======================== PID: 2116 - about1.exe ======================== 20:39:05.0514301","about1.exe","2116","QueryNameInformationFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予about1.exe","SUCCESS","Name: \Documents and Settings\RIK\繝・せ繧ッ繝医ャ繝予about1.exe" 20:39:05.0541944","about1.exe","2116","QueryNameInformationFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予about1.exe","SUCCESS","Name: \Documents and Settings\RIK\繝・せ繧ッ繝医ャ繝予about1.exe" 20:39:05.0545350","about1.exe","2116","CreateFile","C:\WINDOWS\Prefetch\ABOUT1.EXE-1D98EA3D.pf","NAME NOT FOUND","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a" 20:39:05.0551932","about1.exe","2116","ReadFile","C:\WINDOWS\System32\ntdll.dll","SUCCESS","Offset: 500,736, Length: 12,288, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:05.0671894","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝・,"SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" 20:39:05.0673305","about1.exe","2116","FileSystemControl","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝・,"SUCCESS","Control: FSCTL_IS_VOLUME_MOUNTED" 20:39:05.0676691","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予about1.exe.Local","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" 20:39:05.0689734","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\KERNEL32.DLL","SUCCESS","Offset: 538,112, Length: 9,728, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:05.0796588","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\SHELL32.DLL","SUCCESS","Offset: 1,024, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:05.1802607","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\SHLWAPI.DLL","SUCCESS","Offset: 1,024, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:05.1896698","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予oleacc.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" 20:39:05.1900617","about1.exe","2116","CreateFile","C:\WINDOWS\system32\oleacc.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:05.1908696","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\system32\oleacc.dll","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A" 20:39:05.1910194","about1.exe","2116","CloseFile","C:\WINDOWS\system32\oleacc.dll","SUCCESS","" 20:39:05.1912423","about1.exe","2116","CreateFile","C:\WINDOWS\system32\oleacc.dll","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:05.1920390","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\oleacc.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE" 20:39:05.1920670","about1.exe","2116","QueryStandardInformationFile","C:\WINDOWS\system32\oleacc.dll","SUCCESS","AllocationSize: 163,840, EndOfFile: 163,328, NumberOfLinks: 1, DeletePending: False, Directory: False" 20:39:05.1920921","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\oleacc.dll","SUCCESS","SyncType: SyncTypeOther" 20:39:05.1921156","about1.exe","2116","ReadFile","C:\WINDOWS\system32\oleacc.dll","SUCCESS","Offset: 0, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:05.2066934","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\oleacc.dll","SUCCESS","SyncType: SyncTypeOther" 20:39:05.2070113","about1.exe","2116","CloseFile","C:\WINDOWS\system32\oleacc.dll","SUCCESS","" 20:39:05.2072862","about1.exe","2116","ReadFile","C:\WINDOWS\system32\oleacc.dll","SUCCESS","Offset: 134,144, Length: 16,384, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:05.2143729","about1.exe","2116","ReadFile","C:\WINDOWS\system32\oleacc.dll","SUCCESS","Offset: 99,328, Length: 30,720, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:05.2154155","about1.exe","2116","ReadFile","C:\WINDOWS\system32\oleacc.dll","SUCCESS","Offset: 1,024, Length: 32,768, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:05.2169386","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予MSVCP60.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" 20:39:05.2173948","about1.exe","2116","CreateFile","C:\WINDOWS\system32\msvcp60.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:05.2175753","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\system32\msvcp60.dll","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A" 20:39:05.2183709","about1.exe","2116","CloseFile","C:\WINDOWS\system32\msvcp60.dll","SUCCESS","" 20:39:05.2186117","about1.exe","2116","CreateFile","C:\WINDOWS\system32\msvcp60.dll","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:05.2187936","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\msvcp60.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE" 20:39:05.2188204","about1.exe","2116","CreateFileMapping","C:\WINDOWS\SYSTEM32\MSVCP60.DLL","SUCCESS","SyncType: SyncTypeOther" 20:39:05.2195939","about1.exe","2116","CloseFile","C:\WINDOWS\system32\msvcp60.dll","SUCCESS","" 20:39:05.2199116","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\MSVCP60.DLL","SUCCESS","Offset: 180,224, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:05.2276092","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\OLE32.DLL","SUCCESS","Offset: 1,024, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:05.2369372","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\OLEAUT32.DLL","SUCCESS","Offset: 1,024, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:05.2429145","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予rasapi32.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" 20:39:05.2439931","about1.exe","2116","CreateFile","C:\WINDOWS\system32\rasapi32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:05.2441770","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\system32\rasapi32.dll","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A" 20:39:05.2443460","about1.exe","2116","CloseFile","C:\WINDOWS\system32\rasapi32.dll","SUCCESS","" 20:39:05.2451955","about1.exe","2116","CreateFile","C:\WINDOWS\system32\rasapi32.dll","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:05.2453807","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\rasapi32.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE" 20:39:05.2454377","about1.exe","2116","CreateFileMapping","C:\WINDOWS\SYSTEM32\RASAPI32.DLL","SUCCESS","SyncType: SyncTypeOther" 20:39:05.2456238","about1.exe","2116","CloseFile","C:\WINDOWS\system32\rasapi32.dll","SUCCESS","" 20:39:05.2464032","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\RASAPI32.DLL","SUCCESS","Offset: 1,024, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:05.2518550","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予rasman.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" 20:39:05.2522861","about1.exe","2116","CreateFile","C:\WINDOWS\system32\rasman.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:05.2524652","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\system32\rasman.dll","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A" 20:39:05.2526345","about1.exe","2116","CloseFile","C:\WINDOWS\system32\rasman.dll","SUCCESS","" 20:39:05.2528767","about1.exe","2116","CreateFile","C:\WINDOWS\system32\rasman.dll","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:05.2530580","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\rasman.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE" 20:39:05.2531111","about1.exe","2116","CreateFileMapping","C:\WINDOWS\SYSTEM32\RASMAN.DLL","SUCCESS","SyncType: SyncTypeOther" 20:39:05.2532957","about1.exe","2116","CloseFile","C:\WINDOWS\system32\rasman.dll","SUCCESS","" 20:39:05.2535918","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\RASMAN.DLL","SUCCESS","Offset: 1,024, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:05.2655635","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\NETAPI32.DLL","SUCCESS","Offset: 1,024, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:05.2777675","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予WS2_32.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" 20:39:05.2781939","about1.exe","2116","CreateFile","C:\WINDOWS\system32\ws2_32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:05.2790093","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\system32\ws2_32.dll","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A" 20:39:05.2791811","about1.exe","2116","CloseFile","C:\WINDOWS\system32\ws2_32.dll","SUCCESS","" 20:39:05.2794211","about1.exe","2116","CreateFile","C:\WINDOWS\system32\ws2_32.dll","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:05.2797535","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\ws2_32.