Turn off my computer...

[Guest]

When i go to Start menu > Turn Off Computer... , it begins to load and take
like 5 to 10 minutes to show me the options to restart, turn off and stand
by.... i dont know why its doing this, im tired of waiting to turn of my
computer...

 

[Guest]

When i go to Start menu > Turn Off Computer... , it begins to load and take
like 5 to 10 minutes to show me the options to restart, turn off and stand
by.... i dont know why its doing this, im tired of waiting to turn of my
computer...

Download FileMon or Process Monitor and see what running in the background,
you need to scan your system for viruses and malwares if you have softwares
up2date.
FileMon for Windows v7.04
By Mark Russinovich and Bryce Cogswell
http://www.microsoft.com/technet/sysinternals/utilities/filemon.mspx
Process Monitor v1.1
By Mark Russinovich and Bryce Cogswel
http://www.microsoft.com/technet/sysinternals/processesandthreads/processmonitor.mspx

 

[Guest]

the program get freezed when i try to turn off my computer, and when i go to
check the log of the program, it shows several actions that happened during
the loading... im not a technician, i dont know what are all of those files
..dll, is there another option easier ?? can i download some files and put
them in the windows folder, so it will fix my problem ?

 

[Guest]

If you can copy the log and post it in your next message may be we can help?.
Did you tried Both?
HTH.
nass

 

[Guest]

