1 8:45:38 PM explorer.exe:1196 OPEN C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS Options: Open Access: All 2 8:45:38 PM explorer.exe:1196 QUERY INFORMATION C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS Attributes: A 3 8:45:38 PM explorer.exe:1196 CLOSE C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS 4 8:45:38 PM explorer.exe:1196 OPEN C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS Options: Open Access: All 5 8:45:38 PM explorer.exe:1196 QUERY INFORMATION C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS Attributes: A 6 8:45:38 PM explorer.exe:1196 CLOSE C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS 7 8:45:38 PM explorer.exe:1196 OPEN C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS Options: Open Access: All 8 8:45:38 PM explorer.exe:1196 QUERY INFORMATION C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS Attributes: A 9 8:45:38 PM explorer.exe:1196 CLOSE C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS 10 8:45:38 PM csrss.exe:544 OPEN C:\WINDOWS\WinSxS\Policies\x86_Policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_en-US_580a28ff\ NOT FOUND Options: Open Directory Access: All 11 8:45:38 PM csrss.exe:544 OPEN C:\WINDOWS\Assembly\GAC\Policy.6.0.Microsoft.Windows.Common-Controls\ PATH NOT FOUND Options: Open Directory Access: All 12 8:45:38 PM csrss.exe:544 OPEN C:\WINDOWS\System32\en-US NOT FOUND Options: Open Access: All 13 8:45:38 PM csrss.exe:544 OPEN C:\WINDOWS\System32\en NOT FOUND Options: Open Access: All 14 8:45:38 PM csrss.exe:544 OPEN C:\WINDOWS\System32\ SUCCESS Options: Open Access: All 15 8:45:38 PM csrss.exe:544 QUERY INFORMATION C:\WINDOWS\System32\ SUCCESS Attributes: D 16 8:45:38 PM csrss.exe:544 CLOSE C:\WINDOWS\System32\ SUCCESS 17 8:45:38 PM csrss.exe:544 OPEN C:\WINDOWS\System32\ SUCCESS Options: Open Access: All 18 8:45:38 PM csrss.exe:544 QUERY INFORMATION C:\WINDOWS\System32\ SUCCESS Attributes: D 19 8:45:38 PM csrss.exe:544 CLOSE C:\WINDOWS\System32\ SUCCESS 20 8:45:38 PM csrss.exe:544 OPEN C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_en-US_f6b1e800.Manifest NOT FOUND Options: Open Access: All 21 8:45:38 PM csrss.exe:544 OPEN C:\WINDOWS\assembly\GAC\Microsoft.Windows.Common-Controls\6.0.0.0_en-US_6595b64144ccf1df\Microsoft.Windows.Common-Controls.DLL PATH NOT FOUND Options: Open Access: All 22 8:45:38 PM csrss.exe:544 OPEN C:\WINDOWS\WinSxS\Policies\x86_Policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_en_66c5eee6\ NOT FOUND Options: Open Directory Access: All 23 8:45:38 PM csrss.exe:544 OPEN C:\WINDOWS\Assembly\GAC\Policy.6.0.Microsoft.Windows.Common-Controls\ PATH NOT FOUND Options: Open Directory Access: All 24 8:45:38 PM csrss.exe:544 OPEN C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_en_5cce9bd9.Manifest NOT FOUND Options: Open Access: All 25 8:45:38 PM csrss.exe:544 OPEN C:\WINDOWS\assembly\GAC\Microsoft.Windows.Common-Controls\6.0.0.0_en_6595b64144ccf1df\Microsoft.Windows.Common-Controls.DLL PATH NOT FOUND Options: Open Access: All 26 8:45:38 PM csrss.exe:544 OPEN C:\WINDOWS\WinSxS\Policies\x86_Policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\ SUCCESS Options: Open Directory Access: All 27 8:45:38 PM csrss.exe:544 DIRECTORY C:\WINDOWS\WinSxS\Policies\x86_Policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\ SUCCESS FileBothDirectoryInformation: *.policy 28 8:45:38 PM csrss.exe:544 DIRECTORY C:\WINDOWS\WinSxS\Policies\x86_Policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\ NO MORE FILES FileBothDirectoryInformation 29 8:45:38 PM csrss.exe:544 CLOSE C:\WINDOWS\WinSxS\Policies\x86_Policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\ SUCCESS 30 8:45:38 PM csrss.exe:544 OPEN C:\WINDOWS\WinSxS\Policies\x86_Policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.2180.Policy SUCCESS Options: Open Sequential Access: All 31 8:45:38 PM csrss.exe:544 QUERY INFORMATION C:\WINDOWS\WinSxS\Policies\x86_Policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.2180.Policy SUCCESS FileFsVolumeInformation 32 8:45:38 PM csrss.exe:544 QUERY INFORMATION C:\WINDOWS\WinSxS\Policies\x86_Policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.2180.Policy BUFFER OVERFLOW FileAllInformation 33 8:45:38 PM csrss.exe:544 READ C:\WINDOWS\WinSxS\Policies\x86_Policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.2180.Policy SUCCESS Offset: 0 Length: 4095 34 8:45:38 PM csrss.exe:544 READ C:\WINDOWS\WinSxS\Policies\x86_Policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.2180.Policy END OF FILE Offset: 621 Length: 8178 35 8:45:38 PM csrss.exe:544 CLOSE C:\WINDOWS\WinSxS\Policies\x86_Policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.2180.Policy SUCCESS 36 8:45:38 PM csrss.exe:544 OPEN C:\WINDOWS\Assembly\GAC\Policy.6.0.Microsoft.Windows.Common-Controls\ PATH NOT FOUND Options: Open Directory Access: All 37 8:45:38 PM