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE" 20:39:05.2797815","about1.exe","2116","CreateFileMapping","C:\WINDOWS\SYSTEM32\WS2_32.DLL","SUCCESS","SyncType: SyncTypeOther" 20:39:05.2799620","about1.exe","2116","CloseFile","C:\WINDOWS\system32\ws2_32.dll","SUCCESS","" 20:39:05.2802760","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\WS2_32.DLL","SUCCESS","Offset: 1,024, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:05.2994312","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予WS2HELP.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" 20:39:05.4068700","about1.exe","2116","CreateFile","C:\WINDOWS\system32\ws2help.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:05.4070692","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\system32\ws2help.dll","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A" 20:39:05.4072376","about1.exe","2116","CloseFile","C:\WINDOWS\system32\ws2help.dll","SUCCESS","" 20:39:05.4086431","about1.exe","2116","CreateFile","C:\WINDOWS\system32\ws2help.dll","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:05.4088297","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\ws2help.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE" 20:39:05.4088599","about1.exe","2116","CreateFileMapping","C:\WINDOWS\SYSTEM32\WS2HELP.DLL","SUCCESS","SyncType: SyncTypeOther" 20:39:05.4090420","about1.exe","2116","CloseFile","C:\WINDOWS\system32\ws2help.dll","SUCCESS","" 20:39:05.4102604","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予TAPI32.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" 20:39:05.4112529","about1.exe","2116","CreateFile","C:\WINDOWS\system32\tapi32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:05.4114370","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\system32\tapi32.dll","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A" 20:39:05.4116066","about1.exe","2116","CloseFile","C:\WINDOWS\system32\tapi32.dll","SUCCESS","" 20:39:05.4125313","about1.exe","2116","CreateFile","C:\WINDOWS\system32\tapi32.dll","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:05.4127163","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\tapi32.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE" 20:39:05.4127738","about1.exe","2116","CreateFileMapping","C:\WINDOWS\SYSTEM32\TAPI32.DLL","SUCCESS","SyncType: SyncTypeOther" 20:39:05.4129585","about1.exe","2116","CloseFile","C:\WINDOWS\system32\tapi32.dll","SUCCESS","" 20:39:05.4139231","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\TAPI32.DLL","SUCCESS","Offset: 1,024, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:05.4167319","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予rtutils.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" 20:39:05.4183544","about1.exe","2116","CreateFile","C:\WINDOWS\system32\rtutils.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:05.4185324","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\system32\rtutils.dll","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A" 20:39:05.4186997","about1.exe","2116","CloseFile","C:\WINDOWS\system32\rtutils.dll","SUCCESS","" 20:39:05.4199211","about1.exe","2116","CreateFile","C:\WINDOWS\system32\rtutils.dll","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:05.4201041","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\rtutils.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE" 20:39:05.4201594","about1.exe","2116","CreateFileMapping","C:\WINDOWS\SYSTEM32\RTUTILS.DLL","SUCCESS","SyncType: SyncTypeOther" 20:39:05.4203432","about1.exe","2116","CloseFile","C:\WINDOWS\system32\rtutils.dll","SUCCESS","" 20:39:05.4218959","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\RTUTILS.DLL","SUCCESS","Offset: 1,024, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:05.4279484","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予WINMM.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" 20:39:05.4283761","about1.exe","2116","CreateFile","C:\WINDOWS\system32\winmm.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:05.4292030","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\system32\winmm.dll","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A" 20:39:05.4293692","about1.exe","2116","CloseFile","C:\WINDOWS\system32\winmm.dll","SUCCESS","" 20:39:05.4296056","about1.exe","2116","CreateFile","C:\WINDOWS\system32\winmm.dll","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:05.4305087","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\winmm.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE" 20:39:05.4305621","about1.exe","2116","CreateFileMapping","C:\WINDOWS\SYSTEM32\WINMM.DLL","SUCCESS","SyncType: SyncTypeOther" 20:39:05.4307451","about1.exe","2116","CloseFile","C:\WINDOWS\system32\winmm.dll","SUCCESS","" 20:39:05.4322115","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予setupapi.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" 20:39:05.4326344","about1.exe","2116","CreateFile","C:\WINDOWS\system32\setupapi.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:05.4334692","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\system32\setupapi.dll","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A" 20:39:05.4336351","about1.exe","2116","CloseFile","C:\WINDOWS\system32\setupapi.dll","SUCCESS","" 20:39:05.4338703","about1.exe","2116","CreateFile","C:\WINDOWS\system32\setupapi.dll","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:05.4349976","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\setupapi.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE" 20:39:05.4350241","about1.exe","2116","CreateFileMapping","C:\WINDOWS\SYSTEM32\SETUPAPI.DLL","SUCCESS","SyncType: SyncTypeOther" 20:39:05.4352057","about1.exe","2116","CloseFile","C:\WINDOWS\system32\setupapi.dll","SUCCESS","" 20:39:05.4364595","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\SETUPAPI.DLL","SUCCESS","Offset: 1,024, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:05.4474573","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予winspool.drv","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" 20:39:05.4478922","about1.exe","2116","CreateFile","C:\WINDOWS\system32\winspool.drv","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:05.4480733","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\system32\winspool.drv","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A" 20:39:05.4489530","about1.exe","2116","CloseFile","C:\WINDOWS\system32\winspool.drv","SUCCESS","" 20:39:05.4491958","about1.exe","2116","CreateFile","C:\WINDOWS\system32\winspool.drv","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:05.4493790","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\winspool.drv","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE" 20:39:05.4494318","about1.exe","2116","CreateFileMapping","C:\WINDOWS\SYSTEM32\WINSPOOL.DRV","SUCCESS","SyncType: SyncTypeOther" 20:39:05.4502314","about1.exe","2116","CloseFile","C:\WINDOWS\system32\winspool.drv","SUCCESS","" 20:39:05.4514505","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\WINSPOOL.DRV","SUCCESS","Offset: 1,024, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:05.4601418","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予winsta.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" 20:39:05.4611691","about1.exe","2116","CreateFile","C:\WINDOWS\system32\winsta.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:05.4613425","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\system32\winsta.dll","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A" 20:39:05.4615071","about1.exe","2116","CloseFile","C:\WINDOWS\system32\winsta.dll","SUCCESS","" 20:39:05.4626167","about1.exe","2116","CreateFile","C:\WINDOWS\system32\winsta.dll","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:05.4627947","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\winsta.