alright here is everything that happens between i press turn off computer
until i cancel de pop that appears to turn it off.... its too long, so i will
put it in 3 or 4 posts....
5:26:47 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\system32\SHELL32.dll SUCCESS Attributes: A
5:26:49 PM explorer.exe:1984 OPEN C:\Documents and Settings\Alex\Application
Data\Microsoft\Internet Explorer\Quick Launch SUCCESS Options: Open Access:
00100080
5:26:49 PM explorer.exe:1984 QUERY INFORMATION C:\Documents and
Settings\Alex\Application Data\Microsoft\Internet Explorer\Quick
Launch BUFFER OVERFLOW FileFsVolumeInformation
5:26:49 PM explorer.exe:1984 QUERY INFORMATION C:\Documents and
Settings\Alex\Application Data\Microsoft\Internet Explorer\Quick
Launch BUFFER OVERFLOW FileAllInformation
5:26:49 PM explorer.exe:1984 QUERY INFORMATION C:\Documents and
Settings\Alex\Application Data\Microsoft\Internet Explorer\Quick
Launch SUCCESS FileFsObjectIdInformation
5:26:49 PM explorer.exe:1984 OPEN C:\Documents and Settings\Alex\Application
Data\Microsoft\Internet Explorer IS DIRECTORY Options: Open Access: 00100080
5:26:49 PM explorer.exe:1984 OPEN C:\Documents and Settings\Alex\Application
Data\Microsoft\Internet Explorer\ SUCCESS Options: Open Access: 00100080
5:26:49 PM explorer.exe:1984 CLOSE C:\Documents and
Settings\Alex\Application Data\Microsoft\Internet Explorer\ SUCCESS
5:26:49 PM explorer.exe:1984 OPEN C:\Documents and Settings\Alex\Application
Data\Microsoft\Internet Explorer SUCCESS Options: Open Access: 00100080
5:26:49 PM explorer.exe:1984 CLOSE C:\Documents and
Settings\Alex\Application Data\Microsoft\Internet Explorer SUCCESS
5:26:49 PM explorer.exe:1984 CLOSE C:\Documents and
Settings\Alex\Application Data\Microsoft\Internet Explorer\Quick
Launch SUCCESS
5:26:49 PM explorer.exe:1984 OPEN C:\ SUCCESS Options: Open Directory
Access: 00100001
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION C:\ SUCCESS FileNameInformation
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION C:\ SUCCESS FileFsVolumeInformation
5:26:49 PM explorer.exe:1984 CLOSE C:\ SUCCESS
5:26:49 PM explorer.exe:1984 QUERY INFORMATION C:\ SUCCESS Attributes: DHSA
5:26:49
PM explorer.exe:1984 OPEN C:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Options: OpenIf Access: 0012019F
5:26:49
PM explorer.exe:1984 OPEN C:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Options: Open Access: 00100001
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION C:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS FileInternalInformation
5:26:49
PM explorer.exe:1984 CLOSE C:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS
5:26:49 PM explorer.exe:1984 READ
C:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Offset: 0 Length: 20
5:26:49 PM explorer.exe:1984 QUERY INFORMATION C:\ SUCCESS Attributes: DHSA
5:26:49
PM explorer.exe:1984 OPEN C:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS Options: Open Directory Access: 00100001
5:26:49
PM explorer.exe:1984 DIRECTORY C:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS FileBothDirectoryInformation: D*"*
5:26:49
PM explorer.exe:1984 DIRECTORY C:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ NO MORE FILES FileBothDirectoryInformation
5:26:49
PM explorer.exe:1984 CLOSE C:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS
5:26:49 PM explorer.exe:1984 WRITE
C:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Offset: 0 Length: 20
5:26:49
PM explorer.exe:1984 READ C:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 END OF FILE Offset: 20 Length: 800
5:26:49
PM explorer.exe:1984 CLOSE C:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS
5:26:49 PM explorer.exe:1984 QUERY INFORMATION C:\ SUCCESS Attributes: DHSA
5:26:49 PM explorer.exe:1984 OPEN D:\ SUCCESS Options: Open Directory
Access: 00100001
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION D:\ SUCCESS FileNameInformation
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION D:\ SUCCESS FileFsVolumeInformation
5:26:49 PM explorer.exe:1984 CLOSE D:\ SUCCESS
5:26:49 PM explorer.exe:1984 QUERY INFORMATION D:\ SUCCESS Attributes: DHSA
5:26:49
PM explorer.exe:1984 OPEN D:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Options: OpenIf Access: 0012019F
5:26:49
PM explorer.exe:1984 OPEN D:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Options: Open Access: 00100001
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION D:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS FileInternalInformation
5:26:49
PM explorer.exe:1984 CLOSE D:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS
5:26:49 PM explorer.exe:1984 READ
D:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Offset: 0 Length: 20
5:26:49 PM explorer.exe:1984 QUERY INFORMATION D:\ SUCCESS Attributes: DHSA
5:26:49
PM explorer.exe:1984 OPEN D:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS Options: Open Directory Access: 00100001
5:26:49
PM explorer.exe:1984 DIRECTORY D:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS FileBothDirectoryInformation: D*"*
5:26:49
PM explorer.exe:1984 DIRECTORY D:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ NO MORE FILES FileBothDirectoryInformation
5:26:49
PM explorer.exe:1984 CLOSE D:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS
5:26:49
PM explorer.exe:1984 WRITE D:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Offset: 0 Length: 20
5:26:49
PM explorer.exe:1984 READ D:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 END OF FILE Offset: 20 Length: 800
5:26:49
PM explorer.exe:1984 CLOSE D:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS
5:26:49 PM explorer.exe:1984 QUERY INFORMATION D:\ SUCCESS Attributes: DHSA
5:26:49 PM explorer.exe:1984 OPEN E:\ SUCCESS Options: Open Directory
Access: 00100001
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION E:\ SUCCESS FileNameInformation
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION E:\ SUCCESS FileFsVolumeInformation
5:26:49 PM explorer.exe:1984 CLOSE E:\ SUCCESS
5:26:49 PM explorer.exe:1984 QUERY INFORMATION E:\ SUCCESS Attributes: DHSA
5:26:49
PM explorer.exe:1984 OPEN E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Options: OpenIf Access: 0012019F
5:26:49
PM explorer.exe:1984 OPEN E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Options: Open Access: 00100001
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS FileInternalInformation
5:26:49
PM explorer.exe:1984 CLOSE E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS
5:26:49 PM explorer.exe:1984 READ
E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Offset: 0 Length: 20
5:26:49 PM explorer.exe:1984 QUERY INFORMATION E:\ SUCCESS Attributes: DHSA
5:26:49
PM explorer.exe:1984 OPEN E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS Options: Open Directory Access: 00100001
5:26:49
PM explorer.exe:1984 DIRECTORY E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS FileBothDirectoryInformation: D*"*
5:26:49
PM explorer.exe:1984 OPEN E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\De134.AC3[Eng]-aXXo IS DIRECTORY Options: Open Access: 00100080
5:26:49
PM explorer.exe:1984 OPEN E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\De134.AC3[Eng]-aXXo\ SUCCESS Options: Open Access: 00100080
5:26:49
PM explorer.exe:1984 CLOSE E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\De134.AC3[Eng]-aXXo\ SUCCESS
5:26:49
PM explorer.exe:1984 OPEN E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\De134.AC3[Eng]-aXXo SUCCESS Options: Open Access: 00100080
5:26:49
PM explorer.exe:1984 CLOSE E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\De134.AC3[Eng]-aXXo SUCCESS
5:26:49
PM explorer.exe:1984 OPEN E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\De134.AC3[Eng]-aXXo SUCCESS Options: Open Access: 00100080
5:26:49
PM explorer.exe:1984 CLOSE E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\De134.AC3[Eng]-aXXo SUCCESS
5:26:49
PM explorer.exe:1984 OPEN E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\De134.AC3[Eng]-aXXo\ SUCCESS Options: Open Access: 00100080
5:26:49
PM explorer.exe:1984 CLOSE E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\De134.AC3[Eng]-aXXo\ SUCCESS
5:26:49
PM explorer.exe:1984 OPEN E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003 IS DIRECTORY Options: Open Access: 00100080
5:26:49
PM explorer.exe:1984 OPEN E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS Options: Open Access: 00100080
5:26:49
PM explorer.exe:1984 CLOSE E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS
5:26:49
PM explorer.exe:1984 OPEN E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003 SUCCESS Options: Open Access: 00100080
5:26:49
PM explorer.exe:1984 CLOSE E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003 SUCCESS
5:26:49
PM explorer.exe:1984 OPEN E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003 SUCCESS Options: Open Access: 00100080
5:26:49
PM explorer.exe:1984 CLOSE E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003 SUCCESS
5:26:49
PM explorer.exe:1984 OPEN E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS Options: Open Access: 00100080
5:26:49
PM explorer.exe:1984 CLOSE E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS
5:26:49 PM explorer.exe:1984 OPEN E:\RECYCLER IS DIRECTORY Options: Open
Access: 00100080
5:26:49 PM explorer.exe:1984 OPEN E:\RECYCLER\ SUCCESS Options: Open
Access: 00100080
5:26:49 PM explorer.exe:1984 CLOSE E:\RECYCLER\ SUCCESS
5:26:49 PM explorer.exe:1984 OPEN E:\RECYCLER SUCCESS Options: Open Access:
00100080
5:26:49 PM explorer.exe:1984 CLOSE E:\RECYCLER SUCCESS
5:26:49 PM explorer.exe:1984 OPEN E:\RECYCLER SUCCESS Options: Open Access:
00100080
5:26:49 PM explorer.exe:1984 CLOSE E:\RECYCLER SUCCESS
5:26:49 PM explorer.exe:1984 OPEN E:\RECYCLER\ SUCCESS Options: Open
Access: 00100080
5:26:49 PM explorer.exe:1984 CLOSE E:\RECYCLER\ SUCCESS
5:26:49 PM explorer.exe:1984 OPEN E:\ SUCCESS Options: Open Directory
Access: 00100001
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION E:\ SUCCESS FileFsSizeInformation
5:26:49 PM explorer.exe:1984 CLOSE E:\ SUCCESS
5:26:49
PM explorer.exe:1984 OPEN E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS Options: Open Directory Access: 00100001
5:26:49
PM explorer.exe:1984 DIRECTORY E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS FileBothDirectoryInformation: De134.AC3[Eng]-aXXo
5:26:49
PM explorer.exe:1984 CLOSE E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS
5:26:49
PM explorer.exe:1984 OPEN E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\De134.AC3[Eng]-aXXo\ SUCCESS Options: Open Directory Access: 00100001
5:26:49
PM explorer.exe:1984 DIRECTORY E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\De134.AC3[Eng]-aXXo\ SUCCESS FileBothDirectoryInformation: *
5:26:49
PM explorer.exe:1984 DIRECTORY E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\De134.AC3[Eng]-aXXo\ SUCCESS FileBothDirectoryInformation
5:26:49
PM explorer.exe:1984 DIRECTORY E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\De134.AC3[Eng]-aXXo\ NO MORE FILES FileBothDirectoryInformation
5:26:49
PM explorer.exe:1984 CLOSE E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\De134.AC3[Eng]-aXXo\ SUCCESS
5:26:49
PM explorer.exe:1984 DIRECTORY E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS FileBothDirectoryInformation
5:26:49
PM explorer.exe:1984 OPEN E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS Options: Open Directory Access: 00100001
5:26:49
PM explorer.exe:1984 DIRECTORY E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS FileBothDirectoryInformation:
De135.World[2006]DvDrip[Eng]-aXXo
5:26:49
PM explorer.exe:1984 CLOSE E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS
5:26:49
PM explorer.exe:1984 OPEN E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\De135.World[2006]DvDrip[Eng]-aXXo\ SUCCESS Options:
Open Directory Access: 00100001
5:26:49
PM explorer.exe:1984 DIRECTORY E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\De135.World[2006]DvDrip[Eng]-aXXo\ SUCCESS FileBothDirectoryInformation: *
5:26:49
PM explorer.exe:1984 DIRECTORY E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\De135.World[2006]DvDrip[Eng]-aXXo\ SUCCESS FileBothDirectoryInformation
5:26:49
PM explorer.exe:1984 DIRECTORY E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\De135.World[2006]DvDrip[Eng]-aXXo\ NO
MORE FILES FileBothDirectoryInformation
5:26:49
PM explorer.exe:1984 CLOSE E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\De135.World[2006]DvDrip[Eng]-aXXo\ SUCCESS
5:26:49
PM explorer.exe:1984 OPEN E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS Options: Open Directory Access: 00100001
5:26:49
PM explorer.exe:1984 DIRECTORY E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS FileBothDirectoryInformation: De136.AC3[Eng]-aXXo
5:26:49
PM explorer.exe:1984 CLOSE E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS
5:26:49
PM explorer.exe:1984 OPEN E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\De136.AC3[Eng]-aXXo\ SUCCESS Options: Open Directory Access: 00100001
5:26:49
PM explorer.exe:1984 DIRECTORY E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\De136.AC3[Eng]-aXXo\ SUCCESS FileBothDirectoryInformation: *
5:26:49
PM explorer.exe:1984 DIRECTORY E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\De136.AC3[Eng]-aXXo\ SUCCESS FileBothDirectoryInformation
5:26:49
PM explorer.exe:1984 DIRECTORY E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\De136.AC3[Eng]-aXXo\ NO MORE FILES FileBothDirectoryInformation
5:26:49
PM explorer.exe:1984 CLOSE E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\De136.AC3[Eng]-aXXo\ SUCCESS
5:26:49
PM explorer.exe:1984 OPEN E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS Options: Open Directory Access: 00100001
5:26:49
PM explorer.exe:1984 DIRECTORY E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS FileBothDirectoryInformation: De137.AC3[Eng]-aXXo
5:26:49
PM explorer.exe:1984 CLOSE E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS
5:26:49
PM explorer.exe:1984 OPEN E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\De137.AC3[Eng]-aXXo\ SUCCESS Options: Open Directory Access: 00100001
5:26:49
PM explorer.exe:1984 DIRECTORY E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\De137.AC3[Eng]-aXXo\ SUCCESS FileBothDirectoryInformation: *
5:26:49
PM explorer.exe:1984 DIRECTORY E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\De137.AC3[Eng]-aXXo\ SUCCESS FileBothDirectoryInformation
5:26:49
PM explorer.exe:1984 DIRECTORY E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\De137.AC3[Eng]-aXXo\ NO MORE FILES FileBothDirectoryInformation
5:26:49
PM explorer.exe:1984 CLOSE E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\De137.AC3[Eng]-aXXo\ SUCCESS
5:26:49
PM explorer.exe:1984 DIRECTORY E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ NO MORE FILES FileBothDirectoryInformation
5:26:49
PM explorer.exe:1984 CLOSE E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS
5:26:49
PM explorer.exe:1984 WRITE E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Offset: 0 Length: 20
5:26:49
PM explorer.exe:1984 READ E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Offset: 20 Length: 800
5:26:49
PM explorer.exe:1984 READ E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Offset: 820 Length: 800
5:26:49
PM explorer.exe:1984 READ E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Offset: 1620 Length: 800
5:26:49
PM explorer.exe:1984 READ E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Offset: 2420 Length: 800
5:26:49
PM explorer.exe:1984 READ E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Offset: 3220 Length: 800
5:26:49
PM explorer.exe:1984 READ E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Offset: 4020 Length: 800
5:26:49
PM explorer.exe:1984 READ E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Offset: 4820 Length: 800
5:26:49
PM explorer.exe:1984 READ E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Offset: 5620 Length: 800
5:26:49
PM explorer.exe:1984 READ E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Offset: 6420 Length: 800
5:26:49
PM explorer.exe:1984 READ E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Offset: 7220 Length: 800
5:26:49
PM explorer.exe:1984 READ E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Offset: 8020 Length: 800
5:26:49
PM explorer.exe:1984 READ E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Offset: 8820 Length: 800
5:26:49
PM explorer.exe:1984 READ E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Offset: 9620 Length: 800
5:26:49
PM explorer.exe:1984 READ E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Offset: 10420 Length: 800
5:26:49
PM explorer.exe:1984 READ E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Offset: 11220 Length: 800
5:26:49
PM explorer.exe:1984 READ E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Offset: 12020 Length: 800
5:26:49
PM explorer.exe:1984 READ E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Offset: 12820 Length: 800
5:26:49
PM explorer.exe:1984 READ E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Offset: 13620 Length: 800
5:26:49
PM explorer.exe:1984 READ E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Offset: 14420 Length: 800
5:26:49
PM explorer.exe:1984 READ E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Offset: 15220 Length: 800
5:26:49
PM explorer.exe:1984 READ E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Offset: 16020 Length: 800
5:26:49
PM explorer.exe:1984 READ E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Offset: 16820 Length: 800
5:26:49
PM explorer.exe:1984 READ E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Offset: 17620 Length: 800
5:26:49
PM explorer.exe:1984 READ E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Offset: 18420 Length: 800
5:26:49
PM explorer.exe:1984 READ E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Offset: 19220 Length: 800
5:26:49
PM explorer.exe:1984 READ E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Offset: 20020 Length: 800
5:26:49
PM explorer.exe:1984 READ E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Offset: 20820 Length: 800
5:26:49 PM explorer.exe:1984 QUERY INFORMATION E:\ SUCCESS Attributes: DHSA
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\De134.AC3[Eng]-aXXo SUCCESS Attributes: D
5:26:49
PM explorer.exe:1984 READ E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Offset: 21620 Length: 800
5:26:49 PM explorer.exe:1984 QUERY INFORMATION E:\ SUCCESS Attributes: DHSA
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\De135.World[2006]DvDrip[Eng]-aXXo SUCCESS Attributes: D
5:26:49
PM explorer.exe:1984 READ E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Offset: 22420 Length: 800
5:26:49 PM explorer.exe:1984 QUERY INFORMATION E:\ SUCCESS Attributes: DHSA
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\De136.AC3[Eng]-aXXo SUCCESS Attributes: D
5:26:49
PM explorer.exe:1984 READ E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Offset: 23220 Length: 800
5:26:49 PM explorer.exe:1984 QUERY INFORMATION E:\ SUCCESS Attributes: DHSA
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\De137.AC3[Eng]-aXXo SUCCESS Attributes: D
5:26:49
PM explorer.exe:1984 READ E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Offset: 24020 Length: 800



Thank You

 

[Guest]

