Re: My HD LED flashes on and off even tho no application is running



Thanks for the link. I downloaded Project Monitor from the site and
ran it. Attached is a snip from the log file it generated if you want
to look at it. I have never included an attachment before, so I hope I
did it right. It's named logfile.csv. My machine opened it with
Microsoft Excel, but it can be read (slopilly) by Notepad.

It seems that between them, Explorer.exe and Isass.exe read/wrote to
the registry scores of times per second. I have no idea what that's
all about.

I opened XP in safe mode and used CtrAltDel. There were far fewer
processes running, but the HD LED kept right on blinking a couple of
times per second.

If I have a trojan running would it show up in my tests? I have run
AVG antivirus, SpybotSD and AdAware. I also have Windows Defender and
Zone alarm active as well as Spyware Blaster.

I am considering ending the processes with CtrAltDel one by one and
observing the effect on the blinking rate. When I ended Explorer.exe
I lost my desktop and so I guess I have to leave that one going. Are
you aware of any other processes that I must not end?

Thanks for your help

On Mon, 4 Jun 2007 18:51:50 -0400, "R. McCarty"
<PcEngWork-NoSpam_@xxxxxxxxxxxxxx> wrote:

Even with no foreground applications running a computer will
almost never cease disk activity. There are all kinds of activities
that are on-going and need read/write operations. I'd suggest
you download SysInternal's "FileMon" so you can see real time
disk activity on your PC.
http://www.microsoft.com/technet/sysinternals/FileAndDisk/Filemon.mspx
/.../
"Sequence","Time of Day","Process Name","PID","Operation","Path","Result","Detail"
"85","6:05:04.9138233 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SOFTWARE\Microsoft\CTF\TIP","SUCCESS","Desired Access: Read"
"86","6:05:04.9138487 AM","Explorer.EXE","1696","RegEnumKey","HKLM\SOFTWARE\Microsoft\CTF\TIP","SUCCESS","Index: 0, Name: {1188450c-fdab-47ae-80d8-c9633f71be64}"
"87","6:05:04.9138716 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SOFTWARE\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\Category\Item\{246ECB87-C2F2-4ABE-905B-C8B38ADD2C43}","NAME NOT FOUND","Desired Access: Read"
"88","6:05:04.9138892 AM","Explorer.EXE","1696","RegEnumKey","HKLM\SOFTWARE\Microsoft\CTF\TIP","SUCCESS","Index: 1, Name: {78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}"
"89","6:05:04.9139034 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Item\{246ECB87-C2F2-4ABE-905B-C8B38ADD2C43}","SUCCESS","Desired Access: Read"
"90","6:05:04.9139283 AM","Explorer.EXE","1696","RegQueryValue","HKLM\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Item\{246ECB87-C2F2-4ABE-905B-C8B38ADD2C43}\Dword","SUCCESS","Type: REG_DWORD, Length: 4, Data: 12"
"91","6:05:04.9139495 AM","Explorer.EXE","1696","RegCloseKey","HKLM\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Item\{246ECB87-C2F2-4ABE-905B-C8B38ADD2C43}","SUCCESS",""
"92","6:05:04.9139629 AM","Explorer.EXE","1696","RegCloseKey","HKLM\SOFTWARE\Microsoft\CTF\TIP","SUCCESS",""
"93","6:05:04.9139803 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SOFTWARE\Microsoft\CTF\TIP","SUCCESS","Desired Access: Read"
"94","6:05:04.9139979 AM","Explorer.EXE","1696","RegEnumKey","HKLM\SOFTWARE\Microsoft\CTF\TIP","SUCCESS","Index: 0, Name: {1188450c-fdab-47ae-80d8-c9633f71be64}"
"95","6:05:04.9140121 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SOFTWARE\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\Category\Item\{34745C63-B2F0-4784-8B67-5E12C8701A31}","NAME NOT FOUND","Desired Access: Read"
"96","6:05:04.9140266 AM","Explorer.EXE","1696","RegEnumKey","HKLM\SOFTWARE\Microsoft\CTF\TIP","SUCCESS","Index: 1, Name: {78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}"
"97","6:05:04.9140400 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Item\{34745C63-B2F0-4784-8B67-5E12C8701A31}","SUCCESS","Desired Access: Read"
"98","6:05:04.9140624 AM","Explorer.EXE","1696","RegQueryValue","HKLM\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Item\{34745C63-B2F0-4784-8B67-5E12C8701A31}\Dword","SUCCESS","Type: REG_DWORD, Length: 4, Data: 10"
"99","6:05:04.9140800 AM","Explorer.EXE","1696","RegCloseKey","HKLM\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Item\{34745C63-B2F0-4784-8B67-5E12C8701A31}","SUCCESS",""
"100","6:05:04.9140931 AM","Explorer.EXE","1696","RegCloseKey","HKLM\SOFTWARE\Microsoft\CTF\TIP","SUCCESS",""
"101","6:05:04.9141071 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SOFTWARE\Microsoft\CTF\TIP","SUCCESS","Desired Access: Read"
"102","6:05:04.9141247 AM","Explorer.EXE","1696","RegEnumKey","HKLM\SOFTWARE\Microsoft\CTF\TIP","SUCCESS","Index: 0, Name: {1188450c-fdab-47ae-80d8-c9633f71be64}"
"103","6:05:04.9141392 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SOFTWARE\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\Category\Item\{5130A009-5540-4FCF-97EB-AAD33FC0EE09}","NAME NOT FOUND","Desired Access: Read"
"104","6:05:04.9141535 AM","Explorer.EXE","1696","RegEnumKey","HKLM\SOFTWARE\Microsoft\CTF\TIP","SUCCESS","Index: 1, Name: {78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}"
"105","6:05:04.9141666 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Item\{5130A009-5540-4FCF-97EB-AAD33FC0EE09}","SUCCESS","Desired Access: Read"
"106","6:05:04.9141887 AM","Explorer.EXE","1696","RegQueryValue","HKLM\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Item\{5130A009-5540-4FCF-97EB-AAD33FC0EE09}\Dword","SUCCESS","Type: REG_DWORD, Length: 4, Data: 14"
"107","6:05:04.9142065 AM","Explorer.EXE","1696","RegCloseKey","HKLM\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Item\{5130A009-5540-4FCF-97EB-AAD33FC0EE09}","SUCCESS",""
"108","6:05:04.9142194 AM","Explorer.EXE","1696","RegCloseKey","HKLM\SOFTWARE\Microsoft\CTF\TIP","SUCCESS",""
"109","6:05:04.9142331 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SOFTWARE\Microsoft\CTF\TIP","SUCCESS","Desired Access: Read"
"110","6:05:04.9142501 AM","Explorer.EXE","1696","RegEnumKey","HKLM\SOFTWARE\Microsoft\CTF\TIP","SUCCESS","Index: 0, Name: {1188450c-fdab-47ae-80d8-c9633f71be64}"
"111","6:05:04.9142641 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SOFTWARE\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\Category\Item\{7AE86BB7-262C-431E-9111-C974B6B7CAC3}","NAME NOT FOUND","Desired Access: Read"
"112","6:05:04.9142792 AM","Explorer.EXE","1696","RegEnumKey","HKLM\SOFTWARE\Microsoft\CTF\TIP","SUCCESS","Index: 1, Name: {78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}"
"113","6:05:04.9142926 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Item\{7AE86BB7-262C-431E-9111-C974B6B7CAC3}","SUCCESS","Desired Access: Read"
"114","6:05:04.9143141 AM","Explorer.EXE","1696","RegQueryValue","HKLM\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Item\{7AE86BB7-262C-431E-9111-C974B6B7CAC3}\Dword","SUCCESS","Type: REG_DWORD, Length: 4, Data: 15"
"115","6:05:04.9143320 AM","Explorer.EXE","1696","RegCloseKey","HKLM\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Item\{7AE86BB7-262C-431E-9111-C974B6B7CAC3}","SUCCESS",""
"116","6:05:04.9143451 AM","Explorer.EXE","1696","RegCloseKey","HKLM\SOFTWARE\Microsoft\CTF\TIP","SUCCESS",""
"117","6:05:04.9143582 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SOFTWARE\Microsoft\CTF\TIP","SUCCESS","Desired Access: Read"
"118","6:05:04.9143753 AM","Explorer.EXE","1696","RegEnumKey","HKLM\SOFTWARE\Microsoft\CTF\TIP","SUCCESS","Index: 0, Name: {1188450c-fdab-47ae-80d8-c9633f71be64}"
"119","6:05:04.9143887 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SOFTWARE\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\Category\Item\{B5A73CD1-8355-426B-A161-259808F26B14}","NAME NOT FOUND","Desired Access: Read"
"120","6:05:04.9144035 AM","Explorer.EXE","1696","RegEnumKey","HKLM\SOFTWARE\Microsoft\CTF\TIP","SUCCESS","Index: 1, Name: {78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}"
"121","6:05:04.9144164 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Item\{B5A73CD1-8355-426B-A161-259808F26B14}","SUCCESS","Desired Access: Read"
"122","6:05:04.9144376 AM","Explorer.EXE","1696","RegQueryValue","HKLM\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Item\{B5A73CD1-8355-426B-A161-259808F26B14}\Dword","SUCCESS","Type: REG_DWORD, Length: 4, Data: 11"
"123","6:05:04.9144552 AM","Explorer.EXE","1696","RegCloseKey","HKLM\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Item\{B5A73CD1-8355-426B-A161-259808F26B14}","SUCCESS",""
"124","6:05:04.9144683 AM","Explorer.EXE","1696","RegCloseKey","HKLM\SOFTWARE\Microsoft\CTF\TIP","SUCCESS",""
"125","6:05:04.9144814 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SOFTWARE\Microsoft\CTF\TIP","SUCCESS","Desired Access: Read"
"126","6:05:04.9144990 AM","Explorer.EXE","1696","RegEnumKey","HKLM\SOFTWARE\Microsoft\CTF\TIP","SUCCESS","Index: 0, Name: {1188450c-fdab-47ae-80d8-c9633f71be64}"
"127","6:05:04.9145130 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SOFTWARE\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\Category\Item\{C6DEBC0A-F2B2-4F17-930E-CA9FAFF4CD04}","NAME NOT FOUND","Desired Access: Read"
"128","6:05:04.9145273 AM","Explorer.EXE","1696","RegEnumKey","HKLM\SOFTWARE\Microsoft\CTF\TIP","SUCCESS","Index: 1, Name: {78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}"
"129","6:05:04.9145401 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Item\{C6DEBC0A-F2B2-4F17-930E-CA9FAFF4CD04}","SUCCESS","Desired Access: Read"
"130","6:05:04.9145625 AM","Explorer.EXE","1696","RegQueryValue","HKLM\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Item\{C6DEBC0A-F2B2-4F17-930E-CA9FAFF4CD04}\Dword","SUCCESS","Type: REG_DWORD, Length: 4, Data: 13"
"131","6:05:04.9145801 AM","Explorer.EXE","1696","RegCloseKey","HKLM\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Item\{C6DEBC0A-F2B2-4F17-930E-CA9FAFF4CD04}","SUCCESS",""
"132","6:05:04.9145926 AM","Explorer.EXE","1696","RegCloseKey","HKLM\SOFTWARE\Microsoft\CTF\TIP","SUCCESS",""
"134","6:05:05.0198152 AM","Explorer.EXE","1696","QueryOpen","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","CreationTime: 6/5/2007 5:49:24 AM, LastAccessTime: 6/5/2007 6:05:04 AM, LastWriteTime: 4/4/2007 5:25:00 PM, ChangeTime: 6/5/2007 5:51:41 AM, AllocationSize: 2,228,224, EndOfFile: 2,225,536, FileAttributes: A"
"135","6:05:05.0199314 AM","Explorer.EXE","1696","CreateFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
"140","6:05:05.0200993 AM","Explorer.EXE","1696","QueryStandardInformationFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","AllocationSize: 2,228,224, EndOfFile: 2,225,536, NumberOfLinks: 1, DeletePending: False, Directory: False"
"144","6:05:05.0201820 AM","Explorer.EXE","1696","CloseFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS",""
"146","6:05:05.0983302 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"147","6:05:05.0983584 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"152","6:05:05.0987484 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS","Desired Access: Read"
"153","6:05:05.0988322 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\EnableDHCP","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"154","6:05:05.0988571 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseObtainedTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181037018"
"155","6:05:05.0988834 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseTerminatesTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181123418"
"156","6:05:05.0989068 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"157","6:05:05.0989289 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"158","6:05:05.0989719 AM","Explorer.EXE","1696","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS",""
"159","6:05:05.0992837 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"160","6:05:05.0993030 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"165","6:05:05.0996064 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS","Desired Access: Read"
"166","6:05:05.0996589 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\EnableDHCP","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"167","6:05:05.0996851 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseObtainedTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181037018"
"168","6:05:05.0997159 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseTerminatesTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181123418"
"169","6:05:05.0997399 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"170","6:05:05.0997609 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"171","6:05:05.0997919 AM","Explorer.EXE","1696","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS",""
"172","6:05:05.1000561 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS","Desired Access: Query Value"
"173","6:05:05.1001112 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\AddressType","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"174","6:05:05.1001416 AM","Explorer.EXE","1696","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS",""

========================================

"177","6:05:05.1022578 AM","lsass.exe","732","RegOpenKey","HKLM\SECURITY\Policy","SUCCESS","Desired Access: Read/Write"
"178","6:05:05.1022989 AM","lsass.exe","732","RegOpenKey","HKLM\SECURITY\Policy\SecDesc","SUCCESS","Desired Access: Read"
"179","6:05:05.1023293 AM","lsass.exe","732","RegQueryValue","HKLM\SECURITY\Policy\SecDesc\(Default)","BUFFER OVERFLOW","Length: 12"
"180","6:05:05.1023615 AM","lsass.exe","732","RegCloseKey","HKLM\SECURITY\Policy\SecDesc","SUCCESS",""
"181","6:05:05.1023799 AM","lsass.exe","732","RegOpenKey","HKLM\SECURITY\Policy\SecDesc","SUCCESS","Desired Access: Read"
"182","6:05:05.1024042 AM","lsass.exe","732","RegQueryValue","HKLM\SECURITY\Policy\SecDesc\(Default)","SUCCESS","Type: REG_NONE, Length: 180, Data: "
"183","6:05:05.1024240 AM","lsass.exe","732","RegCloseKey","HKLM\SECURITY\Policy\SecDesc","SUCCESS",""
"184","6:05:05.1029311 AM","lsass.exe","732","RegCloseKey","HKLM\SECURITY\Policy","SUCCESS",""
"185","6:05:05.1033518 AM","lsass.exe","732","RegOpenKey","HKLM\SECURITY\Policy","SUCCESS","Desired Access: Read/Write"
"186","6:05:05.1033839 AM","lsass.exe","732","RegOpenKey","HKLM\SECURITY\Policy\SecDesc","SUCCESS","Desired Access: Read"
"187","6:05:05.1034127 AM","lsass.exe","732","RegQueryValue","HKLM\SECURITY\Policy\SecDesc\(Default)","BUFFER OVERFLOW","Length: 12"
"188","6:05:05.1034370 AM","lsass.exe","732","RegCloseKey","HKLM\SECURITY\Policy\SecDesc","SUCCESS",""
"189","6:05:05.1034543 AM","lsass.exe","732","RegOpenKey","HKLM\SECURITY\Policy\SecDesc","SUCCESS","Desired Access: Read"
"190","6:05:05.1034792 AM","lsass.exe","732","RegQueryValue","HKLM\SECURITY\Policy\SecDesc\(Default)","SUCCESS","Type: REG_NONE, Length: 180, Data: "
"191","6:05:05.1035002 AM","lsass.exe","732","RegCloseKey","HKLM\SECURITY\Policy\SecDesc","SUCCESS",""
"192","6:05:05.1038438 AM","lsass.exe","732","RegCloseKey","HKLM\SECURITY\Policy","SUCCESS",""
"1024","6:05:05.1805538

===============================================

AM","csrss.exe","652","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"1025","6:05:05.1811075 AM","csrss.exe","652","CreateFile","C:\WINDOWS\WinSxS\Policies\x86_Policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_en-US_580a28ff","NAME NOT FOUND","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: BOOMER\Harold Dinsmore"
"1026","6:05:05.1815235 AM","csrss.exe","652","CreateFile","C:\WINDOWS\assembly\GAC\Policy.6.0.Microsoft.Windows.Common-Controls","NAME NOT FOUND","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: BOOMER\Harold Dinsmore"
"1027","6:05:05.1818663 AM","csrss.exe","652","QueryOpen","C:\WINDOWS\system32\en-US","SUCCESS","CreationTime: 1/20/2007 11:49:14 AM, LastAccessTime: 6/5/2007 6:02:55 AM, LastWriteTime: 2/14/2007 6:12:28 AM, ChangeTime: 3/31/2007 5:58:24 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"1028","6:05:05.1821088 AM","csrss.exe","652","QueryOpen","C:\WINDOWS\system32\en","NAME NOT FOUND",""
"1029","6:05:05.1823077 AM","csrss.exe","652","QueryOpen","C:\WINDOWS\system32","SUCCESS","CreationTime: 8/16/2005 4:22:46 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 6/5/2007 5:26:16 AM, ChangeTime: 6/5/2007 5:26:16 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"1030","6:05:05.1824915 AM","csrss.exe","652","QueryOpen","C:\WINDOWS\system32","SUCCESS","CreationTime: 8/16/2005 4:22:46 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 6/5/2007 5:26:16 AM, ChangeTime: 6/5/2007 5:26:16 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"1031","6:05:05.1827180 AM","csrss.exe","652","QueryOpen","C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_en-US_f6b1e800.Manifest","NAME NOT FOUND",""
"1032","6:05:05.1828580 AM","csrss.exe","652","QueryOpen","C:\WINDOWS\assembly\GAC\Microsoft.Windows.Common-Controls\6.0.0.0_en-US_6595b64144ccf1df\Microsoft.Windows.Common-Controls.DLL","PATH NOT FOUND",""
"1033","6:05:05.1831206 AM","csrss.exe","652","QueryOpen","C:\WINDOWS\system32\en-US\Microsoft.Windows.Common-Controls.DLL","NAME NOT FOUND",""
"1034","6:05:05.1834170 AM","csrss.exe","652","QueryOpen","C:\WINDOWS\system32\en-US\Microsoft.Windows.Common-Controls.MANIFEST","NAME NOT FOUND",""
"1035","6:05:05.1835201 AM","csrss.exe","652","QueryOpen","C:\WINDOWS\System32\en-US\Microsoft.Windows.Common-Controls\Microsoft.Windows.Common-Controls.DLL","PATH NOT FOUND",""
"1036","6:05:05.1836201 AM","csrss.exe","652","QueryOpen","C:\WINDOWS\System32\en-US\Microsoft.Windows.Common-Controls\Microsoft.Windows.Common-Controls.MANIFEST","PATH NOT FOUND",""
"1037","6:05:05.1838090 AM","csrss.exe","652","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"1038","6:05:05.1842797 AM","csrss.exe","652","CreateFile","C:\WINDOWS\WinSxS\Policies\x86_Policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_en_66c5eee6","NAME NOT FOUND","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: BOOMER\Harold Dinsmore"
"1039","6:05:05.1846663 AM","csrss.exe","652","CreateFile","C:\WINDOWS\assembly\GAC\Policy.6.0.Microsoft.Windows.Common-Controls","NAME NOT FOUND","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: BOOMER\Harold Dinsmore"
"1040","6:05:05.1849102 AM","csrss.exe","652","QueryOpen","C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_en_5cce9bd9.Manifest","NAME NOT FOUND",""
"1041","6:05:05.1850393 AM","csrss.exe","652","QueryOpen","C:\WINDOWS\assembly\GAC\Microsoft.Windows.Common-Controls\6.0.0.0_en_6595b64144ccf1df\Microsoft.Windows.Common-Controls.DLL","PATH NOT FOUND",""
"1042","6:05:05.1852145 AM","csrss.exe","652","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"1043","6:05:05.1855841 AM","csrss.exe","652","CreateFile","C:\WINDOWS\WinSxS\Policies\x86_Policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: BOOMER\Harold Dinsmore, OpenResult: Opened"
"1044","6:05:05.1857821 AM","csrss.exe","652","QueryDirectory","C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\*.policy","SUCCESS","Filter: *.policy, 1: 6.0.2600.2180.Policy"
"1045","6:05:05.1860092 AM","csrss.exe","652","QueryDirectory","C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775","SUCCESS","0: 6.0.2600.2982.Policy"
"1046","6:05:05.1863266 AM","csrss.exe","652","QueryDirectory","C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775","NO MORE FILES",""
"1047","6:05:05.1865479 AM","csrss.exe","652","CloseFile","C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775","SUCCESS",""
"1049","6:05:05.1869666 AM","csrss.exe","652","CreateFile","C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.2982.Policy","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, Impersonating: BOOMER\Harold Dinsmore, OpenResult: Opened"
"1050","6:05:05.1872879 AM","csrss.exe","652","QueryInformationVolume","C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.2982.Policy","SUCCESS","VolumeCreationTime: 1/13/2007 12:59:01 AM, VolumeSerialNumber: 74EE-7C26, SupportsObjects: True, VolumeLabel: "
"1051","6:05:05.1874720 AM","csrss.exe","652","QueryAllInformationFile","C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.2982.Policy","BUFFER OVERFLOW","CreationTime: 1/13/2007 1:05:47 AM, LastAccessTime: 6/5/2007 6:05:04 AM, LastWriteTime: 1/13/2007 1:05:47 AM, ChangeTime: 3/31/2007 5:58:27 AM, FileAttributes: A, AllocationSize: 4,096, EndOfFile: 621, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x300000000515f, EaSize: 0, Access: Generic Read, Position: 0, Mode: Sequential Access, Synchronous IO Non-Alert, AlignmentRequirement: Word"
"1052","6:05:05.1876949 AM","csrss.exe","652","ReadFile","C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.2982.Policy","SUCCESS","Offset: 0, Length: 621"
"1053","6:05:05.1882900 AM","csrss.exe","652","ReadFile","C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.2982.Policy","END OF FILE","Offset: 621, Length: 8,178"
"1054","6:05:05.1885135 AM","csrss.exe","652","CloseFile","C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.2982.Policy","SUCCESS",""
"1056","6:05:05.1889406 AM","csrss.exe","652","CreateFile","C:\WINDOWS\assembly\GAC\Policy.6.0.Microsoft.Windows.Common-Controls","NAME NOT FOUND","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: BOOMER\Harold Dinsmore"
"1057","6:05:05.1891993 AM","csrss.exe","652","QueryOpen","C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03.Manifest","SUCCESS","CreationTime: 1/13/2007 1:05:47 AM, LastAccessTime: 6/5/2007 6:05:04 AM, LastWriteTime: 1/13/2007 1:05:47 AM, ChangeTime: 3/31/2007 5:58:26 AM, AllocationSize: 4,096, EndOfFile: 1,862, FileAttributes: A"
"1058","6:05:05.1894035 AM","csrss.exe","652","QueryOpen","C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03.Manifest","SUCCESS","CreationTime: 1/13/2007 1:05:47 AM, LastAccessTime: 6/5/2007 6:05:04 AM, LastWriteTime: 1/13/2007 1:05:47 AM, ChangeTime: 3/31/2007 5:58:26 AM, AllocationSize: 4,096, EndOfFile: 1,862, FileAttributes: A"
"1059","6:05:05.1900204 AM","csrss.exe","652","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"1060","6:05:05.1904179 AM","csrss.exe","652","CreateFile","C:\WINDOWS\WinSxS\Policies\x86_Policy.6.0.Microsoft.Windows.Common-Controls.mui_6595b64144ccf1df_en-US_186470ec","NAME NOT FOUND","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: BOOMER\Harold Dinsmore"
"1061","6:05:05.1908034 AM","csrss.exe","652","CreateFile","C:\WINDOWS\assembly\GAC\Policy.6.0.Microsoft.Windows.Common-Controls.mui","NAME NOT FOUND","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: BOOMER\Harold Dinsmore"
"1062","6:05:05.1910476 AM","csrss.exe","652","QueryOpen","C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls.mui_6595b64144ccf1df_6.0.2600.2982_en-US_94d4ce4c.Manifest","NAME NOT FOUND",""
"1063","6:05:05.1911881 AM","csrss.exe","652","QueryOpen","C:\WINDOWS\assembly\GAC\Microsoft.Windows.Common-Controls.mui\6.0.2600.2982_en-US_6595b64144ccf1df\Microsoft.Windows.Common-Controls.mui.DLL","PATH NOT FOUND",""
"1064","6:05:05.1914675 AM","csrss.exe","652","QueryOpen","C:\WINDOWS\system32\en-US\Microsoft.Windows.Common-Controls.mui.DLL","NAME NOT FOUND",""
"1065","6:05:05.1917315 AM","csrss.exe","652","QueryOpen","C:\WINDOWS\system32\en-US\Microsoft.Windows.Common-Controls.mui.MANIFEST","NAME NOT FOUND",""
"1066","6:05:05.1918340 AM","csrss.exe","652","QueryOpen","C:\WINDOWS\System32\en-US\Microsoft.Windows.Common-Controls.mui\Microsoft.Windows.Common-Controls.mui.DLL","PATH NOT FOUND",""
"1067","6:05:05.1919374 AM","csrss.exe","652","QueryOpen","C:\WINDOWS\System32\en-US\Microsoft.Windows.Common-Controls.mui\Microsoft.Windows.Common-Controls.mui.MANIFEST","PATH NOT FOUND",""
"1068","6:05:05.1921237 AM","csrss.exe","652","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"1069","6:05:05.1925129 AM","csrss.exe","652","CreateFile","C:\WINDOWS\WinSxS\Policies\x86_Policy.6.0.Microsoft.Windows.Common-Controls.mui_6595b64144ccf1df_en_272036d3","NAME NOT FOUND","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: BOOMER\Harold Dinsmore"
"1070","6:05:05.1928920 AM","csrss.exe","652","CreateFile","C:\WINDOWS\assembly\GAC\Policy.6.0.Microsoft.Windows.Common-Controls.mui","NAME NOT FOUND","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: BOOMER\Harold Dinsmore"
"1071","6:05:05.1931328 AM","csrss.exe","652","QueryOpen","C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls.mui_6595b64144ccf1df_6.0.2600.2982_en_faf18225.Manifest","NAME NOT FOUND",""
"1072","6:05:05.1932621 AM","csrss.exe","652","QueryOpen","C:\WINDOWS\assembly\GAC\Microsoft.Windows.Common-Controls.mui\6.0.2600.2982_en_6595b64144ccf1df\Microsoft.Windows.Common-Controls.mui.DLL","PATH NOT FOUND",""
"1073","6:05:05.1935739 AM","csrss.exe","652","CreateFile","C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03.Manifest","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, Impersonating: BOOMER\Harold Dinsmore, OpenResult: Opened"
"1074","6:05:05.1937340 AM","csrss.exe","652","ReadFile","C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03.Manifest","SUCCESS","Offset: 0, Length: 2"
"1075","6:05:05.1938815 AM","csrss.exe","652","CloseFile","C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03.Manifest","SUCCESS",""
"1077","6:05:05.1941446 AM","csrss.exe","652","CreateFile","C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03.Manifest","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, Impersonating: BOOMER\Harold Dinsmore, OpenResult: Opened"
"1078","6:05:05.1942997 AM","csrss.exe","652","QueryInformationVolume","C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03.Manifest","SUCCESS","VolumeCreationTime: 1/13/2007 12:59:01 AM, VolumeSerialNumber: 74EE-7C26, SupportsObjects: True, VolumeLabel: "
"1079","6:05:05.1944327 AM","csrss.exe","652","QueryAllInformationFile","C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03.Manifest","BUFFER OVERFLOW","CreationTime: 1/13/2007 1:05:47 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 1/13/2007 1:05:47 AM, ChangeTime: 3/31/2007 5:58:26 AM, FileAttributes: A, AllocationSize: 4,096, EndOfFile: 1,862, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x300000000515d, EaSize: 0, Access: Generic Read, Position: 0, Mode: Sequential Access, Synchronous IO Non-Alert, AlignmentRequirement: Word"
"1080","6:05:05.1945883 AM","csrss.exe","652","ReadFile","C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03.Manifest","SUCCESS","Offset: 0, Length: 1,862"
"1081","6:05:05.1960709 AM","csrss.exe","652","ReadFile","C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03.Manifest","END OF FILE","Offset: 1,862, Length: 8,178"
"1082","6:05:05.1962122 AM","csrss.exe","652","CloseFile","C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03.Manifest","SUCCESS",""
"1305","6:05:05.2179505 AM","lsass.exe","732","RegOpenKey","HKLM\SECURITY\Policy","SUCCESS","Desired Access: Read/Write"
"1306","6:05:05.2179957 AM","lsass.exe","732","RegOpenKey","HKLM\SECURITY\Policy\SecDesc","SUCCESS","Desired Access: Read"
"1307","6:05:05.2180253 AM","lsass.exe","732","RegQueryValue","HKLM\SECURITY\Policy\SecDesc\(Default)","BUFFER OVERFLOW","Length: 12"
"1308","6:05:05.2180628 AM","lsass.exe","732","RegCloseKey","HKLM\SECURITY\Policy\SecDesc","SUCCESS",""
"1309","6:05:05.2180818 AM","lsass.exe","732","RegOpenKey","HKLM\SECURITY\Policy\SecDesc","SUCCESS","Desired Access: Read"
"1310","6:05:05.2181061


=========================================


AM","lsass.exe","732","RegQueryValue","HKLM\SECURITY\Policy\SecDesc\(Default)","SUCCESS","Type: REG_NONE, Length: 180, Data: "
"1311","6:05:05.2181267 AM","lsass.exe","732","RegCloseKey","HKLM\SECURITY\Policy\SecDesc","SUCCESS",""
"1312","6:05:05.2184243 AM","lsass.exe","732","RegCloseKey","HKLM\SECURITY\Policy","SUCCESS",""
"1313","6:05:05.2187078 AM","lsass.exe","732","RegOpenKey","HKLM\SECURITY\Policy","SUCCESS","Desired Access: Read/Write"
"1314","6:05:05.2187341 AM","lsass.exe","732","RegOpenKey","HKLM\SECURITY\Policy\SecDesc","SUCCESS","Desired Access: Read"
"1315","6:05:05.2187584 AM","lsass.exe","732","RegQueryValue","HKLM\SECURITY\Policy\SecDesc\(Default)","BUFFER OVERFLOW","Length: 12"
"1316","6:05:05.2187793 AM","lsass.exe","732","RegCloseKey","HKLM\SECURITY\Policy\SecDesc","SUCCESS",""
"1317","6:05:05.2187958 AM","lsass.exe","732","RegOpenKey","HKLM\SECURITY\Policy\SecDesc","SUCCESS","Desired Access: Read"
"1318","6:05:05.2188190 AM","lsass.exe","732","RegQueryValue","HKLM\SECURITY\Policy\SecDesc\(Default)","SUCCESS","Type: REG_NONE, Length: 180, Data: "
"1319","6:05:05.2188388 AM","lsass.exe","732","RegCloseKey","HKLM\SECURITY\Policy\SecDesc","SUCCESS",""
"1320","6:05:05.2190900 AM","lsass.exe","732","RegCloseKey","HKLM\SECURITY\Policy","SUCCESS",""
"1321","6:05:05.2194370

=================================================


AM","services.exe","720","RegCreateKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Desired Access: All Access"
"1322","6:05:05.2194959 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Desired Access: All Access"
"1323","6:05:05.2195437 AM","services.exe","720","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS",""
"1324","6:05:05.2195663 AM","services.exe","720","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Default","NAME NOT FOUND","Length: 44"
"1325","6:05:05.2195831 AM","services.exe","720","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Index: 0, Name: ##?#FDC#GENERIC_FLOPPY_DRIVE#4&15e2db85&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
"1326","6:05:05.2196057 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#FDC#GENERIC_FLOPPY_DRIVE#4&15e2db85&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Desired Access: Read"
"1327","6:05:05.2196565 AM","services.exe","720","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#FDC#GENERIC_FLOPPY_DRIVE#4&15e2db85&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 80, Data: FDC\GENERIC_FLOPPY_DRIVE\4&15e2db85&0&0"
"1328","6:05:05.2196825 AM","services.exe","720","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#FDC#GENERIC_FLOPPY_DRIVE#4&15e2db85&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Index: 0, Name: #"
"1329","6:05:05.2197038 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#FDC#GENERIC_FLOPPY_DRIVE#4&15e2db85&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#","SUCCESS","Desired Access: Read"
"1330","6:05:05.2197384 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#FDC#GENERIC_FLOPPY_DRIVE#4&15e2db85&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#\Control","SUCCESS","Desired Access: Read"
"1331","6:05:05.2197767 AM","services.exe","720","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#FDC#GENERIC_FLOPPY_DRIVE#4&15e2db85&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#\Control\Linked","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"1332","6:05:05.2198004 AM","services.exe","720","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#FDC#GENERIC_FLOPPY_DRIVE#4&15e2db85&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#\Control","SUCCESS",""
"1333","6:05:05.2198289 AM","services.exe","720","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#FDC#GENERIC_FLOPPY_DRIVE#4&15e2db85&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#\SymbolicLink","SUCCESS","Type: REG_SZ, Length: 166, Data: \\?\FDC#GENERIC_FLOPPY_DRIVE#4&15e2db85&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
"1334","6:05:05.2198677 AM","services.exe","720","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#FDC#GENERIC_FLOPPY_DRIVE#4&15e2db85&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#","SUCCESS",""
"1335","6:05:05.2198898 AM","services.exe","720","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#FDC#GENERIC_FLOPPY_DRIVE#4&15e2db85&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Index: 1, Name: Control"
"1336","6:05:05.2199113 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#FDC#GENERIC_FLOPPY_DRIVE#4&15e2db85&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Control","SUCCESS","Desired Access: Read"
"1337","6:05:05.2199482 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#FDC#GENERIC_FLOPPY_DRIVE#4&15e2db85&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Control\Control","NAME NOT FOUND","Desired Access: Read"
"1338","6:05:05.2199739 AM","services.exe","720","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#FDC#GENERIC_FLOPPY_DRIVE#4&15e2db85&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Control","SUCCESS",""
"1339","6:05:05.2199988 AM","services.exe","720","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#FDC#GENERIC_FLOPPY_DRIVE#4&15e2db85&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","NO MORE ENTRIES","Index: 2, Length: 512"
"1340","6:05:05.2200183 AM","services.exe","720","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#FDC#GENERIC_FLOPPY_DRIVE#4&15e2db85&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS",""
"1341","6:05:05.2200368 AM","services.exe","720","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Index: 1, Name: ##?#IDE#CdRomTSSTcorp_DVD+-RW_TS-H653A_______________D300____#5&2f1fe946&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
"1342","6:05:05.2200572 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#CdRomTSSTcorp_DVD+-RW_TS-H653A_______________D300____#5&2f1fe946&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Desired Access: Read"
"1343","6:05:05.2201136 AM","services.exe","720","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#CdRomTSSTcorp_DVD+-RW_TS-H653A_______________D300____#5&2f1fe946&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 154, Data: IDE\CdRomTSSTcorp_DVD+-RW_TS-H653A_______________D300____\5&2f1fe946&0&0.0.0"
"1344","6:05:05.2201373 AM","services.exe","720","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#CdRomTSSTcorp_DVD+-RW_TS-H653A_______________D300____#5&2f1fe946&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Index: 0, Name: #"
"1345","6:05:05.2201577 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#CdRomTSSTcorp_DVD+-RW_TS-H653A_______________D300____#5&2f1fe946&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#","SUCCESS","Desired Access: Read"
"1346","6:05:05.2201910 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#CdRomTSSTcorp_DVD+-RW_TS-H653A_______________D300____#5&2f1fe946&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#\Control","SUCCESS","Desired Access: Read"
"1347","6:05:05.2202256 AM","services.exe","720","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#CdRomTSSTcorp_DVD+-RW_TS-H653A_______________D300____#5&2f1fe946&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#\Control\Linked","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"1348","6:05:05.2202494 AM","services.exe","720","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#CdRomTSSTcorp_DVD+-RW_TS-H653A_______________D300____#5&2f1fe946&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#\Control","SUCCESS",""
"1349","6:05:05.2202759 AM","services.exe","720","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#CdRomTSSTcorp_DVD+-RW_TS-H653A_______________D300____#5&2f1fe946&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#\SymbolicLink","SUCCESS","Type: REG_SZ, Length: 240, Data: \\?\IDE#CdRomTSSTcorp_DVD+-RW_TS-H653A_______________D300____#5&2f1fe946&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
"1350","6:05:05.2203010 AM","services.exe","720","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#CdRomTSSTcorp_DVD+-RW_TS-H653A_______________D300____#5&2f1fe946&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#","SUCCESS",""
"1351","6:05:05.2203234 AM","services.exe","720","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#CdRomTSSTcorp_DVD+-RW_TS-H653A_______________D300____#5&2f1fe946&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Index: 1, Name: Control"
"1352","6:05:05.2203446 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#CdRomTSSTcorp_DVD+-RW_TS-H653A_______________D300____#5&2f1fe946&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Control","SUCCESS","Desired Access: Read"
"1353","6:05:05.2203798 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#CdRomTSSTcorp_DVD+-RW_TS-H653A_______________D300____#5&2f1fe946&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Control\Control","NAME NOT FOUND","Desired Access: Read"
"1354","6:05:05.2204052 AM","services.exe","720","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#CdRomTSSTcorp_DVD+-RW_TS-H653A_______________D300____#5&2f1fe946&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Control","SUCCESS",""
"1355","6:05:05.2204357 AM","services.exe","720","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#CdRomTSSTcorp_DVD+-RW_TS-H653A_______________D300____#5&2f1fe946&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","NO MORE ENTRIES","Index: 2, Length: 512"
"1356","6:05:05.2204631 AM","services.exe","720","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#CdRomTSSTcorp_DVD+-RW_TS-H653A_______________D300____#5&2f1fe946&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS",""
"1357","6:05:05.2204846 AM","services.exe","720","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Index: 2, Name: ##?#STORAGE#RemovableMedia#7&12eb6ace&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
"1358","6:05:05.2205055 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#RemovableMedia#7&12eb6ace&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Desired Access: Read"
"1359","6:05:05.2205980 AM","services.exe","720","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#RemovableMedia#7&12eb6ace&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 78, Data: STORAGE\RemovableMedia\7&12eb6ace&0&RM"
"1360","6:05:05.2206326 AM","services.exe","720","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#RemovableMedia#7&12eb6ace&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Index: 0, Name: #"
"1361","6:05:05.2206609 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#RemovableMedia#7&12eb6ace&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#","SUCCESS","Desired Access: Read"
"1362","6:05:05.2207131 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#RemovableMedia#7&12eb6ace&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#\Control","NAME NOT FOUND","Desired Access: Read"
"1363","6:05:05.2207396 AM","services.exe","720","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#RemovableMedia#7&12eb6ace&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#","SUCCESS",""
"1364","6:05:05.2207693 AM","services.exe","720","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#RemovableMedia#7&12eb6ace&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","NO MORE ENTRIES","Index: 1, Length: 512"
"1365","6:05:05.2207885 AM","services.exe","720","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#RemovableMedia#7&12eb6ace&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS",""
"1366","6:05:05.2208081 AM","services.exe","720","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Index: 3, Name: ##?#STORAGE#RemovableMedia#7&ca5e030&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
"1367","6:05:05.2208288 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#RemovableMedia#7&ca5e030&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Desired Access: Read"
"1368","6:05:05.2208796 AM","services.exe","720","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#RemovableMedia#7&ca5e030&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 76, Data: STORAGE\RemovableMedia\7&ca5e030&0&RM"
"1369","6:05:05.2209033 AM","services.exe","720","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#RemovableMedia#7&ca5e030&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Index: 0, Name: #"
"1370","6:05:05.2209232 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#RemovableMedia#7&ca5e030&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#","SUCCESS","Desired Access: Read"
"1371","6:05:05.2209573 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#RemovableMedia#7&ca5e030&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#\Control","NAME NOT FOUND","Desired Access: Read"
"1372","6:05:05.2209821 AM","services.exe","720","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#RemovableMedia#7&ca5e030&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#","SUCCESS",""
"1373","6:05:05.2210076 AM","services.exe","720","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#RemovableMedia#7&ca5e030&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","NO MORE ENTRIES","Index: 1, Length: 512"
"1374","6:05:05.2210268 AM","services.exe","720","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#RemovableMedia#7&ca5e030&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS",""
"1375","6:05:05.2210447 AM","services.exe","720","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Index: 4, Name: ##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREDE7011C1OFFSET7E00LENGTH4A8528200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
"1376","6:05:05.2210648 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREDE7011C1OFFSET7E00LENGTH4A8528200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Desired Access: Read"
"1377","6:05:05.2211185 AM","services.exe","720","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREDE7011C1OFFSET7E00LENGTH4A8528200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 142, Data: STORAGE\Volume\1&30a96598&0&SignatureDE7011C1Offset7E00Length4A8528200"
"1378","6:05:05.2211433 AM","services.exe","720","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREDE7011C1OFFSET7E00LENGTH4A8528200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Index: 0, Name: #"
"1379","6:05:05.2211646 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREDE7011C1OFFSET7E00LENGTH4A8528200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#","SUCCESS","Desired Access: Read"
"1380","6:05:05.2211975 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREDE7011C1OFFSET7E00LENGTH4A8528200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#\Control","NAME NOT FOUND","Desired Access: Read"
"1381","6:05:05.2212221 AM","services.exe","720","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREDE7011C1OFFSET7E00LENGTH4A8528200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#","SUCCESS",""
"1382","6:05:05.2212495 AM","services.exe","720","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREDE7011C1OFFSET7E00LENGTH4A8528200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","NO MORE ENTRIES","Index: 1, Length: 512"
"1383","6:05:05.2212690 AM","services.exe","720","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREDE7011C1OFFSET7E00LENGTH4A8528200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS",""
"1384","6:05:05.2212866 AM","services.exe","720","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Index: 5, Name: ##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET2738A00LENGTH495A203C00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
"1385","6:05:05.2213070 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET2738A00LENGTH495A203C00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Desired Access: Read"
"1386","6:05:05.2213615 AM","services.exe","720","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET2738A00LENGTH495A203C00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 150, Data: STORAGE\Volume\1&30a96598&0&SignatureE686F016Offset2738A00Length495A203C00"
"1387","6:05:05.2213853 AM","services.exe","720","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET2738A00LENGTH495A203C00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Index: 0, Name: #"
"1388","6:05:05.2214062 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET2738A00LENGTH495A203C00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#","SUCCESS","Desired Access: Read"
"1389","6:05:05.2214847 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET2738A00LENGTH495A203C00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#\Control","SUCCESS","Desired Access: Read"
"1390","6:05:05.2215233 AM","services.exe","720","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET2738A00LENGTH495A203C00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#\Control\Linked","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"1391","6:05:05.2215470 AM","services.exe","720","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET2738A00LENGTH495A203C00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#\Control","SUCCESS",""
"1392","6:05:05.2215747 AM","services.exe","720","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET2738A00LENGTH495A203C00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#\SymbolicLink","SUCCESS","Type: REG_SZ, Length: 236, Data: \\?\STORAGE#Volume#1&30a96598&0&SignatureE686F016Offset2738A00Length495A203C00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
"1393","6:05:05.2216006 AM","services.exe","720","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET2738A00LENGTH495A203C00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#","SUCCESS",""
"1394","6:05:05.2216233 AM","services.exe","720","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET2738A00LENGTH495A203C00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Index: 1, Name: Control"
"1395","6:05:05.2216870 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET2738A00LENGTH495A203C00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Control","SUCCESS","Desired Access: Read"
"1396","6:05:05.2217230 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET2738A00LENGTH495A203C00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Control\Control","NAME NOT FOUND","Desired Access: Read"
"1397","6:05:05.2217473 AM","services.exe","720","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET2738A00LENGTH495A203C00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Control","SUCCESS",""
"1398","6:05:05.2217725 AM","services.exe","720","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET2738A00LENGTH495A203C00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","NO MORE ENTRIES","Index: 2, Length: 512"
"1399","6:05:05.2217917 AM","services.exe","720","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET2738A00LENGTH495A203C00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS",""
"1400","6:05:05.2218099 AM","services.exe","720","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Index: 6, Name: ##?#STORAGE#Volume#1&30a96598&0&SignatureE686F016Offset2738A00Length7D047E000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
"1401","6:05:05.2218292 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#Volume#1&30a96598&0&SignatureE686F016Offset2738A00Length7D047E000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Desired Access: Read"
"1402","6:05:05.2218831 AM","services.exe","720","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#Volume#1&30a96598&0&SignatureE686F016Offset2738A00Length7D047E000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 148, Data: STORAGE\Volume\1&30a96598&0&SignatureE686F016Offset2738A00Length7D047E000"
"1403","6:05:05.2219074 AM","services.exe","720","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#Volume#1&30a96598&0&SignatureE686F016Offset2738A00Length7D047E000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Index: 0, Name: #"
"1404","6:05:05.2219275 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#Volume#1&30a96598&0&SignatureE686F016Offset2738A00Length7D047E000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#","SUCCESS","Desired Access: Read"
"1405","6:05:05.2220018 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#Volume#1&30a96598&0&SignatureE686F016Offset2738A00Length7D047E000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#\Control","NAME NOT FOUND","Desired Access: Read"
"1406","6:05:05.2220261 AM","services.exe","720","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#Volume#1&30a96598&0&SignatureE686F016Offset2738A00Length7D047E000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#","SUCCESS",""
"1407","6:05:05.2220521 AM","services.exe","720","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#Volume#1&30a96598&0&SignatureE686F016Offset2738A00Length7D047E000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","NO MORE ENTRIES","Index: 1, Length: 512"
"1408","6:05:05.2220717 AM","services.exe","720","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#Volume#1&30a96598&0&SignatureE686F016Offset2738A00Length7D047E000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS",""
"1409","6:05:05.2220898 AM","services.exe","720","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Index: 7, Name: ##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET495C93C600LENGTH12919BC00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
"1410","6:05:05.2221091 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET495C93C600LENGTH12919BC00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Desired Access: Read"
"1411","6:05:05.2221616 AM","services.exe","720","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET495C93C600LENGTH12919BC00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 154, Data: STORAGE\VOLUME\1&30A96598&0&SIGNATUREE686F016OFFSET495C93C600LENGTH12919BC00"
"1412","6:05:05.2221854 AM","services.exe","720","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET495C93C600LENGTH12919BC00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Index: 0, Name: #"
"1413","6:05:05.2222049 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET495C93C600LENGTH12919BC00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#","SUCCESS","Desired Access: Read"
"1414","6:05:05.2222373 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET495C93C600LENGTH12919BC00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#\Control","NAME NOT FOUND","Desired Access: Read"
"1415","6:05:05.2222622 AM","services.exe","720","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET495C93C600LENGTH12919BC00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#","SUCCESS",""
"1416","6:05:05.2223195 AM","services.exe","720","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET495C93C600LENGTH12919BC00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","NO MORE ENTRIES","Index: 1, Length: 512"
"1417","6:05:05.2223379 AM","services.exe","720","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET495C93C600LENGTH12919BC00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS",""
"1418","6:05:05.2223569 AM","services.exe","720","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Index: 8, Name: ##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET7E00LENGTH2730C00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
"1419","6:05:05.2223750 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET7E00LENGTH2730C00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Desired Access: Read"
"1420","6:05:05.2224304 AM","services.exe","720","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET7E00LENGTH2730C00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 138, Data: STORAGE\VOLUME\1&30A96598&0&SIGNATUREE686F016OFFSET7E00LENGTH2730C00"
"1421","6:05:05.2224731 AM","services.exe","720","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET7E00LENGTH2730C00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Index: 0, Name: #"
"1422","6:05:05.2224980 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET7E00LENGTH2730C00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#","SUCCESS","Desired Access: Read"
"1423","6:05:05.2225404 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET7E00LENGTH2730C00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#\Control","NAME NOT FOUND","Desired Access: Read"
"1424","6:05:05.2225678 AM","services.exe","720","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET7E00LENGTH2730C00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#","SUCCESS",""
"1425","6:05:05.2225938 AM","services.exe","720","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET7E00LENGTH2730C00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","NO MORE ENTRIES","Index: 1, Length: 512"
"1426","6:05:05.2226142 AM","services.exe","720","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET7E00LENGTH2730C00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS",""
"1427","6:05:05.2226329 AM","services.exe","720","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","NO MORE ENTRIES","Index: 9, Length: 512"
"1428","6:05:05.2226483 AM","services.exe","720","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS",""
"1429","6:05:05.2228131 AM","services.exe","720","RegCreateKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS","Desired Access: All Access"
"1430","6:05:05.2228603 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Desired Access: All Access"
"1431","6:05:05.2228896 AM","services.exe","720","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses","SUCCESS",""
"1432","6:05:05.2229095 AM","services.exe","720","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Default","NAME NOT FOUND","Length: 44"
"1433","6:05:05.2229254 AM","services.exe","720","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Index: 0, Name: ##?#FDC#GENERIC_FLOPPY_DRIVE#4&15e2db85&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
"1434","6:05:05.2229438 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#FDC#GENERIC_FLOPPY_DRIVE#4&15e2db85&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Desired Access: Read"
"1435","6:05:05.2229793 AM","services.exe","720","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#FDC#GENERIC_FLOPPY_DRIVE#4&15e2db85&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 80, Data: FDC\GENERIC_FLOPPY_DRIVE\4&15e2db85&0&0"
"1436","6:05:05.2230019 AM","services.exe","720","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#FDC#GENERIC_FLOPPY_DRIVE#4&15e2db85&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Index: 0, Name: #"
"1437","6:05:05.2230218 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#FDC#GENERIC_FLOPPY_DRIVE#4&15e2db85&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#","SUCCESS","Desired Access: Read"
"1438","6:05:05.2230522 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#FDC#GENERIC_FLOPPY_DRIVE#4&15e2db85&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#\Control","SUCCESS","Desired Access: Read"
"1439","6:05:05.2230852 AM","services.exe","720","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#FDC#GENERIC_FLOPPY_DRIVE#4&15e2db85&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#\Control\Linked","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"1440","6:05:05.2231075 AM","services.exe","720","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#FDC#GENERIC_FLOPPY_DRIVE#4&15e2db85&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#\Control","SUCCESS",""
"1441","6:05:05.2231299 AM","services.exe","720","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#FDC#GENERIC_FLOPPY_DRIVE#4&15e2db85&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#\SymbolicLink","SUCCESS","Type: REG_SZ, Length: 166, Data: \\?\FDC#GENERIC_FLOPPY_DRIVE#4&15e2db85&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
"1442","6:05:05.2231584 AM","services.exe","720","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#FDC#GENERIC_FLOPPY_DRIVE#4&15e2db85&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#","SUCCESS",""
"1443","6:05:05.2231805 AM","services.exe","720","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#FDC#GENERIC_FLOPPY_DRIVE#4&15e2db85&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Index: 1, Name: Control"
"1444","6:05:05.2232014 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#FDC#GENERIC_FLOPPY_DRIVE#4&15e2db85&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Control","SUCCESS","Desired Access: Read"
"1445","6:05:05.2232327 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#FDC#GENERIC_FLOPPY_DRIVE#4&15e2db85&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Control\Control","NAME NOT FOUND","Desired Access: Read"
"1446","6:05:05.2232559 AM","services.exe","720","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#FDC#GENERIC_FLOPPY_DRIVE#4&15e2db85&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Control","SUCCESS",""
"1447","6:05:05.2232774 AM","services.exe","720","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#FDC#GENERIC_FLOPPY_DRIVE#4&15e2db85&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","NO MORE ENTRIES","Index: 2, Length: 512"
"1448","6:05:05.2232964 AM","services.exe","720","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#FDC#GENERIC_FLOPPY_DRIVE#4&15e2db85&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS",""
"1449","6:05:05.2233145 AM","services.exe","720","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Index: 1, Name: ##?#IDE#CdRomTSSTcorp_DVD+-RW_TS-H653A_______________D300____#5&2f1fe946&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
"1450","6:05:05.2233341 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#CdRomTSSTcorp_DVD+-RW_TS-H653A_______________D300____#5&2f1fe946&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Desired Access: Read"
"1451","6:05:05.2233713 AM","services.exe","720","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#CdRomTSSTcorp_DVD+-RW_TS-H653A_______________D300____#5&2f1fe946&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 154, Data: IDE\CdRomTSSTcorp_DVD+-RW_TS-H653A_______________D300____\5&2f1fe946&0&0.0.0"
"1452","6:05:05.2233928 AM","services.exe","720","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#CdRomTSSTcorp_DVD+-RW_TS-H653A_______________D300____#5&2f1fe946&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Index: 0, Name: #"
"1453","6:05:05.2234132 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#CdRomTSSTcorp_DVD+-RW_TS-H653A_______________D300____#5&2f1fe946&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#","SUCCESS","Desired Access: Read"
"1454","6:05:05.2234436 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#CdRomTSSTcorp_DVD+-RW_TS-H653A_______________D300____#5&2f1fe946&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#\Control","SUCCESS","Desired Access: Read"
"1455","6:05:05.2234746 AM","services.exe","720","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#CdRomTSSTcorp_DVD+-RW_TS-H653A_______________D300____#5&2f1fe946&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#\Control\Linked","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"1456","6:05:05.2234973 AM","services.exe","720","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#CdRomTSSTcorp_DVD+-RW_TS-H653A_______________D300____#5&2f1fe946&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#\Control","SUCCESS",""
"1457","6:05:05.2235204 AM","services.exe","720","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#CdRomTSSTcorp_DVD+-RW_TS-H653A_______________D300____#5&2f1fe946&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#\SymbolicLink","SUCCESS","Type: REG_SZ, Length: 240, Data: \\?\IDE#CdRomTSSTcorp_DVD+-RW_TS-H653A_______________D300____#5&2f1fe946&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
"1458","6:05:05.2235456 AM","services.exe","720","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#CdRomTSSTcorp_DVD+-RW_TS-H653A_______________D300____#5&2f1fe946&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#","SUCCESS",""
"1459","6:05:05.2235679 AM","services.exe","720","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#CdRomTSSTcorp_DVD+-RW_TS-H653A_______________D300____#5&2f1fe946&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Index: 1, Name: Control"
"1460","6:05:05.2235892 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#CdRomTSSTcorp_DVD+-RW_TS-H653A_______________D300____#5&2f1fe946&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Control","SUCCESS","Desired Access: Read"
"1461","6:05:05.2236202 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#CdRomTSSTcorp_DVD+-RW_TS-H653A_______________D300____#5&2f1fe946&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Control\Control","NAME NOT FOUND","Desired Access: Read"
"1462","6:05:05.2236450 AM","services.exe","720","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#CdRomTSSTcorp_DVD+-RW_TS-H653A_______________D300____#5&2f1fe946&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Control","SUCCESS",""
"1463","6:05:05.2236671 AM","services.exe","720","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#CdRomTSSTcorp_DVD+-RW_TS-H653A_______________D300____#5&2f1fe946&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","NO MORE ENTRIES","Index: 2, Length: 512"
"1464","6:05:05.2236881 AM","services.exe","720","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#CdRomTSSTcorp_DVD+-RW_TS-H653A_______________D300____#5&2f1fe946&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS",""
"1465","6:05:05.2237062 AM","services.exe","720","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Index: 2, Name: ##?#STORAGE#RemovableMedia#7&12eb6ace&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
"1466","6:05:05.2237244 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#RemovableMedia#7&12eb6ace&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Desired Access: Read"
"1467","6:05:05.2237585 AM","services.exe","720","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#RemovableMedia#7&12eb6ace&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 78, Data: STORAGE\RemovableMedia\7&12eb6ace&0&RM"
"1468","6:05:05.2237791 AM","services.exe","720","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#RemovableMedia#7&12eb6ace&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Index: 0, Name: #"
"1469","6:05:05.2237995 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#RemovableMedia#7&12eb6ace&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#","SUCCESS","Desired Access: Read"
"1470","6:05:05.2238300 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#RemovableMedia#7&12eb6ace&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#\Control","NAME NOT FOUND","Desired Access: Read"
"1471","6:05:05.2238537 AM","services.exe","720","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#RemovableMedia#7&12eb6ace&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#","SUCCESS",""
"1472","6:05:05.2238822 AM","services.exe","720","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#RemovableMedia#7&12eb6ace&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","NO MORE ENTRIES","Index: 1, Length: 512"
"1473","6:05:05.2239107 AM","services.exe","720","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#RemovableMedia#7&12eb6ace&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS",""
"1474","6:05:05.2239317 AM","services.exe","720","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Index: 3, Name: ##?#STORAGE#RemovableMedia#7&ca5e030&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
"1475","6:05:05.2239515 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#RemovableMedia#7&ca5e030&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Desired Access: Read"
"1476","6:05:05.2239923 AM","services.exe","720","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#RemovableMedia#7&ca5e030&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 76, Data: STORAGE\RemovableMedia\7&ca5e030&0&RM"
"1477","6:05:05.2240345 AM","services.exe","720","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#RemovableMedia#7&ca5e030&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Index: 0, Name: #"
"1478","6:05:05.2240579 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#RemovableMedia#7&ca5e030&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#","SUCCESS","Desired Access: Read"
"1479","6:05:05.2240987 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#RemovableMedia#7&ca5e030&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#\Control","NAME NOT FOUND","Desired Access: Read"
"1480","6:05:05.2241250 AM","services.exe","720","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#RemovableMedia#7&ca5e030&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#","SUCCESS",""
"1481","6:05:05.2241501 AM","services.exe","720","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#RemovableMedia#7&ca5e030&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","NO MORE ENTRIES","Index: 1, Length: 512"
"1482","6:05:05.2241680 AM","services.exe","720","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#RemovableMedia#7&ca5e030&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS",""
"1483","6:05:05.2241876 AM","services.exe","720","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Index: 4, Name: ##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREDE7011C1OFFSET7E00LENGTH4A8528200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
"1484","6:05:05.2242080 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREDE7011C1OFFSET7E00LENGTH4A8528200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Desired Access: Read"
"1485","6:05:05.2242451 AM","services.exe","720","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREDE7011C1OFFSET7E00LENGTH4A8528200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 142, Data: STORAGE\Volume\1&30a96598&0&SignatureDE7011C1Offset7E00Length4A8528200"
"1486","6:05:05.2242672 AM","services.exe","720","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREDE7011C1OFFSET7E00LENGTH4A8528200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Index: 0, Name: #"
"1487","6:05:05.2242870 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREDE7011C1OFFSET7E00LENGTH4A8528200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#","SUCCESS","Desired Access: Read"
"1488","6:05:05.2243180 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREDE7011C1OFFSET7E00LENGTH4A8528200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#\Control","NAME NOT FOUND","Desired Access: Read"
"1489","6:05:05.2243423 AM","services.exe","720","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREDE7011C1OFFSET7E00LENGTH4A8528200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#","SUCCESS",""
"1490","6:05:05.2243647 AM","services.exe","720","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREDE7011C1OFFSET7E00LENGTH4A8528200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","NO MORE ENTRIES","Index: 1, Length: 512"
"1491","6:05:05.2243845 AM","services.exe","720","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREDE7011C1OFFSET7E00LENGTH4A8528200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS",""
"1492","6:05:05.2244024 AM","services.exe","720","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Index: 5, Name: ##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET2738A00LENGTH495A203C00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
"1493","6:05:05.2244220 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET2738A00LENGTH495A203C00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Desired Access: Read"
"1494","6:05:05.2244574 AM","services.exe","720","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET2738A00LENGTH495A203C00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 150, Data: STORAGE\Volume\1&30a96598&0&SignatureE686F016Offset2738A00Length495A203C00"
"1495","6:05:05.2244792 AM","services.exe","720","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET2738A00LENGTH495A203C00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Index: 0, Name: #"
"1496","6:05:05.2244996 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET2738A00LENGTH495A203C00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#","SUCCESS","Desired Access: Read"
"1497","6:05:05.2245301 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET2738A00LENGTH495A203C00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#\Control","SUCCESS","Desired Access: Read"
"1498","6:05:05.2245622 AM","services.exe","720","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET2738A00LENGTH495A203C00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#\Control\Linked","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"1499","6:05:05.2245845 AM","services.exe","720","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET2738A00LENGTH495A203C00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#\Control","SUCCESS",""
"1500","6:05:05.2246083 AM","services.exe","720","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET2738A00LENGTH495A203C00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#\SymbolicLink","SUCCESS","Type: REG_SZ, Length: 236, Data: \\?\STORAGE#Volume#1&30a96598&0&SignatureE686F016Offset2738A00Length495A203C00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
"1501","6:05:05.2246329 AM","services.exe","720","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET2738A00LENGTH495A203C00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#","SUCCESS",""
"1502","6:05:05.2246549 AM","services.exe","720","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET2738A00LENGTH495A203C00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Index: 1, Name: Control"
"1503","6:05:05.2246751 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET2738A00LENGTH495A203C00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Control","SUCCESS","Desired Access: Read"
"1504","6:05:05.2247061 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET2738A00LENGTH495A203C00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Control\Control","NAME NOT FOUND","Desired Access: Read"
"1505","6:05:05.2247293 AM","services.exe","720","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET2738A00LENGTH495A203C00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Control","SUCCESS",""
"1506","6:05:05.2247513 AM","services.exe","720","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET2738A00LENGTH495A203C00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","NO MORE ENTRIES","Index: 2, Length: 512"
"1507","6:05:05.2247706 AM","services.exe","720","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET2738A00LENGTH495A203C00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS",""
"1508","6:05:05.2247890 AM","services.exe","720","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Index: 6, Name: ##?#STORAGE#Volume#1&30a96598&0&SignatureE686F016Offset2738A00Length7D047E000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
"1509","6:05:05.2248064 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#Volume#1&30a96598&0&SignatureE686F016Offset2738A00Length7D047E000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Desired Access: Read"
"1510","6:05:05.2248430 AM","services.exe","720","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#Volume#1&30a96598&0&SignatureE686F016Offset2738A00Length7D047E000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 148, Data: STORAGE\Volume\1&30a96598&0&SignatureE686F016Offset2738A00Length7D047E000"
"1511","6:05:05.2248636 AM","services.exe","720","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#Volume#1&30a96598&0&SignatureE686F016Offset2738A00Length7D047E000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Index: 0, Name: #"
"1512","6:05:05.2248832 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#Volume#1&30a96598&0&SignatureE686F016Offset2738A00Length7D047E000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#","SUCCESS","Desired Access: Read"
"1513","6:05:05.2249134 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#Volume#1&30a96598&0&SignatureE686F016Offset2738A00Length7D047E000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#\Control","NAME NOT FOUND","Desired Access: Read"
"1514","6:05:05.2249368 AM","services.exe","720","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#Volume#1&30a96598&0&SignatureE686F016Offset2738A00Length7D047E000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#","SUCCESS",""
"1515","6:05:05.2249586 AM","services.exe","720","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#Volume#1&30a96598&0&SignatureE686F016Offset2738A00Length7D047E000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","NO MORE ENTRIES","Index: 1, Length: 512"
"1516","6:05:05.2249784 AM","services.exe","720","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#Volume#1&30a96598&0&SignatureE686F016Offset2738A00Length7D047E000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS",""
"1517","6:05:05.2249969 AM","services.exe","720","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Index: 7, Name: ##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET495C93C600LENGTH12919BC00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
"1518","6:05:05.2250153 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET495C93C600LENGTH12919BC00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Desired Access: Read"
"1519","6:05:05.2250500 AM","services.exe","720","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET495C93C600LENGTH12919BC00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 154, Data: STORAGE\VOLUME\1&30A96598&0&SIGNATUREE686F016OFFSET495C93C600LENGTH12919BC00"
"1520","6:05:05.2250709 AM","services.exe","720","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET495C93C600LENGTH12919BC00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Index: 0, Name: #"
"1521","6:05:05.2250913 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET495C93C600LENGTH12919BC00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#","SUCCESS","Desired Access: Read"
"1522","6:05:05.2251215 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET495C93C600LENGTH12919BC00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#\Control","NAME NOT FOUND","Desired Access: Read"
"1523","6:05:05.2251449 AM","services.exe","720","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET495C93C600LENGTH12919BC00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#","SUCCESS",""
"1524","6:05:05.2251676 AM","services.exe","720","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET495C93C600LENGTH12919BC00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","NO MORE ENTRIES","Index: 1, Length: 512"
"1525","6:05:05.2251880 AM","services.exe","720","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET495C93C600LENGTH12919BC00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS",""
"1526","6:05:05.2252061 AM","services.exe","720","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Index: 8, Name: ##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET7E00LENGTH2730C00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
"1527","6:05:05.2252243 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET7E00LENGTH2730C00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Desired Access: Read"
"1528","6:05:05.2252595 AM","services.exe","720","RegQueryValue","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET7E00LENGTH2730C00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\DeviceInstance","SUCCESS","Type: REG_SZ, Length: 138, Data: STORAGE\VOLUME\1&30A96598&0&SIGNATUREE686F016OFFSET7E00LENGTH2730C00"
"1529","6:05:05.2252818 AM","services.exe","720","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET7E00LENGTH2730C00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS","Index: 0, Name: #"
"1530","6:05:05.2253020 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET7E00LENGTH2730C00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#","SUCCESS","Desired Access: Read"
"1531","6:05:05.2253332 AM","services.exe","720","RegOpenKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET7E00LENGTH2730C00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#\Control","NAME NOT FOUND","Desired Access: Read"
"1532","6:05:05.2253573 AM","services.exe","720","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET7E00LENGTH2730C00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#","SUCCESS",""
"1533","6:05:05.2253793 AM","services.exe","720","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET7E00LENGTH2730C00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","NO MORE ENTRIES","Index: 1, Length: 512"
"1534","6:05:05.2253989 AM","services.exe","720","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#VOLUME#1&30A96598&0&SIGNATUREE686F016OFFSET7E00LENGTH2730C00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS",""
"1535","6:05:05.2254171 AM","services.exe","720","RegEnumKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","NO MORE ENTRIES","Index: 9, Length: 512"
"1536","6:05:05.2254324