csrss.exe:544 OPEN C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9.Manifest SUCCESS Options: Open Access: All 38 8:45:38 PM csrss.exe:544 QUERY INFORMATION C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9.Manifest SUCCESS Attributes: 39 8:45:38 PM csrss.exe:544 CLOSE C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9.Manifest SUCCESS 40 8:45:38 PM csrss.exe:544 OPEN C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9.Manifest SUCCESS Options: Open Access: All 41 8:45:38 PM csrss.exe:544 QUERY INFORMATION C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9.Manifest SUCCESS Attributes: 42 8:45:38 PM csrss.exe:544 CLOSE C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9.Manifest SUCCESS 43 8:45:38 PM csrss.exe:544 OPEN C:\WINDOWS\WinSxS\Policies\x86_Policy.6.0.Microsoft.Windows.Common-Controls.mui_6595b64144ccf1df_en-US_186470ec\ NOT FOUND Options: Open Directory Access: All 44 8:45:38 PM csrss.exe:544 OPEN C:\WINDOWS\Assembly\GAC\Policy.6.0.Microsoft.Windows.Common-Controls.mui\ PATH NOT FOUND Options: Open Directory Access: All 45 8:45:38 PM csrss.exe:544 OPEN C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls.mui_6595b64144ccf1df_6.0.2600.2180_en-US_90e45242.Manifest NOT FOUND Options: Open Access: All 46 8:45:38 PM csrss.exe:544 OPEN C:\WINDOWS\assembly\GAC\Microsoft.Windows.Common-Controls.mui\6.0.2600.2180_en-US_6595b64144ccf1df\Microsoft.Windows.Common-Controls.mui.DLL PATH NOT FOUND Options: Open Access: All 47 8:45:38 PM csrss.exe:544 OPEN C:\WINDOWS\WinSxS\Policies\x86_Policy.6.0.Microsoft.Windows.Common-Controls.mui_6595b64144ccf1df_en_272036d3\ NOT FOUND Options: Open Directory Access: All 48 8:45:38 PM csrss.exe:544 OPEN C:\WINDOWS\Assembly\GAC\Policy.6.0.Microsoft.Windows.Common-Controls.mui\ PATH NOT FOUND Options: Open Directory Access: All 49 8:45:38 PM csrss.exe:544 OPEN C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls.mui_6595b64144ccf1df_6.0.2600.2180_en_f701061b.Manifest NOT FOUND Options: Open Access: All 50 8:45:38 PM csrss.exe:544 OPEN C:\WINDOWS\assembly\GAC\Microsoft.Windows.Common-Controls.mui\6.0.2600.2180_en_6595b64144ccf1df\Microsoft.Windows.Common-Controls.mui.DLL PATH NOT FOUND Options: Open Access: All 51 8:45:38 PM csrss.exe:544 OPEN C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9.Manifest SUCCESS Options: Open Sequential Access: All 52 8:45:38 PM csrss.exe:544 READ C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9.Manifest SUCCESS Offset: 0 Length: 2 53 8:45:38 PM csrss.exe:544 CLOSE C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9.Manifest SUCCESS 54 8:45:38 PM csrss.exe:544 OPEN C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9.Manifest SUCCESS Options: Open Sequential Access: All 55 8:45:38 PM csrss.exe:544 QUERY INFORMATION C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9.Manifest SUCCESS FileFsVolumeInformation 56 8:45:38 PM csrss.exe:544 QUERY INFORMATION C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9.Manifest BUFFER OVERFLOW FileAllInformation 57 8:45:38 PM csrss.exe:544 READ C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9.Manifest SUCCESS Offset: 0 Length: 4095 58 8:45:38 PM csrss.exe:544 READ C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9.Manifest END OF FILE Offset: 1862 Length: 8178 59 8:45:38 PM csrss.exe:544 CLOSE C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9.Manifest SUCCESS 60 8:45:43 PM explorer.exe:1196 OPEN C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS Options: Open Access: All 61 8:45:43 PM explorer.exe:1196 QUERY INFORMATION C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS Attributes: A 62 8:45:43 PM explorer.exe:1196 SET INFORMATION C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS FileBasicInformation 63 8:45:43 PM explorer.exe:1196 READ C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS Offset: 0 Length: 12 64 8:45:43 PM explorer.exe:1196 QUERY INFORMATION C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS Length: 446464 65 8:45:43 PM explorer.exe:1196 QUERY INFORMATION C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS Length: 446464 66 8:45:43 PM explorer.exe:1196 CLOSE C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS 67 8:45:43 PM explorer.exe:1196 OPEN C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS Options: Open Access: All 68 8:45:43 PM explorer.exe:1196 QUERY INFORMATION C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS Attributes: A 69 8:45:43 PM explorer.exe:1196 CLOSE C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS 70 8:45:43 PM explorer.exe:1196 OPEN C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS Options: Open Access: All 71 8:45:43 PM explorer.exe:1196 QUERY INFORMATION C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS Attributes: A 72 8:45:43 PM explorer.exe:1196 CLOSE C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS 73 8:45:43 PM explorer.exe:1196 OPEN C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS Options: Open Access: All 74 8:45:43 PM explorer.exe:1196 QUERY INFORMATION C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS Attributes: A 75 8:45:43 PM explorer.exe:1196 SET INFORMATION C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS FileBasicInformation 76 8:45:43 PM explorer.exe:1196 READ C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS Offset: 0 Length: 12 77 8:45:43 PM explorer.exe:1196 QUERY INFORMATION C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS Length: 446464 78 8:45:43 PM explorer.exe:1196 QUERY INFORMATION C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS Length: 446464 79 8:45:43 PM explorer.exe:1196 CLOSE C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS 80 8:45:43 PM explorer.exe:1196 OPEN C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS Options: Open Access: All 81 8:45:43 PM explorer.exe:1196 QUERY INFORMATION C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS Attributes: A 82 8:45:43 PM explorer.exe:1196 CLOSE C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS 83 8:45:43 PM explorer.exe:1196 OPEN C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS Options: Open Access: All 84 8:45:43 PM explorer.exe:1196 QUERY INFORMATION C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS Attributes: A 85 8:45:43 PM explorer.exe:1196 CLOSE C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS 86 8:45:43 PM explorer.exe:1196 OPEN C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS Options: Open Access: All 87 8:45:43 PM explorer.exe:1196 QUERY INFORMATION C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS Attributes: A 88 8:45:43 PM explorer.exe:1196 SET INFORMATION C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS FileBasicInformation 89 8:45:43 PM explorer.exe:1196 READ C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS Offset: 0 Length: 12 90 8:45:43 PM explorer.exe:1196 QUERY INFORMATION C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS Length: 446464 91 8:45:43 PM explorer.exe:1196 QUERY INFORMATION C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS Length: 446464 92 8:45:43 PM explorer.exe:1196 CLOSE C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS 93 8:45:43 PM explorer.exe:1196 OPEN C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS Options: Open Access: All 94 8:45:43 PM explorer.exe:1196 QUERY INFORMATION C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS Attributes: A 95 8:45:43 PM explorer.exe:1196 CLOSE C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS 96 8:45:43 PM explorer.exe:1196 OPEN C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS Options: Open Access: All 97 8:45:43 PM explorer.exe:1196 QUERY INFORMATION C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS Attributes: A 98 8:45:43 PM explorer.exe:1196 CLOSE C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS 99 8:45:43 PM explorer.exe:1196 OPEN C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS Options: Open Access: All 100 8:45:43 PM explorer.exe:1196 QUERY INFORMATION C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS Attributes: A 101 8:45:43 PM explorer.exe:1196 SET INFORMATION C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS FileBasicInformation 102 8:45:43 PM explorer.exe:1196 READ C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS Offset: 0 Length: 12 103 8:45:43 PM explorer.exe:1196 QUERY INFORMATION C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS Length: 446464 104 8:45:43 PM explorer.exe:1196 QUERY INFORMATION C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS Length: 446464 105 8:45:43 PM explorer.exe:1196 CLOSE C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS 106 8:45:43 PM explorer.exe:1196 OPEN C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS Options: Open Access: All 107 8:45:43 PM explorer.exe:1196 QUERY INFORMATION C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS Attributes: A 108 8:45:43 PM explorer.exe:1196 CLOSE C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS 109 8:45:43 PM explorer.exe:1196 OPEN C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS Options: Open Access: All 110 8:45:43 PM explorer.exe:1196 QUERY INFORMATION C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS Attributes: A 111 8:45:43 PM explorer.exe:1196 CLOSE C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS 112 8:45:43 PM explorer.exe:1196 OPEN C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS Options: Open Access: Execute 113 8:45:43 PM explorer.exe:1196 QUERY INFORMATION C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS Length: 446464 114 8:45:43 PM explorer.exe:1196 CLOSE C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS 115 8:45:43 PM explorer.exe:1196 OPEN C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS Options: Open Access: All 116 8:45:43 PM explorer.exe:1196 QUERY INFORMATION C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS Attributes: A 117 8:45:43 PM explorer.exe:1196 CLOSE C:\Documents and Settings\BRENT\Desktop\Filemon.exe SUCCESS 118 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\Prefetch\FILEMON.EXE-138F2908.pf SUCCESS Options: Open Access: All 119 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\Prefetch\FILEMON.EXE-138F2908.pf SUCCESS Length: 15036 120 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\Prefetch\FILEMON.EXE-138F2908.pf SUCCESS Length: 15036 121 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\Prefetch\FILEMON.EXE-138F2908.pf SUCCESS 122 8:45:47 PM svchost.exe:888 OPEN C:\DOCUMENTS AND SETTINGS\BRENT\DESKTOP\FILEMON.EXE SUCCESS Options: Open Access: All 123 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\DOCUMENTS AND SETTINGS\BRENT\DESKTOP\FILEMON.EXE SUCCESS Attributes: A 124 8:45:47 PM svchost.exe:888 CLOSE C:\DOCUMENTS AND SETTINGS\BRENT\DESKTOP\FILEMON.EXE SUCCESS 125 8:45:47 PM svchost.exe:888 OPEN C:\DOCUMENTS AND SETTINGS\BRENT\DESKTOP\FILEMON.EXE SUCCESS Options: Open Access: All 126 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\DOCUMENTS AND SETTINGS\BRENT\DESKTOP\FILEMON.EXE SUCCESS FileInternalInformation 127 8:45:47 PM svchost.exe:888 CLOSE C:\DOCUMENTS AND SETTINGS\BRENT\DESKTOP\FILEMON.EXE SUCCESS 128 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\APPPATCH\DRVMAIN.SDB SUCCESS Options: Open Access: All 129 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\APPPATCH\DRVMAIN.SDB SUCCESS Attributes: A 130 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\APPPATCH\DRVMAIN.SDB SUCCESS 131 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\EXPLORER.EXE SUCCESS Options: Open Access: All 132 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\EXPLORER.EXE SUCCESS Attributes: A 133 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\EXPLORER.EXE SUCCESS 134 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\EXPLORER.EXE SUCCESS Options: Open Access: All 135 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\EXPLORER.EXE SUCCESS FileInternalInformation 136 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\EXPLORER.EXE SUCCESS 137 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\REGISTRATION\R000000000007.CLB SUCCESS Options: Open Access: All 138 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\REGISTRATION\R000000000007.CLB SUCCESS Attributes: A 139 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\REGISTRATION\R000000000007.CLB SUCCESS 140 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\REGISTRATION\R000000000007.CLB SUCCESS Options: Open Access: All 141 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\REGISTRATION\R000000000007.CLB SUCCESS FileInternalInformation 142 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\REGISTRATION\R000000000007.CLB SUCCESS 143 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\SYSTEM32\ADVAPI32.DLL SUCCESS Options: Open Access: All 144 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\SYSTEM32\ADVAPI32.DLL SUCCESS Attributes: A 145 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\SYSTEM32\ADVAPI32.DLL SUCCESS 146 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\SYSTEM32\ADVAPI32.DLL SUCCESS Options: Open Access: All 147 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\SYSTEM32\ADVAPI32.DLL SUCCESS FileInternalInformation 148 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\SYSTEM32\ADVAPI32.DLL SUCCESS 149 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\SYSTEM32\APPHELP.DLL SUCCESS Options: Open Access: All 150 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\SYSTEM32\APPHELP.DLL SUCCESS Attributes: A 151 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\SYSTEM32\APPHELP.DLL SUCCESS 152 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\SYSTEM32\APPHELP.DLL SUCCESS Options: Open Access: All 153 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\SYSTEM32\APPHELP.DLL SUCCESS FileInternalInformation 154 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\SYSTEM32\APPHELP.DLL SUCCESS 155 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\SYSTEM32\CLBCATQ.DLL SUCCESS Options: Open Access: All 156 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\SYSTEM32\CLBCATQ.DLL SUCCESS Attributes: A 157 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\SYSTEM32\CLBCATQ.DLL SUCCESS 158 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\SYSTEM32\CLBCATQ.DLL SUCCESS Options: Open Access: All 159 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\SYSTEM32\CLBCATQ.DLL SUCCESS FileInternalInformation 160 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\SYSTEM32\CLBCATQ.DLL SUCCESS 161 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\SYSTEM32\COMDLG32.DLL