5:26:49 PM explorer.exe:1984 QUERY INFORMATION E:\ SUCCESS Attributes: DHSA
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\De138.lnk SUCCESS Attributes: A
5:26:49
PM explorer.exe:1984 READ E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Offset: 24820 Length: 800
5:26:49 PM explorer.exe:1984 QUERY INFORMATION E:\ SUCCESS Attributes: DHSA
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\De139.avi SUCCESS Attributes: A
5:26:49
PM explorer.exe:1984 READ E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 END OF FILE Offset: 25620 Length: 800
5:26:49
PM explorer.exe:1984 CLOSE E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS
5:26:49 PM explorer.exe:1984 QUERY INFORMATION E:\ SUCCESS Attributes: DHSA
5:26:49 PM explorer.exe:1984 OPEN F:\ SUCCESS Options: Open Directory
Access: 00100001
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION F:\ SUCCESS FileNameInformation
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION F:\ SUCCESS FileFsVolumeInformation
5:26:49 PM explorer.exe:1984 CLOSE F:\ SUCCESS
5:26:49 PM explorer.exe:1984 QUERY INFORMATION F:\ SUCCESS Attributes: DHSA
5:26:49
PM explorer.exe:1984 OPEN F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Options: OpenIf Access: 0012019F
5:26:49
PM explorer.exe:1984 OPEN F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Options: Open Access: 00100001
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS FileInternalInformation
5:26:49
PM explorer.exe:1984 CLOSE F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS
5:26:49 PM explorer.exe:1984 READ
F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Offset: 0 Length: 20
5:26:49 PM explorer.exe:1984 QUERY INFORMATION F:\ SUCCESS Attributes: DHSA
5:26:49
PM explorer.exe:1984 OPEN F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS Options: Open Directory Access: 00100001
5:26:49
PM explorer.exe:1984 DIRECTORY F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS FileBothDirectoryInformation: D*"*
5:26:49
PM explorer.exe:1984 DIRECTORY F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS FileBothDirectoryInformation
5:26:49
PM explorer.exe:1984 OPEN F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\Df89 IS DIRECTORY Options: Open Access: 00100080
5:26:49
PM explorer.exe:1984 OPEN F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\Df89\ SUCCESS Options: Open Access: 00100080
5:26:49
PM explorer.exe:1984 CLOSE F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\Df89\ SUCCESS
5:26:49
PM explorer.exe:1984 OPEN F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\Df89 SUCCESS Options: Open Access: 00100080
5:26:49
PM explorer.exe:1984 CLOSE F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\Df89 SUCCESS
5:26:49
PM explorer.exe:1984 OPEN F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\Df89 SUCCESS Options: Open Access: 00100080
5:26:49
PM explorer.exe:1984 CLOSE F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\Df89 SUCCESS
5:26:49
PM explorer.exe:1984 OPEN F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\Df89\ SUCCESS Options: Open Access: 00100080
5:26:49
PM explorer.exe:1984 CLOSE F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\Df89\ SUCCESS
5:26:49
PM explorer.exe:1984 OPEN F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003 IS DIRECTORY Options: Open Access: 00100080
5:26:49
PM explorer.exe:1984 OPEN F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS Options: Open Access: 00100080
5:26:49
PM explorer.exe:1984 CLOSE F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS
5:26:49
PM explorer.exe:1984 OPEN F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003 SUCCESS Options: Open Access: 00100080
5:26:49
PM explorer.exe:1984 CLOSE F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003 SUCCESS
5:26:49
PM explorer.exe:1984 OPEN F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003 SUCCESS Options: Open Access: 00100080
5:26:49
PM explorer.exe:1984 CLOSE F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003 SUCCESS
5:26:49
PM explorer.exe:1984 OPEN F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS Options: Open Access: 00100080
5:26:49
PM explorer.exe:1984 CLOSE F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS
5:26:49 PM explorer.exe:1984 OPEN F:\RECYCLER IS DIRECTORY Options: Open
Access: 00100080
5:26:49 PM explorer.exe:1984 OPEN F:\RECYCLER\ SUCCESS Options: Open
Access: 00100080
5:26:49 PM explorer.exe:1984 CLOSE F:\RECYCLER\ SUCCESS
5:26:49 PM explorer.exe:1984 OPEN F:\RECYCLER SUCCESS Options: Open Access:
00100080
5:26:49 PM explorer.exe:1984 CLOSE F:\RECYCLER SUCCESS
5:26:49 PM explorer.exe:1984 OPEN F:\RECYCLER SUCCESS Options: Open Access:
00100080
5:26:49 PM explorer.exe:1984 CLOSE F:\RECYCLER SUCCESS
5:26:49 PM explorer.exe:1984 OPEN F:\RECYCLER\ SUCCESS Options: Open
Access: 00100080
5:26:49 PM explorer.exe:1984 CLOSE F:\RECYCLER\ SUCCESS
5:26:49 PM explorer.exe:1984 OPEN F:\ SUCCESS Options: Open Directory
Access: 00100001
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION F:\ SUCCESS FileFsSizeInformation
5:26:49 PM explorer.exe:1984 CLOSE F:\ SUCCESS
5:26:49
PM explorer.exe:1984 OPEN F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS Options: Open Directory Access: 00100001
5:26:49
PM explorer.exe:1984 DIRECTORY F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS FileBothDirectoryInformation: Df89
5:26:49
PM explorer.exe:1984 CLOSE F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS
5:26:49
PM explorer.exe:1984 OPEN F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\Df89\ SUCCESS Options: Open Directory Access: 00100001
5:26:49
PM explorer.exe:1984 DIRECTORY F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\Df89\ SUCCESS FileBothDirectoryInformation: *
5:26:49
PM explorer.exe:1984 DIRECTORY F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\Df89\ SUCCESS FileBothDirectoryInformation
5:26:49
PM explorer.exe:1984 DIRECTORY F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\Df89\ NO MORE FILES FileBothDirectoryInformation
5:26:49
PM explorer.exe:1984 CLOSE F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\Df89\ SUCCESS
5:26:49
PM explorer.exe:1984 OPEN F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS Options: Open Directory Access: 00100001
5:26:49
PM explorer.exe:1984 DIRECTORY F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS FileBothDirectoryInformation: Df90
5:26:49
PM explorer.exe:1984 CLOSE F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS
5:26:49
PM explorer.exe:1984 OPEN F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\Df90\ SUCCESS Options: Open Directory Access: 00100001
5:26:49
PM explorer.exe:1984 DIRECTORY F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\Df90\ SUCCESS FileBothDirectoryInformation: *
5:26:49
PM explorer.exe:1984 DIRECTORY F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\Df90\ SUCCESS FileBothDirectoryInformation
5:26:49
PM explorer.exe:1984 DIRECTORY F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\Df90\ NO MORE FILES FileBothDirectoryInformation
5:26:49
PM explorer.exe:1984 CLOSE F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\Df90\ SUCCESS
5:26:49
PM explorer.exe:1984 DIRECTORY F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ NO MORE FILES FileBothDirectoryInformation
5:26:49
PM explorer.exe:1984 CLOSE F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS
5:26:49
PM explorer.exe:1984 WRITE F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Offset: 0 Length: 20
5:26:49
PM explorer.exe:1984 READ F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Offset: 20 Length: 800
5:26:49 PM explorer.exe:1984 QUERY INFORMATION F:\ SUCCESS Attributes: DHSA
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\Df81.m3u SUCCESS Attributes: A
5:26:49
PM explorer.exe:1984 READ F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Offset: 820 Length: 800
5:26:49 PM explorer.exe:1984 QUERY INFORMATION F:\ SUCCESS Attributes: DHSA
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\Df82.txt SUCCESS Attributes: A
5:26:49
PM explorer.exe:1984 READ F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Offset: 1620 Length: 800
5:26:49 PM explorer.exe:1984 QUERY INFORMATION F:\ SUCCESS Attributes: DHSA
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\Df83.wma SUCCESS Attributes: A
5:26:49
PM explorer.exe:1984 READ F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Offset: 2420 Length: 800
5:26:49 PM explorer.exe:1984 QUERY INFORMATION F:\ SUCCESS Attributes: DHSA
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\Df84.mp3 SUCCESS Attributes: A
5:26:49
PM explorer.exe:1984 READ F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Offset: 3220 Length: 800
5:26:49 PM explorer.exe:1984 QUERY INFORMATION F:\ SUCCESS Attributes: DHSA
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\Df85.wma SUCCESS Attributes: A
5:26:49
PM explorer.exe:1984 READ F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Offset: 4020 Length: 800
5:26:49 PM explorer.exe:1984 QUERY INFORMATION F:\ SUCCESS Attributes: DHSA
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\Df86.wma SUCCESS Attributes: A
5:26:49
PM explorer.exe:1984 READ F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Offset: 4820 Length: 800
5:26:49 PM explorer.exe:1984 QUERY INFORMATION F:\ SUCCESS Attributes: DHSA
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\Df87.mp3 SUCCESS Attributes: A
5:26:49
PM explorer.exe:1984 READ F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Offset: 5620 Length: 800
5:26:49 PM explorer.exe:1984 QUERY INFORMATION F:\ SUCCESS Attributes: DHSA
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\Df88.m4a SUCCESS Attributes: A
5:26:49