AM","services.exe","720","RegCloseKey","HKLM\System\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}","SUCCESS",""


=============================================

"2987","6:05:05.3284014 AM","lsass.exe","732","RegOpenKey","HKLM\SECURITY\Policy","SUCCESS","Desired Access: Read/Write"
"2988","6:05:05.3284271 AM","lsass.exe","732","RegOpenKey","HKLM\SECURITY\Policy\SecDesc","SUCCESS","Desired Access: Read"
"2989","6:05:05.3284475 AM","lsass.exe","732","RegQueryValue","HKLM\SECURITY\Policy\SecDesc\(Default)","BUFFER OVERFLOW","Length: 12"
"2990","6:05:05.3284813 AM","lsass.exe","732","RegCloseKey","HKLM\SECURITY\Policy\SecDesc","SUCCESS",""
"2991","6:05:05.3284927 AM","lsass.exe","732","RegOpenKey","HKLM\SECURITY\Policy\SecDesc","SUCCESS","Desired Access: Read"
"2992","6:05:05.3285067 AM","lsass.exe","732","RegQueryValue","HKLM\SECURITY\Policy\SecDesc\(Default)","SUCCESS","Type: REG_NONE, Length: 180, Data: "
"2993","6:05:05.3285195 AM","lsass.exe","732","RegCloseKey","HKLM\SECURITY\Policy\SecDesc","SUCCESS",""
"2994","6:05:05.3289165 AM","lsass.exe","732","RegCloseKey","HKLM\SECURITY\Policy","SUCCESS",""
"2995","6:05:05.3292096 AM","lsass.exe","732","RegOpenKey","HKLM\SECURITY\Policy","SUCCESS","Desired Access: Read/Write"
"2996","6:05:05.3292353 AM","lsass.exe","732","RegOpenKey","HKLM\SECURITY\Policy\SecDesc","SUCCESS","Desired Access: Read"
"2997","6:05:05.3292526 AM","lsass.exe","732","RegQueryValue","HKLM\SECURITY\Policy\SecDesc\(Default)","BUFFER OVERFLOW","Length: 12"
"2998","6:05:05.3292699 AM","lsass.exe","732","RegCloseKey","HKLM\SECURITY\Policy\SecDesc","SUCCESS",""
"2999","6:05:05.3292808 AM","lsass.exe","732","RegOpenKey","HKLM\SECURITY\Policy\SecDesc","SUCCESS","Desired Access: Read"
"3000","6:05:05.3292953 AM","lsass.exe","732","RegQueryValue","HKLM\SECURITY\Policy\SecDesc\(Default)","SUCCESS","Type: REG_NONE, Length: 180, Data: "
"3001","6:05:05.3293076 AM","lsass.exe","732","RegCloseKey","HKLM\SECURITY\Policy\SecDesc","SUCCESS",""
"3002","6:05:05.3295015 AM","lsass.exe","732","RegCloseKey","HKLM\SECURITY\Policy","SUCCESS",""
"3381","6:05:05.4012961 AM","lsass.exe","732","RegOpenKey","HKLM\SECURITY\Policy","SUCCESS","Desired Access: Read/Write"
"3382","6:05:05.4013872 AM","lsass.exe","732","RegOpenKey","HKLM\SECURITY\Policy\SecDesc","SUCCESS","Desired Access: Read"
"3383","6:05:05.4014059 AM","lsass.exe","732","RegQueryValue","HKLM\SECURITY\Policy\SecDesc\(Default)","BUFFER OVERFLOW","Length: 12"
"3384","6:05:05.4014310 AM","lsass.exe","732","RegCloseKey","HKLM\SECURITY\Policy\SecDesc","SUCCESS",""
"3385","6:05:05.4014425 AM","lsass.exe","732","RegOpenKey","HKLM\SECURITY\Policy\SecDesc","SUCCESS","Desired Access: Read"
"3386","6:05:05.4014567 AM","lsass.exe","732","RegQueryValue","HKLM\SECURITY\Policy\SecDesc\(Default)","SUCCESS","Type: REG_NONE, Length: 180, Data: "
"3387","6:05:05.4014696 AM","lsass.exe","732","RegCloseKey","HKLM\SECURITY\Policy\SecDesc","SUCCESS",""
"3388","6:05:05.4016950 AM","lsass.exe","732","RegCloseKey","HKLM\SECURITY\Policy","SUCCESS",""
"3639","6:05:05.4264169 AM","MsMpEng.exe","1084","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\Windows Defender","NAME NOT FOUND","Desired Access: Read"
"3640","6:05:05.4264409 AM","MsMpEng.exe","1084","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows Defender","SUCCESS","Desired Access: Read/Write"
"3641","6:05:05.4265158 AM","MsMpEng.exe","1084","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows Defender","SUCCESS",""
"3642","6:05:05.4269287 AM","lsass.exe","732","RegOpenKey","HKLM\SECURITY\Policy","SUCCESS","Desired Access: Read/Write"
"3643","6:05:05.4269460 AM","lsass.exe","732","RegOpenKey","HKLM\SECURITY\Policy\SecDesc","SUCCESS","Desired Access: Read"
"3644","6:05:05.4269631 AM","lsass.exe","732","RegQueryValue","HKLM\SECURITY\Policy\SecDesc\(Default)","BUFFER OVERFLOW","Length: 12"
"3645","6:05:05.4269787 AM","lsass.exe","732","RegCloseKey","HKLM\SECURITY\Policy\SecDesc","SUCCESS",""
"3646","6:05:05.4269893 AM","lsass.exe","732","RegOpenKey","HKLM\SECURITY\Policy\SecDesc","SUCCESS","Desired Access: Read"
"3647","6:05:05.4270033 AM","lsass.exe","732","RegQueryValue","HKLM\SECURITY\Policy\SecDesc\(Default)","SUCCESS","Type: REG_NONE, Length: 180, Data: "
"3648","6:05:05.4270156 AM","lsass.exe","732","RegCloseKey","HKLM\SECURITY\Policy\SecDesc","SUCCESS",""
"3649","6:05:05.4271720 AM","lsass.exe","732","RegOpenKey","HKLM\SAM\SAM\DOMAINS\Account\Groups\000003EE","NAME NOT FOUND","Desired Access: Read/Write"
"3650","6:05:05.4271874 AM","lsass.exe","732","RegOpenKey","HKLM\SAM\SAM\DOMAINS\Account\Aliases\000003EE","NAME NOT FOUND","Desired Access: Read/Write"
"3651","6:05:05.4272022 AM","lsass.exe","732","RegOpenKey","HKLM\SAM\SAM\DOMAINS\Account\Users\000003EE","SUCCESS","Desired Access: Read/Write"
"3652","6:05:05.4272248 AM","lsass.exe","732","RegQueryValue","HKLM\SAM\SAM\Domains\Account\Users\000003EE\V","SUCCESS","Type: REG_BINARY, Length: 480, Data: 00 00 00 00 BC 00 00 00 02 00 01 00 BC 00 00 00"
"3653","6:05:05.4272413 AM","lsass.exe","732","RegCloseKey","HKLM\SAM\SAM\Domains\Account\Users\000003EE","SUCCESS",""
"3654","6:05:05.4273343 AM","lsass.exe","732","RegCloseKey","HKLM\SECURITY\Policy","SUCCESS",""
"3655","6:05:05.4274849 AM","MsMpEng.exe","1084","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\Windows Defender","NAME NOT FOUND","Desired Access: Read"
"3656","6:05:05.4275084 AM","MsMpEng.exe","1084","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows Defender","SUCCESS","Desired Access: Read/Write"
"3657","6:05:05.4275534 AM","MsMpEng.exe","1084","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows Defender\DisableAntiSpyware","NAME NOT FOUND","Length: 144"
"3658","6:05:05.4275832 AM","MsMpEng.exe","1084","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows Defender","SUCCESS",""
"3659","6:05:05.4276056 AM","MsMpEng.exe","1084","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Scan","NAME NOT FOUND","Desired Access: Read"
"3660","6:05:05.4276229 AM","MsMpEng.exe","1084","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows Defender\Scan","SUCCESS","Desired Access: Read/Write"
"3661","6:05:05.4276495 AM","MsMpEng.exe","1084","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows Defender\Scan\DisableHeuristics","NAME NOT FOUND","Length: 144"
"3662","6:05:05.4276651 AM","MsMpEng.exe","1084","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows Defender\Scan","SUCCESS",""
"3663","6:05:05.4276827 AM","MsMpEng.exe","1084","RegOpenKey","HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Scan","NAME NOT FOUND","Desired Access: Read"
"3664","6:05:05.4276981 AM","MsMpEng.exe","1084","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows Defender\Scan","SUCCESS","Desired Access: Read/Write"
"3665","6:05:05.4277542 AM","MsMpEng.exe","1084","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows Defender\Scan\DisableReparsePointScanning","NAME NOT FOUND","Length: 144"
"3666","6:05:05.4277830 AM","MsMpEng.exe","1084","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows Defender\Scan","SUCCESS",""
"3667","6:05:05.4279330 AM","MsMpEng.exe","1084","Thread Create","","SUCCESS","Thread ID: 3472"
"3669","6:05:05.4283878 AM","MsMpEng.exe","1084","RegOpenKey","HKLM\SYSTEM\currentcontrolset\control\minint","NAME NOT FOUND","Desired Access: Read"
"3670","6:05:05.4284361 AM","MsMpEng.exe","1084","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\hivelist","SUCCESS","Desired Access: Read"
"3671","6:05:05.4284646 AM","MsMpEng.exe","1084","RegQueryKey","HKLM\System\CurrentControlSet\Control\hivelist","SUCCESS","Query: Cached, SubKeys: 0, Values: 12"
"3672","6:05:05.4284814 AM","MsMpEng.exe","1084","RegEnumValue","HKLM\System\CurrentControlSet\Control\hivelist","SUCCESS","Index: 0, Name: \REGISTRY\MACHINE\HARDWARE, Type: REG_SZ, Length: 2, Data: "
"3674","6:05:05.4285010 AM","MsMpEng.exe","1084","RegEnumValue","HKLM\System\CurrentControlSet\Control\hivelist","SUCCESS","Index: 1, Name: \REGISTRY\MACHINE\SECURITY, Type: REG_SZ, Length: 116, Data: \Device\HarddiskVolume2\WINDOWS\system32\config\SECURITY"
"3685","6:05:05.4293103 AM","MsMpEng.exe","1084","QueryOpen","C:\WINDOWS\system32\config\SECURITY","SUCCESS","CreationTime: 8/15/2005 11:27:57 PM, LastAccessTime: 6/5/2007 4:50:17 AM, LastWriteTime: 6/5/2007 5:00:36 AM, ChangeTime: 6/5/2007 5:00:36 AM, AllocationSize: 262,144, EndOfFile: 262,144, FileAttributes: A"
"3686","6:05:05.4294374 AM","MsMpEng.exe","1084","QueryOpen","C:\WINDOWS\system32\config","SUCCESS","CreationTime: 8/16/2005 4:22:46 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 1/17/2007 7:30:13 PM, ChangeTime: 3/31/2007 5:58:12 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3689","6:05:05.4297584 AM","MsMpEng.exe","1084","QueryOpen","C:\WINDOWS\system32","SUCCESS","CreationTime: 8/16/2005 4:22:46 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 6/5/2007 5:26:16 AM, ChangeTime: 6/5/2007 5:26:16 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3690","6:05:05.4298807 AM","MsMpEng.exe","1084","QueryOpen","C:\WINDOWS","SUCCESS","CreationTime: 8/16/2005 4:22:46 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 6/5/2007 4:50:52 AM, ChangeTime: 6/5/2007 4:50:52 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3695","6:05:05.4300093 AM","MsMpEng.exe","1084","QueryOpen","C:\WINDOWS\system32","SUCCESS","CreationTime: 8/16/2005 4:22:46 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 6/5/2007 5:26:16 AM, ChangeTime: 6/5/2007 5:26:16 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3697","6:05:05.4301489 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings\Harold Dinsmore\NTUSER.DAT","SUCCESS","CreationTime: 1/17/2007 7:30:08 PM, LastAccessTime: 6/5/2007 4:50:30 AM, LastWriteTime: 6/4/2007 10:18:39 PM, ChangeTime: 3/9/2007 11:46:38 PM, AllocationSize: 4,456,448, EndOfFile: 4,456,448, FileAttributes: HA"
"3699","6:05:05.4302604 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings\harold dinsmore","SUCCESS","CreationTime: 1/17/2007 7:30:08 PM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 6/5/2007 5:24:32 AM, ChangeTime: 6/5/2007 5:24:32 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3704","6:05:05.4303275 AM","MsMpEng.exe","1084","QueryOpen","C:\documents and settings","SUCCESS","CreationTime: 8/16/2005 4:28:00 AM, LastAccessTime: 6/5/2007 6:05:03 AM, LastWriteTime: 4/7/2007 10:05:59 AM, ChangeTime: 4/7/2007 10:05:59 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3706","6:05:05.4304305 AM","MsMpEng.exe","1084","QueryOpen","C:\WINDOWS\system32","SUCCESS","CreationTime: 8/16/2005 4:22:46 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 6/5/2007 5:26:16 AM, ChangeTime: 6/5/2007 5:26:16 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3707","6:05:05.4304607 AM","MsMpEng.exe","1084","RegEnumValue","HKLM\System\CurrentControlSet\Control\hivelist","SUCCESS","Index: 2, Name: \REGISTRY\MACHINE\SOFTWARE, Type: REG_SZ, Length: 116, Data: \Device\HarddiskVolume2\WINDOWS\system32\config\SOFTWARE"
"3708","6:05:05.4306317 AM","MsMpEng.exe","1084","QueryOpen","C:\WINDOWS\system32\config\SOFTWARE","SUCCESS","CreationTime: 8/15/2005 11:27:01 PM, LastAccessTime: 6/5/2007 4:50:36 AM, LastWriteTime: 6/4/2007 10:18:39 PM, ChangeTime: 6/4/2007 4:10:17 PM, AllocationSize: 26,476,544, EndOfFile: 26,476,544, FileAttributes: A"
"3709","6:05:05.4307521 AM","MsMpEng.exe","1084","QueryOpen","C:\WINDOWS\system32\config","SUCCESS","CreationTime: 8/16/2005 4:22:46 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 1/17/2007 7:30:13 PM, ChangeTime: 3/31/2007 5:58:12 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3710","6:05:05.4308448 AM","MsMpEng.exe","1084","QueryOpen","C:\WINDOWS\system32","SUCCESS","CreationTime: 8/16/2005 4:22:46 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 6/5/2007 5:26:16 AM, ChangeTime: 6/5/2007 5:26:16 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3711","6:05:05.4309141 AM","MsMpEng.exe","1084","QueryOpen","C:\WINDOWS","SUCCESS","CreationTime: 8/16/2005 4:22:46 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 6/5/2007 4:50:52 AM, ChangeTime: 6/5/2007 4:50:52 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3712","6:05:05.4310407 AM","MsMpEng.exe","1084","QueryOpen","C:\WINDOWS\system32","SUCCESS","CreationTime: 8/16/2005 4:22:46 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 6/5/2007 5:26:16 AM, ChangeTime: 6/5/2007 5:26:16 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3713","6:05:05.4311231 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings\Harold Dinsmore\NTUSER.DAT","SUCCESS","CreationTime: 1/17/2007 7:30:08 PM, LastAccessTime: 6/5/2007 4:50:30 AM, LastWriteTime: 6/4/2007 10:18:39 PM, ChangeTime: 3/9/2007 11:46:38 PM, AllocationSize: 4,456,448, EndOfFile: 4,456,448, FileAttributes: HA"
"3714","6:05:05.4311711 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings\harold dinsmore","SUCCESS","CreationTime: 1/17/2007 7:30:08 PM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 6/5/2007 5:24:32 AM, ChangeTime: 6/5/2007 5:24:32 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3715","6:05:05.4312164 AM","MsMpEng.exe","1084","QueryOpen","C:\documents and settings","SUCCESS","CreationTime: 8/16/2005 4:28:00 AM, LastAccessTime: 6/5/2007 6:05:03 AM, LastWriteTime: 4/7/2007 10:05:59 AM, ChangeTime: 4/7/2007 10:05:59 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3716","6:05:05.4313094 AM","MsMpEng.exe","1084","QueryOpen","C:\WINDOWS\system32","SUCCESS","CreationTime: 8/16/2005 4:22:46 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 6/5/2007 5:26:16 AM, ChangeTime: 6/5/2007 5:26:16 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3717","6:05:05.4313301 AM","MsMpEng.exe","1084","RegEnumValue","HKLM\System\CurrentControlSet\Control\hivelist","SUCCESS","Index: 3, Name: \REGISTRY\MACHINE\SYSTEM, Type: REG_SZ, Length: 112, Data: \Device\HarddiskVolume2\WINDOWS\system32\config\SYSTEM"
"3718","6:05:05.4314916 AM","MsMpEng.exe","1084","QueryOpen","C:\WINDOWS\system32\config\SYSTEM","SUCCESS","CreationTime: 8/15/2005 11:27:00 PM, LastAccessTime: 6/5/2007 4:50:13 AM, LastWriteTime: 6/5/2007 4:50:13 AM, ChangeTime: 6/5/2007 4:50:13 AM, AllocationSize: 4,980,736, EndOfFile: 4,980,736, FileAttributes: A"
"3719","6:05:05.4316109 AM","MsMpEng.exe","1084","QueryOpen","C:\WINDOWS\system32\config","SUCCESS","CreationTime: 8/16/2005 4:22:46 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 1/17/2007 7:30:13 PM, ChangeTime: 3/31/2007 5:58:12 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3720","6:05:05.4317030 AM","MsMpEng.exe","1084","QueryOpen","C:\WINDOWS\system32","SUCCESS","CreationTime: 8/16/2005 4:22:46 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 6/5/2007 5:26:16 AM, ChangeTime: 6/5/2007 5:26:16 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3721","6:05:05.4317707 AM","MsMpEng.exe","1084","QueryOpen","C:\WINDOWS","SUCCESS","CreationTime: 8/16/2005 4:22:46 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 6/5/2007 4:50:52 AM, ChangeTime: 6/5/2007 4:50:52 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3722","6:05:05.4318631 AM","MsMpEng.exe","1084","QueryOpen","C:\WINDOWS\system32","SUCCESS","CreationTime: 8/16/2005 4:22:46 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 6/5/2007 5:26:16 AM, ChangeTime: 6/5/2007 5:26:16 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3723","6:05:05.4319397 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings\Harold Dinsmore\NTUSER.DAT","SUCCESS","CreationTime: 1/17/2007 7:30:08 PM, LastAccessTime: 6/5/2007 4:50:30 AM, LastWriteTime: 6/4/2007 10:18:39 PM, ChangeTime: 3/9/2007 11:46:38 PM, AllocationSize: 4,456,448, EndOfFile: 4,456,448, FileAttributes: HA"
"3724","6:05:05.4319872 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings\harold dinsmore","SUCCESS","CreationTime: 1/17/2007 7:30:08 PM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 6/5/2007 5:24:32 AM, ChangeTime: 6/5/2007 5:24:32 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3725","6:05:05.4320333 AM","MsMpEng.exe","1084","QueryOpen","C:\documents and settings","SUCCESS","CreationTime: 8/16/2005 4:28:00 AM, LastAccessTime: 6/5/2007 6:05:03 AM, LastWriteTime: 4/7/2007 10:05:59 AM, ChangeTime: 4/7/2007 10:05:59 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3726","6:05:05.4321263 AM","MsMpEng.exe","1084","QueryOpen","C:\WINDOWS\system32","SUCCESS","CreationTime: 8/16/2005 4:22:46 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 6/5/2007 5:26:16 AM, ChangeTime: 6/5/2007 5:26:16 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3727","6:05:05.4321458 AM","MsMpEng.exe","1084","RegEnumValue","HKLM\System\CurrentControlSet\Control\hivelist","SUCCESS","Index: 4, Name: \REGISTRY\USER\.DEFAULT, Type: REG_SZ, Length: 114, Data: \Device\HarddiskVolume2\WINDOWS\system32\config\DEFAULT"
"3728","6:05:05.4323048 AM","MsMpEng.exe","1084","QueryOpen","C:\WINDOWS\system32\config\DEFAULT","SUCCESS","CreationTime: 8/15/2005 11:27:01 PM, LastAccessTime: 6/5/2007 4:50:49 AM, LastWriteTime: 6/4/2007 10:18:39 PM, ChangeTime: 3/31/2007 5:58:12 AM, AllocationSize: 524,288, EndOfFile: 524,288, FileAttributes: A"
"3729","6:05:05.4324562 AM","MsMpEng.exe","1084","QueryOpen","C:\WINDOWS\system32\config","SUCCESS","CreationTime: 8/16/2005 4:22:46 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 1/17/2007 7:30:13 PM, ChangeTime: 3/31/2007 5:58:12 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3730","6:05:05.4325506 AM","MsMpEng.exe","1084","QueryOpen","C:\WINDOWS\system32","SUCCESS","CreationTime: 8/16/2005 4:22:46 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 6/5/2007 5:26:16 AM, ChangeTime: 6/5/2007 5:26:16 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3731","6:05:05.4326185 AM","MsMpEng.exe","1084","QueryOpen","C:\WINDOWS","SUCCESS","CreationTime: 8/16/2005 4:22:46 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 6/5/2007 4:50:52 AM, ChangeTime: 6/5/2007 4:50:52 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3732","6:05:05.4327107 AM","MsMpEng.exe","1084","QueryOpen","C:\WINDOWS\system32","SUCCESS","CreationTime: 8/16/2005 4:22:46 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 6/5/2007 5:26:16 AM, ChangeTime: 6/5/2007 5:26:16 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3733","6:05:05.4327867 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings\Harold Dinsmore\NTUSER.DAT","SUCCESS","CreationTime: 1/17/2007 7:30:08 PM, LastAccessTime: 6/5/2007 4:50:30 AM, LastWriteTime: 6/4/2007 10:18:39 PM, ChangeTime: 3/9/2007 11:46:38 PM, AllocationSize: 4,456,448, EndOfFile: 4,456,448, FileAttributes: HA"
"3734","6:05:05.4328348 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings\harold dinsmore","SUCCESS","CreationTime: 1/17/2007 7:30:08 PM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 6/5/2007 5:24:32 AM, ChangeTime: 6/5/2007 5:24:32 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3735","6:05:05.4328800 AM","MsMpEng.exe","1084","QueryOpen","C:\documents and settings","SUCCESS","CreationTime: 8/16/2005 4:28:00 AM, LastAccessTime: 6/5/2007 6:05:03 AM, LastWriteTime: 4/7/2007 10:05:59 AM, ChangeTime: 4/7/2007 10:05:59 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3736","6:05:05.4329736 AM","MsMpEng.exe","1084","QueryOpen","C:\WINDOWS\system32","SUCCESS","CreationTime: 8/16/2005 4:22:46 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 6/5/2007 5:26:16 AM, ChangeTime: 6/5/2007 5:26:16 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3737","6:05:05.4329934 AM","MsMpEng.exe","1084","RegEnumValue","HKLM\System\CurrentControlSet\Control\hivelist","SUCCESS","Index: 5, Name: \REGISTRY\MACHINE\SAM, Type: REG_SZ, Length: 106, Data: \Device\HarddiskVolume2\WINDOWS\system32\config\SAM"
"3738","6:05:05.4331552 AM","MsMpEng.exe","1084","QueryOpen","C:\WINDOWS\system32\config\SAM","SUCCESS","CreationTime: 8/15/2005 11:27:57 PM, LastAccessTime: 6/5/2007 4:50:19 AM, LastWriteTime: 6/4/2007 10:18:39 PM, ChangeTime: 3/31/2007 5:58:12 AM, AllocationSize: 262,144, EndOfFile: 262,144, FileAttributes: A"
"3739","6:05:05.4332856 AM","MsMpEng.exe","1084","QueryOpen","C:\WINDOWS\system32\config","SUCCESS","CreationTime: 8/16/2005 4:22:46 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 1/17/2007 7:30:13 PM, ChangeTime: 3/31/2007 5:58:12 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3740","6:05:05.4334413 AM","MsMpEng.exe","1084","QueryOpen","C:\WINDOWS\system32","SUCCESS","CreationTime: 8/16/2005 4:22:46 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 6/5/2007 5:26:16 AM, ChangeTime: 6/5/2007 5:26:16 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3741","6:05:05.4335550 AM","MsMpEng.exe","1084","QueryOpen","C:\WINDOWS","SUCCESS","CreationTime: 8/16/2005 4:22:46 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 6/5/2007 4:50:52 AM, ChangeTime: 6/5/2007 4:50:52 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3744","6:05:05.4336687 AM","MsMpEng.exe","1084","QueryOpen","C:\WINDOWS\system32","SUCCESS","CreationTime: 8/16/2005 4:22:46 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 6/5/2007 5:26:16 AM, ChangeTime: 6/5/2007 5:26:16 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3745","6:05:05.4337729 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings\Harold Dinsmore\NTUSER.DAT","SUCCESS","CreationTime: 1/17/2007 7:30:08 PM, LastAccessTime: 6/5/2007 4:50:30 AM, LastWriteTime: 6/4/2007 10:18:39 PM, ChangeTime: 3/9/2007 11:46:38 PM, AllocationSize: 4,456,448, EndOfFile: 4,456,448, FileAttributes: HA"
"3746","6:05:05.4338458 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings\harold dinsmore","SUCCESS","CreationTime: 1/17/2007 7:30:08 PM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 6/5/2007 5:24:32 AM, ChangeTime: 6/5/2007 5:24:32 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3748","6:05:05.4339050 AM","MsMpEng.exe","1084","QueryOpen","C:\documents and settings","SUCCESS","CreationTime: 8/16/2005 4:28:00 AM, LastAccessTime: 6/5/2007 6:05:03 AM, LastWriteTime: 4/7/2007 10:05:59 AM, ChangeTime: 4/7/2007 10:05:59 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3752","6:05:05.4340293 AM","MsMpEng.exe","1084","QueryOpen","C:\WINDOWS\system32","SUCCESS","CreationTime: 8/16/2005 4:22:46 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 6/5/2007 5:26:16 AM, ChangeTime: 6/5/2007 5:26:16 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3753","6:05:05.4340645 AM","MsMpEng.exe","1084","RegEnumValue","HKLM\System\CurrentControlSet\Control\hivelist","SUCCESS","Index: 6, Name: \REGISTRY\USER\S-1-5-20, Type: REG_SZ, Length: 148, Data: \Device\HarddiskVolume2\Documents and Settings\NetworkService\NTUSER.DAT"
"3760","6:05:05.4342520 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings\NetworkService\NTUSER.DAT","SUCCESS","CreationTime: 8/16/2005 11:49:39 AM, LastAccessTime: 6/5/2007 4:50:49 AM, LastWriteTime: 6/4/2007 10:18:39 PM, ChangeTime: 3/2/2007 9:06:57 PM, AllocationSize: 262,144, EndOfFile: 262,144, FileAttributes: HA"
"3761","6:05:05.4343034 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings\NetworkService","SUCCESS","CreationTime: 8/16/2005 4:49:38 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 1/17/2007 8:54:02 PM, ChangeTime: 3/31/2007 5:56:45 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: HSD"
"3762","6:05:05.4343492 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings","SUCCESS","CreationTime: 8/16/2005 4:28:00 AM, LastAccessTime: 6/5/2007 6:05:03 AM, LastWriteTime: 4/7/2007 10:05:59 AM, ChangeTime: 4/7/2007 10:05:59 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3763","6:05:05.4344917 AM","MsMpEng.exe","1084","QueryOpen","C:\WINDOWS\system32","SUCCESS","CreationTime: 8/16/2005 4:22:46 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 6/5/2007 5:26:16 AM, ChangeTime: 6/5/2007 5:26:16 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3766","6:05:05.4345805 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings\Harold Dinsmore\NTUSER.DAT","SUCCESS","CreationTime: 1/17/2007 7:30:08 PM, LastAccessTime: 6/5/2007 4:50:30 AM, LastWriteTime: 6/4/2007 10:18:39 PM, ChangeTime: 3/9/2007 11:46:38 PM, AllocationSize: 4,456,448, EndOfFile: 4,456,448, FileAttributes: HA"
"3767","6:05:05.4346336 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings\harold dinsmore","SUCCESS","CreationTime: 1/17/2007 7:30:08 PM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 6/5/2007 5:24:32 AM, ChangeTime: 6/5/2007 5:24:32 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3768","6:05:05.4346987 AM","MsMpEng.exe","1084","QueryOpen","C:\documents and settings","SUCCESS","CreationTime: 8/16/2005 4:28:00 AM, LastAccessTime: 6/5/2007 6:05:03 AM, LastWriteTime: 4/7/2007 10:05:59 AM, ChangeTime: 4/7/2007 10:05:59 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3773","6:05:05.4348224 AM","MsMpEng.exe","1084","QueryOpen","C:\WINDOWS\system32","SUCCESS","CreationTime: 8/16/2005 4:22:46 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 6/5/2007 5:26:16 AM, ChangeTime: 6/5/2007 5:26:16 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3774","6:05:05.4348451 AM","MsMpEng.exe","1084","RegEnumValue","HKLM\System\CurrentControlSet\Control\hivelist","BUFFER OVERFLOW","Index: 7, Length: 220"
"3775","6:05:05.4348562 AM","MsMpEng.exe","1084","RegEnumValue","HKLM\System\CurrentControlSet\Control\hivelist","SUCCESS","Index: 7, Name: \REGISTRY\USER\S-1-5-20_Classes, Type: REG_SZ, Length: 252, Data: \Device\HarddiskVolume2\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat"
"3777","6:05:05.4350144 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat","SUCCESS","CreationTime: 8/16/2005 11:49:39 AM, LastAccessTime: 6/5/2007 4:50:49 AM, LastWriteTime: 1/13/2007 1:29:39 AM, ChangeTime: 1/13/2007 1:03:25 AM, AllocationSize: 262,144, EndOfFile: 262,144, FileAttributes: HA"
"3783","6:05:05.4351010 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows","SUCCESS","CreationTime: 8/16/2005 4:49:39 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 8/16/2005 4:49:40 AM, ChangeTime: 3/31/2007 5:56:45 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3784","6:05:05.4351577 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft","SUCCESS","CreationTime: 8/16/2005 4:49:39 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 1/18/2007 8:38:28 AM, ChangeTime: 3/31/2007 5:56:45 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3785","6:05:05.4352225 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings\NetworkService\Local Settings\Application Data","SUCCESS","CreationTime: 8/16/2005 4:49:39 AM, LastAccessTime: 6/5/2007 4:50:01 AM, LastWriteTime: 8/16/2005 4:49:40 AM, ChangeTime: 6/5/2007 4:50:18 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: HD"
"3788","6:05:05.4352798 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings\NetworkService\Local Settings","SUCCESS","CreationTime: 8/16/2005 4:49:39 AM, LastAccessTime: 6/5/2007 5:10:20 AM, LastWriteTime: 8/16/2005 4:49:40 AM, ChangeTime: 6/5/2007 4:50:18 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: HD"
"3789","6:05:05.4353284 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings\NetworkService","SUCCESS","CreationTime: 8/16/2005 4:49:38 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 1/17/2007 8:54:02 PM, ChangeTime: 3/31/2007 5:56:45 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: HSD"
"3790","6:05:05.4353887 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings","SUCCESS","CreationTime: 8/16/2005 4:28:00 AM, LastAccessTime: 6/5/2007 6:05:03 AM, LastWriteTime: 4/7/2007 10:05:59 AM, ChangeTime: 4/7/2007 10:05:59 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3792","6:05:05.4355139 AM","MsMpEng.exe","1084","QueryOpen","C:\WINDOWS\system32","SUCCESS","CreationTime: 8/16/2005 4:22:46 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 6/5/2007 5:26:16 AM, ChangeTime: 6/5/2007 5:26:16 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3796","6:05:05.4356147 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings\Harold Dinsmore\NTUSER.DAT","SUCCESS","CreationTime: 1/17/2007 7:30:08 PM, LastAccessTime: 6/5/2007 4:50:30 AM, LastWriteTime: 6/4/2007 10:18:39 PM, ChangeTime: 3/9/2007 11:46:38 PM, AllocationSize: 4,456,448, EndOfFile: 4,456,448, FileAttributes: HA"
"3798","6:05:05.4356874 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings\harold dinsmore","SUCCESS","CreationTime: 1/17/2007 7:30:08 PM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 6/5/2007 5:24:32 AM, ChangeTime: 6/5/2007 5:24:32 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3799","6:05:05.4357491 AM","MsMpEng.exe","1084","QueryOpen","C:\documents and settings","SUCCESS","CreationTime: 8/16/2005 4:28:00 AM, LastAccessTime: 6/5/2007 6:05:03 AM, LastWriteTime: 4/7/2007 10:05:59 AM, ChangeTime: 4/7/2007 10:05:59 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3805","6:05:05.4358516 AM","MsMpEng.exe","1084","QueryOpen","C:\WINDOWS\system32","SUCCESS","CreationTime: 8/16/2005 4:22:46 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 6/5/2007 5:26:16 AM, ChangeTime: 6/5/2007 5:26:16 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3806","6:05:05.4358720 AM","MsMpEng.exe","1084","RegEnumValue","HKLM\System\CurrentControlSet\Control\hivelist","SUCCESS","Index: 8, Name: \REGISTRY\USER\S-1-5-19, Type: REG_SZ, Length: 144, Data: \Device\HarddiskVolume2\Documents and Settings\LocalService\NTUSER.DAT"
"3807","6:05:05.4359866 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings\LocalService\NTUSER.DAT","SUCCESS","CreationTime: 8/16/2005 11:49:39 AM, LastAccessTime: 6/5/2007 4:50:48 AM, LastWriteTime: 6/4/2007 10:18:39 PM, ChangeTime: 1/13/2007 1:03:25 AM, AllocationSize: 262,144, EndOfFile: 262,144, FileAttributes: HA"
"3810","6:05:05.4360438 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings\LocalService","SUCCESS","CreationTime: 8/16/2005 4:49:39 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 1/31/2007 4:58:38 PM, ChangeTime: 3/31/2007 5:56:44 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: HSD"
"3811","6:05:05.4360905 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings","SUCCESS","CreationTime: 8/16/2005 4:28:00 AM, LastAccessTime: 6/5/2007 6:05:03 AM, LastWriteTime: 4/7/2007 10:05:59 AM, ChangeTime: 4/7/2007 10:05:59 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3813","6:05:05.4362346 AM","MsMpEng.exe","1084","QueryOpen","C:\WINDOWS\system32","SUCCESS","CreationTime: 8/16/2005 4:22:46 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 6/5/2007 5:26:16 AM, ChangeTime: 6/5/2007 5:26:16 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3817","6:05:05.4363210 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings\Harold Dinsmore\NTUSER.DAT","SUCCESS","CreationTime: 1/17/2007 7:30:08 PM, LastAccessTime: 6/5/2007 4:50:30 AM, LastWriteTime: 6/4/2007 10:18:39 PM, ChangeTime: 3/9/2007 11:46:38 PM, AllocationSize: 4,456,448, EndOfFile: 4,456,448, FileAttributes: HA"
"3818","6:05:05.4363760 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings\harold dinsmore","SUCCESS","CreationTime: 1/17/2007 7:30:08 PM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 6/5/2007 5:24:32 AM, ChangeTime: 6/5/2007 5:24:32 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3820","6:05:05.4364266 AM","MsMpEng.exe","1084","QueryOpen","C:\documents and settings","SUCCESS","CreationTime: 8/16/2005 4:28:00 AM, LastAccessTime: 6/5/2007 6:05:03 AM, LastWriteTime: 4/7/2007 10:05:59 AM, ChangeTime: 4/7/2007 10:05:59 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3825","6:05:05.4365612 AM","MsMpEng.exe","1084","QueryOpen","C:\WINDOWS\system32","SUCCESS","CreationTime: 8/16/2005 4:22:46 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 6/5/2007 5:26:16 AM, ChangeTime: 6/5/2007 5:26:16 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3827","6:05:05.4365933 AM","MsMpEng.exe","1084","RegEnumValue","HKLM\System\CurrentControlSet\Control\hivelist","BUFFER OVERFLOW","Index: 9, Length: 220"
"3828","6:05:05.4366034 AM","MsMpEng.exe","1084","RegEnumValue","HKLM\System\CurrentControlSet\Control\hivelist","SUCCESS","Index: 9, Name: \REGISTRY\USER\S-1-5-19_Classes, Type: REG_SZ, Length: 248, Data: \Device\HarddiskVolume2\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat"
"3829","6:05:05.4367442 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat","SUCCESS","CreationTime: 8/16/2005 11:49:40 AM, LastAccessTime: 6/5/2007 4:50:48 AM, LastWriteTime: 1/13/2007 1:29:39 AM, ChangeTime: 1/13/2007 1:03:25 AM, AllocationSize: 262,144, EndOfFile: 262,144, FileAttributes: HA"
"3832","6:05:05.4368403 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows","SUCCESS","CreationTime: 8/16/2005 4:49:40 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 8/16/2005 4:49:42 AM, ChangeTime: 3/31/2007 5:56:45 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3833","6:05:05.4369115 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft","SUCCESS","CreationTime: 8/16/2005 4:49:40 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 4/29/2007 5:18:24 PM, ChangeTime: 4/29/2007 5:18:24 PM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3835","6:05:05.4369713 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings\LocalService\Local Settings\Application Data","SUCCESS","CreationTime: 8/16/2005 4:49:40 AM, LastAccessTime: 6/5/2007 4:50:01 AM, LastWriteTime: 1/31/2007 4:58:24 PM, ChangeTime: 6/5/2007 4:50:18 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: HD"
"3839","6:05:05.4370275 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings\LocalService\Local Settings","SUCCESS","CreationTime: 8/16/2005 4:49:39 AM, LastAccessTime: 6/5/2007 4:50:26 AM, LastWriteTime: 8/16/2005 4:49:42 AM, ChangeTime: 6/5/2007 4:50:18 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: HD"
"3840","6:05:05.4370954 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings\LocalService","SUCCESS","CreationTime: 8/16/2005 4:49:39 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 1/31/2007 4:58:38 PM, ChangeTime: 3/31/2007 5:56:44 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: HSD"
"3842","6:05:05.4371546 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings","SUCCESS","CreationTime: 8/16/2005 4:28:00 AM, LastAccessTime: 6/5/2007 6:05:03 AM, LastWriteTime: 4/7/2007 10:05:59 AM, ChangeTime: 4/7/2007 10:05:59 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3845","6:05:05.4372797 AM","MsMpEng.exe","1084","QueryOpen","C:\WINDOWS\system32","SUCCESS","CreationTime: 8/16/2005 4:22:46 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 6/5/2007 5:26:16 AM, ChangeTime: 6/5/2007 5:26:16 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3851","6:05:05.4377401 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings\Harold Dinsmore\NTUSER.DAT","SUCCESS","CreationTime: 1/17/2007 7:30:08 PM, LastAccessTime: 6/5/2007 4:50:30 AM, LastWriteTime: 6/4/2007 10:18:39 PM, ChangeTime: 3/9/2007 11:46:38 PM, AllocationSize: 4,456,448, EndOfFile: 4,456,448, FileAttributes: HA"
"3852","6:05:05.4378094 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings\harold dinsmore","SUCCESS","CreationTime: 1/17/2007 7:30:08 PM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 6/5/2007 5:24:32 AM, ChangeTime: 6/5/2007 5:24:32 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3853","6:05:05.4378773 AM","MsMpEng.exe","1084","QueryOpen","C:\documents and settings","SUCCESS","CreationTime: 8/16/2005 4:28:00 AM, LastAccessTime: 6/5/2007 6:05:03 AM, LastWriteTime: 4/7/2007 10:05:59 AM, ChangeTime: 4/7/2007 10:05:59 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3854","6:05:05.4379890 AM","MsMpEng.exe","1084","QueryOpen","C:\WINDOWS\system32","SUCCESS","CreationTime: 8/16/2005 4:22:46 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 6/5/2007 5:26:16 AM, ChangeTime: 6/5/2007 5:26:16 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3855","6:05:05.4380161 AM","MsMpEng.exe","1084","RegEnumValue","HKLM\System\CurrentControlSet\Control\hivelist","BUFFER OVERFLOW","Index: 10, Length: 220"
"3856","6:05:05.4380284 AM","MsMpEng.exe","1084","RegEnumValue","HKLM\System\CurrentControlSet\Control\hivelist","SUCCESS","Index: 10, Name: \REGISTRY\USER\S-1-5-21-1826424485-3103089739-544340361-1006, Type: REG_SZ, Length: 150, Data: \Device\HarddiskVolume2\Documents and Settings\Harold Dinsmore\NTUSER.DAT"
"3857","6:05:05.4380807 AM","MsMpEng.exe","1084","RegCloseKey","HKLM\System\CurrentControlSet\Control\hivelist","SUCCESS",""
"3858","6:05:05.4380963 AM","MsMpEng.exe","1084","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Control\hivelist","SUCCESS","Desired Access: Read"
"3859","6:05:05.4381282 AM","MsMpEng.exe","1084","RegQueryKey","HKLM\System\CurrentControlSet\Control\hivelist","SUCCESS","Query: Cached, SubKeys: 0, Values: 12"
"3860","6:05:05.4381396 AM","MsMpEng.exe","1084","RegEnumValue","HKLM\System\CurrentControlSet\Control\hivelist","SUCCESS","Index: 0, Name: \REGISTRY\MACHINE\HARDWARE, Type: REG_SZ, Length: 2, Data: "
"3861","6:05:05.4381508 AM","MsMpEng.exe","1084","RegEnumValue","HKLM\System\CurrentControlSet\Control\hivelist","SUCCESS","Index: 1, Name: \REGISTRY\MACHINE\SECURITY, Type: REG_SZ, Length: 116, Data: \Device\HarddiskVolume2\WINDOWS\system32\config\SECURITY"
"3862","6:05:05.4381611 AM","MsMpEng.exe","1084","RegEnumValue","HKLM\System\CurrentControlSet\Control\hivelist","SUCCESS","Index: 2, Name: \REGISTRY\MACHINE\SOFTWARE, Type: REG_SZ, Length: 116, Data: \Device\HarddiskVolume2\WINDOWS\system32\config\SOFTWARE"
"3863","6:05:05.4381715 AM","MsMpEng.exe","1084","RegEnumValue","HKLM\System\CurrentControlSet\Control\hivelist","SUCCESS","Index: 3, Name: \REGISTRY\MACHINE\SYSTEM, Type: REG_SZ, Length: 112, Data: \Device\HarddiskVolume2\WINDOWS\system32\config\SYSTEM"
"3864","6:05:05.4381818 AM","MsMpEng.exe","1084","RegEnumValue","HKLM\System\CurrentControlSet\Control\hivelist","SUCCESS","Index: 4, Name: \REGISTRY\USER\.DEFAULT, Type: REG_SZ, Length: 114, Data: \Device\HarddiskVolume2\WINDOWS\system32\config\DEFAULT"
"3865","6:05:05.4381919 AM","MsMpEng.exe","1084","RegEnumValue","HKLM\System\CurrentControlSet\Control\hivelist","SUCCESS","Index: 5, Name: \REGISTRY\MACHINE\SAM, Type: REG_SZ, Length: 106, Data: \Device\HarddiskVolume2\WINDOWS\system32\config\SAM"
"3866","6:05:05.4382022 AM","MsMpEng.exe","1084","RegEnumValue","HKLM\System\CurrentControlSet\Control\hivelist","SUCCESS","Index: 6, Name: \REGISTRY\USER\S-1-5-20, Type: REG_SZ, Length: 148, Data: \Device\HarddiskVolume2\Documents and Settings\NetworkService\NTUSER.DAT"
"3867","6:05:05.4382125 AM","MsMpEng.exe","1084","RegEnumValue","HKLM\System\CurrentControlSet\Control\hivelist","BUFFER OVERFLOW","Index: 7, Length: 220"
"3868","6:05:05.4382220 AM","MsMpEng.exe","1084","RegEnumValue","HKLM\System\CurrentControlSet\Control\hivelist","SUCCESS","Index: 7, Name: \REGISTRY\USER\S-1-5-20_Classes, Type: REG_SZ, Length: 252, Data: \Device\HarddiskVolume2\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat"
"3869","6:05:05.4383463 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat","SUCCESS","CreationTime: 8/16/2005 11:49:39 AM, LastAccessTime: 6/5/2007 4:50:49 AM, LastWriteTime: 1/13/2007 1:29:39 AM, ChangeTime: 1/13/2007 1:03:25 AM, AllocationSize: 262,144, EndOfFile: 262,144, FileAttributes: HA"
"3880","6:05:05.4387944 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows","SUCCESS","CreationTime: 8/16/2005 4:49:39 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 8/16/2005 4:49:40 AM, ChangeTime: 3/31/2007 5:56:45 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3881","6:05:05.4388978 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft","SUCCESS","CreationTime: 8/16/2005 4:49:39 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 1/18/2007 8:38:28 AM, ChangeTime: 3/31/2007 5:56:45 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3884","6:05:05.4389640 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings\NetworkService\Local Settings\Application Data","SUCCESS","CreationTime: 8/16/2005 4:49:39 AM, LastAccessTime: 6/5/2007 4:50:01 AM, LastWriteTime: 8/16/2005 4:49:40 AM, ChangeTime: 6/5/2007 4:50:18 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: HD"
"3885","6:05:05.4390442 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings\NetworkService\Local Settings","SUCCESS","CreationTime: 8/16/2005 4:49:39 AM, LastAccessTime: 6/5/2007 5:10:20 AM, LastWriteTime: 8/16/2005 4:49:40 AM, ChangeTime: 6/5/2007 4:50:18 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: HD"
"3886","6:05:05.4390950 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings\NetworkService","SUCCESS","CreationTime: 8/16/2005 4:49:38 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 1/17/2007 8:54:02 PM, ChangeTime: 3/31/2007 5:56:45 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: HSD"
"3887","6:05:05.4391576 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings","SUCCESS","CreationTime: 8/16/2005 4:28:00 AM, LastAccessTime: 6/5/2007 6:05:03 AM, LastWriteTime: 4/7/2007 10:05:59 AM, ChangeTime: 4/7/2007 10:05:59 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3889","6:05:05.4393035 AM","MsMpEng.exe","1084","QueryOpen","C:\WINDOWS\system32","SUCCESS","CreationTime: 8/16/2005 4:22:46 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 6/5/2007 5:26:16 AM, ChangeTime: 6/5/2007 5:26:16 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3893","6:05:05.4394389 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings\Harold Dinsmore\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat","SUCCESS","CreationTime: 1/17/2007 7:30:09 PM, LastAccessTime: 6/5/2007 4:50:48 AM, LastWriteTime: 6/4/2007 10:15:53 PM, ChangeTime: 3/9/2007 10:24:57 AM, AllocationSize: 262,144, EndOfFile: 262,144, FileAttributes: HA"
"3895","6:05:05.4395342 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings\Harold Dinsmore\Local Settings\Application Data\Microsoft\Windows","SUCCESS","CreationTime: 1/17/2007 7:30:09 PM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 8/16/2005 4:50:02 AM, ChangeTime: 3/31/2007 5:56:39 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3896","6:05:05.4396001 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings\Harold Dinsmore\Local Settings\Application Data\Microsoft","SUCCESS","CreationTime: 1/17/2007 7:30:09 PM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 4/29/2007 5:18:38 PM, ChangeTime: 4/29/2007 5:18:38 PM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3901","6:05:05.4396560 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings\Harold Dinsmore\Local Settings\Application Data","SUCCESS","CreationTime: 1/17/2007 7:30:09 PM, LastAccessTime: 6/5/2007 5:44:28 AM, LastWriteTime: 2/22/2007 2:38:09 PM, ChangeTime: 6/5/2007 4:50:25 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: HD"
"3903","6:05:05.4397203 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings\Harold Dinsmore\Local Settings","SUCCESS","CreationTime: 1/17/2007 7:30:09 PM, LastAccessTime: 6/5/2007 6:04:45 AM, LastWriteTime: 8/16/2005 4:33:26 AM, ChangeTime: 6/5/2007 4:50:25 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: HD"
"3905","6:05:05.4397795 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings\harold dinsmore","SUCCESS","CreationTime: 1/17/2007 7:30:08 PM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 6/5/2007 5:24:32 AM, ChangeTime: 6/5/2007 5:24:32 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3906","6:05:05.4398250 AM","MsMpEng.exe","1084","QueryOpen","C:\documents and settings","SUCCESS","CreationTime: 8/16/2005 4:28:00 AM, LastAccessTime: 6/5/2007 6:05:03 AM, LastWriteTime: 4/7/2007 10:05:59 AM, ChangeTime: 4/7/2007 10:05:59 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3907","6:05:05.4399206 AM","MsMpEng.exe","1084","QueryOpen","C:\WINDOWS\system32","SUCCESS","CreationTime: 8/16/2005 4:22:46 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 6/5/2007 5:26:16 AM, ChangeTime: 6/5/2007 5:26:16 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3908","6:05:05.4399449 AM","MsMpEng.exe","1084","RegEnumValue","HKLM\System\CurrentControlSet\Control\hivelist","SUCCESS","Index: 8, Name: \REGISTRY\USER\S-1-5-19, Type: REG_SZ, Length: 144, Data: \Device\HarddiskVolume2\Documents and Settings\LocalService\NTUSER.DAT"
"3909","6:05:05.4399574 AM","MsMpEng.exe","1084","RegEnumValue","HKLM\System\CurrentControlSet\Control\hivelist","BUFFER OVERFLOW","Index: 9, Length: 220"
"3910","6:05:05.4399669 AM","MsMpEng.exe","1084","RegEnumValue","HKLM\System\CurrentControlSet\Control\hivelist","SUCCESS","Index: 9, Name: \REGISTRY\USER\S-1-5-19_Classes, Type: REG_SZ, Length: 248, Data: \Device\HarddiskVolume2\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat"
"3911","6:05:05.4400924 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat","SUCCESS","CreationTime: 8/16/2005 11:49:40 AM, LastAccessTime: 6/5/2007 4:50:48 AM, LastWriteTime: 1/13/2007 1:29:39 AM, ChangeTime: 1/13/2007 1:03:25 AM, AllocationSize: 262,144, EndOfFile: 262,144, FileAttributes: HA"
"3912","6:05:05.4401692 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows","SUCCESS","CreationTime: 8/16/2005 4:49:40 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 8/16/2005 4:49:42 AM, ChangeTime: 3/31/2007 5:56:45 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3913","6:05:05.4402217 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft","SUCCESS","CreationTime: 8/16/2005 4:49:40 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 4/29/2007 5:18:24 PM, ChangeTime: 4/29/2007 5:18:24 PM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3914","6:05:05.4402726 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings\LocalService\Local Settings\Application Data","SUCCESS","CreationTime: 8/16/2005 4:49:40 AM, LastAccessTime: 6/5/2007 4:50:01 AM, LastWriteTime: 1/31/2007 4:58:24 PM, ChangeTime: 6/5/2007 4:50:18 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: HD"
"3915","6:05:05.4403220 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings\LocalService\Local Settings","SUCCESS","CreationTime: 8/16/2005 4:49:39 AM, LastAccessTime: 6/5/2007 4:50:26 AM, LastWriteTime: 8/16/2005 4:49:42 AM, ChangeTime: 6/5/2007 4:50:18 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: HD"
"3916","6:05:05.4403692 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings\LocalService","SUCCESS","CreationTime: 8/16/2005 4:49:39 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 1/31/2007 4:58:38 PM, ChangeTime: 3/31/2007 5:56:44 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: HSD"
"3917","6:05:05.4404142 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings","SUCCESS","CreationTime: 8/16/2005 4:28:00 AM, LastAccessTime: 6/5/2007 6:05:03 AM, LastWriteTime: 4/7/2007 10:05:59 AM, ChangeTime: 4/7/2007 10:05:59 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3918","6:05:05.4405075 AM","MsMpEng.exe","1084","QueryOpen","C:\WINDOWS\system32","SUCCESS","CreationTime: 8/16/2005 4:22:46 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 6/5/2007 5:26:16 AM, ChangeTime: 6/5/2007 5:26:16 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3919","6:05:05.4406134 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings\Harold Dinsmore\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat","SUCCESS","CreationTime: 1/17/2007 7:30:09 PM, LastAccessTime: 6/5/2007 4:50:48 AM, LastWriteTime: 6/4/2007 10:15:53 PM, ChangeTime: 3/9/2007 10:24:57 AM, AllocationSize: 262,144, EndOfFile: 262,144, FileAttributes: HA"
"3920","6:05:05.4406897 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings\Harold Dinsmore\Local Settings\Application Data\Microsoft\Windows","SUCCESS","CreationTime: 1/17/2007 7:30:09 PM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 8/16/2005 4:50:02 AM, ChangeTime: 3/31/2007 5:56:39 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3921","6:05:05.4407405 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings\Harold Dinsmore\Local Settings\Application Data\Microsoft","SUCCESS","CreationTime: 1/17/2007 7:30:09 PM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 4/29/2007 5:18:38 PM, ChangeTime: 4/29/2007 5:18:38 PM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3922","6:05:05.4407897 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings\Harold Dinsmore\Local Settings\Application Data","SUCCESS","CreationTime: 1/17/2007 7:30:09 PM, LastAccessTime: 6/5/2007 5:44:28 AM, LastWriteTime: 2/22/2007 2:38:09 PM, ChangeTime: 6/5/2007 4:50:25 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: HD"
"3923","6:05:05.4408377 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings\Harold Dinsmore\Local Settings","SUCCESS","CreationTime: 1/17/2007 7:30:09 PM, LastAccessTime: 6/5/2007 6:04:45 AM, LastWriteTime: 8/16/2005 4:33:26 AM, ChangeTime: 6/5/2007 4:50:25 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: HD"
"3924","6:05:05.4408841 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings\harold dinsmore","SUCCESS","CreationTime: 1/17/2007 7:30:08 PM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 6/5/2007 5:24:32 AM, ChangeTime: 6/5/2007 5:24:32 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3925","6:05:05.4409288 AM","MsMpEng.exe","1084","QueryOpen","C:\documents and settings","SUCCESS","CreationTime: 8/16/2005 4:28:00 AM, LastAccessTime: 6/5/2007 6:05:03 AM, LastWriteTime: 4/7/2007 10:05:59 AM, ChangeTime: 4/7/2007 10:05:59 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3926","6:05:05.4410310 AM","MsMpEng.exe","1084","QueryOpen","C:\WINDOWS\system32","SUCCESS","CreationTime: 8/16/2005 4:22:46 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 6/5/2007 5:26:16 AM, ChangeTime: 6/5/2007 5:26:16 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"3927","6:05:05.4410509 AM","MsMpEng.exe","1084","RegEnumValue","HKLM\System\CurrentControlSet\Control\hivelist","BUFFER OVERFLOW","Index: 10, Length: 220"
"3928","6:05:05.4410612 AM","MsMpEng.exe","1084","RegEnumValue","HKLM\System\CurrentControlSet\Control\hivelist","SUCCESS","Index: 10, Name: \REGISTRY\USER\S-1-5-21-1826424485-3103089739-544340361-1006, Type: REG_SZ, Length: 150, Data: \Device\HarddiskVolume2\Documents and Settings\Harold Dinsmore\NTUSER.DAT"
"3929","6:05:05.4410735 AM","MsMpEng.exe","1084","RegEnumValue","HKLM\System\CurrentControlSet\Control\hivelist","BUFFER OVERFLOW","Index: 11, Length: 220"
"3930","6:05:05.4410836 AM","MsMpEng.exe","1084","RegEnumValue","HKLM\System\CurrentControlSet\Control\hivelist","SUCCESS","Index: 11, Name: \REGISTRY\USER\S-1-5-21-1826424485-3103089739-544340361-1006_Classes, Type: REG_SZ, Length: 254, Data: \Device\HarddiskVolume2\Documents and Settings\Harold Dinsmore\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat"
"3931","6:05:05.4411271 AM","MsMpEng.exe","1084","RegCloseKey","HKLM\System\CurrentControlSet\Control\hivelist","SUCCESS",""
"3932","6:05:05.4411461 AM","MsMpEng.exe","1084","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS","Desired Access: Read"
"3933","6:05:05.4411780 AM","MsMpEng.exe","1084","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Programs","SUCCESS","Type: REG_EXPAND_SZ, Length: 68, Data: %USERPROFILE%\Start Menu\Programs"
"3934","6:05:05.4412341 AM","MsMpEng.exe","1084","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Programs","SUCCESS","Type: REG_EXPAND_SZ, Length: 68, Data: %USERPROFILE%\Start Menu\Programs"
"3935","6:05:05.4412663 AM","MsMpEng.exe","1084","RegCloseKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS",""
"3936","6:05:05.4413006 AM","MsMpEng.exe","1084","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS","Desired Access: Read"
"3937","6:05:05.4413322 AM","MsMpEng.exe","1084","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Personal","SUCCESS","Type: REG_EXPAND_SZ, Length: 54, Data: %USERPROFILE%\My Documents"
"3938","6:05:05.4413456 AM","MsMpEng.exe","1084","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Personal","SUCCESS","Type: REG_EXPAND_SZ, Length: 54, Data: %USERPROFILE%\My Documents"
"3939","6:05:05.4413615 AM","MsMpEng.exe","1084","RegCloseKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS",""
"3940","6:05:05.4413758 AM","MsMpEng.exe","1084","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS","Desired Access: Read"
"3941","6:05:05.4413962 AM","MsMpEng.exe","1084","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Favorites","SUCCESS","Type: REG_EXPAND_SZ, Length: 48, Data: %USERPROFILE%\Favorites"
"3942","6:05:05.4414093 AM","MsMpEng.exe","1084","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Favorites","SUCCESS","Type: REG_EXPAND_SZ, Length: 48, Data: %USERPROFILE%\Favorites"
"3943","6:05:05.4414238 AM","MsMpEng.exe","1084","RegCloseKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS",""
"3944","6:05:05.4414378 AM","MsMpEng.exe","1084","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS","Desired Access: Read"
"3945","6:05:05.4414574 AM","MsMpEng.exe","1084","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Startup","SUCCESS","Type: REG_EXPAND_SZ, Length: 84, Data: %USERPROFILE%\Start Menu\Programs\Startup"
"3946","6:05:05.4414713 AM","MsMpEng.exe","1084","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Startup","SUCCESS","Type: REG_EXPAND_SZ, Length: 84, Data: %USERPROFILE%\Start Menu\Programs\Startup"
"3947","6:05:05.4414870 AM","MsMpEng.exe","1084","RegCloseKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS",""
"3948","6:05:05.4414998 AM","MsMpEng.exe","1084","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS","Desired Access: Read"
"3949","6:05:05.4415199 AM","MsMpEng.exe","1084","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Recent","NAME NOT FOUND","Length: 144"
"3950","6:05:05.4415361 AM","MsMpEng.exe","1084","RegCloseKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS",""
"3951","6:05:05.4415476 AM","MsMpEng.exe","1084","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders","SUCCESS","Desired Access: Read"
"3952","6:05:05.4415669 AM","MsMpEng.exe","1084","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Recent","SUCCESS","Type: REG_SZ, Length: 98, Data: C:\Documents and Settings\Harold Dinsmore\Recent"
"3953","6:05:05.4415825 AM","MsMpEng.exe","1084","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Recent","SUCCESS","Type: REG_SZ, Length: 98, Data: C:\Documents and Settings\Harold Dinsmore\Recent"
"3954","6:05:05.4415976 AM","MsMpEng.exe","1084","RegCloseKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders","SUCCESS",""
"3955","6:05:05.4416096 AM","MsMpEng.exe","1084","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS","Desired Access: Read"
"3956","6:05:05.4416286 AM","MsMpEng.exe","1084","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\SendTo","SUCCESS","Type: REG_EXPAND_SZ, Length: 42, Data: %USERPROFILE%\SendTo"
"3957","6:05:05.4416423 AM","MsMpEng.exe","1084","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\SendTo","SUCCESS","Type: REG_EXPAND_SZ, Length: 42, Data: %USERPROFILE%\SendTo"
"3958","6:05:05.4416574 AM","MsMpEng.exe","1084","RegCloseKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS",""
"3959","6:05:05.4416705 AM","MsMpEng.exe","1084","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS","Desired Access: Read"
"3960","6:05:05.4416892 AM","MsMpEng.exe","1084","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Start Menu","SUCCESS","Type: REG_EXPAND_SZ, Length: 50, Data: %USERPROFILE%\Start Menu"
"3961","6:05:05.4417026 AM","MsMpEng.exe","1084","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Start Menu","SUCCESS","Type: REG_EXPAND_SZ, Length: 50, Data: %USERPROFILE%\Start Menu"
"3962","6:05:05.4417177 AM","MsMpEng.exe","1084","RegCloseKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS",""
"3963","6:05:05.4417311 AM","MsMpEng.exe","1084","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS","Desired Access: Read"
"3964","6:05:05.4417499 AM","MsMpEng.exe","1084","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\My Music","NAME NOT FOUND","Length: 144"
"3965","6:05:05.4417655 AM","MsMpEng.exe","1084","RegCloseKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS",""
"3966","6:05:05.4417758 AM","MsMpEng.exe","1084","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders","SUCCESS","Desired Access: Read"
"3967","6:05:05.4417940 AM","MsMpEng.exe","1084","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\My Music","SUCCESS","Type: REG_SZ, Length: 128, Data: C:\Documents and Settings\Harold Dinsmore\My Documents\My Music"
"3968","6:05:05.4418099 AM","MsMpEng.exe","1084","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\My Music","SUCCESS","Type: REG_SZ, Length: 128, Data: C:\Documents and Settings\Harold Dinsmore\My Documents\My Music"
"3969","6:05:05.4418253 AM","MsMpEng.exe","1084","RegCloseKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders","SUCCESS",""
"3970","6:05:05.4418373 AM","MsMpEng.exe","1084","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS","Desired Access: Read"
"3971","6:05:05.4418571 AM","MsMpEng.exe","1084","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\My Video","NAME NOT FOUND","Length: 144"
"3972","6:05:05.4418728 AM","MsMpEng.exe","1084","RegCloseKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS",""
"3973","6:05:05.4418831 AM","MsMpEng.exe","1084","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders","SUCCESS","Desired Access: Read"
"3974","6:05:05.4419013 AM","MsMpEng.exe","1084","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\My Video","SUCCESS","Type: REG_SZ, Length: 130, Data: C:\Documents and Settings\Harold Dinsmore\My Documents\My Videos"
"3975","6:05:05.4419161 AM","MsMpEng.exe","1084","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\My Video","SUCCESS","Type: REG_SZ, Length: 130, Data: C:\Documents and Settings\Harold Dinsmore\My Documents\My Videos"
"3976","6:05:05.4419317 AM","MsMpEng.exe","1084","RegCloseKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders","SUCCESS",""
"3977","6:05:05.4419435 AM","MsMpEng.exe","1084","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS","Desired Access: Read"
"3978","6:05:05.4419619 AM","MsMpEng.exe","1084","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Desktop","SUCCESS","Type: REG_EXPAND_SZ, Length: 44, Data: %USERPROFILE%\Desktop"