SUCCESS Options: Open Access: All 162 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\SYSTEM32\COMDLG32.DLL SUCCESS Attributes: A 163 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\SYSTEM32\COMDLG32.DLL SUCCESS 164 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\SYSTEM32\COMDLG32.DLL SUCCESS Options: Open Access: All 165 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\SYSTEM32\COMDLG32.DLL SUCCESS FileInternalInformation 166 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\SYSTEM32\COMDLG32.DLL SUCCESS 167 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\SYSTEM32\COMRES.DLL SUCCESS Options: Open Access: All 168 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\SYSTEM32\COMRES.DLL SUCCESS Attributes: A 169 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\SYSTEM32\COMRES.DLL SUCCESS 170 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\SYSTEM32\COMRES.DLL SUCCESS Options: Open Access: All 171 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\SYSTEM32\COMRES.DLL SUCCESS FileInternalInformation 172 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\SYSTEM32\COMRES.DLL SUCCESS 173 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\SYSTEM32\CSCDLL.DLL SUCCESS Options: Open Access: All 174 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\SYSTEM32\CSCDLL.DLL SUCCESS Attributes: A 175 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\SYSTEM32\CSCDLL.DLL SUCCESS 176 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\SYSTEM32\CSCDLL.DLL SUCCESS Options: Open Access: All 177 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\SYSTEM32\CSCDLL.DLL SUCCESS FileInternalInformation 178 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\SYSTEM32\CSCDLL.DLL SUCCESS 179 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\SYSTEM32\CSCUI.DLL SUCCESS Options: Open Access: All 180 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\SYSTEM32\CSCUI.DLL SUCCESS Attributes: A 181 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\SYSTEM32\CSCUI.DLL SUCCESS 182 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\SYSTEM32\CSCUI.DLL SUCCESS Options: Open Access: All 183 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\SYSTEM32\CSCUI.DLL SUCCESS FileInternalInformation 184 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\SYSTEM32\CSCUI.DLL SUCCESS 185 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\SYSTEM32\CTYPE.NLS SUCCESS Options: Open Access: All 186 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\SYSTEM32\CTYPE.NLS SUCCESS Attributes: A 187 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\SYSTEM32\CTYPE.NLS SUCCESS 188 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\SYSTEM32\CTYPE.NLS SUCCESS Options: Open Access: All 189 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\SYSTEM32\CTYPE.NLS SUCCESS FileInternalInformation 190 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\SYSTEM32\CTYPE.NLS SUCCESS 191 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\SYSTEM32\GDI32.DLL SUCCESS Options: Open Access: All 192 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\SYSTEM32\GDI32.DLL SUCCESS Attributes: A 193 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\SYSTEM32\GDI32.DLL SUCCESS 194 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\SYSTEM32\GDI32.DLL SUCCESS Options: Open Access: All 195 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\SYSTEM32\GDI32.DLL SUCCESS FileInternalInformation 196 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\SYSTEM32\GDI32.DLL SUCCESS 197 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\SYSTEM32\KERNEL32.DLL SUCCESS Options: Open Access: All 198 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\SYSTEM32\KERNEL32.DLL SUCCESS Attributes: A 199 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\SYSTEM32\KERNEL32.DLL SUCCESS 200 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\SYSTEM32\KERNEL32.DLL SUCCESS Options: Open Access: All 201 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\SYSTEM32\KERNEL32.DLL SUCCESS FileInternalInformation 202 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\SYSTEM32\KERNEL32.DLL SUCCESS 203 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\SYSTEM32\LOCALE.NLS SUCCESS Options: Open Access: All 204 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\SYSTEM32\LOCALE.NLS SUCCESS Attributes: A 205 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\SYSTEM32\LOCALE.NLS SUCCESS 206 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\SYSTEM32\LOCALE.NLS SUCCESS Options: Open Access: All 207 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\SYSTEM32\LOCALE.NLS SUCCESS FileInternalInformation 208 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\SYSTEM32\LOCALE.NLS SUCCESS 209 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\SYSTEM32\MSVCRT.DLL SUCCESS Options: Open Access: All 210 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\SYSTEM32\MSVCRT.DLL SUCCESS Attributes: N 211 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\SYSTEM32\MSVCRT.DLL SUCCESS 212 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\SYSTEM32\MSVCRT.DLL SUCCESS Options: Open Access: All 213 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\SYSTEM32\MSVCRT.DLL SUCCESS FileInternalInformation 214 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\SYSTEM32\MSVCRT.DLL SUCCESS 215 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\SYSTEM32\NTDLL.DLL SUCCESS Options: Open Access: All 216 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\SYSTEM32\NTDLL.DLL SUCCESS Attributes: A 217 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\SYSTEM32\NTDLL.DLL SUCCESS 218 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\SYSTEM32\NTDLL.DLL SUCCESS Options: Open Access: All 219 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\SYSTEM32\NTDLL.DLL SUCCESS FileInternalInformation 220 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\SYSTEM32\NTDLL.DLL SUCCESS 221 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\SYSTEM32\OLE32.DLL SUCCESS Options: Open Access: All 222 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\SYSTEM32\OLE32.DLL SUCCESS Attributes: A 223 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\SYSTEM32\OLE32.DLL SUCCESS 224 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\SYSTEM32\OLE32.DLL SUCCESS Options: Open Access: All 225 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\SYSTEM32\OLE32.DLL SUCCESS FileInternalInformation 226 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\SYSTEM32\OLE32.DLL SUCCESS 227 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\SYSTEM32\OLEAUT32.DLL SUCCESS Options: Open Access: All 228 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\SYSTEM32\OLEAUT32.DLL SUCCESS Attributes: A 229 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\SYSTEM32\OLEAUT32.DLL SUCCESS 230 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\SYSTEM32\OLEAUT32.DLL SUCCESS Options: Open Access: All 231 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\SYSTEM32\OLEAUT32.DLL SUCCESS FileInternalInformation 232 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\SYSTEM32\OLEAUT32.DLL SUCCESS 233 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\SYSTEM32\RPCRT4.DLL SUCCESS Options: Open Access: All 234 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\SYSTEM32\RPCRT4.DLL SUCCESS Attributes: A 235 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\SYSTEM32\RPCRT4.DLL SUCCESS 236 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\SYSTEM32\RPCRT4.DLL SUCCESS Options: Open Access: All 237 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\SYSTEM32\RPCRT4.DLL SUCCESS FileInternalInformation 238 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\SYSTEM32\RPCRT4.DLL SUCCESS 239 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\SYSTEM32\RPCSS.DLL SUCCESS Options: Open Access: All 240 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\SYSTEM32\RPCSS.DLL SUCCESS Attributes: A 241 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\SYSTEM32\RPCSS.DLL SUCCESS 242 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\SYSTEM32\RPCSS.DLL SUCCESS Options: Open Access: All 243 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\SYSTEM32\RPCSS.DLL SUCCESS FileInternalInformation 244 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\SYSTEM32\RPCSS.DLL SUCCESS 245 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\SYSTEM32\SETUPAPI.DLL SUCCESS Options: Open Access: All 246 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\SYSTEM32\SETUPAPI.DLL SUCCESS Attributes: A 247 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\SYSTEM32\SETUPAPI.DLL SUCCESS 248 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\SYSTEM32\SETUPAPI.DLL SUCCESS Options: Open Access: All 249 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\SYSTEM32\SETUPAPI.DLL SUCCESS FileInternalInformation 250 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\SYSTEM32\SETUPAPI.DLL SUCCESS 251 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\SYSTEM32\SHELL32.DLL SUCCESS Options: Open Access: All 252 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\SYSTEM32\SHELL32.DLL SUCCESS Attributes: A 253 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\SYSTEM32\SHELL32.DLL SUCCESS 254 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\SYSTEM32\SHELL32.DLL SUCCESS Options: Open Access: All 255 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\SYSTEM32\SHELL32.DLL SUCCESS FileInternalInformation 256 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\SYSTEM32\SHELL32.DLL SUCCESS 257 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\SYSTEM32\SHLWAPI.DLL SUCCESS Options: Open Access: All 258 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\SYSTEM32\SHLWAPI.DLL SUCCESS Attributes: A 259 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\SYSTEM32\SHLWAPI.DLL SUCCESS 260 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\SYSTEM32\SHLWAPI.DLL SUCCESS Options: Open Access: All 261 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\SYSTEM32\SHLWAPI.DLL SUCCESS FileInternalInformation 262 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\SYSTEM32\SHLWAPI.DLL SUCCESS 263 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\SYSTEM32\SORTKEY.NLS SUCCESS Options: Open Access: All 264 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\SYSTEM32\SORTKEY.NLS SUCCESS Attributes: A 265 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\SYSTEM32\SORTKEY.NLS SUCCESS 266 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\SYSTEM32\SORTKEY.NLS SUCCESS Options: Open Access: All 267 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\SYSTEM32\SORTKEY.NLS SUCCESS FileInternalInformation 268 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\SYSTEM32\SORTKEY.NLS SUCCESS 269 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\SYSTEM32\SORTTBLS.NLS SUCCESS Options: Open Access: All 270 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\SYSTEM32\SORTTBLS.NLS SUCCESS Attributes: A 271 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\SYSTEM32\SORTTBLS.NLS SUCCESS 272 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\SYSTEM32\SORTTBLS.NLS SUCCESS Options: Open Access: All 273 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\SYSTEM32\SORTTBLS.NLS SUCCESS FileInternalInformation 274 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\SYSTEM32\SORTTBLS.NLS SUCCESS 275 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\SYSTEM32\UNICODE.NLS SUCCESS Options: Open Access: All 276 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\SYSTEM32\UNICODE.NLS SUCCESS Attributes: A 277 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\SYSTEM32\UNICODE.NLS SUCCESS 278 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\SYSTEM32\UNICODE.NLS SUCCESS Options: Open Access: All 279 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\SYSTEM32\UNICODE.NLS SUCCESS FileInternalInformation 280 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\SYSTEM32\UNICODE.NLS SUCCESS 281 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\SYSTEM32\USER32.DLL SUCCESS Options: Open Access: All 282 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\SYSTEM32\USER32.DLL SUCCESS Attributes: A 283 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\SYSTEM32\USER32.DLL SUCCESS 284 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\SYSTEM32\USER32.DLL SUCCESS Options: Open Access: All 285 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\SYSTEM32\USER32.DLL SUCCESS FileInternalInformation 286 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\SYSTEM32\USER32.DLL SUCCESS 287 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\SYSTEM32\UXTHEME.DLL SUCCESS Options: Open Access: All 288 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\SYSTEM32\UXTHEME.DLL SUCCESS Attributes: A 289 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\SYSTEM32\UXTHEME.DLL SUCCESS 290 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\SYSTEM32\UXTHEME.DLL SUCCESS Options: Open Access: All 291 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\SYSTEM32\UXTHEME.DLL SUCCESS FileInternalInformation 292 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\SYSTEM32\UXTHEME.DLL SUCCESS 293 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\SYSTEM32\VERSION.DLL SUCCESS Options: Open Access: All 294 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\SYSTEM32\VERSION.DLL SUCCESS Attributes: A 295 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\SYSTEM32\VERSION.DLL SUCCESS 296 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\SYSTEM32\VERSION.DLL SUCCESS Options: Open Access: All 297 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\SYSTEM32\VERSION.DLL SUCCESS FileInternalInformation 298 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\SYSTEM32\VERSION.DLL SUCCESS 299 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\WINDOWSSHELL.MANIFEST SUCCESS Options: Open Access: All 300 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\WINDOWSSHELL.MANIFEST SUCCESS Attributes: RHA 301 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\WINDOWSSHELL.MANIFEST SUCCESS 302 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\WINDOWSSHELL.MANIFEST SUCCESS Options: Open Access: All 303 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\WINDOWSSHELL.MANIFEST SUCCESS FileInternalInformation 304 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\WINDOWSSHELL.MANIFEST SUCCESS 305 