PM explorer.exe:1984 READ F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Offset: 6420 Length: 800
5:26:49 PM explorer.exe:1984 QUERY INFORMATION F:\ SUCCESS Attributes: DHSA
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\Df89 SUCCESS Attributes: D
5:26:49
PM explorer.exe:1984 READ F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Offset: 7220 Length: 800
5:26:49 PM explorer.exe:1984 QUERY INFORMATION F:\ SUCCESS Attributes: DHSA
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\Df90 SUCCESS Attributes: D
5:26:49
PM explorer.exe:1984 READ F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Offset: 8020 Length: 800
5:26:49 PM explorer.exe:1984 QUERY INFORMATION F:\ SUCCESS Attributes: DHSA
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\Df91.lnk SUCCESS Attributes: A
5:26:49
PM explorer.exe:1984 READ F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 END OF FILE Offset: 8820 Length: 800
5:26:49
PM explorer.exe:1984 CLOSE F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS
5:26:49 PM explorer.exe:1984 QUERY INFORMATION F:\ SUCCESS Attributes: DHSA
5:26:49 PM explorer.exe:1984 OPEN G:\ SUCCESS Options: Open Directory
Access: 00100001
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION G:\ SUCCESS FileNameInformation
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION G:\ SUCCESS FileFsVolumeInformation
5:26:49 PM explorer.exe:1984 CLOSE G:\ SUCCESS
5:26:49 PM explorer.exe:1984 QUERY INFORMATION G:\ SUCCESS Attributes: DHSA
5:26:49
PM explorer.exe:1984 OPEN G:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Options: OpenIf Access: 0012019F
5:26:49
PM explorer.exe:1984 OPEN G:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Options: Open Access: 00100001
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION G:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS FileInternalInformation
5:26:49
PM explorer.exe:1984 CLOSE G:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS
5:26:49 PM explorer.exe:1984 READ
G:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Offset: 0 Length: 20
5:26:49 PM explorer.exe:1984 QUERY INFORMATION G:\ SUCCESS Attributes: DHSA
5:26:49
PM explorer.exe:1984 OPEN G:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS Options: Open Directory Access: 00100001
5:26:49
PM explorer.exe:1984 DIRECTORY G:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS FileBothDirectoryInformation: D*"*
5:26:49
PM explorer.exe:1984 DIRECTORY G:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ NO MORE FILES FileBothDirectoryInformation
5:26:49
PM explorer.exe:1984 CLOSE G:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS
5:26:49
PM explorer.exe:1984 WRITE G:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Offset: 0 Length: 20
5:26:49
PM explorer.exe:1984 READ G:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 END OF FILE Offset: 20 Length: 800
5:26:49
PM explorer.exe:1984 CLOSE G:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS
5:26:49 PM explorer.exe:1984 QUERY INFORMATION G:\ SUCCESS Attributes: DHSA
5:26:49 PM explorer.exe:1984 OPEN H:\ SUCCESS Options: Open Directory
Access: 00100001
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION H:\ SUCCESS FileNameInformation
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION H:\ SUCCESS FileFsVolumeInformation
5:26:49 PM explorer.exe:1984 CLOSE H:\ SUCCESS
5:26:49 PM explorer.exe:1984 QUERY INFORMATION H:\ SUCCESS Attributes: DHSA
5:26:49
PM explorer.exe:1984 OPEN H:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Options: OpenIf Access: 0012019F
5:26:49
PM explorer.exe:1984 OPEN H:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Options: Open Access: 00100001
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION H:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS FileInternalInformation
5:26:49
PM explorer.exe:1984 CLOSE H:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS
5:26:49 PM explorer.exe:1984 READ
H:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Offset: 0 Length: 20
5:26:49 PM explorer.exe:1984 QUERY INFORMATION H:\ SUCCESS Attributes: DHSA
5:26:49
PM explorer.exe:1984 OPEN H:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS Options: Open Directory Access: 00100001
5:26:49
PM explorer.exe:1984 DIRECTORY H:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS FileBothDirectoryInformation: D*"*
5:26:49
PM explorer.exe:1984 DIRECTORY H:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS FileBothDirectoryInformation
5:26:49
PM explorer.exe:1984 OPEN H:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\Dh1.AC3[Eng]-aXXo IS DIRECTORY Options: Open Access: 00100080
5:26:49
PM explorer.exe:1984 OPEN H:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\Dh1.AC3[Eng]-aXXo\ SUCCESS Options: Open Access: 00100080
5:26:49
PM explorer.exe:1984 CLOSE H:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\Dh1.AC3[Eng]-aXXo\ SUCCESS
5:26:49
PM explorer.exe:1984 OPEN H:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\Dh1.AC3[Eng]-aXXo SUCCESS Options: Open Access: 00100080
5:26:49
PM explorer.exe:1984 CLOSE H:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\Dh1.AC3[Eng]-aXXo SUCCESS
5:26:49
PM explorer.exe:1984 OPEN H:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\Dh1.AC3[Eng]-aXXo SUCCESS Options: Open Access: 00100080
5:26:49
PM explorer.exe:1984 CLOSE H:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\Dh1.AC3[Eng]-aXXo SUCCESS
5:26:49
PM explorer.exe:1984 OPEN H:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\Dh1.AC3[Eng]-aXXo\ SUCCESS Options: Open Access: 00100080
5:26:49
PM explorer.exe:1984 CLOSE H:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\Dh1.AC3[Eng]-aXXo\ SUCCESS
5:26:49
PM explorer.exe:1984 OPEN H:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003 IS DIRECTORY Options: Open Access: 00100080
5:26:49
PM explorer.exe:1984 OPEN H:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS Options: Open Access: 00100080
5:26:49
PM explorer.exe:1984 CLOSE H:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS
5:26:49
PM explorer.exe:1984 OPEN H:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003 SUCCESS Options: Open Access: 00100080
5:26:49
PM explorer.exe:1984 CLOSE H:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003 SUCCESS
5:26:49
PM explorer.exe:1984 OPEN H:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003 SUCCESS Options: Open Access: 00100080
5:26:49
PM explorer.exe:1984 CLOSE H:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003 SUCCESS
5:26:49
PM explorer.exe:1984 OPEN H:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS Options: Open Access: 00100080
5:26:49
PM explorer.exe:1984 CLOSE H:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS
5:26:49 PM explorer.exe:1984 OPEN H:\RECYCLER IS DIRECTORY Options: Open
Access: 00100080
5:26:49 PM explorer.exe:1984 OPEN H:\RECYCLER\ SUCCESS Options: Open
Access: 00100080
5:26:49 PM explorer.exe:1984 CLOSE H:\RECYCLER\ SUCCESS
5:26:49 PM explorer.exe:1984 OPEN H:\RECYCLER SUCCESS Options: Open Access:
00100080
5:26:49 PM explorer.exe:1984 CLOSE H:\RECYCLER SUCCESS
5:26:49 PM explorer.exe:1984 OPEN H:\RECYCLER SUCCESS Options: Open Access:
00100080
5:26:49 PM explorer.exe:1984 CLOSE H:\RECYCLER SUCCESS
5:26:49 PM explorer.exe:1984 OPEN H:\RECYCLER\ SUCCESS Options: Open
Access: 00100080
5:26:49 PM explorer.exe:1984 CLOSE H:\RECYCLER\ SUCCESS
5:26:49 PM explorer.exe:1984 OPEN H:\ SUCCESS Options: Open Directory
Access: 00100001
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION H:\ SUCCESS FileFsSizeInformation
5:26:49 PM explorer.exe:1984 CLOSE H:\ SUCCESS
5:26:49
PM explorer.exe:1984 OPEN H:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS Options: Open Directory Access: 00100001
5:26:49
PM explorer.exe:1984 DIRECTORY H:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS FileBothDirectoryInformation: Dh1.AC3[Eng]-aXXo
5:26:49
PM explorer.exe:1984 CLOSE H:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS
5:26:49
PM explorer.exe:1984 OPEN H:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\Dh1.AC3[Eng]-aXXo\ SUCCESS Options: Open Directory Access: 00100001
5:26:49
PM explorer.exe:1984 DIRECTORY H:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\Dh1.AC3[Eng]-aXXo\ SUCCESS FileBothDirectoryInformation: *
5:26:49
PM explorer.exe:1984 DIRECTORY H:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\Dh1.AC3[Eng]-aXXo\ SUCCESS FileBothDirectoryInformation
5:26:49
PM explorer.exe:1984 DIRECTORY H:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\Dh1.AC3[Eng]-aXXo\ NO MORE FILES FileBothDirectoryInformation
5:26:49
PM explorer.exe:1984 CLOSE H:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\Dh1.AC3[Eng]-aXXo\ SUCCESS
5:26:49
PM explorer.exe:1984 DIRECTORY H:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ NO MORE FILES FileBothDirectoryInformation
5:26:49
PM explorer.exe:1984 CLOSE H:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS
5:26:49
PM explorer.exe:1984 WRITE H:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Offset: 0 Length: 20
5:26:49
PM explorer.exe:1984 READ H:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Offset: 20 Length: 800
5:26:49 PM explorer.exe:1984 QUERY INFORMATION H:\ SUCCESS Attributes: DHSA
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION H:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\Dh1.AC3[Eng]-aXXo SUCCESS Attributes: D
5:26:49
PM explorer.exe:1984 READ H:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 END OF FILE Offset: 820 Length: 800
5:26:49
PM explorer.exe:1984 CLOSE H:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS
5:26:49 PM explorer.exe:1984 QUERY INFORMATION H:\ SUCCESS Attributes: DHSA