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE" 20:39:05.4628458","about1.exe","2116","CreateFileMapping","C:\WINDOWS\SYSTEM32\WINSTA.DLL","SUCCESS","SyncType: SyncTypeOther" 20:39:05.4630249","about1.exe","2116","CloseFile","C:\WINDOWS\system32\winsta.dll","SUCCESS","" 20:39:05.4643427","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\SECUR32.DLL","SUCCESS","Offset: 50,688, Length: 1,536, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:05.4712567","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\RPCRT4.DLL","SUCCESS","Offset: 562,688, Length: 3,072, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:05.4744451","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\ADVAPI32.DLL","SUCCESS","Offset: 477,696, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:05.4871495","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\USER32.DLL","SUCCESS","Offset: 391,168, Length: 3,072, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:05.4914704","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\GDI32.DLL","SUCCESS","Offset: 272,896, Length: 4,608, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:05.4951994","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\COMCTL32.DLL","SUCCESS","Offset: 462,848, Length: 9,728, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:05.5053537","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\MSVCRT.DLL","SUCCESS","Offset: 315,904, Length: 8,192, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:05.5134872","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\SHLWAPI.DLL","SUCCESS","Offset: 442,368, Length: 3,072, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:05.5231588","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\SHELL32.DLL","SUCCESS","Offset: 2,153,984, Length: 16,384, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:05.5372441","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\COMDLG32.DLL","SUCCESS","Offset: 197,632, Length: 3,584, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:05.5494272","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\MSVCP60.DLL","SUCCESS","Offset: 389,120, Length: 8,192, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:05.5645180","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\OLE32.DLL","SUCCESS","Offset: 1,201,152, Length: 12,288, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:05.5797098","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\OLEAUT32.DLL","SUCCESS","Offset: 520,704, Length: 8,192, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:05.5952051","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\NETAPI32.DLL","SUCCESS","Offset: 315,392, Length: 10,240, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:05.6054905","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\WS2HELP.DLL","SUCCESS","Offset: 16,896, Length: 512, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:05.6144056","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\WS2_32.DLL","SUCCESS","Offset: 75,264, Length: 2,560, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:05.6145419","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\RASMAN.DLL","SUCCESS","Offset: 56,832, Length: 512, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:05.6227723","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\RTUTILS.DLL","SUCCESS","Offset: 39,936, Length: 512, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:05.6265208","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\WINMM.DLL","SUCCESS","Offset: 127,488, Length: 5,120, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:05.6371473","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\TAPI32.DLL","SUCCESS","Offset: 170,496, Length: 1,536, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:05.6621843","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\RASAPI32.DLL","SUCCESS","Offset: 221,184, Length: 1,024, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:05.6623703","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\SETUPAPI.DLL","SUCCESS","Offset: 513,024, Length: 6,144, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:05.6699666","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\WINSPOOL.DRV","SUCCESS","Offset: 132,096, Length: 6,144, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:05.6803966","about1.exe","2116","CreateFile","C:\WINDOWS\system32\imm32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:05.6805796","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\system32\imm32.dll","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A" 20:39:05.6807478","about1.exe","2116","CloseFile","C:\WINDOWS\system32\imm32.dll","SUCCESS","" 20:39:05.6809928","about1.exe","2116","CreateFile","C:\WINDOWS\system32\imm32.dll","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:05.6811741","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\imm32.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE" 20:39:05.6811892","about1.exe","2116","QueryStandardInformationFile","C:\WINDOWS\system32\IMM32.DLL","SUCCESS","AllocationSize: 114,688, EndOfFile: 110,080, NumberOfLinks: 1, DeletePending: False, Directory: False" 20:39:05.6813688","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\imm32.dll","SUCCESS","SyncType: SyncTypeOther" 20:39:05.6815499","about1.exe","2116","CloseFile","C:\WINDOWS\system32\imm32.dll","SUCCESS","" 20:39:05.6815853","about1.exe","2116","ReadFile","C:\WINDOWS\system32\IMM32.DLL","SUCCESS","Offset: 0, Length: 32,768, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:05.6980796","about1.exe","2116","CreateFile","C:\WINDOWS\system32\imm32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:05.6982542","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\system32\imm32.dll","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A" 20:39:05.6984207","about1.exe","2116","CloseFile","C:\WINDOWS\system32\imm32.dll","SUCCESS","" 20:39:05.6986590","about1.exe","2116","CreateFile","C:\WINDOWS\system32\imm32.dll","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:05.6988381","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\imm32.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE" 20:39:05.6988512","about1.exe","2116","QueryStandardInformationFile","C:\WINDOWS\system32\IMM32.DLL","SUCCESS","AllocationSize: 114,688, EndOfFile: 110,080, NumberOfLinks: 1, DeletePending: False, Directory: False" 20:39:05.6988744","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\IMM32.DLL","SUCCESS","SyncType: SyncTypeOther" 20:39:05.6990538","about1.exe","2116","CloseFile","C:\WINDOWS\system32\imm32.dll","SUCCESS","" 20:39:05.6995024","about1.exe","2116","CreateFile","C:\WINDOWS\system32\imm32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:05.6996759","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\system32\imm32.dll","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A" 20:39:05.6998430","about1.exe","2116","CloseFile","C:\WINDOWS\system32\imm32.dll","SUCCESS","" 20:39:05.7000866","about1.exe","2116","CreateFile","C:\WINDOWS\system32\imm32.dll","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:05.7002763","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\imm32.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE" 20:39:05.7003291","about1.exe","2116","CreateFileMapping","C:\WINDOWS\SYSTEM32\IMM32.DLL","SUCCESS","SyncType: SyncTypeOther" 20:39:05.7005143","about1.exe","2116","CloseFile","C:\WINDOWS\system32\imm32.dll","SUCCESS","" 20:39:05.7008956","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\IMM32.DLL","SUCCESS","Offset: 86,016, Length: 512, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:05.7047511","about1.exe","2116","CreateFile","C:\WINDOWS\system32\imm32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:05.7049243","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\system32\imm32.dll","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A" 20:39:05.7050903","about1.exe","2116","CloseFile","C:\WINDOWS\system32\imm32.dll","SUCCESS","" 20:39:05.7068296","about1.exe","2116","CreateFile","C:\WINDOWS\system32\imm32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:05.7070037","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\system32\imm32.dll","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A" 20:39:05.7077834","about1.exe","2116","CloseFile","C:\WINDOWS\system32\imm32.dll","SUCCESS","" 20:39:05.7091182","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予LPK.DLL","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" 20:39:05.7095897","about1.exe","2116","CreateFile","C:\WINDOWS\system32\lpk.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:05.7097889","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\system32\lpk.dll","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A" 20:39:05.7099767","about1.exe","2116","CloseFile","C:\WINDOWS\system32\lpk.dll","SUCCESS","" 20:39:05.7102370","about1.exe","2116","CreateFile","C:\WINDOWS\system32\lpk.dll","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:05.7104385","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\lpk.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE" 20:39:05.7104653","about1.exe","2116","CreateFileMapping","C:\WINDOWS\SYSTEM32\LPK.DLL","SUCCESS","SyncType: SyncTypeOther" 20:39:05.7106687","about1.exe","2116","CloseFile","C:\WINDOWS\system32\lpk.dll","SUCCESS","" 20:39:05.7112651","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予USP10.dll","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" 20:39:05.7117733","about1.exe","2116","CreateFile","C:\WINDOWS\system32\usp10.