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\WINSXS\X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.2600.2180_X-WW_A84F1FF9\COMCTL32.DLL SUCCESS Options: Open Access: All 306 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\WINSXS\X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.2600.2180_X-WW_A84F1FF9\COMCTL32.DLL SUCCESS Attributes: A 307 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\WINSXS\X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.2600.2180_X-WW_A84F1FF9\COMCTL32.DLL SUCCESS 308 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\WINSXS\X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.2600.2180_X-WW_A84F1FF9\COMCTL32.DLL SUCCESS Options: Open Access: All 309 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\WINSXS\X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.2600.2180_X-WW_A84F1FF9\COMCTL32.DLL SUCCESS FileInternalInformation 310 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\WINSXS\X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.2600.2180_X-WW_A84F1FF9\COMCTL32.DLL SUCCESS 311 8:45:47 PM svchost.exe:888 OPEN C:\ SUCCESS Options: Open Access: All 312 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\ SUCCESS FileInternalInformation 313 8:45:47 PM svchost.exe:888 CLOSE C:\ SUCCESS 314 8:45:47 PM svchost.exe:888 OPEN C:\DOCUMENTS AND SETTINGS\ SUCCESS Options: Open Access: All 315 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\DOCUMENTS AND SETTINGS\ SUCCESS FileInternalInformation 316 8:45:47 PM svchost.exe:888 CLOSE C:\DOCUMENTS AND SETTINGS\ SUCCESS 317 8:45:47 PM svchost.exe:888 OPEN C:\DOCUMENTS AND SETTINGS\BRENT\ SUCCESS Options: Open Access: All 318 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\DOCUMENTS AND SETTINGS\BRENT\ SUCCESS FileInternalInformation 319 8:45:47 PM svchost.exe:888 CLOSE C:\DOCUMENTS AND SETTINGS\BRENT\ SUCCESS 320 8:45:47 PM svchost.exe:888 OPEN C:\DOCUMENTS AND SETTINGS\BRENT\DESKTOP\ SUCCESS Options: Open Access: All 321 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\DOCUMENTS AND SETTINGS\BRENT\DESKTOP\ SUCCESS FileInternalInformation 322 8:45:47 PM svchost.exe:888 CLOSE C:\DOCUMENTS AND SETTINGS\BRENT\DESKTOP\ SUCCESS 323 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\ SUCCESS Options: Open Access: All 324 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\ SUCCESS FileInternalInformation 325 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\ SUCCESS 326 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\REGISTRATION\ SUCCESS Options: Open Access: All 327 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\REGISTRATION\ SUCCESS FileInternalInformation 328 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\REGISTRATION\ SUCCESS 329 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\SYSTEM32\ SUCCESS Options: Open Access: All 330 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\SYSTEM32\ SUCCESS FileInternalInformation 331 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\SYSTEM32\ SUCCESS 332 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\SYSTEM32\DRIVERS\ SUCCESS Options: Open Access: All 333 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\SYSTEM32\DRIVERS\ SUCCESS FileInternalInformation 334 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\SYSTEM32\DRIVERS\ SUCCESS 335 8:45:47 PM winlogon.exe:568 DIRECTORY C:\WINDOWS\system32 Change Notify 336 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\WINSXS\ SUCCESS Options: Open Access: All 337 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\WINSXS\ SUCCESS FileInternalInformation 338 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\WINSXS\ SUCCESS 339 8:45:47 PM svchost.exe:888 OPEN C:\WINDOWS\WINSXS\X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.2600.2180_X-WW_A84F1FF9\ SUCCESS Options: Open Access: All 340 8:45:47 PM svchost.exe:888 QUERY INFORMATION C:\WINDOWS\WINSXS\X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.2600.2180_X-WW_A84F1FF9\ SUCCESS FileInternalInformation 341 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\WINSXS\X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.2600.2180_X-WW_A84F1FF9\ SUCCESS 342 8:45:47 PM svchost.exe:888 CREATE C:\WINDOWS\Prefetch\FILEMON.EXE-138F2908.pf SUCCESS Options: OverwriteIf Access: All 343 8:45:47 PM svchost.exe:888 WRITE C:\WINDOWS\Prefetch\FILEMON.EXE-138F2908.pf SUCCESS Offset: 0 Length: 15110 344 8:45:47 PM svchost.exe:888 CLOSE C:\WINDOWS\Prefetch\FILEMON.EXE-138F2908.pf SUCCESS 345 8:45:56 PM explorer.exe:1196 OPEN C:\ SUCCESS Options: Open Directory Access: All 346 8:45:56 PM explorer.exe:1196 QUERY INFORMATION C:\ SUCCESS FileFsFullSizeInformation 347 8:45:56 PM explorer.exe:1196 CLOSE C:\ SUCCESS 348 8:45:56 PM explorer.exe:1196 OPEN E:\ SUCCESS Options: Open Directory Access: All 349 8:45:56 PM explorer.exe:1196 QUERY INFORMATION E:\ SUCCESS FileFsFullSizeInformation 350 8:45:56 PM explorer.exe:1196 CLOSE E:\ SUCCESS