 

[Guest]

5:26:49 PM explorer.exe:1984 SET INFORMATION C:\Documents and
Settings\Alex\ntuser.dat.LOG SUCCESS Length: 8192
5:26:49 PM explorer.exe:1984 SET INFORMATION C:\Documents and
Settings\Alex\ntuser.dat.LOG SUCCESS Length: 8192
5:26:49 PM explorer.exe:1984 SET INFORMATION C:\Documents and
Settings\Alex\ntuser.dat.LOG SUCCESS Length: 16384
5:26:49 PM explorer.exe:1984 SET INFORMATION C:\Documents and
Settings\Alex\ntuser.dat.LOG SUCCESS Length: 20480
5:26:49 PM explorer.exe:1984 SET INFORMATION C:\Documents and
Settings\Alex\ntuser.dat.LOG SUCCESS Length: 24576
5:26:49 PM explorer.exe:1984 SET INFORMATION C:\Documents and
Settings\Alex\ntuser.dat.LOG SUCCESS Length: 1077248
5:26:49 PM explorer.exe:1984 SET INFORMATION C:\Documents and
Settings\Alex\ntuser.dat.LOG SUCCESS Length: 1146880
5:26:49 PM explorer.exe:1984 QUERY INFORMATION C:\WINDOWS\wuaueng.dll NOT
FOUND Attributes: Error
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\system32\wuaueng.dll SUCCESS Attributes: A
5:26:49
PM explorer.exe:1984 OPEN C:\WINDOWS\system32\wuaueng.dll SUCCESS Options:
Open Access: 00100020
5:26:49
PM explorer.exe:1984 OPEN C:\WINDOWS\system32\wuaueng.dll SUCCESS Options:
Open Access: 00100001
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\system32\wuaueng.dll SUCCESS FileInternalInformation
5:26:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\system32\wuaueng.dll SUCCESS
5:26:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\system32\wuaueng.dll SUCCESS
5:26:49 PM explorer.exe:1984 QUERY INFORMATION C:\WINDOWS\ADVPACK.dll NOT
FOUND Attributes: Error
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\system32\ADVPACK.dll SUCCESS Attributes: A
5:26:49
PM explorer.exe:1984 OPEN C:\WINDOWS\system32\ADVPACK.dll SUCCESS Options:
Open Access: 00100020
5:26:49
PM explorer.exe:1984 OPEN C:\WINDOWS\system32\ADVPACK.dll SUCCESS Options:
Open Access: 00100001
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\system32\ADVPACK.dll SUCCESS FileInternalInformation
5:26:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\system32\ADVPACK.dll SUCCESS
5:26:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\system32\ADVPACK.dll SUCCESS
5:26:49 PM explorer.exe:1984 QUERY INFORMATION C:\WINDOWS\SHFOLDER.dll NOT
FOUND Attributes: Error
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\system32\SHFOLDER.dll SUCCESS Attributes: A
5:26:49
PM explorer.exe:1984 OPEN C:\WINDOWS\system32\SHFOLDER.dll SUCCESS Options:
Open Access: 00100020
5:26:49
PM explorer.exe:1984 OPEN C:\WINDOWS\system32\SHFOLDER.dll SUCCESS Options:
Open Access: 00100001
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\system32\SHFOLDER.dll SUCCESS FileInternalInformation
5:26:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\system32\SHFOLDER.dll SUCCESS
5:26:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\system32\SHFOLDER.dll SUCCESS
5:26:49 PM explorer.exe:1984 QUERY INFORMATION C:\WINDOWS\ESENT.dll NOT
FOUND Attributes: Error
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\system32\ESENT.dll SUCCESS Attributes: A
5:26:49
PM explorer.exe:1984 OPEN C:\WINDOWS\system32\ESENT.dll SUCCESS Options: Open
Access: 00100020
5:26:49
PM explorer.exe:1984 OPEN C:\WINDOWS\system32\ESENT.dll SUCCESS Options: Open
Access: 00100001
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\system32\ESENT.dll SUCCESS FileInternalInformation
5:26:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\system32\ESENT.dll SUCCESS
5:26:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\system32\ESENT.dll SUCCESS
5:26:49 PM explorer.exe:1984 QUERY INFORMATION C:\WINDOWS\Cabinet.dll NOT
FOUND Attributes: Error
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\system32\Cabinet.dll SUCCESS Attributes: A
5:26:49
PM explorer.exe:1984 OPEN C:\WINDOWS\system32\Cabinet.dll SUCCESS Options:
Open Access: 00100020
5:26:49
PM explorer.exe:1984 OPEN C:\WINDOWS\system32\Cabinet.dll SUCCESS Options:
Open Access: 00100001
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\system32\Cabinet.dll SUCCESS FileInternalInformation
5:26:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\system32\Cabinet.dll SUCCESS
5:26:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\system32\Cabinet.dll SUCCESS
5:26:49 PM explorer.exe:1984 QUERY INFORMATION C:\WINDOWS\mspatcha.dll NOT
FOUND Attributes: Error
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\system32\mspatcha.dll SUCCESS Attributes: A
5:26:49
PM explorer.exe:1984 OPEN C:\WINDOWS\system32\mspatcha.dll SUCCESS Options:
Open Access: 00100020
5:26:49
PM explorer.exe:1984 OPEN C:\WINDOWS\system32\mspatcha.dll SUCCESS Options:
Open Access: 00100001
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\system32\mspatcha.dll SUCCESS FileInternalInformation
5:26:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\system32\mspatcha.dll SUCCESS
5:26:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\system32\mspatcha.dll SUCCESS
5:26:49 PM explorer.exe:1984 QUERY INFORMATION C:\WINDOWS\sfc.dll NOT
FOUND Attributes: Error
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\system32\sfc.dll SUCCESS Attributes: A
5:26:49
PM explorer.exe:1984 OPEN C:\WINDOWS\system32\sfc.dll SUCCESS Options: Open
Access: 00100020
5:26:49
PM explorer.exe:1984 OPEN C:\WINDOWS\system32\sfc.dll SUCCESS Options: Open
Access: 00100001
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\system32\sfc.dll SUCCESS FileInternalInformation
5:26:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\system32\sfc.dll SUCCESS
5:26:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\system32\sfc.dll SUCCESS
5:26:49 PM explorer.exe:1984 QUERY INFORMATION C:\WINDOWS\sfc_os.dll NOT
FOUND Attributes: Error
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\system32\sfc_os.dll SUCCESS Attributes: A
5:26:49
PM explorer.exe:1984 OPEN C:\WINDOWS\system32\sfc_os.dll SUCCESS Options:
Open Access: 00100020
5:26:49
PM explorer.exe:1984 OPEN C:\WINDOWS\system32\sfc_os.dll SUCCESS Options:
Open Access: 00100001
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\system32\sfc_os.dll SUCCESS FileInternalInformation
5:26:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\system32\sfc_os.dll SUCCESS
5:26:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\system32\sfc_os.dll SUCCESS
5:27:27 PM nod32krn.exe:1860 READ C:\Program
Files\ESET\cache\CACHE.NDB SUCCESS Offset: 4325 Length: 40
5:27:27 PM nod32krn.exe:1860 READ C:\Program
Files\ESET\cache\CACHE.NDB SUCCESS Offset: 4403 Length: 40
5:27:27 PM nod32krn.exe:1860 READ C:\Program
Files\ESET\cache\CACHE.NDB SUCCESS Offset: 4481 Length: 40
5:27:27 PM nod32krn.exe:1860 READ C:\Program
Files\ESET\cache\CACHE.NDB SUCCESS Offset: 4559 Length: 40
5:27:27 PM nod32krn.exe:1860 READ C:\Program
Files\ESET\cache\CACHE.NDB SUCCESS Offset: 4637 Length: 40
5:27:27 PM nod32krn.exe:1860 READ C:\Program
Files\ESET\cache\CACHE.NDB SUCCESS Offset: 4715 Length: 40
5:27:27 PM nod32krn.exe:1860 READ C:\Program
Files\ESET\cache\CACHE.NDB SUCCESS Offset: 4793 Length: 40
5:27:27 PM nod32krn.exe:1860 READ C:\Program
Files\ESET\cache\CACHE.NDB SUCCESS Offset: 4871 Length: 40
5:27:27 PM nod32krn.exe:1860 READ C:\Program
Files\ESET\cache\CACHE.NDB SUCCESS Offset: 4949 Length: 40
5:27:27 PM nod32krn.exe:1860 READ C:\Program
Files\ESET\cache\CACHE.NDB SUCCESS Offset: 5027 Length: 40
5:27:27 PM nod32krn.exe:1860 READ C:\Program
Files\ESET\cache\CACHE.NDB SUCCESS Offset: 5105 Length: 40
5:27:27 PM nod32krn.exe:1860 READ C:\Program
Files\ESET\cache\CACHE.NDB SUCCESS Offset: 5183 Length: 40
5:27:27 PM nod32krn.exe:1860 READ C:\Program
Files\ESET\cache\CACHE.NDB SUCCESS Offset: 5261 Length: 40
5:27:27 PM nod32krn.exe:1860 READ C:\Program
Files\ESET\cache\CACHE.NDB SUCCESS Offset: 5339 Length: 40
5:27:27 PM nod32krn.exe:1860 READ C:\Program
Files\ESET\cache\CACHE.NDB SUCCESS Offset: 5417 Length: 40
5:27:27 PM nod32krn.exe:1860 READ C:\Program
Files\ESET\cache\CACHE.NDB SUCCESS Offset: 5495 Length: 40
5:27:27 PM nod32krn.exe:1860 READ C:\Program
Files\ESET\cache\CACHE.NDB SUCCESS Offset: 5573 Length: 40
5:27:27 PM nod32krn.exe:1860 READ C:\Program
Files\ESET\cache\CACHE.NDB SUCCESS Offset: 5651 Length: 40
5:27:27 PM nod32krn.exe:1860 READ C:\Program
Files\ESET\cache\CACHE.NDB SUCCESS Offset: 5729 Length: 40
5:27:27 PM nod32krn.exe:1860 READ C:\Program
Files\ESET\cache\CACHE.NDB SUCCESS Offset: 5807 Length: 40
5:27:27 PM nod32krn.exe:1860 READ C:\Program
Files\ESET\cache\CACHE.NDB SUCCESS Offset: 5885 Length: 40
5:27:27 PM nod32krn.exe:1860 READ C:\Program
Files\ESET\cache\CACHE.NDB SUCCESS Offset: 5963 Length: 40
5:27:27 PM nod32krn.exe:1860 READ C:\Program
Files\ESET\cache\CACHE.NDB SUCCESS Offset: 6041 Length: 40
5:28:27 PM nod32krn.exe:1860 READ C:\Program
Files\ESET\cache\CACHE.NDB SUCCESS Offset: 4325 Length: 40
5:28:27 PM nod32krn.exe:1860 READ C:\Program
Files\ESET\cache\CACHE.NDB SUCCESS Offset: 4403 Length: 40
5:28:27 PM nod32krn.exe:1860 READ C:\Program
Files\ESET\cache\CACHE.NDB SUCCESS Offset: 4481 Length: 40
5:28:27 PM nod32krn.exe:1860 READ C:\Program
Files\ESET\cache\CACHE.NDB SUCCESS Offset: 4559 Length: 40
5:28:27 PM nod32krn.exe:1860 READ C:\Program
Files\ESET\cache\CACHE.NDB SUCCESS Offset: 4637 Length: 40
5:28:27 PM nod32krn.exe:1860 READ C:\Program
Files\ESET\cache\CACHE.NDB SUCCESS Offset: 4715 Length: 40
5:28:27 PM nod32krn.exe:1860 READ C:\Program
Files\ESET\cache\CACHE.NDB SUCCESS Offset: 4793 Length: 40
5:28:27 PM nod32krn.exe:1860 READ C:\Program
Files\ESET\cache\CACHE.NDB SUCCESS Offset: 4871 Length: 40
5:28:27 PM nod32krn.exe:1860 READ C:\Program
Files\ESET\cache\CACHE.NDB SUCCESS Offset: 4949 Length: 40
5:28:27 PM nod32krn.exe:1860 READ C:\Program
Files\ESET\cache\CACHE.NDB SUCCESS Offset: 5027 Length: 40
5:28:27 PM nod32krn.exe:1860 READ C:\Program
Files\ESET\cache\CACHE.NDB SUCCESS Offset: 5105 Length: 40
5:28:27 PM nod32krn.exe:1860 READ C:\Program
Files\ESET\cache\CACHE.NDB SUCCESS Offset: 5183 Length: 40
5:28:27 PM nod32krn.exe:1860 READ C:\Program
Files\ESET\cache\CACHE.NDB SUCCESS Offset: 5261 Length: 40
5:28:27 PM nod32krn.exe:1860 READ C:\Program
Files\ESET\cache\CACHE.NDB SUCCESS Offset: 5339 Length: 40
5:28:27 PM nod32krn.exe:1860 READ C:\Program
Files\ESET\cache\CACHE.NDB SUCCESS Offset: 5417 Length: 40
5:28:27 PM nod32krn.exe:1860 READ C:\Program
Files\ESET\cache\CACHE.NDB SUCCESS Offset: 5495 Length: 40
5:28:27 PM nod32krn.exe:1860 READ C:\Program
Files\ESET\cache\CACHE.NDB SUCCESS Offset: 5573 Length: 40
5:28:27 PM nod32krn.exe:1860 READ C:\Program
Files\ESET\cache\CACHE.NDB SUCCESS Offset: 5651 Length: 40
5:28:27 PM nod32krn.exe:1860 READ C:\Program
Files\ESET\cache\CACHE.NDB SUCCESS Offset: 5729 Length: 40
5:28:27 PM nod32krn.exe:1860 READ C:\Program
Files\ESET\cache\CACHE.NDB SUCCESS Offset: 5807 Length: 40
5:28:27 PM nod32krn.exe:1860 READ C:\Program
Files\ESET\cache\CACHE.NDB SUCCESS Offset: 5885 Length: 40
5:28:27 PM nod32krn.exe:1860 READ C:\Program
Files\ESET\cache\CACHE.NDB SUCCESS Offset: 5963 Length: 40
5:28:27 PM nod32krn.exe:1860 READ C:\Program
Files\ESET\cache\CACHE.NDB SUCCESS Offset: 6041 Length: 40
5:28:49
PM services.exe:864 WRITE C:\WINDOWS\system32\config\SysEvent.Evt SUCCESS Offset: 106140 Length: 192
5:28:49
PM services.exe:864 WRITE C:\WINDOWS\system32\config\SysEvent.Evt SUCCESS Offset: 106332 Length: 40
5:28:49 PM explorer.exe:1984 CREATE C:\WINDOWS NAME COLLISION Options:
Create Directory Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options:
OpenIf Access: 0012019F
5:28:49 PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SHARING
VIOLATION Options: Open Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100001
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 READ
C:\WINDOWS\WindowsUpdate.log SUCCESS Offset: 0 Length: 511
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100080
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS FileInternalInformation
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 CREATE C:\WINDOWS NAME COLLISION Options:
Create Directory Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options:
OpenIf Access: 0012019F
5:28:49 PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SHARING
VIOLATION Options: Open Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100001
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 READ
C:\WINDOWS\WindowsUpdate.log SUCCESS Offset: 0 Length: 511
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100080
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS FileInternalInformation
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 CREATE C:\WINDOWS NAME COLLISION Options:
Create Directory Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options:
OpenIf Access: 0012019F
5:28:49 PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SHARING
VIOLATION Options: Open Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100001
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 READ
C:\WINDOWS\WindowsUpdate.log SUCCESS Offset: 0 Length: 511
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100080
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS FileInternalInformation
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 CREATE C:\WINDOWS NAME COLLISION Options:
Create Directory Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options:
OpenIf Access: 0012019F
5:28:49 PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SHARING
VIOLATION Options: Open Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100001
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 READ
C:\WINDOWS\WindowsUpdate.log SUCCESS Offset: 0 Length: 511
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100080
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS FileInternalInformation
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 CREATE C:\WINDOWS NAME COLLISION Options:
Create Directory Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options:
OpenIf Access: 0012019F
5:28:49 PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SHARING
VIOLATION Options: Open Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100001
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 READ
C:\WINDOWS\WindowsUpdate.log SUCCESS Offset: 0 Length: 511