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:05.7141940","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\system32\usp10.dll","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A" 20:39:05.7144018","about1.exe","2116","CloseFile","C:\WINDOWS\system32\usp10.dll","SUCCESS","" 20:39:05.7146803","about1.exe","2116","CreateFile","C:\WINDOWS\system32\usp10.dll","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:05.7157204","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\usp10.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE" 20:39:05.7157467","about1.exe","2116","CreateFileMapping","C:\WINDOWS\SYSTEM32\USP10.DLL","SUCCESS","SyncType: SyncTypeOther" 20:39:05.7162694","about1.exe","2116","CloseFile","C:\WINDOWS\system32\usp10.dll","SUCCESS","" 20:39:05.7176578","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\USP10.DLL","SUCCESS","Offset: 306,688, Length: 12,800, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:05.7368452","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\LPK.DLL","SUCCESS","Offset: 19,456, Length: 512, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:05.7546410","about1.exe","2116","CreateFile","C:\WINDOWS\system32\comctl32.dll","SUCCESS","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened" 20:39:05.7548824","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\comctl32.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY" 20:39:05.7549016","about1.exe","2116","QueryStandardInformationFile","C:\WINDOWS\system32\COMCTL32.dll","SUCCESS","AllocationSize: 622,592, EndOfFile: 617,472, NumberOfLinks: 1, DeletePending: False, Directory: False" 20:39:05.7549335","about1.exe","2116","CreateFileMapping","C:\WINDOWS\SYSTEM32\COMCTL32.DLL","SUCCESS","SyncType: SyncTypeOther" 20:39:05.7551553","about1.exe","2116","CreateFile","C:\WINDOWS\system32\COMCTL32.dll.124.Manifest","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a" 20:39:05.7558509","about1.exe","2116","CreateFile","C:\WINDOWS\system32\COMCTL32.dll.124.Config","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a" 20:39:05.7586382","about1.exe","2116","CloseFile","C:\WINDOWS\system32\comctl32.dll","SUCCESS","" 20:39:05.7618685","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\MSVCRT.DLL","SUCCESS","Offset: 328,192, Length: 2,048, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:05.8138513","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\SHELL32.DLL","SUCCESS","Offset: 2,170,368, Length: 8,192, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:05.8235688","about1.exe","2116","CreateFile","C:\WINDOWS\system32\shell32.dll","SUCCESS","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened" 20:39:05.8238012","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\shell32.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY" 20:39:05.8238193","about1.exe","2116","QueryStandardInformationFile","C:\WINDOWS\system32\SHELL32.dll","SUCCESS","AllocationSize: 8,372,224, EndOfFile: 8,367,104, NumberOfLinks: 1, DeletePending: False, Directory: False" 20:39:05.8238501","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\shell32.dll","SUCCESS","SyncType: SyncTypeOther" 20:39:05.8240674","about1.exe","2116","CreateFile","C:\WINDOWS\system32\SHELL32.dll.124.Manifest","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a" 20:39:05.8244518","about1.exe","2116","CreateFile","C:\WINDOWS\system32\SHELL32.dll.124.Config","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a" 20:39:05.8491972","about1.exe","2116","CloseFile","C:\WINDOWS\system32\shell32.dll","SUCCESS","" 20:39:05.8533038","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予about1.exe.Local","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" 20:39:05.8536919","about1.exe","2116","CreateFile","C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:05.8538363","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83","SUCCESS","CreationTime: 2012/10/07 18:19:17, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2012/10/07 18:19:18, ChangeTime: 1601/01/01 9:00:00, FileAttributes: D" 20:39:05.8539648","about1.exe","2116","CloseFile","C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83","SUCCESS","" 20:39:05.8541757","about1.exe","2116","CreateFile","C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" 20:39:05.8544545","about1.exe","2116","CreateFile","C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:05.8546618","about1.exe","2116","CreateFileMapping","C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE" 20:39:05.8546814","about1.exe","2116","QueryStandardInformationFile","C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll","SUCCESS","AllocationSize: 1,064,960, EndOfFile: 1,054,208, NumberOfLinks: 1, DeletePending: False, Directory: False" 20:39:05.8548792","about1.exe","2116","CreateFileMapping","C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll","SUCCESS","SyncType: SyncTypeOther" 20:39:05.8550803","about1.exe","2116","CloseFile","C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll","SUCCESS","" 20:39:05.8551311","about1.exe","2116","ReadFile","C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll","SUCCESS","Offset: 0, Length: 32,768, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:05.8713919","about1.exe","2116","CreateFile","C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:05.8715978","about1.exe","2116","CreateFileMapping","C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE" 20:39:05.8716729","about1.exe","2116","CreateFileMapping","C:\WINDOWS\WINSXS\X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.2600.5512_X-WW_35D4CE83\COMCTL32.DLL","SUCCESS","SyncType: SyncTypeOther" 20:39:05.8718766","about1.exe","2116","CloseFile","C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll","SUCCESS","" 20:39:05.8725294","about1.exe","2116","ReadFile","C:\WINDOWS\WINSXS\X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.2600.5512_X-WW_35D4CE83\COMCTL32.DLL","SUCCESS","Offset: 1,024, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:05.8730764","about1.exe","2116","ReadFile","C:\WINDOWS\WINSXS\X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.2600.5512_X-WW_35D4CE83\COMCTL32.DLL","SUCCESS","Offset: 593,920, Length: 1,536, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:05.8849481","about1.exe","2116","CreateFile","C:\WINDOWS\WindowsShell.Manifest","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:05.8850858","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\WindowsShell.Manifest","SUCCESS","CreationTime: 2012/10/07 18:40:07, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2012/10/07 18:40:08, ChangeTime: 1601/01/01 9:00:00, FileAttributes: RHA" 20:39:05.8851593","about1.exe","2116","CloseFile","C:\WINDOWS\WindowsShell.Manifest","SUCCESS","" 20:39:05.8853244","about1.exe","2116","CreateFile","C:\WINDOWS\WindowsShell.Manifest","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:05.8854166","about1.exe","2116","CreateFileMapping","C:\WINDOWS\WindowsShell.Manifest","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE" 20:39:05.8854495","about1.exe","2116","QueryStandardInformationFile","C:\WINDOWS\WindowsShell.Manifest","SUCCESS","AllocationSize: 16,384, EndOfFile: 749, NumberOfLinks: 1, DeletePending: False, Directory: False" 20:39:05.8855515","about1.exe","2116","CreateFileMapping","C:\WINDOWS\WindowsShell.Manifest","SUCCESS","SyncType: SyncTypeOther" 20:39:05.8856420","about1.exe","2116","CloseFile","C:\WINDOWS\WindowsShell.Manifest","SUCCESS","" 20:39:05.8856839","about1.exe","2116","ReadFile","C:\WINDOWS\WindowsShell.Manifest","SUCCESS","Offset: 0, Length: 749, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:05.9167563","about1.exe","2116","CreateFile","C:\WINDOWS\WindowsShell.Manifest","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:05.9168412","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\WindowsShell.Manifest","SUCCESS","CreationTime: 2012/10/07 18:40:07, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2012/10/07 18:40:08, ChangeTime: 1601/01/01 9:00:00, FileAttributes: RHA" 20:39:05.9169150","about1.exe","2116","CloseFile","C:\WINDOWS\WindowsShell.Manifest","SUCCESS","" 20:39:05.9170815","about1.exe","2116","CreateFile","C:\WINDOWS\WindowsShell.Manifest","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:05.9171737","about1.exe","2116","CreateFileMapping","C:\WINDOWS\WindowsShell.Manifest","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY" 20:39:05.9171913","about1.exe","2116","QueryStandardInformationFile","C:\WINDOWS\WindowsShell.Manifest","SUCCESS","AllocationSize: 16,384, EndOfFile: 749, NumberOfLinks: 1, DeletePending: False, Directory: False" 20:39:05.9172214","about1.exe","2116","CreateFileMapping","C:\WINDOWS\WindowsShell.Manifest","SUCCESS","SyncType: SyncTypeOther" 20:39:05.9173133","about1.exe","2116","CloseFile","C:\WINDOWS\WindowsShell.Manifest","SUCCESS","" 