCK E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59099 7:26:46 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59100 7:26:46 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59101 7:26:46 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59102 7:26:46 PM explorer.exe:3188 LOCK E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59103 7:26:46 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59104 7:26:46 PM explorer.exe:3188 READ E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59105 7:26:46 PM explorer.exe:3188 UNLOCK E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59106 7:26:46 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59107 7:26:46 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59108 7:26:46 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59109 7:26:46 PM explorer.exe:3188 LOCK E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59110 7:26:46 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and SettingsUser Name\Desktop\Junk\desktop.
59111 7:26:46 PM explorer.exe:3188 READ E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59112 7:26:46 PM explorer.exe:3188 UNLOCK E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59113 7:26:46 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59114 7:26:46 PM explorer.exe:3188 DIRECTORY E:\Documents and Settings\User Name\Desktop\ NO MORE FILES FileBothDirectoryInformati
59115 7:26:46 PM explorer.exe:3188 DIRECTORY E:\Documents and Settings\All Users\Desktop\ SUCCESS FileBothDirectoryInformati
59116 7:26:46 PM explorer.exe:3188 DIRECTORY E:\Documents and Settings\All Users\Desktop\ NO MORE FILES FileBothDirectoryInformati
59117 7:26:46 PM access[1].exe:2872 OPEN G:\Desktop.ini SUCCESS Options: Open Access: All
59118 7:26:46 PM access[1].exe:2872 LOCK G:\Desktop.ini SUCCESS Excl: No Offset: 0 Length: -1
59119 7:26:46 PM access[1].exe:2872 QUERY INFORMATION G:\Desktop.ini SUCCESS Length: 84
59120 7:26:46 PM access[1].exe:2872 READ G:\Desktop.ini SUCCESS Offset: 0 Length: 84
59121 7:26:46 PM access[1].exe:2872 UNLOCK G:\Desktop.ini RANGE NOT LOCKED Offset: 0 Length: -1
59122 7:26:46 PM access[1].exe:2872 CLOSE G:\Desktop.ini SUCCESS
59123 7:26:46 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\ SUCCESS
59124 7:26:46 PM explorer.exe:3188 CLOSE E:\Documents and Settings\All Users\Desktop\ SUCCESS
59125 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\Documents and Settings\All Users\Documents SUCCESS Attributes: DR
59126 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\system32\rpcss.
59127 7:26:46 PM access[1].exe:2872 OPEN E:\WINDOWS\system32\rpcss.
59128 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\system32\rpcss.
59129 7:26:46 PM access[1].exe:2872 CLOSE E:\WINDOWS\system32\rpcss.
59130 7:26:46 PM access[1].exe:2872 OPEN E:\ SUCCESS Options: Open Directory Access: All
59131 7:26:46 PM access[1].exe:2872 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
59132 7:26:46 PM access[1].exe:2872 CLOSE E:\ SUCCESS
59133 7:26:46 PM access[1].exe:2872 OPEN E:\Documents and Settings\ SUCCESS Options: Open Directory Access: All
59134 7:26:46 PM access[1].exe:2872 DIRECTORY E:\Documents and Settings\ SUCCESS FileBothDirectoryInformati
59135 7:26:46 PM access[1].exe:2872 CLOSE E:\Documents and Settings\ SUCCESS
59136 7:26:46 PM access[1].exe:2872 OPEN E:\Documents and Settings\All Users\ SUCCESS Options: Open Directory Access: All
59137 7:26:46 PM access[1].exe:2872 DIRECTORY E:\Documents and Settings\All Users\ SUCCESS FileBothDirectoryInformati
59138 7:26:46 PM access[1].exe:2872 CLOSE E:\Documents and Settings\All Users\ SUCCESS
59139 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\Documents and Settings\All Users\Documents\desktop.in
59140 7:26:46 PM access[1].exe:2872 OPEN E:\Documents and Settings\All Users\Documents\desktop.in
59141 7:26:46 PM access[1].exe:2872 LOCK E:\Documents and Settings\All Users\Documents\desktop.in
59142 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\Documents and Settings\All Users\Documents\desktop.in
59143 7:26:46 PM access[1].exe:2872 READ E:\Documents and Settings\All Users\Documents\desktop.in
59144 7:26:46 PM access[1].exe:2872 UNLOCK E:\Documents and Settings\All Users\Documents\desktop.in
59145 7:26:46 PM access[1].exe:2872 CLOSE E:\Documents and Settings\All Users\Documents\desktop.in
59146 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\Documents and Settings\All Users\Documents\desktop.in
59147 7:26:46 PM access[1].exe:2872 OPEN E:\Documents and Settings\All Users\Documents\desktop.in
59148 7:26:46 PM access[1].exe:2872 LOCK E:\Documents and Settings\All Users\Documents\desktop.in
59149 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\Documents and Settings\All Users\Documents\desktop.in
59150 7:26:46 PM access[1].exe:2872 READ E:\Documents and Settings\All Users\Documents\desktop.in
59151 7:26:46 PM access[1].exe:2872 UNLOCK E:\Documents and Settings\All Users\Documents\desktop.in
59152 7:26:46 PM access[1].exe:2872 CLOSE E:\Documents and Settings\All Users\Documents\desktop.in
59153 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\Documents and Settings\All Users\Documents\desktop.in
59154 7:26:46 PM access[1].exe:2872 OPEN E:\Documents and Settings\All Users\Documents\desktop.in
59155 7:26:46 PM access[1].exe:2872 LOCK E:\Documents and Settings\All Users\Documents\desktop.in
59156 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\Documents and Settings\All Users\Documents\desktop.in
59157 7:26:46 PM access[1].exe:2872 READ E:\Documents and Settings\All Users\Documents\desktop.in
59158 7:26:46 PM access[1].exe:2872 UNLOCK E:\Documents and Settings\All Users\Documents\desktop.in
59159 7:26:46 PM access[1].exe:2872 CLOSE E:\Documents and Settings\All Users\Documents\desktop.in
59160 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\Documents and Settings\All Users\Documents\desktop.in
59161 7:26:46 PM access[1].exe:2872 OPEN E:\Documents and Settings\All Users\Documents\desktop.in
59162 7:26:46 PM access[1].exe:2872 LOCK E:\Documents and Settings\All Users\Documents\desktop.in
59163 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\Documents and Settings\All Users\Documents\desktop.in
59164 7:26:46 PM access[1].exe:2872 READ E:\Documents and Settings\All Users\Documents\desktop.in
59165 7:26:46 PM access[1].exe:2872 UNLOCK E:\Documents and Settings\All Users\Documents\desktop.in
59166 7:26:46 PM access[1].exe:2872 CLOSE E:\Documents and Settings\All Users\Documents\desktop.in
59167 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\Documents and Settings\All Users\Documents\desktop.in
59168 7:26:46 PM access[1].exe:2872 OPEN E:\Documents and Settings\All Users\Documents\desktop.in
59169 7:26:46 PM access[1].exe:2872 LOCK E:\Documents and Settings\All Users\Documents\desktop.in
59170 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\Documents and Settings\All Users\Documents\desktop.in
59171 7:26:46 PM access[1].exe:2872 READ E:\Documents and Settings\All Users\Documents\desktop.in
59172 7:26:46 PM access[1].exe:2872 UNLOCK E:\Documents and Settings\All Users\Documents\desktop.in
59173 7:26:46 PM access[1].exe:2872 CLOSE E:\Documents and Settings\All Users\Documents\desktop.in
59174 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop SUCCESS Attributes: D
59175 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\system32\rpcss.
59176 7:26:46 PM access[1].exe:2872 OPEN E:\WINDOWS\system32\rpcss.
59177 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\system32\rpcss.
59178 7:26:46 PM access[1].exe:2872 CLOSE E:\WINDOWS\system32\rpcss.
59179 7:26:46 PM access[1].exe:2872 OPEN E:\ SUCCESS Options: Open Directory Access: All
59180 7:26:46 PM access[1].exe:2872 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
59181 7:26:46 PM access[1].exe:2872 CLOSE E:\ SUCCESS
59182 7:26:46 PM access[1].exe:2872 OPEN E:\Documents and Settings\ SUCCESS Options: Open Directory Access: All
59183 7:26:46 PM access[1].exe:2872 DIRECTORY E:\Documents and Settings\ SUCCESS FileBothDirectoryInformati
59184 7:26:46 PM access[1].exe:2872 CLOSE E:\Documents and Settings\ SUCCESS
59185 7:26:46 PM access[1].exe:2872 OPEN E:\Documents and Settings\User Name\ SUCCESS Options: Open Directory Access: All
59186 7:26:46 PM access[1].exe:2872 DIRECTORY E:\Documents and Settings\User Name\ SUCCESS FileBothDirectoryInformati
59187 7:26:46 PM access[1].exe:2872 CLOSE E:\Documents and Settings\User Name\ SUCCESS
59188 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\Documents and Settings\All Users\Desktop SUCCESS Attributes: D
59189 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\system32\rpcss.
59190 7:26:46 PM access[1].exe:2872 OPEN E:\WINDOWS\system32\rpcss.
59191 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\system32\rpcss.
59192 7:26:46 PM access[1].exe:2872 CLOSE E:\WINDOWS\system32\rpcss.
59193 7:26:46 PM access[1].exe:2872 OPEN E:\ SUCCESS Options: Open Directory Access: All
59194 7:26:46 PM access[1].exe:2872 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
59195 7:26:46 PM access[1].exe:2872 CLOSE E:\ SUCCESS
59196 7:26:46 PM access[1].exe:2872 OPEN E:\Documents and Settings\ SUCCESS Options: Open Directory Access: All
59197 7:26:46 PM access[1].exe:2872 DIRECTORY E:\Documents and Settings\ SUCCESS FileBothDirectoryInformati
59198 7:26:46 PM access[1].exe:2872 CLOSE E:\Documents and Settings\ SUCCESS
59199 7:26:46 PM access[1].exe:2872 OPEN E:\Documents and Settings\All Users\ SUCCESS Options: Open Directory Access: All
59200 7:26:46 PM access[1].exe:2872 DIRECTORY E:\Documents and Settings\All Users\ SUCCESS FileBothDirectoryInformati
59201 7:26:46 PM access[1].exe:2872 CLOSE E:\Documents and Settings\All Users\ SUCCESS
59202 7:26:46 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\apphel
59203 7:26:46 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\APPHEL
59204 7:26:46 PM access[1].exe:2872 OPEN E:\Program Files\Qualcomm\Eudora\EuSh
59205 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59206 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\CLBCATQ.DLL FILE NOT FOUND Attributes: Error
59207 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\System32\CLBCAT
59208 7:26:46 PM access[1].exe:2872 OPEN E:\WINDOWS\System32\CLBCAT
59209 7:26:46 PM access[1].exe:2872 CLOSE E:\WINDOWS\System32\CLBCAT
59210 7:26:46 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\clbcat
59211 7:26:46 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\CLBCAT
59212 7:26:46 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\oleaut
59213 7:26:46 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\OLEAUT
59214 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59215 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\COMRes.dll FILE NOT FOUND Attributes: Error
59216 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\System32\COMRes
59217 7:26:46 PM access[1].exe:2872 OPEN E:\WINDOWS\System32\COMRes
59218 7:26:46 PM access[1].exe:2872 CLOSE E:\WINDOWS\System32\COMRes
59219 7:26:46 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\comres
59220 7:26:46 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\COMRES
59221 7:26:46 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\versio
59222 7:26:46 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\VERSIO
59223 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\Registration SUCCESS Attributes: D
59224 7:26:46 PM vstskmgr.exe:1360 SET INFORMATION E:\WINDOWS\system32\config
59225 7:26:46 PM vstskmgr.exe:1360 SET INFORMATION E:\WINDOWS\system32\config
59226 7:26:46 PM vstskmgr.exe:1360 SET INFORMATION E:\WINDOWS\system32\config
59227 7:26:46 PM vstskmgr.exe:1360 SET INFORMATION E:\WINDOWS\system32\config
59228 7:26:46 PM vstskmgr.exe:1360 SET INFORMATION E:\WINDOWS\system32\config
59229 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\Program Files\Qualcomm\Eudora\EuSh
59230 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\Program Files\Qualcomm\Eudora\EuSh
59231 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\system32\cmd.ex
59232 7:26:47 PM access[1].exe:2872 OPEN E:\WINDOWS\system32\cmd.ex
59233 7:26:47 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\system32\cmd.ex
59234 7:26:47 PM access[1].exe:2872 SET INFORMATION E:\WINDOWS\system32\cmd.ex
59235 7:26:47 PM access[1].exe:2872 READ E:\WINDOWS\system32\cmd.ex
59236 7:26:47 PM access[1].exe:2872 READ E:\WINDOWS\system32\cmd.ex
59237 7:26:47 PM access[1].exe:2872 READ E:\WINDOWS\system32\cmd.ex
59238 7:26:47 PM access[1].exe:2872 READ E:\WINDOWS\system32\cmd.ex
59239 7:26:47 PM access[1].exe:2872 READ E:\WINDOWS\system32\cmd.ex
59240 7:26:47 PM access[1].exe:2872 CLOSE E:\WINDOWS\system32\cmd.ex
59241 7:26:47 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\system32\cmd.ex
59242 7:26:47 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\system32\cmd.ex
59243 7:26:47 PM access[1].exe:2872 OPEN E:\WINDOWS\system32\cmd.ex
59244 7:26:47 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\system32\cmd.ex
59245 7:26:47 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\system32\cmd.ex
59246 7:26:47 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\system32\cmd.ex
59247 7:26:47 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\system32\cmd.ex
59248 7:26:47 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\system32\cmd.ex
59249 7:26:47 PM access[1].exe:2872 OPEN E:\ SUCCESS Options: Open Directory Access: All
59250 7:26:47 PM access[1].exe:2872 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
59251 7:26:47 PM access[1].exe:2872 CLOSE E:\ SUCCESS
59252 7:26:47 PM access[1].exe:2872 OPEN E:\WINDOWS\ SUCCESS Options: Open Directory Access: All
59253 7:26:47 PM access[1].exe:2872 DIRECTORY E:\WINDOWS\ SUCCESS FileBothDirectoryInformati
59254 7:26:47 PM access[1].exe:2872 CLOSE E:\WINDOWS\ SUCCESS
59255 7:26:47 PM access[1].exe:2872 OPEN E:\WINDOWS\system32\ SUCCESS Options: Open Directory Access: All
59256 7:26:47 PM access[1].exe:2872 DIRECTORY E:\WINDOWS\system32\ SUCCESS FileBothDirectoryInformati
59257 7:26:47 PM access[1].exe:2872 CLOSE E:\WINDOWS\system32\ SUCCESS
59258 7:26:47 PM access[1].exe:2872 OPEN E:\WINDOWS\system32\cmd.ex
59259 7:26:47 PM cmd.exe:2872 READ E:\WINDOWS\system32\cmd.ex
59260 7:26:47 PM access[1].exe:2872 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop SUCCESS Attributes: D
59261 7:26:47 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\cmd.ex
59262 7:26:47 PM vsmon.exe:3948 OPEN E:\ SUCCESS Options: Open Directory Access: All
59263 7:26:47 PM vsmon.exe:3948 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
59264 7:26:47 PM vsmon.exe:3948 CLOSE E:\ SUCCESS
59265 7:26:47 PM vsmon.exe:3948 OPEN E:\WINDOWS\ SUCCESS Options: Open Directory Access: All
59266 7:26:47 PM vsmon.exe:3948 DIRECTORY E:\WINDOWS\ SUCCESS FileBothDirectoryInformati
59267 7:26:47 PM vsmon.exe:3948 CLOSE E:\WINDOWS\ SUCCESS
59268 7:26:47 PM vsmon.exe:3948 OPEN E:\WINDOWS\system32\ SUCCESS Options: Open Directory Access: All
59269 7:26:47 PM vsmon.exe:3948 DIRECTORY E:\WINDOWS\system32\ SUCCESS FileBothDirectoryInformati
59270 7:26:47 PM vsmon.exe:3948 CLOSE E:\WINDOWS\system32\ SUCCESS
59271 7:26:47 PM access[1].exe:2872 CLOSE E:\WINDOWS\system32\cmd.ex
59272 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\WINDOWS\system32\cmd.ex
59273 7:26:47 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\NTDLL.
59274 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\WINDOWS\system32\cmd.ex
59275 7:26:47 PM cmd.exe:2544 OPEN E:\WINDOWS\Prefetch\CMD.EX
59276 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\WINDOWS\Prefetch\CMD.EX
59277 7:26:47 PM cmd.exe:2544 READ E:\WINDOWS\Prefetch\CMD.EX
59278 7:26:47 PM cmd.exe:2544 READ E:\WINDOWS\Prefetch\CMD.EX
59279 7:26:47 PM access[1].exe:2872 CLOSE E:\Documents and Settings\User Name\Desktop\ SUCCESS
59280 7:26:47 PM access[1].exe:2872 CLOSE E:\WINDOWS\WinSxS\x86_Micr
59281 7:26:47 PM access[1].exe:2872 CLOSE E:\WINDOWS\start.html SUCCESS
59282 7:26:47 PM winlogon.exe:504 DIRECTORY E:\WINDOWS Change Notify
59283 7:26:47 PM mcshield.exe:1336 OPEN E:\WINDOWS\start.html SUCCESS Options: Open Access: All
59284 7:26:47 PM mcshield.exe:1336 QUERY INFORMATION E:\WINDOWS\start.html SUCCESS FileBasicInformation
59285 7:26:47 PM mcshield.exe:1336 SET INFORMATION E:\WINDOWS\start.html SUCCESS FileBasicInformation
59286 7:26:47 PM mcshield.exe:1336 QUERY INFORMATION E:\WINDOWS\start.html SUCCESS FileStandardInformation
59287 7:26:47 PM mcshield.exe:1336 CLOSE E:\WINDOWS\start.html SUCCESS
59288 7:26:47 PM mcshield.exe:1336 OPEN E:\WINDOWS\start.html SUCCESS Options: Open Access: All
59289 7:26:47 PM mcshield.exe:1336 SET INFORMATION E:\WINDOWS\start.html SUCCESS FileBasicInformation
59290 7:26:47 PM mcshield.exe:1336 QUERY INFORMATION E:\WINDOWS\start.html SUCCESS FileStandardInformation
59291 7:26:47 PM mcshield.exe:1336 CLOSE E:\WINDOWS\start.html SUCCESS
59292 7:26:47 PM mcshield.exe:1336 OPEN E:\WINDOWS\start.html SUCCESS Options: Open Access: All
59293 7:26:47 PM mcshield.exe:1336 SET INFORMATION E:\WINDOWS\start.html SUCCESS FileBasicInformation
59294 7:26:47 PM mcshield.exe:1336 READ E:\WINDOWS\start.html SUCCESS Offset: 0 Length: 4096
59295 7:26:47 PM mcshield.exe:1336 READ E:\WINDOWS\start.html END OF FILE Offset: 1115 Length: 2981
59296 7:26:47 PM mcshield.exe:1336 CLOSE E:\WINDOWS\start.html SUCCESS
59297 7:26:47 PM mcshield.exe:1336 OPEN E:\WINDOWS\start.html SUCCESS Options: Open Access: All
59298 7:26:47 PM mcshield.exe:1336 SET INFORMATION E:\WINDOWS\start.html SUCCESS FileBasicInformation
59299 7:26:47 PM mcshield.exe:1336 QUERY INFORMATION E:\WINDOWS\start.html SUCCESS FileBasicInformation
59300 7:26:47 PM mcshield.exe:1336 CLOSE E:\WINDOWS\start.html SUCCESS
59301 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\Prefetch\ACCESS
59302 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\DESKTOP.IN
59303 7:26:47 PM svchost.exe:788 OPEN E:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\DESKTOP.IN
59304 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\DESKTOP.IN
59305 7:26:47 PM svchost.exe:788 CLOSE E:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\DESKTOP.IN
59306 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\DOCUMENTS AND SETTINGS\User Name\DESKTOP\JUNK\_XP CHANGER\TEMPORARY INTERNET FILES\CONTENT.IE5\5STYUYRS
59307 7:26:47 PM svchost.exe:788 OPEN E:\DOCUMENTS AND SETTINGS\User Name\DESKTOP\JUNK\_XP CHANGER\TEMPORARY INTERNET FILES\CONTENT.IE5\5STYUYRS
59308 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\DOCUMENTS AND SETTINGS\User Name\DESKTOP\JUNK\_XP CHANGER\TEMPORARY INTERNET FILES\CONTENT.IE5\5STYUYRS
59309 7:26:47 PM svchost.exe:788 CLOSE E:\DOCUMENTS AND SETTINGS\User Name\DESKTOP\JUNK\_XP CHANGER\TEMPORARY INTERNET FILES\CONTENT.IE5\5STYUYRS
59310 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\DOCUME~1\USER~1\LOCALS~
59311 7:26:47 PM svchost.exe:788 OPEN E:\DOCUME~1\USER~1\LOCALS~
59312 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\DOCUME~1\USER~1\LOCALS~
59313 7:26:47 PM svchost.exe:788 CLOSE E:\DOCUME~1\USER~1\LOCALS~
59314 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\REGISTRATION\R0
59315 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\REGISTRATION\R0
59316 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\REGISTRATION\R0
59317 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\REGISTRATION\R0
59318 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\ADVAPI
59319 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\SYSTEM32\ADVAPI
59320 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\ADVAPI
59321 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\SYSTEM32\ADVAPI
59322 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\APPHEL
59323 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\SYSTEM32\APPHEL
59324 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\APPHEL
59325 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\SYSTEM32\APPHEL
59326 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\CLBCAT
59327 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\SYSTEM32\CLBCAT
59328 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\CLBCAT
59329 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\SYSTEM32\CLBCAT
59330 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\CMD.EX
59331 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\SYSTEM32\CMD.EX
59332 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\CMD.EX
59333 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\SYSTEM32\CMD.EX
59334 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\COMCTL
59335 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\SYSTEM32\COMCTL
59336 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\COMCTL
59337 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\SYSTEM32\COMCTL
59338 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\COMRES
59339 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\SYSTEM32\COMRES
59340 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\COMRES
59341 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\SYSTEM32\COMRES
59342 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\CTYPE.
59343 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\SYSTEM32\CTYPE.
59344 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\CTYPE.
59345 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\SYSTEM32\CTYPE.
59346 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\GDI32.
59347 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\SYSTEM32\GDI32.
59348 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\GDI32.
59349 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\SYSTEM32\GDI32.
59350 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\KERNEL
59351 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\SYSTEM32\KERNEL
59352 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\KERNEL
59353 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\SYSTEM32\KERNEL
59354 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\LOCALE
59355 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\SYSTEM32\LOCALE
59356 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\LOCALE
59357 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\SYSTEM32\LOCALE
59358 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\MSCTF.
59359 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\SYSTEM32\MSCTF.
59360 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\MSCTF.
59361 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\SYSTEM32\MSCTF.
59362 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\MSVCRT
59363 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\SYSTEM32\MSVCRT
59364 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\MSVCRT
59365 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\SYSTEM32\MSVCRT
59366 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\NETAPI
59367 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\SYSTEM32\NETAPI
59368 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\NETAPI
59369 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\SYSTEM32\NETAPI
59370 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\NTDLL.
59371 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\SYSTEM32\NTDLL.
59372 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\NTDLL.
59373 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\SYSTEM32\NTDLL.
59374 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\OLE32.
59375 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\SYSTEM32\OLE32.
59376 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\OLE32.
59377 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\SYSTEM32\OLE32.
59378 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\OLEAUT
59379 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\SYSTEM32\OLEAUT
59380 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\OLEAUT
59381 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\SYSTEM32\OLEAUT
59382 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\RPCRT4
59383 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\SYSTEM32\RPCRT4
59384 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\RPCRT4
59385 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\SYSTEM32\RPCRT4
59386 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\RPCSS.
59387 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\SYSTEM32\RPCSS.
59388 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\RPCSS.
59389 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\SYSTEM32\RPCSS.