 

[Guest]

5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100080
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS FileInternalInformation
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 CREATE C:\WINDOWS NAME COLLISION Options:
Create Directory Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options:
OpenIf Access: 0012019F
5:28:49 PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SHARING
VIOLATION Options: Open Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100001
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 READ
C:\WINDOWS\WindowsUpdate.log SUCCESS Offset: 0 Length: 511
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100080
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS FileInternalInformation
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 CREATE C:\WINDOWS NAME COLLISION Options:
Create Directory Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options:
OpenIf Access: 0012019F
5:28:49 PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SHARING
VIOLATION Options: Open Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100001
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 READ
C:\WINDOWS\WindowsUpdate.log SUCCESS Offset: 0 Length: 511
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100080
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS FileInternalInformation
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 CREATE C:\WINDOWS NAME COLLISION Options:
Create Directory Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options:
OpenIf Access: 0012019F
5:28:49 PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SHARING
VIOLATION Options: Open Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100001
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 READ
C:\WINDOWS\WindowsUpdate.log SUCCESS Offset: 0 Length: 511
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100080
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS FileInternalInformation
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 CREATE C:\WINDOWS NAME COLLISION Options:
Create Directory Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options:
OpenIf Access: 0012019F
5:28:49 PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SHARING
VIOLATION Options: Open Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100001
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 READ
C:\WINDOWS\WindowsUpdate.log SUCCESS Offset: 0 Length: 511
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100080
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS FileInternalInformation
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 CREATE C:\WINDOWS NAME COLLISION Options:
Create Directory Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options:
OpenIf Access: 0012019F
5:28:49 PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SHARING
VIOLATION Options: Open Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100001
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 READ
C:\WINDOWS\WindowsUpdate.log SUCCESS Offset: 0 Length: 511
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100080
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS FileInternalInformation
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 CREATE C:\WINDOWS NAME COLLISION Options:
Create Directory Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options:
OpenIf Access: 0012019F
5:28:49 PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SHARING
VIOLATION Options: Open Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100001
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 READ
C:\WINDOWS\WindowsUpdate.log SUCCESS Offset: 0 Length: 511
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100080
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS FileInternalInformation
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 CREATE C:\WINDOWS NAME COLLISION Options:
Create Directory Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options:
OpenIf Access: 0012019F
5:28:49 PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SHARING
VIOLATION Options: Open Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100001
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 READ
C:\WINDOWS\WindowsUpdate.log SUCCESS Offset: 0 Length: 511
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100080
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS FileInternalInformation
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 CREATE C:\WINDOWS NAME COLLISION Options:
Create Directory Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options:
OpenIf Access: 0012019F
5:28:49 PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SHARING
VIOLATION Options: Open Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100001
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 READ
C:\WINDOWS\WindowsUpdate.log SUCCESS Offset: 0 Length: 511
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100080
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS FileInternalInformation
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 CREATE C:\WINDOWS NAME COLLISION Options:
Create Directory Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options:
OpenIf Access: 0012019F
5:28:49 PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SHARING
VIOLATION Options: Open Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100001
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 READ
C:\WINDOWS\WindowsUpdate.log SUCCESS Offset: 0 Length: 511
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100080
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS FileInternalInformation
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 CREATE C:\WINDOWS NAME COLLISION Options:
Create Directory Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options:
OpenIf Access: 0012019F
5:28:49 PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SHARING
VIOLATION Options: Open Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100001
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 READ
C:\WINDOWS\WindowsUpdate.log SUCCESS Offset: 0 Length: 511
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100080
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS FileInternalInformation
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 CREATE C:\WINDOWS NAME COLLISION Options:
Create Directory Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options:
OpenIf Access: 0012019F
5:28:49 PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SHARING
VIOLATION Options: Open Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100001
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 READ
C:\WINDOWS\WindowsUpdate.log SUCCESS Offset: 0 Length: 511
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100080
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS FileInternalInformation
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 CREATE C:\WINDOWS NAME COLLISION Options:
Create Directory Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options:
OpenIf Access: 0012019F
5:28:49 PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SHARING
VIOLATION Options: Open Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100001
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 READ
C:\WINDOWS\WindowsUpdate.log SUCCESS Offset: 0 Length: 511
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100080
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS FileInternalInformation
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 CREATE C:\WINDOWS NAME COLLISION Options:
Create Directory Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options:
OpenIf Access: 0012019F
5:28:49 PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SHARING
VIOLATION Options: Open Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100001
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 READ
C:\WINDOWS\WindowsUpdate.log SUCCESS Offset: 0 Length: 511
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100080
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS FileInternalInformation
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 CREATE C:\WINDOWS NAME COLLISION Options:
Create Directory Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options:
OpenIf Access: 0012019F
5:28:49 PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SHARING
VIOLATION Options: Open Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100001
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 READ
C:\WINDOWS\WindowsUpdate.log SUCCESS Offset: 0 Length: 511
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100080
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS FileInternalInformation
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 CREATE C:\WINDOWS NAME COLLISION Options:
Create Directory Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options:
OpenIf Access: 0012019F
5:28:49 PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SHARING
VIOLATION Options: Open Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100001
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 READ
C:\WINDOWS\WindowsUpdate.log SUCCESS Offset: 0 Length: 511
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100080
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS FileInternalInformation
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 CREATE C:\WINDOWS NAME COLLISION Options:
Create Directory Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options:
OpenIf Access: 0012019F
5:28:49 PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SHARING
VIOLATION Options: Open Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100001
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 READ
C:\WINDOWS\WindowsUpdate.log SUCCESS Offset: 0 Length: 511
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100080
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS FileInternalInformation
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 CREATE C:\WINDOWS NAME COLLISION Options:
Create Directory Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options:
OpenIf Access: 0012019F
5:28:49 PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SHARING
VIOLATION Options: Open Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100001
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 READ
C:\WINDOWS\WindowsUpdate.log SUCCESS Offset: 0 Length: 511
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100080
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS FileInternalInformation
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 CREATE C:\WINDOWS NAME COLLISION Options:
Create Directory Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options:
OpenIf Access: 0012019F
5:28:49 PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SHARING
VIOLATION Options: Open Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100001
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 READ
C:\WINDOWS\WindowsUpdate.log SUCCESS Offset: 0 Length: 511
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100080
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS FileInternalInformation
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 WRITE
C:\WINDOWS\WindowsUpdate.log SUCCESS Offset: 412380 Length: 83
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412463
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412463
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM winlogon.exe:820 DIRECTORY C:\WINDOWS SUCCESS Change Notify
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412463
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412463
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412463
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412463
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412463
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412463
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412463
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412463
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM winlogon.exe:820 DIRECTORY C:\WINDOWS Change Notify
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412463
x

 

[Guest]