20:39:05.9175044","about1.exe","2116","CreateFile","C:\WINDOWS\WindowsShell.Manifest","SUCCESS","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened" 20:39:05.9177718","about1.exe","2116","CreateFileMapping","C:\WINDOWS\WindowsShell.Manifest","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY" 20:39:05.9177905","about1.exe","2116","QueryStandardInformationFile","C:\WINDOWS\WindowsShell.Manifest","SUCCESS","AllocationSize: 16,384, EndOfFile: 749, NumberOfLinks: 1, DeletePending: False, Directory: False" 20:39:05.9178196","about1.exe","2116","CreateFileMapping","C:\WINDOWS\WindowsShell.Manifest","SUCCESS","SyncType: SyncTypeOther" 20:39:05.9179268","about1.exe","2116","QueryStandardInformationFile","C:\WINDOWS\WindowsShell.Manifest","SUCCESS","AllocationSize: 16,384, EndOfFile: 749, NumberOfLinks: 1, DeletePending: False, Directory: False" 20:39:05.9180520","about1.exe","2116","CreateFile","C:\WINDOWS\WindowsShell.Config","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a" 20:39:06.0253586","about1.exe","2116","CloseFile","C:\WINDOWS\WindowsShell.Manifest","SUCCESS","" 20:39:06.0312641","about1.exe","2116","SetEndOfFileInformationFile","C:\WINDOWS\system32\config\software.LOG","SUCCESS","EndOfFile: 8,192" 20:39:06.0315340","about1.exe","2116","SetEndOfFileInformationFile","C:\WINDOWS\system32\config\software.LOG","SUCCESS","EndOfFile: 8,192" 20:39:06.0334465","about1.exe","2116","ReadFile","C:\WINDOWS\system32\oleacc.dll","SUCCESS","Offset: 130,560, Length: 3,584, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:06.0558178","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予OLEACCRC.DLL","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" 20:39:06.0563277","about1.exe","2116","CreateFile","C:\WINDOWS\system32\oleaccrc.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:06.0565822","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\system32\oleaccrc.dll","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2012/10/07 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A" 20:39:06.0567758","about1.exe","2116","CloseFile","C:\WINDOWS\system32\oleaccrc.dll","SUCCESS","" 20:39:06.0570644","about1.exe","2116","CreateFile","C:\WINDOWS\system32\oleaccrc.dll","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:06.0572806","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\oleaccrc.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY" 20:39:06.0573147","about1.exe","2116","QueryStandardInformationFile","C:\WINDOWS\system32\OLEACCRC.DLL","SUCCESS","AllocationSize: 32,768, EndOfFile: 16,896, NumberOfLinks: 1, DeletePending: False, Directory: False" 20:39:06.0575390","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\oleaccrc.dll","SUCCESS","SyncType: SyncTypeOther" 20:39:06.0577496","about1.exe","2116","CloseFile","C:\WINDOWS\system32\oleaccrc.dll","SUCCESS","" 20:39:06.0577952","about1.exe","2116","ReadFile","C:\WINDOWS\system32\OLEACCRC.DLL","SUCCESS","Offset: 0, Length: 16,896, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:06.0601547","about1.exe","2116","CreateFile","C:\WINDOWS\system32\tapi32.dll","SUCCESS","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened" 20:39:06.0603930","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\tapi32.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY" 20:39:06.0604106","about1.exe","2116","QueryStandardInformationFile","C:\WINDOWS\system32\TAPI32.dll","SUCCESS","AllocationSize: 196,608, EndOfFile: 181,760, NumberOfLinks: 1, DeletePending: False, Directory: False" 20:39:06.0604402","about1.exe","2116","CreateFileMapping","C:\WINDOWS\System32\TAPI32.dll","SUCCESS","SyncType: SyncTypeOther" 20:39:06.0606486","about1.exe","2116","CreateFile","C:\WINDOWS\system32\TAPI32.dll.124.Manifest","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a" 20:39:06.0610213","about1.exe","2116","CreateFile","C:\WINDOWS\system32\TAPI32.dll.124.Config","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a" 20:39:06.0855501","about1.exe","2116","CloseFile","C:\WINDOWS\system32\tapi32.dll","SUCCESS","" 20:39:06.0862178","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予about1.exe.Local","NAME NOT FOUND","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" 20:39:06.0866055","about1.exe","2116","CreateFile","C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:06.0867494","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83","SUCCESS","CreationTime: 2012/10/07 18:19:17, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2012/10/07 18:19:18, ChangeTime: 1601/01/01 9:00:00, FileAttributes: D" 20:39:06.0926817","about1.exe","2116","CloseFile","C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83","SUCCESS","" 20:39:06.0928991","about1.exe","2116","CreateFile","C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" 20:39:06.0943990","about1.exe","2116","CreateFile","C:\WINDOWS","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:06.0944797","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS","SUCCESS","CreationTime: 2012/10/07 18:03:56, LastAccessTime: 2012/10/07 0:00:00, LastWriteTime: 2012/10/07 18:03:58, ChangeTime: 1601/01/01 9:00:00, FileAttributes: D" 20:39:06.0945524","about1.exe","2116","CloseFile","C:\WINDOWS","SUCCESS","" 20:39:06.0950510","about1.exe","2116","ReadFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予about1.exe","SUCCESS","Offset: 66,560, Length: 29,696, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:06.1052981","about1.exe","2116","ReadFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予about1.exe","SUCCESS","Offset: 1,024, Length: 32,768, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:06.1288830","about1.exe","2116","ReadFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予about1.exe","SUCCESS","Offset: 33,792, Length: 32,768, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:06.6773594","about1.exe","2116","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" 20:39:06.6774094","about1.exe","2116","QueryNameInformationFile","C:\","SUCCESS","Name: \" 20:39:06.6774393","about1.exe","2116","QueryInformationVolume","C:\","SUCCESS","VolumeCreationTime: 1601/01/01 9:00:00, VolumeSerialNumber: 9455-E50D, SupportsObjects: False, VolumeLabel: " 20:39:06.6774664","about1.exe","2116","CloseFile","C:\","SUCCESS","" 20:39:06.6782229","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\Application Data","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:06.6782975","about1.exe","2116","QueryBasicInformationFile","C:\Documents and Settings\rik\Application Data","SUCCESS","CreationTime: 2012/10/07 18:49:52, LastAccessTime: 2012/10/07 0:00:00, LastWriteTime: 2012/10/07 18:19:58, ChangeTime: 1601/01/01 9:00:00, FileAttributes: RHD" 20:39:06.6783604","about1.exe","2116","CloseFile","C:\Documents and Settings\rik\Application Data","SUCCESS","" 20:39:06.6785869","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\Application Data\KB00777165.exe","NAME NOT FOUND","Desired Access: Write Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a" 20:39:06.6787747","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予about1.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Open Reparse Point, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened" 20:39:06.6789015","about1.exe","2116","QueryAttributeTagFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予about1.exe","INVALID PARAMETER","" 20:39:06.6790121","about1.exe","2116","QueryStandardInformationFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予about1.exe","SUCCESS","AllocationSize: 98,304, EndOfFile: 98,304, NumberOfLinks: 1, DeletePending: False, Directory: False" 20:39:06.6791155","about1.exe","2116","QueryBasicInformationFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予about1.exe","SUCCESS","CreationTime: 2013/01/26 20:31:08, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2013/01/26 18:42:16, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A" 20:39:06.6792345","about1.exe","2116","QueryStreamInformationFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予about1.exe","INVALID PARAMETER","" 20:39:06.6793594","about1.exe","2116","QueryBasicInformationFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予about1.exe","SUCCESS","CreationTime: 2013/01/26 20:31:08, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2013/01/26 18:42:16, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A" 20:39:06.6794689","about1.exe","2116","QueryEaInformationFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予about1.exe","SUCCESS","EaSize: 0" 20:39:06.6795820","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\Application Data\KB00777165.exe","SUCCESS","Desired Access: Generic Write, Read Attributes, Delete, Disposition: OverwriteIf, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: A, ShareMode: None, AllocationSize: 0, OpenResult: Created" 20:39:06.6796843","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\Application Data","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" 20:39:06.6797625","about1.exe","2116","CloseFile","C:\Documents and Settings\rik\Application Data","SUCCESS","" 20:39:06.6799977","about1.exe","2116","QueryAttributeInformationVolume","C:\Documents and Settings\rik\Application Data\KB00777165.exe","SUCCESS","FileSystemAttributes: Case Preserved, Unicode, MaximumComponentNameLength: 255, FileSystemName: FAT32" 20:39:06.6800690","about1.exe","2116","QueryBasicInformationFile","C:\Documents and Settings\rik\Application Data\KB00777165.exe","SUCCESS","CreationTime: 2013/01/26 20:39:06, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2013/01/26 20:39:08, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A" 20:39:06.6801757","about1.exe","2116","QueryAttributeInformationVolume","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予about1.exe","SUCCESS","FileSystemAttributes: Case Preserved, Unicode, MaximumComponentNameLength: 255, FileSystemName: FAT32" 20:39:06.6802522","about1.exe","2116","SetEndOfFileInformationFile","C:\Documents and Settings\rik\Application Data\KB00777165.exe","SUCCESS","EndOfFile: 98,304" 20:39:06.6804075","about1.exe","2116","CreateFileMapping","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予about1.exe","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY" 20:39:06.6804223","about1.exe","2116","QueryStandardInformationFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予about1.exe","SUCCESS","AllocationSize: 98,304, EndOfFile: 98,304, NumberOfLinks: 1, DeletePending: False, Directory: False" 20:39:06.6804469","about1.exe","2116","CreateFileMapping","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予about1.exe","SUCCESS","SyncType: SyncTypeOther" 20:39:06.6805330","about1.exe","2116","WriteFile","C:\Documents and Settings\rik\Application Data\KB00777165.exe","SUCCESS","Offset: 0, Length: 65,536" 20:39:06.6807059","about1.exe","2116","ReadFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予about1.exe","SUCCESS","Offset: 32,768, Length: 32,768, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:06.7774699","about1.exe","2116","WriteFile","C:\Documents and Settings\rik\Application Data\KB00777165.exe","SUCCESS","Offset: 65,536, Length: 32,768" 20:39:06.7776679","about1.exe","2116","SetBasicInformationFile","C:\Documents and Settings\rik\Application Data\KB00777165.exe","SUCCESS","CreationTime: 1601/01/01 9:00:00, LastAccessTime: 1601/01/01 9:00:00, LastWriteTime: 2013/01/26 18:42:16, ChangeTime: 1601/01/01 9:00:00, FileAttributes: n/a" 20:39:06.7778074","about1.exe","2116","CloseFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝予about1.exe","SUCCESS","" 20:39:06.7778998","about1.exe","2116","CloseFile","C:\Documents and Settings\rik\Application Data\KB00777165.exe","SUCCESS","" 20:39:06.7782004","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\Local Settings\Temp","NAME COLLISION","Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Attributes: N, ShareMode: Read, Write, AllocationSize: 0" 20:39:06.7793134","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\Local Settings\Temp","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:06.7795294","about1.exe","2116","QueryBasicInformationFile","C:\Documents and Settings\rik\Local Settings\Temp","SUCCESS","CreationTime: 2012/10/07 18:49:52, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2012/10/07 18:19:58, ChangeTime: 1601/01/01 9:00:00, FileAttributes: D" 20:39:06.7797475","about1.exe","2116","CloseFile","C:\Documents and Settings\rik\Local Settings\Temp","SUCCESS","" 20:39:06.7800076","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\Local Settings\Temp\exp2.tmp","SUCCESS","Desired Access: Generic Read, Disposition: Create, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: None, AllocationSize: 0, OpenResult: Created" 20:39:06.7802607","about1.exe","2116","CloseFile","C:\Documents and Settings\rik\Local Settings\Temp\exp2.tmp","SUCCESS","" 20:39:06.7805636","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\Local Settings\Temp\exp2.tmp.bat","SUCCESS","Desired Access: Generic Write, Read Attributes, Disposition: OverwriteIf, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: H, ShareMode: Read, AllocationSize: 0, OpenResult: Created" 20:39:06.7807032","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\Local Settings\Temp","SUCCESS","Desired Access: Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" 20:39:06.7808186","about1.exe","2116","CloseFile","C:\Documents and Settings\rik\Local Settings\Temp","SUCCESS","" 20:39:06.7809740","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\SHLWAPI.DLL","SUCCESS","Offset: 267,264, Length: 32,768, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:06.8435646","about1.exe","2116","WriteFile","C:\Documents and Settings\rik\Local Settings\Temp\exp2.tmp.bat","SUCCESS","Offset: 0, Length: 217" 20:39:06.8438459","about1.exe","2116","CloseFile","C:\Documents and Settings\rik\Local Settings\Temp\exp2.tmp.bat","SUCCESS","" 20:39:06.8444055","about1.exe","2116","CreateFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:06.8446379","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/21 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A" 20:39:06.8448078","about1.exe","2116","CloseFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","" 20:39:06.8452503","about1.exe","2116","CreateFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:06.8454294","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/21 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A" 20:39:06.8455986","about1.exe","2116","CloseFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","" 20:39:06.8458562","about1.exe","2116","CreateFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:06.8460406","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\cmd.exe","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE" 20:39:06.8460683","about1.exe","2116","QueryStandardInformationFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","AllocationSize: 491,520, EndOfFile: 486,400, NumberOfLinks: 1, DeletePending: False, Directory: False" 20:39:06.8460931","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\cmd.exe","SUCCESS","SyncType: SyncTypeOther" 20:39:06.8461169","about1.exe","2116","ReadFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","Offset: 0, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:06.8596974","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\cmd.exe","SUCCESS","SyncType: SyncTypeOther" 20:39:06.8603217","about1.exe","2116","CreateFile","C:\WINDOWS\system32\apphelp.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:06.8604975","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\system32\apphelp.dll","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A" 20:39:06.8606629","about1.exe","2116","CloseFile","C:\WINDOWS\system32\apphelp.dll","SUCCESS","" 20:39:06.8609028","about1.exe","2116","CreateFile","C:\WINDOWS\system32\apphelp.dll","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:06.8610808","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\apphelp.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE" 20:39:06.8610939","about1.exe","2116","QueryStandardInformationFile","C:\WINDOWS\system32\Apphelp.dll","SUCCESS","AllocationSize: 131,072, EndOfFile: 125,952, NumberOfLinks: 1, DeletePending: False, Directory: False" 20:39:06.8612710","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\apphelp.dll","SUCCESS","SyncType: SyncTypeOther" 20:39:06.8614501","about1.exe","2116","CloseFile","C:\WINDOWS\system32\apphelp.dll","SUCCESS","" 20:39:06.8614831","about1.exe","2116","ReadFile","C:\WINDOWS\system32\Apphelp.dll","SUCCESS","Offset: 0, Length: 32,768, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:06.8682105","about1.exe","2116","CreateFile","C:\WINDOWS\system32\apphelp.