59390 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\SETUPA
59391 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\SYSTEM32\SETUPA
59392 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\SETUPA
59393 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\SYSTEM32\SETUPA
59394 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\SHELL3
59395 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\SYSTEM32\SHELL3
59396 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\SHELL3
59397 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\SYSTEM32\SHELL3
59398 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\SHLWAP
59399 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\SYSTEM32\SHLWAP
59400 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\SHLWAP
59401 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\SYSTEM32\SHLWAP
59402 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\SORTKE
59403 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\SYSTEM32\SORTKE
59404 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\SORTKE
59405 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\SYSTEM32\SORTKE
59406 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\SORTTB
59407 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\SYSTEM32\SORTTB
59408 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\SORTTB
59409 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\SYSTEM32\SORTTB
59410 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\UNICOD
59411 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\SYSTEM32\UNICOD
59412 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\UNICOD
59413 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\SYSTEM32\UNICOD
59414 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\USER32
59415 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\SYSTEM32\USER32
59416 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\USER32
59417 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\SYSTEM32\USER32
59418 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\UXTHEM
59419 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\SYSTEM32\UXTHEM
59420 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\UXTHEM
59421 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\SYSTEM32\UXTHEM
59422 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\VERSIO
59423 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\SYSTEM32\VERSIO
59424 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\VERSIO
59425 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\SYSTEM32\VERSIO
59426 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\WINDOWSSHELL.MA
59427 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\WINDOWSSHELL.MA
59428 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\WINDOWSSHELL.MA
59429 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\WINDOWSSHELL.MA
59430 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\WINSXS\X86_MICR
59431 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\WINSXS\X86_MICR
59432 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\WINSXS\X86_MICR
59433 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\WINSXS\X86_MICR
59434 7:26:47 PM svchost.exe:788 OPEN G:\DESKTOP.INI SUCCESS Options: Open Access: All
59435 7:26:47 PM svchost.exe:788 QUERY INFORMATION G:\DESKTOP.INI SUCCESS Attributes: HSA
59436 7:26:47 PM svchost.exe:788 CLOSE G:\DESKTOP.INI SUCCESS
59437 7:26:47 PM svchost.exe:788 OPEN G:\DESKTOP.INI SUCCESS Options: Open Access: All
59438 7:26:47 PM svchost.exe:788 QUERY INFORMATION G:\DESKTOP.INI SUCCESS FileInternalInformation
59439 7:26:47 PM svchost.exe:788 CLOSE G:\DESKTOP.INI SUCCESS
59440 7:26:47 PM svchost.exe:788 OPEN E:\ SUCCESS Options: Open Access: All
59441 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\ SUCCESS FileInternalInformation
59442 7:26:47 PM svchost.exe:788 CLOSE E:\ SUCCESS
59443 7:26:47 PM svchost.exe:788 OPEN E:\DOCUMENTS AND SETTINGS\ SUCCESS Options: Open Access: All
59444 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\DOCUMENTS AND SETTINGS\ SUCCESS FileInternalInformation
59445 7:26:47 PM svchost.exe:788 CLOSE E:\DOCUMENTS AND SETTINGS\ SUCCESS
59446 7:26:47 PM svchost.exe:788 OPEN E:\DOCUMENTS AND SETTINGS\ALL USERS\ SUCCESS Options: Open Access: All
59447 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\DOCUMENTS AND SETTINGS\ALL USERS\ SUCCESS FileInternalInformation
59448 7:26:47 PM svchost.exe:788 CLOSE E:\DOCUMENTS AND SETTINGS\ALL USERS\ SUCCESS
59449 7:26:47 PM svchost.exe:788 OPEN E:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\ SUCCESS Options: Open Access: All
59450 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\ SUCCESS FileInternalInformation
59451 7:26:47 PM svchost.exe:788 CLOSE E:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\ SUCCESS
59452 7:26:47 PM svchost.exe:788 OPEN E:\DOCUMENTS AND SETTINGS\USER NAME\ SUCCESS Options: Open Access: All
59453 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\DOCUMENTS AND SETTINGS\USER NAME\ SUCCESS FileInternalInformation
59454 7:26:47 PM svchost.exe:788 CLOSE E:\DOCUMENTS AND SETTINGS\USER NAME\ SUCCESS
59455 7:26:47 PM svchost.exe:788 OPEN E:\DOCUMENTS AND SETTINGS\USER NAME\DESKTOP\ SUCCESS Options: Open Access: All
59456 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\DOCUMENTS AND SETTINGS\USER NAME\DESKTOP\ SUCCESS FileInternalInformation
59457 7:26:47 PM svchost.exe:788 CLOSE E:\DOCUMENTS AND SETTINGS\USER NAME\DESKTOP\ SUCCESS
59458 7:26:47 PM svchost.exe:788 OPEN E:\DOCUMENTS AND SETTINGS\USER NAME\DESKTOP\JUNK\ SUCCESS Options: Open Access: All
59459 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\DOCUMENTS AND SETTINGS\USER NAME\DESKTOP\JUNK\ SUCCESS FileInternalInformation
59460 7:26:47 PM svchost.exe:788 CLOSE E:\DOCUMENTS AND SETTINGS\USER NAME\DESKTOP\JUNK\ SUCCESS
59461 7:26:47 PM svchost.exe:788 OPEN E:\DOCUMENTS AND SETTINGS\USER NAME\DESKTOP\JUNK\_XP CHANGER\ SUCCESS Options: Open Access: All
59462 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\DOCUMENTS AND SETTINGS\USER NAME\DESKTOP\JUNK\_XP CHANGER\ SUCCESS FileInternalInformation
59463 7:26:47 PM svchost.exe:788 CLOSE E:\DOCUMENTS AND SETTINGS\USER NAME\DESKTOP\JUNK\_XP CHANGER\ SUCCESS
59464 7:26:47 PM svchost.exe:788 OPEN E:\DOCUMENTS AND SETTINGS\USER NAME\DESKTOP\JUNK\_XP CHANGER\TEMPORARY INTERNET FILES\ SUCCESS Options: Open Access: All
59465 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\DOCUMENTS AND SETTINGS\USER NAME\DESKTOP\JUNK\_XP CHANGER\TEMPORARY INTERNET FILES\ SUCCESS FileInternalInformation
59466 7:26:47 PM svchost.exe:788 CLOSE E:\DOCUMENTS AND SETTINGS\USER NAME\DESKTOP\JUNK\_XP CHANGER\TEMPORARY INTERNET FILES\ SUCCESS
59467 7:26:47 PM svchost.exe:788 OPEN E:\DOCUMENTS AND SETTINGS\USER NAME\DESKTOP\JUNK\_XP CHANGER\TEMPORARY INTERNET FILES\CONTENT.IE5\ SUCCESS Options: Open Access: All
59468 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\DOCUMENTS AND SETTINGS\USER NAME\DESKTOP\JUNK\_XP CHANGER\TEMPORARY INTERNET FILES\CONTENT.IE5\ SUCCESS FileInternalInformation
59469 7:26:47 PM svchost.exe:788 CLOSE E:\DOCUMENTS AND SETTINGS\USER NAME\DESKTOP\JUNK\_XP CHANGER\TEMPORARY INTERNET FILES\CONTENT.IE5\ SUCCESS
59470 7:26:47 PM svchost.exe:788 OPEN E:\DOCUMENTS AND SETTINGS\USER NAME\DESKTOP\JUNK\_XP CHANGER\TEMPORARY INTERNET FILES\CONTENT.IE5\5STYUYRS
59471 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\DOCUMENTS AND SETTINGS\USER NAME\DESKTOP\JUNK\_XP CHANGER\TEMPORARY INTERNET FILES\CONTENT.IE5\5STYUYRS
59472 7:26:47 PM svchost.exe:788 CLOSE E:\DOCUMENTS AND SETTINGS\USER NAME\DESKTOP\JUNK\_XP CHANGER\TEMPORARY INTERNET FILES\CONTENT.IE5\5STYUYRS
59473 7:26:47 PM svchost.exe:788 OPEN E:\DOCUME~1\ SUCCESS Options: Open Access: All
59474 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\DOCUME~1\ SUCCESS FileInternalInformation
59475 7:26:47 PM svchost.exe:788 CLOSE E:\DOCUME~1\ SUCCESS
59476 7:26:47 PM svchost.exe:788 OPEN E:\DOCUME~1\USER~1\ SUCCESS Options: Open Access: All
59477 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\DOCUME~1\USER~1\ SUCCESS FileInternalInformation
59478 7:26:47 PM svchost.exe:788 CLOSE E:\DOCUME~1\USER~1\ SUCCESS
59479 7:26:47 PM svchost.exe:788 OPEN E:\DOCUME~1\USER~1\LOCALS~
59480 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\DOCUME~1\USER~1\LOCALS~
59481 7:26:47 PM svchost.exe:788 CLOSE E:\DOCUME~1\USER~1\LOCALS~
59482 7:26:47 PM svchost.exe:788 OPEN E:\DOCUME~1\USER~1\LOCALS~
59483 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\DOCUME~1\USER~1\LOCALS~
59484 7:26:47 PM svchost.exe:788 CLOSE E:\DOCUME~1\USER~1\LOCALS~
59485 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\ SUCCESS Options: Open Access: All
59486 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\ SUCCESS FileInternalInformation
59487 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\ SUCCESS
59488 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\REGISTRATION\ SUCCESS Options: Open Access: All
59489 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\REGISTRATION\ SUCCESS FileInternalInformation
59490 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\REGISTRATION\ SUCCESS
59491 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\SYSTEM32\ SUCCESS Options: Open Access: All
59492 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\ SUCCESS FileInternalInformation
59493 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\SYSTEM32\ SUCCESS
59494 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\WINSXS\ SUCCESS Options: Open Access: All
59495 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\WINSXS\ SUCCESS FileInternalInformation
59496 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\WINSXS\ SUCCESS
59497 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\WINSXS\X86_MICR
59498 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\WINSXS\X86_MICR
59499 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\WINSXS\X86_MICR
59500 7:26:47 PM svchost.exe:788 OPEN G:\ SUCCESS Options: Open Access: All
59501 7:26:47 PM svchost.exe:788 QUERY INFORMATION G:\ SUCCESS FileInternalInformation
59502 7:26:47 PM svchost.exe:788 CLOSE G:\ SUCCESS
59503 7:26:47 PM svchost.exe:788 CREATE E:\WINDOWS\Prefetch\ACCESS
59504 7:26:47 PM svchost.exe:788 WRITE E:\WINDOWS\Prefetch\ACCESS
59505 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\Prefetch\ACCESS
59506 7:26:47 PM mcshield.exe:1336 OPEN E:\WINDOWS\Prefetch\ACCESS
59507 7:26:47 PM mcshield.exe:1336 QUERY INFORMATION E:\WINDOWS\Prefetch\ACCESS
59508 7:26:47 PM mcshield.exe:1336 SET INFORMATION E:\WINDOWS\Prefetch\ACCESS
59509 7:26:47 PM mcshield.exe:1336 QUERY INFORMATION E:\WINDOWS\Prefetch\ACCESS
59510 7:26:47 PM mcshield.exe:1336 CLOSE E:\WINDOWS\Prefetch\ACCESS
59511 7:26:47 PM mcshield.exe:1336 OPEN E:\WINDOWS\Prefetch\ACCESS
59512 7:26:47 PM mcshield.exe:1336 SET INFORMATION E:\WINDOWS\Prefetch\ACCESS
59513 7:26:47 PM mcshield.exe:1336 QUERY INFORMATION E:\WINDOWS\Prefetch\ACCESS
59514 7:26:47 PM mcshield.exe:1336 CLOSE E:\WINDOWS\Prefetch\ACCESS
59515 7:26:47 PM mcshield.exe:1336 OPEN E:\WINDOWS\Prefetch\ACCESS
59516 7:26:47 PM mcshield.exe:1336 SET INFORMATION E:\WINDOWS\Prefetch\ACCESS
59517 7:26:47 PM mcshield.exe:1336 READ E:\WINDOWS\Prefetch\ACCESS
59518 7:26:47 PM mcshield.exe:1336 CLOSE E:\WINDOWS\Prefetch\ACCESS
59519 7:26:47 PM mcshield.exe:1336 OPEN E:\WINDOWS\Prefetch\ACCESS
59520 7:26:47 PM mcshield.exe:1336 SET INFORMATION E:\WINDOWS\Prefetch\ACCESS
59521 7:26:47 PM mcshield.exe:1336 QUERY INFORMATION E:\WINDOWS\Prefetch\ACCESS
59522 7:26:47 PM mcshield.exe:1336 CLOSE E:\WINDOWS\Prefetch\ACCESS
59523 7:26:47 PM cmd.exe:2544 OPEN E: SUCCESS Options: Open Access: All
59524 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E: BUFFER OVERFLOW FileFsVolumeInformation
59525 7:26:47 PM cmd.exe:2544 OPEN G: SUCCESS Options: Open Access: All
59526 7:26:47 PM cmd.exe:2544 QUERY INFORMATION G: BUFFER OVERFLOW FileFsVolumeInformation
59527 7:26:47 PM cmd.exe:2544 OPEN E:\ SUCCESS Options: Open Directory Access: All
59528 7:26:47 PM cmd.exe:2544 DIRECTORY E:\ SUCCESS FileNamesInformation
59529 7:26:47 PM cmd.exe:2544 DIRECTORY E:\ NO MORE FILES FileNamesInformation
59530 7:26:47 PM cmd.exe:2544 OPEN E:\DOCUMENTS AND SETTINGS\ SUCCESS Options: Open Directory Access: All
59531 7:26:47 PM cmd.exe:2544 DIRECTORY E:\DOCUMENTS AND SETTINGS\ SUCCESS FileNamesInformation
59532 7:26:47 PM cmd.exe:2544 DIRECTORY E:\DOCUMENTS AND SETTINGS\ NO MORE FILES FileNamesInformation
59533 7:26:47 PM cmd.exe:2544 OPEN E:\DOCUMENTS AND SETTINGS\User Name\ SUCCESS Options: Open Directory Access: All
59534 7:26:47 PM cmd.exe:2544 DIRECTORY E:\DOCUMENTS AND SETTINGS\USER NAME\ SUCCESS FileNamesInformation
59535 7:26:47 PM cmd.exe:2544 DIRECTORY E:\DOCUMENTS AND SETTINGS\USER NAME\ NO MORE FILES FileNamesInformation
59536 7:26:47 PM cmd.exe:2544 OPEN E:\DOCUMENTS AND SETTINGS\USER NAME\LOCAL SETTINGS\ SUCCESS Options: Open Directory Access: All
59537 7:26:47 PM cmd.exe:2544 DIRECTORY E:\DOCUMENTS AND SETTINGS\USER NAME\LOCAL SETTINGS\ SUCCESS FileNamesInformation
59538 7:26:47 PM cmd.exe:2544 DIRECTORY E:\DOCUMENTS AND SETTINGS\USER NAME\LOCAL SETTINGS\ NO MORE FILES FileNamesInformation
59539 7:26:47 PM cmd.exe:2544 OPEN E:\DOCUMENTS AND SETTINGS\USER NAME\LOCAL SETTINGS\TEMPORARY INTERNET FILES\ SUCCESS Options: Open Directory Access: All
59540 7:26:47 PM cmd.exe:2544 DIRECTORY E:\DOCUMENTS AND SETTINGS\USER NAME\LOCAL SETTINGS\TEMPORARY INTERNET FILES\ SUCCESS FileNamesInformation
59541 7:26:47 PM cmd.exe:2544 DIRECTORY E:\DOCUMENTS AND SETTINGS\USER NAME\LOCAL SETTINGS\TEMPORARY INTERNET FILES\ NO MORE FILES FileNamesInformation
59542 7:26:47 PM cmd.exe:2544 OPEN E:\DOCUMENTS AND SETTINGS\USER NAME\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\ SUCCESS Options: Open Directory Access: All
59543 7:26:47 PM cmd.exe:2544 DIRECTORY E:\DOCUMENTS AND SETTINGS\USER NAME\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\ SUCCESS FileNamesInformation
59544 7:26:47 PM cmd.exe:2544 DIRECTORY E:\DOCUMENTS AND SETTINGS\USER NAME\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\ NO MORE FILES FileNamesInformation
59545 7:26:47 PM cmd.exe:2544 OPEN E:\DOCUMENTS AND SETTINGS\USER NAME\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\0P234PYJ
59546 7:26:47 PM cmd.exe:2544 OPEN E:\WINDOWS\ SUCCESS Options: Open Directory Access: All
59547 7:26:47 PM cmd.exe:2544 DIRECTORY E:\WINDOWS\ SUCCESS FileNamesInformation
59548 7:26:47 PM cmd.exe:2544 DIRECTORY E:\WINDOWS\ NO MORE FILES FileNamesInformation
59549 7:26:47 PM cmd.exe:2544 OPEN E:\WINDOWS\SYSTEM32\ SUCCESS Options: Open Directory Access: All
59550 7:26:47 PM cmd.exe:2544 DIRECTORY E:\WINDOWS\SYSTEM32\ SUCCESS FileNamesInformation
59551 7:26:47 PM cmd.exe:2544 DIRECTORY E:\WINDOWS\SYSTEM32\ SUCCESS FileNamesInformation
59552 7:26:47 PM cmd.exe:2544 DIRECTORY E:\WINDOWS\SYSTEM32\ SUCCESS FileNamesInformation
59553 7:26:47 PM cmd.exe:2544 DIRECTORY E:\WINDOWS\SYSTEM32\ SUCCESS FileNamesInformation
59554 7:26:47 PM cmd.exe:2544 DIRECTORY E:\WINDOWS\SYSTEM32\ SUCCESS FileNamesInformation
59555 7:26:47 PM cmd.exe:2544 DIRECTORY E:\WINDOWS\SYSTEM32\ NO MORE FILES FileNamesInformation
59556 7:26:47 PM cmd.exe:2544 OPEN E:\WINDOWS\SYSTEM32\NTDLL.
59557 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\WINDOWS\SYSTEM32\NTDLL.
59558 7:26:47 PM cmd.exe:2544 OPEN E:\WINDOWS\SYSTEM32\KERNEL
59559 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\WINDOWS\SYSTEM32\KERNEL
59560 7:26:47 PM cmd.exe:2544 OPEN E:\WINDOWS\SYSTEM32\UNICOD
59561 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\WINDOWS\SYSTEM32\UNICOD
59562 7:26:47 PM cmd.exe:2544 OPEN E:\WINDOWS\SYSTEM32\LOCALE
59563 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\WINDOWS\SYSTEM32\LOCALE
59564 7:26:47 PM cmd.exe:2544 OPEN E:\WINDOWS\SYSTEM32\SORTTB
59565 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\WINDOWS\SYSTEM32\SORTTB
59566 7:26:47 PM cmd.exe:2544 OPEN E:\WINDOWS\SYSTEM32\MSVCRT
59567 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\WINDOWS\SYSTEM32\MSVCRT
59568 7:26:47 PM cmd.exe:2544 OPEN E:\WINDOWS\SYSTEM32\USER32
59569 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\WINDOWS\SYSTEM32\USER32
59570 7:26:47 PM cmd.exe:2544 OPEN E:\WINDOWS\SYSTEM32\GDI32.
59571 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\WINDOWS\SYSTEM32\GDI32.
59572 7:26:47 PM cmd.exe:2544 OPEN E:\WINDOWS\SYSTEM32\ADVAPI
59573 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\WINDOWS\SYSTEM32\ADVAPI
59574 7:26:47 PM cmd.exe:2544 OPEN E:\WINDOWS\SYSTEM32\RPCRT4
59575 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\WINDOWS\SYSTEM32\RPCRT4
59576 7:26:47 PM cmd.exe:2544 OPEN E:\WINDOWS\SYSTEM32\CTYPE.
59577 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\WINDOWS\SYSTEM32\CTYPE.
59578 7:26:47 PM cmd.exe:2544 OPEN E:\WINDOWS\SYSTEM32\CMD.EX
59579 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\WINDOWS\SYSTEM32\CMD.EX
59580 7:26:47 PM cmd.exe:2544 OPEN E:\WINDOWS\SYSTEM32\NTDLL.
59581 7:26:47 PM cmd.exe:2544 OPEN E:\WINDOWS\SYSTEM32\KERNEL
59582 7:26:47 PM cmd.exe:2544 OPEN E:\WINDOWS\SYSTEM32\MSVCRT
59583 7:26:47 PM cmd.exe:2544 OPEN E:\WINDOWS\SYSTEM32\USER32
59584 7:26:47 PM cmd.exe:2544 OPEN E:\WINDOWS\SYSTEM32\GDI32.
59585 7:26:47 PM cmd.exe:2544 OPEN E:\WINDOWS\SYSTEM32\ADVAPI
59586 7:26:47 PM cmd.exe:2544 OPEN E:\WINDOWS\SYSTEM32\RPCRT4
59587 7:26:47 PM cmd.exe:2544 OPEN E:\WINDOWS\SYSTEM32\CMD.EX
59588 7:26:47 PM cmd.exe:2544 READ E:\WINDOWS\SYSTEM32\CMD.EX
59589 7:26:47 PM cmd.exe:2544 READ E:\WINDOWS\SYSTEM32\CMD.EX
59590 7:26:47 PM cmd.exe:2544 READ E:\WINDOWS\SYSTEM32\CMD.EX
59591 7:26:47 PM cmd.exe:2544 OPEN E:\Documents and Settings\User Name\Desktop SUCCESS Options: Open Directory Access: Traverse
59592 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\WINDOWS\system32\cmd.ex
59593 7:26:47 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\kernel
59594 7:26:47 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\KERNEL
59595 7:26:47 PM csrss.exe:480 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\cmd.exe FILE NOT FOUND Attributes: Error
59596 7:26:47 PM csrss.exe:480 QUERY INFORMATION E:\??\E:\WINDOWS\system32\
59597 7:26:47 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\system32\cmd.ex
59598 7:26:47 PM csrss.exe:480 OPEN E:\WINDOWS\system32\cmd.ex
59599 7:26:47 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\system32\cmd.ex
59600 7:26:47 PM csrss.exe:480 SET INFORMATION E:\WINDOWS\system32\cmd.ex
59601 7:26:47 PM csrss.exe:480 READ E:\WINDOWS\system32\cmd.ex
59602 7:26:47 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\system32\cmd.ex
59603 7:26:47 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\system32\cmd.ex
59604 7:26:47 PM csrss.exe:480 READ E:\WINDOWS\system32\cmd.ex
59605 7:26:47 PM csrss.exe:480 CLOSE E:\WINDOWS\system32\cmd.ex
59606 7:26:47 PM csrss.exe:480 READ E: SUCCESS Offset: 21504 Length: 4096
59607 7:26:47 PM explorer.exe:3188 QUERY INFORMATION E:\Program Files\PBStudio3\Install.ex
59608 7:26:47 PM csrss.exe:480 READ E: SUCCESS Offset: 58368 Length: 12288
59609 7:26:47 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\msvcrt
59610 7:26:47 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\MSVCRT
59611 7:26:47 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\user32
59612 7:26:47 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\USER32
59613 7:26:47 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\gdi32.
59614 7:26:47 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\GDI32.
59615 7:26:47 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\advapi
59616 7:26:47 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\ADVAPI
59617 7:26:47 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\rpcrt4
59618 7:26:47 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\RPCRT4
59619 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop SUCCESS Attributes: D
59620 7:26:47 PM cmd.exe:2544 OPEN E:\ SUCCESS Options: Open Directory Access: All
59621 7:26:47 PM cmd.exe:2544 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
59622 7:26:47 PM cmd.exe:2544 CLOSE E:\ SUCCESS
59623 7:26:47 PM cmd.exe:2544 OPEN E:\Documents and Settings\ SUCCESS Options: Open Directory Access: All
59624 7:26:47 PM cmd.exe:2544 DIRECTORY E:\Documents and Settings\ SUCCESS FileBothDirectoryInformati
59625 7:26:47 PM cmd.exe:2544 CLOSE E:\Documents and Settings\ SUCCESS
59626 7:26:47 PM cmd.exe:2544 OPEN E:\Documents and Settings\User Name\ SUCCESS Options: Open Directory Access: All
59627 7:26:47 PM cmd.exe:2544 DIRECTORY E:\Documents and Settings\User Name\ SUCCESS FileBothDirectoryInformati
59628 7:26:47 PM cmd.exe:2544 CLOSE E:\Documents and Settings\User Name\ SUCCESS
59629 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop SUCCESS Attributes: D
59630 7:26:47 PM cmd.exe:2544 OPEN E:\ SUCCESS Options: Open Directory Access: All
59631 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\ SUCCESS FileNameInformation
59632 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\ SUCCESS FileFsVolumeInformation
59633 7:26:47 PM cmd.exe:2544 CLOSE E:\ SUCCESS
59634 7:26:47 PM cmd.exe:2544 OPEN E:\DOCUME~1\USER~1\LOCALS~
59635 7:26:47 PM cmd.exe:2544 DIRECTORY E:\DOCUME~1\USER~1\LOCALS~
59636 7:26:47 PM cmd.exe:2544 CLOSE E:\DOCUME~1\USER~1\LOCALS~
59637 7:26:47 PM cmd.exe:2544 OPEN E:\DOCUME~1\USER~1\LOCALS~
59638 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\DOCUME~1\USER~1\LOCALS~
59639 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\DOCUME~1\USER~1\LOCALS~
59640 7:26:47 PM cmd.exe:2544 OPEN E:\ SUCCESS Options: Open Directory Access: All
59641 7:26:47 PM cmd.exe:2544 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
59642 7:26:47 PM cmd.exe:2544 CLOSE E:\ SUCCESS
59643 7:26:47 PM cmd.exe:2544 OPEN E:\DOCUME~1\ SUCCESS Options: Open Directory Access: All
59644 7:26:47 PM cmd.exe:2544 DIRECTORY E:\DOCUME~1\ SUCCESS FileBothDirectoryInformati
59645 7:26:47 PM cmd.exe:2544 CLOSE E:\DOCUME~1\ SUCCESS
59646 7:26:47 PM cmd.exe:2544 OPEN E:\DOCUME~1\USER~1\ SUCCESS Options: Open Directory Access: All
59647 7:26:47 PM cmd.exe:2544 DIRECTORY E:\DOCUME~1\USER~1\ SUCCESS FileBothDirectoryInformati
59648 7:26:47 PM cmd.exe:2544 CLOSE E:\DOCUME~1\USER~1\ SUCCESS
59649 7:26:47 PM cmd.exe:2544 OPEN E:\DOCUME~1\USER~1\LOCALS~
59650 7:26:47 PM cmd.exe:2544 DIRECTORY E:\DOCUME~1\USER~1\LOCALS~
59651 7:26:47 PM cmd.exe:2544 CLOSE E:\DOCUME~1\USER~1\LOCALS~
59652 7:26:47 PM cmd.exe:2544 OPEN E:\DOCUME~1\USER~1\LOCALS~
59653 7:26:47 PM cmd.exe:2544 DIRECTORY E:\DOCUME~1\USER~1\LOCALS~
59654 7:26:47 PM cmd.exe:2544 CLOSE E:\DOCUME~1\USER~1\LOCALS~
59655 7:26:47 PM cmd.exe:2544 CLOSE E:\DOCUME~1\USER~1\LOCALS~
59656 7:26:47 PM cmd.exe:2544 OPEN E:\DOCUME~1\USER~1\LOCALS~
59657 7:26:47 PM cmd.exe:2544 READ E:\DOCUME~1\USER~1\LOCALS~
59658 7:26:47 PM cmd.exe:2544 CLOSE E:\DOCUME~1\USER~1\LOCALS~
59659 7:26:47 PM cmd.exe:2544 OPEN E:\DOCUME~1\USER~1\LOCALS~
59660 7:26:47 PM cmd.exe:2544 READ E:\DOCUME~1\USER~1\LOCALS~
59661 7:26:47 PM cmd.exe:2544 CLOSE E:\DOCUME~1\USER~1\LOCALS~
59662 7:26:47 PM cmd.exe:2544 OPEN E:\DOCUME~1\USER~1\LOCALS~
59663 7:26:47 PM cmd.exe:2544 READ E:\DOCUME~1\USER~1\LOCALS~
59664 7:26:47 PM cmd.exe:2544 CLOSE E:\DOCUME~1\USER~1\LOCALS~
59665 7:26:47 PM cmd.exe:2544 CREATE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59666 7:26:47 PM explorer.exe:3188 DIRECTORY E:\Documents and Settings\User Name\Desktop NOTIFY ENUM DIR Change Notify
59667 7:26:47 PM cmd.exe:2544 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59668 7:26:47 PM cmd.exe:2544 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59669 7:26:47 PM explorer.exe:3188 DIRECTORY E:\Documents and Settings\User Name\Desktop NOTIFY ENUM DIR Change Notify
59670 7:26:47 PM mcshield.exe:1336 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59671 7:26:47 PM mcshield.exe:1336 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59672 7:26:47 PM mcshield.exe:1336 SET INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59673 7:26:47 PM mcshield.exe:1336 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59674 7:26:47 PM mcshield.exe:1336 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59675 7:26:47 PM mcshield.exe:1336 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59676 7:26:47 PM mcshield.exe:1336 SET INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59677 7:26:47 PM mcshield.exe:1336 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59678 7:26:47 PM mcshield.exe:1336 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59679 7:26:47 PM mcshield.exe:1336 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59680 7:26:47 PM mcshield.exe:1336 SET INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59681 7:26:47 PM mcshield.exe:1336 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59682 7:26:47 PM mcshield.exe:1336 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59683 7:26:47 PM mcshield.exe:1336 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59684 7:26:47 PM mcshield.exe:1336 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59685 7:26:47 PM mcshield.exe:1336 SET INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59686 7:26:47 PM mcshield.exe:1336 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59687 7:26:47 PM mcshield.exe:1336 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59688 7:26:47 PM cmd.exe:2544 OPEN E:\DOCUME~1\USER~1\LOCALS~
59689 7:26:47 PM cmd.exe:2544 READ E:\DOCUME~1\USER~1\LOCALS~
59690 7:26:47 PM cmd.exe:2544 CLOSE E:\DOCUME~1\USER~1\LOCALS~
59691 7:26:47 PM cmd.exe:2544 OPEN E:\ SUCCESS Options: Open Directory Access: All
59692 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\ SUCCESS FileNameInformation
59693 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\ SUCCESS FileFsAttributeInformation
59694 7:26:47 PM cmd.exe:2544 CLOSE E:\ SUCCESS
59695 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59696 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59697 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59698 7:26:47 PM cmd.exe:2544 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59699 7:26:47 PM cmd.exe:2544 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59700 7:26:47 PM cmd.exe:2544 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59701 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59702 7:26:47 PM cmd.exe:2544 DELETE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59703 7:26:47 PM cmd.exe:2544 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59704 7:26:47 PM explorer.exe:3188 DIRECTORY E:\Documents and Settings\User Name\Desktop NOTIFY ENUM DIR Change Notify
59705 7:26:47 PM cmd.exe:2544 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59706 7:26:47 PM cmd.exe:2544 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59707 7:26:47 PM explorer.exe:3188 DIRECTORY E:\Documents and Settings\User Name\Desktop Change Notify
59708 7:26:47 PM cmd.exe:2544 OPEN E:\DOCUME~1\USER~1\LOCALS~
59709 7:26:47 PM cmd.exe:2544 READ E:\DOCUME~1\USER~1\LOCALS~
59710 7:26:47 PM cmd.exe:2544 CLOSE E:\DOCUME~1\USER~1\LOCALS~
59711 7:26:47 PM cmd.exe:2544 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59712 7:26:47 PM cmd.exe:2544 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59713 7:26:47 PM cmd.exe:2544 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59714 7:26:47 PM cmd.exe:2544 OPEN E:\DOCUME~1\USER~1\LOCALS~
59715 7:26:47 PM cmd.exe:2544 READ E:\DOCUME~1\User Name~1\LOCALS~1\Temp\hmkc.
59716 7:26:47 PM cmd.exe:2544 CLOSE E:\DOCUME~1\USER~1\LOCALS~
59717 7:26:47 PM cmd.exe:2544 OPEN E:\ SUCCESS Options: Open Directory Access: All
59718 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\ SUCCESS FileNameInformation
59719 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\ SUCCESS FileFsAttributeInformation
59720 7:26:47 PM cmd.exe:2544 CLOSE E:\ SUCCESS
59721 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\DOCUME~1\USER~1\LOCALS~
59722 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\DOCUME~1\USER~1\LOCALS~
59723 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\DOCUME~1\USER~1\LOCALS~
59724 7:26:47 PM cmd.exe:2544 OPEN E:\DOCUME~1\USER~1\LOCALS~
59725 7:26:47 PM cmd.exe:2544 DIRECTORY E:\DOCUME~1\USER~1\LOCALS~
59726 7:26:47 PM cmd.exe:2544 OPEN E:\DOCUME~1\USER~1\LOCALS~
59727 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\DOCUME~1\USER~1\LOCALS~
59728 7:26:47 PM cmd.exe:2544 DELETE E:\DOCUME~1\USER~1\LOCALS~
59729 7:26:47 PM cmd.exe:2544 CLOSE E:\DOCUME~1\USER~1\LOCALS~
59730 7:26:47 PM cmd.exe:2544 DIRECTORY E:\DOCUME~1\USER~1\LOCALS~
59731 7:26:47 PM cmd.exe:2544 CLOSE E:\DOCUME~1\USER~1\LOCALS~
59732 7:26:47 PM cmd.exe:2544 OPEN E:\DOCUME~1\USER~1\LOCALS~
59733 7:26:47 PM csrss.exe:480 OPEN E:\WINDOWS\FONTS\VGAOEM.FO
59734 7:26:47 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\FONTS\VGAOEM.FO
59735 7:26:47 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\FONTS\VGAOEM.FO
59736 7:26:47 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\FONTS\VGAOEM.FO
59737 7:26:47 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\FONTS\VGAOEM.FO
59738 7:26:47 PM csrss.exe:480 CLOSE E:\WINDOWS\FONTS\VGAOEM.FO
59739 7:26:47 PM csrss.exe:480 READ E:\WINDOWS\FONTS\VGAOEM.FO
59740 7:26:47 PM cmd.exe:2544 CLOSE E:\Documents and Settings\User Name\Desktop SUCCESS
59741 7:26:47 PM explorer.exe:3188 QUERY INFORMATION E:\Program Files\Magic Notes\Sticky32.exe SUCCESS Attributes: A
59742 7:26:47 PM explorer.exe:3188 OPEN E:\Program Files\Magic Notes\Sticky32.exe SUCCESS Options: Open Access: Execute
59743 7:26:47 PM explorer.exe:3188 QUERY INFORMATION E:\Program Files\Magic Notes\Sticky32.exe SUCCESS Length: 194810
59744 7:26:47 PM explorer.exe:3188 CLOSE E:\Program Files\Magic Notes\Sticky32.exe SUCCESS
As you can see access[1].exe is generated somehow,
then cmd.exe which keeps reappearing, deletes this, there is no spyware, antivirus tool that removes this...
and i can't seem to be able to go to safe mode
help please! guys!
here is a filesystem log....