5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100080
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS FileInternalInformation
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 CREATE C:\WINDOWS NAME COLLISION Options:
Create Directory Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options:
OpenIf Access: 0012019F
5:28:49 PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SHARING
VIOLATION Options: Open Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100001
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 READ
C:\WINDOWS\WindowsUpdate.log SUCCESS Offset: 0 Length: 511
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100080
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS FileInternalInformation
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 CREATE C:\WINDOWS NAME COLLISION Options:
Create Directory Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options:
OpenIf Access: 0012019F
5:28:49 PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SHARING
VIOLATION Options: Open Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100001
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 READ
C:\WINDOWS\WindowsUpdate.log SUCCESS Offset: 0 Length: 511
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100080
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS FileInternalInformation
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 CREATE C:\WINDOWS NAME COLLISION Options:
Create Directory Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options:
OpenIf Access: 0012019F
5:28:49 PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SHARING
VIOLATION Options: Open Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100001
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 READ
C:\WINDOWS\WindowsUpdate.log SUCCESS Offset: 0 Length: 511
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100080
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS FileInternalInformation
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 CREATE C:\WINDOWS NAME COLLISION Options:
Create Directory Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options:
OpenIf Access: 0012019F
5:28:49 PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SHARING
VIOLATION Options: Open Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100001
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 READ
C:\WINDOWS\WindowsUpdate.log SUCCESS Offset: 0 Length: 511
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100080
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS FileInternalInformation
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 CREATE C:\WINDOWS NAME COLLISION Options:
Create Directory Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options:
OpenIf Access: 0012019F
5:28:49 PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SHARING
VIOLATION Options: Open Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100001
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 READ
C:\WINDOWS\WindowsUpdate.log SUCCESS Offset: 0 Length: 511
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100080
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS FileInternalInformation
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 CREATE C:\WINDOWS NAME COLLISION Options:
Create Directory Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options:
OpenIf Access: 0012019F
5:28:49 PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SHARING
VIOLATION Options: Open Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100001
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 READ
C:\WINDOWS\WindowsUpdate.log SUCCESS Offset: 0 Length: 511
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100080
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS FileInternalInformation
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 CREATE C:\WINDOWS NAME COLLISION Options:
Create Directory Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options:
OpenIf Access: 0012019F
5:28:49 PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SHARING
VIOLATION Options: Open Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100001
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 READ
C:\WINDOWS\WindowsUpdate.log SUCCESS Offset: 0 Length: 511
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100080
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS FileInternalInformation
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 CREATE C:\WINDOWS NAME COLLISION Options:
Create Directory Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options:
OpenIf Access: 0012019F
5:28:49 PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SHARING
VIOLATION Options: Open Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100001
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 READ
C:\WINDOWS\WindowsUpdate.log SUCCESS Offset: 0 Length: 511
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100080
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS FileInternalInformation
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 CREATE C:\WINDOWS NAME COLLISION Options:
Create Directory Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options:
OpenIf Access: 0012019F
5:28:49 PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SHARING
VIOLATION Options: Open Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100001
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 READ
C:\WINDOWS\WindowsUpdate.log SUCCESS Offset: 0 Length: 511
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100080
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS FileInternalInformation
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 CREATE C:\WINDOWS NAME COLLISION Options:
Create Directory Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options:
OpenIf Access: 0012019F
5:28:49 PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SHARING
VIOLATION Options: Open Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100001
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 READ
C:\WINDOWS\WindowsUpdate.log SUCCESS Offset: 0 Length: 511
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100080
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS FileInternalInformation
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 CREATE C:\WINDOWS NAME COLLISION Options:
Create Directory Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options:
OpenIf Access: 0012019F
5:28:49 PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SHARING
VIOLATION Options: Open Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100001
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 READ
C:\WINDOWS\WindowsUpdate.log SUCCESS Offset: 0 Length: 511
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100080
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS FileInternalInformation
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 CREATE C:\WINDOWS NAME COLLISION Options:
Create Directory Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options:
OpenIf Access: 0012019F
5:28:49 PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SHARING
VIOLATION Options: Open Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100001
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 READ
C:\WINDOWS\WindowsUpdate.log SUCCESS Offset: 0 Length: 511
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100080
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS FileInternalInformation
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 CREATE C:\WINDOWS NAME COLLISION Options:
Create Directory Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options:
OpenIf Access: 0012019F
5:28:49 PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SHARING
VIOLATION Options: Open Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100001
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 READ
C:\WINDOWS\WindowsUpdate.log SUCCESS Offset: 0 Length: 511
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100080
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS FileInternalInformation
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 CREATE C:\WINDOWS NAME COLLISION Options:
Create Directory Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options:
OpenIf Access: 0012019F
5:28:49 PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SHARING
VIOLATION Options: Open Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100001
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 READ
C:\WINDOWS\WindowsUpdate.log SUCCESS Offset: 0 Length: 511
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100080
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS FileInternalInformation
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 CREATE C:\WINDOWS NAME COLLISION Options:
Create Directory Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options:
OpenIf Access: 0012019F
5:28:49 PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SHARING
VIOLATION Options: Open Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100001
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 READ
C:\WINDOWS\WindowsUpdate.log SUCCESS Offset: 0 Length: 511
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100080
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS FileInternalInformation
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 CREATE C:\WINDOWS NAME COLLISION Options:
Create Directory Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options:
OpenIf Access: 0012019F
5:28:49 PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SHARING
VIOLATION Options: Open Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100001
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 READ
C:\WINDOWS\WindowsUpdate.log SUCCESS Offset: 0 Length: 511
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100080
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS FileInternalInformation
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 CREATE C:\WINDOWS NAME COLLISION Options:
Create Directory Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options:
OpenIf Access: 0012019F
5:28:49 PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SHARING
VIOLATION Options: Open Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100001
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 READ
C:\WINDOWS\WindowsUpdate.log SUCCESS Offset: 0 Length: 511
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100080
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS FileInternalInformation
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 WRITE
C:\WINDOWS\WindowsUpdate.log SUCCESS Offset: 412380 Length: 83
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412463
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412463
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM winlogon.exe:820 DIRECTORY C:\WINDOWS SUCCESS Change Notify
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412463
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412463
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412463
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412463
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412463
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412463
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412463
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412463
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM winlogon.exe:820 DIRECTORY C:\WINDOWS Change Notify
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412463
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412463
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412463
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412463
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412463
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412463
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412463
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412463
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412463
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412463
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412463
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412463
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412463
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412463
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412463
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412463
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412463
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412463
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412463
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412463
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412463
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412463
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412463
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412463
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412463
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412463
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412463
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412463
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412463
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412463
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412463
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412463
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412463
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412463
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412463
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412463
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:50 PM explorer.exe:1984 OPEN C:\ SUCCESS Options: Open Directory
Access: 00100001
5:28:50 PM explorer.exe:1984 QUERY
INFORMATION C:\ SUCCESS FileFsFullSizeInformation
5:28:50 PM explorer.exe:1984 CLOSE C:\ SUCCESS
5:28:50 PM explorer.exe:1984 OPEN D:\ SUCCESS Options: Open Directory
Access: 00100001
5:28:50 PM explorer.exe:1984 QUERY
INFORMATION D:\ SUCCESS FileFsFullSizeInformation
5:28:50 PM explorer.exe:1984 CLOSE D:\ SUCCESS
5:28:50 PM explorer.exe:1984 OPEN E:\ SUCCESS Options: Open Directory
Access: 00100001
5:28:50 PM explorer.exe:1984 QUERY
INFORMATION E:\ SUCCESS FileFsFullSizeInformation
5:28:50 PM explorer.exe:1984 CLOSE E:\ SUCCESS
5:28:50 PM explorer.exe:1984 OPEN F:\ SUCCESS Options: Open Directory
Access: 00100001
5:28:50 PM explorer.exe:1984 QUERY
INFORMATION F:\ SUCCESS FileFsFullSizeInformation
5:28:50 PM explorer.exe:1984 CLOSE F:\ SUCCESS
5:28:50 PM explorer.exe:1984 OPEN G:\ SUCCESS Options: Open Directory
Access: 00100001
5:28:50 PM explorer.exe:1984 QUERY
INFORMATION G:\ SUCCESS FileFsFullSizeInformation
5:28:50 PM explorer.exe:1984 CLOSE G:\ SUCCESS
5:28:50 PM explorer.exe:1984 OPEN H:\ SUCCESS Options: Open Directory
Access: 00100001
5:28:50 PM explorer.exe:1984 QUERY
INFORMATION H:\ SUCCESS FileFsFullSizeInformation
5:28:50 PM explorer.exe:1984 CLOSE H:\ SUCCESS
5:28:50 PM explorer.exe:1984 OPEN C:\ SUCCESS Options: Open Directory
Access: 00100001
5:28:50 PM explorer.exe:1984 QUERY
INFORMATION C:\ SUCCESS FileFsFullSizeInformation
5:28:50 PM explorer.exe:1984 CLOSE C:\ SUCCESS
5:28:50 PM explorer.exe:1984 OPEN D:\ SUCCESS Options: Open Directory
Access: 00100001
5:28:50 PM explorer.exe:1984 QUERY
INFORMATION D:\ SUCCESS FileFsFullSizeInformation
5:28:50 PM explorer.exe:1984 CLOSE D:\ SUCCESS
5:28:50 PM explorer.exe:1984 OPEN E:\ SUCCESS Options: Open Directory
Access: 00100001
5:28:50 PM explorer.exe:1984 QUERY
INFORMATION E:\ SUCCESS FileFsFullSizeInformation
5:28:50 PM explorer.exe:1984 CLOSE E:\ SUCCESS
5:28:50 PM explorer.exe:1984 OPEN F:\ SUCCESS Options: Open Directory
Access: 00100001
5:28:50 PM explorer.exe:1984 QUERY
INFORMATION F:\ SUCCESS FileFsFullSizeInformation
5:28:50 PM explorer.exe:1984 CLOSE F:\ SUCCESS
5:28:50 PM explorer.exe:1984 OPEN G:\ SUCCESS Options: Open Directory
Access: 00100001
5:28:50 PM explorer.exe:1984 QUERY
INFORMATION G:\ SUCCESS FileFsFullSizeInformation
5:28:50 PM explorer.exe:1984 CLOSE G:\ SUCCESS
5:28:50 PM explorer.exe:1984 OPEN H:\ SUCCESS Options: Open Directory
Access: 00100001
5:28:50 PM explorer.exe:1984 QUERY
INFORMATION H:\ SUCCESS FileFsFullSizeInformation
5:28:50 PM explorer.exe:1984 CLOSE H:\ SUCCESS


this is the last one.... i hope you can help me...
Thank You

 

[Guest]