"3979","6:05:05.4419750 AM","MsMpEng.exe","1084","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Desktop","SUCCESS","Type: REG_EXPAND_SZ, Length: 44, Data: %USERPROFILE%\Desktop"
"3980","6:05:05.4419895 AM","MsMpEng.exe","1084","RegCloseKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS",""
"3981","6:05:05.4420024 AM","MsMpEng.exe","1084","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS","Desired Access: Read"
"3982","6:05:05.4420211 AM","MsMpEng.exe","1084","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\NetHood","SUCCESS","Type: REG_EXPAND_SZ, Length: 44, Data: %USERPROFILE%\NetHood"
"3983","6:05:05.4420342 AM","MsMpEng.exe","1084","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\NetHood","SUCCESS","Type: REG_EXPAND_SZ, Length: 44, Data: %USERPROFILE%\NetHood"
"3984","6:05:05.4420496 AM","MsMpEng.exe","1084","RegCloseKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS",""
"3985","6:05:05.4420625 AM","MsMpEng.exe","1084","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS","Desired Access: Read"
"3986","6:05:05.4420815 AM","MsMpEng.exe","1084","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Fonts","NAME NOT FOUND","Length: 144"
"3987","6:05:05.4420963 AM","MsMpEng.exe","1084","RegCloseKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS",""
"3988","6:05:05.4421197 AM","MsMpEng.exe","1084","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders","SUCCESS","Desired Access: Read"
"3989","6:05:05.4421449 AM","MsMpEng.exe","1084","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Fonts","SUCCESS","Type: REG_SZ, Length: 34, Data: C:\WINDOWS\Fonts"
"3990","6:05:05.4421605 AM","MsMpEng.exe","1084","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Fonts","SUCCESS","Type: REG_SZ, Length: 34, Data: C:\WINDOWS\Fonts"
"3991","6:05:05.4421790 AM","MsMpEng.exe","1084","RegCloseKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders","SUCCESS",""
"3992","6:05:05.4421918 AM","MsMpEng.exe","1084","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS","Desired Access: Read"
"3993","6:05:05.4422343 AM","MsMpEng.exe","1084","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Templates","SUCCESS","Type: REG_EXPAND_SZ, Length: 48, Data: %USERPROFILE%\Templates"
"3994","6:05:05.4422538 AM","MsMpEng.exe","1084","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Templates","SUCCESS","Type: REG_EXPAND_SZ, Length: 48, Data: %USERPROFILE%\Templates"
"3995","6:05:05.4422737 AM","MsMpEng.exe","1084","RegCloseKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS",""
"3996","6:05:05.4422991 AM","MsMpEng.exe","1084","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS","Desired Access: Read"
"3997","6:05:05.4423290 AM","MsMpEng.exe","1084","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Common Start Menu","SUCCESS","Type: REG_EXPAND_SZ, Length: 58, Data: %ALLUSERSPROFILE%\Start Menu"
"3998","6:05:05.4423418 AM","MsMpEng.exe","1084","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Common Start Menu","SUCCESS","Type: REG_EXPAND_SZ, Length: 58, Data: %ALLUSERSPROFILE%\Start Menu"
"3999","6:05:05.4423558 AM","MsMpEng.exe","1084","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS",""
"4000","6:05:05.4423723 AM","MsMpEng.exe","1084","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS","Desired Access: Read"
"4001","6:05:05.4423893 AM","MsMpEng.exe","1084","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Common Programs","SUCCESS","Type: REG_EXPAND_SZ, Length: 76, Data: %ALLUSERSPROFILE%\Start Menu\Programs"
"4002","6:05:05.4424011 AM","MsMpEng.exe","1084","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Common Programs","SUCCESS","Type: REG_EXPAND_SZ, Length: 76, Data: %ALLUSERSPROFILE%\Start Menu\Programs"
"4003","6:05:05.4424139 AM","MsMpEng.exe","1084","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS",""
"4004","6:05:05.4424268 AM","MsMpEng.exe","1084","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS","Desired Access: Read"
"4005","6:05:05.4424441 AM","MsMpEng.exe","1084","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Common Startup","SUCCESS","Type: REG_EXPAND_SZ, Length: 92, Data: %ALLUSERSPROFILE%\Start Menu\Programs\Startup"
"4006","6:05:05.4424561 AM","MsMpEng.exe","1084","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Common Startup","SUCCESS","Type: REG_EXPAND_SZ, Length: 92, Data: %ALLUSERSPROFILE%\Start Menu\Programs\Startup"
"4007","6:05:05.4424695 AM","MsMpEng.exe","1084","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS",""
"4008","6:05:05.4424821 AM","MsMpEng.exe","1084","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS","Desired Access: Read"
"4009","6:05:05.4424988 AM","MsMpEng.exe","1084","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Common Desktop","SUCCESS","Type: REG_EXPAND_SZ, Length: 52, Data: %ALLUSERSPROFILE%\Desktop"
"4010","6:05:05.4425094 AM","MsMpEng.exe","1084","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Common Desktop","SUCCESS","Type: REG_EXPAND_SZ, Length: 52, Data: %ALLUSERSPROFILE%\Desktop"
"4011","6:05:05.4425220 AM","MsMpEng.exe","1084","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS",""
"4012","6:05:05.4425360 AM","MsMpEng.exe","1084","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS","Desired Access: Read"
"4013","6:05:05.4425550 AM","MsMpEng.exe","1084","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData","SUCCESS","Type: REG_EXPAND_SZ, Length: 62, Data: %USERPROFILE%\Application Data"
"4014","6:05:05.4425678 AM","MsMpEng.exe","1084","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData","SUCCESS","Type: REG_EXPAND_SZ, Length: 62, Data: %USERPROFILE%\Application Data"
"4015","6:05:05.4425829 AM","MsMpEng.exe","1084","RegCloseKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS",""
"4016","6:05:05.4425960 AM","MsMpEng.exe","1084","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS","Desired Access: Read"
"4017","6:05:05.4426150 AM","MsMpEng.exe","1084","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\PrintHood","SUCCESS","Type: REG_EXPAND_SZ, Length: 48, Data: %USERPROFILE%\PrintHood"
"4018","6:05:05.4426282 AM","MsMpEng.exe","1084","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\PrintHood","SUCCESS","Type: REG_EXPAND_SZ, Length: 48, Data: %USERPROFILE%\PrintHood"
"4019","6:05:05.4426430 AM","MsMpEng.exe","1084","RegCloseKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS",""
"4020","6:05:05.4426556 AM","MsMpEng.exe","1084","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS","Desired Access: Read"
"4021","6:05:05.4426740 AM","MsMpEng.exe","1084","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData","SUCCESS","Type: REG_EXPAND_SZ, Length: 92, Data: %USERPROFILE%\Local Settings\Application Data"
"4022","6:05:05.4426882 AM","MsMpEng.exe","1084","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData","SUCCESS","Type: REG_EXPAND_SZ, Length: 92, Data: %USERPROFILE%\Local Settings\Application Data"
"4023","6:05:05.4427039 AM","MsMpEng.exe","1084","RegCloseKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS",""
"4024","6:05:05.4427156 AM","MsMpEng.exe","1084","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS","Desired Access: Read"
"4025","6:05:05.4427329 AM","MsMpEng.exe","1084","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Common Favorites","SUCCESS","Type: REG_EXPAND_SZ, Length: 56, Data: %ALLUSERSPROFILE%\Favorites"
"4026","6:05:05.4427452 AM","MsMpEng.exe","1084","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Common Favorites","SUCCESS","Type: REG_EXPAND_SZ, Length: 56, Data: %ALLUSERSPROFILE%\Favorites"
"4027","6:05:05.4427586 AM","MsMpEng.exe","1084","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS",""
"4028","6:05:05.4427720 AM","MsMpEng.exe","1084","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS","Desired Access: Read"
"4029","6:05:05.4427910 AM","MsMpEng.exe","1084","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Cache","SUCCESS","Type: REG_EXPAND_SZ, Length: 108, Data: %USERPROFILE%\Local Settings\Temporary Internet Files"
"4030","6:05:05.4428045 AM","MsMpEng.exe","1084","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Cache","SUCCESS","Type: REG_EXPAND_SZ, Length: 108, Data: %USERPROFILE%\Local Settings\Temporary Internet Files"
"4031","6:05:05.4428198 AM","MsMpEng.exe","1084","RegCloseKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS",""
"4032","6:05:05.4428332 AM","MsMpEng.exe","1084","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS","Desired Access: Read"
"4033","6:05:05.4428514 AM","MsMpEng.exe","1084","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Cookies","SUCCESS","Type: REG_EXPAND_SZ, Length: 44, Data: %USERPROFILE%\Cookies"
"4034","6:05:05.4428654 AM","MsMpEng.exe","1084","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Cookies","SUCCESS","Type: REG_EXPAND_SZ, Length: 44, Data: %USERPROFILE%\Cookies"
"4035","6:05:05.4428804 AM","MsMpEng.exe","1084","RegCloseKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS",""
"4036","6:05:05.4428933 AM","MsMpEng.exe","1084","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS","Desired Access: Read"
"4037","6:05:05.4429115 AM","MsMpEng.exe","1084","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\History","SUCCESS","Type: REG_EXPAND_SZ, Length: 74, Data: %USERPROFILE%\Local Settings\History"
"4038","6:05:05.4429251 AM","MsMpEng.exe","1084","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\History","SUCCESS","Type: REG_EXPAND_SZ, Length: 74, Data: %USERPROFILE%\Local Settings\History"
"4039","6:05:05.4429408 AM","MsMpEng.exe","1084","RegCloseKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS",""
"4040","6:05:05.4429525 AM","MsMpEng.exe","1084","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS","Desired Access: Read"
"4041","6:05:05.4429696 AM","MsMpEng.exe","1084","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Common AppData","SUCCESS","Type: REG_EXPAND_SZ, Length: 70, Data: %ALLUSERSPROFILE%\Application Data"
"4042","6:05:05.4429813 AM","MsMpEng.exe","1084","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Common AppData","SUCCESS","Type: REG_EXPAND_SZ, Length: 70, Data: %ALLUSERSPROFILE%\Application Data"
"4043","6:05:05.4429947 AM","MsMpEng.exe","1084","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS",""
"4044","6:05:05.4430076 AM","MsMpEng.exe","1084","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS","Desired Access: Read"
"4045","6:05:05.4430240 AM","MsMpEng.exe","1084","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Common AppData","SUCCESS","Type: REG_EXPAND_SZ, Length: 70, Data: %ALLUSERSPROFILE%\Application Data"
"4046","6:05:05.4430352 AM","MsMpEng.exe","1084","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Common AppData","SUCCESS","Type: REG_EXPAND_SZ, Length: 70, Data: %ALLUSERSPROFILE%\Application Data"
"4047","6:05:05.4430483 AM","MsMpEng.exe","1084","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS",""
"4048","6:05:05.4430682 AM","MsMpEng.exe","1084","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS","Desired Access: Read"
"4049","6:05:05.4430869 AM","MsMpEng.exe","1084","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\My Pictures","SUCCESS","Type: REG_EXPAND_SZ, Length: 78, Data: %USERPROFILE%\My Documents\My Pictures"
"4050","6:05:05.4431003 AM","MsMpEng.exe","1084","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\My Pictures","SUCCESS","Type: REG_EXPAND_SZ, Length: 78, Data: %USERPROFILE%\My Documents\My Pictures"
"4051","6:05:05.4431154 AM","MsMpEng.exe","1084","RegCloseKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS",""
"4052","6:05:05.4431305 AM","MsMpEng.exe","1084","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS","Desired Access: Read"
"4053","6:05:05.4431472 AM","MsMpEng.exe","1084","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Common Templates","SUCCESS","Type: REG_EXPAND_SZ, Length: 56, Data: %ALLUSERSPROFILE%\Templates"
"4054","6:05:05.4431587 AM","MsMpEng.exe","1084","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Common Templates","SUCCESS","Type: REG_EXPAND_SZ, Length: 56, Data: %ALLUSERSPROFILE%\Templates"
"4055","6:05:05.4431721 AM","MsMpEng.exe","1084","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS",""
"4056","6:05:05.4431844 AM","MsMpEng.exe","1084","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS","Desired Access: Read"
"4057","6:05:05.4432009 AM","MsMpEng.exe","1084","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Common Documents","SUCCESS","Type: REG_EXPAND_SZ, Length: 56, Data: %ALLUSERSPROFILE%\Documents"
"4058","6:05:05.4432129 AM","MsMpEng.exe","1084","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Common Documents","SUCCESS","Type: REG_EXPAND_SZ, Length: 56, Data: %ALLUSERSPROFILE%\Documents"
"4059","6:05:05.4432266 AM","MsMpEng.exe","1084","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS",""
"4060","6:05:05.4432400 AM","MsMpEng.exe","1084","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS","Desired Access: Read"
"4061","6:05:05.4432570 AM","MsMpEng.exe","1084","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Common Administrative Tools","NAME NOT FOUND","Length: 144"
"4062","6:05:05.4432707 AM","MsMpEng.exe","1084","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS",""
"4063","6:05:05.4432802 AM","MsMpEng.exe","1084","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders","SUCCESS","Desired Access: Read"
"4064","6:05:05.4432987 AM","MsMpEng.exe","1084","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Administrative Tools","BUFFER OVERFLOW","Length: 144"
"4065","6:05:05.4433140 AM","MsMpEng.exe","1084","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Administrative Tools","BUFFER OVERFLOW","Length: 144"
"4066","6:05:05.4433263 AM","MsMpEng.exe","1084","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Administrative Tools","SUCCESS","Type: REG_SZ, Length: 154, Data: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools"
"4067","6:05:05.4433414 AM","MsMpEng.exe","1084","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders","SUCCESS",""
"4068","6:05:05.4433534 AM","MsMpEng.exe","1084","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS","Desired Access: Read"
"4069","6:05:05.4433721 AM","MsMpEng.exe","1084","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Administrative Tools","NAME NOT FOUND","Length: 144"
"4070","6:05:05.4433869 AM","MsMpEng.exe","1084","RegCloseKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS",""
"4071","6:05:05.4433970 AM","MsMpEng.exe","1084","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders","SUCCESS","Desired Access: Read"
"4072","6:05:05.4434157 AM","MsMpEng.exe","1084","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Administrative Tools","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"4073","6:05:05.4434336 AM","MsMpEng.exe","1084","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Administrative Tools","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"4074","6:05:05.4434490 AM","MsMpEng.exe","1084","RegCloseKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders","SUCCESS",""
"4075","6:05:05.4434584 AM","MsMpEng.exe","1084","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS","Desired Access: Read"
"4076","6:05:05.4434752 AM","MsMpEng.exe","1084","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\CommonMusic","NAME NOT FOUND","Length: 144"
"4077","6:05:05.4434883 AM","MsMpEng.exe","1084","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS",""
"4078","6:05:05.4434973 AM","MsMpEng.exe","1084","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders","SUCCESS","Desired Access: Read"
"4079","6:05:05.4435138 AM","MsMpEng.exe","1084","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\CommonMusic","SUCCESS","Type: REG_SZ, Length: 110, Data: C:\Documents and Settings\All Users\Documents\My Music"
"4080","6:05:05.4435261 AM","MsMpEng.exe","1084","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\CommonMusic","SUCCESS","Type: REG_SZ, Length: 110, Data: C:\Documents and Settings\All Users\Documents\My Music"
"4081","6:05:05.4435392 AM","MsMpEng.exe","1084","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders","SUCCESS",""
"4082","6:05:05.4435495 AM","MsMpEng.exe","1084","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS","Desired Access: Read"
"4083","6:05:05.4435663 AM","MsMpEng.exe","1084","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\CommonPictures","NAME NOT FOUND","Length: 144"
"4084","6:05:05.4435794 AM","MsMpEng.exe","1084","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS",""
"4085","6:05:05.4435881 AM","MsMpEng.exe","1084","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders","SUCCESS","Desired Access: Read"
"4086","6:05:05.4436043 AM","MsMpEng.exe","1084","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\CommonPictures","SUCCESS","Type: REG_SZ, Length: 116, Data: C:\Documents and Settings\All Users\Documents\My Pictures"
"4087","6:05:05.4436160 AM","MsMpEng.exe","1084","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\CommonPictures","SUCCESS","Type: REG_SZ, Length: 116, Data: C:\Documents and Settings\All Users\Documents\My Pictures"
"4088","6:05:05.4436291 AM","MsMpEng.exe","1084","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders","SUCCESS",""
"4089","6:05:05.4436392 AM","MsMpEng.exe","1084","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS","Desired Access: Read"
"4090","6:05:05.4436557 AM","MsMpEng.exe","1084","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\CommonVideo","NAME NOT FOUND","Length: 144"
"4091","6:05:05.4436688 AM","MsMpEng.exe","1084","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS",""
"4092","6:05:05.4436775 AM","MsMpEng.exe","1084","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders","SUCCESS","Desired Access: Read"
"4093","6:05:05.4436937 AM","MsMpEng.exe","1084","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\CommonVideo","SUCCESS","Type: REG_SZ, Length: 112, Data: C:\Documents and Settings\All Users\Documents\My Videos"
"4094","6:05:05.4437054 AM","MsMpEng.exe","1084","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\CommonVideo","SUCCESS","Type: REG_SZ, Length: 112, Data: C:\Documents and Settings\All Users\Documents\My Videos"
"4095","6:05:05.4437191 AM","MsMpEng.exe","1084","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders","SUCCESS",""
"4096","6:05:05.4437306 AM","MsMpEng.exe","1084","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS","Desired Access: Read"
"4097","6:05:05.4437493 AM","MsMpEng.exe","1084","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\CD Burning","NAME NOT FOUND","Length: 144"
"4098","6:05:05.4437646 AM","MsMpEng.exe","1084","RegCloseKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders","SUCCESS",""
"4099","6:05:05.4437750 AM","MsMpEng.exe","1084","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders","SUCCESS","Desired Access: Read"
"4100","6:05:05.4437931 AM","MsMpEng.exe","1084","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\CD Burning","BUFFER OVERFLOW","Length: 144"
"4101","6:05:05.4438085 AM","MsMpEng.exe","1084","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\CD Burning","BUFFER OVERFLOW","Length: 144"
"4102","6:05:05.4438225 AM","MsMpEng.exe","1084","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\CD Burning","SUCCESS","Type: REG_SZ, Length: 190, Data: C:\Documents and Settings\Harold Dinsmore\Local Settings\Application Data\Microsoft\CD Burning"
"4103","6:05:05.4438398 AM","MsMpEng.exe","1084","RegCloseKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders","SUCCESS",""
"4104","6:05:05.4441102 AM","lsass.exe","732","RegOpenKey","HKLM\SECURITY\Policy","SUCCESS","Desired Access: Read/Write"
"4105","6:05:05.4441312 AM","lsass.exe","732","RegOpenKey","HKLM\SECURITY\Policy\SecDesc","SUCCESS","Desired Access: Read"
"4106","6:05:05.4441488 AM","lsass.exe","732","RegQueryValue","HKLM\SECURITY\Policy\SecDesc\(Default)","BUFFER OVERFLOW","Length: 12"
"4107","6:05:05.4441633 AM","lsass.exe","732","RegCloseKey","HKLM\SECURITY\Policy\SecDesc","SUCCESS",""
"4108","6:05:05.4441736 AM","lsass.exe","732","RegOpenKey","HKLM\SECURITY\Policy\SecDesc","SUCCESS","Desired Access: Read"
"4109","6:05:05.4441882 AM","lsass.exe","732","RegQueryValue","HKLM\SECURITY\Policy\SecDesc\(Default)","SUCCESS","Type: REG_NONE, Length: 180, Data: "
"4110","6:05:05.4442007 AM","lsass.exe","732","RegCloseKey","HKLM\SECURITY\Policy\SecDesc","SUCCESS",""
"4111","6:05:05.4443767 AM","lsass.exe","732","RegCloseKey","HKLM\SECURITY\Policy","SUCCESS",""
"4112","6:05:05.4445991 AM","MsMpEng.exe","1084","QueryOpen","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","CreationTime: 6/5/2007 5:49:24 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 4/4/2007 5:25:00 PM, ChangeTime: 6/5/2007 5:51:41 AM, AllocationSize: 2,228,224, EndOfFile: 2,225,536, FileAttributes: A"
"4113","6:05:05.4455769 AM","MsMpEng.exe","1084","FileSystemControl","C:","0xC00002B8","Control: FSCTL_QUERY_USN_JOURNAL"
"4114","6:05:05.4458543 AM","MsMpEng.exe","1084","CreateFile","C:\WINDOWS\Temp\TMP000000EE15E0A63D26BBC1D8","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a"
"4115","6:05:05.4459197 AM","MsMpEng.exe","1084","CreateFile","C:\","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
"4117","6:05:05.4460328 AM","MsMpEng.exe","1084","QueryDirectory","C:\WINDOWS","SUCCESS","Filter: WINDOWS, 1: WINDOWS"
"4118","6:05:05.4460403 AM","winlogon.exe","676","NotifyChangeDirectory","C:\WINDOWS","","Filter: FILE_NOTIFY_CHANGE_FILE_NAME, FILE_NOTIFY_CHANGE_DIR_NAME, FILE_NOTIFY_CHANGE_SIZE, FILE_NOTIFY_CHANGE_LAST_WRITE, FILE_NOTIFY_CHANGE_CREATION, FILE_NOTIFY_CHANGE_STREAM_SIZE, FILE_NOTIFY_CHANGE_STREAM_WRITE"
"4119","6:05:05.4461200 AM","MsMpEng.exe","1084","CloseFile","C:\","SUCCESS",""
"4121","6:05:05.4462334 AM","MsMpEng.exe","1084","CreateFile","C:\WINDOWS","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
"4123","6:05:05.4463292 AM","MsMpEng.exe","1084","QueryDirectory","C:\WINDOWS\TEMP","SUCCESS","Filter: TEMP, 1: Temp"
"4124","6:05:05.4464046 AM","MsMpEng.exe","1084","CloseFile","C:\WINDOWS","SUCCESS",""
"4126","6:05:05.4465175 AM","MsMpEng.exe","1084","CreateFile","C:\WINDOWS\Temp","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
"4128","6:05:05.4466242 AM","MsMpEng.exe","1084","QueryDirectory","C:\WINDOWS\Temp\TMP000000EE15E0A63D26BBC1D8","NO SUCH FILE","Filter: TMP000000EE15E0A63D26BBC1D8"
"4129","6:05:05.4467156 AM","MsMpEng.exe","1084","CloseFile","C:\WINDOWS\Temp","SUCCESS",""
"4131","6:05:05.4468497 AM","MsMpEng.exe","1084","CreateFile","C:\WINDOWS\Temp\TMP000000EE15E0A63D26BBC1D8","SUCCESS","Desired Access: Generic Read/Write, Delete, Disposition: Create, Options: Synchronous IO Non-Alert, Non-Directory File, Delete On Close, Attributes: T, ShareMode: , AllocationSize: 0, OpenResult: Created"
"4133","6:05:05.4471285 AM","MsMpEng.exe","1084","QueryStandardInformationFile","C:\WINDOWS\Temp\TMP000000EE15E0A63D26BBC1D8","SUCCESS","AllocationSize: 0, EndOfFile: 0, NumberOfLinks: 1, DeletePending: False, Directory: False"
"4134","6:05:05.4471422 AM","MsMpEng.exe","1084","SetEndOfFileInformationFile","C:\WINDOWS\Temp\TMP000000EE15E0A63D26BBC1D8","SUCCESS","EndOfFile: 524,288"
"4138","6:05:05.4474436 AM","MsMpEng.exe","1084","CreateFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"4139","6:05:05.4475377 AM","MsMpEng.exe","1084","FileSystemControl","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Control: FSCTL_REQUEST_FILTER_OPLOCK"
"4140","6:05:05.4476953 AM","MsMpEng.exe","1084","CreateFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"4144","6:05:05.4478420 AM","MsMpEng.exe","1084","QueryBasicInformationFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","CreationTime: 6/5/2007 5:49:24 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 4/4/2007 5:25:00 PM, ChangeTime: 6/5/2007 5:51:41 AM, FileAttributes: A"
"4145","6:05:05.4478858 AM","MsMpEng.exe","1084","QueryStandardInformationFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","AllocationSize: 2,228,224, EndOfFile: 2,225,536, NumberOfLinks: 1, DeletePending: False, Directory: False"
"4146","6:05:05.4479392 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 0, Length: 4,096"
"4148","6:05:05.4482088 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 413,696, Length: 4,096"
"4149","6:05:05.4482294 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 413,696, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
"4150","6:05:05.4558120 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 716,800, Length: 4,096"
"4151","6:05:05.4558279 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 716,800, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
"4154","6:05:05.4560793 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 720,896, Length: 4,096"
"4155","6:05:05.4560930 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 720,896, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
"4161","6:05:05.4563503 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 724,992, Length: 4,096"
"4162","6:05:05.4563668 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 724,992, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
"4170","6:05:05.4569468 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 606,208, Length: 4,096"
"4171","6:05:05.4569621 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 606,208, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
"4172","6:05:05.4923378 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 2,215,936, Length: 4,096"
"4173","6:05:05.4923577 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 2,215,936, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
"4176","6:05:05.4926208 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 729,088, Length: 4,096"
"4177","6:05:05.4926354 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 729,088, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
"4182","6:05:05.4928262 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 733,184, Length: 4,096"
"4183","6:05:05.4928390 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 733,184, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
"4191","6:05:05.4931251 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 466,944, Length: 4,096"
"4192","6:05:05.4931399 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 466,944, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
"4199","6:05:05.4949619 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 425,984, Length: 4,096"
"4200","6:05:05.4949765 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 425,984, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
"4208","6:05:05.4952628 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 0, Length: 4,096"
"4209","6:05:05.4953441 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 421,888, Length: 8,192"
"4210","6:05:05.4953575 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 421,888, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
"4213","6:05:05.4959696 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 675,840, Length: 4,096"
"4214","6:05:05.4959844 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 675,840, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
"4219","6:05:05.4962423 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 417,792, Length: 4,096"
"4221","6:05:05.4962571 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 417,792, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
"4227","6:05:05.4964956 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 409,600, Length: 4,096"
"4229","6:05:05.4965110 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 409,600, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
"4230","6:05:05.5066642 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 471,040, Length: 4,096"
"4232","6:05:05.5066869 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 471,040, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
"4234","6:05:05.5068975 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 401,408, Length: 4,096"
"4236","6:05:05.5069182 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 401,408, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
"4270","6:05:05.5085125 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 430,080, Length: 4,096"
"4271","6:05:05.5085262 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 430,080, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
"4273","6:05:05.5087983 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 462,848, Length: 4,096"
"4274","6:05:05.5088148 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 462,848, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
"4288","6:05:05.5146720 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 450,560, Length: 4,096"
"4289","6:05:05.5146862 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 450,560, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
"4314","6:05:05.5165303 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 544,768, Length: 4,096"
"4315","6:05:05.5165591 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 544,768, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
"4328","6:05:05.5172748 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 540,672, Length: 4,096"
"4329","6:05:05.5172896 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 540,672, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
"4387","6:05:05.5209071 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 442,368, Length: 4,096"
"4388","6:05:05.5209250 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 442,368, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
"4390","6:05:05.5271920 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 499,712, Length: 4,096"
"4391","6:05:05.5272082 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 499,712, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
"4393","6:05:05.5297487 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 561,152, Length: 4,096"
"4394","6:05:05.5297655 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 561,152, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
"4406","6:05:05.5303203 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 557,056, Length: 4,096"
"4407","6:05:05.5303340 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 557,056, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
"4420","6:05:05.5451217 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 602,112, Length: 4,096"
"4421","6:05:05.5451367 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 602,112, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
"4424","6:05:05.5453443 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 143,360, Length: 4,096"
"4426","6:05:05.5453616 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 143,360, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
"4435","6:05:05.5459553 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 397,312, Length: 4,096"
"4436","6:05:05.5459720 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 397,312, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
"4438","6:05:05.5609496 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 176,128, Length: 4,096"
"4439","6:05:05.5609675 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 176,128, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
"4442","6:05:05.5611726 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 180,224, Length: 4,096"
"4443","6:05:05.5611857 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 180,224, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
"4453","6:05:05.5619014 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 225,280, Length: 4,096"
"4454","6:05:05.5619151 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 225,280, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
"4456","6:05:05.5719225 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 655,360, Length: 4,096"
"4457","6:05:05.5719407 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 655,360, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
"4461","6:05:05.5738516 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 245,760, Length: 4,096"
"4462","6:05:05.5738683 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 245,760, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
"4483","6:05:05.5748095 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 290,816, Length: 4,096"
"4485","6:05:05.5748327 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 290,816, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
"4498","6:05:05.5763600 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 208,896, Length: 4,096"
"4499","6:05:05.5763826 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 208,896, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
"4513","6:05:05.5781027 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 352,256, Length: 4,096"
"4514","6:05:05.5781217 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 352,256, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
"4517","6:05:05.5926942 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 651,264, Length: 4,096"
"4518","6:05:05.5927087 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 651,264, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
"4523","6:05:05.5929786 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 663,552, Length: 4,096"
"4524","6:05:05.5929928 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 663,552, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
"4532","6:05:05.5986452 AM","MsMpEng.exe","1084","QueryStreamInformationFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS",""
"4533","6:05:05.5987111 AM","MsMpEng.exe","1084","CloseFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS",""
"4534","6:05:05.5987628 AM","MsMpEng.exe","1084","CloseFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS",""
"4536","6:05:05.5988788 AM","MsMpEng.exe","1084","CreateFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: No Buffering, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"4540","6:05:05.5990777 AM","MsMpEng.exe","1084","CloseFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS",""
"4580","6:05:05.6085015 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 712,704, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
"4582","6:05:05.6194331 AM","MsMpEng.exe","1084","ReadFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Offset: 446,464, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O"
"4593","6:05:05.6238641 AM","MsMpEng.exe","1084","Thread Exit","","SUCCESS","User Time: 0.0000000, Kernel Time: 0.0000000"
"4594","6:05:05.6242828 AM","MsMpEng.exe","1084","CloseFile","C:\WINDOWS\Temp\TMP000000EE15E0A63D26BBC1D8","SUCCESS",""
"5299","6:05:06.0982090 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"5300","6:05:06.0982361 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"5304","6:05:06.0987197 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS","Desired Access: Read"
"5305","6:05:06.0987982 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\EnableDHCP","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"5306","6:05:06.0988227 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseObtainedTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181037018"
"5307","6:05:06.0988485 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseTerminatesTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181123418"
"5308","6:05:06.0988714 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"5309","6:05:06.0988929 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"5310","6:05:06.0989334 AM","Explorer.EXE","1696","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS",""
"5311","6:05:06.0991778 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"5312","6:05:06.0991968 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"5318","6:05:06.0995698 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS","Desired Access: Read"
"5319","6:05:06.0996231 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\EnableDHCP","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"5320","6:05:06.0996446 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseObtainedTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181037018"
"5321","6:05:06.0996667 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseTerminatesTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181123418"
"5322","6:05:06.0996885 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"5323","6:05:06.0997100 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"5324","6:05:06.0997396 AM","Explorer.EXE","1696","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS",""
"5325","6:05:06.0998838 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS","Desired Access: Query Value"
"5326","6:05:06.0999327 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\AddressType","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"5327","6:05:06.0999640 AM","Explorer.EXE","1696","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS",""
"5478","6:05:06.2544235 AM","lsass.exe","732","RegOpenKey","HKLM\SECURITY\Policy","SUCCESS","Desired Access: Read/Write"
"5479","6:05:06.2544626 AM","lsass.exe","732","RegOpenKey","HKLM\SECURITY\Policy\SecDesc","SUCCESS","Desired Access: Read"
"5480","6:05:06.2544931 AM","lsass.exe","732","RegQueryValue","HKLM\SECURITY\Policy\SecDesc\(Default)","BUFFER OVERFLOW","Length: 12"
"5481","6:05:06.2545311 AM","lsass.exe","732","RegCloseKey","HKLM\SECURITY\Policy\SecDesc","SUCCESS",""
"5482","6:05:06.2545504 AM","lsass.exe","732","RegOpenKey","HKLM\SECURITY\Policy\SecDesc","SUCCESS","Desired Access: Read"
"5483","6:05:06.2545752 AM","lsass.exe","732","RegQueryValue","HKLM\SECURITY\Policy\SecDesc\(Default)","SUCCESS","Type: REG_NONE, Length: 180, Data: "
"5484","6:05:06.2545970 AM","lsass.exe","732","RegCloseKey","HKLM\SECURITY\Policy\SecDesc","SUCCESS",""
"5485","6:05:06.2550437 AM","lsass.exe","732","RegCloseKey","HKLM\SECURITY\Policy","SUCCESS",""
"6221","6:05:06.4806229 AM","lsass.exe","732","RegOpenKey","HKLM\SECURITY\Policy","SUCCESS","Desired Access: Read/Write"
"6222","6:05:06.4806690 AM","lsass.exe","732","RegOpenKey","HKLM\SECURITY\Policy\SecDesc","SUCCESS","Desired Access: Read"
"6223","6:05:06.4807006 AM","lsass.exe","732","RegQueryValue","HKLM\SECURITY\Policy\SecDesc\(Default)","BUFFER OVERFLOW","Length: 12"
"6224","6:05:06.4807392 AM","lsass.exe","732","RegCloseKey","HKLM\SECURITY\Policy\SecDesc","SUCCESS",""
"6225","6:05:06.4807596 AM","lsass.exe","732","RegOpenKey","HKLM\SECURITY\Policy\SecDesc","SUCCESS","Desired Access: Read"
"6226","6:05:06.4807950 AM","lsass.exe","732","RegQueryValue","HKLM\SECURITY\Policy\SecDesc\(Default)","SUCCESS","Type: REG_NONE, Length: 180, Data: "
"6227","6:05:06.4808174 AM","lsass.exe","732","RegCloseKey","HKLM\SECURITY\Policy\SecDesc","SUCCESS",""
"6228","6:05:06.4812524 AM","lsass.exe","732","RegCloseKey","HKLM\SECURITY\Policy","SUCCESS",""
"6392","6:05:06.5161509 AM","lsass.exe","732","RegOpenKey","HKLM\SECURITY\Policy","SUCCESS","Desired Access: Read/Write"
"6393","6:05:06.5162023 AM","lsass.exe","732","RegOpenKey","HKLM\SECURITY\Policy\SecDesc","SUCCESS","Desired Access: Read"
"6394","6:05:06.5162381 AM","lsass.exe","732","RegQueryValue","HKLM\SECURITY\Policy\SecDesc\(Default)","BUFFER OVERFLOW","Length: 12"
"6395","6:05:06.5162800 AM","lsass.exe","732","RegCloseKey","HKLM\SECURITY\Policy\SecDesc","SUCCESS",""
"6396","6:05:06.5162979 AM","lsass.exe","732","RegOpenKey","HKLM\SECURITY\Policy\SecDesc","SUCCESS","Desired Access: Read"
"6397","6:05:06.5163236 AM","lsass.exe","732","RegQueryValue","HKLM\SECURITY\Policy\SecDesc\(Default)","SUCCESS","Type: REG_NONE, Length: 180, Data: "
"6398","6:05:06.5163448 AM","lsass.exe","732","RegCloseKey","HKLM\SECURITY\Policy\SecDesc","SUCCESS",""
"6399","6:05:06.5167625 AM","lsass.exe","732","RegCloseKey","HKLM\SECURITY\Policy","SUCCESS",""
"6756","6:05:06.5658315 AM","lsass.exe","732","RegOpenKey","HKLM\SECURITY\Policy","SUCCESS","Desired Access: Read/Write"
"6757","6:05:06.5658614 AM","lsass.exe","732","RegOpenKey","HKLM\SECURITY\Policy\SecDesc","SUCCESS","Desired Access: Read"
"6758","6:05:06.5658802 AM","lsass.exe","732","RegQueryValue","HKLM\SECURITY\Policy\SecDesc\(Default)","BUFFER OVERFLOW","Length: 12"
"6759","6:05:06.5659092 AM","lsass.exe","732","RegCloseKey","HKLM\SECURITY\Policy\SecDesc","SUCCESS",""
"6760","6:05:06.5659215 AM","lsass.exe","732","RegOpenKey","HKLM\SECURITY\Policy\SecDesc","SUCCESS","Desired Access: Read"
"6761","6:05:06.5659355 AM","lsass.exe","732","RegQueryValue","HKLM\SECURITY\Policy\SecDesc\(Default)","SUCCESS","Type: REG_NONE, Length: 180, Data: "
"6762","6:05:06.5659486 AM","lsass.exe","732","RegCloseKey","HKLM\SECURITY\Policy\SecDesc","SUCCESS",""
"6763","6:05:06.5663132 AM","lsass.exe","732","RegCloseKey","HKLM\SECURITY\Policy","SUCCESS",""
"7262","6:05:06.6552289 AM","lsass.exe","732","RegOpenKey","HKLM\SECURITY\Policy","SUCCESS","Desired Access: Read/Write"
"7263","6:05:06.6552586 AM","lsass.exe","732","RegOpenKey","HKLM\SECURITY\Policy\SecDesc","SUCCESS","Desired Access: Read"
"7264","6:05:06.6552778 AM","lsass.exe","732","RegQueryValue","HKLM\SECURITY\Policy\SecDesc\(Default)","BUFFER OVERFLOW","Length: 12"
"7265","6:05:06.6553144 AM","lsass.exe","732","RegCloseKey","HKLM\SECURITY\Policy\SecDesc","SUCCESS",""
"7266","6:05:06.6553292 AM","lsass.exe","732","RegOpenKey","HKLM\SECURITY\Policy\SecDesc","SUCCESS","Desired Access: Read"
"7267","6:05:06.6553463 AM","lsass.exe","732","RegQueryValue","HKLM\SECURITY\Policy\SecDesc\(Default)","SUCCESS","Type: REG_NONE, Length: 180, Data: "
"7268","6:05:06.6553586 AM","lsass.exe","732","RegCloseKey","HKLM\SECURITY\Policy\SecDesc","SUCCESS",""
"7269","6:05:06.6555801 AM","lsass.exe","732","RegCloseKey","HKLM\SECURITY\Policy","SUCCESS",""
"8104","6:05:07.0981914 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"8105","6:05:07.0982104 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"8110","6:05:07.0985143 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS","Desired Access: Read"
"8111","6:05:07.0985719 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\EnableDHCP","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"8112","6:05:07.0985926 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseObtainedTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181037018"
"8113","6:05:07.0986088 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseTerminatesTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181123418"
"8114","6:05:07.0986236 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"8115","6:05:07.0986381 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"8116","6:05:07.0986660 AM","Explorer.EXE","1696","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS",""
"8117","6:05:07.0988683 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"8118","6:05:07.0988817 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"8123","6:05:07.0990845 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS","Desired Access: Read"
"8124","6:05:07.0991164 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\EnableDHCP","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"8125","6:05:07.0991312 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseObtainedTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181037018"
"8126","6:05:07.0991457 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseTerminatesTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181123418"
"8127","6:05:07.0991594 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"8128","6:05:07.0991722 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"8129","6:05:07.0991910 AM","Explorer.EXE","1696","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS",""
"8130","6:05:07.0992731 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS","Desired Access: Query Value"
"8131","6:05:07.0993021 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\AddressType","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"8132","6:05:07.0993217 AM","Explorer.EXE","1696","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS",""
"8133","6:05:08.0982805 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"8134","6:05:08.0983079 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"8139","6:05:08.0987554 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS","Desired Access: Read"
"8140","6:05:08.0988429 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\EnableDHCP","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"8141","6:05:08.0988728 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseObtainedTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181037018"
"8142","6:05:08.0988985 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseTerminatesTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181123418"
"8143","6:05:08.0989214 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"8144","6:05:08.0989454 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"8145","6:05:08.0989873 AM","Explorer.EXE","1696","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS",""
"8146","6:05:08.0993250 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"8147","6:05:08.0993449 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"8152","6:05:08.0996765 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS","Desired Access: Read"
"8153","6:05:08.0997282 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\EnableDHCP","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"8154","6:05:08.0997508 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseObtainedTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181037018"
"8155","6:05:08.0997731 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseTerminatesTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181123418"
"8156","6:05:08.0997947 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"8157","6:05:08.0998159 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"8158","6:05:08.0998452 AM","Explorer.EXE","1696","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS",""
"8159","6:05:08.0999860 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS","Desired Access: Query Value"
"8160","6:05:08.1000344 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\AddressType","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"8161","6:05:08.1000648 AM","Explorer.EXE","1696","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS",""
"8162","6:05:08.3164149 AM","Explorer.EXE","1696","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage","SUCCESS","Desired Access: Query Value"
"8163","6:05:08.3165010 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\FavoritesChanges","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"8164","6:05:08.3165552 AM","Explorer.EXE","1696","RegCloseKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage","SUCCESS",""
"8165","6:05:08.3165884 AM","Explorer.EXE","1696","RegOpenKey","HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced","SUCCESS","Desired Access: Query Value"
"8166","6:05:08.3166267 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_MinMFU","SUCCESS","Type: REG_DWORD, Length: 4, Data: 6"
"8167","6:05:08.3166686 AM","Explorer.EXE","1696","RegCloseKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced","SUCCESS",""
"8168","6:05:08.3168105 AM","Explorer.EXE","1696","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage","SUCCESS","Desired Access: Query Value"
"8169","6:05:08.3168650 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\FavoritesChanges","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"8170","6:05:08.3169047 AM","Explorer.EXE","1696","RegCloseKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage","SUCCESS",""
"8171","6:05:08.3169284 AM","Explorer.EXE","1696","RegOpenKey","HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced","SUCCESS","Desired Access: Query Value"
"8172","6:05:08.3169650 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_MinMFU","SUCCESS","Type: REG_DWORD, Length: 4, Data: 6"
"8173","6:05:08.3170047 AM","Explorer.EXE","1696","RegCloseKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced","SUCCESS",""
"8174","6:05:08.3171357 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}","NAME NOT FOUND","Desired Access: Query Value"
"8175","6:05:08.3171823 AM","Explorer.EXE","1696","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"8176","6:05:08.3172053 AM","Explorer.EXE","1696","RegOpenKey","HKCU\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32","NAME NOT FOUND","Desired Access: Query Value"
"8177","6:05:08.3172245 AM","Explorer.EXE","1696","RegOpenKey","HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32","SUCCESS","Desired Access: Query Value"
"8178","6:05:08.3172695 AM","Explorer.EXE","1696","RegQueryKey","HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32","SUCCESS","Query: Name"
"8179","6:05:08.3173835 AM","Explorer.EXE","1696","RegOpenKey","HKCU\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32","NAME NOT FOUND","Desired Access: Maximum Allowed"
"8180","6:05:08.3174134 AM","Explorer.EXE","1696","RegQueryValue","HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32\(Default)","SUCCESS","Type: REG_EXPAND_SZ, Length: 68, Data: %SystemRoot%\system32\SHELL32.dll"
"8181","6:05:08.3178319 AM","Explorer.EXE","1696","QueryOpen","C:\WINDOWS\system32\shell32.dll","SUCCESS","CreationTime: 8/16/2005 4:18:36 AM, LastAccessTime: 6/5/2007 6:05:04 AM, LastWriteTime: 12/19/2006 4:52:18 PM, ChangeTime: 6/5/2007 6:05:05 AM, AllocationSize: 8,454,144, EndOfFile: 8,453,632, FileAttributes: A"
"8182","6:05:08.3178900 AM","Explorer.EXE","1696","RegCloseKey","HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32","SUCCESS",""
"8183","6:05:08.3181029 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Renfre 5.3.yax","NAME NOT FOUND","Length: 144"
"8184","6:05:08.3181624 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Renfre 5.3.yax","NAME NOT FOUND","Length: 144"
"8185","6:05:08.3182247 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Vagrearg Rkcybere.yax","NAME NOT FOUND","Length: 144"
"8186","6:05:08.3182674 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Vagrearg Rkcybere.yax","NAME NOT FOUND","Length: 144"
"8187","6:05:08.3183263 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Bhgybbx Rkcerff.yax","NAME NOT FOUND","Length: 144"
"8188","6:05:08.3183677 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Bhgybbx Rkcerff.yax","NAME NOT FOUND","Length: 144"
"8189","6:05:08.3184258 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Erzbgr Nffvfgnapr.yax","NAME NOT FOUND","Length: 144"
"8190","6:05:08.3184666 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Erzbgr Nffvfgnapr.yax","NAME NOT FOUND","Length: 144"
"8191","6:05:08.3185244 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Jvaqbjf Zrqvn Cynlre.yax","NAME NOT FOUND","Length: 144"
"8192","6:05:08.3185655 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Jvaqbjf Zrqvn Cynlre.yax","NAME NOT FOUND","Length: 144"
"8193","6:05:08.3186258 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Npprffbevrf\Nqqerff Obbx.yax","NAME NOT FOUND","Length: 144"
"8194","6:05:08.3186669 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Npprffbevrf\Nqqerff Obbx.yax","NAME NOT FOUND","Length: 144"
"8195","6:05:08.3187264 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Npprffbevrf\Pbzznaq Cebzcg.yax","NAME NOT FOUND","Length: 144"
"8196","6:05:08.3187680 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Npprffbevrf\Pbzznaq Cebzcg.yax","NAME NOT FOUND","Length: 144"
"8197","6:05:08.3188256 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Npprffbevrf\Abgrcnq.yax","NAME NOT FOUND","Length: 144"
"8198","6:05:08.3188669 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Npprffbevrf\Abgrcnq.yax","NAME NOT FOUND","Length: 144"
"8199","6:05:08.3189261 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Npprffbevrf\Gbhe Jvaqbjf KC.yax","NAME NOT FOUND","Length: 144"
"8200","6:05:08.3189680 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Npprffbevrf\Gbhe Jvaqbjf KC.yax","NAME NOT FOUND","Length: 144"
"8201","6:05:08.3190298 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Npprffbevrf\Npprffvovyvgl\Zntavsvre.yax","NAME NOT FOUND","Length: 144"
"8202","6:05:08.3190717 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Npprffbevrf\Npprffvovyvgl\Zntavsvre.yax","NAME NOT FOUND","Length: 144"
"8203","6:05:08.3191312 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Npprffbevrf\Npprffvovyvgl\Aneengbe.yax","NAME NOT FOUND","Length: 144"
"8204","6:05:08.3191737 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Npprffbevrf\Npprffvovyvgl\Aneengbe.yax","NAME NOT FOUND","Length: 144"
"8205","6:05:08.3192351 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Npprffbevrf\Npprffvovyvgl\Ba-Fperra Xrlobneq.yax","NAME NOT FOUND","Length: 144"
"8206","6:05:08.3192773 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Npprffbevrf\Npprffvovyvgl\Ba-Fperra Xrlobneq.yax","NAME NOT FOUND","Length: 144"
"8207","6:05:08.3193382 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Npprffbevrf\Npprffvovyvgl\Hgvyvgl Znantre.yax","NAME NOT FOUND","Length: 144"
"8208","6:05:08.3193804 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Npprffbevrf\Npprffvovyvgl\Hgvyvgl Znantre.yax","NAME NOT FOUND","Length: 144"
"8209","6:05:08.3194438 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Npprffbevrf\Flfgrz Gbbyf\Vagrearg Rkcybere (Ab Nqq-baf).yax","NAME NOT FOUND","Length: 144"
"8210","6:05:08.3194871 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Npprffbevrf\Flfgrz Gbbyf\Vagrearg Rkcybere (Ab Nqq-baf).yax","NAME NOT FOUND","Length: 144"
"8211","6:05:08.3195455 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Ntrag Arjfernqre\Ntrag.yax","NAME NOT FOUND","Length: 144"
"8212","6:05:08.3195866 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Ntrag Arjfernqre\Ntrag.yax","NAME NOT FOUND","Length: 144"
"8213","6:05:08.3196466 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Ngbzvp Pybpx Flap\Ngbzvp Pybpx Flap.yax","NAME NOT FOUND","Length: 144"
"8214","6:05:08.3196883 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Ngbzvp Pybpx Flap\Ngbzvp Pybpx Flap.yax","NAME NOT FOUND","Length: 144"
"8215","6:05:08.3197464 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\PPyrnare\PPyrnare.yax","NAME NOT FOUND","Length: 144"
"8216","6:05:08.3197883 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\PPyrnare\PPyrnare.yax","NAME NOT FOUND","Length: 144"
"8217","6:05:08.3198447 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\PQrk\PQrk.yax","NAME NOT FOUND","Length: 144"
"8218","6:05:08.3198855 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\PQrk\PQrk.yax","NAME NOT FOUND","Length: 144"
"8219","6:05:08.3199425 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\PQrk\PQrkCynlre.yax","NAME NOT FOUND","Length: 144"
"8220","6:05:08.3199841 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\PQrk\PQrkCynlre.yax","NAME NOT FOUND","Length: 144"
"8221","6:05:08.3200450 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Qryy Npprffbevrf\Rkcerff Freivpr Pbqr.yax","NAME NOT FOUND","Length: 144"
"8222","6:05:08.3200866 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Qryy Npprffbevrf\Rkcerff Freivpr Pbqr.yax","NAME NOT FOUND","Length: 144"
"8223","6:05:08.3201453 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\rFvgr Zrqvn\lRap32\lRap32.yax","NAME NOT FOUND","Length: 144"
"8224","6:05:08.3201875 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\rFvgr Zrqvn\lRap32\lRap32.yax","NAME NOT FOUND","Length: 144"
"8225","6:05:08.3202501 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zvpebfbsg Jro Choyvfuvat\Jro Choyvfuvat Jvmneq.yax","NAME NOT FOUND","Length: 144"
"8226","6:05:08.3202928 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zvpebfbsg Jro Choyvfuvat\Jro Choyvfuvat Jvmneq.yax","NAME NOT FOUND","Length: 144"
"8227","6:05:08.3203509 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\ZC3Tnva\ZC3Tnva.yax","NAME NOT FOUND","Length: 144"
"8228","6:05:08.3203917 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\ZC3Tnva\ZC3Tnva.yax","NAME NOT FOUND","Length: 144"
"8229","6:05:08.3204540 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\GheobGnk VgfQrqhpgvoyr\GheobGnk VgfQrqhpgvoyr 2006.yax","NAME NOT FOUND","Length: 144"
"8230","6:05:08.3204976 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\GheobGnk VgfQrqhpgvoyr\GheobGnk VgfQrqhpgvoyr 2006.yax","NAME NOT FOUND","Length: 144"
"8231","6:05:08.3205557 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\kcybere2 yvgr\rqvgbe2.yax","NAME NOT FOUND","Length: 144"
"8232","6:05:08.3205967 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\kcybere2 yvgr\rqvgbe2.yax","NAME NOT FOUND","Length: 144"
"8233","6:05:08.3206543 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\kcybere2 yvgr\kcybere2.yax","NAME NOT FOUND","Length: 144"
"8234","6:05:08.3206959 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\kcybere2 yvgr\kcybere2.yax","NAME NOT FOUND","Length: 144"
"8235","6:05:08.3208230 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:P:\Qbphzragf naq Frggvatf\Nyy Hfref\Fgneg Zrah\Frg Cebtenz Npprff naq Qrsnhygf.yax","NAME NOT FOUND","Length: 144"
"8236","6:05:08.3208683 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:P:\Qbphzragf naq Frggvatf\Nyy Hfref\Fgneg Zrah\Frg Cebtenz Npprff naq Qrsnhygf.yax","NAME NOT FOUND","Length: 144"
"8237","6:05:08.3209853 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:P:\Qbphzragf naq Frggvatf\Nyy Hfref\Fgneg Zrah\Jvaqbjf Hcqngr.yax","NAME NOT FOUND","Length: 144"
"8238","6:05:08.3210289 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:P:\Qbphzragf naq Frggvatf\Nyy Hfref\Fgneg Zrah\Jvaqbjf Hcqngr.yax","NAME NOT FOUND","Length: 144"
"8239","6:05:08.3210907 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Nqbor Ernqre 7.0.yax","NAME NOT FOUND","Length: 144"
"8240","6:05:08.3211309 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Nqbor Ernqre 7.0.yax","NAME NOT FOUND","Length: 144"