57515 7:26:12 PM IEXPLORE.EXE:2344 READ E:\WINDOWS\System\crlds3d.
57516 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57517 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57518 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Local Settings\History\History.I
57519 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57520 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57521 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57522 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57523 7:26:12 PM IEXPLORE.EXE:2344 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\F6ATV1E7
57524 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\F6ATV1E7
57525 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57526 7:26:12 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\F6ATV1E7
57527 7:26:12 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\F6ATV1E7
57528 7:26:12 PM IEXPLORE.EXE:2344 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\F6ATV1E7
57529 7:26:12 PM IEXPLORE.EXE:2344 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\F6ATV1E7
57530 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57531 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57532 7:26:12 PM IEXPLORE.EXE:2344 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\F6ATV1E7
57533 7:26:12 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\F6ATV1E7
57534 7:26:12 PM IEXPLORE.EXE:2344 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\F6ATV1E7
57535 7:26:12 PM IEXPLORE.EXE:2344 CLOSE E:\WINDOWS\System32\iepeer
57536 7:26:12 PM IEXPLORE.EXE:2344 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\F6ATV1E7
57537 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57538 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57539 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57540 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57541 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57542 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57543 7:26:12 PM IEXPLORE.EXE:2344 OPEN E:\WINDOWS\System32\iepeer
57544 7:26:12 PM IEXPLORE.EXE:2344 READ E:\WINDOWS\System32\iepeer
57545 7:26:12 PM IEXPLORE.EXE:2344 READ E:\WINDOWS\System32\iepeer
57546 7:26:12 PM IEXPLORE.EXE:2344 READ E:\WINDOWS\System32\iepeer
57547 7:26:12 PM IEXPLORE.EXE:2344 READ E:\WINDOWS\System32\iepeer
57548 7:26:12 PM IEXPLORE.EXE:2344 READ E:\WINDOWS\System32\iepeer
57549 7:26:12 PM IEXPLORE.EXE:2344 READ E:\WINDOWS\System32\iepeer
57550 7:26:12 PM IEXPLORE.EXE:2344 READ E:\WINDOWS\System32\iepeer
57551 7:26:12 PM IEXPLORE.EXE:2344 READ E:\WINDOWS\System32\iepeer
57552 7:26:12 PM IEXPLORE.EXE:2344 READ E:\WINDOWS\System32\iepeer
57553 7:26:12 PM IEXPLORE.EXE:2344 READ E:\WINDOWS\System32\iepeer
57554 7:26:12 PM IEXPLORE.EXE:2344 READ E:\WINDOWS\System32\iepeer
57555 7:26:12 PM IEXPLORE.EXE:2344 READ E:\WINDOWS\System32\iepeer
57556 7:26:12 PM IEXPLORE.EXE:2344 READ E:\WINDOWS\System32\iepeer
57557 7:26:12 PM IEXPLORE.EXE:2344 READ E:\WINDOWS\System32\iepeer
57558 7:26:12 PM IEXPLORE.EXE:2344 READ E:\WINDOWS\System32\iepeer
57559 7:26:12 PM IEXPLORE.EXE:2344 READ E:\WINDOWS\System32\iepeer
57560 7:26:12 PM IEXPLORE.EXE:2344 READ E:\WINDOWS\System32\iepeer
57561 7:26:12 PM IEXPLORE.EXE:2344 READ E:\WINDOWS\System32\iepeer
57562 7:26:12 PM IEXPLORE.EXE:2344 READ E:\WINDOWS\System32\iepeer
57563 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\WINDOWS\System32\iepeer
57564 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\WINDOWS\System32\iepeer
57565 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57566 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Local Settings\History\History.I
57567 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57568 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Local Settings\History\History.I
57569 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57570 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Local Settings\History\History.I
57571 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57572 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Local Settings\History\History.I
57573 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57574 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Local Settings\History\History.I
57575 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57576 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Local Settings\History\History.I
57577 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57578 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Local Settings\History\History.I
57579 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57580 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Local Settings\History\History.I
57581 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57582 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Local Settings\History\History.I
57583 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57584 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Local Settings\History\History.I
57585 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57586 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Local Settings\History\History.I
57587 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57588 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Local Settings\History\History.I
57589 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57590 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57591 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Local Settings\History\History.I
57592 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57593 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Local Settings\History\History.I
57594 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57595 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Local Settings\History\History.I
57596 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57597 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Local Settings\History\History.I
57598 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57599 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Local Settings\History\History.I
57600 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57601 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Local Settings\History\History.I
57602 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57603 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Local Settings\History\History.I
57604 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57605 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57606 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57607 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Local Settings\History\History.I
57608 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57609 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57610 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Local Settings\History\History.I
57611 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57612 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Local Settings\History\History.I
57613 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57614 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57615 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57616 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Local Settings\History\History.I
57617 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57618 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Local Settings\History\History.I
57619 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57620 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Local Settings\History\History.I
57621 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57622 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Local Settings\History\History.I
57623 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57624 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57625 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57626 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57627 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Program Files\Microsoft Office\Office10\EXCEL.EXE SUCCESS Attributes: RA
57628 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\PROGRA~1\MICROS~2\Offic
57629 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\WINDOWS\notepad.exe SUCCESS Attributes: A
57630 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Program Files\Microsoft Office\Office10\WINWORD.EX
57631 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\PROGRA~1\MICROS~2\Offic
57632 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\PROGRA~1\MICROS~2\Offic
57633 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57634 7:26:12 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Local Settings\History\History.I
57635 7:26:13 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57636 7:26:13 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57637 7:26:13 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57638 7:26:13 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57639 7:26:15 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57640 7:26:15 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57641 7:26:15 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57642 7:26:15 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57643 7:26:17 PM explorer.exe:3188 QUERY INFORMATION E:\Program Files\Magic Notes\Sticky32.exe SUCCESS Attributes: A
57644 7:26:17 PM explorer.exe:3188 OPEN E:\Program Files\Magic Notes\Sticky32.exe SUCCESS Options: Open Access: Execute
57645 7:26:17 PM explorer.exe:3188 QUERY INFORMATION E:\Program Files\Magic Notes\Sticky32.exe SUCCESS Length: 194810
57646 7:26:17 PM explorer.exe:3188 CLOSE E:\Program Files\Magic Notes\Sticky32.exe SUCCESS
57647 7:26:17 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57648 7:26:17 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57649 7:26:17 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57650 7:26:17 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57651 7:26:19 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57652 7:26:19 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57653 7:26:19 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57654 7:26:19 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57655 7:26:21 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57656 7:26:21 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57657 7:26:21 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57658 7:26:21 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57659 7:26:23 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57660 7:26:23 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57661 7:26:23 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57662 7:26:23 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57663 7:26:25 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57664 7:26:25 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57665 7:26:25 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57666 7:26:25 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57667 7:26:27 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57668 7:26:27 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57669 7:26:27 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57670 7:26:27 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57671 7:26:29 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57672 7:26:29 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57673 7:26:29 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57674 7:26:29 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57675 7:26:31 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57676 7:26:31 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57677 7:26:31 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57678 7:26:31 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57679 7:26:32 PM explorer.exe:3188 OPEN C:\ SUCCESS Options: Open Directory Access: All
57680 7:26:32 PM explorer.exe:3188 QUERY INFORMATION C:\ SUCCESS FileFsQuotaSetInformation
57681 7:26:32 PM explorer.exe:3188 CLOSE C:\ SUCCESS
57682 7:26:32 PM explorer.exe:3188 OPEN E:\ SUCCESS Options: Open Directory Access: All
57683 7:26:32 PM explorer.exe:3188 QUERY INFORMATION E:\ SUCCESS FileFsQuotaSetInformation
57684 7:26:32 PM explorer.exe:3188 CLOSE E:\ SUCCESS
57685 7:26:32 PM explorer.exe:3188 OPEN F:\ SUCCESS Options: Open Directory Access: All
57686 7:26:32 PM explorer.exe:3188 QUERY INFORMATION F:\ SUCCESS FileFsQuotaSetInformation
57687 7:26:32 PM explorer.exe:3188 CLOSE F:\ SUCCESS
57688 7:26:32 PM explorer.exe:3188 OPEN G:\ SUCCESS Options: Open Directory Access: All
57689 7:26:32 PM explorer.exe:3188 QUERY INFORMATION G:\ SUCCESS FileFsQuotaSetInformation
57690 7:26:32 PM explorer.exe:3188 CLOSE G:\ SUCCESS
57691 7:26:32 PM explorer.exe:3188 QUERY INFORMATION E:\Program Files\Magic Notes\Sticky32.exe SUCCESS Attributes: A
57692 7:26:32 PM explorer.exe:3188 OPEN E:\Program Files\Magic Notes\Sticky32.exe SUCCESS Options: Open Access: Execute
57693 7:26:32 PM explorer.exe:3188 QUERY INFORMATION E:\Program Files\Magic Notes\Sticky32.exe SUCCESS Length: 194810
57694 7:26:32 PM explorer.exe:3188 CLOSE E:\Program Files\Magic Notes\Sticky32.exe SUCCESS
57695 7:26:33 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57696 7:26:33 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57697 7:26:33 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57698 7:26:33 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57699 7:26:35 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57700 7:26:35 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57701 7:26:35 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57702 7:26:35 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57703 7:26:37 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57704 7:26:37 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57705 7:26:37 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57706 7:26:37 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57707 7:26:39 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57708 7:26:39 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57709 7:26:39 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57710 7:26:39 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57711 7:26:40 PM vsmon.exe:3948 OPEN E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Con
57712 7:26:40 PM vsmon.exe:3948 DIRECTORY E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Con
57713 7:26:40 PM vsmon.exe:3948 OPEN E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Con
57714 7:26:40 PM vsmon.exe:3948 DIRECTORY E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Con
57715 7:26:40 PM vsmon.exe:3948 CLOSE E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Con
57716 7:26:40 PM vsmon.exe:3948 OPEN E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Con
57717 7:26:40 PM vsmon.exe:3948 READ E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Con
57718 7:26:40 PM vsmon.exe:3948 CLOSE E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Con
57719 7:26:40 PM vsmon.exe:3948 DIRECTORY E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Con
57720 7:26:40 PM vsmon.exe:3948 CLOSE E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Con
57721 7:26:40 PM vsmon.exe:3948 OPEN E:\WINDOWS\System32\Ras\ SUCCESS Options: Open Directory Access: All
57722 7:26:40 PM vsmon.exe:3948 DIRECTORY E:\WINDOWS\System32\Ras\ NO SUCH FILE FileBothDirectoryInformati
57723 7:26:40 PM vsmon.exe:3948 CLOSE E:\WINDOWS\System32\Ras\ SUCCESS
57724 7:26:40 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\TEMP SUCCESS Attributes: D
57725 7:26:40 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\TEMP SUCCESS Attributes: D
57726 7:26:40 PM vsmon.exe:3948 OPEN C:\autoexec.bat SUCCESS Options: Open Access: All
57727 7:26:40 PM vsmon.exe:3948 QUERY INFORMATION C:\autoexec.bat SUCCESS Attributes: A
57728 7:26:40 PM vsmon.exe:3948 CLOSE C:\autoexec.bat SUCCESS
57729 7:26:40 PM vsmon.exe:3948 OPEN C:\autoexec.bat SUCCESS Options: Open Access: All
57730 7:26:40 PM vsmon.exe:3948 QUERY INFORMATION C:\autoexec.bat SUCCESS Length: 0
57731 7:26:40 PM vsmon.exe:3948 READ C:\autoexec.bat SUCCESS Offset: 0 Length: 0
57732 7:26:40 PM vsmon.exe:3948 CLOSE C:\autoexec.bat SUCCESS
57733 7:26:40 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\config
57734 7:26:40 PM vsmon.exe:3948 OPEN E:\WINDOWS\system32\config
57735 7:26:40 PM vsmon.exe:3948 DIRECTORY E:\WINDOWS\system32\config
57736 7:26:40 PM vsmon.exe:3948 CLOSE E:\WINDOWS\system32\config
57737 7:26:40 PM vsmon.exe:3948 OPEN E:\WINDOWS\system32\config
57738 7:26:40 PM vsmon.exe:3948 DIRECTORY E:\WINDOWS\system32\config
57739 7:26:40 PM vsmon.exe:3948 CLOSE E:\WINDOWS\system32\config
57740 7:26:40 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\config
57741 7:26:40 PM vsmon.exe:3948 OPEN E:\WINDOWS\system32\config
57742 7:26:40 PM vsmon.exe:3948 DIRECTORY E:\WINDOWS\system32\config
57743 7:26:40 PM vsmon.exe:3948 CLOSE E:\WINDOWS\system32\config
57744 7:26:40 PM vsmon.exe:3948 OPEN E:\WINDOWS\system32\config
57745 7:26:40 PM vsmon.exe:3948 DIRECTORY E:\WINDOWS\system32\config
57746 7:26:40 PM vsmon.exe:3948 CLOSE E:\WINDOWS\system32\config
57747 7:26:40 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\config
57748 7:26:40 PM vsmon.exe:3948 OPEN E:\WINDOWS\system32\config
57749 7:26:41 PM IEXPLORE.EXE:2344 READ E:\WINDOWS\system32\urlmon
57750 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57751 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57752 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57753 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57754 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Program Files\Internet Explorer\RASAPI32.DLL FILE NOT FOUND Attributes: Error
57755 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\RASAPI32.DLL FILE NOT FOUND Attributes: Error
57756 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\WINDOWS\System32\RASAPI
57757 7:26:41 PM IEXPLORE.EXE:2344 OPEN E:\WINDOWS\System32\RASAPI
57758 7:26:41 PM IEXPLORE.EXE:2344 CLOSE E:\WINDOWS\System32\RASAPI
57759 7:26:41 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\rasapi
57760 7:26:41 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\RASAPI
57761 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Program Files\Internet Explorer\rasman.dll FILE NOT FOUND Attributes: Error
57762 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\rasman.dll FILE NOT FOUND Attributes: Error
57763 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\WINDOWS\System32\rasman
57764 7:26:41 PM IEXPLORE.EXE:2344 OPEN E:\WINDOWS\System32\rasman
57765 7:26:41 PM IEXPLORE.EXE:2344 CLOSE E:\WINDOWS\System32\rasman
57766 7:26:41 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\rasman
57767 7:26:41 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\RASMAN
57768 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Program Files\Internet Explorer\NETAPI32.dll FILE NOT FOUND Attributes: Error
57769 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\NETAPI32.dll FILE NOT FOUND Attributes: Error
57770 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\WINDOWS\System32\NETAPI
57771 7:26:41 PM IEXPLORE.EXE:2344 OPEN E:\WINDOWS\System32\NETAPI
57772 7:26:41 PM IEXPLORE.EXE:2344 CLOSE E:\WINDOWS\System32\NETAPI
57773 7:26:41 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\netapi
57774 7:26:41 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\NETAPI
57775 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Program Files\Internet Explorer\TAPI32.dll FILE NOT FOUND Attributes: Error
57776 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\TAPI32.dll FILE NOT FOUND Attributes: Error
57777 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\WINDOWS\System32\TAPI32
57778 7:26:41 PM IEXPLORE.EXE:2344 OPEN E:\WINDOWS\System32\TAPI32
57779 7:26:41 PM IEXPLORE.EXE:2344 CLOSE E:\WINDOWS\System32\TAPI32
57780 7:26:41 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\tapi32
57781 7:26:41 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\TAPI32
57782 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Program Files\Internet Explorer\rtutils.dll FILE NOT FOUND Attributes: Error
57783 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\rtutils.dll FILE NOT FOUND Attributes: Error
57784 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\WINDOWS\System32\rtutil
57785 7:26:41 PM IEXPLORE.EXE:2344 OPEN E:\WINDOWS\System32\rtutil
57786 7:26:41 PM IEXPLORE.EXE:2344 CLOSE E:\WINDOWS\System32\rtutil
57787 7:26:41 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\rtutil
57788 7:26:41 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\RTUTIL
57789 7:26:41 PM IEXPLORE.EXE:2344 OPEN E:\WINDOWS\System32\TAPI32
57790 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\WINDOWS\System32\TAPI32
57791 7:26:41 PM IEXPLORE.EXE:2344 OPEN E:\WINDOWS\System32\TAPI32
57792 7:26:41 PM IEXPLORE.EXE:2344 OPEN E:\WINDOWS\System32\TAPI32
57793 7:26:41 PM csrss.exe:480 OPEN E:\WINDOWS\WinSxS\Policies
57794 7:26:41 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\System32\en-US FILE NOT FOUND Attributes: Error
57795 7:26:41 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\System32\en FILE NOT FOUND Attributes: Error
57796 7:26:41 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\System32\ SUCCESS Attributes: D
57797 7:26:41 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\System32\ SUCCESS Attributes: D
57798 7:26:41 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\WinSxS\Manifest
57799 7:26:41 PM csrss.exe:480 OPEN E:\WINDOWS\WinSxS\Policies
57800 7:26:41 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\WinSxS\Manifest
57801 7:26:41 PM csrss.exe:480 OPEN E:\WINDOWS\WinSxS\Policies
57802 7:26:41 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\WinSxS\Manifest
57803 7:26:41 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\WinSxS\Manifest
57804 7:26:41 PM csrss.exe:480 OPEN E:\WINDOWS\WinSxS\Policies
57805 7:26:41 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\WinSxS\Manifest
57806 7:26:41 PM csrss.exe:480 OPEN E:\WINDOWS\WinSxS\Policies
57807 7:26:41 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\WinSxS\Manifest
57808 7:26:41 PM csrss.exe:480 OPEN E:\WINDOWS\WinSxS\Manifest
57809 7:26:41 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\WinSxS\Manifest
57810 7:26:41 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\WinSxS\Manifest
57811 7:26:41 PM csrss.exe:480 READ E:\WINDOWS\WinSxS\Manifest
57812 7:26:41 PM csrss.exe:480 READ E:\WINDOWS\WinSxS\Manifest
57813 7:26:41 PM csrss.exe:480 CLOSE E:\WINDOWS\WinSxS\Manifest
57814 7:26:41 PM IEXPLORE.EXE:2344 CLOSE E:\WINDOWS\System32\TAPI32
57815 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Program Files\Internet Explorer\iexplore.exe.Loca
57816 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\WINDOWS\WinSxS\x86_Micr
57817 7:26:41 PM IEXPLORE.EXE:2344 OPEN E:\WINDOWS\WinSxS\x86_Micr
57818 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Program Files\Internet Explorer\sensapi.dll FILE NOT FOUND Attributes: Error
57819 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\sensapi.dll FILE NOT FOUND Attributes: Error
57820 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\WINDOWS\System32\sensap
57821 7:26:41 PM IEXPLORE.EXE:2344 OPEN E:\WINDOWS\System32\sensap
57822 7:26:41 PM IEXPLORE.EXE:2344 CLOSE E:\WINDOWS\System32\sensap
57823 7:26:41 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\sensap
57824 7:26:41 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\SENSAP
57825 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57826 7:26:41 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\useren
57827 7:26:41 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\USEREN
57828 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\WINDOWS\TEMP SUCCESS Attributes: D
57829 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\WINDOWS\TEMP SUCCESS Attributes: D
57830 7:26:41 PM IEXPLORE.EXE:2344 OPEN C:\autoexec.bat SUCCESS Options: Open Access: All
57831 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION C:\autoexec.bat SUCCESS Attributes: A
57832 7:26:41 PM IEXPLORE.EXE:2344 CLOSE C:\autoexec.bat SUCCESS
57833 7:26:41 PM IEXPLORE.EXE:2344 OPEN C:\autoexec.bat SUCCESS Options: Open Access: All
57834 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION C:\autoexec.bat SUCCESS Length: 0
57835 7:26:41 PM IEXPLORE.EXE:2344 READ C:\autoexec.bat SUCCESS Offset: 0 Length: 0
57836 7:26:41 PM IEXPLORE.EXE:2344 CLOSE C:\autoexec.bat SUCCESS
57837 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Local Settings\Temp SUCCESS Attributes: D
57838 7:26:41 PM IEXPLORE.EXE:2344 OPEN E:\ SUCCESS Options: Open Directory Access: All
57839 7:26:41 PM IEXPLORE.EXE:2344 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
57840 7:26:41 PM IEXPLORE.EXE:2344 CLOSE E:\ SUCCESS
57841 7:26:41 PM IEXPLORE.EXE:2344 OPEN E:\Documents and Settings\ SUCCESS Options: Open Directory Access: All
57842 7:26:41 PM IEXPLORE.EXE:2344 DIRECTORY E:\Documents and Settings\ SUCCESS FileBothDirectoryInformati
57843 7:26:41 PM IEXPLORE.EXE:2344 CLOSE E:\Documents and Settings\ SUCCESS
57844 7:26:41 PM IEXPLORE.EXE:2344 OPEN E:\Documents and Settings\User Name\ SUCCESS Options: Open Directory Access: All
57845 7:26:41 PM IEXPLORE.EXE:2344 DIRECTORY E:\Documents and Settings\User Name\ SUCCESS FileBothDirectoryInformati
57846 7:26:41 PM IEXPLORE.EXE:2344 CLOSE E:\Documents and Settings\User Name\ SUCCESS
57847 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Local Settings\Temp SUCCESS Attributes: D
57848 7:26:41 PM IEXPLORE.EXE:2344 OPEN E:\ SUCCESS Options: Open Directory Access: All
57849 7:26:41 PM IEXPLORE.EXE:2344 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
57850 7:26:41 PM IEXPLORE.EXE:2344 CLOSE E:\ SUCCESS
57851 7:26:41 PM IEXPLORE.EXE:2344 OPEN E:\Documents and Settings\ SUCCESS Options: Open Directory Access: All
57852 7:26:41 PM IEXPLORE.EXE:2344 DIRECTORY E:\Documents and Settings\ SUCCESS FileBothDirectoryInformati
57853 7:26:41 PM IEXPLORE.EXE:2344 CLOSE E:\Documents and Settings\ SUCCESS
57854 7:26:41 PM IEXPLORE.EXE:2344 OPEN E:\Documents and Settings\User Name\ SUCCESS Options: Open Directory Access: All
57855 7:26:41 PM IEXPLORE.EXE:2344 DIRECTORY E:\Documents and Settings\User Name\ SUCCESS FileBothDirectoryInformati
57856 7:26:41 PM IEXPLORE.EXE:2344 CLOSE E:\Documents and Settings\User Name\ SUCCESS
57857 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\All Users\Application Data SUCCESS Attributes: DRH
57858 7:26:41 PM IEXPLORE.EXE:2344 OPEN E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Con
57859 7:26:41 PM IEXPLORE.EXE:2344 DIRECTORY E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Con
57860 7:26:41 PM IEXPLORE.EXE:2344 OPEN E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Con
57861 7:26:41 PM IEXPLORE.EXE:2344 DIRECTORY E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Con
57862 7:26:41 PM IEXPLORE.EXE:2344 CLOSE E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Con
57863 7:26:41 PM IEXPLORE.EXE:2344 OPEN E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Con
57864 7:26:41 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Con
57865 7:26:41 PM IEXPLORE.EXE:2344 CLOSE E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Con
57866 7:26:41 PM IEXPLORE.EXE:2344 DIRECTORY E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Con
57867 7:26:41 PM IEXPLORE.EXE:2344 CLOSE E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Con
57868 7:26:41 PM IEXPLORE.EXE:2344 OPEN E:\WINDOWS\System32\Ras\ SUCCESS Options: Open Directory Access: All
57869 7:26:41 PM IEXPLORE.EXE:2344 DIRECTORY E:\WINDOWS\System32\Ras\ NO SUCH FILE FileBothDirectoryInformati
57870 7:26:41 PM IEXPLORE.EXE:2344 CLOSE E:\WINDOWS\System32\Ras\ SUCCESS
57871 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\WINDOWS\TEMP SUCCESS Attributes: D
57872 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\WINDOWS\TEMP SUCCESS Attributes: D
57873 7:26:41 PM IEXPLORE.EXE:2344 OPEN C:\autoexec.bat SUCCESS Options: Open Access: All
57874 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION C:\autoexec.bat SUCCESS Attributes: A
57875 7:26:41 PM IEXPLORE.EXE:2344 CLOSE C:\autoexec.bat SUCCESS
57876 7:26:41 PM IEXPLORE.EXE:2344 OPEN C:\autoexec.bat SUCCESS Options: Open Access: All
57877 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION C:\autoexec.bat SUCCESS Length: 0
57878 7:26:41 PM IEXPLORE.EXE:2344 READ C:\autoexec.bat SUCCESS Offset: 0 Length: 0
57879 7:26:41 PM IEXPLORE.EXE:2344 CLOSE C:\autoexec.bat SUCCESS
57880 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Local Settings\Temp SUCCESS Attributes: D
57881 7:26:41 PM IEXPLORE.EXE:2344 OPEN E:\ SUCCESS Options: Open Directory Access: All
57882 7:26:41 PM IEXPLORE.EXE:2344 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
57883 7:26:41 PM IEXPLORE.EXE:2344 CLOSE E:\ SUCCESS
57884 7:26:41 PM IEXPLORE.EXE:2344 OPEN E:\Documents and Settings\ SUCCESS Options: Open Directory Access: All
57885 7:26:41 PM IEXPLORE.EXE:2344 DIRECTORY E:\Documents and Settings\ SUCCESS FileBothDirectoryInformati
57886 7:26:41 PM IEXPLORE.EXE:2344 CLOSE E:\Documents and Settings\ SUCCESS
57887 7:26:41 PM IEXPLORE.EXE:2344 OPEN E:\Documents and Settings\User Name\ SUCCESS Options: Open Directory Access: All
57888 7:26:41 PM IEXPLORE.EXE:2344 DIRECTORY E:\Documents and Settings\User Name\ SUCCESS FileBothDirectoryInformati
57889 7:26:41 PM IEXPLORE.EXE:2344 CLOSE E:\Documents and Settings\User Name\ SUCCESS
57890 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Local Settings\Temp SUCCESS Attributes: D
57891 7:26:41 PM IEXPLORE.EXE:2344 OPEN E:\ SUCCESS Options: Open Directory Access: All
57892 7:26:41 PM IEXPLORE.EXE:2344 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
57893 7:26:41 PM IEXPLORE.EXE:2344 CLOSE E:\ SUCCESS
57894 7:26:41 PM IEXPLORE.EXE:2344 OPEN E:\Documents and Settings\ SUCCESS Options: Open Directory Access: All
57895 7:26:41 PM IEXPLORE.EXE:2344 DIRECTORY E:\Documents and Settings\ SUCCESS FileBothDirectoryInformati
57896 7:26:41 PM IEXPLORE.EXE:2344 CLOSE E:\Documents and Settings\ SUCCESS
57897 7:26:41 PM IEXPLORE.EXE:2344 OPEN E:\Documents and Settings\User Name\ SUCCESS Options: Open Directory Access: All
57898 7:26:41 PM IEXPLORE.EXE:2344 DIRECTORY E:\Documents and Settings\User Name\ SUCCESS FileBothDirectoryInformati
57899 7:26:41 PM IEXPLORE.EXE:2344 CLOSE E:\Documents and Settings\User Name\ SUCCESS
57900 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Application Data SUCCESS Attributes: DA
57901 7:26:41 PM IEXPLORE.EXE:2344 OPEN E:\Documents and Settings\User Name\Application Data\Microsoft\Network\Con
57902 7:26:41 PM IEXPLORE.EXE:2344 SET INFORMATION E:\Documents and Settings\User Name\NTUSER.DAT.LOG SUCCESS Length: 8192
57903 7:26:41 PM IEXPLORE.EXE:2344 SET INFORMATION E:\Documents and Settings\User Name\NTUSER.DAT.LOG SUCCESS Length: 8192
57904 7:26:41 PM IEXPLORE.EXE:2344 SET INFORMATION E:\Documents and Settings\User Name\NTUSER.DAT.LOG SUCCESS Length: 16384
57905 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57906 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57907 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Cookies\index.dat SUCCESS Length: 262144
57908 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Cookies\index.dat SUCCESS Length: 262144
57909 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Cookies\index.dat SUCCESS Length: 262144
57910 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57911 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\WINDOWS\System32\mswsoc
57912 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Program Files\Internet Explorer\DNSAPI.dll FILE NOT FOUND Attributes: Error
57913 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\DNSAPI.dll FILE NOT FOUND Attributes: Error
57914 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\WINDOWS\System32\DNSAPI
57915 7:26:41 PM IEXPLORE.EXE:2344 OPEN E:\WINDOWS\System32\DNSAPI
57916 7:26:41 PM IEXPLORE.EXE:2344 CLOSE E:\WINDOWS\System32\DNSAPI
57917 7:26:41 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\dnsapi
57918 7:26:41 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\DNSAPI
57919 7:26:41 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57920 7:26:41 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57921 7:26:41 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57922 7:26:41 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
57923 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\WINDOWS\System32\winrnr
57924 7:26:41 PM IEXPLORE.EXE:2344 OPEN E:\WINDOWS\System32\winrnr
57925 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\WINDOWS\System32\winrnr
57926 7:26:41 PM IEXPLORE.EXE:2344 CLOSE E:\WINDOWS\System32\winrnr
57927 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\WINDOWS\System32\winrnr
57928 7:26:41 PM IEXPLORE.EXE:2344 OPEN E:\WINDOWS\System32\winrnr
57929 7:26:41 PM IEXPLORE.EXE:2344 CLOSE E:\WINDOWS\System32\winrnr
57930 7:26:41 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\winrnr
57931 7:26:41 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\WINRNR
57932 7:26:41 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\wldap3
57933 7:26:41 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\WLDAP3
57934 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\WINDOWS\System32\mswsoc
57935 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Program Files\Internet Explorer\rasadhlp.dll FILE NOT FOUND Attributes: Error
57936 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\rasadhlp.dll FILE NOT FOUND Attributes: Error
57937 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\WINDOWS\System32\rasadh
57938 7:26:41 PM IEXPLORE.EXE:2344 OPEN E:\WINDOWS\System32\rasadh
57939 7:26:41 PM IEXPLORE.EXE:2344 CLOSE E:\WINDOWS\System32\rasadh
57940 7:26:41 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\rasadh
57941 7:26:41 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\RASADH
57942 7:26:41 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\WINDOWS\system32\mswsoc
57943 7:26:41 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\mswsoc
57944 7:26:42 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57945 7:26:42 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
57946 7:26:42 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57947 7:26:42 PM IEXPLORE.EXE:2344 CREATE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57948 7:26:42 PM explorer.exe:3188 DIRECTORY E:\Documents and Settings\User Name\Desktop NOTIFY ENUM DIR Change Notify