5:26:49 PM explorer.exe:1984 QUERY INFORMATION E:\ SUCCESS Attributes: DHSA
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\De138.lnk SUCCESS Attributes: A
5:26:49
PM explorer.exe:1984 READ E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Offset: 24820 Length: 800
5:26:49 PM explorer.exe:1984 QUERY INFORMATION E:\ SUCCESS Attributes: DHSA
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\De139.avi SUCCESS Attributes: A
5:26:49
PM explorer.exe:1984 READ E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 END OF FILE Offset: 25620 Length: 800
5:26:49
PM explorer.exe:1984 CLOSE E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS
5:26:49 PM explorer.exe:1984 QUERY INFORMATION E:\ SUCCESS Attributes: DHSA
5:26:49 PM explorer.exe:1984 OPEN F:\ SUCCESS Options: Open Directory
Access: 00100001
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION F:\ SUCCESS FileNameInformation
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION F:\ SUCCESS FileFsVolumeInformation
5:26:49 PM explorer.exe:1984 CLOSE F:\ SUCCESS
5:26:49 PM explorer.exe:1984 QUERY INFORMATION F:\ SUCCESS Attributes: DHSA
5:26:49
PM explorer.exe:1984 OPEN F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Options: OpenIf Access: 0012019F
5:26:49
PM explorer.exe:1984 OPEN F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Options: Open Access: 00100001
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS FileInternalInformation
5:26:49
PM explorer.exe:1984 CLOSE F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS
5:26:49 PM explorer.exe:1984 READ
F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Offset: 0 Length: 20
5:26:49 PM explorer.exe:1984 QUERY INFORMATION F:\ SUCCESS Attributes: DHSA
5:26:49
PM explorer.exe:1984 OPEN F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS Options: Open Directory Access: 00100001
5:26:49
PM explorer.exe:1984 DIRECTORY F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS FileBothDirectoryInformation: D*"*
5:26:49
PM explorer.exe:1984 DIRECTORY F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS FileBothDirectoryInformation
5:26:49
PM explorer.exe:1984 OPEN F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\Df89 IS DIRECTORY Options: Open Access: 00100080
5:26:49
PM explorer.exe:1984 OPEN F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\Df89\ SUCCESS Options: Open Access: 00100080
5:26:49
PM explorer.exe:1984 CLOSE F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\Df89\ SUCCESS
5:26:49
PM explorer.exe:1984 OPEN F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\Df89 SUCCESS Options: Open Access: 00100080
5:26:49
PM explorer.exe:1984 CLOSE F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\Df89 SUCCESS
5:26:49
PM explorer.exe:1984 OPEN F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\Df89 SUCCESS Options: Open Access: 00100080
5:26:49
PM explorer.exe:1984 CLOSE F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\Df89 SUCCESS
5:26:49
PM explorer.exe:1984 OPEN F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\Df89\ SUCCESS Options: Open Access: 00100080
5:26:49
PM explorer.exe:1984 CLOSE

What Anti-Virus you have installed on your computer and other protection
software?.
TRy to run a scan and make sure all clean as it is too late here in the UK,
but keep an eye may somebody have look on this and give an answer.
Run a scan from here online:
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Download Avast Cleaner from here:
http://www.avast.com/eng/avast-virus-cleaner.html
Lots of tools to download and disinfect your machine:
http://www.bitdefender.co.uk/site/Downloads/browseFreeRemovalTool/

Try to download the AVG on your Desktop then Disconnect from the Internet
and uninstall McAfee Reboot then try to install AVG.
Here is the Link for the AVG:
http://free.grisoft.com/doc/5390/lng/us/tpl/v5

For Malwares download both these software:
http://www.lavasoft.com/products/ad-aware_se_personal.php
http://www.safer-networking.org ; for Spybot S&D

4= Open a Run Command and type in:
regedit.exe click [K]
On the Registry Editor locate these Keys:

[-]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run = look
here for the running processes and write them down and post them here or to
the HijackThis forum).


HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce= look in the Right
pane/Window for something like this "*.EXE"


Download the Hijackthis and send the report to one of many
forums for analysis and troubleshooting:
When all else fails, HijackThis v1.99.1
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. Post
your log to http://aumha.net/viewforum.php?f=30,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7, or other appropriate
forums for expert analysis, not here.
Does your Norton Up and current for updates and subscriptions?.
HTH.
nass
===
www.nasstec.co.uk

 

[Guest]

5:26:49 PM explorer.exe:1984 QUERY INFORMATION E:\ SUCCESS Attributes: DHSA
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\De138.lnk SUCCESS Attributes: A
5:26:49
PM explorer.exe:1984 READ E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Offset: 24820 Length: 800
5:26:49 PM explorer.exe:1984 QUERY INFORMATION E:\ SUCCESS Attributes: DHSA
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\De139.avi SUCCESS Attributes: A
5:26:49
PM explorer.exe:1984 READ E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 END OF FILE Offset: 25620 Length: 800
5:26:49
PM explorer.exe:1984 CLOSE E:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS
5:26:49 PM explorer.exe:1984 QUERY INFORMATION E:\ SUCCESS Attributes: DHSA
5:26:49 PM explorer.exe:1984 OPEN F:\ SUCCESS Options: Open Directory
Access: 00100001
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION F:\ SUCCESS FileNameInformation
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION F:\ SUCCESS FileFsVolumeInformation
5:26:49 PM explorer.exe:1984 CLOSE F:\ SUCCESS
5:26:49 PM explorer.exe:1984 QUERY INFORMATION F:\ SUCCESS Attributes: DHSA
5:26:49
PM explorer.exe:1984 OPEN F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Options: OpenIf Access: 0012019F
5:26:49
PM explorer.exe:1984 OPEN F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Options: Open Access: 00100001
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS FileInternalInformation
5:26:49
PM explorer.exe:1984 CLOSE F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS
5:26:49 PM explorer.exe:1984 READ
F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\INFO2 SUCCESS Offset: 0 Length: 20
5:26:49 PM explorer.exe:1984 QUERY INFORMATION F:\ SUCCESS Attributes: DHSA
5:26:49
PM explorer.exe:1984 OPEN F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS Options: Open Directory Access: 00100001
5:26:49
PM explorer.exe:1984 DIRECTORY F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS FileBothDirectoryInformation: D*"*
5:26:49
PM explorer.exe:1984 DIRECTORY F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS FileBothDirectoryInformation
5:26:49
PM explorer.exe:1984 OPEN F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\Df89 IS DIRECTORY Options: Open Access: 00100080
5:26:49
PM explorer.exe:1984 OPEN F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\Df89\ SUCCESS Options: Open Access: 00100080
5:26:49
PM explorer.exe:1984 CLOSE F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\Df89\ SUCCESS
5:26:49
PM explorer.exe:1984 OPEN F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\Df89 SUCCESS Options: Open Access: 00100080
5:26:49
PM explorer.exe:1984 CLOSE F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\Df89 SUCCESS
5:26:49
PM explorer.exe:1984 OPEN F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\Df89 SUCCESS Options: Open Access: 00100080
5:26:49
PM explorer.exe:1984 CLOSE F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\Df89 SUCCESS
5:26:49
PM explorer.exe:1984 OPEN F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\Df89\ SUCCESS Options: Open Access: 00100080
5:26:49
PM explorer.exe:1984 CLOSE F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\Df89\ SUCCESS
5:26:49
PM explorer.exe:1984 OPEN F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003 IS DIRECTORY Options: Open Access: 00100080
5:26:49
PM explorer.exe:1984 OPEN F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS Options: Open Access: 00100080
5:26:49
PM explorer.exe:1984 CLOSE F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS
5:26:49
PM explorer.exe:1984 OPEN F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003 SUCCESS Options: Open Access: 00100080
5:26:49
PM explorer.exe:1984 CLOSE F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003 SUCCESS
5:26:49
PM explorer.exe:1984 OPEN F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003 SUCCESS Options: Open Access: 00100080
5:26:49
PM explorer.exe:1984 CLOSE F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003 SUCCESS
5:26:49
PM explorer.exe:1984 OPEN F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS Options: Open Access: 00100080
5:26:49
PM explorer.exe:1984 CLOSE F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS
5:26:49 PM explorer.exe:1984 OPEN F:\RECYCLER IS DIRECTORY Options: Open
Access: 00100080
5:26:49 PM explorer.exe:1984 OPEN F:\RECYCLER\ SUCCESS Options: Open
Access: 00100080
5:26:49 PM explorer.exe:1984 CLOSE F:\RECYCLER\ SUCCESS
5:26:49 PM explorer.exe:1984 OPEN F:\RECYCLER SUCCESS Options: Open Access:
00100080
5:26:49 PM explorer.exe:1984 CLOSE F:\RECYCLER SUCCESS
5:26:49 PM explorer.exe:1984 OPEN F:\RECYCLER SUCCESS Options: Open Access:
00100080
5:26:49 PM explorer.exe:1984 CLOSE F:\RECYCLER SUCCESS
5:26:49 PM explorer.exe:1984 OPEN F:\RECYCLER\ SUCCESS Options: Open
Access: 00100080
5:26:49 PM explorer.exe:1984 CLOSE F:\RECYCLER\ SUCCESS
5:26:49 PM explorer.exe:1984 OPEN F:\ SUCCESS Options: Open Directory
Access: 00100001
5:26:49 PM explorer.exe:1984 QUERY
INFORMATION F:\ SUCCESS FileFsSizeInformation
5:26:49 PM explorer.exe:1984 CLOSE F:\ SUCCESS
5:26:49
PM explorer.exe:1984 OPEN F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS Options: Open Directory Access: 00100001
5:26:49
PM explorer.exe:1984 DIRECTORY F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS FileBothDirectoryInformation: Df89
5:26:49
PM explorer.exe:1984 CLOSE F:\RECYCLER\S-1-5-21-329068152-1935655697-725345543-1003\ SUCCESS
5:26:49

Another try to Empty your Recycle bin and how many drives you have on this
machine?.

 

[Guest]

5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100080
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS FileInternalInformation
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49 PM explorer.exe:1984 CREATE C:\WINDOWS NAME COLLISION Options:
Create Directory Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options:
OpenIf Access: 0012019F
5:28:49 PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SHARING
VIOLATION Options: Open Access: 00100001
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100001
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 READ
C:\WINDOWS\WindowsUpdate.log SUCCESS Offset: 0 Length: 511
5:28:49 PM explorer.exe:1984 QUERY
INFORMATION C:\WINDOWS\WindowsUpdate.log SUCCESS Length: 412380
5:28:49 PM explorer.exe:1984 CLOSE C:\WINDOWS\WindowsUpdate.log SUCCESS
5:28:49
PM explorer.exe:1984 OPEN C:\WINDOWS\WindowsUpdate.log SUCCESS Options: Open
Access: 00100080

You have IE corrupted and windows update may be also corrupted from a quick
look, try these link after you run your scan on the machine:
You may receive an error message when you search for available updates on
the Windows Update Web site or on the Microsoft Update Web site
http://support.microsoft.com/kb/883821

Security Update MS00-024 Breaks SHGetFolderPath in Shfolder.dll
http://support.microsoft.com/kb/303437

Then Run a Disk CleanUp then Defrag in Safe Mode, open a run command and
type in:
sfc /scannow click [OK] and let it run.
HTH.
nass