"8241","6:05:08.3211912 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zrqvn Pragre.yax","NAME NOT FOUND","Length: 144"
"8242","6:05:08.3212329 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zrqvn Pragre.yax","NAME NOT FOUND","Length: 144"
"8243","6:05:08.3212968 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zvpebfbsg Bssvpr CbjreCbvag Ivrjre 2003.yax","NAME NOT FOUND","Length: 144"
"8244","6:05:08.3213393 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zvpebfbsg Bssvpr CbjreCbvag Ivrjre 2003.yax","NAME NOT FOUND","Length: 144"
"8245","6:05:08.3214036 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zvpebfbsg Cyhf! Cubgb Fgbel 2 YR.yax","NAME NOT FOUND","Length: 144"
"8246","6:05:08.3214455 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zvpebfbsg Cyhf! Cubgb Fgbel 2 YR.yax","NAME NOT FOUND","Length: 144"
"8247","6:05:08.3215078 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zvpebfbsg Jbexf Gnfx Ynhapure.yax","NAME NOT FOUND","Length: 144"
"8248","6:05:08.3215916 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zvpebfbsg Jbexf Gnfx Ynhapure.yax","NAME NOT FOUND","Length: 144"
"8249","6:05:08.3216541 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zbqrz Qvntabfgvp Gbby.yax","NAME NOT FOUND","Length: 144"
"8250","6:05:08.3216949 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zbqrz Qvntabfgvp Gbby.yax","NAME NOT FOUND","Length: 144"
"8251","6:05:08.3217556 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\ZFA.yax","NAME NOT FOUND","Length: 144"
"8252","6:05:08.3217961 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\ZFA.yax","NAME NOT FOUND","Length: 144"
"8253","6:05:08.3218799 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Jvaqbjf Qrsraqre.yax","NAME NOT FOUND","Length: 144"
"8254","6:05:08.3219254 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Jvaqbjf Qrsraqre.yax","NAME NOT FOUND","Length: 144"
"8255","6:05:08.3220911 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Jvaqbjf Zrffratre.yax","NAME NOT FOUND","Length: 144"
"8256","6:05:08.3221492 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Jvaqbjf Zrffratre.yax","NAME NOT FOUND","Length: 144"
"8257","6:05:08.3222154 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Jvaqbjf Zbivr Znxre.yax","NAME NOT FOUND","Length: 144"
"8258","6:05:08.3222573 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Jvaqbjf Zbivr Znxre.yax","NAME NOT FOUND","Length: 144"
"8259","6:05:08.3223235 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Npprffbevrf\Pnyphyngbe.yax","NAME NOT FOUND","Length: 144"
"8260","6:05:08.3223651 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Npprffbevrf\Pnyphyngbe.yax","NAME NOT FOUND","Length: 144"
"8261","6:05:08.3224271 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Npprffbevrf\Cnvag.yax","NAME NOT FOUND","Length: 144"
"8262","6:05:08.3224677 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Npprffbevrf\Cnvag.yax","NAME NOT FOUND","Length: 144"
"8263","6:05:08.3225333 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Npprffbevrf\Fpnaare naq Pnzren Jvmneq.yax","NAME NOT FOUND","Length: 144"
"8264","6:05:08.3225752 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Npprffbevrf\Fpnaare naq Pnzren Jvmneq.yax","NAME NOT FOUND","Length: 144"
"8265","6:05:08.3226372 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Npprffbevrf\JbeqCnq.yax","NAME NOT FOUND","Length: 144"
"8266","6:05:08.3226783 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Npprffbevrf\JbeqCnq.yax","NAME NOT FOUND","Length: 144"
"8267","6:05:08.3227453 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Npprffbevrf\Npprffvovyvgl\Npprffvovyvgl Jvmneq.yax","NAME NOT FOUND","Length: 144"
"8268","6:05:08.3227872 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Npprffbevrf\Npprffvovyvgl\Npprffvovyvgl Jvmneq.yax","NAME NOT FOUND","Length: 144"
"8269","6:05:08.3228532 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Npprffbevrf\Pbzzhavpngvbaf\UlcreGrezvany.yax","NAME NOT FOUND","Length: 144"
"8270","6:05:08.3228959 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Npprffbevrf\Pbzzhavpngvbaf\UlcreGrezvany.yax","NAME NOT FOUND","Length: 144"
"8271","6:05:08.3229624 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Npprffbevrf\Pbzzhavpngvbaf\Erzbgr Qrfxgbc Pbaarpgvba.yax","NAME NOT FOUND","Length: 144"
"8272","6:05:08.3230057 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Npprffbevrf\Pbzzhavpngvbaf\Erzbgr Qrfxgbc Pbaarpgvba.yax","NAME NOT FOUND","Length: 144"
"8273","6:05:08.3230714 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Npprffbevrf\Pbzzhavpngvbaf\Snk\Snk Pbafbyr.yax","NAME NOT FOUND","Length: 144"
"8274","6:05:08.3231135 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Npprffbevrf\Pbzzhavpngvbaf\Snk\Snk Pbafbyr.yax","NAME NOT FOUND","Length: 144"
"8275","6:05:08.3231789 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Npprffbevrf\Pbzzhavpngvbaf\Snk\Snk Pbire Cntr Rqvgbe.yax","NAME NOT FOUND","Length: 144"
"8276","6:05:08.3232217 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Npprffbevrf\Pbzzhavpngvbaf\Snk\Snk Pbire Cntr Rqvgbe.yax","NAME NOT FOUND","Length: 144"
"8277","6:05:08.3232862 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Npprffbevrf\Pbzzhavpngvbaf\Snk\Fraq n Snk....yax","NAME NOT FOUND","Length: 144"
"8278","6:05:08.3233287 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Npprffbevrf\Pbzzhavpngvbaf\Snk\Fraq n Snk....yax","NAME NOT FOUND","Length: 144"
"8279","6:05:08.3233932 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Npprffbevrf\Ragregnvazrag\Fbhaq Erpbeqre.yax","NAME NOT FOUND","Length: 144"
"8280","6:05:08.3234798 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Npprffbevrf\Ragregnvazrag\Fbhaq Erpbeqre.yax","NAME NOT FOUND","Length: 144"
"8281","6:05:08.3235485 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Npprffbevrf\Zrqvn Pragre\Zrqvn Pragre.yax","NAME NOT FOUND","Length: 144"
"8282","6:05:08.3235907 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Npprffbevrf\Zrqvn Pragre\Zrqvn Pragre.yax","NAME NOT FOUND","Length: 144"
"8283","6:05:08.3236566 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Npprffbevrf\Flfgrz Gbbyf\Onpxhc.yax","NAME NOT FOUND","Length: 144"
"8284","6:05:08.3236983 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Npprffbevrf\Flfgrz Gbbyf\Onpxhc.yax","NAME NOT FOUND","Length: 144"
"8285","6:05:08.3237620 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Npprffbevrf\Flfgrz Gbbyf\Punenpgre Znc.yax","NAME NOT FOUND","Length: 144"
"8286","6:05:08.3238036 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Npprffbevrf\Flfgrz Gbbyf\Punenpgre Znc.yax","NAME NOT FOUND","Length: 144"
"8287","6:05:08.3238670 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Npprffbevrf\Flfgrz Gbbyf\Qvfx Pyrnahc.yax","NAME NOT FOUND","Length: 144"
"8288","6:05:08.3239086 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Npprffbevrf\Flfgrz Gbbyf\Qvfx Pyrnahc.yax","NAME NOT FOUND","Length: 144"
"8289","6:05:08.3239723 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Npprffbevrf\Flfgrz Gbbyf\Qvfx Qrsentzragre.yax","NAME NOT FOUND","Length: 144"
"8290","6:05:08.3240139 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Npprffbevrf\Flfgrz Gbbyf\Qvfx Qrsentzragre.yax","NAME NOT FOUND","Length: 144"
"8291","6:05:08.3240813 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Npprffbevrf\Flfgrz Gbbyf\Svyrf naq Frggvatf Genafsre Jvmneq.yax","NAME NOT FOUND","Length: 144"
"8292","6:05:08.3241237 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Npprffbevrf\Flfgrz Gbbyf\Svyrf naq Frggvatf Genafsre Jvmneq.yax","NAME NOT FOUND","Length: 144"
"8293","6:05:08.3241888 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Npprffbevrf\Flfgrz Gbbyf\Flfgrz Vasbezngvba.yax","NAME NOT FOUND","Length: 144"
"8294","6:05:08.3242307 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Npprffbevrf\Flfgrz Gbbyf\Flfgrz Vasbezngvba.yax","NAME NOT FOUND","Length: 144"
"8295","6:05:08.3242950 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Npprffbevrf\Flfgrz Gbbyf\Flfgrz Erfgber.yax","NAME NOT FOUND","Length: 144"
"8296","6:05:08.3243369 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Npprffbevrf\Flfgrz Gbbyf\Flfgrz Erfgber.yax","NAME NOT FOUND","Length: 144"
"8297","6:05:08.3244023 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Nqzvavfgengvir Gbbyf\Pbzcbarag Freivprf.yax","NAME NOT FOUND","Length: 144"
"8298","6:05:08.3244442 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Nqzvavfgengvir Gbbyf\Pbzcbarag Freivprf.yax","NAME NOT FOUND","Length: 144"
"8299","6:05:08.3245079 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Nqzvavfgengvir Gbbyf\Pbzchgre Znantrzrag.yax","NAME NOT FOUND","Length: 144"
"8300","6:05:08.3245492 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Nqzvavfgengvir Gbbyf\Pbzchgre Znantrzrag.yax","NAME NOT FOUND","Length: 144"
"8301","6:05:08.3246137 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Nqzvavfgengvir Gbbyf\Qngn Fbheprf (BQOP).yax","NAME NOT FOUND","Length: 144"
"8302","6:05:08.3246562 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Nqzvavfgengvir Gbbyf\Qngn Fbheprf (BQOP).yax","NAME NOT FOUND","Length: 144"
"8303","6:05:08.3247199 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Nqzvavfgengvir Gbbyf\Rirag Ivrjre.yax","NAME NOT FOUND","Length: 144"
"8304","6:05:08.3247615 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Nqzvavfgengvir Gbbyf\Rirag Ivrjre.yax","NAME NOT FOUND","Length: 144"
"8305","6:05:08.3248261 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Nqzvavfgengvir Gbbyf\Ybpny Frphevgl Cbyvpl.yax","NAME NOT FOUND","Length: 144"
"8306","6:05:08.3248682 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Nqzvavfgengvir Gbbyf\Ybpny Frphevgl Cbyvpl.yax","NAME NOT FOUND","Length: 144"
"8307","6:05:08.3249361 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Nqzvavfgengvir Gbbyf\Zvpebfbsg .ARG Senzrjbex 1.1 Pbasvthengvba.yax","NAME NOT FOUND","Length: 144"
"8308","6:05:08.3249789 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Nqzvavfgengvir Gbbyf\Zvpebfbsg .ARG Senzrjbex 1.1 Pbasvthengvba.yax","NAME NOT FOUND","Length: 144"
"8309","6:05:08.3250442 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Nqzvavfgengvir Gbbyf\Zvpebfbsg .ARG Senzrjbex 1.1 Jvmneqf.yax","NAME NOT FOUND","Length: 144"
"8310","6:05:08.3250867 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Nqzvavfgengvir Gbbyf\Zvpebfbsg .ARG Senzrjbex 1.1 Jvmneqf.yax","NAME NOT FOUND","Length: 144"
"8311","6:05:08.3251496 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Nqzvavfgengvir Gbbyf\Cresbeznapr.yax","NAME NOT FOUND","Length: 144"
"8312","6:05:08.3251909 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Nqzvavfgengvir Gbbyf\Cresbeznapr.yax","NAME NOT FOUND","Length: 144"
"8313","6:05:08.3252543 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Nqzvavfgengvir Gbbyf\Freivprf.yax","NAME NOT FOUND","Length: 144"
"8314","6:05:08.3252951 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Nqzvavfgengvir Gbbyf\Freivprf.yax","NAME NOT FOUND","Length: 144"
"8315","6:05:08.3253596 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Ntrag Enafnpx\Ntrag Enafnpx.yax","NAME NOT FOUND","Length: 144"
"8316","6:05:08.3254004 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Ntrag Enafnpx\Ntrag Enafnpx.yax","NAME NOT FOUND","Length: 144"
"8317","6:05:08.3254652 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\NepFbsg CubgbFghqvb 5.5\CubgbFghqvb 5.5.yax","NAME NOT FOUND","Length: 144"
"8318","6:05:08.3255069 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\NepFbsg CubgbFghqvb 5.5\CubgbFghqvb 5.5.yax","NAME NOT FOUND","Length: 144"
"8319","6:05:08.3255728 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\NIT Serr Rqvgvba\NIT Serr Pbageby Pragre.yax","NAME NOT FOUND","Length: 144"
"8320","6:05:08.3256144 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\NIT Serr Rqvgvba\NIT Serr Pbageby Pragre.yax","NAME NOT FOUND","Length: 144"
"8321","6:05:08.3256787 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\NIT Serr Rqvgvba\NIT Serr Rqvgvba Grfg Pragre.yax","NAME NOT FOUND","Length: 144"
"8322","6:05:08.3257206 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\NIT Serr Rqvgvba\NIT Serr Rqvgvba Grfg Pragre.yax","NAME NOT FOUND","Length: 144"
"8323","6:05:08.3257837 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\NIT Serr Rqvgvba\NIT Serr Ivehf Inhyg.yax","NAME NOT FOUND","Length: 144"
"8324","6:05:08.3258256 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\NIT Serr Rqvgvba\NIT Serr Ivehf Inhyg.yax","NAME NOT FOUND","Length: 144"
"8325","6:05:08.3258916 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Oebnqpbz\Oebnqpbz Nqinaprq Pbageby Fhvgr 2.yax","NAME NOT FOUND","Length: 144"
"8326","6:05:08.3259329 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Oebnqpbz\Oebnqpbz Nqinaprq Pbageby Fhvgr 2.yax","NAME NOT FOUND","Length: 144"
"8327","6:05:08.3260011 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Pnaba PnabFpna YvQR 70 Hfre Ertvfgengvba\Hfre Ertvfgengvba.YAX","NAME NOT FOUND","Length: 144"
"8328","6:05:08.3260441 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Pnaba PnabFpna YvQR 70 Hfre Ertvfgengvba\Hfre Ertvfgengvba.YAX","NAME NOT FOUND","Length: 144"
"8329","6:05:08.3261103 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Pnaba Hgvyvgvrf\PnabFpna Gbbyobk 5.0\PnabFpna Gbbyobk 5.0.yax","NAME NOT FOUND","Length: 144"
"8330","6:05:08.3261533 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Pnaba Hgvyvgvrf\PnabFpna Gbbyobk 5.0\PnabFpna Gbbyobk 5.0.yax","NAME NOT FOUND","Length: 144"
"8331","6:05:08.3262198 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Qryy\Tnzrf, Zhfvp, & Cubgbf Ynhapure.yax","NAME NOT FOUND","Length: 144"
"8332","6:05:08.3262620 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Qryy\Tnzrf, Zhfvp, & Cubgbf Ynhapure.yax","NAME NOT FOUND","Length: 144"
"8333","6:05:08.3263260 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Qryy\Vagrearg Freivpr Bssref Ynhapure.yax","NAME NOT FOUND","Length: 144"
"8334","6:05:08.3263679 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Qryy\Vagrearg Freivpr Bssref Ynhapure.yax","NAME NOT FOUND","Length: 144"
"8335","6:05:08.3264318 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Qryy\PvarCynlre\Fgneg PvarCynlre.yax","NAME NOT FOUND","Length: 144"
"8336","6:05:08.3264735 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Qryy\PvarCynlre\Fgneg PvarCynlre.yax","NAME NOT FOUND","Length: 144"
"8337","6:05:08.3265363 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Qryy Tnzrf\- Cynl Tnzrf -.yax","NAME NOT FOUND","Length: 144"
"8338","6:05:08.3265771 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Qryy Tnzrf\- Cynl Tnzrf -.yax","NAME NOT FOUND","Length: 144"
"8339","6:05:08.3266405 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Qryy Tnzrf\Ynhapu Orwrjryrq 2 Qryhkr.yax","NAME NOT FOUND","Length: 144"
"8340","6:05:08.3266824 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Qryy Tnzrf\Ynhapu Orwrjryrq 2 Qryhkr.yax","NAME NOT FOUND","Length: 144"
"8341","6:05:08.3267461 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Qryy Tnzrf\Ynhapu Oynpxunjx Fgevxre 2.yax","NAME NOT FOUND","Length: 144"
"8342","6:05:08.3267883 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Qryy Tnzrf\Ynhapu Oynpxunjx Fgevxre 2.yax","NAME NOT FOUND","Length: 144"
"8343","6:05:08.3268551 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Qryy Tnzrf\Ynhapu Oynfgreonyy 2.yax","NAME NOT FOUND","Length: 144"
"8344","6:05:08.3268970 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Qryy Tnzrf\Ynhapu Oynfgreonyy 2.yax","NAME NOT FOUND","Length: 144"
"8345","6:05:08.3269610 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Qryy Tnzrf\Ynhapu Puhmmyr Qryhkr.yax","NAME NOT FOUND","Length: 144"
"8346","6:05:08.3270034 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Qryy Tnzrf\Ynhapu Puhmmyr Qryhkr.yax","NAME NOT FOUND","Length: 144"
"8347","6:05:08.3270663 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Qryy Tnzrf\Ynhapu Qvare Qnfu.yax","NAME NOT FOUND","Length: 144"
"8348","6:05:08.3271082 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Qryy Tnzrf\Ynhapu Qvare Qnfu.yax","NAME NOT FOUND","Length: 144"
"8349","6:05:08.3272297 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Qryy Tnzrf\Ynhapu SNGR.yax","NAME NOT FOUND","Length: 144"
"8350","6:05:08.3272761 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Qryy Tnzrf\Ynhapu SNGR.yax","NAME NOT FOUND","Length: 144"
"8351","6:05:08.3273426 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Qryy Tnzrf\Ynhapu Cbyne Objyre.yax","NAME NOT FOUND","Length: 144"
"8352","6:05:08.3273842 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Qryy Tnzrf\Ynhapu Cbyne Objyre.yax","NAME NOT FOUND","Length: 144"
"8353","6:05:08.3275233 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Qryy Tnzrf\Ynhapu Cbyne Tbysre.yax","NAME NOT FOUND","Length: 144"
"8354","6:05:08.3275705 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Qryy Tnzrf\Ynhapu Cbyne Tbysre.yax","NAME NOT FOUND","Length: 144"
"8355","6:05:08.3276862 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Qryy Tnzrf\Ynhapu FPENOOYR.yax","NAME NOT FOUND","Length: 144"
"8356","6:05:08.3277315 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Qryy Tnzrf\Ynhapu FPENOOYR.yax","NAME NOT FOUND","Length: 144"
"8357","6:05:08.3277957 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Qryy Tnzrf\Ynhapu Genqrjvaqf.yax","NAME NOT FOUND","Length: 144"
"8358","6:05:08.3278387 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Qryy Tnzrf\Ynhapu Genqrjvaqf.yax","NAME NOT FOUND","Length: 144"
"8359","6:05:08.3279038 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Qryy Fhccbeg\Purpx Abj.yax","NAME NOT FOUND","Length: 144"
"8360","6:05:08.3279471 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Qryy Fhccbeg\Purpx Abj.yax","NAME NOT FOUND","Length: 144"
"8361","6:05:08.3280139 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Qryy Fhccbeg\Serdhragyl Nfxrq Dhrfgvbaf.yax","NAME NOT FOUND","Length: 144"
"8362","6:05:08.3280589 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Qryy Fhccbeg\Serdhragyl Nfxrq Dhrfgvbaf.yax","NAME NOT FOUND","Length: 144"
"8363","6:05:08.3281226 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\QryyPbaarpg\QryyPbaarpg.yax","NAME NOT FOUND","Length: 144"
"8364","6:05:08.3281656 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\QryyPbaarpg\QryyPbaarpg.yax","NAME NOT FOUND","Length: 144"
"8365","6:05:08.3282284 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Rhqben\Rhqben.yax","NAME NOT FOUND","Length: 144"
"8366","6:05:08.3282706 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Rhqben\Rhqben.yax","NAME NOT FOUND","Length: 144"
"8367","6:05:08.3283346 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Sbkvg Ernqre\Sbkvg Ernqre.yax","NAME NOT FOUND","Length: 144"
"8368","6:05:08.3283785 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Sbkvg Ernqre\Sbkvg Ernqre.yax","NAME NOT FOUND","Length: 144"
"8369","6:05:08.3284419 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Tnzrf\- Cynl Tnzrf -.yax","NAME NOT FOUND","Length: 144"
"8370","6:05:08.3284843 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Tnzrf\- Cynl Tnzrf -.yax","NAME NOT FOUND","Length: 144"
"8371","6:05:08.3285469 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Tnzrf\Serrpryy.yax","NAME NOT FOUND","Length: 144"
"8372","6:05:08.3286321 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Tnzrf\Serrpryy.yax","NAME NOT FOUND","Length: 144"
"8373","6:05:08.3286964 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Tnzrf\Urnegf.yax","NAME NOT FOUND","Length: 144"
"8374","6:05:08.3287383 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Tnzrf\Urnegf.yax","NAME NOT FOUND","Length: 144"
"8375","6:05:08.3288017 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Tnzrf\Vagrearg Onpxtnzzba.yax","NAME NOT FOUND","Length: 144"
"8376","6:05:08.3288838 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Tnzrf\Vagrearg Onpxtnzzba.yax","NAME NOT FOUND","Length: 144"
"8377","6:05:08.3289478 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Tnzrf\Vagrearg Purpxref.yax","NAME NOT FOUND","Length: 144"
"8378","6:05:08.3289903 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Tnzrf\Vagrearg Purpxref.yax","NAME NOT FOUND","Length: 144"
"8379","6:05:08.3290528 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Tnzrf\Vagrearg Urnegf.yax","NAME NOT FOUND","Length: 144"
"8380","6:05:08.3290953 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Tnzrf\Vagrearg Urnegf.yax","NAME NOT FOUND","Length: 144"
"8381","6:05:08.3291584 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Tnzrf\Vagrearg Erirefv.yax","NAME NOT FOUND","Length: 144"
"8382","6:05:08.3292006 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Tnzrf\Vagrearg Erirefv.yax","NAME NOT FOUND","Length: 144"
"8383","6:05:08.3292635 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Tnzrf\Vagrearg Fcnqrf.yax","NAME NOT FOUND","Length: 144"
"8384","6:05:08.3293057 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Tnzrf\Vagrearg Fcnqrf.yax","NAME NOT FOUND","Length: 144"
"8385","6:05:08.3293680 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Tnzrf\Zvarfjrrcre.yax","NAME NOT FOUND","Length: 144"
"8386","6:05:08.3294099 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Tnzrf\Zvarfjrrcre.yax","NAME NOT FOUND","Length: 144"
"8387","6:05:08.3294711 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Tnzrf\Cvaonyy.yax","NAME NOT FOUND","Length: 144"
"8388","6:05:08.3295127 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Tnzrf\Cvaonyy.yax","NAME NOT FOUND","Length: 144"
"8389","6:05:08.3295741 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Tnzrf\Fbyvgnver.yax","NAME NOT FOUND","Length: 144"
"8390","6:05:08.3296155 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Tnzrf\Fbyvgnver.yax","NAME NOT FOUND","Length: 144"
"8391","6:05:08.3296778 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Tnzrf\Fcvqre Fbyvgnver.yax","NAME NOT FOUND","Length: 144"
"8392","6:05:08.3297194 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Tnzrf\Fcvqre Fbyvgnver.yax","NAME NOT FOUND","Length: 144"
"8393","6:05:08.3297848 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\VesnaIvrj\VesnaIvrj 3.99.yax","NAME NOT FOUND","Length: 144"
"8394","6:05:08.3298272 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\VesnaIvrj\VesnaIvrj 3.99.yax","NAME NOT FOUND","Length: 144"
"8395","6:05:08.3298915 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\VesnaIvrj\VesnaIvrj - Guhzoanvyf.yax","NAME NOT FOUND","Length: 144"
"8396","6:05:08.3299337 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\VesnaIvrj\VesnaIvrj - Guhzoanvyf.yax","NAME NOT FOUND","Length: 144"
"8397","6:05:08.3300021 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Yninfbsg\Nq-Njner FR Crefbany\Nq-Njner FR Crefbany.yax","NAME NOT FOUND","Length: 144"
"8398","6:05:08.3300454 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Yninfbsg\Nq-Njner FR Crefbany\Nq-Njner FR Crefbany.yax","NAME NOT FOUND","Length: 144"
"8399","6:05:08.3301130 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Yrkznex M25-M35\Yrkznex M25-M35 Fbyhgvba Pragre.yax","NAME NOT FOUND","Length: 144"
"8400","6:05:08.3301566 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Yrkznex M25-M35\Yrkznex M25-M35 Fbyhgvba Pragre.yax","NAME NOT FOUND","Length: 144"
"8401","6:05:08.3302220 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zntvpjnaq\Purpxref\Cynl Purpxref.yax","NAME NOT FOUND","Length: 144"
"8402","6:05:08.3302653 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zntvpjnaq\Purpxref\Cynl Purpxref.yax","NAME NOT FOUND","Length: 144"
"8403","6:05:08.3303332 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zvpebfbsg Qrirybcre Argjbex\ZFQA Yvoenel Ivfhny Fghqvb 6.0n.yax","NAME NOT FOUND","Length: 144"
"8404","6:05:08.3303768 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zvpebfbsg Qrirybcre Argjbex\ZFQA Yvoenel Ivfhny Fghqvb 6.0n.yax","NAME NOT FOUND","Length: 144"
"8405","6:05:08.3304424 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zvpebfbsg Bssvpr\Zvpebfbsg Bssvpr Rkpry 2003.yax","NAME NOT FOUND","Length: 144"
"8406","6:05:08.3304857 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zvpebfbsg Bssvpr\Zvpebfbsg Bssvpr Rkpry 2003.yax","NAME NOT FOUND","Length: 144"
"8407","6:05:08.3305514 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zvpebfbsg Bssvpr\Zvpebfbsg Bssvpr Bhgybbx 2003.yax","NAME NOT FOUND","Length: 144"
"8408","6:05:08.3305947 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zvpebfbsg Bssvpr\Zvpebfbsg Bssvpr Bhgybbx 2003.yax","NAME NOT FOUND","Length: 144"
"8409","6:05:08.3306598 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zvpebfbsg Bssvpr\Zvpebfbsg Bssvpr CbjreCbvag 2003.yax","NAME NOT FOUND","Length: 144"
"8410","6:05:08.3307033 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zvpebfbsg Bssvpr\Zvpebfbsg Bssvpr CbjreCbvag 2003.yax","NAME NOT FOUND","Length: 144"
"8411","6:05:08.3307690 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zvpebfbsg Bssvpr\Zvpebfbsg Bssvpr Choyvfure 2003.yax","NAME NOT FOUND","Length: 144"
"8412","6:05:08.3308126 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zvpebfbsg Bssvpr\Zvpebfbsg Bssvpr Choyvfure 2003.yax","NAME NOT FOUND","Length: 144"
"8413","6:05:08.3308788 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zvpebfbsg Bssvpr\Zvpebfbsg Bssvpr Jbeq 2003.yax","NAME NOT FOUND","Length: 144"
"8414","6:05:08.3309218 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zvpebfbsg Bssvpr\Zvpebfbsg Bssvpr Jbeq 2003.yax","NAME NOT FOUND","Length: 144"
"8415","6:05:08.3309930 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zvpebfbsg Bssvpr\Zvpebfbsg Bssvpr Gbbyf\Qvtvgny Pregvsvpngr sbe ION Cebwrpgf.yax","NAME NOT FOUND","Length: 144"
"8416","6:05:08.3310391 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zvpebfbsg Bssvpr\Zvpebfbsg Bssvpr Gbbyf\Qvtvgny Pregvsvpngr sbe ION Cebwrpgf.yax","NAME NOT FOUND","Length: 144"
"8417","6:05:08.3311081 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zvpebfbsg Bssvpr\Zvpebfbsg Bssvpr Gbbyf\Zvpebfbsg Pyvc Betnavmre.yax","NAME NOT FOUND","Length: 144"
"8418","6:05:08.3311526 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zvpebfbsg Bssvpr\Zvpebfbsg Bssvpr Gbbyf\Zvpebfbsg Pyvc Betnavmre.yax","NAME NOT FOUND","Length: 144"
"8419","6:05:08.3312221 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zvpebfbsg Bssvpr\Zvpebfbsg Bssvpr Gbbyf\Zvpebfbsg Bssvpr 2003 Ynathntr Frggvatf.yax","NAME NOT FOUND","Length: 144"
"8420","6:05:08.3312674 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zvpebfbsg Bssvpr\Zvpebfbsg Bssvpr Gbbyf\Zvpebfbsg Bssvpr 2003 Ynathntr Frggvatf.yax","NAME NOT FOUND","Length: 144"
"8421","6:05:08.3313395 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zvpebfbsg Bssvpr\Zvpebfbsg Bssvpr Gbbyf\Zvpebfbsg Bssvpr 2003 Fnir Zl Frggvatf Jvmneq.yax","NAME NOT FOUND","Length: 144"
"8422","6:05:08.3313850 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zvpebfbsg Bssvpr\Zvpebfbsg Bssvpr Gbbyf\Zvpebfbsg Bssvpr 2003 Fnir Zl Frggvatf Jvmneq.yax","NAME NOT FOUND","Length: 144"
"8423","6:05:08.3314546 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zvpebfbsg Bssvpr\Zvpebfbsg Bssvpr Gbbyf\Zvpebfbsg Bssvpr Nccyvpngvba Erpbirel.yax","NAME NOT FOUND","Length: 144"
"8424","6:05:08.3314998 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zvpebfbsg Bssvpr\Zvpebfbsg Bssvpr Gbbyf\Zvpebfbsg Bssvpr Nccyvpngvba Erpbirel.yax","NAME NOT FOUND","Length: 144"
"8425","6:05:08.3315696 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zvpebfbsg Bssvpr\Zvpebfbsg Bssvpr Gbbyf\Zvpebfbsg Bssvpr Qbphzrag Vzntvat.yax","NAME NOT FOUND","Length: 144"
"8426","6:05:08.3316149 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zvpebfbsg Bssvpr\Zvpebfbsg Bssvpr Gbbyf\Zvpebfbsg Bssvpr Qbphzrag Vzntvat.yax","NAME NOT FOUND","Length: 144"
"8427","6:05:08.3316842 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zvpebfbsg Bssvpr\Zvpebfbsg Bssvpr Gbbyf\Zvpebfbsg Bssvpr Qbphzrag Fpnaavat.yax","NAME NOT FOUND","Length: 144"
"8428","6:05:08.3317292 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zvpebfbsg Bssvpr\Zvpebfbsg Bssvpr Gbbyf\Zvpebfbsg Bssvpr Qbphzrag Fpnaavat.yax","NAME NOT FOUND","Length: 144"
"8429","6:05:08.3317982 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zvpebfbsg Bssvpr\Zvpebfbsg Bssvpr Gbbyf\Zvpebfbsg Bssvpr Cvpgher Znantre.yax","NAME NOT FOUND","Length: 144"
"8430","6:05:08.3318429 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zvpebfbsg Bssvpr\Zvpebfbsg Bssvpr Gbbyf\Zvpebfbsg Bssvpr Cvpgher Znantre.yax","NAME NOT FOUND","Length: 144"
"8431","6:05:08.3319113 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zvpebfbsg Ivfhny Onfvp 6.0\Zvpebfbsg Ivfhny Onfvp 6.0.yax","NAME NOT FOUND","Length: 144"
"8432","6:05:08.3321736 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zvpebfbsg Ivfhny Onfvp 6.0\Zvpebfbsg Ivfhny Onfvp 6.0.yax","NAME NOT FOUND","Length: 144"
"8433","6:05:08.3322530 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zvpebfbsg Ivfhny Onfvp 6.0\Zvpebfbsg Ivfhny Onfvp 6.0 Gbbyf\NCV Grkg Ivrjre.yax","NAME NOT FOUND","Length: 144"
"8434","6:05:08.3322985 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zvpebfbsg Ivfhny Onfvp 6.0\Zvpebfbsg Ivfhny Onfvp 6.0 Gbbyf\NCV Grkg Ivrjre.yax","NAME NOT FOUND","Length: 144"
"8435","6:05:08.3323706 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zvpebfbsg Ivfhny Onfvp 6.0\Zvpebfbsg Ivfhny Onfvp 6.0 Gbbyf\Cnpxntr & Qrcyblzrag Jvmneq.yax","NAME NOT FOUND","Length: 144"
"8436","6:05:08.3324181 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zvpebfbsg Ivfhny Onfvp 6.0\Zvpebfbsg Ivfhny Onfvp 6.0 Gbbyf\Cnpxntr & Qrcyblzrag Jvmneq.yax","NAME NOT FOUND","Length: 144"
"8437","6:05:08.3324868 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zvpebfbsg Jbexf\Zvpebfbsg Jbexf Pnyraqne.yax","NAME NOT FOUND","Length: 144"
"8438","6:05:08.3325312 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zvpebfbsg Jbexf\Zvpebfbsg Jbexf Pnyraqne.yax","NAME NOT FOUND","Length: 144"
"8439","6:05:08.3325972 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zvpebfbsg Jbexf\Zvpebfbsg Jbexf Qngnonfr.yax","NAME NOT FOUND","Length: 144"
"8440","6:05:08.3326413 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zvpebfbsg Jbexf\Zvpebfbsg Jbexf Qngnonfr.yax","NAME NOT FOUND","Length: 144"
"8441","6:05:08.3327075 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zvpebfbsg Jbexf\Zvpebfbsg Jbexf Cbegsbyvb.yax","NAME NOT FOUND","Length: 144"
"8442","6:05:08.3327519 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zvpebfbsg Jbexf\Zvpebfbsg Jbexf Cbegsbyvb.yax","NAME NOT FOUND","Length: 144"
"8443","6:05:08.3328187 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zvpebfbsg Jbexf\Zvpebfbsg Jbexf Fcernqfurrg.yax","NAME NOT FOUND","Length: 144"
"8444","6:05:08.3328631 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zvpebfbsg Jbexf\Zvpebfbsg Jbexf Fcernqfurrg.yax","NAME NOT FOUND","Length: 144"
"8445","6:05:08.3329511 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zvpebfbsg Jbexf\Zvpebfbsg Jbexf Gnfx Ynhapure.yax","NAME NOT FOUND","Length: 144"
"8446","6:05:08.3330145 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zvpebfbsg Jbexf\Zvpebfbsg Jbexf Gnfx Ynhapure.yax","NAME NOT FOUND","Length: 144"
"8447","6:05:08.3331260 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zvpebfbsg Jbexf\Zvpebfbsg Jbexf Jbeq Cebprffbe.yax","NAME NOT FOUND","Length: 144"
"8448","6:05:08.3331780 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zvpebfbsg Jbexf\Zvpebfbsg Jbexf Jbeq Cebprffbe.yax","NAME NOT FOUND","Length: 144"
"8449","6:05:08.3332858 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zvpebfbsg Jbexf\Jvaqbjf Nqqerff Obbx.yax","NAME NOT FOUND","Length: 144"
"8450","6:05:08.3333324 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zvpebfbsg Jbexf\Jvaqbjf Nqqerff Obbx.yax","NAME NOT FOUND","Length: 144"
"8451","6:05:08.3333998 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zbmvyyn Sversbk\Zbmvyyn Sversbk.yax","NAME NOT FOUND","Length: 144"
"8452","6:05:08.3334436 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zbmvyyn Sversbk\Zbmvyyn Sversbk.yax","NAME NOT FOUND","Length: 144"
"8453","6:05:08.3335104 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zbmvyyn Sversbk\Zbmvyyn Sversbk (Fnsr Zbqr).yax","NAME NOT FOUND","Length: 144"
"8454","6:05:08.3335543 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Zbmvyyn Sversbk\Zbmvyyn Sversbk (Fnsr Zbqr).yax","NAME NOT FOUND","Length: 144"
"8455","6:05:08.3336191 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\ArgJnvgvat\ArgJnvgvat.yax","NAME NOT FOUND","Length: 144"
"8456","6:05:08.3336615 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\ArgJnvgvat\ArgJnvgvat.yax","NAME NOT FOUND","Length: 144"
"8457","6:05:08.3337280 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Cbjregblf sbe Jvaqbjf KC\Gjrnx HV.yax","NAME NOT FOUND","Length: 144"
"8458","6:05:08.3337722 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Cbjregblf sbe Jvaqbjf KC\Gjrnx HV.yax","NAME NOT FOUND","Length: 144"
"8459","6:05:08.3338387 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Cerfgb! CntrZnantre 7.15\Vzcbeg Byq Qngn.yax","NAME NOT FOUND","Length: 144"
"8460","6:05:08.3338822 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Cerfgb! CntrZnantre 7.15\Vzcbeg Byq Qngn.yax","NAME NOT FOUND","Length: 144"
"8461","6:05:08.3339487 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Cerfgb! CntrZnantre 7.15\Cerfgb! CntrZnantre 7.15.yax","NAME NOT FOUND","Length: 144"
"8462","6:05:08.3339926 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Cerfgb! CntrZnantre 7.15\Cerfgb! CntrZnantre 7.15.yax","NAME NOT FOUND","Length: 144"
"8463","6:05:08.3340577 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\DhvpxGvzr\DhvpxGvzr Cynlre.yax","NAME NOT FOUND","Length: 144"
"8464","6:05:08.3341007 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\DhvpxGvzr\DhvpxGvzr Cynlre.yax","NAME NOT FOUND","Length: 144"
"8465","6:05:08.3341647 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\DhvpxGvzr\DhvpxGvzr Hcqngre.yax","NAME NOT FOUND","Length: 144"
"8466","6:05:08.3342083 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\DhvpxGvzr\DhvpxGvzr Hcqngre.yax","NAME NOT FOUND","Length: 144"
"8467","6:05:08.3342733 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Erny\ErnyCynlre\ErnyCynlre.yax","NAME NOT FOUND","Length: 144"
"8468","6:05:08.3343164 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Erny\ErnyCynlre\ErnyCynlre.yax","NAME NOT FOUND","Length: 144"
"8469","6:05:08.3343812 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Ebkvb\Perngbe Ubzr.yax","NAME NOT FOUND","Length: 144"
"8470","6:05:08.3344242 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Ebkvb\Perngbe Ubzr.yax","NAME NOT FOUND","Length: 144"
"8471","6:05:08.3344873 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Ebkvb\ZlQIQ YR.yax","NAME NOT FOUND","Length: 144"
"8472","6:05:08.3345298 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Ebkvb\ZlQIQ YR.yax","NAME NOT FOUND","Length: 144"
"8473","6:05:08.3345966 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Ebkvb\Perngbe Cebwrpgf\ErpbeqAbj Nhqvb.yax","NAME NOT FOUND","Length: 144"
"8474","6:05:08.3346407 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Ebkvb\Perngbe Cebwrpgf\ErpbeqAbj Nhqvb.yax","NAME NOT FOUND","Length: 144"
"8475","6:05:08.3347064 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Ebkvb\Perngbe Cebwrpgf\ErpbeqAbj Pbcl.yax","NAME NOT FOUND","Length: 144"
"8476","6:05:08.3347499 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Ebkvb\Perngbe Cebwrpgf\ErpbeqAbj Pbcl.yax","NAME NOT FOUND","Length: 144"
"8477","6:05:08.3348150 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Ebkvb\Perngbe Cebwrpgf\ErpbeqAbj Qngn.yax","NAME NOT FOUND","Length: 144"
"8478","6:05:08.3348597 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Ebkvb\Perngbe Cebwrpgf\ErpbeqAbj Qngn.yax","NAME NOT FOUND","Length: 144"
"8479","6:05:08.3349268 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\FpnaFbsg BzavCntr FR 4.0\BzavCntr FR 4.0.yax","NAME NOT FOUND","Length: 144"
"8480","6:05:08.3349701 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\FpnaFbsg BzavCntr FR 4.0\BzavCntr FR 4.0.yax","NAME NOT FOUND","Length: 144"
"8481","6:05:08.3350357 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Fvzcyr Fhqbxh\Fvzcyr Fhqbxh.yax","NAME NOT FOUND","Length: 144"
"8482","6:05:08.3350802 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Fvzcyr Fhqbxh\Fvzcyr Fhqbxh.yax","NAME NOT FOUND","Length: 144"
"8483","6:05:08.3351441 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Fxlcr\Fxlcr.yax","NAME NOT FOUND","Length: 144"
"8484","6:05:08.3351866 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Fxlcr\Fxlcr.yax","NAME NOT FOUND","Length: 144"
"8485","6:05:08.3352534 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Fclobg - Frnepu & Qrfgebl\Fclobg - Frnepu & Qrfgebl.yax","NAME NOT FOUND","Length: 144"
"8486","6:05:08.3352978 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Fclobg - Frnepu & Qrfgebl\Fclobg - Frnepu & Qrfgebl.yax","NAME NOT FOUND","Length: 144"
"8487","6:05:08.3353643 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\FcljnerOynfgre\FcljnerOynfgre.yax","NAME NOT FOUND","Length: 144"
"8488","6:05:08.3354076 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\FcljnerOynfgre\FcljnerOynfgre.yax","NAME NOT FOUND","Length: 144"
"8489","6:05:08.3354752 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\FcljnerOynfgre\FcljnerOynfgre NhgbHcqngr Pbasvthengvba.yax","NAME NOT FOUND","Length: 144"
"8490","6:05:08.3355196 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\FcljnerOynfgre\FcljnerOynfgre NhgbHcqngr Pbasvthengvba.yax","NAME NOT FOUND","Length: 144"
"8491","6:05:08.3355858 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\GheobGnk Onfvp 2006\GheobGnk Onfvp 2006.yax","NAME NOT FOUND","Length: 144"
"8492","6:05:08.3356291 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\GheobGnk Onfvp 2006\GheobGnk Onfvp 2006.yax","NAME NOT FOUND","Length: 144"
"8493","6:05:08.3356942 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\GheobGnk Onfvp 2006\GheobGnk Hcqngr.yax","NAME NOT FOUND","Length: 144"
"8494","6:05:08.3357375 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\GheobGnk Onfvp 2006\GheobGnk Hcqngr.yax","NAME NOT FOUND","Length: 144"
"8495","6:05:08.3358068 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Jvaqbjf Qvtvgny Zrqvn Raunaprzragf\Jvaqbjf Nhqvb Pbairegre.yax","NAME NOT FOUND","Length: 144"
"8496","6:05:08.3358520 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Jvaqbjf Qvtvgny Zrqvn Raunaprzragf\Jvaqbjf Nhqvb Pbairegre.yax","NAME NOT FOUND","Length: 144"
"8497","6:05:08.3359191 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Jvaqbjf Qvtvgny Zrqvn Raunaprzragf\Jvaqbjf PQ Ynory Znxre.yax","NAME NOT FOUND","Length: 144"
"8498","6:05:08.3359643 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Jvaqbjf Qvtvgny Zrqvn Raunaprzragf\Jvaqbjf PQ Ynory Znxre.yax","NAME NOT FOUND","Length: 144"
"8499","6:05:08.3360308 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Jvaqbjf Qvtvgny Zrqvn Raunaprzragf\Jvaqbjf Qnapre.yax","NAME NOT FOUND","Length: 144"
"8500","6:05:08.3360747 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Jvaqbjf Qvtvgny Zrqvn Raunaprzragf\Jvaqbjf Qnapre.yax","NAME NOT FOUND","Length: 144"
"8501","6:05:08.3361417 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Jvaqbjf Qvtvgny Zrqvn Raunaprzragf\Jvaqbjf Cnegl Zbqr.yax","NAME NOT FOUND","Length: 144"
"8502","6:05:08.3361873 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Jvaqbjf Qvtvgny Zrqvn Raunaprzragf\Jvaqbjf Cnegl Zbqr.yax","NAME NOT FOUND","Length: 144"
"8503","6:05:08.3362526 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Mbar Ynof\Mbar Ynof Frphevgl.yax","NAME NOT FOUND","Length: 144"
"8504","6:05:08.3363228 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Mbar Ynof\Mbar Ynof Frphevgl.yax","NAME NOT FOUND","Length: 144"
"8505","6:05:08.3363893 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Mbar Ynof\Mbar Ynof Frphevgl Ghgbevny.yax","NAME NOT FOUND","Length: 144"
"8506","6:05:08.3364328 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:%pfvqy2%\Mbar Ynof\Mbar Ynof Frphevgl Ghgbevny.yax","NAME NOT FOUND","Length: 144"
"8507","6:05:08.3365049 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:P:\Qbphzragf naq Frggvatf\Unebyq Qvafzber\Qrfxgbc\Pnyphyngbe (2).yax","NAME NOT FOUND","Length: 144"
"8508","6:05:08.3365499 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:P:\Qbphzragf naq Frggvatf\Unebyq Qvafzber\Qrfxgbc\Pnyphyngbe (2).yax","NAME NOT FOUND","Length: 144"
"8509","6:05:08.3366208 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:P:\Qbphzragf naq Frggvatf\Unebyq Qvafzber\Qrfxgbc\Zrqvn Pragre.yax","NAME NOT FOUND","Length: 144"
"8510","6:05:08.3366650 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:P:\Qbphzragf naq Frggvatf\Unebyq Qvafzber\Qrfxgbc\Zrqvn Pragre.yax","NAME NOT FOUND","Length: 144"
"8511","6:05:08.3367351 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:P:\Qbphzragf naq Frggvatf\Unebyq Qvafzber\Qrfxgbc\Fraq n Snk.yax","NAME NOT FOUND","Length: 144"
"8512","6:05:08.3367798 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:P:\Qbphzragf naq Frggvatf\Unebyq Qvafzber\Qrfxgbc\Fraq n Snk.yax","NAME NOT FOUND","Length: 144"
"8513","6:05:08.3368513 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:P:\Qbphzragf naq Frggvatf\Unebyq Qvafzber\Qrfxgbc\Fubegphg gb Sbkvg Ernqre.rkr.yax","NAME NOT FOUND","Length: 144"
"8514","6:05:08.3368969 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:P:\Qbphzragf naq Frggvatf\Unebyq Qvafzber\Qrfxgbc\Fubegphg gb Sbkvg Ernqre.rkr.yax","NAME NOT FOUND","Length: 144"
"8515","6:05:08.3369684 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:P:\Qbphzragf naq Frggvatf\Unebyq Qvafzber\Qrfxgbc\Jvaqbjf Zrqvn Cynlre.yax","NAME NOT FOUND","Length: 144"
"8516","6:05:08.3370128 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:P:\Qbphzragf naq Frggvatf\Unebyq Qvafzber\Qrfxgbc\Jvaqbjf Zrqvn Cynlre.yax","NAME NOT FOUND","Length: 144"
"8517","6:05:08.3370829 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:P:\Qbphzragf naq Frggvatf\Unebyq Qvafzber\Qrfxgbc\kcybere2.yax","NAME NOT FOUND","Length: 144"
"8518","6:05:08.3371268 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:P:\Qbphzragf naq Frggvatf\Unebyq Qvafzber\Qrfxgbc\kcybere2.yax","NAME NOT FOUND","Length: 144"
"8519","6:05:08.3372438 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:P:\Qbphzragf naq Frggvatf\Nyy Hfref\Qrfxgbc\Fxlcr.yax","NAME NOT FOUND","Length: 144"
"8520","6:05:08.3372891 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACVQY:P:\Qbphzragf naq Frggvatf\Nyy Hfref\Qrfxgbc\Fxlcr.yax","NAME NOT FOUND","Length: 144"
"8521","6:05:08.3373397 AM","Explorer.EXE","1696","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"8522","6:05:08.3373676 AM","Explorer.EXE","1696","RegOpenKey","HKCU\Software\Classes\CLSID\{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"8523","6:05:08.3374254 AM","Explorer.EXE","1696","RegOpenKey","HKCR\CLSID\{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0}\ShellFolder","SUCCESS","Desired Access: Maximum Allowed"
"8524","6:05:08.3375383 AM","Explorer.EXE","1696","RegQueryKey","HKCR\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\ShellFolder","SUCCESS","Query: Name"
"8525","6:05:08.3375794 AM","Explorer.EXE","1696","RegOpenKey","HKCU\Software\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"8526","6:05:08.3376090 AM","Explorer.EXE","1696","RegQueryValue","HKCR\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\ShellFolder\WantsFORDISPLAY","NAME NOT FOUND","Length: 144"
"8527","6:05:08.3376489 AM","Explorer.EXE","1696","RegCloseKey","HKCR\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\ShellFolder","SUCCESS",""
"8528","6:05:08.3376824 AM","Explorer.EXE","1696","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0}","NAME NOT FOUND","Desired Access: Maximum Allowed"
"8529","6:05:08.3377210 AM","Explorer.EXE","1696","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"8530","6:05:08.3377391 AM","Explorer.EXE","1696","RegOpenKey","HKCU\Software\Classes\CLSID\{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"8531","6:05:08.3377548 AM","Explorer.EXE","1696","RegOpenKey","HKCR\CLSID\{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0}\ShellFolder","SUCCESS","Desired Access: Maximum Allowed"
"8532","6:05:08.3377903 AM","Explorer.EXE","1696","RegQueryKey","HKCR\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\ShellFolder","SUCCESS","Query: Name"
"8533","6:05:08.3378168 AM","Explorer.EXE","1696","RegOpenKey","HKCU\Software\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"8534","6:05:08.3378442 AM","Explorer.EXE","1696","RegQueryValue","HKCR\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\ShellFolder\Attributes","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"8535","6:05:08.3378646 AM","Explorer.EXE","1696","RegQueryKey","HKCR\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\ShellFolder","SUCCESS","Query: Name"
"8536","6:05:08.3378903 AM","Explorer.EXE","1696","RegOpenKey","HKCU\Software\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"8537","6:05:08.3379163 AM","Explorer.EXE","1696","RegQueryValue","HKCR\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\ShellFolder\CallForAttributes","NAME NOT FOUND","Length: 144"
"8538","6:05:08.3379386 AM","Explorer.EXE","1696","RegCloseKey","HKCR\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\ShellFolder","SUCCESS",""
"8539","6:05:08.3379640 AM","Explorer.EXE","1696","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum","NAME NOT FOUND","Desired Access: Query Value"
"8540","6:05:08.3379878 AM","Explorer.EXE","1696","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum","SUCCESS","Desired Access: Query Value"
"8541","6:05:08.3380266 AM","Explorer.EXE","1696","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0}","NAME NOT FOUND","Length: 144"
"8542","6:05:08.3380506 AM","Explorer.EXE","1696","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum","SUCCESS",""
"8543","6:05:08.3380727 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0}","NAME NOT FOUND","Desired Access: Query Value"
"8544","6:05:08.3381121 AM","Explorer.EXE","1696","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0}\ShellFolder","NAME NOT FOUND","Desired Access: Query Value"
"8545","6:05:08.3381358 AM","Explorer.EXE","1696","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0}\ShellFolder","NAME NOT FOUND","Desired Access: Query Value"
"8546","6:05:08.3381730 AM","Explorer.EXE","1696","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"8547","6:05:08.3381917 AM","Explorer.EXE","1696","RegOpenKey","HKCU\Software\Classes\CLSID\{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0}","NAME NOT FOUND","Desired Access: Maximum Allowed"
"8548","6:05:08.3382074 AM","Explorer.EXE","1696","RegOpenKey","HKCR\CLSID\{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0}","SUCCESS","Desired Access: Maximum Allowed"
"8549","6:05:08.3382456 AM","Explorer.EXE","1696","RegQueryKey","HKCR\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}","SUCCESS","Query: Name"
"8550","6:05:08.3382842 AM","Explorer.EXE","1696","RegOpenKey","HKCU\Software\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}","NAME NOT FOUND","Desired Access: Maximum Allowed"
"8551","6:05:08.3383605 AM","Explorer.EXE","1696","RegOpenKey","HKCR\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}","SUCCESS","Desired Access: Maximum Allowed"
"8552","6:05:08.3384448 AM","Explorer.EXE","1696","RegCloseKey","HKCR\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}","SUCCESS",""
"8553","6:05:08.3384795 AM","Explorer.EXE","1696","RegQueryKey","HKCR\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}","SUCCESS","Query: Name"
"8554","6:05:08.3385205 AM","Explorer.EXE","1696","RegOpenKey","HKCU\Software\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}","NAME NOT FOUND","Desired Access: Maximum Allowed"
"8555","6:05:08.3385479 AM","Explorer.EXE","1696","RegQueryValue","HKCR\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\LocalizedString","SUCCESS","Type: REG_SZ, Length: 40, Data: @explorer.exe,-7024"
"8556","6:05:08.3385934 AM","Explorer.EXE","1696","RegOpenKey","HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache","SUCCESS","Desired Access: Maximum Allowed"
"8557","6:05:08.3386264 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\@explorer.exe,-7024","SUCCESS","Type: REG_SZ, Length: 18, Data: Internet"
"8558","6:05:08.3388547 AM","Explorer.EXE","1696","RegCloseKey","HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache","SUCCESS",""
"8559","6:05:08.3388862 AM","Explorer.EXE","1696","RegCloseKey","HKCR\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}","SUCCESS",""
"8560","6:05:08.3389150 AM","Explorer.EXE","1696","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"8561","6:05:08.3389362 AM","Explorer.EXE","1696","RegOpenKey","HKCU\Software\Classes\CLSID\{2559A1F5-21D7-11D4-BDAF-00C04F60B9F0}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"8562","6:05:08.3389725 AM","Explorer.EXE","1696","RegOpenKey","HKCR\CLSID\{2559A1F5-21D7-11D4-BDAF-00C04F60B9F0}\ShellFolder","SUCCESS","Desired Access: Maximum Allowed"
"8563","6:05:08.3390357 AM","Explorer.EXE","1696","RegQueryKey","HKCR\CLSID\{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}\ShellFolder","SUCCESS","Query: Name"
"8564","6:05:08.3390656 AM","Explorer.EXE","1696","RegOpenKey","HKCU\Software\Classes\CLSID\{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"8565","6:05:08.3390932 AM","Explorer.EXE","1696","RegQueryValue","HKCR\CLSID\{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}\ShellFolder\WantsFORDISPLAY","NAME NOT FOUND","Length: 144"
"8566","6:05:08.3391173 AM","Explorer.EXE","1696","RegCloseKey","HKCR\CLSID\{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}\ShellFolder","SUCCESS",""
"8567","6:05:08.3391449 AM","Explorer.EXE","1696","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{2559A1F5-21D7-11D4-BDAF-00C04F60B9F0}","NAME NOT FOUND","Desired Access: Maximum Allowed"
"8568","6:05:08.3391776 AM","Explorer.EXE","1696","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"8569","6:05:08.3391958 AM","Explorer.EXE","1696","RegOpenKey","HKCU\Software\Classes\CLSID\{2559A1F5-21D7-11D4-BDAF-00C04F60B9F0}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"8570","6:05:08.3392111 AM","Explorer.EXE","1696","RegOpenKey","HKCR\CLSID\{2559A1F5-21D7-11D4-BDAF-00C04F60B9F0}\ShellFolder","SUCCESS","Desired Access: Maximum Allowed"
"8571","6:05:08.3392446 AM","Explorer.EXE","1696","RegQueryKey","HKCR\CLSID\{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}\ShellFolder","SUCCESS","Query: Name"
"8572","6:05:08.3392706 AM","Explorer.EXE","1696","RegOpenKey","HKCU\Software\Classes\CLSID\{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"8573","6:05:08.3392977 AM","Explorer.EXE","1696","RegQueryValue","HKCR\CLSID\{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}\ShellFolder\Attributes","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"8574","6:05:08.3393162 AM","Explorer.EXE","1696","RegQueryKey","HKCR\CLSID\{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}\ShellFolder","SUCCESS","Query: Name"
"8575","6:05:08.3393413 AM","Explorer.EXE","1696","RegOpenKey","HKCU\Software\Classes\CLSID\{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}\ShellFolder","NAME NOT FOUND","Desired Access: Maximum Allowed"
"8576","6:05:08.3393676 AM","Explorer.EXE","1696","RegQueryValue","HKCR\CLSID\{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}\ShellFolder\CallForAttributes","NAME NOT FOUND","Length: 144"
"8577","6:05:08.3393894 AM","Explorer.EXE","1696","RegCloseKey","HKCR\CLSID\{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}\ShellFolder","SUCCESS",""
"8578","6:05:08.3394128 AM","Explorer.EXE","1696","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum","NAME NOT FOUND","Desired Access: Query Value"
"8579","6:05:08.3394343 AM","Explorer.EXE","1696","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum","SUCCESS","Desired Access: Query Value"
"8580","6:05:08.3394679 AM","Explorer.EXE","1696","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{2559A1F5-21D7-11D4-BDAF-00C04F60B9F0}","NAME NOT FOUND","Length: 144"
"8581","6:05:08.3394908 AM","Explorer.EXE","1696","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum","SUCCESS",""
"8582","6:05:08.3395117 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{2559A1F5-21D7-11D4-BDAF-00C04F60B9F0}","NAME NOT FOUND","Desired Access: Query Value"
"8583","6:05:08.3395480 AM","Explorer.EXE","1696","RegOpenKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{2559A1F5-21D7-11D4-BDAF-00C04F60B9F0}\ShellFolder","NAME NOT FOUND","Desired Access: Query Value"
"8584","6:05:08.3395718 AM","Explorer.EXE","1696","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{2559A1F5-21D7-11D4-BDAF-00C04F60B9F0}\ShellFolder","NAME NOT FOUND","Desired Access: Query Value"
"8585","6:05:08.3396073 AM","Explorer.EXE","1696","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"8586","6:05:08.3396257 AM","Explorer.EXE","1696","RegOpenKey","HKCU\Software\Classes\CLSID\{2559A1F5-21D7-11D4-BDAF-00C04F60B9F0}","NAME NOT FOUND","Desired Access: Maximum Allowed"
"8587","6:05:08.3396411 AM","Explorer.EXE","1696","RegOpenKey","HKCR\CLSID\{2559A1F5-21D7-11D4-BDAF-00C04F60B9F0}","SUCCESS","Desired Access: Maximum Allowed"
"8588","6:05:08.3396777 AM","Explorer.EXE","1696","RegQueryKey","HKCR\CLSID\{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}","SUCCESS","Query: Name"
"8589","6:05:08.3397036 AM","Explorer.EXE","1696","RegOpenKey","HKCU\Software\Classes\CLSID\{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}","NAME NOT FOUND","Desired Access: Maximum Allowed"
"8590","6:05:08.3397271 AM","Explorer.EXE","1696","RegOpenKey","HKCR\CLSID\{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}","SUCCESS","Desired Access: Maximum Allowed"
"8591","6:05:08.3397598 AM","Explorer.EXE","1696","RegCloseKey","HKCR\CLSID\{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}","SUCCESS",""
"8592","6:05:08.3397805 AM","Explorer.EXE","1696","RegQueryKey","HKCR\CLSID\{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}","SUCCESS","Query: Name"
"8593","6:05:08.3398064 AM","Explorer.EXE","1696","RegOpenKey","HKCU\Software\Classes\CLSID\{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}","NAME NOT FOUND","Desired Access: Maximum Allowed"
"8594","6:05:08.3398308 AM","Explorer.EXE","1696","RegQueryValue","HKCR\CLSID\{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}\LocalizedString","SUCCESS","Type: REG_SZ, Length: 40, Data: @explorer.exe,-7025"
"8595","6:05:08.3398609 AM","Explorer.EXE","1696","RegOpenKey","HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache","SUCCESS","Desired Access: Maximum Allowed"
"8596","6:05:08.3398894 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\@explorer.exe,-7025","SUCCESS","Type: REG_SZ, Length: 14, Data: E-mail"
"8597","6:05:08.3399858 AM","Explorer.EXE","1696","RegCloseKey","HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache","SUCCESS",""
"8598","6:05:08.3400079 AM","Explorer.EXE","1696","RegCloseKey","HKCR\CLSID\{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}","SUCCESS",""
"8599","6:05:08.3400718 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Renfre\renfre.rkr","NAME NOT FOUND","Length: 144"
"8600","6:05:08.3401355 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Renfre\renfre.rkr","NAME NOT FOUND","Length: 144"
"8601","6:05:08.3402009 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Vagrearg Rkcybere\vrkcyber.rkr","NAME NOT FOUND","Length: 144"
"8602","6:05:08.3402557 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Vagrearg Rkcybere\vrkcyber.rkr","NAME NOT FOUND","Length: 144"
"8603","6:05:08.3403515 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Bhgybbx Rkcerff\zfvza.rkr","NAME NOT FOUND","Length: 144"
"8604","6:05:08.3404068 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Bhgybbx Rkcerff\zfvza.rkr","NAME NOT FOUND","Length: 144"
"8605","6:05:08.3404632 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\epvzyol.rkr","NAME NOT FOUND","Length: 144"
"8606","6:05:08.3405146 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\epvzyol.rkr","NAME NOT FOUND","Length: 144"
"8607","6:05:08.3405711 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Jvaqbjf Zrqvn Cynlre\jzcynlre.rkr","NAME NOT FOUND","Length: 144"
"8608","6:05:08.3406250 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Jvaqbjf Zrqvn Cynlre\jzcynlre.rkr","NAME NOT FOUND","Length: 144"
"8609","6:05:08.3406820 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Bhgybbx Rkcerff\jno.rkr","NAME NOT FOUND","Length: 144"
"8610","6:05:08.3407351 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Bhgybbx Rkcerff\jno.rkr","NAME NOT FOUND","Length: 144"
"8611","6:05:08.3407904 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\pzq.rkr","NAME NOT FOUND","Length: 144"
"8612","6:05:08.3408409 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\pzq.rkr","NAME NOT FOUND","Length: 144"
"8613","6:05:08.3408954 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\abgrcnq.rkr","SUCCESS","Type: REG_BINARY, Length: 16, Data: A8 00 00 00 07 00 00 00 50 A9 63 BA 59 A7 C7 01"
"8614","6:05:08.3409401 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\abgrcnq.rkr","SUCCESS","Type: REG_BINARY, Length: 16, Data: A8 00 00 00 07 00 00 00 50 A9 63 BA 59 A7 C7 01"
"8615","6:05:08.3409946 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\gbhefgneg.rkr","NAME NOT FOUND","Length: 144"
"8616","6:05:08.3410463 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\gbhefgneg.rkr","NAME NOT FOUND","Length: 144"
"8617","6:05:08.3411007 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\zntavsl.rkr","NAME NOT FOUND","Length: 144"