57949 7:26:42 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57950 7:26:42 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57951 7:26:42 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57952 7:26:42 PM IEXPLORE.EXE:2344 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57953 7:26:42 PM mcshield.exe:1336 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57954 7:26:42 PM mcshield.exe:1336 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57955 7:26:42 PM mcshield.exe:1336 SET INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57956 7:26:42 PM mcshield.exe:1336 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57957 7:26:42 PM mcshield.exe:1336 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57958 7:26:42 PM mcshield.exe:1336 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57959 7:26:42 PM mcshield.exe:1336 SET INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57960 7:26:42 PM mcshield.exe:1336 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57961 7:26:42 PM mcshield.exe:1336 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57962 7:26:42 PM mcshield.exe:1336 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57963 7:26:42 PM mcshield.exe:1336 SET INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57964 7:26:42 PM mcshield.exe:1336 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57965 7:26:42 PM mcshield.exe:1336 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57966 7:26:42 PM mcshield.exe:1336 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57967 7:26:42 PM mcshield.exe:1336 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57968 7:26:42 PM mcshield.exe:1336 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57969 7:26:42 PM mcshield.exe:1336 SET INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57970 7:26:42 PM mcshield.exe:1336 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57971 7:26:42 PM mcshield.exe:1336 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57972 7:26:42 PM IEXPLORE.EXE:2344 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57973 7:26:42 PM mcshield.exe:1336 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57974 7:26:42 PM mcshield.exe:1336 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57975 7:26:42 PM mcshield.exe:1336 SET INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57976 7:26:42 PM mcshield.exe:1336 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57977 7:26:42 PM mcshield.exe:1336 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57978 7:26:42 PM mcshield.exe:1336 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57979 7:26:42 PM mcshield.exe:1336 SET INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57980 7:26:42 PM mcshield.exe:1336 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57981 7:26:42 PM mcshield.exe:1336 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57982 7:26:42 PM mcshield.exe:1336 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57983 7:26:42 PM mcshield.exe:1336 SET INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57984 7:26:42 PM mcshield.exe:1336 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57985 7:26:42 PM mcshield.exe:1336 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57986 7:26:42 PM mcshield.exe:1336 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57987 7:26:42 PM mcshield.exe:1336 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57988 7:26:42 PM mcshield.exe:1336 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57989 7:26:42 PM mcshield.exe:1336 SET INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57990 7:26:42 PM mcshield.exe:1336 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57991 7:26:42 PM mcshield.exe:1336 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57992 7:26:42 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57993 7:26:42 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57994 7:26:42 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57995 7:26:42 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57996 7:26:42 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57997 7:26:42 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57998 7:26:42 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
57999 7:26:42 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58000 7:26:42 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58001 7:26:42 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58002 7:26:42 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58003 7:26:43 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58004 7:26:43 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58005 7:26:43 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58006 7:26:43 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58007 7:26:43 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58008 7:26:43 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58009 7:26:43 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58010 7:26:43 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58011 7:26:43 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58012 7:26:43 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58013 7:26:43 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58014 7:26:43 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58015 7:26:43 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\ SUCCESS Options: Open Directory Access: All
58016 7:26:43 PM explorer.exe:3188 DIRECTORY E:\Documents and Settings\User Name\Desktop\ SUCCESS FileBothDirectoryInformati
58017 7:26:43 PM explorer.exe:3188 OPEN E:\Documents and Settings\All Users\Desktop\ SUCCESS Options: Open Directory Access: All
58018 7:26:43 PM explorer.exe:3188 DIRECTORY E:\Documents and Settings\All Users\Desktop\ SUCCESS FileBothDirectoryInformati
58019 7:26:43 PM explorer.exe:3188 DIRECTORY E:\Documents and Settings\User Name\Desktop\ SUCCESS FileBothDirectoryInformati
58020 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Exercise\desk
58021 7:26:43 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\Exercise\desk
58022 7:26:43 PM explorer.exe:3188 LOCK E:\Documents and Settings\User Name\Desktop\Exercise\desk
58023 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Exercise\desk
58024 7:26:43 PM explorer.exe:3188 READ E:\Documents and Settings\User Name\Desktop\Exercise\desk
58025 7:26:43 PM explorer.exe:3188 UNLOCK E:\Documents and Settings\User Name\Desktop\Exercise\desk
58026 7:26:43 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\Exercise\desk
58027 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Exercise\desk
58028 7:26:43 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\Exercise\desk
58029 7:26:43 PM explorer.exe:3188 LOCK E:\Documents and Settings\User Name\Desktop\Exercise\desk
58030 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Exercise\desk
58031 7:26:43 PM explorer.exe:3188 READ E:\Documents and Settings\User Name\Desktop\Exercise\desk
58032 7:26:43 PM explorer.exe:3188 UNLOCK E:\Documents and Settings\User Name\Desktop\Exercise\desk
58033 7:26:43 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\Exercise\desk
58034 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Exercise\desk
58035 7:26:43 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\Exercise\desk
58036 7:26:43 PM explorer.exe:3188 LOCK E:\Documents and Settings\User Name\Desktop\Exercise\desk
58037 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Exercise\desk
58038 7:26:43 PM explorer.exe:3188 READ E:\Documents and Settings\User Name\Desktop\Exercise\desk
58039 7:26:43 PM explorer.exe:3188 UNLOCK E:\Documents and Settings\User Name\Desktop\Exercise\desk
58040 7:26:43 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\Exercise\desk
58041 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Exercise\desk
58042 7:26:43 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\Exercise\desk
58043 7:26:43 PM explorer.exe:3188 LOCK E:\Documents and Settings\User Name\Desktop\Exercise\desk
58044 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Exercise\desk
58045 7:26:43 PM explorer.exe:3188 READ E:\Documents and Settings\User Name\Desktop\Exercise\desk
58046 7:26:43 PM explorer.exe:3188 UNLOCK E:\Documents and Settings\User Name\Desktop\Exercise\desk
58047 7:26:43 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\Exercise\desk
58048 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Exercise\desk
58049 7:26:43 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\Exercise\desk
58050 7:26:43 PM explorer.exe:3188 LOCK E:\Documents and Settings\User Name\Desktop\Exercise\desk
58051 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Exercise\desk
58052 7:26:43 PM explorer.exe:3188 READ E:\Documents and Settings\User Name\Desktop\Exercise\desk
58053 7:26:43 PM explorer.exe:3188 UNLOCK E:\Documents and Settings\User Name\Desktop\Exercise\desk
58054 7:26:43 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\Exercise\desk
58055 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58056 7:26:43 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58057 7:26:43 PM explorer.exe:3188 LOCK E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58058 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58059 7:26:43 PM explorer.exe:3188 READ E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58060 7:26:43 PM explorer.exe:3188 UNLOCK E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58061 7:26:43 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58062 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58063 7:26:43 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58064 7:26:43 PM explorer.exe:3188 LOCK E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58065 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58066 7:26:43 PM explorer.exe:3188 READ E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58067 7:26:43 PM explorer.exe:3188 UNLOCK E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58068 7:26:43 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58069 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58070 7:26:43 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58071 7:26:43 PM explorer.exe:3188 LOCK E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58072 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58073 7:26:43 PM explorer.exe:3188 READ E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58074 7:26:43 PM explorer.exe:3188 UNLOCK E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58075 7:26:43 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58076 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58077 7:26:43 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58078 7:26:43 PM explorer.exe:3188 LOCK E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58079 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58080 7:26:43 PM explorer.exe:3188 READ E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58081 7:26:43 PM explorer.exe:3188 UNLOCK E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58082 7:26:43 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58083 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58084 7:26:43 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58085 7:26:43 PM explorer.exe:3188 LOCK E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58086 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58087 7:26:43 PM explorer.exe:3188 READ E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58088 7:26:43 PM explorer.exe:3188 UNLOCK E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58089 7:26:43 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58090 7:26:43 PM explorer.exe:3188 DIRECTORY E:\Documents and Settings\User Name\Desktop\ NO MORE FILES FileBothDirectoryInformati
58091 7:26:43 PM explorer.exe:3188 DIRECTORY E:\Documents and Settings\All Users\Desktop\ SUCCESS FileBothDirectoryInformati
58092 7:26:43 PM explorer.exe:3188 DIRECTORY E:\Documents and Settings\All Users\Desktop\ NO MORE FILES FileBothDirectoryInformati
58093 7:26:43 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\ SUCCESS
58094 7:26:43 PM explorer.exe:3188 CLOSE E:\Documents and Settings\All Users\Desktop\ SUCCESS
58095 7:26:43 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58096 7:26:43 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58097 7:26:43 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58098 7:26:43 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58099 7:26:43 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58100 7:26:43 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58101 7:26:43 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58102 7:26:43 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58103 7:26:43 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58104 7:26:43 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58105 7:26:43 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58106 7:26:43 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58107 7:26:43 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58108 7:26:43 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58109 7:26:43 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58110 7:26:43 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58111 7:26:43 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58112 7:26:43 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58113 7:26:43 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58114 7:26:43 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58115 7:26:43 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58116 7:26:43 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58117 7:26:43 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
58118 7:26:43 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
58119 7:26:43 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
58120 7:26:43 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
58121 7:26:43 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58122 7:26:43 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58123 7:26:43 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58124 7:26:43 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58125 7:26:43 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58126 7:26:43 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58127 7:26:43 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58128 7:26:43 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58129 7:26:43 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58130 7:26:43 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58131 7:26:43 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58132 7:26:43 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58133 7:26:43 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58134 7:26:43 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58135 7:26:43 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58136 7:26:43 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58137 7:26:43 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\WINDOWS\system32\rpcss.
58138 7:26:43 PM IEXPLORE.EXE:2344 OPEN E:\WINDOWS\system32\rpcss.
58139 7:26:43 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\WINDOWS\system32\rpcss.
58140 7:26:43 PM IEXPLORE.EXE:2344 CLOSE E:\WINDOWS\system32\rpcss.
58141 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\WINDOWS\system32\rpcss.
58142 7:26:43 PM explorer.exe:3188 OPEN E:\WINDOWS\system32\rpcss.
58143 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\WINDOWS\system32\rpcss.
58144 7:26:43 PM explorer.exe:3188 CLOSE E:\WINDOWS\system32\rpcss.
58145 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk SUCCESS Attributes: DR
58146 7:26:43 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58147 7:26:43 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58148 7:26:43 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58149 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\WINDOWS\system32\rpcss.
58150 7:26:43 PM explorer.exe:3188 OPEN E:\WINDOWS\system32\rpcss.
58151 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\WINDOWS\system32\rpcss.
58152 7:26:43 PM explorer.exe:3188 CLOSE E:\WINDOWS\system32\rpcss.
58153 7:26:43 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\ SUCCESS Options: Open Directory Access: All
58154 7:26:43 PM explorer.exe:3188 DIRECTORY E:\Documents and Settings\User Name\Desktop\ SUCCESS FileBothDirectoryInformati
58155 7:26:43 PM explorer.exe:3188 DIRECTORY E:\Documents and Settings\User Name\Desktop\ SUCCESS FileBothDirectoryInformati
58156 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Exercise\desk
58157 7:26:43 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\Exercise\desk
58158 7:26:43 PM explorer.exe:3188 LOCK E:\Documents and Settings\User Name\Desktop\Exercise\desk
58159 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Exercise\desk
58160 7:26:43 PM explorer.exe:3188 READ E:\Documents and Settings\User Name\Desktop\Exercise\desk
58161 7:26:43 PM explorer.exe:3188 UNLOCK E:\Documents and Settings\User Name\Desktop\Exercise\desk
58162 7:26:43 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\Exercise\desk
58163 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Exercise\desk
58164 7:26:43 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\Exercise\desk
58165 7:26:43 PM explorer.exe:3188 LOCK E:\Documents and Settings\User Name\Desktop\Exercise\desk
58166 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Exercise\desk
58167 7:26:43 PM explorer.exe:3188 READ E:\Documents and Settings\User Name\Desktop\Exercise\desk
58168 7:26:43 PM explorer.exe:3188 UNLOCK E:\Documents and Settings\User Name\Desktop\Exercise\desk
58169 7:26:43 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\Exercise\desk
58170 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Exercise\desk
58171 7:26:43 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\Exercise\desk
58172 7:26:43 PM explorer.exe:3188 LOCK E:\Documents and Settings\User Name\Desktop\Exercise\desk
58173 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Exercise\desk
58174 7:26:43 PM explorer.exe:3188 READ E:\Documents and Settings\User Name\Desktop\Exercise\desk
58175 7:26:43 PM explorer.exe:3188 UNLOCK E:\Documents and Settings\User Name\Desktop\Exercise\desk
58176 7:26:43 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\Exercise\desk
58177 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Exercise\desk
58178 7:26:43 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\Exercise\desk
58179 7:26:43 PM explorer.exe:3188 LOCK E:\Documents and Settings\User Name\Desktop\Exercise\desk
58180 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Exercise\desk
58181 7:26:43 PM explorer.exe:3188 READ E:\Documents and Settings\User Name\Desktop\Exercise\desk
58182 7:26:43 PM explorer.exe:3188 UNLOCK E:\Documents and Settings\User Name\Desktop\Exercise\desk
58183 7:26:43 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\Exercise\desk
58184 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Exercise\desk
58185 7:26:43 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\Exercise\desk
58186 7:26:43 PM explorer.exe:3188 LOCK E:\Documents and Settings\User Name\Desktop\Exercise\desk
58187 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Exercise\desk
58188 7:26:43 PM explorer.exe:3188 READ E:\Documents and Settings\User Name\Desktop\Exercise\desk
58189 7:26:43 PM explorer.exe:3188 UNLOCK E:\Documents and Settings\User Name\Desktop\Exercise\desk
58190 7:26:43 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\Exercise\desk
58191 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58192 7:26:43 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58193 7:26:43 PM explorer.exe:3188 LOCK E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58194 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58195 7:26:43 PM explorer.exe:3188 READ E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58196 7:26:43 PM explorer.exe:3188 UNLOCK E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58197 7:26:43 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58198 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58199 7:26:43 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58200 7:26:43 PM explorer.exe:3188 LOCK E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58201 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58202 7:26:43 PM explorer.exe:3188 READ E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58203 7:26:43 PM explorer.exe:3188 UNLOCK E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58204 7:26:43 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58205 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58206 7:26:43 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58207 7:26:43 PM explorer.exe:3188 LOCK E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58208 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58209 7:26:43 PM explorer.exe:3188 READ E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58210 7:26:43 PM explorer.exe:3188 UNLOCK E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58211 7:26:43 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58212 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58213 7:26:43 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58214 7:26:43 PM explorer.exe:3188 LOCK E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58215 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58216 7:26:43 PM explorer.exe:3188 READ E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58217 7:26:43 PM explorer.exe:3188 UNLOCK E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58218 7:26:43 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58219 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58220 7:26:43 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58221 7:26:43 PM explorer.exe:3188 LOCK E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58222 7:26:43 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58223 7:26:43 PM explorer.exe:3188 READ E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58224 7:26:43 PM explorer.exe:3188 UNLOCK E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58225 7:26:43 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\desktop.
58226 7:26:43 PM explorer.exe:3188 DIRECTORY E:\Documents and Settings\User Name\Desktop\ NO MORE FILES FileBothDirectoryInformati
58227 7:26:43 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\ SUCCESS
58228 7:26:44 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58229 7:26:44 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58230 7:26:44 PM explorer.exe:3188 QUERY INFORMATION E:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Paint Shop Pro.exe SUCCESS Attributes: A
58231 7:26:44 PM explorer.exe:3188 QUERY INFORMATION E:\Program Files\Jasc Software Inc\Animation Shop 3\anim.exe SUCCESS Attributes: A
58232 7:26:44 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58233 7:26:44 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58234 7:26:44 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58235 7:26:44 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58236 7:26:44 PM explorer.exe:3188 QUERY INFORMATION E:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Paint Shop Pro.exe SUCCESS Attributes: A
58237 7:26:44 PM explorer.exe:3188 QUERY INFORMATION E:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe SUCCESS Attributes: A
58238 7:26:44 PM explorer.exe:3188 QUERY INFORMATION E:\Program Files\SmartFTP\SmartFTP.exe SUCCESS Attributes: A
58239 7:26:44 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58240 7:26:44 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58241 7:26:44 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58242 7:26:44 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58243 7:26:44 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58244 7:26:44 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58245 7:26:44 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58246 7:26:44 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58247 7:26:44 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58248 7:26:44 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58249 7:26:44 PM IEXPLORE.EXE:2344 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58250 7:26:44 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58251 7:26:44 PM IEXPLORE.EXE:2344 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58252 7:26:44 PM mcshield.exe:1336 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58253 7:26:44 PM mcshield.exe:1336 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58254 7:26:44 PM mcshield.exe:1336 SET INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58255 7:26:44 PM mcshield.exe:1336 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58256 7:26:44 PM mcshield.exe:1336 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58257 7:26:44 PM mcshield.exe:1336 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58258 7:26:44 PM mcshield.exe:1336 SET INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58259 7:26:44 PM mcshield.exe:1336 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58260 7:26:44 PM mcshield.exe:1336 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58261 7:26:44 PM mcshield.exe:1336 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58262 7:26:44 PM mcshield.exe:1336 SET INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58263 7:26:44 PM mcshield.exe:1336 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58264 7:26:44 PM mcshield.exe:1336 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58265 7:26:44 PM mcshield.exe:1336 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58266 7:26:44 PM mcshield.exe:1336 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58267 7:26:44 PM mcshield.exe:1336 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58268 7:26:44 PM mcshield.exe:1336 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58269 7:26:44 PM mcshield.exe:1336 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58270 7:26:44 PM mcshield.exe:1336 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58271 7:26:44 PM mcshield.exe:1336 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58272 7:26:44 PM mcshield.exe:1336 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58273 7:26:44 PM mcshield.exe:1336 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58274 7:26:44 PM mcshield.exe:1336 SET INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58275 7:26:44 PM mcshield.exe:1336 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58276 7:26:44 PM mcshield.exe:1336 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58277 7:26:44 PM explorer.exe:3188 DIRECTORY E:\Documents and Settings\User Name\Desktop NOTIFY ENUM DIR Change Notify
58278 7:26:44 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
58279 7:26:44 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
58280 7:26:44 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
58281 7:26:44 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
58282 7:26:44 PM IEXPLORE.EXE:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58283 7:26:44 PM IEXPLORE.EXE:2344 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58284 7:26:44 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
58285 7:26:44 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\index.da
58286 7:26:44 PM IEXPLORE.EXE:2344 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58287 7:26:44 PM IEXPLORE.EXE:2344 READ E:\WINDOWS\system32\kernel
58288 7:26:44 PM explorer.exe:3188 QUERY INFORMATION E:\Program Files\PBStudio3\PBStudio3.
58289 7:26:44 PM IEXPLORE.EXE:2344 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58290 7:26:44 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58291 7:26:44 PM IEXPLORE.EXE:2344 WRITE E:\$ConvertToNonresident SUCCESS Offset: 77824 Length: 65536
58292 7:26:44 PM IEXPLORE.EXE:2344 WRITE E:\$ConvertToNonresident SUCCESS Offset: 143360 Length: 53248
58293 7:26:44 PM IEXPLORE.EXE:2344 WRITE E:\$ConvertToNonresident SUCCESS Offset: 77824 Length: 65536
58294 7:26:44 PM IEXPLORE.EXE:2344 WRITE E:\$ConvertToNonresident SUCCESS Offset: 143360 Length: 53248
58295 7:26:44 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\WINDOWS\system32\Apphel
58296 7:26:44 PM IEXPLORE.EXE:2344 OPEN E:\WINDOWS\AppPatch\sysmai
58297 7:26:44 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\WINDOWS\AppPatch\sysmai
58298 7:26:44 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\WINDOWS\AppPatch\sysmai
58299 7:26:44 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\WINDOWS\AppPatch\sysmai
58300 7:26:44 PM IEXPLORE.EXE:2344 OPEN E:\WINDOWS\AppPatch\systes
58301 7:26:44 PM IEXPLORE.EXE:2344 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58302 7:26:44 PM IEXPLORE.EXE:2344 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58303 7:26:44 PM IEXPLORE.EXE:2344 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58304 7:26:44 PM explorer.exe:3188 DIRECTORY E:\Documents and Settings\User Name\Desktop NOTIFY ENUM DIR Change Notify
58305 7:26:44 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58306 7:26:44 PM IEXPLORE.EXE:2344 OPEN E:\Documents and Settings\User Name\ SUCCESS Options: Open Directory Access: All
58307 7:26:44 PM IEXPLORE.EXE:2344 DIRECTORY E:\Documents and Settings\User Name\ SUCCESS FileBothDirectoryInformati
58308 7:26:44 PM IEXPLORE.EXE:2344 CLOSE E:\Documents and Settings\User Name\ SUCCESS
58309 7:26:44 PM IEXPLORE.EXE:2344 OPEN E:\Documents and Settings\User Name\Desktop\ SUCCESS Options: Open Directory Access: All
58310 7:26:44 PM IEXPLORE.EXE:2344 DIRECTORY E:\Documents and Settings\User Name\Desktop\ SUCCESS FileBothDirectoryInformati
58311 7:26:44 PM IEXPLORE.EXE:2344 CLOSE E:\Documents and Settings\User Name\Desktop\ SUCCESS
58312 7:26:44 PM IEXPLORE.EXE:2344 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\ SUCCESS Options: Open Directory Access: All
58313 7:26:44 PM IEXPLORE.EXE:2344 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\ SUCCESS FileBothDirectoryInformati
58314 7:26:44 PM IEXPLORE.EXE:2344 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\ SUCCESS
58315 7:26:44 PM IEXPLORE.EXE:2344 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\ SUCCESS Options: Open Directory Access: All
58316 7:26:44 PM IEXPLORE.EXE:2344 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\ SUCCESS FileBothDirectoryInformati
58317 7:26:44 PM IEXPLORE.EXE:2344 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\ SUCCESS
58318 7:26:44 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58319 7:26:44 PM IEXPLORE.EXE:2344 OPEN E:\Documents and Settings\User Name\ SUCCESS Options: Open Directory Access: All
58320 7:26:44 PM IEXPLORE.EXE:2344 DIRECTORY E:\Documents and Settings\User Name\ SUCCESS FileBothDirectoryInformati
58321 7:26:44 PM IEXPLORE.EXE:2344 CLOSE E:\Documents and Settings\User Name\ SUCCESS
58322 7:26:44 PM IEXPLORE.EXE:2344 OPEN E:\Documents and Settings\User Name\Desktop\ SUCCESS Options: Open Directory Access: All
58323 7:26:44 PM IEXPLORE.EXE:2344 DIRECTORY E:\Documents and Settings\User Name\Desktop\ SUCCESS FileBothDirectoryInformati
58324 7:26:44 PM IEXPLORE.EXE:2344 CLOSE E:\Documents and Settings\User Name\Desktop\ SUCCESS
58325 7:26:44 PM IEXPLORE.EXE:2344 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\ SUCCESS Options: Open Directory Access: All
58326 7:26:44 PM IEXPLORE.EXE:2344 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\ SUCCESS FileBothDirectoryInformati
58327 7:26:44 PM IEXPLORE.EXE:2344 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\ SUCCESS
58328 7:26:44 PM IEXPLORE.EXE:2344 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\ SUCCESS Options: Open Directory Access: All
58329 7:26:44 PM IEXPLORE.EXE:2344 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\ SUCCESS FileBothDirectoryInformati
58330 7:26:44 PM IEXPLORE.EXE:2344 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\ SUCCESS
58331 7:26:44 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58332 7:26:44 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58333 7:26:44 PM IEXPLORE.EXE:2344 CLOSE E:\WINDOWS\AppPatch\sysmai
58334 7:26:44 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58335 7:26:44 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58336 7:26:44 PM IEXPLORE.EXE:2344 OPEN E:\Documents and Settings\User Name\ SUCCESS Options: Open Directory Access: All
58337 7:26:44 PM IEXPLORE.EXE:2344 DIRECTORY E:\Documents and Settings\User Name\ SUCCESS FileBothDirectoryInformati
58338 7:26:44 PM IEXPLORE.EXE:2344 CLOSE E:\Documents and Settings\User Name\ SUCCESS
58339 7:26:44 PM IEXPLORE.EXE:2344 OPEN E:\Documents and Settings\User Name\Desktop\ SUCCESS Options: Open Directory Access: All
58340 7:26:44 PM IEXPLORE.EXE:2344 DIRECTORY E:\Documents and Settings\User Name\Desktop\ SUCCESS FileBothDirectoryInformati
58341 7:26:44 PM IEXPLORE.EXE:2344 CLOSE E:\Documents and Settings\User Name\Desktop\ SUCCESS
58342 7:26:44 PM IEXPLORE.EXE:2344 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\ SUCCESS Options: Open Directory Access: All
58343 7:26:44 PM IEXPLORE.EXE:2344 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\ SUCCESS FileBothDirectoryInformati
58344 7:26:44 PM IEXPLORE.EXE:2344 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\ SUCCESS
58345 7:26:44 PM IEXPLORE.EXE:2344 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\ SUCCESS Options: Open Directory Access: All
58346 7:26:44 PM IEXPLORE.EXE:2344 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\ SUCCESS FileBothDirectoryInformati
58347 7:26:44 PM IEXPLORE.EXE:2344 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\ SUCCESS
58348 7:26:44 PM IEXPLORE.EXE:2344 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58349 7:26:44 PM access[1].exe:2344 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58350 7:26:44 PM vsmon.exe:3948 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58351 7:26:44 PM vsmon.exe:3948 OPEN E:\Documents and Settings\User Name\ SUCCESS Options: Open Directory Access: All
58352 7:26:44 PM vsmon.exe:3948 DIRECTORY E:\Documents and Settings\User Name\ SUCCESS FileBothDirectoryInformati
58353 7:26:44 PM vsmon.exe:3948 CLOSE E:\Documents and Settings\User Name\ SUCCESS
58354 7:26:44 PM vsmon.exe:3948 OPEN E:\Documents and Settings\User Name\Desktop\ SUCCESS Options: Open Directory Access: All
58355 7:26:44 PM vsmon.exe:3948 DIRECTORY E:\Documents and Settings\User Name\Desktop\ SUCCESS FileBothDirectoryInformati
58356 7:26:44 PM vsmon.exe:3948 CLOSE E:\Documents and Settings\User Name\Desktop\ SUCCESS
58357 7:26:44 PM vsmon.exe:3948 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\ SUCCESS Options: Open Directory Access: All
58358 7:26:44 PM vsmon.exe:3948 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\ SUCCESS FileBothDirectoryInformati
58359 7:26:44 PM vsmon.exe:3948 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\ SUCCESS
58360 7:26:44 PM vsmon.exe:3948 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\ SUCCESS Options: Open Directory Access: All
58361 7:26:44 PM vsmon.exe:3948 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\ SUCCESS FileBothDirectoryInformati
58362 7:26:44 PM vsmon.exe:3948 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\ SUCCESS
58363 7:26:44 PM IEXPLORE.EXE:2344 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58364 7:26:44 PM access[1].exe:2872 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58365 7:26:44 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\NTDLL.
58366 7:26:44 PM access[1].exe:2872 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58367 7:26:44 PM access[1].exe:2872 OPEN E:\WINDOWS\Prefetch\ACCESS
58368 7:26:44 PM access[1].exe:2872 OPEN E:\Documents and Settings\User Name\Desktop\ SUCCESS Options: Open Directory Access: Traverse
58369 7:26:44 PM access[1].exe:2872 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58370 7:26:44 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\kernel
58371 7:26:44 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\KERNEL
58372 7:26:44 PM access[1].exe:2872 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58373 7:26:44 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\advapi
58374 7:26:44 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\ADVAPI
58375 7:26:44 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\rpcrt4
58376 7:26:44 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\RPCRT4
58377 7:26:44 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\shell3
58378 7:26:44 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\SHELL3
58379 7:26:44 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\msvcrt
58380 7:26:44 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\MSVCRT
58381 7:26:44 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\gdi32.