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:06.8683837","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\system32\apphelp.dll","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A" 20:39:06.8685488","about1.exe","2116","CloseFile","C:\WINDOWS\system32\apphelp.dll","SUCCESS","" 20:39:06.8687860","about1.exe","2116","CreateFile","C:\WINDOWS\system32\apphelp.dll","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:06.8689625","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\apphelp.dll","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE" 20:39:06.8690153","about1.exe","2116","CreateFileMapping","C:\WINDOWS\SYSTEM32\APPHELP.DLL","SUCCESS","SyncType: SyncTypeOther" 20:39:06.8691963","about1.exe","2116","CloseFile","C:\WINDOWS\system32\apphelp.dll","SUCCESS","" 20:39:06.8695098","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\APPHELP.DLL","SUCCESS","Offset: 117,248, Length: 2,560, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:06.8718928","about1.exe","2116","CreateFile","C:\WINDOWS\AppPatch\sysmain.sdb","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened" 20:39:06.8720422","about1.exe","2116","QueryStandardInformationFile","C:\WINDOWS\AppPatch\sysmain.sdb","SUCCESS","AllocationSize: 1,212,416, EndOfFile: 1,202,774, NumberOfLinks: 1, DeletePending: False, Directory: False" 20:39:06.8725364","about1.exe","2116","CreateFileMapping","C:\WINDOWS\AppPatch\sysmain.sdb","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY" 20:39:06.8725501","about1.exe","2116","QueryStandardInformationFile","C:\WINDOWS\AppPatch\sysmain.sdb","SUCCESS","AllocationSize: 1,212,416, EndOfFile: 1,202,774, NumberOfLinks: 1, DeletePending: False, Directory: False" 20:39:06.8725736","about1.exe","2116","CreateFileMapping","C:\WINDOWS\AppPatch\sysmain.sdb","SUCCESS","SyncType: SyncTypeOther" 20:39:06.8727278","about1.exe","2116","QueryStandardInformationFile","C:\WINDOWS\AppPatch\sysmain.sdb","SUCCESS","AllocationSize: 1,212,416, EndOfFile: 1,202,774, NumberOfLinks: 1, DeletePending: False, Directory: False" 20:39:06.8729507","about1.exe","2116","CreateFile","C:\WINDOWS\AppPatch\systest.sdb","NAME NOT FOUND","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a" 20:39:06.8731999","about1.exe","2116","CreateFile","C:\WINDOWS\system32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" 20:39:06.8733066","about1.exe","2116","QueryDirectory","C:\WINDOWS\system32\cmd.exe","SUCCESS","Filter: cmd.exe, 1: cmd.exe" 20:39:06.8734611","about1.exe","2116","CloseFile","C:\WINDOWS\system32","SUCCESS","" 20:39:06.8739092","about1.exe","2116","CreateFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:06.8740869","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/21 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A" 20:39:06.8742582","about1.exe","2116","CloseFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","" 20:39:06.8766705","about1.exe","2116","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" 20:39:06.8766979","about1.exe","2116","QueryDirectory","C:\WINDOWS","SUCCESS","Filter: WINDOWS, 1: WINDOWS" 20:39:06.8767361","about1.exe","2116","CloseFile","C:\","SUCCESS","" 20:39:06.8776868","about1.exe","2116","CreateFile","C:\WINDOWS","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" 20:39:06.8777547","about1.exe","2116","QueryDirectory","C:\WINDOWS\system32","SUCCESS","Filter: system32, 1: system32" 20:39:06.8778326","about1.exe","2116","CloseFile","C:\WINDOWS","SUCCESS","" 20:39:06.8786026","about1.exe","2116","CreateFile","C:\WINDOWS\system32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" 20:39:06.8787065","about1.exe","2116","QueryDirectory","C:\WINDOWS\system32\cmd.exe","SUCCESS","Filter: cmd.exe, 1: cmd.exe" 20:39:06.8799066","about1.exe","2116","CloseFile","C:\WINDOWS\system32","SUCCESS","" 20:39:06.8801394","about1.exe","2116","ReadFile","C:\WINDOWS\AppPatch\sysmain.sdb","SUCCESS","Offset: 143,360, Length: 32,768, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:06.8972385","about1.exe","2116","ReadFile","C:\WINDOWS\AppPatch\sysmain.sdb","SUCCESS","Offset: 589,824, Length: 32,768, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:06.9082686","about1.exe","2116","ReadFile","C:\WINDOWS\AppPatch\sysmain.sdb","SUCCESS","Offset: 815,104, Length: 32,768, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:06.9154964","about1.exe","2116","ReadFile","C:\WINDOWS\AppPatch\sysmain.sdb","SUCCESS","Offset: 745,472, Length: 32,768, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:06.9164384","about1.exe","2116","CreateFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:06.9166194","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/21 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A" 20:39:06.9167904","about1.exe","2116","CloseFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","" 20:39:06.9171913","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\VERSION.DLL","SUCCESS","Offset: 15,872, Length: 512, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:06.9293188","about1.exe","2116","CreateFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:06.9294965","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/21 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A" 20:39:06.9296666","about1.exe","2116","CloseFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","" 20:39:06.9299085","about1.exe","2116","CreateFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:06.9300932","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\cmd.exe","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE" 20:39:06.9301074","about1.exe","2116","QueryStandardInformationFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","AllocationSize: 491,520, EndOfFile: 486,400, NumberOfLinks: 1, DeletePending: False, Directory: False" 20:39:06.9302899","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\cmd.exe","SUCCESS","SyncType: SyncTypeOther" 20:39:06.9304737","about1.exe","2116","CloseFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","" 20:39:06.9305332","about1.exe","2116","ReadFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","Offset: 0, Length: 32,768, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:06.9314654","about1.exe","2116","CreateFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:06.9316414","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A" 20:39:06.9318107","about1.exe","2116","CloseFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","" 20:39:06.9320529","about1.exe","2116","CreateFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:06.9322351","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\cmd.exe","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY" 20:39:06.9322482","about1.exe","2116","QueryStandardInformationFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","AllocationSize: 491,520, EndOfFile: 486,400, NumberOfLinks: 1, DeletePending: False, Directory: False" 20:39:06.9322711","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\cmd.exe","SUCCESS","SyncType: SyncTypeOther" 20:39:06.9324547","about1.exe","2116","CloseFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","" 20:39:06.9325460","about1.exe","2116","ReadFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","Offset: 245,760, Length: 32,768, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:06.9432306","about1.exe","2116","ReadFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","Offset: 454,656, Length: 31,744, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:06.9541001","about1.exe","2116","CreateFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:06.9542773","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A" 20:39:06.9544471","about1.exe","2116","CloseFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","" 20:39:06.9546896","about1.exe","2116","CreateFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:06.9548712","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\cmd.exe","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE" 20:39:06.9548849","about1.exe","2116","QueryStandardInformationFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","AllocationSize: 491,520, EndOfFile: 486,400, NumberOfLinks: 1, DeletePending: False, Directory: False" 20:39:06.9549086","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\cmd.exe","SUCCESS","SyncType: SyncTypeOther" 20:39:06.9550919","about1.exe","2116","CloseFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","" 20:39:06.9555596","about1.exe","2116","CreateFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:06.9557367","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A" 20:39:06.9559060","about1.exe","2116","CloseFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","" 20:39:06.9561476","about1.exe","2116","CreateFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:06.9563292","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\cmd.exe","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY" 20:39:06.9563423","about1.exe","2116","QueryStandardInformationFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","AllocationSize: 491,520, EndOfFile: 486,400, NumberOfLinks: 1, DeletePending: False, Directory: False" 20:39:06.9563652","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\cmd.exe","SUCCESS","SyncType: SyncTypeOther" 