"8618","6:05:08.3411522 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\zntavsl.rkr","NAME NOT FOUND","Length: 144"
"8619","6:05:08.3412063 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\aneengbe.rkr","NAME NOT FOUND","Length: 144"
"8620","6:05:08.3412572 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\aneengbe.rkr","NAME NOT FOUND","Length: 144"
"8621","6:05:08.3413111 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\bfx.rkr","NAME NOT FOUND","Length: 144"
"8622","6:05:08.3413620 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\bfx.rkr","NAME NOT FOUND","Length: 144"
"8623","6:05:08.3414156 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\hgvyzna.rkr","NAME NOT FOUND","Length: 144"
"8624","6:05:08.3414673 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\hgvyzna.rkr","NAME NOT FOUND","Length: 144"
"8625","6:05:08.3415220 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Ntrag\ntrag.rkr","SUCCESS","Type: REG_BINARY, Length: 16, Data: A8 00 00 00 0D 00 00 00 D0 5D AF 43 5A A7 C7 01"
"8626","6:05:08.3415676 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Ntrag\ntrag.rkr","SUCCESS","Type: REG_BINARY, Length: 16, Data: A8 00 00 00 0D 00 00 00 D0 5D AF 43 5A A7 C7 01"
"8627","6:05:08.3416229 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Ngbzvp Pybpx Flap\Ngbzvp.rkr","SUCCESS","Type: REG_BINARY, Length: 16, Data: A7 00 00 00 07 00 00 00 60 D8 58 D5 A6 A6 C7 01"
"8628","6:05:08.3416673 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Ngbzvp Pybpx Flap\Ngbzvp.rkr","SUCCESS","Type: REG_BINARY, Length: 16, Data: A7 00 00 00 07 00 00 00 60 D8 58 D5 A6 A6 C7 01"
"8629","6:05:08.3417193 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\PPyrnare\ppyrnare.rkr","SUCCESS","Type: REG_BINARY, Length: 16, Data: A7 00 00 00 06 00 00 00 90 0A 6D C3 56 A6 C7 01"
"8630","6:05:08.3417536 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\PPyrnare\ppyrnare.rkr","SUCCESS","Type: REG_BINARY, Length: 16, Data: A7 00 00 00 06 00 00 00 90 0A 6D C3 56 A6 C7 01"
"8631","6:05:08.3417964 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\PQrk_170o1\PQrk.rkr","NAME NOT FOUND","Length: 144"
"8632","6:05:08.3418503 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\PQrk_170o1\PQrk.rkr","NAME NOT FOUND","Length: 144"
"8633","6:05:08.3419062 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\qryy\RKCERFF.RKR","NAME NOT FOUND","Length: 144"
"8634","6:05:08.3419534 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\qryy\RKCERFF.RKR","NAME NOT FOUND","Length: 144"
"8635","6:05:08.3420056 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\rFvgr Zrqvn\lRap32\lRap32.rkr","NAME NOT FOUND","Length: 144"
"8636","6:05:08.3420592 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\rFvgr Zrqvn\lRap32\lRap32.rkr","NAME NOT FOUND","Length: 144"
"8637","6:05:08.3421171 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Jro Choyvfu\JCJVM.RKR","NAME NOT FOUND","Length: 144"
"8638","6:05:08.3421702 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Jro Choyvfu\JCJVM.RKR","NAME NOT FOUND","Length: 144"
"8639","6:05:08.3422266 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\ZC3Tnva\ZC3TnvaTHV.rkr","NAME NOT FOUND","Length: 144"
"8640","6:05:08.3422799 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\ZC3Tnva\ZC3TnvaTHV.rkr","NAME NOT FOUND","Length: 144"
"8641","6:05:08.3423381 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\VgfQrqhpgvoyr2006\VgfQrqhpgvoyr10.rkr","NAME NOT FOUND","Length: 144"
"8642","6:05:08.3423920 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\VgfQrqhpgvoyr2006\VgfQrqhpgvoyr10.rkr","NAME NOT FOUND","Length: 144"
"8643","6:05:08.3424504 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\mnoxng\kcybere2_yvgr\rqvgbe2.rkr","NAME NOT FOUND","Length: 144"
"8644","6:05:08.3425048 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\mnoxng\kcybere2_yvgr\rqvgbe2.rkr","NAME NOT FOUND","Length: 144"
"8645","6:05:08.3425632 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\mnoxng\kcybere2_yvgr\kcybere2.rkr","NAME NOT FOUND","Length: 144"
"8646","6:05:08.3426180 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\mnoxng\kcybere2_yvgr\kcybere2.rkr","NAME NOT FOUND","Length: 144"
"8647","6:05:08.3426736 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\pbageby.rkr","NAME NOT FOUND","Length: 144"
"8648","6:05:08.3427247 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\pbageby.rkr","NAME NOT FOUND","Length: 144"
"8649","6:05:08.3427786 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\jhcqzte.rkr","NAME NOT FOUND","Length: 144"
"8650","6:05:08.3428297 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\jhcqzte.rkr","NAME NOT FOUND","Length: 144"
"8651","6:05:08.3428862 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Nqbor\Npebong 7.0\Ernqre\NpebEq32.rkr","NAME NOT FOUND","Length: 144"
"8652","6:05:08.3429404 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Nqbor\Npebong 7.0\Ernqre\NpebEq32.rkr","NAME NOT FOUND","Length: 144"
"8653","6:05:08.3429971 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\rubzr\rufuryy.rkr","NAME NOT FOUND","Length: 144"
"8654","6:05:08.3430457 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\rubzr\rufuryy.rkr","NAME NOT FOUND","Length: 144"
"8655","6:05:08.3431002 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Zvpebfbsg Bssvpr\CbjreCbvag Ivrjre\CCGIVRJ.RKR","NAME NOT FOUND","Length: 144"
"8656","6:05:08.3431552 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Zvpebfbsg Bssvpr\CbjreCbvag Ivrjre\CCGIVRJ.RKR","NAME NOT FOUND","Length: 144"
"8657","6:05:08.3432150 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Zvpebfbsg Cyhf! Cubgb Fgbel 2 YR\CF2Gevny.rkr","NAME NOT FOUND","Length: 144"
"8658","6:05:08.3432703 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Zvpebfbsg Cyhf! Cubgb Fgbel 2 YR\CF2Gevny.rkr","NAME NOT FOUND","Length: 144"
"8659","6:05:08.3433295 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Zvpebfbsg Jbexf\ZFJbexf.rkr","NAME NOT FOUND","Length: 144"
"8660","6:05:08.3433837 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Zvpebfbsg Jbexf\ZFJbexf.rkr","NAME NOT FOUND","Length: 144"
"8661","6:05:08.3434429 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Zbqrz Qvntabfgvp Gbby\QZbqrz.rkr","NAME NOT FOUND","Length: 144"
"8662","6:05:08.3434980 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Zbqrz Qvntabfgvp Gbby\QZbqrz.rkr","NAME NOT FOUND","Length: 144"
"8663","6:05:08.3435569 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\ZFA\ZFAPberSvyrf\Vafgnyy\zfafhfvv.rkr","NAME NOT FOUND","Length: 144"
"8664","6:05:08.3436326 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\ZFA\ZFAPberSvyrf\Vafgnyy\zfafhfvv.rkr","NAME NOT FOUND","Length: 144"
"8665","6:05:08.3437223 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Jvaqbjf Qrsraqre\ZFNFPhv.rkr","NAME NOT FOUND","Length: 144"
"8666","6:05:08.3438003 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Jvaqbjf Qrsraqre\ZFNFPhv.rkr","NAME NOT FOUND","Length: 144"
"8667","6:05:08.3439120 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Zrffratre\zfzftf.rkr","NAME NOT FOUND","Length: 144"
"8668","6:05:08.3439746 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Zrffratre\zfzftf.rkr","NAME NOT FOUND","Length: 144"
"8669","6:05:08.3440355 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Zbivr Znxre\zbivrzx.rkr","NAME NOT FOUND","Length: 144"
"8670","6:05:08.3440897 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Zbivr Znxre\zbivrzx.rkr","NAME NOT FOUND","Length: 144"
"8671","6:05:08.3441450 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\pnyp.rkr","NAME NOT FOUND","Length: 144"
"8672","6:05:08.3441972 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\pnyp.rkr","NAME NOT FOUND","Length: 144"
"8673","6:05:08.3442520 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\zfcnvag.rkr","NAME NOT FOUND","Length: 144"
"8674","6:05:08.3443034 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\zfcnvag.rkr","NAME NOT FOUND","Length: 144"
"8675","6:05:08.3443579 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\jvnnpzte.rkr","NAME NOT FOUND","Length: 144"
"8676","6:05:08.3444420 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\jvnnpzte.rkr","NAME NOT FOUND","Length: 144"
"8677","6:05:08.3445015 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Jvaqbjf AG\Npprffbevrf\jbeqcnq.rkr","NAME NOT FOUND","Length: 144"
"8678","6:05:08.3445895 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Jvaqbjf AG\Npprffbevrf\jbeqcnq.rkr","NAME NOT FOUND","Length: 144"
"8679","6:05:08.3446473 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\nppjvm.rkr","NAME NOT FOUND","Length: 144"
"8680","6:05:08.3446984 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\nppjvm.rkr","NAME NOT FOUND","Length: 144"
"8681","6:05:08.3447540 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Jvaqbjf AG\ulcregez.rkr","NAME NOT FOUND","Length: 144"
"8682","6:05:08.3448065 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Jvaqbjf AG\ulcregez.rkr","NAME NOT FOUND","Length: 144"
"8683","6:05:08.3448624 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\zfgfp.rkr","NAME NOT FOUND","Length: 144"
"8684","6:05:08.3449127 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\zfgfp.rkr","NAME NOT FOUND","Length: 144"
"8685","6:05:08.3449669 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\SkfPyag.rkr","NAME NOT FOUND","Length: 144"
"8686","6:05:08.3450172 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\SkfPyag.rkr","NAME NOT FOUND","Length: 144"
"8687","6:05:08.3450716 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\SkfPbire.rkr","NAME NOT FOUND","Length: 144"
"8688","6:05:08.3451513 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\SkfPbire.rkr","NAME NOT FOUND","Length: 144"
"8689","6:05:08.3452060 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\SkfFraq.rkr","NAME NOT FOUND","Length: 144"
"8690","6:05:08.3452557 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\SkfFraq.rkr","NAME NOT FOUND","Length: 144"
"8691","6:05:08.3453105 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\faqerp32.rkr","SUCCESS","Type: REG_BINARY, Length: 16, Data: A8 00 00 00 07 00 00 00 E0 62 2F F3 5B A7 C7 01"
"8692","6:05:08.3453580 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\faqerp32.rkr","SUCCESS","Type: REG_BINARY, Length: 16, Data: A8 00 00 00 07 00 00 00 E0 62 2F F3 5B A7 C7 01"
"8693","6:05:08.3454178 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\agonpxhc.rkr","NAME NOT FOUND","Length: 144"
"8694","6:05:08.3454681 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\agonpxhc.rkr","NAME NOT FOUND","Length: 144"
"8695","6:05:08.3455231 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\puneznc.rkr","NAME NOT FOUND","Length: 144"
"8696","6:05:08.3455737 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\puneznc.rkr","NAME NOT FOUND","Length: 144"
"8697","6:05:08.3456273 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\pyrnazte.rkr","NAME NOT FOUND","Length: 144"
"8698","6:05:08.3456773 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\pyrnazte.rkr","NAME NOT FOUND","Length: 144"
"8699","6:05:08.3457673 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\qset.zfp","NAME NOT FOUND","Length: 144"
"8700","6:05:08.3458181 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\qset.zfp","NAME NOT FOUND","Length: 144"
"8701","6:05:08.3458729 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\hfzg\zvtjvm.rkr","NAME NOT FOUND","Length: 144"
"8702","6:05:08.3459237 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\hfzg\zvtjvm.rkr","NAME NOT FOUND","Length: 144"
"8703","6:05:08.3459818 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Pbzzba Svyrf\Zvpebfbsg Funerq\ZFVasb\zfvasb32.rkr","NAME NOT FOUND","Length: 144"
"8704","6:05:08.3460352 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Pbzzba Svyrf\Zvpebfbsg Funerq\ZFVasb\zfvasb32.rkr","NAME NOT FOUND","Length: 144"
"8705","6:05:08.3460913 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\erfgber\efgehv.rkr","NAME NOT FOUND","Length: 144"
"8706","6:05:08.3461419 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\erfgber\efgehv.rkr","NAME NOT FOUND","Length: 144"
"8707","6:05:08.3461958 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\Pbz\pbzrkc.zfp","NAME NOT FOUND","Length: 144"
"8708","6:05:08.3462461 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\Pbz\pbzrkc.zfp","NAME NOT FOUND","Length: 144"
"8709","6:05:08.3462997 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\pbzcztzg.zfp","NAME NOT FOUND","Length: 144"
"8710","6:05:08.3463497 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\pbzcztzg.zfp","NAME NOT FOUND","Length: 144"
"8711","6:05:08.3464031 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\bqopnq32.rkr","NAME NOT FOUND","Length: 144"
"8712","6:05:08.3464534 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\bqopnq32.rkr","NAME NOT FOUND","Length: 144"
"8713","6:05:08.3465073 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\riragije.zfp","NAME NOT FOUND","Length: 144"
"8714","6:05:08.3465576 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\riragije.zfp","NAME NOT FOUND","Length: 144"
"8715","6:05:08.3466112 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\frpcby.zfp","NAME NOT FOUND","Length: 144"
"8716","6:05:08.3466612 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\frpcby.zfp","NAME NOT FOUND","Length: 144"
"8717","6:05:08.3467171 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\Zvpebfbsg.ARG\Senzrjbex\i1.1.4322\zfpbepst.zfp","NAME NOT FOUND","Length: 144"
"8718","6:05:08.3467654 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\Zvpebfbsg.ARG\Senzrjbex\i1.1.4322\zfpbepst.zfp","NAME NOT FOUND","Length: 144"
"8719","6:05:08.3468202 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\Zvpebfbsg.ARG\Senzrjbex\i1.1.4322\PbasvtJvmneqf.rkr","NAME NOT FOUND","Length: 144"
"8720","6:05:08.3468694 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\Zvpebfbsg.ARG\Senzrjbex\i1.1.4322\PbasvtJvmneqf.rkr","NAME NOT FOUND","Length: 144"
"8721","6:05:08.3469205 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\creszba.zfp","NAME NOT FOUND","Length: 144"
"8722","6:05:08.3469708 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\creszba.zfp","NAME NOT FOUND","Length: 144"
"8723","6:05:08.3470247 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\freivprf.zfp","NAME NOT FOUND","Length: 144"
"8724","6:05:08.3470753 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\freivprf.zfp","NAME NOT FOUND","Length: 144"
"8725","6:05:08.3471320 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Zlguvpfbsg\Ntrag Enafnpx\NtragEnafnpx.rkr","NAME NOT FOUND","Length: 144"
"8726","6:05:08.3471853 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Zlguvpfbsg\Ntrag Enafnpx\NtragEnafnpx.rkr","NAME NOT FOUND","Length: 144"
"8727","6:05:08.3472437 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\NepFbsg\CubgbFghqvb 5.5\CubgbFghqvb.rkr","NAME NOT FOUND","Length: 144"
"8728","6:05:08.3472971 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\NepFbsg\CubgbFghqvb 5.5\CubgbFghqvb.rkr","NAME NOT FOUND","Length: 144"
"8729","6:05:08.3473541 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Tevfbsg\NIT Serr\nitpp.rkr","NAME NOT FOUND","Length: 144"
"8730","6:05:08.3474060 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Tevfbsg\NIT Serr\nitpp.rkr","NAME NOT FOUND","Length: 144"
"8731","6:05:08.3474630 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Tevfbsg\NIT Serr\nitj.rkr","NAME NOT FOUND","Length: 144"
"8732","6:05:08.3475153 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Tevfbsg\NIT Serr\nitj.rkr","NAME NOT FOUND","Length: 144"
"8733","6:05:08.3480229 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Tevfbsg\NIT Serr\nitii.rkr","NAME NOT FOUND","Length: 144"
"8734","6:05:08.3480796 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Tevfbsg\NIT Serr\nitii.rkr","NAME NOT FOUND","Length: 144"
"8735","6:05:08.3481368 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Oebnqpbz\ONPF\ONPF.rkr","NAME NOT FOUND","Length: 144"
"8736","6:05:08.3481891 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Oebnqpbz\ONPF\ONPF.rkr","NAME NOT FOUND","Length: 144"
"8737","6:05:08.3482475 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Pnaba\VWRERT\PnabFpna YvQR 70\VWRERT.rkr","NAME NOT FOUND","Length: 144"
"8738","6:05:08.3483008 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Pnaba\VWRERT\PnabFpna YvQR 70\VWRERT.rkr","NAME NOT FOUND","Length: 144"
"8739","6:05:08.3483592 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Pnaba\PnabFpna Gbbyobk Ire5.0\PFGObk.rkr","NAME NOT FOUND","Length: 144"
"8740","6:05:08.3484129 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Pnaba\PnabFpna Gbbyobk Ire5.0\PFGObk.rkr","NAME NOT FOUND","Length: 144"
"8741","6:05:08.3484718 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Qryy\Ynhapure\TZC\Ynhapure.rkr","NAME NOT FOUND","Length: 144"
"8742","6:05:08.3485252 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Qryy\Ynhapure\TZC\Ynhapure.rkr","NAME NOT FOUND","Length: 144"
"8743","6:05:08.3485824 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Qryy\Ynhapure\VFC\Ynhapure.rkr","NAME NOT FOUND","Length: 144"
"8744","6:05:08.3486361 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Qryy\Ynhapure\VFC\Ynhapure.rkr","NAME NOT FOUND","Length: 144"
"8745","6:05:08.3486928 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Qryy\Zrqvn Rkcrevrapr\QZK.rkr","NAME NOT FOUND","Length: 144"
"8746","6:05:08.3487461 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Qryy\Zrqvn Rkcrevrapr\QZK.rkr","NAME NOT FOUND","Length: 144"
"8747","6:05:08.3488054 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\JvyqGnatrag\Nccf\Qryy Tnzr Pbafbyr\TnzrPbafbyr.rkr","NAME NOT FOUND","Length: 144"
"8748","6:05:08.3488601 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\JvyqGnatrag\Nccf\Qryy Tnzr Pbafbyr\TnzrPbafbyr.rkr","NAME NOT FOUND","Length: 144"
"8749","6:05:08.3489233 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\JvyqGnatrag\Nccf\Qryy Tnzr Pbafbyr\Qbjaybnqf\Vafgnyyref\{989R4P3O-O2P9-4486-9N09-Q5N8S953837P}.rkr","NAME NOT FOUND","Length: 144"
"8750","6:05:08.3489788 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\JvyqGnatrag\Nccf\Qryy Tnzr Pbafbyr\Qbjaybnqf\Vafgnyyref\{989R4P3O-O2P9-4486-9N09-Q5N8S953837P}.rkr","NAME NOT FOUND","Length: 144"
"8751","6:05:08.3490423 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\JvyqGnatrag\Nccf\Qryy Tnzr Pbafbyr\Qbjaybnqf\Vafgnyyref\{P0N0NN4Q-P79O-48PN-8843-2O02O626P9R6}.rkr","NAME NOT FOUND","Length: 144"
"8752","6:05:08.3490979 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\JvyqGnatrag\Nccf\Qryy Tnzr Pbafbyr\Qbjaybnqf\Vafgnyyref\{P0N0NN4Q-P79O-48PN-8843-2O02O626P9R6}.rkr","NAME NOT FOUND","Length: 144"
"8753","6:05:08.3491610 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\JvyqGnatrag\Nccf\Qryy Tnzr Pbafbyr\Qbjaybnqf\Vafgnyyref\{Q1N6S3SQ-7O40-443S-8767-ONQO25N0Q222}.rkr","NAME NOT FOUND","Length: 144"
"8754","6:05:08.3492174 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\JvyqGnatrag\Nccf\Qryy Tnzr Pbafbyr\Qbjaybnqf\Vafgnyyref\{Q1N6S3SQ-7O40-443S-8767-ONQO25N0Q222}.rkr","NAME NOT FOUND","Length: 144"
"8755","6:05:08.3492803 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\JvyqGnatrag\Nccf\Qryy Tnzr Pbafbyr\Qbjaybnqf\Vafgnyyref\{R0814S95-5380-4892-O8P8-7SN4O349RS46}.rkr","NAME NOT FOUND","Length: 144"
"8756","6:05:08.3493359 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\JvyqGnatrag\Nccf\Qryy Tnzr Pbafbyr\Qbjaybnqf\Vafgnyyref\{R0814S95-5380-4892-O8P8-7SN4O349RS46}.rkr","NAME NOT FOUND","Length: 144"
"8757","6:05:08.3493990 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\JvyqGnatrag\Nccf\Qryy Tnzr Pbafbyr\Qbjaybnqf\Vafgnyyref\{6293OP00-4RO8-4P65-8548-53R2SP3OS937}.rkr","NAME NOT FOUND","Length: 144"
"8758","6:05:08.3494552 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\JvyqGnatrag\Nccf\Qryy Tnzr Pbafbyr\Qbjaybnqf\Vafgnyyref\{6293OP00-4RO8-4P65-8548-53R2SP3OS937}.rkr","NAME NOT FOUND","Length: 144"
"8759","6:05:08.3495183 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\JvyqGnatrag\Nccf\Qryy Tnzr Pbafbyr\Qbjaybnqf\Vafgnyyref\{P2Q8S0R2-6978-4409-8351-ON8785QN11RR}.rkr","NAME NOT FOUND","Length: 144"
"8760","6:05:08.3495770 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\JvyqGnatrag\Nccf\Qryy Tnzr Pbafbyr\Qbjaybnqf\Vafgnyyref\{P2Q8S0R2-6978-4409-8351-ON8785QN11RR}.rkr","NAME NOT FOUND","Length: 144"
"8761","6:05:08.3496407 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\JvyqGnatrag\Nccf\Qryy Tnzr Pbafbyr\Qbjaybnqf\Vafgnyyref\{26Q2P2P3-PS14-4RQ7-O1SP-0OR64NSON3O3}.rkr","NAME NOT FOUND","Length: 144"
"8762","6:05:08.3496968 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\JvyqGnatrag\Nccf\Qryy Tnzr Pbafbyr\Qbjaybnqf\Vafgnyyref\{26Q2P2P3-PS14-4RQ7-O1SP-0OR64NSON3O3}.rkr","NAME NOT FOUND","Length: 144"
"8763","6:05:08.3497591 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\JvyqGnatrag\Nccf\Qryy Tnzr Pbafbyr\Qbjaybnqf\Vafgnyyref\{651956O7-1969-42NN-9453-R0O813019Q54}.rkr","NAME NOT FOUND","Length: 144"
"8764","6:05:08.3498147 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\JvyqGnatrag\Nccf\Qryy Tnzr Pbafbyr\Qbjaybnqf\Vafgnyyref\{651956O7-1969-42NN-9453-R0O813019Q54}.rkr","NAME NOT FOUND","Length: 144"
"8765","6:05:08.3498781 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\JvyqGnatrag\Nccf\Qryy Tnzr Pbafbyr\Qbjaybnqf\Vafgnyyref\{6O6N7665-QO48-4762-NO5Q-ORRO9R1PQ7SN}.rkr","NAME NOT FOUND","Length: 144"
"8766","6:05:08.3499343 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\JvyqGnatrag\Nccf\Qryy Tnzr Pbafbyr\Qbjaybnqf\Vafgnyyref\{6O6N7665-QO48-4762-NO5Q-ORRO9R1PQ7SN}.rkr","NAME NOT FOUND","Length: 144"
"8767","6:05:08.3499982 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\JvyqGnatrag\Nccf\Qryy Tnzr Pbafbyr\Qbjaybnqf\Vafgnyyref\{3P48S877-N164-45R9-O9QN-26N049SSP207}.rkr","NAME NOT FOUND","Length: 144"
"8768","6:05:08.3500541 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\JvyqGnatrag\Nccf\Qryy Tnzr Pbafbyr\Qbjaybnqf\Vafgnyyref\{3P48S877-N164-45R9-O9QN-26N049SSP207}.rkr","NAME NOT FOUND","Length: 144"
"8769","6:05:08.3501111 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Qryy Fhccbeg\QFOejf.rkr","NAME NOT FOUND","Length: 144"
"8770","6:05:08.3501645 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Qryy Fhccbeg\QFOejf.rkr","NAME NOT FOUND","Length: 144"
"8771","6:05:08.3502229 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\QryyPbaarpg\Ova\Ynhapu.rkr","NAME NOT FOUND","Length: 144"
"8772","6:05:08.3502762 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\QryyPbaarpg\Ova\Ynhapu.rkr","NAME NOT FOUND","Length: 144"
"8773","6:05:08.3503324 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Rhqben-arj-\Rhqben.rkr","SUCCESS","Type: REG_BINARY, Length: 16, Data: A7 00 00 00 09 00 00 00 D0 C1 1A CF 09 A7 C7 01"
"8774","6:05:08.3503782 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Rhqben-arj-\Rhqben.rkr","SUCCESS","Type: REG_BINARY, Length: 16, Data: A7 00 00 00 09 00 00 00 D0 C1 1A CF 09 A7 C7 01"
"8775","6:05:08.3504285 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Sbkvg Fbsgjner\Sbkvg Ernqre\Sbkvg Ernqre.rkr","NAME NOT FOUND","Length: 144"
"8776","6:05:08.3504829 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Sbkvg Fbsgjner\Sbkvg Ernqre\Sbkvg Ernqre.rkr","NAME NOT FOUND","Length: 144"
"8777","6:05:08.3505394 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\serrpryy.rkr","SUCCESS","Type: REG_BINARY, Length: 16, Data: A7 00 00 00 06 00 00 00 40 E7 48 85 FE A6 C7 01"
"8778","6:05:08.3505821 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\serrpryy.rkr","SUCCESS","Type: REG_BINARY, Length: 16, Data: A7 00 00 00 06 00 00 00 40 E7 48 85 FE A6 C7 01"
"8779","6:05:08.3506380 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\zfurnegf.rkr","NAME NOT FOUND","Length: 144"
"8780","6:05:08.3506900 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\zfurnegf.rkr","NAME NOT FOUND","Length: 144"
"8781","6:05:08.3507467 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\ZFA Tnzvat Mbar\Jvaqbjf\opxtmz.rkr","NAME NOT FOUND","Length: 144"
"8782","6:05:08.3508009 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\ZFA Tnzvat Mbar\Jvaqbjf\opxtmz.rkr","NAME NOT FOUND","Length: 144"
"8783","6:05:08.3508593 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\ZFA Tnzvat Mbar\Jvaqbjf\puxemz.rkr","NAME NOT FOUND","Length: 144"
"8784","6:05:08.3509238 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\ZFA Tnzvat Mbar\Jvaqbjf\puxemz.rkr","NAME NOT FOUND","Length: 144"
"8785","6:05:08.3509889 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\ZFA Tnzvat Mbar\Jvaqbjf\uegmmz.rkr","NAME NOT FOUND","Length: 144"
"8786","6:05:08.3510730 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\ZFA Tnzvat Mbar\Jvaqbjf\uegmmz.rkr","NAME NOT FOUND","Length: 144"
"8787","6:05:08.3511610 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\ZFA Tnzvat Mbar\Jvaqbjf\Eifrmz.rkr","NAME NOT FOUND","Length: 144"
"8788","6:05:08.3512196 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\ZFA Tnzvat Mbar\Jvaqbjf\Eifrmz.rkr","NAME NOT FOUND","Length: 144"
"8789","6:05:08.3513135 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\ZFA Tnzvat Mbar\Jvaqbjf\fuiymz.rkr","NAME NOT FOUND","Length: 144"
"8790","6:05:08.3513741 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\ZFA Tnzvat Mbar\Jvaqbjf\fuiymz.rkr","NAME NOT FOUND","Length: 144"
"8791","6:05:08.3514347 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\jvazvar.rkr","NAME NOT FOUND","Length: 144"
"8792","6:05:08.3514864 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\jvazvar.rkr","NAME NOT FOUND","Length: 144"
"8793","6:05:08.3515431 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Jvaqbjf AG\Cvaonyy\CVAONYY.RKR","NAME NOT FOUND","Length: 144"
"8794","6:05:08.3515973 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Jvaqbjf AG\Cvaonyy\CVAONYY.RKR","NAME NOT FOUND","Length: 144"
"8795","6:05:08.3516535 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\fby.rkr","SUCCESS","Type: REG_BINARY, Length: 16, Data: A7 00 00 00 06 00 00 00 B0 20 57 BA 5D A6 C7 01"
"8796","6:05:08.3516887 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\fby.rkr","SUCCESS","Type: REG_BINARY, Length: 16, Data: A7 00 00 00 06 00 00 00 B0 20 57 BA 5D A6 C7 01"
"8797","6:05:08.3517334 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\fcvqre.rkr","SUCCESS","Type: REG_BINARY, Length: 16, Data: A7 00 00 00 07 00 00 00 C0 D2 C1 B7 00 A7 C7 01"
"8798","6:05:08.3517680 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\fcvqre.rkr","SUCCESS","Type: REG_BINARY, Length: 16, Data: A7 00 00 00 07 00 00 00 C0 D2 C1 B7 00 A7 C7 01"
"8799","6:05:08.3518113 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\VesnaIvrj\v_ivrj32.rkr","SUCCESS","Type: REG_BINARY, Length: 16, Data: A7 00 00 00 06 00 00 00 A0 4D 7A D3 54 A6 C7 01"
"8800","6:05:08.3518409 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\VesnaIvrj\v_ivrj32.rkr","SUCCESS","Type: REG_BINARY, Length: 16, Data: A7 00 00 00 06 00 00 00 A0 4D 7A D3 54 A6 C7 01"
"8801","6:05:08.3518817 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Yninfbsg\Nq-Njner FR Crefbany\Nq-Njner.rkr","SUCCESS","Type: REG_BINARY, Length: 16, Data: A7 00 00 00 06 00 00 00 80 B0 21 11 55 A6 C7 01"
"8802","6:05:08.3519158 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Yninfbsg\Nq-Njner FR Crefbany\Nq-Njner.rkr","SUCCESS","Type: REG_BINARY, Length: 16, Data: A7 00 00 00 06 00 00 00 80 B0 21 11 55 A6 C7 01"
"8803","6:05:08.3519591 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\fcbby\qeviref\j32k86\3\YKNKCFJK.RKR","NAME NOT FOUND","Length: 144"
"8804","6:05:08.3520122 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\fcbby\qeviref\j32k86\3\YKNKCFJK.RKR","NAME NOT FOUND","Length: 144"
"8805","6:05:08.3520697 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\purpxref\Purpxref.rkr","SUCCESS","Type: REG_BINARY, Length: 16, Data: A7 00 00 00 06 00 00 00 E0 86 29 23 5A A6 C7 01"
"8806","6:05:08.3521080 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\purpxref\Purpxref.rkr","SUCCESS","Type: REG_BINARY, Length: 16, Data: A7 00 00 00 06 00 00 00 E0 86 29 23 5A A6 C7 01"
"8807","6:05:08.3521530 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\uu.rkr","SUCCESS","Type: REG_BINARY, Length: 16, Data: A8 00 00 00 06 00 00 00 F0 D1 AF 11 61 A7 C7 01"
"8808","6:05:08.3522027 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\uu.rkr","SUCCESS","Type: REG_BINARY, Length: 16, Data: A8 00 00 00 06 00 00 00 F0 D1 AF 11 61 A7 C7 01"
"8809","6:05:08.3522619 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Zvpebfbsg Bssvpr\BSSVPR11\RKPRY.RKR","NAME NOT FOUND","Length: 144"
"8810","6:05:08.3523167 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Zvpebfbsg Bssvpr\BSSVPR11\RKPRY.RKR","NAME NOT FOUND","Length: 144"
"8811","6:05:08.3523762 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Zvpebfbsg Bssvpr\BSSVPR11\BHGYBBX.RKR","NAME NOT FOUND","Length: 144"
"8812","6:05:08.3524304 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Zvpebfbsg Bssvpr\BSSVPR11\BHGYBBX.RKR","NAME NOT FOUND","Length: 144"
"8813","6:05:08.3524888 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Zvpebfbsg Bssvpr\BSSVPR11\CBJRECAG.RKR","NAME NOT FOUND","Length: 144"
"8814","6:05:08.3525433 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Zvpebfbsg Bssvpr\BSSVPR11\CBJRECAG.RKR","NAME NOT FOUND","Length: 144"
"8815","6:05:08.3526017 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Zvpebfbsg Bssvpr\BSSVPR11\ZFCHO.RKR","NAME NOT FOUND","Length: 144"
"8816","6:05:08.3526838 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Zvpebfbsg Bssvpr\BSSVPR11\ZFCHO.RKR","NAME NOT FOUND","Length: 144"
"8817","6:05:08.3527433 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Zvpebfbsg Bssvpr\BSSVPR11\JVAJBEQ.RKR","NAME NOT FOUND","Length: 144"
"8818","6:05:08.3527972 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Zvpebfbsg Bssvpr\BSSVPR11\JVAJBEQ.RKR","NAME NOT FOUND","Length: 144"
"8819","6:05:08.3528553 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Zvpebfbsg Bssvpr\BSSVPR11\FRYSPREG.RKR","NAME NOT FOUND","Length: 144"
"8820","6:05:08.3529098 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Zvpebfbsg Bssvpr\BSSVPR11\FRYSPREG.RKR","NAME NOT FOUND","Length: 144"
"8821","6:05:08.3529685 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Zvpebfbsg Bssvpr\BSSVPR11\ZFGBER.RKR","NAME NOT FOUND","Length: 144"
"8822","6:05:08.3530227 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Zvpebfbsg Bssvpr\BSSVPR11\ZFGBER.RKR","NAME NOT FOUND","Length: 144"
"8823","6:05:08.3530808 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Zvpebfbsg Bssvpr\BSSVPR11\FRGYNAT.RKR","NAME NOT FOUND","Length: 144"
"8824","6:05:08.3531344 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Zvpebfbsg Bssvpr\BSSVPR11\FRGYNAT.RKR","NAME NOT FOUND","Length: 144"
"8825","6:05:08.3531928 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Zvpebfbsg Bssvpr\BSSVPR11\CEBSYJVM.RKR","NAME NOT FOUND","Length: 144"
"8826","6:05:08.3532467 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Zvpebfbsg Bssvpr\BSSVPR11\CEBSYJVM.RKR","NAME NOT FOUND","Length: 144"
"8827","6:05:08.3533062 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Pbzzba Svyrf\Zvpebfbsg Funerq\QJ\QJ20.RKR","NAME NOT FOUND","Length: 144"
"8828","6:05:08.3533607 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Pbzzba Svyrf\Zvpebfbsg Funerq\QJ\QJ20.RKR","NAME NOT FOUND","Length: 144"
"8829","6:05:08.3534202 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Pbzzba Svyrf\Zvpebfbsg Funerq\ZBQV\11.0\ZFCIVRJ.RKR","NAME NOT FOUND","Length: 144"
"8830","6:05:08.3534744 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Pbzzba Svyrf\Zvpebfbsg Funerq\ZBQV\11.0\ZFCIVRJ.RKR","NAME NOT FOUND","Length: 144"
"8831","6:05:08.3535336 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Pbzzba Svyrf\Zvpebfbsg Funerq\ZBQV\11.0\ZFCFPNA.RKR","NAME NOT FOUND","Length: 144"
"8832","6:05:08.3535884 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Pbzzba Svyrf\Zvpebfbsg Funerq\ZBQV\11.0\ZFCFPNA.RKR","NAME NOT FOUND","Length: 144"
"8833","6:05:08.3536462 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Zvpebfbsg Bssvpr\BSSVPR11\BVF.RKR","NAME NOT FOUND","Length: 144"
"8834","6:05:08.3537004 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Zvpebfbsg Bssvpr\BSSVPR11\BVF.RKR","NAME NOT FOUND","Length: 144"
"8835","6:05:08.3537585 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Zvpebfbsg Ivfhny Fghqvb\IO98\IO6.RKR","NAME NOT FOUND","Length: 144"
"8836","6:05:08.3538133 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Zvpebfbsg Ivfhny Fghqvb\IO98\IO6.RKR","NAME NOT FOUND","Length: 144"
"8837","6:05:08.3538750 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Zvpebfbsg Ivfhny Fghqvb\PBZZBA\Gbbyf\Jvancv\NCVYBNQ.RKR","NAME NOT FOUND","Length: 144"
"8838","6:05:08.3539306 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Zvpebfbsg Ivfhny Fghqvb\PBZZBA\Gbbyf\Jvancv\NCVYBNQ.RKR","NAME NOT FOUND","Length: 144"
"8839","6:05:08.3539918 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Zvpebfbsg Ivfhny Fghqvb\IO98\Jvmneqf\CQJvmneq\CQPZQYA.RKR","NAME NOT FOUND","Length: 144"
"8840","6:05:08.3540502 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Zvpebfbsg Ivfhny Fghqvb\IO98\Jvmneqf\CQJvmneq\CQPZQYA.RKR","NAME NOT FOUND","Length: 144"
"8841","6:05:08.3541113 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Pbzzba Svyrf\Zvpebfbsg Funerq\Jbexf Funerq\jxfpny.rkr","NAME NOT FOUND","Length: 144"
"8842","6:05:08.3541667 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Pbzzba Svyrf\Zvpebfbsg Funerq\Jbexf Funerq\jxfpny.rkr","NAME NOT FOUND","Length: 144"
"8843","6:05:08.3542239 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Zvpebfbsg Jbexf\jxfqo.rkr","NAME NOT FOUND","Length: 144"
"8844","6:05:08.3542778 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Zvpebfbsg Jbexf\jxfqo.rkr","NAME NOT FOUND","Length: 144"
"8845","6:05:08.3543354 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Zvpebfbsg Jbexf\jxffo.rkr","NAME NOT FOUND","Length: 144"
"8846","6:05:08.3543890 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Zvpebfbsg Jbexf\jxffo.rkr","NAME NOT FOUND","Length: 144"
"8847","6:05:08.3544469 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Zvpebfbsg Jbexf\jxfff.rkr","NAME NOT FOUND","Length: 144"
"8848","6:05:08.3545008 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Zvpebfbsg Jbexf\jxfff.rkr","NAME NOT FOUND","Length: 144"
"8849","6:05:08.3545586 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Zvpebfbsg Jbexf\jxfjc.rkr","NAME NOT FOUND","Length: 144"
"8850","6:05:08.3546122 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Zvpebfbsg Jbexf\jxfjc.rkr","NAME NOT FOUND","Length: 144"
"8851","6:05:08.3546701 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Zbmvyyn Sversbk\sversbk.rkr","NAME NOT FOUND","Length: 144"
"8852","6:05:08.3547240 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Zbmvyyn Sversbk\sversbk.rkr","NAME NOT FOUND","Length: 144"
"8853","6:05:08.3547810 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\ArgJnvgvat\ArgJnvgvat.rkr","NAME NOT FOUND","Length: 144"
"8854","6:05:08.3548346 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\ArgJnvgvat\ArgJnvgvat.rkr","NAME NOT FOUND","Length: 144"
"8855","6:05:08.3548913 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\GjrnxHV.rkr","NAME NOT FOUND","Length: 144"
"8856","6:05:08.3549425 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\GjrnxHV.rkr","NAME NOT FOUND","Length: 144"
"8857","6:05:08.3549992 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\ArjFbsg\Cerfgb! CntrZnantre 7.15\Pbaireg.rkr","NAME NOT FOUND","Length: 144"
"8858","6:05:08.3550534 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\ArjFbsg\Cerfgb! CntrZnantre 7.15\Pbaireg.rkr","NAME NOT FOUND","Length: 144"
"8859","6:05:08.3551439 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\ArjFbsg\Cerfgb! CntrZnantre 7.15\Cerfgbcz.rkr","NAME NOT FOUND","Length: 144"
"8860","6:05:08.3551997 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\ArjFbsg\Cerfgb! CntrZnantre 7.15\Cerfgbcz.rkr","NAME NOT FOUND","Length: 144"
"8861","6:05:08.3552587 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\DhvpxGvzr\DhvpxGvzrCynlre.rkr","NAME NOT FOUND","Length: 144"
"8862","6:05:08.3553129 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\DhvpxGvzr\DhvpxGvzrCynlre.rkr","NAME NOT FOUND","Length: 144"
"8863","6:05:08.3553707 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\DhvpxGvzr\DhvpxGvzrHcqngre.rkr","NAME NOT FOUND","Length: 144"
"8864","6:05:08.3554249 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\DhvpxGvzr\DhvpxGvzrHcqngre.rkr","NAME NOT FOUND","Length: 144"
"8865","6:05:08.3554822 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Erny\ErnyCynlre\ernycynl.rkr","NAME NOT FOUND","Length: 144"
"8866","6:05:08.3555358 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Erny\ErnyCynlre\ernycynl.rkr","NAME NOT FOUND","Length: 144"
"8867","6:05:08.3555959 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Pbzzba Svyrf\Fbavp Funerq\Fbavp Prageny\Znva\Zrqvnuho.rkr","NAME NOT FOUND","Length: 144"
"8868","6:05:08.3556509 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Pbzzba Svyrf\Fbavp Funerq\Fbavp Prageny\Znva\Zrqvnuho.rkr","NAME NOT FOUND","Length: 144"
"8869","6:05:08.3557076 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Ebkvb\ZlQIQ\ZlQIQ.RKR","NAME NOT FOUND","Length: 144"
"8870","6:05:08.3557615 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Ebkvb\ZlQIQ\ZlQIQ.RKR","NAME NOT FOUND","Length: 144"
"8871","6:05:08.3558194 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\FpnaFbsg\BzavCntrFR4.0\BzavCntr.rkr","NAME NOT FOUND","Length: 144"
"8872","6:05:08.3558739 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\FpnaFbsg\BzavCntrFR4.0\BzavCntr.rkr","NAME NOT FOUND","Length: 144"
"8873","6:05:08.3559325 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Fvzcyr Fhqbxh\fvzcyrfhqbxh.rkr","SUCCESS","Type: REG_BINARY, Length: 16, Data: A7 00 00 00 08 00 00 00 A0 1D 39 AF 1B A7 C7 01"
"8874","6:05:08.3559697 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Fvzcyr Fhqbxh\fvzcyrfhqbxh.rkr","SUCCESS","Type: REG_BINARY, Length: 16, Data: A7 00 00 00 08 00 00 00 A0 1D 39 AF 1B A7 C7 01"
"8875","6:05:08.3560158 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Fxlcr\Cubar\Fxlcr.rkr","NAME NOT FOUND","Length: 144"
"8876","6:05:08.3560694 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Fxlcr\Cubar\Fxlcr.rkr","NAME NOT FOUND","Length: 144"
"8877","6:05:08.3561270 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Fclobg - Frnepu & Qrfgebl\FclobgFQ.rkr","SUCCESS","Type: REG_BINARY, Length: 16, Data: A7 00 00 00 06 00 00 00 40 D8 F7 57 55 A6 C7 01"
"8878","6:05:08.3561613 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Fclobg - Frnepu & Qrfgebl\FclobgFQ.rkr","SUCCESS","Type: REG_BINARY, Length: 16, Data: A7 00 00 00 06 00 00 00 40 D8 F7 57 55 A6 C7 01"
"8879","6:05:08.3562055 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\FcljnerOynfgre\fcljneroynfgre.rkr","SUCCESS","Type: REG_BINARY, Length: 16, Data: A7 00 00 00 06 00 00 00 60 1A 96 B5 56 A6 C7 01"
"8880","6:05:08.3562407 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\FcljnerOynfgre\fcljneroynfgre.rkr","SUCCESS","Type: REG_BINARY, Length: 16, Data: A7 00 00 00 06 00 00 00 60 1A 96 B5 56 A6 C7 01"
"8881","6:05:08.3562834 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\FcljnerOynfgre\fonhgbhcqngr.rkr","NAME NOT FOUND","Length: 144"
"8882","6:05:08.3563384 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\FcljnerOynfgre\fonhgbhcqngr.rkr","NAME NOT FOUND","Length: 144"
"8883","6:05:08.3563971 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\GheobGnk\Onfvp 2006\32ovg\ggnk.rkr","NAME NOT FOUND","Length: 144"
"8884","6:05:08.3564507 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\GheobGnk\Onfvp 2006\32ovg\ggnk.rkr","NAME NOT FOUND","Length: 144"
"8885","6:05:08.3565086 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\GheobGnk\Onfvp 2006\32ovg\hcqngrzte.rkr","NAME NOT FOUND","Length: 144"
"8886","6:05:08.3565622 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\GheobGnk\Onfvp 2006\32ovg\hcqngrzte.rkr","NAME NOT FOUND","Length: 144"
"8887","6:05:08.3566212 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Jvaqbjf Cyhf\Nhqvb Pbairegre\NhqvbPbairegre.rkr","NAME NOT FOUND","Length: 144"
"8888","6:05:08.3566759 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Jvaqbjf Cyhf\Nhqvb Pbairegre\NhqvbPbairegre.rkr","NAME NOT FOUND","Length: 144"
"8889","6:05:08.3567332 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Jvaqbjf Cyhf\PQYZ\PQYZ.rkr","NAME NOT FOUND","Length: 144"
"8890","6:05:08.3567871 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Jvaqbjf Cyhf\PQYZ\PQYZ.rkr","NAME NOT FOUND","Length: 144"
"8891","6:05:08.3568444 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Jvaqbjf Cyhf\Qnapre\Qnapre.rkr","NAME NOT FOUND","Length: 144"
"8892","6:05:08.3568983 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Jvaqbjf Cyhf\Qnapre\Qnapre.rkr","NAME NOT FOUND","Length: 144"
"8893","6:05:08.3569570 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Jvaqbjf Cyhf\Cnegl Zbqr\CneglZbqr.rkr","NAME NOT FOUND","Length: 144"
"8894","6:05:08.3570112 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Jvaqbjf Cyhf\Cnegl Zbqr\CneglZbqr.rkr","NAME NOT FOUND","Length: 144"
"8895","6:05:08.3570695 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Mbar Ynof\MbarNynez\mypyvrag.rkr","NAME NOT FOUND","Length: 144"
"8896","6:05:08.3571237 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Mbar Ynof\MbarNynez\mypyvrag.rkr","NAME NOT FOUND","Length: 144"
"8897","6:05:08.3571813 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Mbar Ynof\MbarNynez\mnghgbe.rkr","NAME NOT FOUND","Length: 144"
"8898","6:05:08.3572349 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Cebtenz Svyrf\Mbar Ynof\MbarNynez\mnghgbe.rkr","NAME NOT FOUND","Length: 144"
"8899","6:05:09.0984263 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"8900","6:05:09.0984562 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"8905","6:05:09.0988591 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS","Desired Access: Read"
"8906","6:05:09.0989323 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\EnableDHCP","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"8907","6:05:09.0989571 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseObtainedTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181037018"
"8908","6:05:09.0989831 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseTerminatesTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181123418"
"8909","6:05:09.0990060 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"8910","6:05:09.0990284 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"8911","6:05:09.0990672 AM","Explorer.EXE","1696","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS",""
"8912","6:05:09.0992910 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"8913","6:05:09.0993102 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"8918","6:05:09.0995935 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS","Desired Access: Read"
"8919","6:05:09.0996452 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\EnableDHCP","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"8920","6:05:09.0996662 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseObtainedTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181037018"
"8921","6:05:09.0996885 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseTerminatesTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181123418"
"8922","6:05:09.0997097 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"8923","6:05:09.0997312 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"8924","6:05:09.0997603 AM","Explorer.EXE","1696","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS",""
"8925","6:05:09.0998989 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS","Desired Access: Query Value"
"8926","6:05:09.0999464 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\AddressType","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"8927","6:05:09.0999771 AM","Explorer.EXE","1696","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS",""
"9014","6:05:10.0984640 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"9015","6:05:10.0984914 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"9020","6:05:10.0989376 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS","Desired Access: Read"
"9021","6:05:10.0990300 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\EnableDHCP","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"9022","6:05:10.0990605 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseObtainedTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181037018"
"9023","6:05:10.0990862 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseTerminatesTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181123418"
"9024","6:05:10.0991097 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"9025","6:05:10.0991334 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"9026","6:05:10.0991764 AM","Explorer.EXE","1696","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS",""
"9027","6:05:10.0995228 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"9028","6:05:10.0995432 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"9033","6:05:10.0998698 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS","Desired Access: Read"
"9034","6:05:10.0999229 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\EnableDHCP","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"9035","6:05:10.0999458 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseObtainedTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181037018"
"9036","6:05:10.0999679 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseTerminatesTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181123418"
"9037","6:05:10.0999899 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"9038","6:05:10.1000114 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"9039","6:05:10.1000402 AM","Explorer.EXE","1696","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS",""
"9040","6:05:10.1001844 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS","Desired Access: Query Value"
"9041","6:05:10.1002333 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\AddressType","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"9042","6:05:10.1002646 AM","Explorer.EXE","1696","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS",""
"9070","6:05:11.0984744 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"9071","6:05:11.0985034 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"9076","6:05:11.0988884 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS","Desired Access: Read"
"9077","6:05:11.0989616 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\EnableDHCP","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"9078","6:05:11.0989865 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseObtainedTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181037018"
"9079","6:05:11.0990124 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseTerminatesTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181123418"
"9080","6:05:11.0990353 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"9081","6:05:11.0990583 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"9082","6:05:11.0990976 AM","Explorer.EXE","1696","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS",""
"9083","6:05:11.0993298 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"9084","6:05:11.0993482 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"9089","6:05:11.0996293 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS","Desired Access: Read"
"9090","6:05:11.0996812 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\EnableDHCP","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"9091","6:05:11.0997036 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseObtainedTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181037018"
"9092","6:05:11.0997254 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseTerminatesTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181123418"
"9093","6:05:11.0997472 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"9094","6:05:11.0997678 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"9095","6:05:11.0997975 AM","Explorer.EXE","1696","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS",""
"9096","6:05:11.0999349 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS","Desired Access: Query Value"
"9097","6:05:11.0999821 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\AddressType","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"9098","6:05:11.1000123 AM","Explorer.EXE","1696","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS",""
"9100","6:05:11.2903393 AM","winlogon.exe","676","RegOpenKey","HKCU","SUCCESS","Desired Access: Read"
"9101","6:05:11.2903884 AM","winlogon.exe","676","RegOpenKey","HKCU\AppEvents\Schemes\Apps\.Default\MenuPopup\.Current","SUCCESS","Desired Access: Read"
"9102","6:05:11.2904301 AM","winlogon.exe","676","RegQueryValue","HKCU\AppEvents\Schemes\Apps\.Default\MenuPopup\.Current\(Default)","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"9103","6:05:11.2904681 AM","winlogon.exe","676","RegCloseKey","HKCU\AppEvents\Schemes\Apps\.Default\MenuPopup\.Current","SUCCESS",""
"9104","6:05:11.2904910 AM","winlogon.exe","676","RegCloseKey","HKCU","SUCCESS",""
"9105","6:05:11.2905239 AM","winlogon.exe","676","RegOpenKey","HKCU","SUCCESS","Desired Access: Read"
"9106","6:05:11.2905544 AM","winlogon.exe","676","RegOpenKey","HKCU\AppEvents\Schemes\Apps\.Default\MenuPopup\.Current\Active","NAME NOT FOUND","Desired Access: Read"
"9107","6:05:11.2905770 AM","winlogon.exe","676","RegQueryValue","HKCU\(Default)","NAME NOT FOUND","Length: 536"
"9108","6:05:11.2905971 AM","winlogon.exe","676","RegCloseKey","HKCU","SUCCESS",""
"9109","6:05:11.2906142 AM","winlogon.exe","676","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion","SUCCESS","Desired Access: Read"
"9110","6:05:11.2906527 AM","winlogon.exe","676","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Software\Microsoft\Windows\CurrentVersion","NAME NOT FOUND","Desired Access: Read"
"9111","6:05:11.2906751 AM","winlogon.exe","676","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\MediaPath","SUCCESS","Type: REG_SZ, Length: 34, Data: C:\WINDOWS\Media"
"9112","6:05:11.2907024 AM","winlogon.exe","676","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion","SUCCESS",""
"9113","6:05:12.0984897 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"9114","6:05:12.0985188 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"9119","6:05:12.0989110 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS","Desired Access: Read"
"9120","6:05:12.0989828 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\EnableDHCP","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"9121","6:05:12.0990077 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseObtainedTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181037018"
"9122","6:05:12.0990331 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseTerminatesTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181123418"
"9123","6:05:12.0990563 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"9124","6:05:12.0990789 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"9125","6:05:12.0991175 AM","Explorer.EXE","1696","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS",""
"9126","6:05:12.0993435 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"9127","6:05:12.0993622 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"9132","6:05:12.0996491 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS","Desired Access: Read"
"9133","6:05:12.0997016 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\EnableDHCP","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"9134","6:05:12.0997237 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseObtainedTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181037018"
"9135","6:05:12.0997461 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseTerminatesTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181123418"
"9136","6:05:12.0997681 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"9137","6:05:12.0997888 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"9138","6:05:12.0998190 AM","Explorer.EXE","1696","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS",""
"9139","6:05:12.0999550 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS","Desired Access: Query Value"
"9140","6:05:12.1000033 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\AddressType","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"9141","6:05:12.1000335 AM","Explorer.EXE","1696","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS",""
"9142","6:05:13.0986113 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"9143","6:05:13.0986400 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"9148","6:05:13.0990208 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS","Desired Access: Read"
"9149","6:05:13.0990935 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\EnableDHCP","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"9150","6:05:13.0991172 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseObtainedTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181037018"
"9151","6:05:13.0991437 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseTerminatesTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181123418"
"9152","6:05:13.0991666 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"9153","6:05:13.0991896 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"9154","6:05:13.0992275 AM","Explorer.EXE","1696","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS",""
"9155","6:05:13.0994519 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"9156","6:05:13.0994706 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"9161","6:05:13.0997698 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS","Desired Access: Read"
"9162","6:05:13.0998209 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\EnableDHCP","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"9163","6:05:13.0998430 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseObtainedTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181037018"
"9164","6:05:13.0998651 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseTerminatesTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181123418"
"9165","6:05:13.0998866 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"9166","6:05:13.0999075 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"9167","6:05:13.0999366 AM","Explorer.EXE","1696","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS",""
"9168","6:05:13.1000746 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS","Desired Access: Query Value"
"9169","6:05:13.1001215 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\AddressType","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"9170","6:05:13.1001522 AM","Explorer.EXE","1696","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS",""
"9172","6:05:13.7936094 AM","winlogon.exe","676","RegOpenKey","HKCU","SUCCESS","Desired Access: Read"
"9173","6:05:13.7936658 AM","winlogon.exe","676","RegOpenKey","HKCU\AppEvents\Schemes\Apps\.Default\MenuCommand\.Current","SUCCESS","Desired Access: Read"
"9174","6:05:13.7937099 AM","winlogon.exe","676","RegQueryValue","HKCU\AppEvents\Schemes\Apps\.Default\MenuCommand\.Current\(Default)","SUCCESS","Type: REG_SZ, Length: 2, Data: "
"9175","6:05:13.7937535 AM","winlogon.exe","676","RegCloseKey","HKCU\AppEvents\Schemes\Apps\.Default\MenuCommand\.Current","SUCCESS",""
"9176","6:05:13.7937767 AM","winlogon.exe","676","RegCloseKey","HKCU","SUCCESS",""
"9177","6:05:13.7938105 AM","winlogon.exe","676","RegOpenKey","HKCU","SUCCESS","Desired Access: Read"
"9178","6:05:13.7938418 AM","winlogon.exe","676","RegOpenKey","HKCU\AppEvents\Schemes\Apps\.Default\MenuCommand\.Current\Active","NAME NOT FOUND","Desired Access: Read"
"9179","6:05:13.7938647 AM","winlogon.exe","676","RegQueryValue","HKCU\(Default)","NAME NOT FOUND","Length: 536"
"9180","6:05:13.7938851 AM","winlogon.exe","676","RegCloseKey","HKCU","SUCCESS",""
"9181","6:05:13.7939022 AM","winlogon.exe","676","RegOpenKey","HKLM\Software\Microsoft\Windows\CurrentVersion","SUCCESS","Desired Access: Read"
"9182","6:05:13.7939390 AM","winlogon.exe","676","RegOpenKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Software\Microsoft\Windows\CurrentVersion","NAME NOT FOUND","Desired Access: Read"
"9183","6:05:13.7939619 AM","winlogon.exe","676","RegQueryValue","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\MediaPath","SUCCESS","Type: REG_SZ, Length: 34, Data: C:\WINDOWS\Media"
"9184","6:05:13.7939893 AM","winlogon.exe","676","RegCloseKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion","SUCCESS",""
"9317","6:05:13.8282314 AM","csrss.exe","652","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"9318","6:05:13.8287890 AM","csrss.exe","652","CreateFile","C:\WINDOWS\WinSxS\Policies\x86_Policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_en-US_580a28ff","NAME NOT FOUND","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: BOOMER\Harold Dinsmore"
"9319","6:05:13.8292147 AM","csrss.exe","652","CreateFile","C:\WINDOWS\assembly\GAC\Policy.6.0.Microsoft.Windows.Common-Controls","NAME NOT FOUND","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: BOOMER\Harold Dinsmore"
"9320","6:05:13.8295958 AM","csrss.exe","652","QueryOpen","C:\WINDOWS\system32\en-US","SUCCESS","CreationTime: 1/20/2007 11:49:14 AM, LastAccessTime: 6/5/2007 6:02:55 AM, LastWriteTime: 2/14/2007 6:12:28 AM, ChangeTime: 3/31/2007 5:58:24 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"9321","6:05:13.8298567 AM","csrss.exe","652","QueryOpen","C:\WINDOWS\system32\en","NAME NOT FOUND",""