58382 7:26:44 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\GDI32.
58383 7:26:44 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\user32
58384 7:26:44 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\USER32
58385 7:26:44 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\shlwap
58386 7:26:44 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\SHLWAP
58387 7:26:44 PM access[1].exe:2872 OPEN E:\WINDOWS\system32\SHELL3
58388 7:26:44 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\system32\SHELL3
58389 7:26:44 PM access[1].exe:2872 OPEN E:\WINDOWS\system32\SHELL3
58390 7:26:44 PM access[1].exe:2872 OPEN E:\WINDOWS\system32\SHELL3
58391 7:26:44 PM csrss.exe:480 OPEN E:\WINDOWS\WinSxS\Policies
58392 7:26:44 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\system32\en-US FILE NOT FOUND Attributes: Error
58393 7:26:44 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\system32\en FILE NOT FOUND Attributes: Error
58394 7:26:44 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\system32\ SUCCESS Attributes: D
58395 7:26:44 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\system32\ SUCCESS Attributes: D
58396 7:26:44 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\WinSxS\Manifest
58397 7:26:44 PM csrss.exe:480 OPEN E:\WINDOWS\WinSxS\Policies
58398 7:26:44 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\WinSxS\Manifest
58399 7:26:44 PM csrss.exe:480 OPEN E:\WINDOWS\WinSxS\Policies
58400 7:26:44 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\WinSxS\Manifest
58401 7:26:44 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\WinSxS\Manifest
58402 7:26:44 PM csrss.exe:480 OPEN E:\WINDOWS\WinSxS\Policies
58403 7:26:44 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\WinSxS\Manifest
58404 7:26:44 PM csrss.exe:480 OPEN E:\WINDOWS\WinSxS\Policies
58405 7:26:44 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\WinSxS\Manifest
58406 7:26:44 PM csrss.exe:480 OPEN E:\WINDOWS\WinSxS\Manifest
58407 7:26:44 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\WinSxS\Manifest
58408 7:26:44 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\WinSxS\Manifest
58409 7:26:44 PM csrss.exe:480 READ E:\WINDOWS\WinSxS\Manifest
58410 7:26:44 PM csrss.exe:480 READ E:\WINDOWS\WinSxS\Manifest
58411 7:26:44 PM csrss.exe:480 CLOSE E:\WINDOWS\WinSxS\Manifest
58412 7:26:44 PM access[1].exe:2872 CLOSE E:\WINDOWS\system32\SHELL3
58413 7:26:44 PM access[1].exe:2872 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58414 7:26:44 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\WinSxS\x86_Micr
58415 7:26:44 PM access[1].exe:2872 OPEN E:\WINDOWS\WinSxS\x86_Micr
58416 7:26:44 PM access[1].exe:2872 OPEN E:\WINDOWS\WinSxS\x86_Micr
58417 7:26:44 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\WinSxS\x86_Micr
58418 7:26:44 PM access[1].exe:2872 CLOSE E:\WINDOWS\WinSxS\x86_Micr
58419 7:26:44 PM access[1].exe:2872 OPEN E:\WINDOWS\WinSxS\x86_Micr
58420 7:26:44 PM access[1].exe:2872 CLOSE E:\WINDOWS\WinSxS\x86_Micr
58421 7:26:44 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\WinSxS\x86_Micr
58422 7:26:44 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\WINSXS\X86_MICR
58423 7:26:44 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\WindowsShell.Ma
58424 7:26:44 PM access[1].exe:2872 OPEN E:\WINDOWS\WindowsShell.Ma
58425 7:26:44 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\WindowsShell.Ma
58426 7:26:44 PM access[1].exe:2872 CLOSE E:\WINDOWS\WindowsShell.Ma
58427 7:26:44 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\WindowsShell.Ma
58428 7:26:44 PM access[1].exe:2872 OPEN E:\WINDOWS\WindowsShell.Ma
58429 7:26:44 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\WindowsShell.Ma
58430 7:26:44 PM access[1].exe:2872 CLOSE E:\WINDOWS\WindowsShell.Ma
58431 7:26:44 PM access[1].exe:2872 OPEN E:\WINDOWS\WindowsShell.Ma
58432 7:26:44 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\WindowsShell.Ma
58433 7:26:44 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\WindowsShell.Ma
58434 7:26:44 PM access[1].exe:2872 OPEN E:\WINDOWS\WindowsShell.Co
58435 7:26:44 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\WindowsShell.Ma
58436 7:26:44 PM csrss.exe:480 OPEN E:\WINDOWS\WinSxS\Policies
58437 7:26:44 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\en-US FILE NOT FOUND Attributes: Error
58438 7:26:44 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\en FILE NOT FOUND Attributes: Error
58439 7:26:44 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\ SUCCESS Attributes: D
58440 7:26:44 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\ SUCCESS Attributes: D
58441 7:26:44 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\WinSxS\Manifest
58442 7:26:44 PM csrss.exe:480 OPEN E:\WINDOWS\WinSxS\Policies
58443 7:26:44 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\WinSxS\Manifest
58444 7:26:44 PM csrss.exe:480 OPEN E:\WINDOWS\WinSxS\Policies
58445 7:26:44 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\WinSxS\Manifest
58446 7:26:44 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\WinSxS\Manifest
58447 7:26:44 PM csrss.exe:480 OPEN E:\WINDOWS\WinSxS\Policies
58448 7:26:44 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\WinSxS\Manifest
58449 7:26:44 PM csrss.exe:480 OPEN E:\WINDOWS\WinSxS\Policies
58450 7:26:44 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\WinSxS\Manifest
58451 7:26:44 PM csrss.exe:480 OPEN E:\WINDOWS\WinSxS\Manifest
58452 7:26:44 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\WinSxS\Manifest
58453 7:26:44 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\WinSxS\Manifest
58454 7:26:44 PM csrss.exe:480 READ E:\WINDOWS\WinSxS\Manifest
58455 7:26:44 PM csrss.exe:480 READ E:\WINDOWS\WinSxS\Manifest
58456 7:26:44 PM csrss.exe:480 CLOSE E:\WINDOWS\WinSxS\Manifest
58457 7:26:44 PM access[1].exe:2872 CLOSE E:\WINDOWS\WindowsShell.Ma
58458 7:26:44 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\comctl
58459 7:26:44 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\COMCTL
58460 7:26:44 PM access[1].exe:2872 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58461 7:26:44 PM explorer.exe:3188 QUERY INFORMATION E:\Program Files\PBStudio3\PBStudio3.
58462 7:26:44 PM access[1].exe:2872 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58463 7:26:44 PM access[1].exe:2872 CREATE E:\WINDOWS\start.chm SUCCESS Options: OverwriteIf Access: All
58464 7:26:44 PM access[1].exe:2872 WRITE E:\WINDOWS\start.chm SUCCESS Offset: 0 Length: 157865
58465 7:26:44 PM access[1].exe:2872 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58466 7:26:44 PM winlogon.exe:504 DIRECTORY E:\WINDOWS SUCCESS Change Notify
58467 7:26:44 PM access[1].exe:2872 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58468 7:26:44 PM access[1].exe:2872 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58469 7:26:44 PM access[1].exe:2872 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58470 7:26:44 PM vsmon.exe:3948 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58471 7:26:44 PM vsmon.exe:3948 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58472 7:26:44 PM vsmon.exe:3948 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58473 7:26:44 PM vsmon.exe:3948 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58474 7:26:44 PM vsmon.exe:3948 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58475 7:26:44 PM vsmon.exe:3948 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58476 7:26:44 PM vsmon.exe:3948 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58477 7:26:44 PM vsmon.exe:3948 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58478 7:26:44 PM access[1].exe:2872 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58479 7:26:45 PM access[1].exe:2872 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58480 7:26:45 PM access[1].exe:2872 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58481 7:26:45 PM access[1].exe:2872 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58482 7:26:45 PM access[1].exe:2872 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58483 7:26:45 PM access[1].exe:2872 CREATE E:\WINDOWS\start.html SUCCESS Options: OverwriteIf Access: All
58484 7:26:45 PM access[1].exe:2872 WRITE E:\WINDOWS\start.html SUCCESS Offset: 0 Length: 1115
58485 7:26:45 PM winlogon.exe:504 DIRECTORY E:\WINDOWS SUCCESS Change Notify
58486 7:26:45 PM access[1].exe:2872 SET INFORMATION E:\Documents and Settings\User Name\NTUSER.DAT.LOG SUCCESS Length: 20480
58487 7:26:45 PM access[1].exe:2872 SET INFORMATION E:\Documents and Settings\User Name\NTUSER.DAT.LOG SUCCESS Length: 24576
58488 7:26:45 PM access[1].exe:2872 SET INFORMATION E:\Documents and Settings\User Name\NTUSER.DAT.LOG SUCCESS Length: 28672
58489 7:26:45 PM access[1].exe:2872 CLOSE E:\WINDOWS\start.chm SUCCESS
58490 7:26:45 PM winlogon.exe:504 DIRECTORY E:\WINDOWS SUCCESS Change Notify
58491 7:26:45 PM mcshield.exe:1336 OPEN E:\WINDOWS\start.chm SUCCESS Options: Open Access: All
58492 7:26:45 PM mcshield.exe:1336 QUERY INFORMATION E:\WINDOWS\start.chm SUCCESS FileBasicInformation
58493 7:26:45 PM mcshield.exe:1336 SET INFORMATION E:\WINDOWS\start.chm SUCCESS FileBasicInformation
58494 7:26:45 PM mcshield.exe:1336 QUERY INFORMATION E:\WINDOWS\start.chm SUCCESS FileStandardInformation
58495 7:26:45 PM mcshield.exe:1336 CLOSE E:\WINDOWS\start.chm SUCCESS
58496 7:26:45 PM mcshield.exe:1336 OPEN E:\WINDOWS\start.chm SUCCESS Options: Open Access: All
58497 7:26:45 PM mcshield.exe:1336 SET INFORMATION E:\WINDOWS\start.chm SUCCESS FileBasicInformation
58498 7:26:45 PM mcshield.exe:1336 QUERY INFORMATION E:\WINDOWS\start.chm SUCCESS FileStandardInformation
58499 7:26:45 PM mcshield.exe:1336 CLOSE E:\WINDOWS\start.chm SUCCESS
58500 7:26:45 PM mcshield.exe:1336 OPEN E:\WINDOWS\start.chm SUCCESS Options: Open Access: All
58501 7:26:45 PM mcshield.exe:1336 SET INFORMATION E:\WINDOWS\start.chm SUCCESS FileBasicInformation
58502 7:26:45 PM mcshield.exe:1336 READ E:\WINDOWS\start.chm SUCCESS Offset: 0 Length: 4096
58503 7:26:45 PM mcshield.exe:1336 READ E:\WINDOWS\start.chm SUCCESS Offset: 4096 Length: 4096
58504 7:26:45 PM mcshield.exe:1336 READ E:\WINDOWS\start.chm SUCCESS Offset: 8192 Length: 4096
58505 7:26:45 PM mcshield.exe:1336 READ E:\WINDOWS\start.chm SUCCESS Offset: 49152 Length: 4096
58506 7:26:45 PM mcshield.exe:1336 READ E:\WINDOWS\start.chm SUCCESS Offset: 20480 Length: 4096
58507 7:26:45 PM mcshield.exe:1336 READ E:\WINDOWS\start.chm SUCCESS Offset: 16384 Length: 4096
58508 7:26:45 PM mcshield.exe:1336 READ E:\WINDOWS\start.chm SUCCESS Offset: 61440 Length: 4096
58509 7:26:45 PM mcshield.exe:1336 CLOSE E:\WINDOWS\start.chm SUCCESS
58510 7:26:45 PM mcshield.exe:1336 OPEN E:\WINDOWS\start.chm SUCCESS Options: Open Access: All
58511 7:26:45 PM mcshield.exe:1336 SET INFORMATION E:\WINDOWS\start.chm SUCCESS FileBasicInformation
58512 7:26:45 PM mcshield.exe:1336 QUERY INFORMATION E:\WINDOWS\start.chm SUCCESS FileBasicInformation
58513 7:26:45 PM mcshield.exe:1336 CLOSE E:\WINDOWS\start.chm SUCCESS
58514 7:26:45 PM access[1].exe:2872 OPEN E:\DOCUME~1\USER~1\LOCALS~
58515 7:26:45 PM access[1].exe:2872 DIRECTORY E:\DOCUME~1\USER~1\LOCALS~
58516 7:26:45 PM access[1].exe:2872 CLOSE E:\DOCUME~1\USER~1\LOCALS~
58517 7:26:45 PM access[1].exe:2872 OPEN E:\DOCUME~1\USER~1\LOCALS~
58518 7:26:45 PM access[1].exe:2872 WRITE E:\DOCUME~1\USER~1\LOCALS~
58519 7:26:45 PM access[1].exe:2872 CLOSE E:\DOCUME~1\USER~1\LOCALS~
58520 7:26:45 PM mcshield.exe:1336 OPEN E:\DOCUME~1\USER~1\LOCALS~
58521 7:26:45 PM mcshield.exe:1336 QUERY INFORMATION E:\DOCUME~1\USER~1\LOCALS~
58522 7:26:45 PM mcshield.exe:1336 SET INFORMATION E:\DOCUME~1\USER~1\LOCALS~
58523 7:26:45 PM mcshield.exe:1336 QUERY INFORMATION E:\DOCUME~1\USER~1\LOCALS~
58524 7:26:45 PM mcshield.exe:1336 CLOSE E:\DOCUME~1\USER~1\LOCALS~
58525 7:26:45 PM mcshield.exe:1336 OPEN E:\ SUCCESS Options: Open Directory Access: All
58526 7:26:45 PM mcshield.exe:1336 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
58527 7:26:45 PM mcshield.exe:1336 CLOSE E:\ SUCCESS
58528 7:26:45 PM mcshield.exe:1336 OPEN E:\Documents and Settings\ SUCCESS Options: Open Directory Access: All
58529 7:26:45 PM mcshield.exe:1336 DIRECTORY E:\Documents and Settings\ SUCCESS FileBothDirectoryInformati
58530 7:26:45 PM mcshield.exe:1336 CLOSE E:\Documents and Settings\ SUCCESS
58531 7:26:45 PM mcshield.exe:1336 OPEN E:\Documents and Settings\User Name\ SUCCESS Options: Open Directory Access: All
58532 7:26:45 PM mcshield.exe:1336 DIRECTORY E:\Documents and Settings\User Name\ SUCCESS FileBothDirectoryInformati
58533 7:26:45 PM mcshield.exe:1336 CLOSE E:\Documents and Settings\User Name\ SUCCESS
58534 7:26:45 PM mcshield.exe:1336 OPEN E:\DOCUME~1\USER~1\LOCALS~
58535 7:26:45 PM mcshield.exe:1336 SET INFORMATION E:\DOCUME~1\USER~1\LOCALS~
58536 7:26:45 PM mcshield.exe:1336 QUERY INFORMATION E:\DOCUME~1\USER~1\LOCALS~
58537 7:26:45 PM mcshield.exe:1336 CLOSE E:\DOCUME~1\USER~1\LOCALS~
58538 7:26:45 PM mcshield.exe:1336 OPEN E:\DOCUME~1\USER~1\LOCALS~
58539 7:26:45 PM mcshield.exe:1336 SET INFORMATION E:\DOCUME~1\USER~1\LOCALS~
58540 7:26:45 PM mcshield.exe:1336 READ E:\DOCUME~1\USER~1\LOCALS~
58541 7:26:45 PM mcshield.exe:1336 READ E:\DOCUME~1\USER~1\LOCALS~
58542 7:26:45 PM mcshield.exe:1336 CLOSE E:\DOCUME~1\USER~1\LOCALS~
58543 7:26:45 PM mcshield.exe:1336 OPEN E:\DOCUME~1\USER~1\LOCALS~
58544 7:26:45 PM mcshield.exe:1336 SET INFORMATION E:\DOCUME~1\USER~1\LOCALS~
58545 7:26:45 PM mcshield.exe:1336 QUERY INFORMATION E:\DOCUME~1\USER~1\LOCALS~
58546 7:26:45 PM mcshield.exe:1336 CLOSE E:\DOCUME~1\USER~1\LOCALS~
58547 7:26:45 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\ole32.
58548 7:26:45 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\OLE32.
58549 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58550 7:26:45 PM zlclient.exe:3384 OPEN E:\ SUCCESS Options: Open Directory Access: All
58551 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
58552 7:26:45 PM zlclient.exe:3384 CLOSE E:\ SUCCESS
58553 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\ SUCCESS Options: Open Directory Access: All
58554 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\ SUCCESS FileBothDirectoryInformati
58555 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\ SUCCESS
58556 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS Options: Open Directory Access: All
58557 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS FileBothDirectoryInformati
58558 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS
58559 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS Options: Open Directory Access: All
58560 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS FileBothDirectoryInformati
58561 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS
58562 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58563 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58564 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58565 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\Program Files\Adobe\Acrobat 6.0\Acrobat\Acrobat.exe SUCCESS Attributes: A
58566 7:26:45 PM zlclient.exe:3384 OPEN E:\ SUCCESS Options: Open Directory Access: All
58567 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
58568 7:26:45 PM zlclient.exe:3384 CLOSE E:\ SUCCESS
58569 7:26:45 PM zlclient.exe:3384 OPEN E:\Program Files\Adobe\ SUCCESS Options: Open Directory Access: All
58570 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Program Files\Adobe\ SUCCESS FileBothDirectoryInformati
58571 7:26:45 PM zlclient.exe:3384 CLOSE E:\Program Files\Adobe\ SUCCESS
58572 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58573 7:26:45 PM zlclient.exe:3384 OPEN E:\ SUCCESS Options: Open Directory Access: All
58574 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
58575 7:26:45 PM zlclient.exe:3384 CLOSE E:\ SUCCESS
58576 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\ SUCCESS Options: Open Directory Access: All
58577 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\ SUCCESS FileBothDirectoryInformati
58578 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\ SUCCESS
58579 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS Options: Open Directory Access: All
58580 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS FileBothDirectoryInformati
58581 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS
58582 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS Options: Open Directory Access: All
58583 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS FileBothDirectoryInformati
58584 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS
58585 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58586 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58587 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58588 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\WINDOWS\system32\csrss.
58589 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58590 7:26:45 PM zlclient.exe:3384 OPEN E:\ SUCCESS Options: Open Directory Access: All
58591 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
58592 7:26:45 PM zlclient.exe:3384 CLOSE E:\ SUCCESS
58593 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\ SUCCESS Options: Open Directory Access: All
58594 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\ SUCCESS FileBothDirectoryInformati
58595 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\ SUCCESS
58596 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS Options: Open Directory Access: All
58597 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS FileBothDirectoryInformati
58598 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS
58599 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS Options: Open Directory Access: All
58600 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS FileBothDirectoryInformati
58601 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS
58602 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58603 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58604 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58605 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\WINDOWS\system32\ctfmon
58606 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58607 7:26:45 PM zlclient.exe:3384 OPEN E:\ SUCCESS Options: Open Directory Access: All
58608 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
58609 7:26:45 PM zlclient.exe:3384 CLOSE E:\ SUCCESS
58610 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\ SUCCESS Options: Open Directory Access: All
58611 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\ SUCCESS FileBothDirectoryInformati
58612 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\ SUCCESS
58613 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS Options: Open Directory Access: All
58614 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and SettingsUser Name\Desktop\Junk\ SUCCESS FileBothDirectoryInformati
58615 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS
58616 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS Options: Open Directory Access: All
58617 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS FileBothDirectoryInformati
58618 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS
58619 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58620 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58621 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58622 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\Filemon.
58623 7:26:45 PM zlclient.exe:3384 OPEN E:\ SUCCESS Options: Open Directory Access: All
58624 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
58625 7:26:45 PM zlclient.exe:3384 CLOSE E:\ SUCCESS
58626 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\ SUCCESS Options: Open Directory Access: All
58627 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\ SUCCESS FileBothDirectoryInformati
58628 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\ SUCCESS
58629 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58630 7:26:45 PM zlclient.exe:3384 OPEN E:\ SUCCESS Options: Open Directory Access: All
58631 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
58632 7:26:45 PM zlclient.exe:3384 CLOSE E:\ SUCCESS
58633 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\ SUCCESS Options: Open Directory Access: All
58634 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\ SUCCESS FileBothDirectoryInformati
58635 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\ SUCCESS
58636 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS Options: Open Directory Access: All
58637 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS FileBothDirectoryInformati
58638 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS
58639 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS Options: Open Directory Access: All
58640 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS FileBothDirectoryInformati
58641 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS
58642 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58643 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58644 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58645 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Filemon.exe FILE NOT FOUND Attributes: Error
58646 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58647 7:26:45 PM zlclient.exe:3384 OPEN E:\ SUCCESS Options: Open Directory Access: All
58648 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
58649 7:26:45 PM zlclient.exe:3384 CLOSE E:\ SUCCESS
58650 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\ SUCCESS Options: Open Directory Access: All
58651 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\ SUCCESS FileBothDirectoryInformati
58652 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\ SUCCESS
58653 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS Options: Open Directory Access: All
58654 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS FileBothDirectoryInformati
58655 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS
58656 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS Options: Open Directory Access: All
58657 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS FileBothDirectoryInformati
58658 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS
58659 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58660 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58661 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58662 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\WINDOWS\system32\svchos
58663 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58664 7:26:45 PM zlclient.exe:3384 OPEN E:\ SUCCESS Options: Open Directory Access: All
58665 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
58666 7:26:45 PM zlclient.exe:3384 CLOSE E:\ SUCCESS
58667 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\ SUCCESS Options: Open Directory Access: All
58668 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\ SUCCESS FileBothDirectoryInformati
58669 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\ SUCCESS
58670 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS Options: Open Directory Access: All
58671 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS FileBothDirectoryInformati
58672 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS
58673 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS Options: Open Directory Access: All
58674 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS FileBothDirectoryInformati
58675 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS
58676 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58677 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58678 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58679 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\Program Files\Internet Explorer\IEXPLORE.EXE SUCCESS Attributes: A
58680 7:26:45 PM zlclient.exe:3384 OPEN E:\ SUCCESS Options: Open Directory Access: All
58681 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
58682 7:26:45 PM zlclient.exe:3384 CLOSE E:\ SUCCESS
58683 7:26:45 PM zlclient.exe:3384 OPEN E:\Program Files\ SUCCESS Options: Open Directory Access: All
58684 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Program Files\ SUCCESS FileBothDirectoryInformati
58685 7:26:45 PM zlclient.exe:3384 CLOSE E:\Program Files\ SUCCESS
58686 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58687 7:26:45 PM zlclient.exe:3384 OPEN E:\ SUCCESS Options: Open Directory Access: All
58688 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
58689 7:26:45 PM zlclient.exe:3384 CLOSE E:\ SUCCESS
58690 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\ SUCCESS Options: Open Directory Access: All
58691 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\ SUCCESS FileBothDirectoryInformati
58692 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\ SUCCESS
58693 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS Options: Open Directory Access: All
58694 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS FileBothDirectoryInformati
58695 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS
58696 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS Options: Open Directory Access: All
58697 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS FileBothDirectoryInformati
58698 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS
58699 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58700 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58701 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58702 7:26:45 PM zlclient.exe:3384 OPEN C:\CFusionMX\runtime\bin\j
58703 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION C:\CFusionMX\runtime\bin\j
58704 7:26:45 PM zlclient.exe:3384 CLOSE C:\CFusionMX\runtime\bin\j
58705 7:26:45 PM zlclient.exe:3384 OPEN C:\ SUCCESS Options: Open Directory Access: All
58706 7:26:45 PM zlclient.exe:3384 DIRECTORY C:\ SUCCESS FileBothDirectoryInformati
58707 7:26:45 PM zlclient.exe:3384 CLOSE C:\ SUCCESS
58708 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58709 7:26:45 PM zlclient.exe:3384 OPEN E:\ SUCCESS Options: Open Directory Access: All
58710 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
58711 7:26:45 PM zlclient.exe:3384 CLOSE E:\ SUCCESS
58712 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\ SUCCESS Options: Open Directory Access: All
58713 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\ SUCCESS FileBothDirectoryInformati
58714 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\ SUCCESS
58715 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS Options: Open Directory Access: All
58716 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS FileBothDirectoryInformati
58717 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS
58718 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS Options: Open Directory Access: All
58719 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS FileBothDirectoryInformati
58720 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS
58721 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58722 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58723 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58724 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\Program Files\RoadRunner Rhapsody\Rhapsody.exe SUCCESS Attributes: A
58725 7:26:45 PM zlclient.exe:3384 OPEN E:\ SUCCESS Options: Open Directory Access: All
58726 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
58727 7:26:45 PM zlclient.exe:3384 CLOSE E:\ SUCCESS
58728 7:26:45 PM zlclient.exe:3384 OPEN E:\Program Files\ SUCCESS Options: Open Directory Access: All
58729 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Program Files\ SUCCESS FileBothDirectoryInformati
58730 7:26:45 PM zlclient.exe:3384 CLOSE E:\Program Files\ SUCCESS
58731 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58732 7:26:45 PM zlclient.exe:3384 OPEN E:\ SUCCESS Options: Open Directory Access: All
58733 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
58734 7:26:45 PM zlclient.exe:3384 CLOSE E:\ SUCCESS
58735 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\ SUCCESS Options: Open Directory Access: All
58736 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\ SUCCESS FileBothDirectoryInformati
58737 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\ SUCCESS
58738 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS Options: Open Directory Access: All
58739 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS FileBothDirectoryInformati
58740 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS
58741 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS Options: Open Directory Access: All
58742 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS FileBothDirectoryInformati
58743 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS
58744 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58745 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58746 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58747 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\Program Files\Magic Notes\Sticky32.exe SUCCESS Attributes: A
58748 7:26:45 PM zlclient.exe:3384 OPEN E:\ SUCCESS Options: Open Directory Access: All
58749 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
58750 7:26:45 PM zlclient.exe:3384 CLOSE E:\ SUCCESS
58751 7:26:45 PM zlclient.exe:3384 OPEN E:\Program Files\ SUCCESS Options: Open Directory Access: All
58752 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Program Files\ SUCCESS FileBothDirectoryInformati
58753 7:26:45 PM zlclient.exe:3384 CLOSE E:\Program Files\ SUCCESS
58754 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58755 7:26:45 PM zlclient.exe:3384 OPEN E:\ SUCCESS Options: Open Directory Access: All
58756 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
58757 7:26:45 PM zlclient.exe:3384 CLOSE E:\ SUCCESS
58758 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\ SUCCESS Options: Open Directory Access: All
58759 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\ SUCCESS FileBothDirectoryInformati
58760 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\ SUCCESS
58761 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS Options: Open Directory Access: All
58762 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS FileBothDirectoryInformati
58763 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS
58764 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS Options: Open Directory Access: All
58765 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS FileBothDirectoryInformati
58766 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS
58767 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58768 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58769 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58770 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\Program Files\MSN Messenger\msnmsgr.exe SUCCESS Attributes: A
58771 7:26:45 PM zlclient.exe:3384 OPEN E:\ SUCCESS Options: Open Directory Access: All
58772 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
58773 7:26:45 PM zlclient.exe:3384 CLOSE E:\ SUCCESS
58774 7:26:45 PM zlclient.exe:3384 OPEN E:\Program Files\ SUCCESS Options: Open Directory Access: All
58775 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Program Files\ SUCCESS FileBothDirectoryInformati
58776 7:26:45 PM zlclient.exe:3384 CLOSE E:\Program Files\ SUCCESS
58777 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58778 7:26:45 PM zlclient.exe:3384 OPEN E:\ SUCCESS Options: Open Directory Access: All
58779 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
58780 7:26:45 PM zlclient.exe:3384 CLOSE E:\ SUCCESS
58781 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\ SUCCESS Options: Open Directory Access: All
58782 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\ SUCCESS FileBothDirectoryInformati
58783 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\ SUCCESS
58784 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS Options: Open Directory Access: All
58785 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS FileBothDirectoryInformati
58786 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS
58787 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS Options: Open Directory Access: All
58788 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS FileBothDirectoryInformati
58789 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS
58790 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58791 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58792 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58793 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\Program Files\Microsoft Office\Office10\OUTLOOK.EX
58794 7:26:45 PM zlclient.exe:3384 OPEN E:\ SUCCESS Options: Open Directory Access: All
58795 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
58796 7:26:45 PM zlclient.exe:3384 CLOSE E:\ SUCCESS
58797 7:26:45 PM zlclient.exe:3384 OPEN E:\Program Files\ SUCCESS Options: Open Directory Access: All
58798 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Program Files\ SUCCESS FileBothDirectoryInformati
58799 7:26:45 PM zlclient.exe:3384 CLOSE E:\Program Files\ SUCCESS
58800 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58801 7:26:45 PM zlclient.exe:3384 OPEN E:\ SUCCESS Options: Open Directory Access: All