"9322","6:05:13.8300576 AM","csrss.exe","652","QueryOpen","C:\WINDOWS\system32","SUCCESS","CreationTime: 8/16/2005 4:22:46 AM, LastAccessTime: 6/5/2007 6:05:13 AM, LastWriteTime: 6/5/2007 5:26:16 AM, ChangeTime: 6/5/2007 5:26:16 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"9323","6:05:13.8302403 AM","csrss.exe","652","QueryOpen","C:\WINDOWS\system32","SUCCESS","CreationTime: 8/16/2005 4:22:46 AM, LastAccessTime: 6/5/2007 6:05:13 AM, LastWriteTime: 6/5/2007 5:26:16 AM, ChangeTime: 6/5/2007 5:26:16 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D"
"9324","6:05:13.8304780 AM","csrss.exe","652","QueryOpen","C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_en-US_f6b1e800.Manifest","NAME NOT FOUND",""
"9325","6:05:13.8306303 AM","csrss.exe","652","QueryOpen","C:\WINDOWS\assembly\GAC\Microsoft.Windows.Common-Controls\6.0.0.0_en-US_6595b64144ccf1df\Microsoft.Windows.Common-Controls.DLL","PATH NOT FOUND",""
"9326","6:05:13.8308951 AM","csrss.exe","652","QueryOpen","C:\WINDOWS\system32\en-US\Microsoft.Windows.Common-Controls.DLL","NAME NOT FOUND",""
"9327","6:05:13.8311566 AM","csrss.exe","652","QueryOpen","C:\WINDOWS\system32\en-US\Microsoft.Windows.Common-Controls.MANIFEST","NAME NOT FOUND",""
"9328","6:05:13.8312575 AM","csrss.exe","652","QueryOpen","C:\WINDOWS\system32\en-US\Microsoft.Windows.Common-Controls\Microsoft.Windows.Common-Controls.DLL","PATH NOT FOUND",""
"9329","6:05:13.8313558 AM","csrss.exe","652","QueryOpen","C:\WINDOWS\system32\en-US\Microsoft.Windows.Common-Controls\Microsoft.Windows.Common-Controls.MANIFEST","PATH NOT FOUND",""
"9330","6:05:13.8315731 AM","csrss.exe","652","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"9331","6:05:13.8319785 AM","csrss.exe","652","CreateFile","C:\WINDOWS\WinSxS\Policies\x86_Policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_en_66c5eee6","NAME NOT FOUND","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: BOOMER\Harold Dinsmore"
"9332","6:05:13.8323900 AM","csrss.exe","652","CreateFile","C:\WINDOWS\assembly\GAC\Policy.6.0.Microsoft.Windows.Common-Controls","NAME NOT FOUND","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: BOOMER\Harold Dinsmore"
"9333","6:05:13.8326353 AM","csrss.exe","652","QueryOpen","C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_en_5cce9bd9.Manifest","NAME NOT FOUND",""
"9334","6:05:13.8329895 AM","csrss.exe","652","QueryOpen","C:\WINDOWS\assembly\GAC\Microsoft.Windows.Common-Controls\6.0.0.0_en_6595b64144ccf1df\Microsoft.Windows.Common-Controls.DLL","PATH NOT FOUND",""
"9335","6:05:13.8331689 AM","csrss.exe","652","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"9336","6:05:13.8335477 AM","csrss.exe","652","CreateFile","C:\WINDOWS\WinSxS\Policies\x86_Policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: BOOMER\Harold Dinsmore, OpenResult: Opened"
"9337","6:05:13.8338296 AM","csrss.exe","652","QueryDirectory","C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\*.policy","SUCCESS","Filter: *.policy, 1: 6.0.2600.2180.Policy"
"9338","6:05:13.8340559 AM","csrss.exe","652","QueryDirectory","C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775","SUCCESS","0: 6.0.2600.2982.Policy"
"9339","6:05:13.8342774 AM","csrss.exe","652","QueryDirectory","C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775","NO MORE FILES",""
"9340","6:05:13.8344593 AM","csrss.exe","652","CloseFile","C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775","SUCCESS",""
"9342","6:05:13.8348713 AM","csrss.exe","652","CreateFile","C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.2982.Policy","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, Impersonating: BOOMER\Harold Dinsmore, OpenResult: Opened"
"9343","6:05:13.8351973 AM","csrss.exe","652","QueryInformationVolume","C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.2982.Policy","SUCCESS","VolumeCreationTime: 1/13/2007 12:59:01 AM, VolumeSerialNumber: 74EE-7C26, SupportsObjects: True, VolumeLabel: "
"9344","6:05:13.8353814 AM","csrss.exe","652","QueryAllInformationFile","C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.2982.Policy","BUFFER OVERFLOW","CreationTime: 1/13/2007 1:05:47 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 1/13/2007 1:05:47 AM, ChangeTime: 3/31/2007 5:58:27 AM, FileAttributes: A, AllocationSize: 4,096, EndOfFile: 621, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x300000000515f, EaSize: 0, Access: Generic Read, Position: 0, Mode: Sequential Access, Synchronous IO Non-Alert, AlignmentRequirement: Word"
"9345","6:05:13.8355980 AM","csrss.exe","652","ReadFile","C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.2982.Policy","SUCCESS","Offset: 0, Length: 621"
"9347","6:05:13.8362575 AM","csrss.exe","652","ReadFile","C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.2982.Policy","END OF FILE","Offset: 621, Length: 8,178"
"9348","6:05:13.8364816 AM","csrss.exe","652","CloseFile","C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.2982.Policy","SUCCESS",""
"9349","6:05:13.8368733 AM","csrss.exe","652","CreateFile","C:\WINDOWS\assembly\GAC\Policy.6.0.Microsoft.Windows.Common-Controls","NAME NOT FOUND","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: BOOMER\Harold Dinsmore"
"9350","6:05:13.8371280 AM","csrss.exe","652","QueryOpen","C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03.Manifest","SUCCESS","CreationTime: 1/13/2007 1:05:47 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 1/13/2007 1:05:47 AM, ChangeTime: 3/31/2007 5:58:26 AM, AllocationSize: 4,096, EndOfFile: 1,862, FileAttributes: A"
"9351","6:05:13.8373306 AM","csrss.exe","652","QueryOpen","C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03.Manifest","SUCCESS","CreationTime: 1/13/2007 1:05:47 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 1/13/2007 1:05:47 AM, ChangeTime: 3/31/2007 5:58:26 AM, AllocationSize: 4,096, EndOfFile: 1,862, FileAttributes: A"
"9352","6:05:13.8379223 AM","csrss.exe","652","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"9353","6:05:13.8383131 AM","csrss.exe","652","CreateFile","C:\WINDOWS\WinSxS\Policies\x86_Policy.6.0.Microsoft.Windows.Common-Controls.mui_6595b64144ccf1df_en-US_186470ec","NAME NOT FOUND","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: BOOMER\Harold Dinsmore"
"9354","6:05:13.8386961 AM","csrss.exe","652","CreateFile","C:\WINDOWS\assembly\GAC\Policy.6.0.Microsoft.Windows.Common-Controls.mui","NAME NOT FOUND","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: BOOMER\Harold Dinsmore"
"9355","6:05:13.8389386 AM","csrss.exe","652","QueryOpen","C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls.mui_6595b64144ccf1df_6.0.2600.2982_en-US_94d4ce4c.Manifest","NAME NOT FOUND",""
"9356","6:05:13.8390710 AM","csrss.exe","652","QueryOpen","C:\WINDOWS\assembly\GAC\Microsoft.Windows.Common-Controls.mui\6.0.2600.2982_en-US_6595b64144ccf1df\Microsoft.Windows.Common-Controls.mui.DLL","PATH NOT FOUND",""
"9357","6:05:13.8393962 AM","csrss.exe","652","QueryOpen","C:\WINDOWS\system32\en-US\Microsoft.Windows.Common-Controls.mui.DLL","NAME NOT FOUND",""
"9358","6:05:13.8396580 AM","csrss.exe","652","QueryOpen","C:\WINDOWS\system32\en-US\Microsoft.Windows.Common-Controls.mui.MANIFEST","NAME NOT FOUND",""
"9359","6:05:13.8397591 AM","csrss.exe","652","QueryOpen","C:\WINDOWS\system32\en-US\Microsoft.Windows.Common-Controls.mui\Microsoft.Windows.Common-Controls.mui.DLL","PATH NOT FOUND",""
"9360","6:05:13.8398625 AM","csrss.exe","652","QueryOpen","C:\WINDOWS\system32\en-US\Microsoft.Windows.Common-Controls.mui\Microsoft.Windows.Common-Controls.mui.MANIFEST","PATH NOT FOUND",""
"9361","6:05:13.8400468 AM","csrss.exe","652","RegQueryValue","HKLM\SYSTEM\Setup\SystemSetupInProgress","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"9362","6:05:13.8404363 AM","csrss.exe","652","CreateFile","C:\WINDOWS\WinSxS\Policies\x86_Policy.6.0.Microsoft.Windows.Common-Controls.mui_6595b64144ccf1df_en_272036d3","NAME NOT FOUND","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: BOOMER\Harold Dinsmore"
"9363","6:05:13.8408171 AM","csrss.exe","652","CreateFile","C:\WINDOWS\assembly\GAC\Policy.6.0.Microsoft.Windows.Common-Controls.mui","NAME NOT FOUND","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: BOOMER\Harold Dinsmore"
"9364","6:05:13.8410581 AM","csrss.exe","652","QueryOpen","C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls.mui_6595b64144ccf1df_6.0.2600.2982_en_faf18225.Manifest","NAME NOT FOUND",""
"9365","6:05:13.8411839 AM","csrss.exe","652","QueryOpen","C:\WINDOWS\assembly\GAC\Microsoft.Windows.Common-Controls.mui\6.0.2600.2982_en_6595b64144ccf1df\Microsoft.Windows.Common-Controls.mui.DLL","PATH NOT FOUND",""
"9366","6:05:13.8414945 AM","csrss.exe","652","CreateFile","C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03.Manifest","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, Impersonating: BOOMER\Harold Dinsmore, OpenResult: Opened"
"9367","6:05:13.8416557 AM","csrss.exe","652","ReadFile","C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03.Manifest","SUCCESS","Offset: 0, Length: 2"
"9369","6:05:13.8418532 AM","csrss.exe","652","CloseFile","C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03.Manifest","SUCCESS",""
"9370","6:05:13.8420616 AM","csrss.exe","652","CreateFile","C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03.Manifest","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, Impersonating: BOOMER\Harold Dinsmore, OpenResult: Opened"
"9371","6:05:13.8422175 AM","csrss.exe","652","QueryInformationVolume","C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03.Manifest","SUCCESS","VolumeCreationTime: 1/13/2007 12:59:01 AM, VolumeSerialNumber: 74EE-7C26, SupportsObjects: True, VolumeLabel: "
"9372","6:05:13.8423519 AM","csrss.exe","652","QueryAllInformationFile","C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03.Manifest","BUFFER OVERFLOW","CreationTime: 1/13/2007 1:05:47 AM, LastAccessTime: 6/5/2007 6:05:13 AM, LastWriteTime: 1/13/2007 1:05:47 AM, ChangeTime: 3/31/2007 5:58:26 AM, FileAttributes: A, AllocationSize: 4,096, EndOfFile: 1,862, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x300000000515d, EaSize: 0, Access: Generic Read, Position: 0, Mode: Sequential Access, Synchronous IO Non-Alert, AlignmentRequirement: Word"
"9373","6:05:13.8425083 AM","csrss.exe","652","ReadFile","C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03.Manifest","SUCCESS","Offset: 0, Length: 1,862"
"9374","6:05:13.8439839 AM","csrss.exe","652","ReadFile","C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03.Manifest","END OF FILE","Offset: 1,862, Length: 8,178"
"9375","6:05:13.8441259 AM","csrss.exe","652","CloseFile","C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03.Manifest","SUCCESS",""
"9590","6:05:13.8596178 AM","Explorer.EXE","1696","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"9591","6:05:13.8596633 AM","Explorer.EXE","1696","RegOpenKey","HKCU\Software\Classes\Applications\Procmon.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
"9592","6:05:13.8596954 AM","Explorer.EXE","1696","RegOpenKey","HKCR\Applications\Procmon.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
"9593","6:05:13.8600678 AM","Explorer.EXE","1696","QueryOpen","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","CreationTime: 6/5/2007 5:49:24 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 4/4/2007 5:25:00 PM, ChangeTime: 6/5/2007 5:51:41 AM, AllocationSize: 2,228,224, EndOfFile: 2,225,536, FileAttributes: A"
"9594","6:05:13.8603592 AM","Explorer.EXE","1696","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"9595","6:05:13.8603916 AM","Explorer.EXE","1696","RegOpenKey","HKCU\Software\Classes\Applications\Procmon.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
"9596","6:05:13.8604229 AM","Explorer.EXE","1696","RegOpenKey","HKCR\Applications\Procmon.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
"9597","6:05:13.8606757 AM","Explorer.EXE","1696","QueryOpen","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","CreationTime: 6/5/2007 5:49:24 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 4/4/2007 5:25:00 PM, ChangeTime: 6/5/2007 5:51:41 AM, AllocationSize: 2,228,224, EndOfFile: 2,225,536, FileAttributes: A"
"9598","6:05:13.8607503 AM","Explorer.EXE","1696","RegOpenKey","HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache","SUCCESS","Desired Access: Maximum Allowed"
"9599","6:05:13.8607995 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Type: REG_SZ, Length: 32, Data: Process Monitor"
"9600","6:05:13.8610140 AM","Explorer.EXE","1696","RegCloseKey","HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache","SUCCESS",""
"9601","6:05:13.8619077 AM","Explorer.EXE","1696","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"9602","6:05:13.8619287 AM","Explorer.EXE","1696","RegOpenKey","HKCU\Software\Classes\Applications\Procmon.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
"9603","6:05:13.8619488 AM","Explorer.EXE","1696","RegOpenKey","HKCR\Applications\Procmon.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
"9604","6:05:13.8622525 AM","Explorer.EXE","1696","QueryOpen","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","CreationTime: 6/5/2007 5:49:24 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 4/4/2007 5:25:00 PM, ChangeTime: 6/5/2007 5:51:41 AM, AllocationSize: 2,228,224, EndOfFile: 2,225,536, FileAttributes: A"
"9605","6:05:13.8642315 AM","Explorer.EXE","1696","RegQueryKey","HKCU\Software\Classes","SUCCESS","Query: Name"
"9606","6:05:13.8642600 AM","Explorer.EXE","1696","RegOpenKey","HKCU\Software\Classes\Applications\Procmon.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
"9607","6:05:13.8642871 AM","Explorer.EXE","1696","RegOpenKey","HKCR\Applications\Procmon.exe","NAME NOT FOUND","Desired Access: Maximum Allowed"
"9608","6:05:13.8645771 AM","Explorer.EXE","1696","QueryOpen","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","CreationTime: 6/5/2007 5:49:24 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 4/4/2007 5:25:00 PM, ChangeTime: 6/5/2007 5:51:41 AM, AllocationSize: 2,228,224, EndOfFile: 2,225,536, FileAttributes: A"
"9609","6:05:13.8646427 AM","Explorer.EXE","1696","RegOpenKey","HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache","SUCCESS","Desired Access: Maximum Allowed"
"9610","6:05:13.8646877 AM","Explorer.EXE","1696","RegQueryValue","HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Type: REG_SZ, Length: 32, Data: Process Monitor"
"9611","6:05:13.8648623 AM","Explorer.EXE","1696","RegCloseKey","HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache","SUCCESS",""
"9612","6:05:13.8648955 AM","Explorer.EXE","1696","RegCreateKey","HKCU\SessionInformation","SUCCESS","Desired Access: Set Value"
"9613","6:05:13.8649053 AM","Explorer.EXE","1696","RegOpenKey","HKCU\SessionInformation","SUCCESS",""
"9614","6:05:13.8649363 AM","Explorer.EXE","1696","RegCloseKey","HKCU\SessionInformation","SUCCESS",""
"9615","6:05:13.8668908 AM","Explorer.EXE","1696","RegSetValue","HKCU\SessionInformation\ProgramCount","SUCCESS","Type: REG_DWORD, Length: 4, Data: 2"
"9616","6:05:13.8669511 AM","Explorer.EXE","1696","RegCloseKey","HKCU\SessionInformation","SUCCESS",""
"9617","6:05:14.0986956 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"9618","6:05:14.0987233 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"9623","6:05:14.0991027 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS","Desired Access: Read"
"9624","6:05:14.0991759 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\EnableDHCP","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"9625","6:05:14.0991999 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseObtainedTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181037018"
"9626","6:05:14.0992256 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseTerminatesTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181123418"
"9627","6:05:14.0992485 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"9628","6:05:14.0992709 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"9629","6:05:14.0993097 AM","Explorer.EXE","1696","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS",""
"9630","6:05:14.0995379 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"9631","6:05:14.0995564 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"9636","6:05:14.0998631 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS","Desired Access: Read"
"9637","6:05:14.0999151 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\EnableDHCP","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"9638","6:05:14.0999371 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseObtainedTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181037018"
"9639","6:05:14.0999598 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseTerminatesTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181123418"
"9640","6:05:14.0999816 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"9641","6:05:14.1000028 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"9642","6:05:14.1000324 AM","Explorer.EXE","1696","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS",""
"9643","6:05:14.1001690 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS","Desired Access: Query Value"
"9644","6:05:14.1002168 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\AddressType","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"9645","6:05:14.1002472 AM","Explorer.EXE","1696","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS",""
"9658","6:05:14.8337136 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\Prefetch\PROCMON.EXE-2C74DBFE.pf","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: , AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"9659","6:05:14.8339028 AM","svchost.exe","1124","QueryStandardInformationFile","C:\WINDOWS\Prefetch\PROCMON.EXE-2C74DBFE.pf","SUCCESS","AllocationSize: 45,056, EndOfFile: 42,168, NumberOfLinks: 1, DeletePending: False, Directory: False"
"9661","6:05:14.8340648 AM","svchost.exe","1124","QueryStandardInformationFile","C:\WINDOWS\Prefetch\PROCMON.EXE-2C74DBFE.pf","SUCCESS","AllocationSize: 45,056, EndOfFile: 42,168, NumberOfLinks: 1, DeletePending: False, Directory: False"
"9665","6:05:14.8343023 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\Prefetch\PROCMON.EXE-2C74DBFE.pf","SUCCESS",""
"9668","6:05:14.8401270 AM","svchost.exe","1124","QueryOpen","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","CreationTime: 6/5/2007 5:49:24 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 4/4/2007 5:25:00 PM, ChangeTime: 6/5/2007 5:51:41 AM, AllocationSize: 2,228,224, EndOfFile: 2,225,536, FileAttributes: A"
"9669","6:05:14.8402958 AM","svchost.exe","1124","CreateFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"9670","6:05:14.8404047 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS","IndexNumber: 0xb0000000083d9"
"9671","6:05:14.8404983 AM","svchost.exe","1124","CloseFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor\Procmon.exe","SUCCESS",""
"9673","6:05:14.8409696 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\explorer.exe","SUCCESS","CreationTime: 8/16/2005 4:18:17 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 6/5/2007 6:00:08 AM, AllocationSize: 1,032,192, EndOfFile: 1,032,192, FileAttributes: A"
"9674","6:05:14.8411758 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\explorer.exe","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"9675","6:05:14.8413216 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\explorer.exe","SUCCESS","IndexNumber: 0x28de0000000028de"
"9676","6:05:14.8414534 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\explorer.exe","SUCCESS",""
"9678","6:05:14.8416180 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\Registration\R00000000001A.CLB","SUCCESS","CreationTime: 1/17/2007 5:34:27 PM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 1/17/2007 5:34:27 PM, ChangeTime: 3/31/2007 5:58:05 AM, AllocationSize: 36,864, EndOfFile: 34,536, FileAttributes: A"
"9679","6:05:14.8417683 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\Registration\R00000000001A.CLB","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"9680","6:05:14.8418644 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\Registration\R00000000001a.clb","SUCCESS","IndexNumber: 0x2bca000000002bc9"
"9681","6:05:14.8419479 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\Registration\R00000000001a.clb","SUCCESS",""
"9683","6:05:14.8422195 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\advapi32.dll","SUCCESS","CreationTime: 8/16/2005 4:18:03 AM, LastAccessTime: 6/5/2007 6:05:04 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:06 AM, AllocationSize: 618,496, EndOfFile: 616,960, FileAttributes: A"
"9684","6:05:14.8424625 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\advapi32.dll","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"9685","6:05:14.8426564 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\advapi32.dll","SUCCESS","IndexNumber: 0x1225000000001225"
"9686","6:05:14.8428352 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\advapi32.dll","SUCCESS",""
"9688","6:05:14.8430922 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\apphelp.dll","SUCCESS","CreationTime: 8/16/2005 4:18:04 AM, LastAccessTime: 6/5/2007 6:04:41 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:06 AM, AllocationSize: 126,976, EndOfFile: 126,976, FileAttributes: A"
"9689","6:05:14.8433333 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\apphelp.dll","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"9690","6:05:14.8435258 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\apphelp.dll","SUCCESS","IndexNumber: 0x1258000000001258"
"9691","6:05:14.8437046 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\apphelp.dll","SUCCESS",""
"9693","6:05:14.8439683 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\bootvid.dll","SUCCESS","CreationTime: 8/16/2005 4:18:04 AM, LastAccessTime: 6/4/2007 11:00:39 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:06 AM, AllocationSize: 12,288, EndOfFile: 12,288, FileAttributes: A"
"9694","6:05:14.8442139 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\bootvid.dll","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"9695","6:05:14.8444086 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\bootvid.dll","SUCCESS","IndexNumber: 0xf8f000000000f8f"
"9696","6:05:14.8445896 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\bootvid.dll","SUCCESS",""
"9698","6:05:14.8448486 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\browseui.dll","SUCCESS","CreationTime: 8/16/2005 4:18:04 AM, LastAccessTime: 6/5/2007 6:05:13 AM, LastWriteTime: 10/23/2006 10:34:19 AM, ChangeTime: 4/10/2007 9:36:28 AM, AllocationSize: 1,024,000, EndOfFile: 1,022,976, FileAttributes: A"
"9699","6:05:14.8450905 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\browseui.dll","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"9700","6:05:14.8452841 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\browseui.dll","SUCCESS","IndexNumber: 0x2000000009085"
"9701","6:05:14.8454637 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\browseui.dll","SUCCESS",""
"9703","6:05:14.8457244 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\clbcatq.dll","SUCCESS","CreationTime: 8/16/2005 4:37:18 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 7/25/2005 11:39:43 PM, ChangeTime: 4/10/2007 9:36:29 AM, AllocationSize: 499,712, EndOfFile: 498,688, FileAttributes: A"
"9704","6:05:14.8459644 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\clbcatq.dll","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"9705","6:05:14.8461571 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\clbcatq.dll","SUCCESS","IndexNumber: 0x3000000005c56"
"9706","6:05:14.8463367 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\clbcatq.dll","SUCCESS",""
"9708","6:05:14.8465977 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\comdlg32.dll","SUCCESS","CreationTime: 8/16/2005 4:18:05 AM, LastAccessTime: 6/5/2007 6:05:04 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:06 AM, AllocationSize: 278,528, EndOfFile: 276,992, FileAttributes: A"
"9709","6:05:14.8468438 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\comdlg32.dll","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"9710","6:05:14.8470380 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\comdlg32.dll","SUCCESS","IndexNumber: 0x1226000000001226"
"9711","6:05:14.8472207 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\comdlg32.dll","SUCCESS",""
"9713","6:05:14.8475009 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\comres.dll","SUCCESS","CreationTime: 8/16/2005 4:18:06 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 6/5/2007 4:50:31 AM, AllocationSize: 794,624, EndOfFile: 792,064, FileAttributes: A"
"9714","6:05:14.8477428 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\comres.dll","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"9715","6:05:14.8480716 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\comres.dll","SUCCESS","IndexNumber: 0x133f00000000133f"
"9716","6:05:14.8483253 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\comres.dll","SUCCESS",""
"9718","6:05:14.8486189 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\crypt32.dll","SUCCESS","CreationTime: 8/16/2005 4:18:07 AM, LastAccessTime: 6/5/2007 6:02:28 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:06 AM, AllocationSize: 598,016, EndOfFile: 597,504, FileAttributes: A"
"9719","6:05:14.8490935 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\crypt32.dll","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"9720","6:05:14.8492958 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\crypt32.dll","SUCCESS","IndexNumber: 0x123a00000000123a"
"9721","6:05:14.8494777 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\crypt32.dll","SUCCESS",""
"9723","6:05:14.8497366 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\cryptui.dll","SUCCESS","CreationTime: 8/16/2005 4:18:07 AM, LastAccessTime: 6/5/2007 5:47:47 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 6/3/2007 3:32:58 AM, AllocationSize: 516,096, EndOfFile: 512,512, FileAttributes: A"
"9724","6:05:14.8499794 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\cryptui.dll","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"9725","6:05:14.8501713 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\cryptui.dll","SUCCESS","IndexNumber: 0x12e80000000012e8"
"9726","6:05:14.8504325 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\cryptui.dll","SUCCESS",""
"9728","6:05:14.8506893 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\cscdll.dll","SUCCESS","CreationTime: 8/16/2005 4:18:07 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:06 AM, AllocationSize: 102,400, EndOfFile: 101,888, FileAttributes: A"
"9729","6:05:14.8509284 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\cscdll.dll","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"9730","6:05:14.8511214 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\cscdll.dll","SUCCESS","IndexNumber: 0x12ae0000000012ae"
"9731","6:05:14.8513033 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\cscdll.dll","SUCCESS",""
"9733","6:05:14.8515575 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\cscui.dll","SUCCESS","CreationTime: 8/16/2005 4:18:07 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:06 AM, AllocationSize: 327,680, EndOfFile: 326,656, FileAttributes: A"
"9734","6:05:14.8517958 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\cscui.dll","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"9735","6:05:14.8519861 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\cscui.dll","SUCCESS","IndexNumber: 0x12b10000000012b1"
"9736","6:05:14.8521637 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\cscui.dll","SUCCESS",""
"9738","6:05:14.8524177 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\ctype.nls","SUCCESS","CreationTime: 8/16/2005 4:18:07 AM, LastAccessTime: 6/4/2007 8:25:21 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:06 AM, AllocationSize: 12,288, EndOfFile: 8,386, FileAttributes: A"
"9739","6:05:14.8526568 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\ctype.nls","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"9740","6:05:14.8528474 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\ctype.nls","SUCCESS","IndexNumber: 0xf9b000000000f9b"
"9741","6:05:14.8530256 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\ctype.nls","SUCCESS",""
"9743","6:05:14.8532843 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\dbghelp.dll","SUCCESS","CreationTime: 8/16/2005 4:18:08 AM, LastAccessTime: 6/5/2007 6:05:04 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:06 AM, AllocationSize: 643,072, EndOfFile: 640,000, FileAttributes: A"
"9744","6:05:14.8535240 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\dbghelp.dll","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"9745","6:05:14.8537162 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\dbghelp.dll","SUCCESS","IndexNumber: 0x12fc0000000012fc"
"9746","6:05:14.8538964 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\dbghelp.dll","SUCCESS",""
"9748","6:05:14.8542084 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\DLA\DLABOIOM.SYS","SUCCESS","CreationTime: 1/13/2007 1:18:03 AM, LastAccessTime: 6/5/2007 4:50:17 AM, LastWriteTime: 9/8/2005 5:20:00 AM, ChangeTime: 3/31/2007 5:58:14 AM, AllocationSize: 28,672, EndOfFile: 25,628, FileAttributes: A"
"9749","6:05:14.8544987 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\DLA\DLABOIOM.SYS","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"9750","6:05:14.8547375 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\DLA\DLABOIOM.SYS","SUCCESS","IndexNumber: 0x20000000065b0"
"9751","6:05:14.8549627 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\DLA\DLABOIOM.SYS","SUCCESS",""
"9753","6:05:14.8552686 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\DLA\DLADResN.SYS","SUCCESS","CreationTime: 1/13/2007 1:18:03 AM, LastAccessTime: 6/5/2007 4:50:17 AM, LastWriteTime: 9/8/2005 5:20:00 AM, ChangeTime: 3/31/2007 5:58:14 AM, AllocationSize: 4,096, EndOfFile: 2,496, FileAttributes: A"
"9754","6:05:14.8555572 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\DLA\DLADResN.SYS","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"9755","6:05:14.8557969 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\DLA\DLADResN.SYS","SUCCESS","IndexNumber: 0x20000000065ab"
"9756","6:05:14.8560215 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\DLA\DLADResN.SYS","SUCCESS",""
"9758","6:05:14.8563268 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\DLA\DLAIFS_M.SYS","SUCCESS","CreationTime: 1/13/2007 1:18:03 AM, LastAccessTime: 6/5/2007 4:50:17 AM, LastWriteTime: 9/8/2005 5:20:00 AM, ChangeTime: 3/31/2007 5:58:14 AM, AllocationSize: 90,112, EndOfFile: 86,524, FileAttributes: A"
"9759","6:05:14.8566152 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\DLA\DLAIFS_M.SYS","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"9760","6:05:14.8570565 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\DLA\DLAIFS_M.SYS","SUCCESS","IndexNumber: 0x20000000065ad"
"9761","6:05:14.8572865 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\DLA\DLAIFS_M.SYS","SUCCESS",""
"9763","6:05:14.8575946 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\DLA\DLAOPIOM.SYS","SUCCESS","CreationTime: 1/13/2007 1:18:03 AM, LastAccessTime: 6/5/2007 4:50:17 AM, LastWriteTime: 9/8/2005 5:20:00 AM, ChangeTime: 3/31/2007 5:58:14 AM, AllocationSize: 16,384, EndOfFile: 14,684, FileAttributes: A"
"9764","6:05:14.8579058 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\DLA\DLAOPIOM.SYS","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"9765","6:05:14.8581480 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\DLA\DLAOPIOM.SYS","SUCCESS","IndexNumber: 0x20000000065af"
"9766","6:05:14.8583729 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\DLA\DLAOPIOM.SYS","SUCCESS",""
"9768","6:05:14.8586777 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\DLA\DLAPoolM.SYS","SUCCESS","CreationTime: 1/13/2007 1:18:03 AM, LastAccessTime: 6/5/2007 4:50:17 AM, LastWriteTime: 9/8/2005 5:20:00 AM, ChangeTime: 3/31/2007 5:58:14 AM, AllocationSize: 8,192, EndOfFile: 6,364, FileAttributes: A"
"9769","6:05:14.8589666 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\DLA\DLAPoolM.SYS","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"9770","6:05:14.8592051 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\DLA\DLAPoolM.SYS","SUCCESS","IndexNumber: 0x20000000065ae"
"9771","6:05:14.8594298 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\DLA\DLAPoolM.SYS","SUCCESS",""
"9773","6:05:14.8597345 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\DLA\DLAUDFAM.SYS","SUCCESS","CreationTime: 1/13/2007 1:18:03 AM, LastAccessTime: 6/5/2007 4:50:17 AM, LastWriteTime: 9/8/2005 5:20:00 AM, ChangeTime: 3/31/2007 5:58:14 AM, AllocationSize: 98,304, EndOfFile: 94,332, FileAttributes: A"
"9774","6:05:14.8600525 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\DLA\DLAUDFAM.SYS","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"9775","6:05:14.8603134 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\DLA\DLAUDFAM.SYS","SUCCESS","IndexNumber: 0x20000000065b2"
"9776","6:05:14.8605397 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\DLA\DLAUDFAM.SYS","SUCCESS",""
"9778","6:05:14.8608453 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\DLA\DLAUDF_M.SYS","SUCCESS","CreationTime: 1/13/2007 1:18:03 AM, LastAccessTime: 6/5/2007 4:50:17 AM, LastWriteTime: 9/8/2005 5:20:00 AM, ChangeTime: 3/31/2007 5:58:14 AM, AllocationSize: 90,112, EndOfFile: 87,036, FileAttributes: A"
"9779","6:05:14.8611347 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\DLA\DLAUDF_M.SYS","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"9780","6:05:14.8613741 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\DLA\DLAUDF_M.SYS","SUCCESS","IndexNumber: 0x20000000065b1"
"9781","6:05:14.8615996 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\DLA\DLAUDF_M.SYS","SUCCESS",""
"9783","6:05:14.8619164 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\acpi.sys","SUCCESS","CreationTime: 8/3/2004 11:07:38 PM, LastAccessTime: 6/4/2007 11:00:32 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 188,416, EndOfFile: 187,776, FileAttributes: A"
"9784","6:05:14.8622086 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\acpi.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"9785","6:05:14.8624508 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\acpi.sys","SUCCESS","IndexNumber: 0xc63000000000c63"
"9786","6:05:14.8626777 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\acpi.sys","SUCCESS",""
"9788","6:05:14.8629847 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\afd.sys","SUCCESS","CreationTime: 8/16/2005 4:18:03 AM, LastAccessTime: 6/5/2007 4:50:10 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 139,264, EndOfFile: 138,496, FileAttributes: A"
"9789","6:05:14.8632749 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\afd.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"9790","6:05:14.8636141 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\afd.sys","SUCCESS","IndexNumber: 0xc37000000000c37"
"9791","6:05:14.8638457 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\afd.sys","SUCCESS",""
"9793","6:05:14.8641572 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\AmdK8.sys","SUCCESS","CreationTime: 1/13/2007 12:51:06 AM, LastAccessTime: 6/5/2007 4:50:02 AM, LastWriteTime: 6/18/2006 9:37:34 PM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 36,864, EndOfFile: 36,864, FileAttributes: A"
"9794","6:05:14.8645877 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\AmdK8.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"9795","6:05:14.8650685 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\AmdK8.sys","SUCCESS","IndexNumber: 0xca5000000000ca5"
"9796","6:05:14.8653012 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\AmdK8.sys","SUCCESS",""
"9798","6:05:14.8656166 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\asctrm.sys","SUCCESS","CreationTime: 1/13/2007 1:17:12 AM, LastAccessTime: 6/5/2007 4:50:26 AM, LastWriteTime: 1/13/2007 1:17:12 AM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 12,288, EndOfFile: 8,552, FileAttributes: A"
"9799","6:05:14.8659099 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\asctrm.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"9800","6:05:14.8661516 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\asctrm.sys","SUCCESS","IndexNumber: 0x1000000006124"
"9801","6:05:14.8663776 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\asctrm.sys","SUCCESS",""
"9803","6:05:14.8666826 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\atapi.sys","SUCCESS","CreationTime: 8/3/2004 10:59:44 PM, LastAccessTime: 6/5/2007 4:50:13 AM, LastWriteTime: 8/3/2004 10:59:44 PM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 98,304, EndOfFile: 95,360, FileAttributes: A"
"9804","6:05:14.8670405 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\atapi.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"9805","6:05:14.8672816 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\atapi.sys","SUCCESS","IndexNumber: 0xc10000000000c10"
"9806","6:05:14.8675073 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\atapi.sys","SUCCESS",""
"9808","6:05:14.8678152 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\audstub.sys","SUCCESS","CreationTime: 8/16/2005 4:35:51 AM, LastAccessTime: 6/5/2007 4:50:02 AM, LastWriteTime: 8/17/2001 1:59:44 PM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 4,096, EndOfFile: 3,072, FileAttributes: A"
"9809","6:05:14.8681080 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\audstub.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"9810","6:05:14.8683476 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\audstub.sys","SUCCESS","IndexNumber: 0xc80000000000c80"
"9811","6:05:14.8685750 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\audstub.sys","SUCCESS",""
"9813","6:05:14.8688835 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\avg7core.sys","SUCCESS","CreationTime: 1/17/2007 8:54:18 PM, LastAccessTime: 6/5/2007 4:50:10 AM, LastWriteTime: 4/27/2007 9:19:22 AM, ChangeTime: 4/27/2007 9:19:22 AM, AllocationSize: 778,240, EndOfFile: 777,984, FileAttributes: A"
"9814","6:05:14.8691737 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\avg7core.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"9815","6:05:14.8694137 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\avg7core.sys","SUCCESS","IndexNumber: 0x200000000b064"
"9816","6:05:14.8696411 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\avg7core.sys","SUCCESS",""
"9818","6:05:14.8699492 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\avg7rsw.sys","SUCCESS","CreationTime: 1/17/2007 8:54:20 PM, LastAccessTime: 6/5/2007 4:50:11 AM, LastWriteTime: 1/17/2007 8:54:20 PM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 8,192, EndOfFile: 4,224, FileAttributes: A"
"9819","6:05:14.8702406 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\avg7rsw.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"9820","6:05:14.8704820 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\avg7rsw.sys","SUCCESS","IndexNumber: 0x3000000008198"
"9821","6:05:14.8707114 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\avg7rsw.sys","SUCCESS",""
"9823","6:05:14.8710209 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\avg7rsxp.sys","SUCCESS","CreationTime: 1/17/2007 8:54:21 PM, LastAccessTime: 6/5/2007 4:50:11 AM, LastWriteTime: 2/23/2007 5:31:56 PM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 28,672, EndOfFile: 27,776, FileAttributes: A"
"9824","6:05:14.8713120 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\avg7rsxp.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"9825","6:05:14.8715534 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\avg7rsxp.sys","SUCCESS","IndexNumber: 0xf00000000b0f7"
"9826","6:05:14.8717822 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\avg7rsxp.sys","SUCCESS",""
"9828","6:05:14.8720906 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\avgclean.sys","SUCCESS","CreationTime: 1/17/2007 8:54:22 PM, LastAccessTime: 6/5/2007 4:50:07 AM, LastWriteTime: 1/17/2007 8:54:22 PM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 4,096, EndOfFile: 3,968, FileAttributes: A"
"9829","6:05:14.8723808 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\avgclean.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"9830","6:05:14.8726233 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\avgclean.sys","SUCCESS","IndexNumber: 0x200000000819c"
"9831","6:05:14.8730460 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\avgclean.sys","SUCCESS",""
"9833","6:05:14.8733586 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\avgtdi.sys","SUCCESS","CreationTime: 1/17/2007 8:54:22 PM, LastAccessTime: 6/5/2007 4:50:28 AM, LastWriteTime: 1/17/2007 8:54:22 PM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 8,192, EndOfFile: 4,960, FileAttributes: A"
"9834","6:05:14.8736508 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\avgtdi.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"9835","6:05:14.8738928 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\avgtdi.sys","SUCCESS","IndexNumber: 0x200000000819b"
"9836","6:05:14.8741232 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\avgtdi.sys","SUCCESS",""
"9838","6:05:14.8744297 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\BANTExt.sys","SUCCESS","CreationTime: 4/10/2007 9:04:38 AM, LastAccessTime: 6/5/2007 4:50:10 AM, LastWriteTime: 4/7/2005 5:18:34 PM, ChangeTime: 4/10/2007 9:04:38 AM, AllocationSize: 4,096, EndOfFile: 3,840, FileAttributes: A"
"9839","6:05:14.8747214 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\BANTExt.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"9840","6:05:14.8749616 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\BANTExt.sys","SUCCESS","IndexNumber: 0xd00000000ff48"
"9841","6:05:14.8751896 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\BANTExt.sys","SUCCESS",""
"9843","6:05:14.8755726 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\bcm4sbxp.sys","SUCCESS","CreationTime: 1/13/2007 12:51:07 AM, LastAccessTime: 6/5/2007 4:50:02 AM, LastWriteTime: 8/14/2006 6:29:44 AM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 45,056, EndOfFile: 44,544, FileAttributes: A"
"9844","6:05:14.8760673 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\bcm4sbxp.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"9845","6:05:14.8763244 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\bcm4sbxp.sys","SUCCESS","IndexNumber: 0xc77000000000c77"
"9846","6:05:14.8768647 AM","lsass.exe","732","RegOpenKey","HKLM\SECURITY\Policy","SUCCESS","Desired Access: Read/Write"
"9847","6:05:14.8769052 AM","lsass.exe","732","RegOpenKey","HKLM\SECURITY\Policy\SecDesc","SUCCESS","Desired Access: Read"
"9848","6:05:14.8769353 AM","lsass.exe","732","RegQueryValue","HKLM\SECURITY\Policy\SecDesc\(Default)","BUFFER OVERFLOW","Length: 12"
"9849","6:05:14.8769753 AM","lsass.exe","732","RegCloseKey","HKLM\SECURITY\Policy\SecDesc","SUCCESS",""
"9850","6:05:14.8769943 AM","lsass.exe","732","RegOpenKey","HKLM\SECURITY\Policy\SecDesc","SUCCESS","Desired Access: Read"
"9851","6:05:14.8770189 AM","lsass.exe","732","RegQueryValue","HKLM\SECURITY\Policy\SecDesc\(Default)","SUCCESS","Type: REG_NONE, Length: 180, Data: "
"9852","6:05:14.8770401 AM","lsass.exe","732","RegCloseKey","HKLM\SECURITY\Policy\SecDesc","SUCCESS",""
"9853","6:05:14.8774591 AM","lsass.exe","732","RegCloseKey","HKLM\SECURITY\Policy","SUCCESS",""
"9871","6:05:14.8795731 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\bcm4sbxp.sys","SUCCESS",""
"9878","6:05:14.8799885 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\beep.sys","SUCCESS","CreationTime: 8/16/2005 4:18:04 AM, LastAccessTime: 6/5/2007 4:50:07 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 8,192, EndOfFile: 4,224, FileAttributes: A"
"9881","6:05:14.8803386 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\beep.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"9883","6:05:14.8806355 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\beep.sys","SUCCESS","IndexNumber: 0xbe3000000000be3"
"9884","6:05:14.8809956 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\beep.sys","SUCCESS",""
"9890","6:05:14.8814750 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\cdfs.sys","SUCCESS","CreationTime: 8/16/2005 4:18:04 AM, LastAccessTime: 6/5/2007 4:50:31 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 65,536, EndOfFile: 63,744, FileAttributes: A"
"9896","6:05:14.8818555 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\cdfs.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"9899","6:05:14.8822072 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\cdfs.sys","SUCCESS","IndexNumber: 0xc43000000000c43"
"9900","6:05:14.8824620 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\cdfs.sys","SUCCESS",""
"9902","6:05:14.8828034 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\cdrom.sys","SUCCESS","CreationTime: 8/3/2004 10:59:54 PM, LastAccessTime: 6/5/2007 4:50:02 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 53,248, EndOfFile: 49,536, FileAttributes: A"
"9903","6:05:14.8831328 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\cdrom.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"9904","6:05:14.8833968 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\cdrom.sys","SUCCESS","IndexNumber: 0xc25000000000c25"
"9905","6:05:14.8836395 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\cdrom.sys","SUCCESS",""
"9907","6:05:14.8839820 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\classpnp.sys","SUCCESS","CreationTime: 8/16/2005 4:18:04 AM, LastAccessTime: 6/4/2007 8:29:09 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 53,248, EndOfFile: 49,664, FileAttributes: A"
"9908","6:05:14.8843064 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\classpnp.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"9909","6:05:14.8845522 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\classpnp.sys","SUCCESS","IndexNumber: 0xc0e000000000c0e"
"9910","6:05:14.8847855 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\classpnp.sys","SUCCESS",""
"9914","6:05:14.8853012 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\disk.sys","SUCCESS","CreationTime: 8/3/2004 10:59:56 PM, LastAccessTime: 6/4/2007 11:00:32 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 36,864, EndOfFile: 36,352, FileAttributes: A"
"9918","6:05:14.8857398 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\disk.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"9924","6:05:14.8860099 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\disk.sys","SUCCESS","IndexNumber: 0xc0d000000000c0d"
"9927","6:05:14.8863586 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\disk.sys","SUCCESS",""
"9929","6:05:14.8867559 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\DLACDBHM.SYS","SUCCESS","CreationTime: 1/13/2007 1:18:03 AM, LastAccessTime: 6/5/2007 4:50:02 AM, LastWriteTime: 8/25/2005 12:16:52 PM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 8,192, EndOfFile: 5,628, FileAttributes: A"
"9934","6:05:14.8871062 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\DLACDBHM.SYS","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"9940","6:05:14.8874319 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\DLACDBHM.SYS","SUCCESS","IndexNumber: 0x20000000065ac"
"9942","6:05:14.8876914 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\DLACDBHM.SYS","SUCCESS",""
"9946","6:05:14.8881164 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\DLARTL_N.SYS","SUCCESS","CreationTime: 1/13/2007 1:18:03 AM, LastAccessTime: 6/5/2007 4:50:07 AM, LastWriteTime: 8/25/2005 12:16:16 PM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 24,576, EndOfFile: 22,684, FileAttributes: A"
"9951","6:05:14.8884563 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\DLARTL_N.SYS","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"9953","6:05:14.8889254 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\DLARTL_N.SYS","SUCCESS","IndexNumber: 0x20000000065aa"
"9954","6:05:14.8891886 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\DLARTL_N.SYS","SUCCESS",""
"9961","6:05:14.8895389 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\dmio.sys","SUCCESS","CreationTime: 8/16/2005 4:18:08 AM, LastAccessTime: 6/4/2007 11:00:33 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 155,648, EndOfFile: 153,344, FileAttributes: A"
"9964","6:05:14.8899311 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\dmio.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"9965","6:05:14.8902270 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\dmio.sys","SUCCESS","IndexNumber: 0xc0f000000000c0f"
"9970","6:05:14.8905091 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\dmio.sys","SUCCESS",""
"9978","6:05:14.8909907 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\dmload.sys","SUCCESS","CreationTime: 8/16/2005 4:18:08 AM, LastAccessTime: 6/4/2007 11:00:33 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 8,192, EndOfFile: 5,888, FileAttributes: A"
"9979","6:05:14.8913405 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\dmload.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"9982","6:05:14.8916615 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\dmload.sys","SUCCESS","IndexNumber: 0xbd9000000000bd9"
"9987","6:05:14.8919476 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\dmload.sys","SUCCESS",""
"9990","6:05:14.8923314 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\drmk.sys","SUCCESS","CreationTime: 1/13/2007 1:10:03 AM, LastAccessTime: 6/5/2007 4:50:03 AM, LastWriteTime: 8/3/2004 11:08:00 PM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 61,440, EndOfFile: 60,288, FileAttributes: A"
"9996","6:05:14.8926488 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\drmk.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"9999","6:05:14.8929293 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\drmk.sys","SUCCESS","IndexNumber: 0x3d49000000003d44"
"10002","6:05:14.8932628 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\drmk.sys","SUCCESS",""
"10007","6:05:14.8937028 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\DRVMCDB.SYS","SUCCESS","CreationTime: 1/13/2007 1:18:03 AM, LastAccessTime: 6/4/2007 11:00:33 AM, LastWriteTime: 9/12/2005 3:30:00 AM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 90,112, EndOfFile: 89,264, FileAttributes: A"
"10013","6:05:14.8940266 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\DRVMCDB.SYS","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10016","6:05:14.8943051 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\DRVMCDB.SYS","SUCCESS","IndexNumber: 0x20000000065b3"
"10018","6:05:14.8946440 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\DRVMCDB.SYS","SUCCESS",""
"10023","6:05:14.8950469 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\DRVNDDM.SYS","SUCCESS","CreationTime: 1/13/2007 1:18:03 AM, LastAccessTime: 6/5/2007 4:50:17 AM, LastWriteTime: 8/12/2005 5:20:00 AM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 40,960, EndOfFile: 40,544, FileAttributes: A"
"10024","6:05:14.8953695 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\DRVNDDM.SYS","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10031","6:05:14.8961283 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\DRVNDDM.SYS","SUCCESS","IndexNumber: 0x20000000065b4"
"10034","6:05:14.8964236 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\DRVNDDM.SYS","SUCCESS",""
"10036","6:05:14.8969055 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\dxapi.sys","SUCCESS","CreationTime: 8/16/2005 4:18:15 AM, LastAccessTime: 6/5/2007 4:50:14 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 12,288, EndOfFile: 10,496, FileAttributes: A"
"10038","6:05:14.8972879 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\dxapi.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10042","6:05:14.8975860 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\dxapi.sys","SUCCESS","IndexNumber: 0xbee000000000bee"
"10046","6:05:14.8979240 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\dxapi.sys","SUCCESS",""
"10051","6:05:14.8983137 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\dxg.sys","SUCCESS","CreationTime: 8/3/2004 11:00:56 PM, LastAccessTime: 6/5/2007 4:50:14 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 73,728, EndOfFile: 71,040, FileAttributes: A"
"10064","6:05:14.8999394 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\dxg.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10067","6:05:14.9003453 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\dxg.sys","SUCCESS","IndexNumber: 0xc36000000000c36"
"10068","6:05:14.9005889 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\dxg.sys","SUCCESS",""
"10070","6:05:14.9009160 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\dxgthk.sys","SUCCESS","CreationTime: 8/16/2005 4:18:15 AM, LastAccessTime: 6/5/2007 4:50:14 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 4,096, EndOfFile: 3,328, FileAttributes: A"
"10071","6:05:14.9012292 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\dxgthk.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10076","6:05:14.9016270 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\dxgthk.sys","SUCCESS","IndexNumber: 0xbe7000000000be7"
"10078","6:05:14.9019885 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\dxgthk.sys","SUCCESS",""
"10085","6:05:14.9023483 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\fastfat.sys","SUCCESS","CreationTime: 8/16/2005 4:18:17 AM, LastAccessTime: 6/5/2007 4:50:12 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 143,360, EndOfFile: 143,360, FileAttributes: A"
"10088","6:05:14.9027012 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\fastfat.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10092","6:05:14.9030054 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\fastfat.sys","SUCCESS","IndexNumber: 0xc35000000000c35"
"10095","6:05:14.9034024 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\fastfat.sys","SUCCESS",""
"10102","6:05:14.9037544 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\fdc.sys","SUCCESS","CreationTime: 8/3/2004 10:59:28 PM, LastAccessTime: 6/5/2007 4:50:02 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 28,672, EndOfFile: 27,392, FileAttributes: A"
"10103","6:05:14.9040910 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\fdc.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10106","6:05:14.9043802 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\fdc.sys","SUCCESS","IndexNumber: 0xc21000000000c21"
"10117","6:05:14.9052023 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\fdc.sys","SUCCESS",""
"10121","6:05:14.9056231 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\fips.sys","SUCCESS","CreationTime: 8/16/2005 4:18:17 AM, LastAccessTime: 6/5/2007 4:50:10 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 36,864, EndOfFile: 34,944, FileAttributes: A"
"10126","6:05:14.9060309 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\fips.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10128","6:05:14.9063975 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\fips.sys","SUCCESS","IndexNumber: 0xbe6000000000be6"
"10134","6:05:14.9066710 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\fips.sys","SUCCESS",""
"10137","6:05:14.9070554 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\flpydisk.sys","SUCCESS","CreationTime: 8/3/2004 10:59:28 PM, LastAccessTime: 6/5/2007 4:50:02 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 20,480, EndOfFile: 20,480, FileAttributes: A"
"10139","6:05:14.9074222 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\flpydisk.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10144","6:05:14.9077094 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\flpydisk.sys","SUCCESS","IndexNumber: 0xc2d000000000c2d"
"10146","6:05:14.9079988 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\flpydisk.sys","SUCCESS",""
"10153","6:05:14.9083863 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\fltmgr.sys","SUCCESS","CreationTime: 8/16/2005 4:40:14 AM, LastAccessTime: 6/4/2007 11:00:33 AM, LastWriteTime: 8/21/2006 4:14:58 AM, ChangeTime: 4/10/2007 9:36:28 AM, AllocationSize: 131,072, EndOfFile: 128,896, FileAttributes: A"
"10156","6:05:14.9087260 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\fltmgr.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10161","6:05:14.9090053 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\fltmgr.sys","SUCCESS","IndexNumber: 0x3000000005b75"
"10163","6:05:14.9093087 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\fltmgr.sys","SUCCESS",""
"10170","6:05:14.9096685 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\fs_rec.sys","SUCCESS","CreationTime: 8/16/2005 4:18:18 AM, LastAccessTime: 6/5/2007 4:50:07 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 8,192, EndOfFile: 7,936, FileAttributes: A"
"10173","6:05:14.9100320 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\fs_rec.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10177","6:05:14.9103102 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\fs_rec.sys","SUCCESS","IndexNumber: 0xbe1000000000be1"
"10181","6:05:14.9108229 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\fs_rec.sys","SUCCESS",""
"10187","6:05:14.9112106 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\ftdisk.sys","SUCCESS","CreationTime: 8/17/2001 1:52:50 PM, LastAccessTime: 6/4/2007 11:00:33 AM, LastWriteTime: 8/17/2001 1:52:50 PM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 126,976, EndOfFile: 125,056, FileAttributes: A"
"10188","6:05:14.9115160 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\ftdisk.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10189","6:05:14.9117618 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\ftdisk.sys","SUCCESS","IndexNumber: 0xcb2000000000cb2"
"10190","6:05:14.9119987 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\ftdisk.sys","SUCCESS",""
"10194","6:05:14.9123502 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\Hdaudbus.sys","SUCCESS","CreationTime: 8/12/2004 5:45:54 PM, LastAccessTime: 6/5/2007 4:50:02 AM, LastWriteTime: 8/12/2004 5:45:54 PM, ChangeTime: 4/10/2007 9:36:28 AM, AllocationSize: 139,264, EndOfFile: 137,728, FileAttributes: n/a"
"10205","6:05:14.9132777 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\Hdaudbus.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10208","6:05:14.9135975 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\Hdaudbus.sys","SUCCESS","IndexNumber: 0x20000000059eb"
"10209","6:05:14.9138934 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\Hdaudbus.sys","SUCCESS",""
"10215","6:05:14.9142887 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\hidclass.sys","SUCCESS","CreationTime: 8/3/2004 11:08:20 PM, LastAccessTime: 6/5/2007 4:50:08 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 36,864, EndOfFile: 36,224, FileAttributes: A"
"10222","6:05:14.9146728 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\hidclass.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10223","6:05:14.9149469 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\hidclass.sys","SUCCESS","IndexNumber: 0xc66000000000c66"
"10226","6:05:14.9152318 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\hidclass.sys","SUCCESS",""
"10232","6:05:14.9155914 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\hidparse.sys","SUCCESS","CreationTime: 8/3/2004 11:08:18 PM, LastAccessTime: 6/5/2007 4:50:07 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 28,672, EndOfFile: 24,960, FileAttributes: A"
"10236","6:05:14.9159621 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\hidparse.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10240","6:05:14.9162523 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\hidparse.sys","SUCCESS","IndexNumber: 0xc67000000000c67"
"10243","6:05:14.9165082 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\hidparse.sys","SUCCESS",""
"10249","6:05:14.9169482 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\hidusb.sys","SUCCESS","CreationTime: 1/17/2007 5:29:12 PM, LastAccessTime: 6/5/2007 4:50:08 AM, LastWriteTime: 8/17/2001 2:02:20 PM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 12,288, EndOfFile: 9,600, FileAttributes: A"
"10256","6:05:14.9173561 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\hidusb.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10259","6:05:14.9181093 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\hidusb.sys","SUCCESS","IndexNumber: 0x2fbb000000002fb9"
"10264","6:05:14.9183923 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\hidusb.sys","SUCCESS",""
"10266","6:05:14.9187342 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\HSFHWBS2.sys","SUCCESS","CreationTime: 1/13/2007 12:51:24 AM, LastAccessTime: 6/5/2007 4:50:02 AM, LastWriteTime: 11/17/2003 2:59:20 PM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 212,992, EndOfFile: 212,224, FileAttributes: A"
"10275","6:05:14.9198425 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\HSFHWBS2.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10280","6:05:14.9201296 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\HSFHWBS2.sys","SUCCESS","IndexNumber: 0xca8000000000ca8"
"10282","6:05:14.9204191 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\HSFHWBS2.sys","SUCCESS",""
"10296","6:05:14.9220670 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\HSF_CNXT.sys","SUCCESS","CreationTime: 1/13/2007 12:51:24 AM, LastAccessTime: 6/5/2007 4:50:02 AM, LastWriteTime: 11/17/2003 2:58:02 PM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 684,032, EndOfFile: 680,704, FileAttributes: A"
"10302","6:05:14.9224185 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\HSF_CNXT.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10304","6:05:14.9227236 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\HSF_CNXT.sys","SUCCESS","IndexNumber: 0xca6000000000ca6"
"10306","6:05:14.9230228 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\HSF_CNXT.sys","SUCCESS",""
"10312","6:05:14.9233901 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\HSF_DP.sys","SUCCESS","CreationTime: 1/13/2007 12:51:24 AM, LastAccessTime: 6/5/2007 4:50:02 AM, LastWriteTime: 11/17/2003 2:56:26 PM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 1,044,480, EndOfFile: 1,042,432, FileAttributes: A"
"10315","6:05:14.9237452 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\HSF_DP.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10320","6:05:14.9240078 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\HSF_DP.sys","SUCCESS","IndexNumber: 0xcaa000000000caa"
"10323","6:05:14.9242978 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\HSF_DP.sys","SUCCESS",""
"10327","6:05:14.9247246 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\http.sys","SUCCESS","CreationTime: 8/3/2004 11:00:14 PM, LastAccessTime: 6/5/2007 4:50:28 AM, LastWriteTime: 3/16/2006 7:33:10 PM, ChangeTime: 4/10/2007 9:36:28 AM, AllocationSize: 266,240, EndOfFile: 262,784, FileAttributes: A"
"10331","6:05:14.9251498 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\http.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10337","6:05:14.9254267 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\http.sys","SUCCESS","IndexNumber: 0x3000000005a83"
"10340","6:05:14.9257681 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\http.sys","SUCCESS",""
"10346","6:05:14.9263310 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\i2omgmt.sys","SUCCESS","CreationTime: 8/16/2005 9:27:15 PM, LastAccessTime: 6/5/2007 4:50:04 AM, LastWriteTime: 8/3/2004 11:00:52 PM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 8,192, EndOfFile: 8,192, FileAttributes: A"
"10348","6:05:14.9266947 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\i2omgmt.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10354","6:05:14.9269643 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\i2omgmt.sys","SUCCESS","IndexNumber: 0xc8e000000000c8e"
"10357","6:05:14.9272305 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\i2omgmt.sys","SUCCESS",""
"10362","6:05:14.9276658 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\imapi.sys","SUCCESS","CreationTime: 8/3/2004 11:00:16 PM, LastAccessTime: 6/5/2007 4:50:02 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 45,056, EndOfFile: 41,856, FileAttributes: A"
"10365","6:05:14.9280597 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\imapi.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10371","6:05:14.9283349 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\imapi.sys","SUCCESS","IndexNumber: 0xc34000000000c34"
"10374","6:05:14.9288939 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\imapi.sys","SUCCESS",""
"10380","6:05:14.9294582 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\ipnat.sys","SUCCESS","CreationTime: 8/16/2005 4:18:20 AM, LastAccessTime: 6/5/2007 4:50:07 AM, LastWriteTime: 9/29/2004 5:28:37 PM, ChangeTime: 4/10/2007 9:36:28 AM, AllocationSize: 135,168, EndOfFile: 134,912, FileAttributes: A"
"10383","6:05:14.9298580 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\ipnat.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10388","6:05:14.9301359 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\ipnat.sys","SUCCESS","IndexNumber: 0x3000000005aa7"
"10389","6:05:14.9303715 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\ipnat.sys","SUCCESS",""
"10393","6:05:14.9307310 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\ipsec.sys","SUCCESS","CreationTime: 8/16/2005 4:18:20 AM, LastAccessTime: 6/5/2007 4:50:07 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 77,824, EndOfFile: 74,752, FileAttributes: A"
"10398","6:05:14.9311039 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\ipsec.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10400","6:05:14.9314677 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\ipsec.sys","SUCCESS","IndexNumber: 0xc30000000000c30"
"10406","6:05:14.9317443 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\ipsec.sys","SUCCESS",""
"10410","6:05:14.9321787 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\isapnp.sys","SUCCESS","CreationTime: 8/17/2001 1:58:02 PM, LastAccessTime: 6/4/2007 11:00:33 AM, LastWriteTime: 8/17/2001 1:58:02 PM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 36,864, EndOfFile: 35,840, FileAttributes: A"
"10412","6:05:14.9325589 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\isapnp.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10416","6:05:14.9328598 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\isapnp.sys","SUCCESS","IndexNumber: 0xbd7000000000bd7"
"10420","6:05:14.9331872 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\isapnp.sys","SUCCESS",""
"10425","6:05:14.9335895 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\kbdclass.sys","SUCCESS","CreationTime: 8/3/2004 10:58:34 PM, LastAccessTime: 6/5/2007 4:50:02 AM, LastWriteTime: 8/3/2004 10:58:34 PM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 24,576, EndOfFile: 24,576, FileAttributes: A"
"10428","6:05:14.9339292 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\kbdclass.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10433","6:05:14.9342113 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\kbdclass.sys","SUCCESS","IndexNumber: 0xc39000000000c39"
"10435","6:05:14.9344994 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\kbdclass.sys","SUCCESS",""
"10442","6:05:14.9348410 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\kbdhid.sys","SUCCESS","CreationTime: 1/17/2007 5:29:16 PM, LastAccessTime: 6/5/2007 4:50:10 AM, LastWriteTime: 8/3/2004 10:58:36 PM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 16,384, EndOfFile: 14,848, FileAttributes: A"
"10445","6:05:14.9351927 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\kbdhid.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10448","6:05:14.9355073 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\kbdhid.sys","SUCCESS","IndexNumber: 0x2fbc000000002fba"
"10450","6:05:14.9358235 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\kbdhid.sys","SUCCESS",""
"10456","6:05:14.9362077 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\ks.sys","SUCCESS","CreationTime: 8/3/2004 11:15:22 PM, LastAccessTime: 6/5/2007 4:50:02 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 143,360, EndOfFile: 140,928, FileAttributes: A"
"10459","6:05:14.9370617 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\ks.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10460","6:05:14.9373687 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\ks.sys","SUCCESS","IndexNumber: 0xc1f000000000c1f"
"10461","6:05:14.9377565 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\ks.sys","SUCCESS",""
"10463","6:05:14.9381350 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\ksecdd.sys","SUCCESS","CreationTime: 8/16/2005 4:18:22 AM, LastAccessTime: 6/4/2007 11:00:33 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 94,208, EndOfFile: 92,032, FileAttributes: A"
"10464","6:05:14.9384507 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\ksecdd.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10465","6:05:14.9387046 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\ksecdd.sys","SUCCESS","IndexNumber: 0xc11000000000c11"
"10466","6:05:14.9389382 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\ksecdd.sys","SUCCESS",""
"10468","6:05:14.9392564 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\mdmxsdk.sys","SUCCESS","CreationTime: 1/13/2007 12:51:24 AM, LastAccessTime: 6/5/2007 4:50:29 AM, LastWriteTime: 4/9/2003 11:48:08 AM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 12,288, EndOfFile: 11,043, FileAttributes: A"
"10469","6:05:14.9395595 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\mdmxsdk.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10470","6:05:14.9398023 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\mdmxsdk.sys","SUCCESS","IndexNumber: 0xcac000000000cac"
"10471","6:05:14.9400316 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\mdmxsdk.sys","SUCCESS",""
"10473","6:05:14.9403448 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\mnmdd.sys","SUCCESS","CreationTime: 8/16/2005 4:18:54 AM, LastAccessTime: 6/5/2007 4:50:07 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 8,192, EndOfFile: 4,224, FileAttributes: A"
"10474","6:05:14.9406412 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\mnmdd.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10475","6:05:14.9408842 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\mnmdd.sys","SUCCESS","IndexNumber: 0xc05000000000c05"
"10476","6:05:14.9411144 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\mnmdd.sys","SUCCESS",""
"10478","6:05:14.9414279 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\modem.sys","SUCCESS","CreationTime: 8/3/2004 11:08:06 PM, LastAccessTime: 6/5/2007 5:56:30 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 32,768, EndOfFile: 30,080, FileAttributes: A"
"10479","6:05:14.9418050 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\modem.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10480","6:05:14.9420718 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\modem.sys","SUCCESS","IndexNumber: 0xc20000000000c20"
"10481","6:05:14.9422995 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\modem.sys","SUCCESS",""
"10483","6:05:14.9426303 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\MODEMCSA.sys","SUCCESS","CreationTime: 1/13/2007 12:56:53 AM, LastAccessTime: 6/5/2007 4:50:04 AM, LastWriteTime: 8/17/2001 1:57:38 PM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 16,384, EndOfFile: 16,128, FileAttributes: A"
"10484","6:05:14.9429309 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\MODEMCSA.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10485","6:05:14.9431708 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\MODEMCSA.sys","SUCCESS","IndexNumber: 0xcae000000000cae"
"10486","6:05:14.9433966 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\MODEMCSA.sys","SUCCESS",""
"10488","6:05:14.9437047 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\mouclass.sys","SUCCESS","CreationTime: 8/3/2004 10:58:34 PM, LastAccessTime: 6/5/2007 4:50:02 AM, LastWriteTime: 8/3/2004 10:58:34 PM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 24,576, EndOfFile: 23,040, FileAttributes: A"
"10489","6:05:14.9439980 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\mouclass.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10490","6:05:14.9442377 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\mouclass.sys","SUCCESS","IndexNumber: 0xc07000000000c07"
"10491","6:05:14.9444629 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\mouclass.sys","SUCCESS",""
"10493","6:05:14.9450144 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\mouhid.sys","SUCCESS","CreationTime: 1/17/2007 5:29:19 PM, LastAccessTime: 6/5/2007 4:50:10 AM, LastWriteTime: 8/17/2001 1:48:00 PM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 12,288, EndOfFile: 12,160, FileAttributes: A"
"10494","6:05:14.9453287 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\mouhid.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10495","6:05:14.9455753 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\mouhid.sys","SUCCESS","IndexNumber: 0x2fbd000000002fbb"
"10496","6:05:14.9458064 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\mouhid.sys","SUCCESS",""
"10498","6:05:14.9461226 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\mountmgr.sys","SUCCESS","CreationTime: 8/16/2005 4:18:23 AM, LastAccessTime: 6/4/2007 11:00:33 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 45,056, EndOfFile: 42,240, FileAttributes: A"
"10499","6:05:14.9464190 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\mountmgr.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10500","6:05:14.9466643 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\mountmgr.sys","SUCCESS","IndexNumber: 0xc12000000000c12"
"10501","6:05:14.9468956 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\mountmgr.sys","SUCCESS",""
"10503","6:05:14.9472074 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\mrxdav.sys","SUCCESS","CreationTime: 8/16/2005 4:18:25 AM, LastAccessTime: 6/5/2007 4:50:26 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 184,320, EndOfFile: 181,248, FileAttributes: A"
"10504","6:05:14.9475032 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\mrxdav.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10505","6:05:14.9477480 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\mrxdav.sys","SUCCESS","IndexNumber: 0xc13000000000c13"
"10506","6:05:14.9479804 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\mrxdav.sys","SUCCESS",""
"10508","6:05:14.9482927 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\mrxsmb.sys","SUCCESS","CreationTime: 8/16/2005 4:18:25 AM, LastAccessTime: 6/5/2007 4:50:10 AM, LastWriteTime: 5/5/2006 4:41:45 AM, ChangeTime: 4/10/2007 9:36:29 AM, AllocationSize: 454,656, EndOfFile: 453,120, FileAttributes: A"
"10509","6:05:14.9486157 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\mrxsmb.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10510","6:05:14.9488593 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\mrxsmb.sys","SUCCESS","IndexNumber: 0x3e16000000003e13"
"10511","6:05:14.9490892 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\mrxsmb.sys","SUCCESS",""
"10513","6:05:14.9493971 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\msfs.sys","SUCCESS","CreationTime: 8/16/2005 4:18:25 AM, LastAccessTime: 6/5/2007 4:50:07 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 20,480, EndOfFile: 19,072, FileAttributes: A"
"10514","6:05:14.9496907 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\msfs.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10515","6:05:14.9499329 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\msfs.sys","SUCCESS","IndexNumber: 0xc18000000000c18"
"10516","6:05:14.9501617 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\msfs.sys","SUCCESS",""
"10518","6:05:14.9505533 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\msgpc.sys","SUCCESS","CreationTime: 8/16/2005 4:18:25 AM, LastAccessTime: 6/5/2007 4:50:02 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 36,864, EndOfFile: 35,072, FileAttributes: A"
"10519","6:05:14.9508470 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\msgpc.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10520","6:05:14.9510889 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\msgpc.sys","SUCCESS","IndexNumber: 0xc2b000000000c2b"
"10521","6:05:14.9513188 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\msgpc.sys","SUCCESS",""
"10523","6:05:14.9516306 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\mssmbios.sys","SUCCESS","CreationTime: 8/3/2004 11:07:48 PM, LastAccessTime: 6/5/2007 4:50:02 AM, LastWriteTime: 8/3/2004 11:07:48 PM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 16,384, EndOfFile: 15,488, FileAttributes: A"
"10524","6:05:14.9519256 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\mssmbios.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10525","6:05:14.9521703 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\mssmbios.sys","SUCCESS","IndexNumber: 0xcb4000000000cb4"
"10526","6:05:14.9523991 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\mssmbios.sys","SUCCESS",""
"10529","6:05:14.9527670 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\mup.sys","SUCCESS","CreationTime: 8/16/2005 4:18:27 AM, LastAccessTime: 6/4/2007 11:00:33 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 110,592, EndOfFile: 107,904, FileAttributes: A"
"10530","6:05:14.9530903 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\mup.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10531","6:05:14.9533325 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\mup.sys","SUCCESS","IndexNumber: 0xc19000000000c19"
"10532","6:05:14.9535596 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\mup.sys","SUCCESS",""
"10534","6:05:14.9539490 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\ndis.sys","SUCCESS","CreationTime: 8/16/2005 4:18:27 AM, LastAccessTime: 6/4/2007 11:00:33 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 184,320, EndOfFile: 182,912, FileAttributes: A"
"10536","6:05:14.9542851 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\ndis.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10541","6:05:14.9545717 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\ndis.sys","SUCCESS","IndexNumber: 0xc15000000000c15"
"10543","6:05:14.9548821 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\ndis.sys","SUCCESS",""
"10550","6:05:14.9552369 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\ndistapi.sys","SUCCESS","CreationTime: 8/16/2005 4:18:27 AM, LastAccessTime: 6/5/2007 4:50:02 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 12,288, EndOfFile: 9,600, FileAttributes: A"
"10553","6:05:14.9555923 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\ndistapi.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10555","6:05:14.9559247 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\ndistapi.sys","SUCCESS","IndexNumber: 0xbdc000000000bdc"
"10560","6:05:14.9562655 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\ndistapi.sys","SUCCESS",""
"10567","6:05:14.9566259 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\ndisuio.sys","SUCCESS","CreationTime: 8/3/2004 11:03:14 PM, LastAccessTime: 6/5/2007 4:50:18 AM, LastWriteTime: 6/20/2005 1:52:56 PM, ChangeTime: 4/10/2007 9:36:28 AM, AllocationSize: 16,384, EndOfFile: 14,592, FileAttributes: A"
"10570","6:05:14.9569871 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\ndisuio.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10574","6:05:14.9573299 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\ndisuio.sys","SUCCESS","IndexNumber: 0xca3000000000ca3"
"10577","6:05:14.9577702 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\ndisuio.sys","SUCCESS",""
"10584","6:05:14.9581283 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\ndiswan.sys","SUCCESS","CreationTime: 8/16/2005 4:18:27 AM, LastAccessTime: 6/5/2007 4:50:02 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 94,208, EndOfFile: 91,776, FileAttributes: A"
"10587","6:05:14.9585222 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\ndiswan.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10589","6:05:14.9589374 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\ndiswan.sys","SUCCESS","IndexNumber: 0xc27000000000c27"
"10593","6:05:14.9592109 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\ndiswan.sys","SUCCESS",""
"10601","6:05:14.9596436 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\ndproxy.sys","SUCCESS","CreationTime: 8/16/2005 4:18:27 AM, LastAccessTime: 6/5/2007 4:50:02 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 40,960, EndOfFile: 38,016, FileAttributes: A"
"10604","6:05:14.9600054 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\ndproxy.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10605","6:05:14.9603004 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\ndproxy.sys","SUCCESS","IndexNumber: 0xbdf000000000bdf"
"10610","6:05:14.9605658 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\ndproxy.sys","SUCCESS",""
"10618","6:05:14.9612768 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\netbios.sys","SUCCESS","CreationTime: 8/16/2005 4:18:27 AM, LastAccessTime: 6/5/2007 4:50:10 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 36,864, EndOfFile: 34,560, FileAttributes: A"
"10621","6:05:14.9616497 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\netbios.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10623","6:05:14.9620322 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\netbios.sys","SUCCESS","IndexNumber: 0xc1a000000000c1a"
"10627","6:05:14.9623451 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\netbios.sys","SUCCESS",""
"10635","6:05:14.9627203 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\netbt.sys","SUCCESS","CreationTime: 8/16/2005 4:18:27 AM, LastAccessTime: 6/5/2007 4:50:07 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 163,840, EndOfFile: 162,816, FileAttributes: A"
"10638","6:05:14.9631242 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\netbt.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10639","6:05:14.9634150 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\netbt.sys","SUCCESS","IndexNumber: 0xc32000000000c32"
"10644","6:05:14.9636916 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\netbt.sys","SUCCESS",""
"10649","6:05:14.9640674 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\npfs.sys","SUCCESS","CreationTime: 8/16/2005 4:18:28 AM, LastAccessTime: 6/5/2007 4:50:07 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 32,768, EndOfFile: 30,848, FileAttributes: A"
"10653","6:05:14.9643976 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\npfs.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10656","6:05:14.9646764 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\npfs.sys","SUCCESS","IndexNumber: 0xc1b000000000c1b"
"10660","6:05:14.9649616 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\npfs.sys","SUCCESS",""
"10664","6:05:14.9658095 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\ntfs.sys","SUCCESS","CreationTime: 8/16/2005 4:18:29 AM, LastAccessTime: 6/4/2007 11:00:34 AM, LastWriteTime: 2/9/2007 6:10:35 AM, ChangeTime: 5/8/2007 10:36:43 PM, AllocationSize: 577,536, EndOfFile: 574,464, FileAttributes: A"
"10665","6:05:14.9661182 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\ntfs.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10666","6:05:14.9663626 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\ntfs.sys","SUCCESS","IndexNumber: 0x500000000bd5e"
"10667","6:05:14.9665883 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\ntfs.sys","SUCCESS",""
"10669","6:05:14.9669744 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\null.sys","SUCCESS","CreationTime: 8/16/2005 4:18:30 AM, LastAccessTime: 6/5/2007 4:50:07 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 4,096, EndOfFile: 2,944, FileAttributes: A"
"10677","6:05:14.9678092 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\null.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10682","6:05:14.9682461 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\null.sys","SUCCESS","IndexNumber: 0xbe2000000000be2"
"10684","6:05:14.9685892 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\null.sys","SUCCESS",""
"10691","6:05:14.9692507 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\nv4_mini.sys","SUCCESS","CreationTime: 8/16/2005 4:35:01 AM, LastAccessTime: 6/5/2007 4:50:02 AM, LastWriteTime: 8/23/2006 12:12:38 PM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 3,960,832, EndOfFile: 3,959,712, FileAttributes: A"
"10694","6:05:14.9696407 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\nv4_mini.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10697","6:05:14.9699360 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\nv4_mini.sys","SUCCESS","IndexNumber: 0xbeb000000000beb"
"10699","6:05:14.9702187 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\nv4_mini.sys","SUCCESS",""
"10706","6:05:14.9705995 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\partmgr.sys","SUCCESS","CreationTime: 8/16/2005 4:18:32 AM, LastAccessTime: 6/4/2007 11:00:34 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 20,480, EndOfFile: 18,688, FileAttributes: A"
"10708","6:05:14.9709037 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\partmgr.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10710","6:05:14.9711850 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\partmgr.sys","SUCCESS","IndexNumber: 0xbdb000000000bdb"
"10711","6:05:14.9714119 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\partmgr.sys","SUCCESS",""
"10713","6:05:14.9717220 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\pci.sys","SUCCESS","CreationTime: 8/3/2004 11:07:48 PM, LastAccessTime: 6/4/2007 11:00:34 AM, LastWriteTime: 8/3/2004 11:07:48 PM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 69,632, EndOfFile: 68,224, FileAttributes: A"
"10714","6:05:14.9720125 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\pci.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10715","6:05:14.9722528 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\pci.sys","SUCCESS","IndexNumber: 0xc70000000000c70"
"10716","6:05:14.9724768 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\pci.sys","SUCCESS",""
"10718","6:05:14.9727824 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\pciide.sys","SUCCESS","CreationTime: 8/17/2001 1:51:52 PM, LastAccessTime: 6/4/2007 11:00:34 AM, LastWriteTime: 8/17/2001 1:51:52 PM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 4,096, EndOfFile: 3,328, FileAttributes: A"
"10719","6:05:14.9731735 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\pciide.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10720","6:05:14.9734347 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\pciide.sys","SUCCESS","IndexNumber: 0xc0c000000000c0c"
"10721","6:05:14.9736658 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\pciide.sys","SUCCESS",""
"10723","6:05:14.9739843 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\pciidex.sys","SUCCESS","CreationTime: 8/3/2004 10:59:42 PM, LastAccessTime: 6/4/2007 8:29:13 AM, LastWriteTime: 8/3/2004 10:59:42 PM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 28,672, EndOfFile: 25,088, FileAttributes: A"
"10724","6:05:14.9742857 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\pciidex.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10725","6:05:14.9745287 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\pciidex.sys","SUCCESS","IndexNumber: 0xc9e000000000c9e"
"10726","6:05:14.9747570 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\pciidex.sys","SUCCESS",""
"10728","6:05:14.9750696 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\portcls.sys","SUCCESS","CreationTime: 3/16/2004 11:58:20 AM, LastAccessTime: 6/5/2007 4:50:03 AM, LastWriteTime: 3/16/2004 11:58:20 AM, ChangeTime: 4/10/2007 9:36:28 AM, AllocationSize: 139,264, EndOfFile: 136,960, FileAttributes: n/a"
"10729","6:05:14.9753654 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\portcls.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10730","6:05:14.9756074 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\portcls.sys","SUCCESS","IndexNumber: 0x20000000059ea"
"10731","6:05:14.9758351 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\portcls.sys","SUCCESS",""
"10733","6:05:14.9761454 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\psched.sys","SUCCESS","CreationTime: 8/16/2005 4:18:33 AM, LastAccessTime: 6/5/2007 4:50:02 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 69,632, EndOfFile: 69,120, FileAttributes: A"
"10734","6:05:14.9764396 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\psched.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10735","6:05:14.9769014 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\psched.sys","SUCCESS","IndexNumber: 0xc2a000000000c2a"
"10736","6:05:14.9771444 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\psched.sys","SUCCESS",""
"10738","6:05:14.9774582 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\ptilink.sys","SUCCESS","CreationTime: 8/16/2005 4:18:33 AM, LastAccessTime: 6/5/2007 4:50:02 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 20,480, EndOfFile: 17,792, FileAttributes: A"
"10739","6:05:14.9777546 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\ptilink.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10740","6:05:14.9779973 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\ptilink.sys","SUCCESS","IndexNumber: 0xbdd000000000bdd"
"10741","6:05:14.9782256 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\ptilink.sys","SUCCESS",""
"10743","6:05:14.9785767 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\pxhelp20.sys","SUCCESS","CreationTime: 1/26/2005 2:03:00 AM, LastAccessTime: 6/4/2007 11:00:34 AM, LastWriteTime: 8/24/2006 5:33:36 AM, ChangeTime: 4/10/2007 9:36:28 AM, AllocationSize: 36,864, EndOfFile: 36,528, FileAttributes: n/a"
"10745","6:05:14.9789949 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\pxhelp20.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10746","6:05:14.9792855 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\pxhelp20.sys","SUCCESS","IndexNumber: 0xcaf000000000cab"
"10751","6:05:14.9795676 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\pxhelp20.sys","SUCCESS",""
"10757","6:05:14.9799909 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\rasacd.sys","SUCCESS","CreationTime: 8/16/2005 4:18:33 AM, LastAccessTime: 6/5/2007 4:50:07 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 12,288, EndOfFile: 8,832, FileAttributes: A"
"10761","6:05:14.9803510 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\rasacd.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10763","6:05:14.9806561 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\rasacd.sys","SUCCESS","IndexNumber: 0xbe5000000000be5"
"10766","6:05:14.9809759 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\rasacd.sys","SUCCESS",""
"10772","6:05:14.9813919 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\rasl2tp.sys","SUCCESS","CreationTime: 8/16/2005 4:18:33 AM, LastAccessTime: 6/5/2007 4:50:02 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 53,248, EndOfFile: 51,328, FileAttributes: A"
"10776","6:05:14.9817207 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\rasl2tp.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10777","6:05:14.9820235 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\rasl2tp.sys","SUCCESS","IndexNumber: 0xc26000000000c26"
"10779","6:05:14.9823135 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\rasl2tp.sys","SUCCESS",""
"10785","6:05:14.9826823 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\raspppoe.sys","SUCCESS","CreationTime: 8/16/2005 4:18:34 AM, LastAccessTime: 6/5/2007 4:50:02 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 45,056, EndOfFile: 41,472, FileAttributes: A"
"10790","6:05:14.9830326 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\raspppoe.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10793","6:05:14.9833058 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\raspppoe.sys","SUCCESS","IndexNumber: 0xc28000000000c28"
"10796","6:05:14.9835782 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\raspppoe.sys","SUCCESS",""
"10798","6:05:14.9839364 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\raspptp.sys","SUCCESS","CreationTime: 8/16/2005 4:18:34 AM, LastAccessTime: 6/5/2007 4:50:02 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 49,152, EndOfFile: 48,384, FileAttributes: A"
"10803","6:05:14.9842842 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\raspptp.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10806","6:05:14.9845795 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\raspptp.sys","SUCCESS","IndexNumber: 0xc29000000000c29"
"10811","6:05:14.9848309 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\raspptp.sys","SUCCESS",""
"10815","6:05:14.9854206 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\raspti.sys","SUCCESS","CreationTime: 8/16/2005 4:18:34 AM, LastAccessTime: 6/5/2007 4:50:02 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 20,480, EndOfFile: 16,512, FileAttributes: A"
"10818","6:05:14.9858553 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\raspti.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10822","6:05:14.9861531 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\raspti.sys","SUCCESS","IndexNumber: 0xbde000000000bde"
"10827","6:05:14.9864923 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\raspti.sys","SUCCESS",""
"10832","6:05:14.9869379 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\rdbss.sys","SUCCESS","CreationTime: 8/16/2005 4:18:34 AM, LastAccessTime: 6/5/2007 4:50:10 AM, LastWriteTime: 5/5/2006 4:47:57 AM, ChangeTime: 4/10/2007 9:36:29 AM, AllocationSize: 176,128, EndOfFile: 174,592, FileAttributes: A"
"10834","6:05:14.9873035 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\rdbss.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10837","6:05:14.9875980 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\rdbss.sys","SUCCESS","IndexNumber: 0x3e15000000003e12"
"10841","6:05:14.9879346 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\rdbss.sys","SUCCESS",""
"10846","6:05:14.9882755 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\rdpcdd.sys","SUCCESS","CreationTime: 8/16/2005 4:18:34 AM, LastAccessTime: 6/5/2007 4:50:07 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 8,192, EndOfFile: 4,224, FileAttributes: A"
"10848","6:05:14.9886364 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\rdpcdd.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10849","6:05:14.9889289 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\rdpcdd.sys","SUCCESS","IndexNumber: 0xbe4000000000be4"
"10850","6:05:14.9891580 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\rdpcdd.sys","SUCCESS",""
"10852","6:05:14.9894798 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\rdpdr.sys","SUCCESS","CreationTime: 8/16/2005 4:37:15 AM, LastAccessTime: 6/5/2007 4:50:02 AM, LastWriteTime: 8/3/2004 11:01:16 PM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 200,704, EndOfFile: 196,864, FileAttributes: A"
"10853","6:05:14.9898134 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\rdpdr.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10854","6:05:14.9900533 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\rdpdr.sys","SUCCESS","IndexNumber: 0xbda000000000bda"
"10855","6:05:14.9902796 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\rdpdr.sys","SUCCESS",""
"10857","6:05:14.9905886 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\redbook.sys","SUCCESS","CreationTime: 8/16/2005 4:35:21 AM, LastAccessTime: 6/5/2007 4:50:02 AM, LastWriteTime: 8/3/2004 10:59:38 PM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 61,440, EndOfFile: 57,472, FileAttributes: A"
"10858","6:05:14.9908800 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\redbook.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10859","6:05:14.9911191 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\redbook.sys","SUCCESS","IndexNumber: 0xc7d000000000c7d"
"10860","6:05:14.9913448 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\redbook.sys","SUCCESS",""
"10862","6:05:14.9916499 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\sr.sys","SUCCESS","CreationTime: 8/16/2005 4:40:14 AM, LastAccessTime: 6/4/2007 11:00:34 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 73,728, EndOfFile: 73,472, FileAttributes: A"
"10863","6:05:14.9920460 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\sr.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10864","6:05:14.9923098 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\sr.sys","SUCCESS","IndexNumber: 0xc94000000000c94"
"10865","6:05:14.9925355 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\sr.sys","SUCCESS",""
"10867","6:05:14.9931806 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\srv.sys","SUCCESS","CreationTime: 8/16/2005 4:18:40 AM, LastAccessTime: 6/5/2007 4:50:29 AM, LastWriteTime: 8/14/2006 5:34:41 AM, ChangeTime: 4/10/2007 9:36:29 AM, AllocationSize: 335,872, EndOfFile: 332,928, FileAttributes: A"
"10868","6:05:14.9934825 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\srv.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10869","6:05:14.9937236 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\srv.sys","SUCCESS","IndexNumber: 0x300000000500c"
"10870","6:05:14.9939482 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\srv.sys","SUCCESS",""
"10872","6:05:14.9942676 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\sthda.sys","SUCCESS","CreationTime: 1/13/2007 12:51:01 AM, LastAccessTime: 6/5/2007 4:50:03 AM, LastWriteTime: 8/15/2006 2:38:14 AM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 1,175,552, EndOfFile: 1,171,464, FileAttributes: A"
"10873","6:05:14.9945615 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\sthda.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10874","6:05:14.9948003 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\sthda.sys","SUCCESS","IndexNumber: 0x3d48000000003d45"
"10875","6:05:14.9950263 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\sthda.sys","SUCCESS",""
"10877","6:05:14.9953342 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\swenum.sys","SUCCESS","CreationTime: 8/3/2004 10:58:42 PM, LastAccessTime: 6/5/2007 4:50:02 AM, LastWriteTime: 8/3/2004 10:58:42 PM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 8,192, EndOfFile: 4,352, FileAttributes: A"
"10878","6:05:14.9956256 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\swenum.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10879","6:05:14.9958694 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\swenum.sys","SUCCESS","IndexNumber: 0xcb3000000000cb3"
"10881","6:05:14.9962139 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\swenum.sys","SUCCESS",""
"10883","6:05:14.9965782 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\sysaudio.sys","SUCCESS","CreationTime: 1/13/2007 1:10:10 AM, LastAccessTime: 6/5/2007 4:50:25 AM, LastWriteTime: 8/3/2004 11:15:56 PM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 61,440, EndOfFile: 60,800, FileAttributes: A"
"10888","6:05:14.9969335 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\sysaudio.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10892","6:05:14.9972557 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\sysaudio.sys","SUCCESS","IndexNumber: 0x20000000059ff"
"10896","6:05:14.9975308 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\sysaudio.sys","SUCCESS",""
"10900","6:05:14.9979275 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\tcpip.sys","SUCCESS","CreationTime: 8/16/2005 4:18:41 AM, LastAccessTime: 6/5/2007 4:50:07 AM, LastWriteTime: 4/20/2006 6:51:50 AM, ChangeTime: 4/10/2007 9:36:29 AM, AllocationSize: 360,448, EndOfFile: 359,808, FileAttributes: A"
"10903","6:05:14.9982773 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\tcpip.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10908","6:05:14.9986349 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\tcpip.sys","SUCCESS","IndexNumber: 0x3000000005b90"
"10912","6:05:14.9989575 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\tcpip.sys","SUCCESS",""
"10914","6:05:14.9992710 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\tdi.sys","SUCCESS","CreationTime: 8/16/2005 4:18:41 AM, LastAccessTime: 6/5/2007 4:50:02 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 20,480, EndOfFile: 18,560, FileAttributes: A"
"10915","6:05:14.9995638 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\tdi.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10916","6:05:14.9998029 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\tdi.sys","SUCCESS","IndexNumber: 0xc14000000000c14"
"10917","6:05:15.0000264 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\tdi.sys","SUCCESS",""
"10919","6:05:15.0004130 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\termdd.sys","SUCCESS","CreationTime: 8/16/2005 4:37:16 AM, LastAccessTime: 6/5/2007 4:50:02 AM, LastWriteTime: 8/4/2004 1:01:08 AM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 40,960, EndOfFile: 40,840, FileAttributes: A"
"10920","6:05:15.0009567 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\termdd.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10921","6:05:15.0012349 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\termdd.sys","SUCCESS","IndexNumber: 0xc4d000000000c4d"
"10922","6:05:15.0014690 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\termdd.sys","SUCCESS",""
"10924","6:05:15.0017939 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\udfreadr.sys","SUCCESS","CreationTime: 1/25/2007 2:17:28 PM, LastAccessTime: 6/5/2007 4:50:07 AM, LastWriteTime: 2/22/2002 7:02:50 PM, ChangeTime: 3/31/2007 5:58:23 AM, AllocationSize: 208,896, EndOfFile: 206,208, FileAttributes: A"
"10925","6:05:15.0020945 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\udfreadr.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10926","6:05:15.0023381 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\udfreadr.sys","SUCCESS","IndexNumber: 0x700000000c55f"
"10927","6:05:15.0025681 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\udfreadr.sys","SUCCESS",""
"10929","6:05:15.0028748 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\update.sys","SUCCESS","CreationTime: 8/16/2005 4:18:58 AM, LastAccessTime: 6/5/2007 4:50:02 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:24 AM, AllocationSize: 212,992, EndOfFile: 209,408, FileAttributes: A"
"10930","6:05:15.0031673 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\update.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10931","6:05:15.0034092 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\update.sys","SUCCESS","IndexNumber: 0xc60000000000c60"
"10932","6:05:15.0036369 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\update.sys","SUCCESS",""
"10934","6:05:15.0039462 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\usbd.sys","SUCCESS","CreationTime: 8/17/2001 2:03:02 PM, LastAccessTime: 6/5/2007 4:50:03 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:24 AM, AllocationSize: 8,192, EndOfFile: 4,736, FileAttributes: A"
"10935","6:05:15.0043001 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\usbd.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10936","6:05:15.0045404 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\usbd.sys","SUCCESS","IndexNumber: 0xc0b000000000c0b"
"10937","6:05:15.0047686 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\usbd.sys","SUCCESS",""
"10939","6:05:15.0050776 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\usbehci.sys","SUCCESS","CreationTime: 8/3/2004 11:08:38 PM, LastAccessTime: 6/5/2007 4:50:02 AM, LastWriteTime: 10/25/2005 6:39:41 PM, ChangeTime: 4/10/2007 9:36:28 AM, AllocationSize: 28,672, EndOfFile: 27,264, FileAttributes: A"
"10940","6:05:15.0053712 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\usbehci.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10941","6:05:15.0056143 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\usbehci.sys","SUCCESS","IndexNumber: 0xc6a000000000c68"
"10942","6:05:15.0058419 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\usbehci.sys","SUCCESS",""
"10944","6:05:15.0061509 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\usbhub.sys","SUCCESS","CreationTime: 8/3/2004 11:08:44 PM, LastAccessTime: 6/5/2007 4:50:03 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:24 AM, AllocationSize: 61,440, EndOfFile: 57,600, FileAttributes: A"
"10945","6:05:15.0064429 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\usbhub.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10946","6:05:15.0066823 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\usbhub.sys","SUCCESS","IndexNumber: 0xc65000000000c65"
"10947","6:05:15.0069100 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\usbhub.sys","SUCCESS",""
"10949","6:05:15.0072181 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\usbohci.sys","SUCCESS","CreationTime: 1/13/2007 12:56:02 AM, LastAccessTime: 6/5/2007 4:50:02 AM, LastWriteTime: 8/3/2004 11:08:38 PM, ChangeTime: 3/31/2007 5:58:24 AM, AllocationSize: 20,480, EndOfFile: 17,024, FileAttributes: A"
"10950","6:05:15.0075109 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\usbohci.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10951","6:05:15.0077531 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\usbohci.sys","SUCCESS","IndexNumber: 0xca4000000000ca4"
"10952","6:05:15.0079816 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\usbohci.sys","SUCCESS",""
"10954","6:05:15.0082883 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\usbport.sys","SUCCESS","CreationTime: 8/3/2004 11:08:44 PM, LastAccessTime: 6/5/2007 4:50:02 AM, LastWriteTime: 10/25/2005 6:39:41 PM, ChangeTime: 4/10/2007 9:36:28 AM, AllocationSize: 143,360, EndOfFile: 143,104, FileAttributes: A"
"10955","6:05:15.0085811 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\usbport.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10956","6:05:15.0090516 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\usbport.sys","SUCCESS","IndexNumber: 0x90000000054a2"
"10957","6:05:15.0092846 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\usbport.sys","SUCCESS",""
"10959","6:05:15.0096268 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\usbscan.sys","SUCCESS","CreationTime: 2/9/2007 7:49:59 PM, LastAccessTime: 6/5/2007 4:50:07 AM, LastWriteTime: 8/3/2004 11:58:46 PM, ChangeTime: 3/31/2007 5:58:24 AM, AllocationSize: 16,384, EndOfFile: 15,104, FileAttributes: A"
"10960","6:05:15.0099209 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\usbscan.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10961","6:05:15.0101646 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\usbscan.sys","SUCCESS","IndexNumber: 0x300000000e8ab"
"10962","6:05:15.0103948 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\usbscan.sys","SUCCESS",""
"10964","6:05:15.0107054 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\vga.sys","SUCCESS","CreationTime: 8/16/2005 4:18:43 AM, LastAccessTime: 6/5/2007 4:50:07 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:24 AM, AllocationSize: 24,576, EndOfFile: 20,992, FileAttributes: A"
"10965","6:05:15.0109965 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\vga.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10966","6:05:15.0112359 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\vga.sys","SUCCESS","IndexNumber: 0xc2f000000000c2f"
"10968","6:05:15.0115030 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\vga.sys","SUCCESS",""
"10970","6:05:15.0118150 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\videoprt.sys","SUCCESS","CreationTime: 8/16/2005 4:18:43 AM, LastAccessTime: 6/5/2007 4:50:02 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:24 AM, AllocationSize: 81,920, EndOfFile: 79,744, FileAttributes: A"
"10971","6:05:15.0121075 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\videoprt.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10972","6:05:15.0123511 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\videoprt.sys","SUCCESS","IndexNumber: 0xc1e000000000c1e"
"10973","6:05:15.0125783 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\videoprt.sys","SUCCESS",""
"10975","6:05:15.0128853 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\volsnap.sys","SUCCESS","CreationTime: 8/16/2005 4:18:43 AM, LastAccessTime: 6/4/2007 11:00:35 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:24 AM, AllocationSize: 53,248, EndOfFile: 52,352, FileAttributes: A"
"10976","6:05:15.0131756 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\volsnap.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10977","6:05:15.0134440 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\volsnap.sys","SUCCESS","IndexNumber: 0xc1c000000000c1c"
"10978","6:05:15.0137130 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\volsnap.sys","SUCCESS",""
"10981","6:05:15.0140611 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\wanarp.sys","SUCCESS","CreationTime: 8/16/2005 4:18:43 AM, LastAccessTime: 6/5/2007 4:50:07 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:24 AM, AllocationSize: 36,864, EndOfFile: 34,560, FileAttributes: A"
"10986","6:05:15.0144034 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\wanarp.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10988","6:05:15.0147028 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\wanarp.sys","SUCCESS","IndexNumber: 0xc33000000000c33"
"10994","6:05:15.0149506 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\wanarp.sys","SUCCESS",""
"10996","6:05:15.0153552 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\wdmaud.sys","SUCCESS","CreationTime: 1/13/2007 1:10:22 AM, LastAccessTime: 6/5/2007 4:50:25 AM, LastWriteTime: 6/14/2006 4:00:45 AM, ChangeTime: 4/10/2007 9:36:28 AM, AllocationSize: 86,016, EndOfFile: 82,944, FileAttributes: A"
"10997","6:05:15.0156683 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\wdmaud.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"10998","6:05:15.0159142 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\wdmaud.sys","SUCCESS","IndexNumber: 0x3000000005c09"
"10999","6:05:15.0161011 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\wdmaud.sys","SUCCESS",""
"11003","6:05:15.0162860 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\drivers\wmilib.sys","SUCCESS","CreationTime: 8/16/2005 4:18:45 AM, LastAccessTime: 6/5/2007 4:50:13 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:24 AM, AllocationSize: 8,192, EndOfFile: 4,352, FileAttributes: A"
"11005","6:05:15.0165416 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers\wmilib.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"11013","6:05:15.0169512 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers\wmilib.sys","SUCCESS","IndexNumber: 0xbd8000000000bd8"
"11016","6:05:15.0170973 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers\wmilib.sys","SUCCESS",""
"11020","6:05:15.0172948 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\fltlib.dll","SUCCESS","CreationTime: 8/16/2005 4:40:14 AM, LastAccessTime: 6/5/2007 6:05:04 AM, LastWriteTime: 8/21/2006 7:21:06 AM, ChangeTime: 4/10/2007 9:36:28 AM, AllocationSize: 20,480, EndOfFile: 16,896, FileAttributes: A"
"11024","6:05:15.0174658 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\fltlib.dll","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"11026","6:05:15.0175937 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\fltlib.dll","SUCCESS","IndexNumber: 0x3000000005b77"
"11028","6:05:15.0177267 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\fltlib.dll","SUCCESS",""
"11035","6:05:15.0178831 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\gdi32.dll","SUCCESS","CreationTime: 8/16/2005 4:18:18 AM, LastAccessTime: 6/5/2007 6:05:04 AM, LastWriteTime: 3/8/2007 10:36:28 AM, ChangeTime: 4/10/2007 9:36:29 AM, AllocationSize: 282,624, EndOfFile: 281,600, FileAttributes: A"
"11038","6:05:15.0180533 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\gdi32.dll","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"11039","6:05:15.0181717 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\gdi32.dll","SUCCESS","IndexNumber: 0x800000000fdec"
"11041","6:05:15.0183106 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\gdi32.dll","SUCCESS",""
"11047","6:05:15.0185254 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\HAL.DLL","SUCCESS","CreationTime: 8/3/2004 10:59:10 PM, LastAccessTime: 6/4/2007 11:00:48 AM, LastWriteTime: 6/22/2005 7:05:52 PM, ChangeTime: 4/10/2007 9:36:28 AM, AllocationSize: 135,168, EndOfFile: 134,272, FileAttributes: A"
"11053","6:05:15.0187003 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\HAL.DLL","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"11054","6:05:15.0188022 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\HAL.DLL","SUCCESS","IndexNumber: 0x1594000000001592"
"11057","6:05:15.0189715 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\HAL.DLL","SUCCESS",""
"11059","6:05:15.0191948 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\imm32.dll","SUCCESS","CreationTime: 8/16/2005 4:18:19 AM, LastAccessTime: 6/5/2007 6:05:04 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:07 AM, AllocationSize: 110,592, EndOfFile: 110,080, FileAttributes: A"
"11084","6:05:15.0208668 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\imm32.dll","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"11086","6:05:15.0210788 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\imm32.dll","SUCCESS","IndexNumber: 0x1269000000001269"
"11088","6:05:15.0212109 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\imm32.dll","SUCCESS",""
"11094","6:05:15.0213995 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\kdcom.dll","SUCCESS","CreationTime: 8/16/2005 4:18:21 AM, LastAccessTime: 6/4/2007 11:00:53 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:08 AM, AllocationSize: 8,192, EndOfFile: 7,040, FileAttributes: A"
"11098","6:05:15.0215624 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\kdcom.dll","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"11099","6:05:15.0216655 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\kdcom.dll","SUCCESS","IndexNumber: 0xf90000000000f90"
"11100","6:05:15.0217571 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\kdcom.dll","SUCCESS",""
"11103","6:05:15.0219275 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\kernel32.dll","SUCCESS","CreationTime: 8/16/2005 4:18:21 AM, LastAccessTime: 6/5/2007 6:05:04 AM, LastWriteTime: 7/5/2006 5:55:01 AM, ChangeTime: 4/10/2007 9:36:29 AM, AllocationSize: 987,136, EndOfFile: 984,064, FileAttributes: A"
"11104","6:05:15.0220543 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\kernel32.dll","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"11105","6:05:15.0221532 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\kernel32.dll","SUCCESS","IndexNumber: 0x2000000005163"
"11106","6:05:15.0222513 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\kernel32.dll","SUCCESS",""
"11109","6:05:15.0224091 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\locale.nls","SUCCESS","CreationTime: 8/16/2005 4:18:22 AM, LastAccessTime: 6/4/2007 8:25:47 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:08 AM, AllocationSize: 249,856, EndOfFile: 249,270, FileAttributes: A"