58802 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
58803 7:26:45 PM zlclient.exe:3384 CLOSE E:\ SUCCESS
58804 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\ SUCCESS Options: Open Directory Access: All
58805 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\ SUCCESS FileBothDirectoryInformati
58806 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\ SUCCESS
58807 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS Options: Open Directory Access: All
58808 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS FileBothDirectoryInformati
58809 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS
58810 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS Options: Open Directory Access: All
58811 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS FileBothDirectoryInformati
58812 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS
58813 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58814 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58815 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58816 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\Program Files\Stardock\ObjectDock\
58817 7:26:45 PM zlclient.exe:3384 OPEN E:\ SUCCESS Options: Open Directory Access: All
58818 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
58819 7:26:45 PM zlclient.exe:3384 CLOSE E:\ SUCCESS
58820 7:26:45 PM zlclient.exe:3384 OPEN E:\Program Files\Stardock\ SUCCESS Options: Open Directory Access: All
58821 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Program Files\Stardock\ SUCCESS FileBothDirectoryInformati
58822 7:26:45 PM zlclient.exe:3384 CLOSE E:\Program Files\Stardock\ SUCCESS
58823 7:26:45 PM zlclient.exe:3384 OPEN E:\Program Files\Stardock\ObjectDock\
58824 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Program Files\Stardock\ObjectDock\
58825 7:26:45 PM zlclient.exe:3384 CLOSE E:\Program Files\Stardock\ObjectDock\
58826 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58827 7:26:45 PM zlclient.exe:3384 OPEN E:\ SUCCESS Options: Open Directory Access: All
58828 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
58829 7:26:45 PM zlclient.exe:3384 CLOSE E:\ SUCCESS
58830 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\ SUCCESS Options: Open Directory Access: All
58831 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\ SUCCESS FileBothDirectoryInformati
58832 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\ SUCCESS
58833 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS Options: Open Directory Access: All
58834 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS FileBothDirectoryInformati
58835 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS
58836 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS Options: Open Directory Access: All
58837 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS FileBothDirectoryInformati
58838 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS
58839 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58840 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58841 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58842 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\Program Files\Common Files\Real\Update_OB\reale
58843 7:26:45 PM zlclient.exe:3384 OPEN E:\ SUCCESS Options: Open Directory Access: All
58844 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
58845 7:26:45 PM zlclient.exe:3384 CLOSE E:\ SUCCESS
58846 7:26:45 PM zlclient.exe:3384 OPEN E:\Program Files\ SUCCESS Options: Open Directory Access: All
58847 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Program Files\ SUCCESS FileBothDirectoryInformati
58848 7:26:45 PM zlclient.exe:3384 CLOSE E:\Program Files\ SUCCESS
58849 7:26:45 PM zlclient.exe:3384 OPEN E:\Program Files\Common Files\Real\ SUCCESS Options: Open Directory Access: All
58850 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Program Files\Common Files\Real\ SUCCESS FileBothDirectoryInformati
58851 7:26:45 PM zlclient.exe:3384 CLOSE E:\Program Files\Common Files\Real\ SUCCESS
58852 7:26:45 PM zlclient.exe:3384 OPEN E:\Program Files\Common Files\Real\Update_OB\ SUCCESS Options: Open Directory Access: All
58853 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Program Files\Common Files\Real\Update_OB\ SUCCESS FileBothDirectoryInformati
58854 7:26:45 PM zlclient.exe:3384 CLOSE E:\Program Files\Common Files\Real\Update_OB\ SUCCESS
58855 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58856 7:26:45 PM zlclient.exe:3384 OPEN E:\ SUCCESS Options: Open Directory Access: All
58857 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
58858 7:26:45 PM zlclient.exe:3384 CLOSE E:\ SUCCESS
58859 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\ SUCCESS Options: Open Directory Access: All
58860 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\ SUCCESS FileBothDirectoryInformati
58861 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\ SUCCESS
58862 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS Options: Open Directory Access: All
58863 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS FileBothDirectoryInformati
58864 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS
58865 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS Options: Open Directory Access: All
58866 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS FileBothDirectoryInformati
58867 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS
58868 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58869 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58870 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58871 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\WINDOWS\system32\dumpre
58872 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58873 7:26:45 PM zlclient.exe:3384 OPEN E:\ SUCCESS Options: Open Directory Access: All
58874 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
58875 7:26:45 PM zlclient.exe:3384 CLOSE E:\ SUCCESS
58876 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\ SUCCESS Options: Open Directory Access: All
58877 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\ SUCCESS FileBothDirectoryInformati
58878 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\ SUCCESS
58879 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS Options: Open Directory Access: All
58880 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS FileBothDirectoryInformati
58881 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS
58882 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS Options: Open Directory Access: All
58883 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS FileBothDirectoryInformati
58884 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS
58885 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58886 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58887 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58888 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\WINDOWS\explorer.exe SUCCESS Attributes: A
58889 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58890 7:26:45 PM zlclient.exe:3384 OPEN E:\ SUCCESS Options: Open Directory Access: All
58891 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
58892 7:26:45 PM zlclient.exe:3384 CLOSE E:\ SUCCESS
58893 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\ SUCCESS Options: Open Directory Access: All
58894 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\ SUCCESS FileBothDirectoryInformati
58895 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\ SUCCESS
58896 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS Options: Open Directory Access: All
58897 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS FileBothDirectoryInformati
58898 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS
58899 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS Options: Open Directory Access: All
58900 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS FileBothDirectoryInformati
58901 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS
58902 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58903 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58904 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58905 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\Program Files\Windows Media Player\wmplayer.exe SUCCESS Attributes: A
58906 7:26:45 PM zlclient.exe:3384 OPEN E:\ SUCCESS Options: Open Directory Access: All
58907 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
58908 7:26:45 PM zlclient.exe:3384 CLOSE E:\ SUCCESS
58909 7:26:45 PM zlclient.exe:3384 OPEN E:\Program Files\ SUCCESS Options: Open Directory Access: All
58910 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Program Files\ SUCCESS FileBothDirectoryInformati
58911 7:26:45 PM zlclient.exe:3384 CLOSE E:\Program Files\ SUCCESS
58912 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58913 7:26:45 PM zlclient.exe:3384 OPEN E:\ SUCCESS Options: Open Directory Access: All
58914 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
58915 7:26:45 PM zlclient.exe:3384 CLOSE E:\ SUCCESS
58916 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\ SUCCESS Options: Open Directory Access: All
58917 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\ SUCCESS FileBothDirectoryInformati
58918 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\ SUCCESS
58919 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS Options: Open Directory Access: All
58920 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS FileBothDirectoryInformati
58921 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS
58922 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS Options: Open Directory Access: All
58923 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS FileBothDirectoryInformati
58924 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS
58925 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58926 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58927 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58928 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\WINDOWS\system32\taskmg
58929 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58930 7:26:45 PM zlclient.exe:3384 OPEN E:\ SUCCESS Options: Open Directory Access: All
58931 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
58932 7:26:45 PM zlclient.exe:3384 CLOSE E:\ SUCCESS
58933 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\ SUCCESS Options: Open Directory Access: All
58934 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\ SUCCESS FileBothDirectoryInformati
58935 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\ SUCCESS
58936 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS Options: Open Directory Access: All
58937 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS FileBothDirectoryInformati
58938 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\ SUCCESS
58939 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS Options: Open Directory Access: All
58940 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS FileBothDirectoryInformati
58941 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\ SUCCESS
58942 7:26:45 PM zlclient.exe:3384 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58943 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58944 7:26:45 PM zlclient.exe:3384 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58945 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\Program Files\Zone Labs\ZoneAlarm\zlclient.ex
58946 7:26:45 PM zlclient.exe:3384 OPEN E:\ SUCCESS Options: Open Directory Access: All
58947 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
58948 7:26:45 PM zlclient.exe:3384 CLOSE E:\ SUCCESS
58949 7:26:45 PM zlclient.exe:3384 OPEN E:\Program Files\ SUCCESS Options: Open Directory Access: All
58950 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Program Files\ SUCCESS FileBothDirectoryInformati
58951 7:26:45 PM zlclient.exe:3384 CLOSE E:\Program Files\ SUCCESS
58952 7:26:45 PM zlclient.exe:3384 OPEN E:\Program Files\Zone Labs\ SUCCESS Options: Open Directory Access: All
58953 7:26:45 PM zlclient.exe:3384 DIRECTORY E:\Program Files\Zone Labs\ SUCCESS FileBothDirectoryInformati
58954 7:26:45 PM zlclient.exe:3384 CLOSE E:\Program Files\Zone Labs\ SUCCESS
58955 7:26:45 PM zlclient.exe:3384 QUERY INFORMATION E:\WINDOWS\Internet Logs\tvDebug.log SUCCESS Length: 45117
58956 7:26:45 PM zlclient.exe:3384 WRITE E:\WINDOWS\Internet Logs\tvDebug.log SUCCESS Offset: 45117 Length: 22
58957 7:26:45 PM zlclient.exe:3384 WRITE E:\WINDOWS\Internet Logs\tvDebug.log SUCCESS Offset: 45139 Length: 202
58958 7:26:45 PM zlclient.exe:3384 WRITE E:\WINDOWS\Internet Logs\tvDebug.log SUCCESS Offset: 45341 Length: 1
58959 7:26:45 PM zlclient.exe:3384 WRITE E:\WINDOWS\Internet Logs\tvDebug.log SUCCESS Offset: 45342 Length: 1
58960 7:26:45 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\system32\rpcss.
58961 7:26:45 PM access[1].exe:2872 OPEN E:\WINDOWS\system32\rpcss.
58962 7:26:45 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\system32\rpcss.
58963 7:26:45 PM access[1].exe:2872 CLOSE E:\WINDOWS\system32\rpcss.
58964 7:26:45 PM access[1].exe:2872 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58965 7:26:45 PM access[1].exe:2872 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58966 7:26:45 PM access[1].exe:2872 SET INFORMATION E:\WINDOWS\system32\config
58967 7:26:45 PM access[1].exe:2872 SET INFORMATION E:\WINDOWS\system32\config
58968 7:26:45 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\system32\uxthem
58969 7:26:45 PM access[1].exe:2872 OPEN E:\WINDOWS\system32\uxthem
58970 7:26:45 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\system32\uxthem
58971 7:26:45 PM access[1].exe:2872 CLOSE E:\WINDOWS\system32\uxthem
58972 7:26:45 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\system32\uxthem
58973 7:26:45 PM access[1].exe:2872 OPEN E:\WINDOWS\system32\uxthem
58974 7:26:45 PM access[1].exe:2872 CLOSE E:\WINDOWS\system32\uxthem
58975 7:26:45 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\uxthem
58976 7:26:45 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\UXTHEM
58977 7:26:45 PM access[1].exe:2872 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58978 7:26:45 PM access[1].exe:2872 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\UxTheme.dll FILE NOT FOUND Attributes: Error
58979 7:26:45 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\System32\UxThem
58980 7:26:45 PM vsmon.exe:3948 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58981 7:26:45 PM vsmon.exe:3948 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58982 7:26:45 PM vsmon.exe:3948 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58983 7:26:45 PM vsmon.exe:3948 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58984 7:26:45 PM vsmon.exe:3948 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58985 7:26:45 PM vsmon.exe:3948 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58986 7:26:45 PM vsmon.exe:3948 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58987 7:26:45 PM vsmon.exe:3948 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
58988 7:26:45 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\system32\uxthem
58989 7:26:45 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\system32\uxthem
58990 7:26:45 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\system32\uxthem
58991 7:26:45 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\System32\MSCTF.
58992 7:26:45 PM access[1].exe:2872 OPEN E:\WINDOWS\System32\MSCTF.
58993 7:26:45 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\System32\MSCTF.
58994 7:26:45 PM access[1].exe:2872 CLOSE E:\WINDOWS\System32\MSCTF.
58995 7:26:45 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\System32\MSCTF.
58996 7:26:45 PM access[1].exe:2872 OPEN E:\WINDOWS\System32\MSCTF.
58997 7:26:45 PM access[1].exe:2872 CLOSE E:\WINDOWS\System32\MSCTF.
58998 7:26:45 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\MSCTF.
58999 7:26:45 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\MSCTF.
59000 7:26:45 PM access[1].exe:2872 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59001 7:26:45 PM access[1].exe:2872 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\netapi32.dll FILE NOT FOUND Attributes: Error
59002 7:26:45 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\System32\netapi
59003 7:26:45 PM access[1].exe:2872 OPEN E:\WINDOWS\System32\netapi
59004 7:26:45 PM access[1].exe:2872 CLOSE E:\WINDOWS\System32\netapi
59005 7:26:45 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\netapi
59006 7:26:45 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\NETAPI
59007 7:26:45 PM access[1].exe:2872 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop SUCCESS Attributes: D
59008 7:26:45 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\system32\cmd.ex
59009 7:26:45 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\ SUCCESS Options: Open Directory Access: All
59010 7:26:45 PM explorer.exe:3188 DIRECTORY E:\Documents and Settings\User Name\Desktop\ SUCCESS FileBothDirectoryInformati
59011 7:26:45 PM explorer.exe:3188 OPEN E:\Documents and Settings\All Users\Desktop\ SUCCESS Options: Open Directory Access: All
59012 7:26:45 PM explorer.exe:3188 DIRECTORY E:\Documents and Settings\All Users\Desktop\ SUCCESS FileBothDirectoryInformati
59013 7:26:45 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
59014 7:26:45 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
59015 7:26:45 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
59016 7:26:45 PM StyleXPService.:812 QUERY INFORMATION E:\WINDOWS\system32\UXTHEM
59017 7:26:45 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\WINDOWS\system32\rpcss.
59018 7:26:45 PM IEXPLORE.EXE:2344 OPEN E:\WINDOWS\system32\rpcss.
59019 7:26:45 PM IEXPLORE.EXE:2344 QUERY INFORMATION E:\WINDOWS\system32\rpcss.
59020 7:26:45 PM IEXPLORE.EXE:2344 CLOSE E:\WINDOWS\system32\rpcss.
59021 7:26:45 PM explorer.exe:3188 QUERY INFORMATION E:\WINDOWS\system32\rpcss.
59022 7:26:45 PM explorer.exe:3188 OPEN E:\WINDOWS\system32\rpcss.
59023 7:26:45 PM explorer.exe:3188 QUERY INFORMATION E:\WINDOWS\system32\rpcss.
59024 7:26:45 PM explorer.exe:3188 CLOSE E:\WINDOWS\system32\rpcss.
59025 7:26:45 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk SUCCESS Attributes: DR
59026 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\system32\SHELL3
59027 7:26:46 PM explorer.exe:3188 QUERY INFORMATION E:\Program Files\PBStudio3\Readme.txt
59028 7:26:46 PM access[1].exe:2872 OPEN G:\ SUCCESS Options: Open Access: All
59029 7:26:46 PM access[1].exe:2872 QUERY INFORMATION G:\ SUCCESS Attributes: D
59030 7:26:46 PM access[1].exe:2872 CLOSE G:\ SUCCESS
59031 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\system32\rpcss.
59032 7:26:46 PM access[1].exe:2872 OPEN E:\WINDOWS\system32\rpcss.
59033 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\system32\rpcss.
59034 7:26:46 PM access[1].exe:2872 CLOSE E:\WINDOWS\system32\rpcss.
59035 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59036 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\SETUPAPI.dll FILE NOT FOUND Attributes: Error
59037 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\System32\SETUPA
59038 7:26:46 PM access[1].exe:2872 OPEN E:\WINDOWS\System32\SETUPA
59039 7:26:46 PM access[1].exe:2872 CLOSE E:\WINDOWS\System32\SETUPA
59040 7:26:46 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\setupa
59041 7:26:46 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\SETUPA
59042 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\ SUCCESS Attributes: D
59043 7:26:46 PM explorer.exe:3188 DIRECTORY E:\Documents and Settings\User Name\Desktop\ SUCCESS FileBothDirectoryInformati
59044 7:26:46 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Exercise\desk
59045 7:26:46 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\Exercise\desk
59046 7:26:46 PM explorer.exe:3188 LOCK E:\Documents and Settings\User Name\Desktop\Exercise\desk
59047 7:26:46 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Exercise\desk
59048 7:26:46 PM explorer.exe:3188 READ E:\Documents and Settings\User Name\Desktop\Exercise\desk
59049 7:26:46 PM explorer.exe:3188 UNLOCK E:\Documents and Settings\User Name\Desktop\Exercise\desk
59050 7:26:46 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\Exercise\desk
59051 7:26:46 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Exercise\desk
59052 7:26:46 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\Exercise\desk
59053 7:26:46 PM explorer.exe:3188 LOCK E:\Documents and Settings\User Name\Desktop\Exercise\desk
59054 7:26:46 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Exercise\desk
59055 7:26:46 PM explorer.exe:3188 READ E:\Documents and Settings\User Name\Desktop\Exercise\desk
59056 7:26:46 PM explorer.exe:3188 UNLOCK E:\Documents and Settings\User Name\Desktop\Exercise\desk
59057 7:26:46 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\Exercise\desk
59058 7:26:46 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Exercise\desk
59059 7:26:46 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\Exercise\desk
59060 7:26:46 PM explorer.exe:3188 LOCK E:\Documents and Settings\User Name\Desktop\Exercise\desk
59061 7:26:46 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Exercise\desk
59062 7:26:46 PM explorer.exe:3188 READ E:\Documents and Settings\User Name\Desktop\Exercise\desk
59063 7:26:46 PM explorer.exe:3188 UNLOCK E:\Documents and Settings\User Name\Desktop\Exercise\desk
59064 7:26:46 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\Exercise\desk
59065 7:26:46 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Exercise\desk
59066 7:26:46 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\Exercise\desk
59067 7:26:46 PM explorer.exe:3188 LOCK E:\Documents and Settings\User Name\Desktop\Exercise\desk
59068 7:26:46 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Exercise\desk
59069 7:26:46 PM explorer.exe:3188 READ E:\Documents and Settings\User Name\Desktop\Exercise\desk
59070 7:26:46 PM explorer.exe:3188 UNLOCK E:\Documents and Settings\User Name\Desktop\Exercise\desk
59071 7:26:46 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\Exercise\desk
59072 7:26:46 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Exercise\desk
59073 7:26:46 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\Exercise\desk
59074 7:26:46 PM explorer.exe:3188 LOCK E:\Documents and Settings\User Name\Desktop\Exercise\desk
59075 7:26:46 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Exercise\desk
59076 7:26:46 PM explorer.exe:3188 READ E:\Documents and Settings\User Name\Desktop\Exercise\desk
59077 7:26:46 PM explorer.exe:3188 UNLOCK E:\Documents and Settings\User Name\Desktop\Exercise\desk
59078 7:26:46 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\Exercise\desk
59079 7:26:46 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59080 7:26:46 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59081 7:26:46 PM explorer.exe:3188 LOCK E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59082 7:26:46 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59083 7:26:46 PM explorer.exe:3188 READ E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59084 7:26:46 PM explorer.exe:3188 UNLOCK E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59085 7:26:46 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59086 7:26:46 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59087 7:26:46 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59088 7:26:46 PM explorer.exe:3188 LOCK E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59089 7:26:46 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59090 7:26:46 PM explorer.exe:3188 READ E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59091 7:26:46 PM explorer.exe:3188 UNLOCK E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59092 7:26:46 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59093 7:26:46 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59094 7:26:46 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59095 7:26:46 PM explorer.exe:3188 LOCK E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59096 7:26:46 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59097 7:26:46 PM explorer.exe:3188 READ E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59098 7:26:46 PM explorer.exe:3188 UNLOCK E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59099 7:26:46 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59100 7:26:46 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59101 7:26:46 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59102 7:26:46 PM explorer.exe:3188 LOCK E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59103 7:26:46 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59104 7:26:46 PM explorer.exe:3188 READ E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59105 7:26:46 PM explorer.exe:3188 UNLOCK E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59106 7:26:46 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59107 7:26:46 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59108 7:26:46 PM explorer.exe:3188 OPEN E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59109 7:26:46 PM explorer.exe:3188 LOCK E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59110 7:26:46 PM explorer.exe:3188 QUERY INFORMATION E:\Documents and SettingsUser Name\Desktop\Junk\desktop.
59111 7:26:46 PM explorer.exe:3188 READ E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59112 7:26:46 PM explorer.exe:3188 UNLOCK E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59113 7:26:46 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\desktop.
59114 7:26:46 PM explorer.exe:3188 DIRECTORY E:\Documents and Settings\User Name\Desktop\ NO MORE FILES FileBothDirectoryInformati
59115 7:26:46 PM explorer.exe:3188 DIRECTORY E:\Documents and Settings\All Users\Desktop\ SUCCESS FileBothDirectoryInformati
59116 7:26:46 PM explorer.exe:3188 DIRECTORY E:\Documents and Settings\All Users\Desktop\ NO MORE FILES FileBothDirectoryInformati
59117 7:26:46 PM access[1].exe:2872 OPEN G:\Desktop.ini SUCCESS Options: Open Access: All
59118 7:26:46 PM access[1].exe:2872 LOCK G:\Desktop.ini SUCCESS Excl: No Offset: 0 Length: -1
59119 7:26:46 PM access[1].exe:2872 QUERY INFORMATION G:\Desktop.ini SUCCESS Length: 84
59120 7:26:46 PM access[1].exe:2872 READ G:\Desktop.ini SUCCESS Offset: 0 Length: 84
59121 7:26:46 PM access[1].exe:2872 UNLOCK G:\Desktop.ini RANGE NOT LOCKED Offset: 0 Length: -1
59122 7:26:46 PM access[1].exe:2872 CLOSE G:\Desktop.ini SUCCESS
59123 7:26:46 PM explorer.exe:3188 CLOSE E:\Documents and Settings\User Name\Desktop\ SUCCESS
59124 7:26:46 PM explorer.exe:3188 CLOSE E:\Documents and Settings\All Users\Desktop\ SUCCESS
59125 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\Documents and Settings\All Users\Documents SUCCESS Attributes: DR
59126 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\system32\rpcss.
59127 7:26:46 PM access[1].exe:2872 OPEN E:\WINDOWS\system32\rpcss.
59128 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\system32\rpcss.
59129 7:26:46 PM access[1].exe:2872 CLOSE E:\WINDOWS\system32\rpcss.
59130 7:26:46 PM access[1].exe:2872 OPEN E:\ SUCCESS Options: Open Directory Access: All
59131 7:26:46 PM access[1].exe:2872 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
59132 7:26:46 PM access[1].exe:2872 CLOSE E:\ SUCCESS
59133 7:26:46 PM access[1].exe:2872 OPEN E:\Documents and Settings\ SUCCESS Options: Open Directory Access: All
59134 7:26:46 PM access[1].exe:2872 DIRECTORY E:\Documents and Settings\ SUCCESS FileBothDirectoryInformati
59135 7:26:46 PM access[1].exe:2872 CLOSE E:\Documents and Settings\ SUCCESS
59136 7:26:46 PM access[1].exe:2872 OPEN E:\Documents and Settings\All Users\ SUCCESS Options: Open Directory Access: All
59137 7:26:46 PM access[1].exe:2872 DIRECTORY E:\Documents and Settings\All Users\ SUCCESS FileBothDirectoryInformati
59138 7:26:46 PM access[1].exe:2872 CLOSE E:\Documents and Settings\All Users\ SUCCESS
59139 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\Documents and Settings\All Users\Documents\desktop.in
59140 7:26:46 PM access[1].exe:2872 OPEN E:\Documents and Settings\All Users\Documents\desktop.in
59141 7:26:46 PM access[1].exe:2872 LOCK E:\Documents and Settings\All Users\Documents\desktop.in
59142 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\Documents and Settings\All Users\Documents\desktop.in
59143 7:26:46 PM access[1].exe:2872 READ E:\Documents and Settings\All Users\Documents\desktop.in
59144 7:26:46 PM access[1].exe:2872 UNLOCK E:\Documents and Settings\All Users\Documents\desktop.in
59145 7:26:46 PM access[1].exe:2872 CLOSE E:\Documents and Settings\All Users\Documents\desktop.in
59146 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\Documents and Settings\All Users\Documents\desktop.in
59147 7:26:46 PM access[1].exe:2872 OPEN E:\Documents and Settings\All Users\Documents\desktop.in
59148 7:26:46 PM access[1].exe:2872 LOCK E:\Documents and Settings\All Users\Documents\desktop.in
59149 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\Documents and Settings\All Users\Documents\desktop.in
59150 7:26:46 PM access[1].exe:2872 READ E:\Documents and Settings\All Users\Documents\desktop.in
59151 7:26:46 PM access[1].exe:2872 UNLOCK E:\Documents and Settings\All Users\Documents\desktop.in
59152 7:26:46 PM access[1].exe:2872 CLOSE E:\Documents and Settings\All Users\Documents\desktop.in
59153 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\Documents and Settings\All Users\Documents\desktop.in
59154 7:26:46 PM access[1].exe:2872 OPEN E:\Documents and Settings\All Users\Documents\desktop.in
59155 7:26:46 PM access[1].exe:2872 LOCK E:\Documents and Settings\All Users\Documents\desktop.in
59156 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\Documents and Settings\All Users\Documents\desktop.in
59157 7:26:46 PM access[1].exe:2872 READ E:\Documents and Settings\All Users\Documents\desktop.in
59158 7:26:46 PM access[1].exe:2872 UNLOCK E:\Documents and Settings\All Users\Documents\desktop.in
59159 7:26:46 PM access[1].exe:2872 CLOSE E:\Documents and Settings\All Users\Documents\desktop.in
59160 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\Documents and Settings\All Users\Documents\desktop.in
59161 7:26:46 PM access[1].exe:2872 OPEN E:\Documents and Settings\All Users\Documents\desktop.in
59162 7:26:46 PM access[1].exe:2872 LOCK E:\Documents and Settings\All Users\Documents\desktop.in
59163 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\Documents and Settings\All Users\Documents\desktop.in
59164 7:26:46 PM access[1].exe:2872 READ E:\Documents and Settings\All Users\Documents\desktop.in
59165 7:26:46 PM access[1].exe:2872 UNLOCK E:\Documents and Settings\All Users\Documents\desktop.in
59166 7:26:46 PM access[1].exe:2872 CLOSE E:\Documents and Settings\All Users\Documents\desktop.in
59167 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\Documents and Settings\All Users\Documents\desktop.in
59168 7:26:46 PM access[1].exe:2872 OPEN E:\Documents and Settings\All Users\Documents\desktop.in
59169 7:26:46 PM access[1].exe:2872 LOCK E:\Documents and Settings\All Users\Documents\desktop.in
59170 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\Documents and Settings\All Users\Documents\desktop.in
59171 7:26:46 PM access[1].exe:2872 READ E:\Documents and Settings\All Users\Documents\desktop.in
59172 7:26:46 PM access[1].exe:2872 UNLOCK E:\Documents and Settings\All Users\Documents\desktop.in
59173 7:26:46 PM access[1].exe:2872 CLOSE E:\Documents and Settings\All Users\Documents\desktop.in
59174 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop SUCCESS Attributes: D
59175 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\system32\rpcss.
59176 7:26:46 PM access[1].exe:2872 OPEN E:\WINDOWS\system32\rpcss.
59177 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\system32\rpcss.
59178 7:26:46 PM access[1].exe:2872 CLOSE E:\WINDOWS\system32\rpcss.
59179 7:26:46 PM access[1].exe:2872 OPEN E:\ SUCCESS Options: Open Directory Access: All
59180 7:26:46 PM access[1].exe:2872 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
59181 7:26:46 PM access[1].exe:2872 CLOSE E:\ SUCCESS
59182 7:26:46 PM access[1].exe:2872 OPEN E:\Documents and Settings\ SUCCESS Options: Open Directory Access: All
59183 7:26:46 PM access[1].exe:2872 DIRECTORY E:\Documents and Settings\ SUCCESS FileBothDirectoryInformati
59184 7:26:46 PM access[1].exe:2872 CLOSE E:\Documents and Settings\ SUCCESS
59185 7:26:46 PM access[1].exe:2872 OPEN E:\Documents and Settings\User Name\ SUCCESS Options: Open Directory Access: All
59186 7:26:46 PM access[1].exe:2872 DIRECTORY E:\Documents and Settings\User Name\ SUCCESS FileBothDirectoryInformati
59187 7:26:46 PM access[1].exe:2872 CLOSE E:\Documents and Settings\User Name\ SUCCESS
59188 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\Documents and Settings\All Users\Desktop SUCCESS Attributes: D
59189 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\system32\rpcss.
59190 7:26:46 PM access[1].exe:2872 OPEN E:\WINDOWS\system32\rpcss.
59191 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\system32\rpcss.
59192 7:26:46 PM access[1].exe:2872 CLOSE E:\WINDOWS\system32\rpcss.
59193 7:26:46 PM access[1].exe:2872 OPEN E:\ SUCCESS Options: Open Directory Access: All
59194 7:26:46 PM access[1].exe:2872 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
59195 7:26:46 PM access[1].exe:2872 CLOSE E:\ SUCCESS
59196 7:26:46 PM access[1].exe:2872 OPEN E:\Documents and Settings\ SUCCESS Options: Open Directory Access: All
59197 7:26:46 PM access[1].exe:2872 DIRECTORY E:\Documents and Settings\ SUCCESS FileBothDirectoryInformati
59198 7:26:46 PM access[1].exe:2872 CLOSE E:\Documents and Settings\ SUCCESS
59199 7:26:46 PM access[1].exe:2872 OPEN E:\Documents and Settings\All Users\ SUCCESS Options: Open Directory Access: All
59200 7:26:46 PM access[1].exe:2872 DIRECTORY E:\Documents and Settings\All Users\ SUCCESS FileBothDirectoryInformati
59201 7:26:46 PM access[1].exe:2872 CLOSE E:\Documents and Settings\All Users\ SUCCESS
59202 7:26:46 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\apphel
59203 7:26:46 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\APPHEL
59204 7:26:46 PM access[1].exe:2872 OPEN E:\Program Files\Qualcomm\Eudora\EuSh
59205 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59206 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\CLBCATQ.DLL FILE NOT FOUND Attributes: Error
59207 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\System32\CLBCAT
59208 7:26:46 PM access[1].exe:2872 OPEN E:\WINDOWS\System32\CLBCAT
59209 7:26:46 PM access[1].exe:2872 CLOSE E:\WINDOWS\System32\CLBCAT
59210 7:26:46 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\clbcat
59211 7:26:46 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\CLBCAT
59212 7:26:46 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\oleaut
59213 7:26:46 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\OLEAUT
59214 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59215 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\COMRes.dll FILE NOT FOUND Attributes: Error
59216 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\System32\COMRes
59217 7:26:46 PM access[1].exe:2872 OPEN E:\WINDOWS\System32\COMRes
59218 7:26:46 PM access[1].exe:2872 CLOSE E:\WINDOWS\System32\COMRes
59219 7:26:46 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\comres
59220 7:26:46 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\COMRES
59221 7:26:46 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\versio
59222 7:26:46 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\VERSIO
59223 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\Registration SUCCESS Attributes: D
59224 7:26:46 PM vstskmgr.exe:1360 SET INFORMATION E:\WINDOWS\system32\config
59225 7:26:46 PM vstskmgr.exe:1360 SET INFORMATION E:\WINDOWS\system32\config
59226 7:26:46 PM vstskmgr.exe:1360 SET INFORMATION E:\WINDOWS\system32\config
59227 7:26:46 PM vstskmgr.exe:1360 SET INFORMATION E:\WINDOWS\system32\config
59228 7:26:46 PM vstskmgr.exe:1360 SET INFORMATION E:\WINDOWS\system32\config
59229 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\Program Files\Qualcomm\Eudora\EuSh
59230 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\Program Files\Qualcomm\Eudora\EuSh
59231 7:26:46 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\system32\cmd.ex
59232 7:26:47 PM access[1].exe:2872 OPEN E:\WINDOWS\system32\cmd.ex
59233 7:26:47 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\system32\cmd.ex
59234 7:26:47 PM access[1].exe:2872 SET INFORMATION E:\WINDOWS\system32\cmd.ex
59235 7:26:47 PM access[1].exe:2872 READ E:\WINDOWS\system32\cmd.ex
59236 7:26:47 PM access[1].exe:2872 READ E:\WINDOWS\system32\cmd.ex
59237 7:26:47 PM access[1].exe:2872 READ E:\WINDOWS\system32\cmd.ex
59238 7:26:47 PM access[1].exe:2872 READ E:\WINDOWS\system32\cmd.ex
59239 7:26:47 PM access[1].exe:2872 READ E:\WINDOWS\system32\cmd.ex
59240 7:26:47 PM access[1].exe:2872 CLOSE E:\WINDOWS\system32\cmd.ex
59241 7:26:47 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\system32\cmd.ex
59242 7:26:47 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\system32\cmd.ex
59243 7:26:47 PM access[1].exe:2872 OPEN E:\WINDOWS\system32\cmd.ex
59244 7:26:47 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\system32\cmd.ex
59245 7:26:47 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\system32\cmd.ex
59246 7:26:47 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\system32\cmd.ex
59247 7:26:47 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\system32\cmd.ex
59248 7:26:47 PM access[1].exe:2872 QUERY INFORMATION E:\WINDOWS\system32\cmd.ex
59249 7:26:47 PM access[1].exe:2872 OPEN E:\ SUCCESS Options: Open Directory Access: All
59250 7:26:47 PM access[1].exe:2872 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
59251 7:26:47 PM access[1].exe:2872 CLOSE E:\ SUCCESS
59252 7:26:47 PM access[1].exe:2872 OPEN E:\WINDOWS\ SUCCESS Options: Open Directory Access: All
59253 7:26:47 PM access[1].exe:2872 DIRECTORY E:\WINDOWS\ SUCCESS FileBothDirectoryInformati
59254 7:26:47 PM access[1].exe:2872 CLOSE E:\WINDOWS\ SUCCESS
59255 7:26:47 PM access[1].exe:2872 OPEN E:\WINDOWS\system32\ SUCCESS Options: Open Directory Access: All
59256 7:26:47 PM access[1].exe:2872 DIRECTORY E:\WINDOWS\system32\ SUCCESS FileBothDirectoryInformati
59257 7:26:47 PM access[1].exe:2872 CLOSE E:\WINDOWS\system32\ SUCCESS
59258 7:26:47 PM access[1].exe:2872 OPEN E:\WINDOWS\system32\cmd.ex
59259 7:26:47 PM cmd.exe:2872 READ E:\WINDOWS\system32\cmd.ex
59260 7:26:47 PM access[1].exe:2872 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop SUCCESS Attributes: D
59261 7:26:47 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\cmd.ex
59262 7:26:47 PM vsmon.exe:3948 OPEN E:\ SUCCESS Options: Open Directory Access: All
59263 7:26:47 PM vsmon.exe:3948 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
59264 7:26:47 PM vsmon.exe:3948 CLOSE E:\ SUCCESS
59265 7:26:47 PM vsmon.exe:3948 OPEN E:\WINDOWS\ SUCCESS Options: Open Directory Access: All
59266 7:26:47 PM vsmon.exe:3948 DIRECTORY E:\WINDOWS\ SUCCESS FileBothDirectoryInformati
59267 7:26:47 PM vsmon.exe:3948 CLOSE E:\WINDOWS\ SUCCESS
59268 7:26:47 PM vsmon.exe:3948 OPEN E:\WINDOWS\system32\ SUCCESS Options: Open Directory Access: All
59269 7:26:47 PM vsmon.exe:3948 DIRECTORY E:\WINDOWS\system32\ SUCCESS FileBothDirectoryInformati
59270 7:26:47 PM vsmon.exe:3948 CLOSE E:\WINDOWS\system32\ SUCCESS
59271 7:26:47 PM access[1].exe:2872 CLOSE E:\WINDOWS\system32\cmd.ex
59272 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\WINDOWS\system32\cmd.ex
59273 7:26:47 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\NTDLL.
59274 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\WINDOWS\system32\cmd.ex
59275 7:26:47 PM cmd.exe:2544 OPEN E:\WINDOWS\Prefetch\CMD.EX
59276 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\WINDOWS\Prefetch\CMD.EX
59277 7:26:47 PM cmd.exe:2544 READ E:\WINDOWS\Prefetch\CMD.EX
59278 7:26:47 PM cmd.exe:2544 READ E:\WINDOWS\Prefetch\CMD.EX
59279 7:26:47 PM access[1].exe:2872 CLOSE E:\Documents and Settings\User Name\Desktop\ SUCCESS
59280 7:26:47 PM access[1].exe:2872 CLOSE E:\WINDOWS\WinSxS\x86_Micr
59281 7:26:47 PM access[1].exe:2872 CLOSE E:\WINDOWS\start.html SUCCESS
59282 7:26:47 PM winlogon.exe:504 DIRECTORY E:\WINDOWS Change Notify
59283 7:26:47 PM mcshield.exe:1336 OPEN E:\WINDOWS\start.html SUCCESS Options: Open Access: All
59284 7:26:47 PM mcshield.exe:1336 QUERY INFORMATION E:\WINDOWS\start.html SUCCESS FileBasicInformation
59285 7:26:47 PM mcshield.exe:1336 SET INFORMATION E:\WINDOWS\start.html SUCCESS FileBasicInformation
59286 7:26:47 PM mcshield.exe:1336 QUERY INFORMATION E:\WINDOWS\start.html SUCCESS FileStandardInformation
59287 7:26:47 PM mcshield.exe:1336 CLOSE E:\WINDOWS\start.html SUCCESS
59288 7:26:47 PM mcshield.exe:1336 OPEN E:\WINDOWS\start.html SUCCESS Options: Open Access: All
59289 7:26:47 PM mcshield.exe:1336 SET INFORMATION E:\WINDOWS\start.html SUCCESS FileBasicInformation
59290 7:26:47 PM mcshield.exe:1336 QUERY INFORMATION E:\WINDOWS\start.html SUCCESS FileStandardInformation
59291 7:26:47 PM mcshield.exe:1336 CLOSE E:\WINDOWS\start.html SUCCESS
59292 7:26:47 PM mcshield.exe:1336 OPEN E:\WINDOWS\start.html SUCCESS Options: Open Access: All
59293 7:26:47 PM mcshield.exe:1336 SET INFORMATION E:\WINDOWS\start.html SUCCESS FileBasicInformation
59294 7:26:47 PM mcshield.exe:1336 READ E:\WINDOWS\start.html SUCCESS Offset: 0 Length: 4096
59295 7:26:47 PM mcshield.exe:1336 READ E:\WINDOWS\start.html END OF FILE Offset: 1115 Length: 2981
59296 7:26:47 PM mcshield.exe:1336 CLOSE E:\WINDOWS\start.html SUCCESS
59297 7:26:47 PM mcshield.exe:1336 OPEN E:\WINDOWS\start.html SUCCESS Options: Open Access: All
59298 7:26:47 PM mcshield.exe:1336 SET INFORMATION E:\WINDOWS\start.html SUCCESS FileBasicInformation
59299 7:26:47 PM mcshield.exe:1336 QUERY INFORMATION E:\WINDOWS\start.html SUCCESS FileBasicInformation
59300 7:26:47 PM mcshield.exe:1336 CLOSE E:\WINDOWS\start.html SUCCESS
59301 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\Prefetch\ACCESS
59302 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\DESKTOP.IN
59303 7:26:47 PM svchost.exe:788 OPEN E:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\DESKTOP.IN
59304 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\DESKTOP.IN
59305 7:26:47 PM svchost.exe:788 CLOSE E:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\DESKTOP.IN
59306 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\DOCUMENTS AND SETTINGS\User Name\DESKTOP\JUNK\_XP CHANGER\TEMPORARY INTERNET FILES\CONTENT.IE5\5STYUYRS
59307 7:26:47 PM svchost.exe:788 OPEN E:\DOCUMENTS AND SETTINGS\User Name\DESKTOP\JUNK\_XP CHANGER\TEMPORARY INTERNET FILES\CONTENT.IE5\5STYUYRS
59308 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\DOCUMENTS AND SETTINGS\User Name\DESKTOP\JUNK\_XP CHANGER\TEMPORARY INTERNET FILES\CONTENT.IE5\5STYUYRS
59309 7:26:47 PM svchost.exe:788 CLOSE E:\DOCUMENTS AND SETTINGS\User Name\DESKTOP\JUNK\_XP CHANGER\TEMPORARY INTERNET FILES\CONTENT.IE5\5STYUYRS
59310 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\DOCUME~1\USER~1\LOCALS~
59311 7:26:47 PM svchost.exe:788 OPEN E:\DOCUME~1\USER~1\LOCALS~
59312 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\DOCUME~1\USER~1\LOCALS~
59313 7:26:47 PM svchost.exe:788 CLOSE E:\DOCUME~1\USER~1\LOCALS~
59314 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\REGISTRATION\R0
59315 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\REGISTRATION\R0
59316 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\REGISTRATION\R0
59317 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\REGISTRATION\R0
59318 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\ADVAPI
59319 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\SYSTEM32\ADVAPI
59320 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\ADVAPI
59321 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\SYSTEM32\ADVAPI
59322 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\APPHEL
59323 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\SYSTEM32\APPHEL
59324 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\APPHEL
59325 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\SYSTEM32\APPHEL
59326 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\CLBCAT
59327 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\SYSTEM32\CLBCAT
59328 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\CLBCAT
59329 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\SYSTEM32\CLBCAT
59330 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\CMD.EX
59331 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\SYSTEM32\CMD.EX
59332 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\CMD.EX
59333 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\SYSTEM32\CMD.EX
59334 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\COMCTL
59335 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\SYSTEM32\COMCTL
59336 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\COMCTL
59337 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\SYSTEM32\COMCTL
59338 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\COMRES
59339 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\SYSTEM32\COMRES
59340 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\COMRES
59341 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\SYSTEM32\COMRES
59342 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\CTYPE.
59343 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\SYSTEM32\CTYPE.
59344 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\CTYPE.
59345 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\SYSTEM32\CTYPE.
59346 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\GDI32.
59347 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\SYSTEM32\GDI32.
59348 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\GDI32.
59349 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\SYSTEM32\GDI32.
59350 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\KERNEL
59351 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\SYSTEM32\KERNEL
59352 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\KERNEL
59353 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\SYSTEM32\KERNEL
59354 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\LOCALE
59355 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\SYSTEM32\LOCALE
59356 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\LOCALE
59357 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\SYSTEM32\LOCALE
59358 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\MSCTF.
59359 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\SYSTEM32\MSCTF.
59360 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\MSCTF.
59361 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\SYSTEM32\MSCTF.
59362 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\MSVCRT
59363 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\SYSTEM32\MSVCRT
59364 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\MSVCRT
59365 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\SYSTEM32\MSVCRT
59366 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\NETAPI
59367 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\SYSTEM32\NETAPI
59368 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\NETAPI
59369 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\SYSTEM32\NETAPI
59370 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\NTDLL.
59371 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\SYSTEM32\NTDLL.
59372 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\NTDLL.
59373 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\SYSTEM32\NTDLL.
59374 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\OLE32.
59375 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\SYSTEM32\OLE32.
59376 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\OLE32.
59377 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\SYSTEM32\OLE32.
59378 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\OLEAUT
59379 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\SYSTEM32\OLEAUT
59380 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\OLEAUT
59381 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\SYSTEM32\OLEAUT
59382 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\RPCRT4
59383 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\SYSTEM32\RPCRT4
59384 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\RPCRT4
59385 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\SYSTEM32\RPCRT4
59386 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\RPCSS.
59387 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\SYSTEM32\RPCSS.
59388 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\RPCSS.
59389 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\SYSTEM32\RPCSS.
59390 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\SETUPA
59391 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\SYSTEM32\SETUPA
59392 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\SETUPA
59393 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\SYSTEM32\SETUPA
59394 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\SHELL3
59395 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\SYSTEM32\SHELL3
59396 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\SHELL3
59397 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\SYSTEM32\SHELL3
59398 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\SHLWAP
59399 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\SYSTEM32\SHLWAP
59400 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\SHLWAP
59401 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\SYSTEM32\SHLWAP
59402 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\SORTKE
59403 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\SYSTEM32\SORTKE
59404 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\SORTKE
59405 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\SYSTEM32\SORTKE
59406 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\SORTTB
59407 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\SYSTEM32\SORTTB
59408 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\SORTTB
59409 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\SYSTEM32\SORTTB
59410 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\UNICOD
59411 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\SYSTEM32\UNICOD
59412 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\UNICOD
59413 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\SYSTEM32\UNICOD
59414 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\USER32
59415 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\SYSTEM32\USER32
59416 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\USER32
59417 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\SYSTEM32\USER32
59418 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\UXTHEM
59419 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\SYSTEM32\UXTHEM
59420 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\UXTHEM
59421 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\SYSTEM32\UXTHEM
59422 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\VERSIO
59423 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\SYSTEM32\VERSIO
59424 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\VERSIO
59425 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\SYSTEM32\VERSIO
59426 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\WINDOWSSHELL.MA
59427 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\WINDOWSSHELL.MA
59428 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\WINDOWSSHELL.MA
59429 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\WINDOWSSHELL.MA
59430 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\WINSXS\X86_MICR
59431 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\WINSXS\X86_MICR
59432 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\WINSXS\X86_MICR
59433 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\WINSXS\X86_MICR
59434 7:26:47 PM svchost.exe:788 OPEN G:\DESKTOP.INI SUCCESS Options: Open Access: All
59435 7:26:47 PM svchost.exe:788 QUERY INFORMATION G:\DESKTOP.INI SUCCESS Attributes: HSA
59436 7:26:47 PM svchost.exe:788 CLOSE G:\DESKTOP.INI SUCCESS
59437 7:26:47 PM svchost.exe:788 OPEN G:\DESKTOP.INI SUCCESS Options: Open Access: All
59438 7:26:47 PM svchost.exe:788 QUERY INFORMATION G:\DESKTOP.INI SUCCESS FileInternalInformation
59439 7:26:47 PM svchost.exe:788 CLOSE G:\DESKTOP.INI SUCCESS
59440 7:26:47 PM svchost.exe:788 OPEN E:\ SUCCESS Options: Open Access: All
59441 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\ SUCCESS FileInternalInformation
59442 7:26:47 PM svchost.exe:788 CLOSE E:\ SUCCESS
59443 7:26:47 PM svchost.exe:788 OPEN E:\DOCUMENTS AND SETTINGS\ SUCCESS Options: Open Access: All
59444 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\DOCUMENTS AND SETTINGS\ SUCCESS FileInternalInformation
59445 7:26:47 PM svchost.exe:788 CLOSE E:\DOCUMENTS AND SETTINGS\ SUCCESS
59446 7:26:47 PM svchost.exe:788 OPEN E:\DOCUMENTS AND SETTINGS\ALL USERS\ SUCCESS Options: Open Access: All
59447 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\DOCUMENTS AND SETTINGS\ALL USERS\ SUCCESS FileInternalInformation
59448 7:26:47 PM svchost.exe:788 CLOSE E:\DOCUMENTS AND SETTINGS\ALL USERS\ SUCCESS
59449 7:26:47 PM svchost.exe:788 OPEN E:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\ SUCCESS Options: Open Access: All
59450 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\ SUCCESS FileInternalInformation
59451 7:26:47 PM svchost.exe:788 CLOSE E:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\ SUCCESS
59452 7:26:47 PM svchost.exe:788 OPEN E:\DOCUMENTS AND SETTINGS\USER NAME\ SUCCESS Options: Open Access: All
59453 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\DOCUMENTS AND SETTINGS\USER NAME\ SUCCESS FileInternalInformation
59454 7:26:47 PM svchost.exe:788 CLOSE E:\DOCUMENTS AND SETTINGS\USER NAME\ SUCCESS
59455 7:26:47 PM svchost.exe:788 OPEN E:\DOCUMENTS AND SETTINGS\USER NAME\DESKTOP\ SUCCESS Options: Open Access: All
59456 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\DOCUMENTS AND SETTINGS\USER NAME\DESKTOP\ SUCCESS FileInternalInformation
59457 7:26:47 PM svchost.exe:788 CLOSE E:\DOCUMENTS AND SETTINGS\USER NAME\DESKTOP\ SUCCESS
59458 7:26:47 PM svchost.exe:788 OPEN E:\DOCUMENTS AND SETTINGS\USER NAME\DESKTOP\JUNK\ SUCCESS Options: Open Access: All
59459 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\DOCUMENTS AND SETTINGS\USER NAME\DESKTOP\JUNK\ SUCCESS FileInternalInformation
59460 7:26:47 PM svchost.exe:788 CLOSE E:\DOCUMENTS AND SETTINGS\USER NAME\DESKTOP\JUNK\ SUCCESS
59461 7:26:47 PM svchost.exe:788 OPEN E:\DOCUMENTS AND SETTINGS\USER NAME\DESKTOP\JUNK\_XP CHANGER\ SUCCESS Options: Open Access: All
59462 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\DOCUMENTS AND SETTINGS\USER NAME\DESKTOP\JUNK\_XP CHANGER\ SUCCESS FileInternalInformation
59463 7:26:47 PM svchost.exe:788 CLOSE E:\DOCUMENTS AND SETTINGS\USER NAME\DESKTOP\JUNK\_XP CHANGER\ SUCCESS
59464 7:26:47 PM svchost.exe:788 OPEN E:\DOCUMENTS AND SETTINGS\USER NAME\DESKTOP\JUNK\_XP CHANGER\TEMPORARY INTERNET FILES\ SUCCESS Options: Open Access: All
59465 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\DOCUMENTS AND SETTINGS\USER NAME\DESKTOP\JUNK\_XP CHANGER\TEMPORARY INTERNET FILES\ SUCCESS FileInternalInformation
59466 7:26:47 PM svchost.exe:788 CLOSE E:\DOCUMENTS AND SETTINGS\USER NAME\DESKTOP\JUNK\_XP CHANGER\TEMPORARY INTERNET FILES\ SUCCESS
59467 7:26:47 PM svchost.exe:788 OPEN E:\DOCUMENTS AND SETTINGS\USER NAME\DESKTOP\JUNK\_XP CHANGER\TEMPORARY INTERNET FILES\CONTENT.IE5\ SUCCESS Options: Open Access: All
59468 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\DOCUMENTS AND SETTINGS\USER NAME\DESKTOP\JUNK\_XP CHANGER\TEMPORARY INTERNET FILES\CONTENT.IE5\ SUCCESS FileInternalInformation
59469 7:26:47 PM svchost.exe:788 CLOSE E:\DOCUMENTS AND SETTINGS\USER NAME\DESKTOP\JUNK\_XP CHANGER\TEMPORARY INTERNET FILES\CONTENT.IE5\ SUCCESS
59470 7:26:47 PM svchost.exe:788 OPEN E:\DOCUMENTS AND SETTINGS\USER NAME\DESKTOP\JUNK\_XP CHANGER\TEMPORARY INTERNET FILES\CONTENT.IE5\5STYUYRS
59471 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\DOCUMENTS AND SETTINGS\USER NAME\DESKTOP\JUNK\_XP CHANGER\TEMPORARY INTERNET FILES\CONTENT.IE5\5STYUYRS
59472 7:26:47 PM svchost.exe:788 CLOSE E:\DOCUMENTS AND SETTINGS\USER NAME\DESKTOP\JUNK\_XP CHANGER\TEMPORARY INTERNET FILES\CONTENT.IE5\5STYUYRS
59473 7:26:47 PM svchost.exe:788 OPEN E:\DOCUME~1\ SUCCESS Options: Open Access: All
59474 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\DOCUME~1\ SUCCESS FileInternalInformation
59475 7:26:47 PM svchost.exe:788 CLOSE E:\DOCUME~1\ SUCCESS
59476 7:26:47 PM svchost.exe:788 OPEN E:\DOCUME~1\USER~1\ SUCCESS Options: Open Access: All
59477 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\DOCUME~1\USER~1\ SUCCESS FileInternalInformation
59478 7:26:47 PM svchost.exe:788 CLOSE E:\DOCUME~1\USER~1\ SUCCESS
59479 7:26:47 PM svchost.exe:788 OPEN E:\DOCUME~1\USER~1\LOCALS~
59480 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\DOCUME~1\USER~1\LOCALS~
59481 7:26:47 PM svchost.exe:788 CLOSE E:\DOCUME~1\USER~1\LOCALS~
59482 7:26:47 PM svchost.exe:788 OPEN E:\DOCUME~1\USER~1\LOCALS~
59483 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\DOCUME~1\USER~1\LOCALS~
59484 7:26:47 PM svchost.exe:788 CLOSE E:\DOCUME~1\USER~1\LOCALS~
59485 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\ SUCCESS Options: Open Access: All
59486 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\ SUCCESS FileInternalInformation
59487 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\ SUCCESS
59488 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\REGISTRATION\ SUCCESS Options: Open Access: All
59489 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\REGISTRATION\ SUCCESS FileInternalInformation
59490 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\REGISTRATION\ SUCCESS
59491 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\SYSTEM32\ SUCCESS Options: Open Access: All
59492 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\SYSTEM32\ SUCCESS FileInternalInformation
59493 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\SYSTEM32\ SUCCESS
59494 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\WINSXS\ SUCCESS Options: Open Access: All
59495 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\WINSXS\ SUCCESS FileInternalInformation
59496 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\WINSXS\ SUCCESS
59497 7:26:47 PM svchost.exe:788 OPEN E:\WINDOWS\WINSXS\X86_MICR
59498 7:26:47 PM svchost.exe:788 QUERY INFORMATION E:\WINDOWS\WINSXS\X86_MICR
59499 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\WINSXS\X86_MICR
59500 7:26:47 PM svchost.exe:788 OPEN G:\ SUCCESS Options: Open Access: All
59501 7:26:47 PM svchost.exe:788 QUERY INFORMATION G:\ SUCCESS FileInternalInformation
59502 7:26:47 PM svchost.exe:788 CLOSE G:\ SUCCESS
59503 7:26:47 PM svchost.exe:788 CREATE E:\WINDOWS\Prefetch\ACCESS
59504 7:26:47 PM svchost.exe:788 WRITE E:\WINDOWS\Prefetch\ACCESS
59505 7:26:47 PM svchost.exe:788 CLOSE E:\WINDOWS\Prefetch\ACCESS
59506 7:26:47 PM mcshield.exe:1336 OPEN E:\WINDOWS\Prefetch\ACCESS
59507 7:26:47 PM mcshield.exe:1336 QUERY INFORMATION E:\WINDOWS\Prefetch\ACCESS
59508 7:26:47 PM mcshield.exe:1336 SET INFORMATION E:\WINDOWS\Prefetch\ACCESS
59509 7:26:47 PM mcshield.exe:1336 QUERY INFORMATION E:\WINDOWS\Prefetch\ACCESS
59510 7:26:47 PM mcshield.exe:1336 CLOSE E:\WINDOWS\Prefetch\ACCESS
59511 7:26:47 PM mcshield.exe:1336 OPEN E:\WINDOWS\Prefetch\ACCESS
59512 7:26:47 PM mcshield.exe:1336 SET INFORMATION E:\WINDOWS\Prefetch\ACCESS
59513 7:26:47 PM mcshield.exe:1336 QUERY INFORMATION E:\WINDOWS\Prefetch\ACCESS
59514 7:26:47 PM mcshield.exe:1336 CLOSE E:\WINDOWS\Prefetch\ACCESS
59515 7:26:47 PM mcshield.exe:1336 OPEN E:\WINDOWS\Prefetch\ACCESS
59516 7:26:47 PM mcshield.exe:1336 SET INFORMATION E:\WINDOWS\Prefetch\ACCESS
59517 7:26:47 PM mcshield.exe:1336 READ E:\WINDOWS\Prefetch\ACCESS
59518 7:26:47 PM mcshield.exe:1336 CLOSE E:\WINDOWS\Prefetch\ACCESS
59519 7:26:47 PM mcshield.exe:1336 OPEN E:\WINDOWS\Prefetch\ACCESS
59520 7:26:47 PM mcshield.exe:1336 SET INFORMATION E:\WINDOWS\Prefetch\ACCESS
59521 7:26:47 PM mcshield.exe:1336 QUERY INFORMATION E:\WINDOWS\Prefetch\ACCESS
59522 7:26:47 PM mcshield.exe:1336 CLOSE E:\WINDOWS\Prefetch\ACCESS
59523 7:26:47 PM cmd.exe:2544 OPEN E: SUCCESS Options: Open Access: All
59524 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E: BUFFER OVERFLOW FileFsVolumeInformation
59525 7:26:47 PM cmd.exe:2544 OPEN G: SUCCESS Options: Open Access: All
59526 7:26:47 PM cmd.exe:2544 QUERY INFORMATION G: BUFFER OVERFLOW FileFsVolumeInformation
59527 7:26:47 PM cmd.exe:2544 OPEN E:\ SUCCESS Options: Open Directory Access: All
59528 7:26:47 PM cmd.exe:2544 DIRECTORY E:\ SUCCESS FileNamesInformation
59529 7:26:47 PM cmd.exe:2544 DIRECTORY E:\ NO MORE FILES FileNamesInformation
59530 7:26:47 PM cmd.exe:2544 OPEN E:\DOCUMENTS AND SETTINGS\ SUCCESS Options: Open Directory Access: All
59531 7:26:47 PM cmd.exe:2544 DIRECTORY E:\DOCUMENTS AND SETTINGS\ SUCCESS FileNamesInformation
59532 7:26:47 PM cmd.exe:2544 DIRECTORY E:\DOCUMENTS AND SETTINGS\ NO MORE FILES FileNamesInformation
59533 7:26:47 PM cmd.exe:2544 OPEN E:\DOCUMENTS AND SETTINGS\User Name\ SUCCESS Options: Open Directory Access: All
59534 7:26:47 PM cmd.exe:2544 DIRECTORY E:\DOCUMENTS AND SETTINGS\USER NAME\ SUCCESS FileNamesInformation
59535 7:26:47 PM cmd.exe:2544 DIRECTORY E:\DOCUMENTS AND SETTINGS\USER NAME\ NO MORE FILES FileNamesInformation
59536 7:26:47 PM cmd.exe:2544 OPEN E:\DOCUMENTS AND SETTINGS\USER NAME\LOCAL SETTINGS\ SUCCESS Options: Open Directory Access: All
59537 7:26:47 PM cmd.exe:2544 DIRECTORY E:\DOCUMENTS AND SETTINGS\USER NAME\LOCAL SETTINGS\ SUCCESS FileNamesInformation
59538 7:26:47 PM cmd.exe:2544 DIRECTORY E:\DOCUMENTS AND SETTINGS\USER NAME\LOCAL SETTINGS\ NO MORE FILES FileNamesInformation
59539 7:26:47 PM cmd.exe:2544 OPEN E:\DOCUMENTS AND SETTINGS\USER NAME\LOCAL SETTINGS\TEMPORARY INTERNET FILES\ SUCCESS Options: Open Directory Access: All
59540 7:26:47 PM cmd.exe:2544 DIRECTORY E:\DOCUMENTS AND SETTINGS\USER NAME\LOCAL SETTINGS\TEMPORARY INTERNET FILES\ SUCCESS FileNamesInformation
59541 7:26:47 PM cmd.exe:2544 DIRECTORY E:\DOCUMENTS AND SETTINGS\USER NAME\LOCAL SETTINGS\TEMPORARY INTERNET FILES\ NO MORE FILES FileNamesInformation
59542 7:26:47 PM cmd.exe:2544 OPEN E:\DOCUMENTS AND SETTINGS\USER NAME\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\ SUCCESS Options: Open Directory Access: All
59543 7:26:47 PM cmd.exe:2544 DIRECTORY E:\DOCUMENTS AND SETTINGS\USER NAME\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\ SUCCESS FileNamesInformation
59544 7:26:47 PM cmd.exe:2544 DIRECTORY E:\DOCUMENTS AND SETTINGS\USER NAME\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\ NO MORE FILES FileNamesInformation
59545 7:26:47 PM cmd.exe:2544 OPEN E:\DOCUMENTS AND SETTINGS\USER NAME\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\0P234PYJ
59546 7:26:47 PM cmd.exe:2544 OPEN E:\WINDOWS\ SUCCESS Options: Open Directory Access: All
59547 7:26:47 PM cmd.exe:2544 DIRECTORY E:\WINDOWS\ SUCCESS FileNamesInformation
59548 7:26:47 PM cmd.exe:2544 DIRECTORY E:\WINDOWS\ NO MORE FILES FileNamesInformation
59549 7:26:47 PM cmd.exe:2544 OPEN E:\WINDOWS\SYSTEM32\ SUCCESS Options: Open Directory Access: All
59550 7:26:47 PM cmd.exe:2544 DIRECTORY E:\WINDOWS\SYSTEM32\ SUCCESS FileNamesInformation
59551 7:26:47 PM cmd.exe:2544 DIRECTORY E:\WINDOWS\SYSTEM32\ SUCCESS FileNamesInformation
59552 7:26:47 PM cmd.exe:2544 DIRECTORY E:\WINDOWS\SYSTEM32\ SUCCESS FileNamesInformation
59553 7:26:47 PM cmd.exe:2544 DIRECTORY E:\WINDOWS\SYSTEM32\ SUCCESS FileNamesInformation
59554 7:26:47 PM cmd.exe:2544 DIRECTORY E:\WINDOWS\SYSTEM32\ SUCCESS FileNamesInformation
59555 7:26:47 PM cmd.exe:2544 DIRECTORY E:\WINDOWS\SYSTEM32\ NO MORE FILES FileNamesInformation
59556 7:26:47 PM cmd.exe:2544 OPEN E:\WINDOWS\SYSTEM32\NTDLL.