"11112","6:05:15.0225966 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\locale.nls","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"11113","6:05:15.0227463 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\locale.nls","SUCCESS","IndexNumber: 0x1243000000001243"
"11115","6:05:15.0228782 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\locale.nls","SUCCESS",""
"11121","6:05:15.0230885 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\msasn1.dll","SUCCESS","CreationTime: 8/16/2005 4:18:25 AM, LastAccessTime: 6/5/2007 6:02:28 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:08 AM, AllocationSize: 57,344, EndOfFile: 57,344, FileAttributes: A"
"11124","6:05:15.0232288 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\msasn1.dll","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"11125","6:05:15.0233288 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\msasn1.dll","SUCCESS","IndexNumber: 0x123c00000000123c"
"11126","6:05:15.0234394 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\msasn1.dll","SUCCESS",""
"11129","6:05:15.0235908 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\MSCTF.dll","SUCCESS","CreationTime: 8/16/2005 4:18:49 AM, LastAccessTime: 6/5/2007 6:05:04 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:09 AM, AllocationSize: 294,912, EndOfFile: 294,400, FileAttributes: A"
"11130","6:05:15.0237160 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\MSCTF.dll","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"11131","6:05:15.0238389 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\MSCTF.dll","SUCCESS","IndexNumber: 0x154e00000000154e"
"11133","6:05:15.0239501 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\MSCTF.dll","SUCCESS",""
"11136","6:05:15.0241744 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\MSCTFIME.IME","SUCCESS","CreationTime: 8/16/2005 4:18:49 AM, LastAccessTime: 6/5/2007 6:05:04 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:09 AM, AllocationSize: 180,224, EndOfFile: 177,152, FileAttributes: A"
"11138","6:05:15.0243694 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\MSCTFIME.IME","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"11141","6:05:15.0245689 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\MSCTFIME.IME","SUCCESS","IndexNumber: 0x153c00000000153c"
"11147","6:05:15.0248712 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\MSCTFIME.IME","SUCCESS",""
"11149","6:05:15.0250153 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\MSIMTF.dll","SUCCESS","CreationTime: 8/16/2005 4:18:49 AM, LastAccessTime: 6/5/2007 6:05:04 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:09 AM, AllocationSize: 159,744, EndOfFile: 159,232, FileAttributes: A"
"11150","6:05:15.0251511 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\MSIMTF.dll","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"11152","6:05:15.0252547 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\MSIMTF.dll","SUCCESS","IndexNumber: 0x1552000000001552"
"11153","6:05:15.0253475 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\MSIMTF.dll","SUCCESS",""
"11155","6:05:15.0254872 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\mslbui.dll","SUCCESS","CreationTime: 8/16/2005 4:18:49 AM, LastAccessTime: 6/5/2007 6:05:04 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:09 AM, AllocationSize: 28,672, EndOfFile: 25,088, FileAttributes: A"
"11157","6:05:15.0256470 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\mslbui.dll","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"11158","6:05:15.0257724 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\mslbui.dll","SUCCESS","IndexNumber: 0x1553000000001553"
"11162","6:05:15.0258864 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\mslbui.dll","SUCCESS",""
"11166","6:05:15.0261174 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\msvcrt.dll","SUCCESS","CreationTime: 8/16/2005 4:18:27 AM, LastAccessTime: 6/5/2007 6:05:04 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:09 AM, AllocationSize: 344,064, EndOfFile: 343,040, FileAttributes: A"
"11172","6:05:15.0262727 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\msvcrt.dll","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"11173","6:05:15.0263739 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\msvcrt.dll","SUCCESS","IndexNumber: 0x1236000000001236"
"11175","6:05:15.0265356 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\msvcrt.dll","SUCCESS",""
"11178","6:05:15.0267010 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\ntdll.dll","SUCCESS","CreationTime: 8/16/2005 4:18:29 AM, LastAccessTime: 6/5/2007 6:05:04 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:09 AM, AllocationSize: 708,608, EndOfFile: 708,096, FileAttributes: A"
"11183","6:05:15.0268670 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\ntdll.dll","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"11185","6:05:15.0269974 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\ntdll.dll","SUCCESS","IndexNumber: 0x1221000000001221"
"11189","6:05:15.0271153 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\ntdll.dll","SUCCESS",""
"11194","6:05:15.0272720 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\ntkrnlpa.exe","SUCCESS","CreationTime: 8/3/2004 10:59:00 PM, LastAccessTime: 6/5/2007 4:50:17 AM, LastWriteTime: 2/28/2007 4:15:59 AM, ChangeTime: 4/11/2007 10:05:00 PM, AllocationSize: 2,019,328, EndOfFile: 2,017,280, FileAttributes: A"
"11195","6:05:15.0273983 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\ntkrnlpa.exe","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"11196","6:05:15.0275246 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\ntkrnlpa.exe","SUCCESS","IndexNumber: 0x10000000010b87"
"11199","6:05:15.0276411 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\ntkrnlpa.exe","SUCCESS",""
"11201","6:05:15.0278291 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\nv4_disp.dll","SUCCESS","CreationTime: 8/16/2005 4:35:00 AM, LastAccessTime: 6/5/2007 4:50:14 AM, LastWriteTime: 8/23/2006 12:12:38 PM, ChangeTime: 3/31/2007 5:58:09 AM, AllocationSize: 4,497,408, EndOfFile: 4,496,128, FileAttributes: A"
"11206","6:05:15.0279950 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\nv4_disp.dll","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"11208","6:05:15.0281302 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\nv4_disp.dll","SUCCESS","IndexNumber: 0x158a00000000158a"
"11215","6:05:15.0282412 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\nv4_disp.dll","SUCCESS",""
"11217","6:05:15.0283822 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\ole32.dll","SUCCESS","CreationTime: 8/16/2005 4:18:32 AM, LastAccessTime: 6/5/2007 6:05:04 AM, LastWriteTime: 7/25/2005 11:39:48 PM, ChangeTime: 4/10/2007 9:36:29 AM, AllocationSize: 1,286,144, EndOfFile: 1,285,120, FileAttributes: A"
"11218","6:05:15.0285423 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\ole32.dll","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"11221","6:05:15.0286691 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\ole32.dll","SUCCESS","IndexNumber: 0x3000000005c4d"
"11222","6:05:15.0287784 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\ole32.dll","SUCCESS",""
"11228","6:05:15.0289547 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\oleaut32.dll","SUCCESS","CreationTime: 8/16/2005 4:18:32 AM, LastAccessTime: 6/5/2007 6:05:04 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:10 AM, AllocationSize: 557,056, EndOfFile: 553,472, FileAttributes: A"
"11230","6:05:15.0291237 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\oleaut32.dll","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"11236","6:05:15.0292346 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\oleaut32.dll","SUCCESS","IndexNumber: 0x122b00000000122b"
"11237","6:05:15.0294025 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\oleaut32.dll","SUCCESS",""
"11241","6:05:15.0295804 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\riched20.dll","SUCCESS","CreationTime: 8/16/2005 4:18:34 AM, LastAccessTime: 6/5/2007 6:05:04 AM, LastWriteTime: 11/27/2006 9:54:06 AM, ChangeTime: 4/10/2007 9:36:29 AM, AllocationSize: 434,176, EndOfFile: 433,152, FileAttributes: A"
"11244","6:05:15.0297539 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\riched20.dll","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"11247","6:05:15.0299310 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\riched20.dll","SUCCESS","IndexNumber: 0x200000000ef68"
"11249","6:05:15.0300961 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\riched20.dll","SUCCESS",""
"11256","6:05:15.0302660 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\riched32.dll","SUCCESS","CreationTime: 8/16/2005 4:18:34 AM, LastAccessTime: 6/5/2007 6:05:04 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:10 AM, AllocationSize: 4,096, EndOfFile: 3,584, FileAttributes: A"
"11259","6:05:15.0304210 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\riched32.dll","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"11260","6:05:15.0306096 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\riched32.dll","SUCCESS","IndexNumber: 0x1166000000001166"
"11265","6:05:15.0307303 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\riched32.dll","SUCCESS",""
"11269","6:05:15.0309367 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\rpcrt4.dll","SUCCESS","CreationTime: 8/16/2005 4:18:34 AM, LastAccessTime: 6/5/2007 6:05:04 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:10 AM, AllocationSize: 581,632, EndOfFile: 581,120, FileAttributes: A"
"11276","6:05:15.0314329 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\rpcrt4.dll","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"11286","6:05:15.0319651 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\rpcrt4.dll","SUCCESS","IndexNumber: 0x122c00000000122c"
"11287","6:05:15.0320615 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\rpcrt4.dll","SUCCESS",""
"11289","6:05:15.0321984 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\rpcss.dll","SUCCESS","CreationTime: 8/16/2005 4:18:34 AM, LastAccessTime: 6/5/2007 6:05:04 AM, LastWriteTime: 7/25/2005 11:39:49 PM, ChangeTime: 4/10/2007 9:36:29 AM, AllocationSize: 401,408, EndOfFile: 397,824, FileAttributes: A"
"11290","6:05:15.0323277 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\rpcss.dll","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"11291","6:05:15.0324316 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\rpcss.dll","SUCCESS","IndexNumber: 0x3000000005c45"
"11292","6:05:15.0325238 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\rpcss.dll","SUCCESS",""
"11294","6:05:15.0327887 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\setupapi.dll","SUCCESS","CreationTime: 8/16/2005 4:18:36 AM, LastAccessTime: 6/5/2007 6:05:05 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:10 AM, AllocationSize: 987,136, EndOfFile: 983,552, FileAttributes: A"
"11295","6:05:15.0329554 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\setupapi.dll","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"11296","6:05:15.0330605 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\setupapi.dll","SUCCESS","IndexNumber: 0x1254000000001254"
"11297","6:05:15.0331563 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\setupapi.dll","SUCCESS",""
"11299","6:05:15.0332943 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\shdocvw.dll","SUCCESS","CreationTime: 8/16/2005 4:18:36 AM, LastAccessTime: 6/5/2007 6:02:57 AM, LastWriteTime: 10/23/2006 10:34:22 AM, ChangeTime: 6/3/2007 3:30:37 AM, AllocationSize: 1,499,136, EndOfFile: 1,497,600, FileAttributes: A"
"11300","6:05:15.0334206 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\shdocvw.dll","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"11301","6:05:15.0335200 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\shdocvw.dll","SUCCESS","IndexNumber: 0x2000000009078"
"11302","6:05:15.0336659 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\shdocvw.dll","SUCCESS",""
"11304","6:05:15.0338279 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\shell32.dll","SUCCESS","CreationTime: 8/16/2005 4:18:36 AM, LastAccessTime: 6/5/2007 6:05:04 AM, LastWriteTime: 12/19/2006 4:52:18 PM, ChangeTime: 6/5/2007 6:05:05 AM, AllocationSize: 8,454,144, EndOfFile: 8,453,632, FileAttributes: A"
"11305","6:05:15.0339533 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\shell32.dll","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"11306","6:05:15.0340525 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\shell32.dll","SUCCESS","IndexNumber: 0x200000000ee60"
"11307","6:05:15.0341444 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\shell32.dll","SUCCESS",""
"11309","6:05:15.0342796 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\shlwapi.dll","SUCCESS","CreationTime: 8/16/2005 4:18:36 AM, LastAccessTime: 6/5/2007 6:05:04 AM, LastWriteTime: 10/23/2006 10:34:22 AM, ChangeTime: 4/10/2007 9:36:29 AM, AllocationSize: 475,136, EndOfFile: 474,112, FileAttributes: A"
"11310","6:05:15.0344039 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\shlwapi.dll","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"11311","6:05:15.0345020 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\shlwapi.dll","SUCCESS","IndexNumber: 0x2000000009076"
"11312","6:05:15.0345939 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\shlwapi.dll","SUCCESS",""
"11315","6:05:15.0347604 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\sortkey.nls","SUCCESS","CreationTime: 8/16/2005 4:18:37 AM, LastAccessTime: 6/4/2007 8:26:28 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:10 AM, AllocationSize: 266,240, EndOfFile: 262,148, FileAttributes: A"
"11316","6:05:15.0348864 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\sortkey.nls","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"11317","6:05:15.0349850 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\sortkey.nls","SUCCESS","IndexNumber: 0x124e00000000124e"
"11318","6:05:15.0350767 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\sortkey.nls","SUCCESS",""
"11320","6:05:15.0352108 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\sorttbls.nls","SUCCESS","CreationTime: 8/16/2005 4:18:37 AM, LastAccessTime: 6/4/2007 8:26:28 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:10 AM, AllocationSize: 24,576, EndOfFile: 22,040, FileAttributes: A"
"11322","6:05:15.0353736 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\sorttbls.nls","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"11323","6:05:15.0355292 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\sorttbls.nls","SUCCESS","IndexNumber: 0x1244000000001244"
"11328","6:05:15.0356435 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\sorttbls.nls","SUCCESS",""
"11331","6:05:15.0358382 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\unicode.nls","SUCCESS","CreationTime: 8/16/2005 4:18:42 AM, LastAccessTime: 6/4/2007 8:26:34 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:11 AM, AllocationSize: 90,112, EndOfFile: 89,588, FileAttributes: A"
"11337","6:05:15.0359854 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\unicode.nls","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"11338","6:05:15.0361254 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\unicode.nls","SUCCESS","IndexNumber: 0xf99000000000f99"
"11341","6:05:15.0362352 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\unicode.nls","SUCCESS",""
"11346","6:05:15.0364148 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\user32.dll","SUCCESS","CreationTime: 8/16/2005 4:18:42 AM, LastAccessTime: 6/5/2007 6:05:04 AM, LastWriteTime: 3/8/2007 10:36:28 AM, ChangeTime: 4/10/2007 9:36:29 AM, AllocationSize: 577,536, EndOfFile: 577,536, FileAttributes: A"
"11349","6:05:15.0366389 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\user32.dll","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"11351","6:05:15.0368322 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\user32.dll","SUCCESS","IndexNumber: 0x800000000fdd9"
"11356","6:05:15.0369336 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\user32.dll","SUCCESS",""
"11360","6:05:15.0371143 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\uxtheme.dll","SUCCESS","CreationTime: 8/16/2005 4:18:42 AM, LastAccessTime: 6/5/2007 6:05:04 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:11 AM, AllocationSize: 221,184, EndOfFile: 218,624, FileAttributes: A"
"11361","6:05:15.0372814 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\uxtheme.dll","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"11366","6:05:15.0374029 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\uxtheme.dll","SUCCESS","IndexNumber: 0x127b00000000127b"
"11368","6:05:15.0375521 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\uxtheme.dll","SUCCESS",""
"11375","6:05:15.0377133 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\version.dll","SUCCESS","CreationTime: 8/16/2005 4:18:42 AM, LastAccessTime: 6/5/2007 6:05:04 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:11 AM, AllocationSize: 20,480, EndOfFile: 18,944, FileAttributes: A"
"11376","6:05:15.0378524 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\version.dll","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"11379","6:05:15.0379675 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\version.dll","SUCCESS","IndexNumber: 0x1231000000001231"
"11380","6:05:15.0381511 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\version.dll","SUCCESS",""
"11384","6:05:15.0383371 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\vsdatant.sys","SUCCESS","CreationTime: 1/17/2007 7:45:13 PM, LastAccessTime: 6/5/2007 4:50:37 AM, LastWriteTime: 8/29/2005 8:08:38 PM, ChangeTime: 3/31/2007 5:58:11 AM, AllocationSize: 368,640, EndOfFile: 368,256, FileAttributes: A"
"11388","6:05:15.0385402 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\vsdatant.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"11390","6:05:15.0387224 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\vsdatant.sys","SUCCESS","IndexNumber: 0xad000000008058"
"11394","6:05:15.0388428 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\vsdatant.sys","SUCCESS",""
"11396","6:05:15.0389811 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\watchdog.sys","SUCCESS","CreationTime: 8/16/2005 4:18:43 AM, LastAccessTime: 6/5/2007 4:50:14 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:11 AM, AllocationSize: 20,480, EndOfFile: 17,664, FileAttributes: A"
"11397","6:05:15.0391073 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\watchdog.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"11399","6:05:15.0392308 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\watchdog.sys","SUCCESS","IndexNumber: 0x123e00000000123e"
"11400","6:05:15.0393233 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\watchdog.sys","SUCCESS",""
"11402","6:05:15.0394568 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\win32k.sys","SUCCESS","CreationTime: 8/16/2005 4:18:43 AM, LastAccessTime: 6/5/2007 6:02:56 AM, LastWriteTime: 3/8/2007 8:47:48 AM, ChangeTime: 4/10/2007 9:36:29 AM, AllocationSize: 1,847,296, EndOfFile: 1,843,584, FileAttributes: A"
"11403","6:05:15.0395820 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\win32k.sys","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"11404","6:05:15.0396809 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\win32k.sys","SUCCESS","IndexNumber: 0xd00000000fdc6"
"11405","6:05:15.0397968 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\win32k.sys","SUCCESS",""
"11407","6:05:15.0399728 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\ws2help.dll","SUCCESS","CreationTime: 8/16/2005 4:18:46 AM, LastAccessTime: 6/5/2007 6:05:04 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:11 AM, AllocationSize: 20,480, EndOfFile: 19,968, FileAttributes: A"
"11409","6:05:15.0401262 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\ws2help.dll","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"11411","6:05:15.0402673 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\ws2help.dll","SUCCESS","IndexNumber: 0x124d00000000124d"
"11415","6:05:15.0403748 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\ws2help.dll","SUCCESS",""
"11419","6:05:15.0405944 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\system32\ws2_32.dll","SUCCESS","CreationTime: 8/16/2005 4:18:46 AM, LastAccessTime: 6/5/2007 6:05:04 AM, LastWriteTime: 8/10/2004 5:00:00 AM, ChangeTime: 3/31/2007 5:58:11 AM, AllocationSize: 86,016, EndOfFile: 82,944, FileAttributes: A"
"11424","6:05:15.0408970 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\ws2_32.dll","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"11427","6:05:15.0410310 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\ws2_32.dll","SUCCESS","IndexNumber: 0x124c00000000124c"
"11428","6:05:15.0411420 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\ws2_32.dll","SUCCESS",""
"11431","6:05:15.0412897 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\win.ini","SUCCESS","CreationTime: 8/16/2005 4:18:43 AM, LastAccessTime: 6/5/2007 5:59:33 AM, LastWriteTime: 5/18/2007 8:38:05 AM, ChangeTime: 5/18/2007 8:38:05 AM, AllocationSize: 4,096, EndOfFile: 815, FileAttributes: A"
"11433","6:05:15.0414643 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\win.ini","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"11435","6:05:15.0416054 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\win.ini","SUCCESS","IndexNumber: 0x28d40000000028d4"
"11438","6:05:15.0416834 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\win.ini","SUCCESS",""
"11441","6:05:15.0418068 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\WINDOWSSHELL.MANIFEST","SUCCESS","CreationTime: 8/16/2005 4:40:51 AM, LastAccessTime: 6/5/2007 6:05:04 AM, LastWriteTime: 8/16/2005 4:40:52 AM, ChangeTime: 3/31/2007 5:57:32 AM, AllocationSize: 4,096, EndOfFile: 749, FileAttributes: RHA"
"11445","6:05:15.0418934 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\WINDOWSSHELL.MANIFEST","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"11446","6:05:15.0419446 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\WindowsShell.Manifest","SUCCESS","IndexNumber: 0x3485000000003485"
"11447","6:05:15.0419884 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\WindowsShell.Manifest","SUCCESS",""
"11449","6:05:15.0421371 AM","svchost.exe","1124","QueryOpen","C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll","SUCCESS","CreationTime: 8/25/2006 8:45:56 AM, LastAccessTime: 6/5/2007 6:05:04 AM, LastWriteTime: 8/25/2006 8:45:56 AM, ChangeTime: 3/31/2007 5:58:27 AM, AllocationSize: 1,056,768, EndOfFile: 1,054,208, FileAttributes: A"
"11450","6:05:15.0422689 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"11451","6:05:15.0423706 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll","SUCCESS","IndexNumber: 0x300000000515b"
"11452","6:05:15.0424634 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll","SUCCESS",""
"11454","6:05:15.0426044 AM","svchost.exe","1124","CreateFile","C:\","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"11455","6:05:15.0426271 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\","SUCCESS","IndexNumber: 0x5000000000005"
"11456","6:05:15.0426427 AM","svchost.exe","1124","CloseFile","C:\","SUCCESS",""
"11458","6:05:15.0427036 AM","svchost.exe","1124","CreateFile","C:\DOCUMENTS AND SETTINGS","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"11459","6:05:15.0427458 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\Documents and Settings","SUCCESS","IndexNumber: 0x348f00000000348f"
"11460","6:05:15.0427620 AM","svchost.exe","1124","CloseFile","C:\Documents and Settings","SUCCESS",""
"11462","6:05:15.0428232 AM","svchost.exe","1124","CreateFile","C:\Documents and Settings\HAROLD DINSMORE","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"11463","6:05:15.0428480 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\Documents and Settings\Harold Dinsmore","SUCCESS","IndexNumber: 0x3c91000000003c90"
"11464","6:05:15.0428637 AM","svchost.exe","1124","CloseFile","C:\Documents and Settings\Harold Dinsmore","SUCCESS",""
"11466","6:05:15.0429260 AM","svchost.exe","1124","CreateFile","C:\Documents and Settings\Harold Dinsmore\MY DOCUMENTS","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"11467","6:05:15.0429525 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\Documents and Settings\Harold Dinsmore\My Documents","SUCCESS","IndexNumber: 0x3ca3000000003ca2"
"11468","6:05:15.0429698 AM","svchost.exe","1124","CloseFile","C:\Documents and Settings\Harold Dinsmore\My Documents","SUCCESS",""
"11470","6:05:15.0430321 AM","svchost.exe","1124","CreateFile","C:\Documents and Settings\Harold Dinsmore\My Documents\MY SYSTEM TOOLS","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"11471","6:05:15.0430690 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools","SUCCESS","IndexNumber: 0x20000000082c5"
"11472","6:05:15.0430891 AM","svchost.exe","1124","CloseFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools","SUCCESS",""
"11474","6:05:15.0431601 AM","svchost.exe","1124","CreateFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\PROCESS MONITOR","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"11475","6:05:15.0431889 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor","SUCCESS","IndexNumber: 0x130000000083c9"
"11476","6:05:15.0432065 AM","svchost.exe","1124","CloseFile","C:\Documents and Settings\Harold Dinsmore\My Documents\My System Tools\Process Monitor","SUCCESS",""
"11478","6:05:15.0433383 AM","svchost.exe","1124","CreateFile","C:\PROGRAM FILES","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"11479","6:05:15.0433691 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\Program Files","SUCCESS","IndexNumber: 0x3757000000003757"
"11480","6:05:15.0433861 AM","svchost.exe","1124","CloseFile","C:\Program Files","SUCCESS",""
"11482","6:05:15.0434506 AM","svchost.exe","1124","CreateFile","C:\Program Files\COMMON FILES","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"11483","6:05:15.0434774 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\Program Files\Common Files","SUCCESS","IndexNumber: 0x3758000000003758"
"11484","6:05:15.0434939 AM","svchost.exe","1124","CloseFile","C:\Program Files\Common Files","SUCCESS",""
"11486","6:05:15.0435576 AM","svchost.exe","1124","CreateFile","C:\Program Files\Common Files\ROXIO SHARED","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"11487","6:05:15.0435875 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\Program Files\Common Files\Roxio Shared","SUCCESS","IndexNumber: 0x100000000668d"
"11488","6:05:15.0436040 AM","svchost.exe","1124","CloseFile","C:\Program Files\Common Files\Roxio Shared","SUCCESS",""
"11490","6:05:15.0436990 AM","svchost.exe","1124","CreateFile","C:\WINDOWS","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"11491","6:05:15.0437493 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS","SUCCESS","IndexNumber: 0xb62000000000b62"
"11492","6:05:15.0437926 AM","svchost.exe","1124","CloseFile","C:\WINDOWS","SUCCESS",""
"11494","6:05:15.0438775 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\REGISTRATION","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"11495","6:05:15.0439286 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\Registration","SUCCESS","IndexNumber: 0x2bc8000000002bc8"
"11496","6:05:15.0439725 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\Registration","SUCCESS",""
"11498","6:05:15.0440842 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"11499","6:05:15.0441577 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32","SUCCESS","IndexNumber: 0xb63000000000b63"
"11500","6:05:15.0442242 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32","SUCCESS",""
"11502","6:05:15.0443614 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\DLA","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"11503","6:05:15.0444739 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\DLA","SUCCESS","IndexNumber: 0x10000000065a0"
"11504","6:05:15.0445659 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\DLA","SUCCESS",""
"11506","6:05:15.0447033 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\system32\drivers","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"11507","6:05:15.0448033 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\system32\drivers","SUCCESS","IndexNumber: 0xbcf000000000bcf"
"11508","6:05:15.0448947 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\system32\drivers","SUCCESS",""
"11510","6:05:15.0450033 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\WinSxS","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"11511","6:05:15.0450768 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\WinSxS","SUCCESS","IndexNumber: 0x2077000000002077"
"11512","6:05:15.0451430 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\WinSxS","SUCCESS",""
"11514","6:05:15.0452545 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\WinSxS\X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.2600.2982_X-WW_AC3F9C03","SUCCESS","Desired Access: Read EA, Read Attributes, Read Control, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"11515","6:05:15.0453324 AM","svchost.exe","1124","QueryFileInternalInformationFile","C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03","SUCCESS","IndexNumber: 0x300000000515a"
"11516","6:05:15.0454009 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03","SUCCESS",""
"11518","6:05:15.0455791 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\Prefetch\PROCMON.EXE-2C74DBFE.pf","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"11519","6:05:15.0456707 AM","svchost.exe","1124","QueryNameInformationFile","C:\WINDOWS\Prefetch\PROCMON.EXE-2C74DBFE.pf","SUCCESS","Name: \WINDOWS\Prefetch\PROCMON.EXE-2C74DBFE.pf"
"11520","6:05:15.0457448 AM","svchost.exe","1124","QueryNameInformationFile","C:\WINDOWS\Prefetch\PROCMON.EXE-2C74DBFE.pf","SUCCESS","Name: \WINDOWS\Prefetch\PROCMON.EXE-2C74DBFE.pf"
"11521","6:05:15.0458333 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\Prefetch\PROCMON.EXE-2C74DBFE.pf","SUCCESS",""
"11523","6:05:15.0458926 AM","svchost.exe","1124","CreateFile","C:\","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"11525","6:05:15.0459557 AM","svchost.exe","1124","QueryDirectory","C:\WINDOWS","SUCCESS","Filter: WINDOWS, 1: WINDOWS"
"11526","6:05:15.0460174 AM","svchost.exe","1124","CloseFile","C:\","SUCCESS",""
"11528","6:05:15.0461091 AM","svchost.exe","1124","CreateFile","C:\WINDOWS","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"11530","6:05:15.0461920 AM","svchost.exe","1124","QueryDirectory","C:\WINDOWS\PREFETCH","SUCCESS","Filter: PREFETCH, 1: Prefetch"
"11531","6:05:15.0462663 AM","svchost.exe","1124","CloseFile","C:\WINDOWS","SUCCESS",""
"11533","6:05:15.0463798 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\Prefetch","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"11535","6:05:15.0464873 AM","svchost.exe","1124","QueryDirectory","C:\WINDOWS\Prefetch\PROCMON.EXE-2C74DBFE.PF","SUCCESS","Filter: PROCMON.EXE-2C74DBFE.PF, 1: PROCMON.EXE-2C74DBFE.pf"
"11536","6:05:15.0465873 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\Prefetch","SUCCESS",""
"11538","6:05:15.0467239 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\Prefetch\PROCMON.EXE-2C74DBFE.pf","SUCCESS","Desired Access: Generic Read/Write, Disposition: OverwriteIf, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: , AllocationSize: 0, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Overwritten"
"11539","6:05:15.0468173 AM","svchost.exe","1124","CreateFile","C:\WINDOWS\Prefetch","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"11540","6:05:15.0468891 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\Prefetch","SUCCESS",""
"11543","6:05:15.0472081 AM","svchost.exe","1124","WriteFile","C:\WINDOWS\Prefetch\PROCMON.EXE-2C74DBFE.pf","SUCCESS","Offset: 0, Length: 45,850"
"11544","6:05:15.0474271 AM","svchost.exe","1124","CloseFile","C:\WINDOWS\Prefetch\PROCMON.EXE-2C74DBFE.pf","SUCCESS",""
"11610","6:05:15.0984962 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"11611","6:05:15.0985149 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"11616","6:05:15.0987476 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS","Desired Access: Read"
"11617","6:05:15.0987929 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\EnableDHCP","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"11618","6:05:15.0988068 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseObtainedTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181037018"
"11619","6:05:15.0988230 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseTerminatesTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181123418"
"11620","6:05:15.0988367 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"11621","6:05:15.0988496 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"11622","6:05:15.0988728 AM","Explorer.EXE","1696","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS",""
"11623","6:05:15.0989923 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"11624","6:05:15.0990032 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"11629","6:05:15.0992133 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS","Desired Access: Read"
"11630","6:05:15.0992432 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\EnableDHCP","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"11631","6:05:15.0992566 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseObtainedTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181037018"
"11632","6:05:15.0992695 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseTerminatesTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181123418"
"11633","6:05:15.0992826 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"11634","6:05:15.0992949 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"11635","6:05:15.0993125 AM","Explorer.EXE","1696","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS",""
"11637","6:05:15.0994337 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS","Desired Access: Query Value"
"11638","6:05:15.0994622 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\AddressType","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"11639","6:05:15.0994812 AM","Explorer.EXE","1696","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS",""
"12529","6:05:16.0987398 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"12530","6:05:16.0987680 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"12535","6:05:16.0992256 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS","Desired Access: Read"
"12536","6:05:16.0993175 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\EnableDHCP","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12537","6:05:16.0993488 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseObtainedTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181037018"
"12538","6:05:16.0993748 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseTerminatesTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181123418"
"12539","6:05:16.0993980 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"12540","6:05:16.0994217 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"12541","6:05:16.0994642 AM","Explorer.EXE","1696","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS",""
"12542","6:05:16.0998097 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"12543","6:05:16.0998301 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"12548","6:05:16.1002414 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS","Desired Access: Read"
"12549","6:05:16.1003545 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\EnableDHCP","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12550","6:05:16.1003785 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseObtainedTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181037018"
"12551","6:05:16.1004014 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseTerminatesTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181123418"
"12552","6:05:16.1004238 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"12553","6:05:16.1004450 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"12554","6:05:16.1004760 AM","Explorer.EXE","1696","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS",""
"12555","6:05:16.1006274 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS","Desired Access: Query Value"
"12556","6:05:16.1006769 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\AddressType","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12557","6:05:16.1007079 AM","Explorer.EXE","1696","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS",""
"12562","6:05:17.0989823 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"12563","6:05:17.0990119 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"12568","6:05:17.0994516 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS","Desired Access: Read"
"12569","6:05:17.0995326 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\EnableDHCP","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12570","6:05:17.0995617 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseObtainedTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181037018"
"12571","6:05:17.0995874 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseTerminatesTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181123418"
"12572","6:05:17.0996106 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"12573","6:05:17.0996329 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"12574","6:05:17.0996720 AM","Explorer.EXE","1696","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS",""
"12575","6:05:17.0999248 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"12576","6:05:17.0999450 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"12581","6:05:17.1003506 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS","Desired Access: Read"
"12582","6:05:17.1004031 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\EnableDHCP","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12583","6:05:17.1004263 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseObtainedTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181037018"
"12584","6:05:17.1004934 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseTerminatesTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181123418"
"12585","6:05:17.1005151 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"12586","6:05:17.1005367 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"12587","6:05:17.1005663 AM","Explorer.EXE","1696","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS",""
"12588","6:05:17.1007085 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS","Desired Access: Query Value"
"12589","6:05:17.1007576 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\AddressType","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12590","6:05:17.1007886 AM","Explorer.EXE","1696","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS",""
"12591","6:05:18.0988549 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"12592","6:05:18.0988839 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"12597","6:05:18.0992644 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS","Desired Access: Read"
"12598","6:05:18.0993376 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\EnableDHCP","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12599","6:05:18.0993619 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseObtainedTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181037018"
"12600","6:05:18.0993879 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseTerminatesTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181123418"
"12601","6:05:18.0994114 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"12602","6:05:18.0994334 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"12603","6:05:18.0994726 AM","Explorer.EXE","1696","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS",""
"12604","6:05:18.0996927 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"12605","6:05:18.0997111 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"12610","6:05:18.1000911 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS","Desired Access: Read"
"12611","6:05:18.1001441 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\EnableDHCP","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12612","6:05:18.1001671 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseObtainedTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181037018"
"12613","6:05:18.1001891 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseTerminatesTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181123418"
"12614","6:05:18.1002112 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"12615","6:05:18.1002324 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"12616","6:05:18.1002626 AM","Explorer.EXE","1696","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS",""
"12617","6:05:18.1004081 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS","Desired Access: Query Value"
"12618","6:05:18.1004551 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\AddressType","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12619","6:05:18.1004855 AM","Explorer.EXE","1696","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS",""
"12620","6:05:19.0989923 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"12621","6:05:19.0990211 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"12626","6:05:19.0994301 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS","Desired Access: Read"
"12627","6:05:19.0995024 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\EnableDHCP","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12628","6:05:19.0995270 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseObtainedTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181037018"
"12629","6:05:19.0995530 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseTerminatesTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181123418"
"12630","6:05:19.0995759 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"12631","6:05:19.0995980 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"12632","6:05:19.0996371 AM","Explorer.EXE","1696","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS",""
"12633","6:05:19.0998598 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"12634","6:05:19.0998785 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"12639","6:05:19.1002640 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS","Desired Access: Read"
"12640","6:05:19.1003160 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\EnableDHCP","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12641","6:05:19.1003386 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseObtainedTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181037018"
"12642","6:05:19.1003607 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseTerminatesTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181123418"
"12643","6:05:19.1003824 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"12644","6:05:19.1004040 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"12645","6:05:19.1004333 AM","Explorer.EXE","1696","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS",""
"12646","6:05:19.1005735 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS","Desired Access: Query Value"
"12647","6:05:19.1006219 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\AddressType","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12648","6:05:19.1006529 AM","Explorer.EXE","1696","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS",""
"12655","6:05:20.0989074 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"12656","6:05:20.0989356 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"12661","6:05:20.0993203 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS","Desired Access: Read"
"12662","6:05:20.0993924 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\EnableDHCP","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12663","6:05:20.0994172 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseObtainedTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181037018"
"12664","6:05:20.0994427 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseTerminatesTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181123418"
"12665","6:05:20.0994656 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"12666","6:05:20.0994879 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"12667","6:05:20.0995265 AM","Explorer.EXE","1696","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS",""
"12668","6:05:20.0997497 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"12669","6:05:20.0997684 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"12674","6:05:20.1000989 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS","Desired Access: Read"
"12675","6:05:20.1001506 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\EnableDHCP","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12676","6:05:20.1001729 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseObtainedTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181037018"
"12677","6:05:20.1001955 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseTerminatesTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181123418"
"12678","6:05:20.1002171 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"12679","6:05:20.1002386 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"12680","6:05:20.1002682 AM","Explorer.EXE","1696","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS",""
"12681","6:05:20.1004028 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS","Desired Access: Query Value"
"12682","6:05:20.1004503 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\AddressType","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12683","6:05:20.1004802 AM","Explorer.EXE","1696","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS",""
"12685","6:05:21.0990784 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"12686","6:05:21.0991085 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"12691","6:05:21.0994977 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS","Desired Access: Read"
"12692","6:05:21.0995714 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\EnableDHCP","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12693","6:05:21.0995960 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseObtainedTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181037018"
"12694","6:05:21.0996220 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseTerminatesTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181123418"
"12695","6:05:21.0996452 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"12696","6:05:21.0996675 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"12697","6:05:21.0997064 AM","Explorer.EXE","1696","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS",""
"12698","6:05:21.1000176 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"12699","6:05:21.1000369 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"12704","6:05:21.1003269 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS","Desired Access: Read"
"12705","6:05:21.1003788 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\EnableDHCP","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12706","6:05:21.1004017 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseObtainedTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181037018"
"12707","6:05:21.1004241 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseTerminatesTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181123418"
"12708","6:05:21.1004459 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"12709","6:05:21.1004671 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"12710","6:05:21.1004967 AM","Explorer.EXE","1696","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS",""
"12711","6:05:21.1006369 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS","Desired Access: Query Value"
"12712","6:05:21.1006842 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\AddressType","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12713","6:05:21.1007143 AM","Explorer.EXE","1696","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS",""
"12715","6:05:22.0990527 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"12716","6:05:22.0990817 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"12721","6:05:22.0995376 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS","Desired Access: Read"
"12722","6:05:22.0996270 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\EnableDHCP","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12723","6:05:22.0996561 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseObtainedTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181037018"
"12724","6:05:22.0996818 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseTerminatesTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181123418"
"12725","6:05:22.0997044 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"12726","6:05:22.0997276 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"12727","6:05:22.0998441 AM","Explorer.EXE","1696","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS",""
"12728","6:05:22.1001791 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"12729","6:05:22.1001989 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"12734","6:05:22.1005151 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS","Desired Access: Read"
"12735","6:05:22.1005679 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\EnableDHCP","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12736","6:05:22.1005906 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseObtainedTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181037018"
"12737","6:05:22.1006129 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseTerminatesTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181123418"
"12738","6:05:22.1006347 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"12739","6:05:22.1006557 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"12740","6:05:22.1006853 AM","Explorer.EXE","1696","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS",""
"12741","6:05:22.1008244 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS","Desired Access: Query Value"
"12742","6:05:22.1008719 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\AddressType","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12743","6:05:22.1009023 AM","Explorer.EXE","1696","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS",""
"12745","6:05:23.0991440 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"12746","6:05:23.0991734 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"12751","6:05:23.0995594 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS","Desired Access: Read"
"12752","6:05:23.0996318 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\EnableDHCP","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12753","6:05:23.0996558 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseObtainedTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181037018"
"12754","6:05:23.0997586 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseTerminatesTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181123418"
"12755","6:05:23.0997838 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"12756","6:05:23.0998067 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"12757","6:05:23.0998452 AM","Explorer.EXE","1696","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS",""
"12758","6:05:23.1000760 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"12759","6:05:23.1000947 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"12764","6:05:23.1004020 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS","Desired Access: Read"
"12765","6:05:23.1004559 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\EnableDHCP","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12766","6:05:23.1004788 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseObtainedTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181037018"
"12767","6:05:23.1005023 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseTerminatesTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181123418"
"12768","6:05:23.1005249 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"12769","6:05:23.1005467 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"12770","6:05:23.1005766 AM","Explorer.EXE","1696","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS",""
"12771","6:05:23.1007149 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS","Desired Access: Query Value"
"12772","6:05:23.1007632 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\AddressType","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12773","6:05:23.1007942 AM","Explorer.EXE","1696","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS",""
"12777","6:05:24.0991767 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"12778","6:05:24.0992060 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"12783","6:05:24.0997167 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS","Desired Access: Read"
"12784","6:05:24.0998008 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\EnableDHCP","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12785","6:05:24.0998301 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseObtainedTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181037018"
"12786","6:05:24.0998561 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseTerminatesTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181123418"
"12787","6:05:24.0998790 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"12788","6:05:24.0999031 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"12789","6:05:24.0999438 AM","Explorer.EXE","1696","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS",""
"12790","6:05:24.1002774 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"12791","6:05:24.1002975 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"12796","6:05:24.1006411 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS","Desired Access: Read"
"12797","6:05:24.1006925 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\EnableDHCP","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12798","6:05:24.1007146 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseObtainedTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181037018"
"12799","6:05:24.1007367 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseTerminatesTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181123418"
"12800","6:05:24.1007585 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"12801","6:05:24.1007800 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"12802","6:05:24.1008088 AM","Explorer.EXE","1696","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS",""
"12803","6:05:24.1009510 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS","Desired Access: Query Value"
"12804","6:05:24.1009979 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\AddressType","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12805","6:05:24.1010283 AM","Explorer.EXE","1696","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS",""
"12811","6:05:25.0992600 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"12812","6:05:25.0992882 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"12817","6:05:25.0996804 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS","Desired Access: Read"
"12818","6:05:25.0997533 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\EnableDHCP","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12819","6:05:25.0997776 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseObtainedTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181037018"
"12820","6:05:25.0998039 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseTerminatesTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181123418"
"12821","6:05:25.0998271 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"12822","6:05:25.0998489 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"12823","6:05:25.0998871 AM","Explorer.EXE","1696","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS",""
"12824","6:05:25.1001123 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"12825","6:05:25.1001305 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Linkage\Bind","SUCCESS","Type: REG_MULTI_SZ, Length: 132, Data: \Device\{134021A1-93A7-43BF-A737-7F559CB535F5}, \Device\NdisWanIp"
"12830","6:05:25.1004235 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS","Desired Access: Read"
"12831","6:05:25.1004749 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\EnableDHCP","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1"
"12832","6:05:25.1004973 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseObtainedTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181037018"
"12833","6:05:25.1005196 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\LeaseTerminatesTime","SUCCESS","Type: REG_DWORD, Length: 4, Data: 1181123418"
"12834","6:05:25.1005411 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"12835","6:05:25.1005621 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\DhcpServer","SUCCESS","Type: REG_SZ, Length: 24, Data: 192.168.1.1"
"12836","6:05:25.1005909 AM","Explorer.EXE","1696","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS",""
"12837","6:05:25.1007263 AM","Explorer.EXE","1696","RegOpenKey","HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS","Desired Access: Query Value"
"12838","6:05:25.1007741 AM","Explorer.EXE","1696","RegQueryValue","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}\AddressType","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"12839","6:05:25.1008048 AM","Explorer.EXE","1696","RegCloseKey","HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{134021A1-93A7-43BF-A737-7F559CB535F5}","SUCCESS",""
.