59557 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\WINDOWS\SYSTEM32\NTDLL.
59558 7:26:47 PM cmd.exe:2544 OPEN E:\WINDOWS\SYSTEM32\KERNEL
59559 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\WINDOWS\SYSTEM32\KERNEL
59560 7:26:47 PM cmd.exe:2544 OPEN E:\WINDOWS\SYSTEM32\UNICOD
59561 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\WINDOWS\SYSTEM32\UNICOD
59562 7:26:47 PM cmd.exe:2544 OPEN E:\WINDOWS\SYSTEM32\LOCALE
59563 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\WINDOWS\SYSTEM32\LOCALE
59564 7:26:47 PM cmd.exe:2544 OPEN E:\WINDOWS\SYSTEM32\SORTTB
59565 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\WINDOWS\SYSTEM32\SORTTB
59566 7:26:47 PM cmd.exe:2544 OPEN E:\WINDOWS\SYSTEM32\MSVCRT
59567 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\WINDOWS\SYSTEM32\MSVCRT
59568 7:26:47 PM cmd.exe:2544 OPEN E:\WINDOWS\SYSTEM32\USER32
59569 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\WINDOWS\SYSTEM32\USER32
59570 7:26:47 PM cmd.exe:2544 OPEN E:\WINDOWS\SYSTEM32\GDI32.
59571 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\WINDOWS\SYSTEM32\GDI32.
59572 7:26:47 PM cmd.exe:2544 OPEN E:\WINDOWS\SYSTEM32\ADVAPI
59573 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\WINDOWS\SYSTEM32\ADVAPI
59574 7:26:47 PM cmd.exe:2544 OPEN E:\WINDOWS\SYSTEM32\RPCRT4
59575 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\WINDOWS\SYSTEM32\RPCRT4
59576 7:26:47 PM cmd.exe:2544 OPEN E:\WINDOWS\SYSTEM32\CTYPE.
59577 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\WINDOWS\SYSTEM32\CTYPE.
59578 7:26:47 PM cmd.exe:2544 OPEN E:\WINDOWS\SYSTEM32\CMD.EX
59579 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\WINDOWS\SYSTEM32\CMD.EX
59580 7:26:47 PM cmd.exe:2544 OPEN E:\WINDOWS\SYSTEM32\NTDLL.
59581 7:26:47 PM cmd.exe:2544 OPEN E:\WINDOWS\SYSTEM32\KERNEL
59582 7:26:47 PM cmd.exe:2544 OPEN E:\WINDOWS\SYSTEM32\MSVCRT
59583 7:26:47 PM cmd.exe:2544 OPEN E:\WINDOWS\SYSTEM32\USER32
59584 7:26:47 PM cmd.exe:2544 OPEN E:\WINDOWS\SYSTEM32\GDI32.
59585 7:26:47 PM cmd.exe:2544 OPEN E:\WINDOWS\SYSTEM32\ADVAPI
59586 7:26:47 PM cmd.exe:2544 OPEN E:\WINDOWS\SYSTEM32\RPCRT4
59587 7:26:47 PM cmd.exe:2544 OPEN E:\WINDOWS\SYSTEM32\CMD.EX
59588 7:26:47 PM cmd.exe:2544 READ E:\WINDOWS\SYSTEM32\CMD.EX
59589 7:26:47 PM cmd.exe:2544 READ E:\WINDOWS\SYSTEM32\CMD.EX
59590 7:26:47 PM cmd.exe:2544 READ E:\WINDOWS\SYSTEM32\CMD.EX
59591 7:26:47 PM cmd.exe:2544 OPEN E:\Documents and Settings\User Name\Desktop SUCCESS Options: Open Directory Access: Traverse
59592 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\WINDOWS\system32\cmd.ex
59593 7:26:47 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\kernel
59594 7:26:47 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\KERNEL
59595 7:26:47 PM csrss.exe:480 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\cmd.exe FILE NOT FOUND Attributes: Error
59596 7:26:47 PM csrss.exe:480 QUERY INFORMATION E:\??\E:\WINDOWS\system32\
59597 7:26:47 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\system32\cmd.ex
59598 7:26:47 PM csrss.exe:480 OPEN E:\WINDOWS\system32\cmd.ex
59599 7:26:47 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\system32\cmd.ex
59600 7:26:47 PM csrss.exe:480 SET INFORMATION E:\WINDOWS\system32\cmd.ex
59601 7:26:47 PM csrss.exe:480 READ E:\WINDOWS\system32\cmd.ex
59602 7:26:47 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\system32\cmd.ex
59603 7:26:47 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\system32\cmd.ex
59604 7:26:47 PM csrss.exe:480 READ E:\WINDOWS\system32\cmd.ex
59605 7:26:47 PM csrss.exe:480 CLOSE E:\WINDOWS\system32\cmd.ex
59606 7:26:47 PM csrss.exe:480 READ E: SUCCESS Offset: 21504 Length: 4096
59607 7:26:47 PM explorer.exe:3188 QUERY INFORMATION E:\Program Files\PBStudio3\Install.ex
59608 7:26:47 PM csrss.exe:480 READ E: SUCCESS Offset: 58368 Length: 12288
59609 7:26:47 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\msvcrt
59610 7:26:47 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\MSVCRT
59611 7:26:47 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\user32
59612 7:26:47 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\USER32
59613 7:26:47 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\gdi32.
59614 7:26:47 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\GDI32.
59615 7:26:47 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\advapi
59616 7:26:47 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\ADVAPI
59617 7:26:47 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\system32\rpcrt4
59618 7:26:47 PM vsmon.exe:3948 QUERY INFORMATION E:\WINDOWS\SYSTEM32\RPCRT4
59619 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop SUCCESS Attributes: D
59620 7:26:47 PM cmd.exe:2544 OPEN E:\ SUCCESS Options: Open Directory Access: All
59621 7:26:47 PM cmd.exe:2544 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
59622 7:26:47 PM cmd.exe:2544 CLOSE E:\ SUCCESS
59623 7:26:47 PM cmd.exe:2544 OPEN E:\Documents and Settings\ SUCCESS Options: Open Directory Access: All
59624 7:26:47 PM cmd.exe:2544 DIRECTORY E:\Documents and Settings\ SUCCESS FileBothDirectoryInformati
59625 7:26:47 PM cmd.exe:2544 CLOSE E:\Documents and Settings\ SUCCESS
59626 7:26:47 PM cmd.exe:2544 OPEN E:\Documents and Settings\User Name\ SUCCESS Options: Open Directory Access: All
59627 7:26:47 PM cmd.exe:2544 DIRECTORY E:\Documents and Settings\User Name\ SUCCESS FileBothDirectoryInformati
59628 7:26:47 PM cmd.exe:2544 CLOSE E:\Documents and Settings\User Name\ SUCCESS
59629 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop SUCCESS Attributes: D
59630 7:26:47 PM cmd.exe:2544 OPEN E:\ SUCCESS Options: Open Directory Access: All
59631 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\ SUCCESS FileNameInformation
59632 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\ SUCCESS FileFsVolumeInformation
59633 7:26:47 PM cmd.exe:2544 CLOSE E:\ SUCCESS
59634 7:26:47 PM cmd.exe:2544 OPEN E:\DOCUME~1\USER~1\LOCALS~
59635 7:26:47 PM cmd.exe:2544 DIRECTORY E:\DOCUME~1\USER~1\LOCALS~
59636 7:26:47 PM cmd.exe:2544 CLOSE E:\DOCUME~1\USER~1\LOCALS~
59637 7:26:47 PM cmd.exe:2544 OPEN E:\DOCUME~1\USER~1\LOCALS~
59638 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\DOCUME~1\USER~1\LOCALS~
59639 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\DOCUME~1\USER~1\LOCALS~
59640 7:26:47 PM cmd.exe:2544 OPEN E:\ SUCCESS Options: Open Directory Access: All
59641 7:26:47 PM cmd.exe:2544 DIRECTORY E:\ SUCCESS FileBothDirectoryInformati
59642 7:26:47 PM cmd.exe:2544 CLOSE E:\ SUCCESS
59643 7:26:47 PM cmd.exe:2544 OPEN E:\DOCUME~1\ SUCCESS Options: Open Directory Access: All
59644 7:26:47 PM cmd.exe:2544 DIRECTORY E:\DOCUME~1\ SUCCESS FileBothDirectoryInformati
59645 7:26:47 PM cmd.exe:2544 CLOSE E:\DOCUME~1\ SUCCESS
59646 7:26:47 PM cmd.exe:2544 OPEN E:\DOCUME~1\USER~1\ SUCCESS Options: Open Directory Access: All
59647 7:26:47 PM cmd.exe:2544 DIRECTORY E:\DOCUME~1\USER~1\ SUCCESS FileBothDirectoryInformati
59648 7:26:47 PM cmd.exe:2544 CLOSE E:\DOCUME~1\USER~1\ SUCCESS
59649 7:26:47 PM cmd.exe:2544 OPEN E:\DOCUME~1\USER~1\LOCALS~
59650 7:26:47 PM cmd.exe:2544 DIRECTORY E:\DOCUME~1\USER~1\LOCALS~
59651 7:26:47 PM cmd.exe:2544 CLOSE E:\DOCUME~1\USER~1\LOCALS~
59652 7:26:47 PM cmd.exe:2544 OPEN E:\DOCUME~1\USER~1\LOCALS~
59653 7:26:47 PM cmd.exe:2544 DIRECTORY E:\DOCUME~1\USER~1\LOCALS~
59654 7:26:47 PM cmd.exe:2544 CLOSE E:\DOCUME~1\USER~1\LOCALS~
59655 7:26:47 PM cmd.exe:2544 CLOSE E:\DOCUME~1\USER~1\LOCALS~
59656 7:26:47 PM cmd.exe:2544 OPEN E:\DOCUME~1\USER~1\LOCALS~
59657 7:26:47 PM cmd.exe:2544 READ E:\DOCUME~1\USER~1\LOCALS~
59658 7:26:47 PM cmd.exe:2544 CLOSE E:\DOCUME~1\USER~1\LOCALS~
59659 7:26:47 PM cmd.exe:2544 OPEN E:\DOCUME~1\USER~1\LOCALS~
59660 7:26:47 PM cmd.exe:2544 READ E:\DOCUME~1\USER~1\LOCALS~
59661 7:26:47 PM cmd.exe:2544 CLOSE E:\DOCUME~1\USER~1\LOCALS~
59662 7:26:47 PM cmd.exe:2544 OPEN E:\DOCUME~1\USER~1\LOCALS~
59663 7:26:47 PM cmd.exe:2544 READ E:\DOCUME~1\USER~1\LOCALS~
59664 7:26:47 PM cmd.exe:2544 CLOSE E:\DOCUME~1\USER~1\LOCALS~
59665 7:26:47 PM cmd.exe:2544 CREATE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59666 7:26:47 PM explorer.exe:3188 DIRECTORY E:\Documents and Settings\User Name\Desktop NOTIFY ENUM DIR Change Notify
59667 7:26:47 PM cmd.exe:2544 WRITE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59668 7:26:47 PM cmd.exe:2544 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59669 7:26:47 PM explorer.exe:3188 DIRECTORY E:\Documents and Settings\User Name\Desktop NOTIFY ENUM DIR Change Notify
59670 7:26:47 PM mcshield.exe:1336 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59671 7:26:47 PM mcshield.exe:1336 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59672 7:26:47 PM mcshield.exe:1336 SET INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59673 7:26:47 PM mcshield.exe:1336 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59674 7:26:47 PM mcshield.exe:1336 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59675 7:26:47 PM mcshield.exe:1336 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59676 7:26:47 PM mcshield.exe:1336 SET INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59677 7:26:47 PM mcshield.exe:1336 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59678 7:26:47 PM mcshield.exe:1336 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59679 7:26:47 PM mcshield.exe:1336 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59680 7:26:47 PM mcshield.exe:1336 SET INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59681 7:26:47 PM mcshield.exe:1336 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59682 7:26:47 PM mcshield.exe:1336 READ E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59683 7:26:47 PM mcshield.exe:1336 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59684 7:26:47 PM mcshield.exe:1336 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59685 7:26:47 PM mcshield.exe:1336 SET INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59686 7:26:47 PM mcshield.exe:1336 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59687 7:26:47 PM mcshield.exe:1336 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59688 7:26:47 PM cmd.exe:2544 OPEN E:\DOCUME~1\USER~1\LOCALS~
59689 7:26:47 PM cmd.exe:2544 READ E:\DOCUME~1\USER~1\LOCALS~
59690 7:26:47 PM cmd.exe:2544 CLOSE E:\DOCUME~1\USER~1\LOCALS~
59691 7:26:47 PM cmd.exe:2544 OPEN E:\ SUCCESS Options: Open Directory Access: All
59692 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\ SUCCESS FileNameInformation
59693 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\ SUCCESS FileFsAttributeInformation
59694 7:26:47 PM cmd.exe:2544 CLOSE E:\ SUCCESS
59695 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59696 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59697 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59698 7:26:47 PM cmd.exe:2544 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59699 7:26:47 PM cmd.exe:2544 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59700 7:26:47 PM cmd.exe:2544 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59701 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59702 7:26:47 PM cmd.exe:2544 DELETE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59703 7:26:47 PM cmd.exe:2544 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59704 7:26:47 PM explorer.exe:3188 DIRECTORY E:\Documents and Settings\User Name\Desktop NOTIFY ENUM DIR Change Notify
59705 7:26:47 PM cmd.exe:2544 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59706 7:26:47 PM cmd.exe:2544 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59707 7:26:47 PM explorer.exe:3188 DIRECTORY E:\Documents and Settings\User Name\Desktop Change Notify
59708 7:26:47 PM cmd.exe:2544 OPEN E:\DOCUME~1\USER~1\LOCALS~
59709 7:26:47 PM cmd.exe:2544 READ E:\DOCUME~1\USER~1\LOCALS~
59710 7:26:47 PM cmd.exe:2544 CLOSE E:\DOCUME~1\USER~1\LOCALS~
59711 7:26:47 PM cmd.exe:2544 OPEN E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59712 7:26:47 PM cmd.exe:2544 DIRECTORY E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59713 7:26:47 PM cmd.exe:2544 CLOSE E:\Documents and Settings\User Name\Desktop\Junk\_XP Changer\Temporary Internet Files\Content.IE5\5STYUYRS
59714 7:26:47 PM cmd.exe:2544 OPEN E:\DOCUME~1\USER~1\LOCALS~
59715 7:26:47 PM cmd.exe:2544 READ E:\DOCUME~1\User Name~1\LOCALS~1\Temp\hmkc.
59716 7:26:47 PM cmd.exe:2544 CLOSE E:\DOCUME~1\USER~1\LOCALS~
59717 7:26:47 PM cmd.exe:2544 OPEN E:\ SUCCESS Options: Open Directory Access: All
59718 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\ SUCCESS FileNameInformation
59719 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\ SUCCESS FileFsAttributeInformation
59720 7:26:47 PM cmd.exe:2544 CLOSE E:\ SUCCESS
59721 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\DOCUME~1\USER~1\LOCALS~
59722 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\DOCUME~1\USER~1\LOCALS~
59723 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\DOCUME~1\USER~1\LOCALS~
59724 7:26:47 PM cmd.exe:2544 OPEN E:\DOCUME~1\USER~1\LOCALS~
59725 7:26:47 PM cmd.exe:2544 DIRECTORY E:\DOCUME~1\USER~1\LOCALS~
59726 7:26:47 PM cmd.exe:2544 OPEN E:\DOCUME~1\USER~1\LOCALS~
59727 7:26:47 PM cmd.exe:2544 QUERY INFORMATION E:\DOCUME~1\USER~1\LOCALS~
59728 7:26:47 PM cmd.exe:2544 DELETE E:\DOCUME~1\USER~1\LOCALS~
59729 7:26:47 PM cmd.exe:2544 CLOSE E:\DOCUME~1\USER~1\LOCALS~
59730 7:26:47 PM cmd.exe:2544 DIRECTORY E:\DOCUME~1\USER~1\LOCALS~
59731 7:26:47 PM cmd.exe:2544 CLOSE E:\DOCUME~1\USER~1\LOCALS~
59732 7:26:47 PM cmd.exe:2544 OPEN E:\DOCUME~1\USER~1\LOCALS~
59733 7:26:47 PM csrss.exe:480 OPEN E:\WINDOWS\FONTS\VGAOEM.FO
59734 7:26:47 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\FONTS\VGAOEM.FO
59735 7:26:47 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\FONTS\VGAOEM.FO
59736 7:26:47 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\FONTS\VGAOEM.FO
59737 7:26:47 PM csrss.exe:480 QUERY INFORMATION E:\WINDOWS\FONTS\VGAOEM.FO
59738 7:26:47 PM csrss.exe:480 CLOSE E:\WINDOWS\FONTS\VGAOEM.FO
59739 7:26:47 PM csrss.exe:480 READ E:\WINDOWS\FONTS\VGAOEM.FO
59740 7:26:47 PM cmd.exe:2544 CLOSE E:\Documents and Settings\User Name\Desktop SUCCESS
59741 7:26:47 PM explorer.exe:3188 QUERY INFORMATION E:\Program Files\Magic Notes\Sticky32.exe SUCCESS Attributes: A
59742 7:26:47 PM explorer.exe:3188 OPEN E:\Program Files\Magic Notes\Sticky32.exe SUCCESS Options: Open Access: Execute
59743 7:26:47 PM explorer.exe:3188 QUERY INFORMATION E:\Program Files\Magic Notes\Sticky32.exe SUCCESS Length: 194810
59744 7:26:47 PM explorer.exe:3188 CLOSE E:\Program Files\Magic Notes\Sticky32.exe SUCCESS
As you can see access[1].exe is generated somehow,
then cmd.exe which keeps reappearing, deletes this, there is no spyware, antivirus tool that removes this...
and i can't seem to be able to go to safe mode
help please! guys!
ASKER
I tried everything. It seems to be affecting everything on my pc...
here is a filesystem log....
here is a filesystem log....
Take it to a local shop and let them fix it.
screw it. backup you email, your documents, wipe the system and reinstall
ASKER
yeah i'll do that then...
darn!
darn!
ASKER
thanks blue zee,
that didn't work either... i'll wait and see if there are any more answers, I'm waiting to finish a few projects, then i'm formating the hard-disk.
thanks tho
ding!
Do not open your IE.
Right Click it, manually change your homepage to what you want.
Then delete ALL your Temporary Internet Files (not just using the button) but going into the folder itself and delete everything out.
Right Click it, manually change your homepage to what you want.
Then delete ALL your Temporary Internet Files (not just using the button) but going into the folder itself and delete everything out.
Hey dinglydo, was on google and I came across the forum.
The exact same thing has taken over my internet explorer. The reason norton doesn't detect it at first is because the access[1].exe puts fake definitions to hide it. At least I think so because it showed up in Filemon tampering with norton definition files. Pest Patrol, ad aware, spybot-search and destroy, cwshredder.... none of these detect anything to do with this problem. I've been battling with this for a couple days now and the closest I got to ridding of it was today, when I came across a remove.exe hosted by the same site that made the spyware(master-search.com)
and to my suprise the homepage was set back to msn.com. This was short lived as I came back several hours later only to find that start.chm and start.html were back in action. I hope there is a fix for it soon, reformatting is sounding better and better.
The exact same thing has taken over my internet explorer. The reason norton doesn't detect it at first is because the access[1].exe puts fake definitions to hide it. At least I think so because it showed up in Filemon tampering with norton definition files. Pest Patrol, ad aware, spybot-search and destroy, cwshredder.... none of these detect anything to do with this problem. I've been battling with this for a couple days now and the closest I got to ridding of it was today, when I came across a remove.exe hosted by the same site that made the spyware(master-search.com)
and to my suprise the homepage was set back to msn.com. This was short lived as I came back several hours later only to find that start.chm and start.html were back in action. I hope there is a fix for it soon, reformatting is sounding better and better.
ASKER
Hey Mephitic,
how do we get the word out, we really need help...
To the person who developed this irritant.... i'm having violent thoughts.... Who the F*&#@ do the think they are trying to attract?
So how did u stop it from sending to master-search.com?
now my windows picture and fax viewer isn't working
my administrator account has disappeared...
formating is what i got at the moment, but oh my goodness, lots of documents, lots to backup,
how do we get the word out, we really need help...
To the person who developed this irritant.... i'm having violent thoughts.... Who the F*&#@ do the think they are trying to attract?
So how did u stop it from sending to master-search.com?
now my windows picture and fax viewer isn't working
my administrator account has disappeared...
formating is what i got at the moment, but oh my goodness, lots of documents, lots to backup,
ASKER
I think its affected the index.dat for internet explorer... we could delete that going into safe boot, but that doesn't seem to work anymore...
Your admin account disappeared? wow that didn't happen to me.
the remove.exe popped up on my firewall and I said block.
I can see why nothing detects this, it uses legit system.dll's to do its bidding. the only thing I could see that could be detectable is the access[1].exe and some .bats in makes. but they just delete themselves anyway, need to figure out where those are getting generated.
the remove.exe popped up on my firewall and I said block.
I can see why nothing detects this, it uses legit system.dll's to do its bidding. the only thing I could see that could be detectable is the access[1].exe and some .bats in makes. but they just delete themselves anyway, need to figure out where those are getting generated.
I had same problem and got rid of it with this link. I was desperate and i ran the little remove.exe program and it worked. Know I can't offcourse guarantee that nothing else is on the pc after this. I scanned the program using every spyware, ad-aware and trojan remover I had and they came up with no infections in it. I ran the program and so far 3days and nothing so check it out
Chatting
http://www.master-search.com/
Chatting
http://www.master-search.com/
Sry
Didn't see that it was already posted. Anyway, seems to work for me though. Might just be lucky or they might start again I see.
Didn't see that it was already posted. Anyway, seems to work for me though. Might just be lucky or they might start again I see.
Be careful with that remove.exe, its up to no good. Im waiting for a legit remove.exe
ASKER
i used remove.exe, for temporary relief... i prevented it from sending anything to the internet
but now i guess its back in full force...
i send the info to symantec... no response yet...
but now i guess its back in full force...
i send the info to symantec... no response yet...
Maybe the remove.exe only removes itself if you let it send all that info back to master search.
I'm definately not gonna test that theory ;)
"Having problems?
Please use this utility for the removal
Please wait up to 2 hours for the removal process to complete.
"
2hours is probably how long it takes for a really slow dialup to send all that info back to them?
symantec or someone should disect the remove.exe and make one that just removes the master search stuff.
I'm definately not gonna test that theory ;)
"Having problems?
Please use this utility for the removal
Please wait up to 2 hours for the removal process to complete.
"
2hours is probably how long it takes for a really slow dialup to send all that info back to them?
symantec or someone should disect the remove.exe and make one that just removes the master search stuff.
ASKER
formatted drive,
everything fine so far!
hmm... where was i... oh office xp... well, thanks guys
take care!
ding! (george)
everything fine so far!
hmm... where was i... oh office xp... well, thanks guys
take care!
ding! (george)
Hey guys
This remove.exe still seems to have done the trick on my pc. I forgot to say that the with the tip I got, I was told to remove 2 files in C:\WINDOWS : start.chm and start.html.
I'll let you know later wether I'm still good or everythings gone wrong
This remove.exe still seems to have done the trick on my pc. I forgot to say that the with the tip I got, I was told to remove 2 files in C:\WINDOWS : start.chm and start.html.
I'll let you know later wether I'm still good or everythings gone wrong
...one more thing in case anyone's interested. I've seen this problem and a program called StartPageguard prevented the startpage from changing.
http://www.webattack.com/get/startpageguard.shtml
However, it didn't solve the underlying problem. Something kept trying to change the start page and this just stopped it.
The path that these experts were originally on (spyware) is what ultimately solved the problem.
http://www.webattack.com/get/startpageguard.shtml
However, it didn't solve the underlying problem. Something kept trying to change the start page and this just stopped it.
The path that these experts were originally on (spyware) is what ultimately solved the problem.
Many times ActiveX scripts can cause the internet explorer settings to change.
Can you try disabling all Active X and other scripts within your IE settings ?
You can even set the "security" to High in your Internet Explorer properties for now.
I don't think your problem is coming from a "normal" file or registry setting at this point considering all that you have already done.
Further, I would like to know what items you have listed in:
C:\WINDOWS\Downloaded Program Files
This is where any downloaded active x plug-ins go.
Most people pay lots of attention to "real exe's" and such, but we all forget that Internet Explorer has full access to our cpu with various scripting technologies, activex being the biggest !
hope this helps,
haresh
Can you try disabling all Active X and other scripts within your IE settings ?
You can even set the "security" to High in your Internet Explorer properties for now.
I don't think your problem is coming from a "normal" file or registry setting at this point considering all that you have already done.
Further, I would like to know what items you have listed in:
C:\WINDOWS\Downloaded Program Files
This is where any downloaded active x plug-ins go.
Most people pay lots of attention to "real exe's" and such, but we all forget that Internet Explorer has full access to our cpu with various scripting technologies, activex being the biggest !
hope this helps,
haresh
I had the same problem with a page named motor-search.com. I pinged their IP address several times to see if something was there. Then wrote them an emphatic email... admin seemed to work for that domain. The response I got was that there was a link at the bottom of the page that would remove the offending material. It was far enough down that most of would not have seen it and it sort of keeps them from prosecution. You might just want to scroll down the page if you see something like this.
I looked at the source which appeared to be benign and it appeared to do the job. This was several days ago and I have not seen their nonsense since. However I am keeping copies of my notes for reference if I have to deal with them later.
richmondeagle
I looked at the source which appeared to be benign and it appeared to do the job. This was several days ago and I have not seen their nonsense since. However I am keeping copies of my notes for reference if I have to deal with them later.
richmondeagle
ASKER
I was aware of the active x scripts, and deleted all my e:\windows\downloaded files... i guess it wasn't any of that... I went into dos using NTFS commander and deleted the internet explorer program file and most folders in documents and settings... well... i think master-search should be procecuted... big time.
anyway.
these i'm loaded with antispyware software like ad-ware and mcafee stinger.
i think cwshreader ain't so powerful as it used to be...
anyway.
these i'm loaded with antispyware software like ad-ware and mcafee stinger.
i think cwshreader ain't so powerful as it used to be...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
After installing them, First Update them and then run
Spyware/Adware removal tools:
--------------------------
What is spyware : http://www.spychecker.com/spyware.html
SpyBot-S&D : http://www.webattack.com/download/dlspybot.shtml
Ad-aware : http://www.webattack.com/download/dladaware.shtml
CWShredder: http://www.softpedia.com/public/cat/10/17/10-17-150.shtml
HijackThis : http://www.webattack.com/download/dlhijackthis.shtml
Pest Patrol : http://www.pestpatrol.com/