20:39:06.9565482","about1.exe","2116","CloseFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","" 20:39:06.9574553","about1.exe","2116","CreateFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:06.9576322","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A" 20:39:06.9578020","about1.exe","2116","CloseFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","" 20:39:06.9578551","about1.exe","2116","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" 20:39:06.9578830","about1.exe","2116","QueryDirectory","C:\WINDOWS","SUCCESS","Filter: WINDOWS, 1: WINDOWS" 20:39:06.9579227","about1.exe","2116","CloseFile","C:\","SUCCESS","" 20:39:06.9580481","about1.exe","2116","CreateFile","C:\WINDOWS","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" 20:39:06.9581160","about1.exe","2116","QueryDirectory","C:\WINDOWS\system32","SUCCESS","Filter: system32, 1: system32" 20:39:06.9581934","about1.exe","2116","CloseFile","C:\WINDOWS","SUCCESS","" 20:39:06.9583566","about1.exe","2116","CreateFile","C:\WINDOWS\system32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" 20:39:06.9584610","about1.exe","2116","QueryDirectory","C:\WINDOWS\system32\cmd.exe","SUCCESS","Filter: cmd.exe, 1: cmd.exe" 20:39:06.9586136","about1.exe","2116","CloseFile","C:\WINDOWS\system32","SUCCESS","" 20:39:06.9588332","about1.exe","2116","CloseFile","C:\WINDOWS\AppPatch\sysmain.sdb","SUCCESS","" 20:39:06.9609384","about1.exe","2116","QueryNameInformationFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","Name: \WINDOWS\System32\cmd.exe" 20:39:06.9613723","about1.exe","2116","CreateFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:06.9615505","about1.exe","2116","QueryBasicInformationFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","CreationTime: 2008/08/20 12:00:00, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2008/08/20 12:00:00, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A" 20:39:06.9617209","about1.exe","2116","CloseFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","" 20:39:06.9617740","about1.exe","2116","CreateFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" 20:39:06.9618022","about1.exe","2116","QueryDirectory","C:\WINDOWS","SUCCESS","Filter: WINDOWS, 1: WINDOWS" 20:39:06.9618394","about1.exe","2116","CloseFile","C:\","SUCCESS","" 20:39:06.9619657","about1.exe","2116","CreateFile","C:\WINDOWS","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" 20:39:06.9620338","about1.exe","2116","QueryDirectory","C:\WINDOWS\System32","SUCCESS","Filter: System32, 1: system32" 20:39:06.9621121","about1.exe","2116","CloseFile","C:\WINDOWS","SUCCESS","" 20:39:06.9622800","about1.exe","2116","CreateFile","C:\WINDOWS\system32","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" 20:39:06.9623853","about1.exe","2116","QueryDirectory","C:\WINDOWS\system32\cmd.exe","SUCCESS","Filter: cmd.exe, 1: cmd.exe" 20:39:06.9625387","about1.exe","2116","CloseFile","C:\WINDOWS\system32","SUCCESS","" 20:39:06.9654938","about1.exe","2116","QueryStandardInformationFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","AllocationSize: 491,520, EndOfFile: 486,400, NumberOfLinks: 1, DeletePending: False, Directory: False" 20:39:06.9656664","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\cmd.exe","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY" 20:39:06.9656798","about1.exe","2116","QueryStandardInformationFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","AllocationSize: 491,520, EndOfFile: 486,400, NumberOfLinks: 1, DeletePending: False, Directory: False" 20:39:06.9657036","about1.exe","2116","CreateFileMapping","C:\WINDOWS\system32\cmd.exe","SUCCESS","SyncType: SyncTypeOther" 20:39:06.9667029","about1.exe","2116","ReadFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","Offset: 99,328, Length: 30,720, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:06.9794243","about1.exe","2116","CreateFile","C:\WINDOWS\system32\cmd.exe.Manifest","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a" 20:39:06.9796090","about1.exe","2116","ReadFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","Offset: 247,296, Length: 16,384, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:06.9803202","about1.exe","2116","CloseFile","C:\WINDOWS\system32\cmd.exe","SUCCESS","" 20:39:06.9804641","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\Application Data\KB00777165.exe","SUCCESS","Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:06.9846945","about1.exe","2116","CreateFileMapping","C:\Documents and Settings\rik\Application Data\KB00777165.exe","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE" 20:39:06.9847082","about1.exe","2116","QueryStandardInformationFile","C:\Documents and Settings\rik\Application Data\KB00777165.exe","SUCCESS","AllocationSize: 98,304, EndOfFile: 98,304, NumberOfLinks: 1, DeletePending: False, Directory: False" 20:39:06.9847214","about1.exe","2116","CreateFileMapping","C:\Documents and Settings\rik\Application Data\KB00777165.exe","SUCCESS","SyncType: SyncTypeOther" 20:39:06.9848454","about1.exe","2116","CreateFileMapping","C:\Documents and Settings\rik\Application Data\KB00777165.exe","SUCCESS","SyncType: SyncTypeOther" 20:39:06.9857648","about1.exe","2116","CreateFile","C:\WINDOWS\AppPatch\sysmain.sdb","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened" 20:39:06.9859115","about1.exe","2116","QueryStandardInformationFile","C:\WINDOWS\AppPatch\sysmain.sdb","SUCCESS","AllocationSize: 1,212,416, EndOfFile: 1,202,774, NumberOfLinks: 1, DeletePending: False, Directory: False" 20:39:06.9860472","about1.exe","2116","CreateFileMapping","C:\WINDOWS\AppPatch\sysmain.sdb","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY" 20:39:06.9860604","about1.exe","2116","QueryStandardInformationFile","C:\WINDOWS\AppPatch\sysmain.sdb","SUCCESS","AllocationSize: 1,212,416, EndOfFile: 1,202,774, NumberOfLinks: 1, DeletePending: False, Directory: False" 20:39:06.9860835","about1.exe","2116","CreateFileMapping","C:\WINDOWS\AppPatch\sysmain.sdb","SUCCESS","SyncType: SyncTypeOther" 20:39:06.9862350","about1.exe","2116","QueryStandardInformationFile","C:\WINDOWS\AppPatch\sysmain.sdb","SUCCESS","AllocationSize: 1,212,416, EndOfFile: 1,202,774, NumberOfLinks: 1, DeletePending: False, Directory: False" 20:39:06.9870191","about1.exe","2116","CreateFile","C:\WINDOWS\AppPatch\systest.sdb","NAME NOT FOUND","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a" 20:39:06.9872264","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\Application Data","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" 20:39:06.9873005","about1.exe","2116","QueryDirectory","C:\Documents and Settings\rik\Application Data\KB00777165.exe","SUCCESS","Filter: KB00777165.exe, 1: KB00777165.exe" 20:39:06.9883942","about1.exe","2116","CloseFile","C:\Documents and Settings\rik\Application Data","SUCCESS","" 20:39:06.9886277","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\Application Data\KB00777165.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:06.9892904","about1.exe","2116","QueryBasicInformationFile","C:\Documents and Settings\rik\Application Data\KB00777165.exe","SUCCESS","CreationTime: 2013/01/26 20:39:06, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2013/01/26 18:42:16, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A" 20:39:06.9893518","about1.exe","2116","CloseFile","C:\Documents and Settings\rik\Application Data\KB00777165.exe","SUCCESS","" 20:39:06.9894426","about1.exe","2116","CreateFile","C:\Documents and Settings","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" 20:39:06.9901732","about1.exe","2116","QueryDirectory","C:\Documents and Settings\rik","SUCCESS","Filter: rik, 1: rik" 20:39:06.9902137","about1.exe","2116","CloseFile","C:\Documents and Settings","SUCCESS","" 20:39:06.9913666","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\Application Data\KB00777165.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:06.9914370","about1.exe","2116","QueryBasicInformationFile","C:\Documents and Settings\rik\Application Data\KB00777165.exe","SUCCESS","CreationTime: 2013/01/26 20:39:06, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2013/01/26 18:42:16, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A" 20:39:06.9914988","about1.exe","2116","CloseFile","C:\Documents and Settings\rik\Application Data\KB00777165.exe","SUCCESS","" 20:39:06.9923771","about1.exe","2116","CreateFile","C:\Documents and Settings","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" 20:39:06.9924084","about1.exe","2116","QueryDirectory","C:\Documents and Settings\rik","SUCCESS","Filter: rik, 1: rik" 20:39:06.9924483","about1.exe","2116","CloseFile","C:\Documents and Settings","SUCCESS","" 20:39:06.9933076","about1.exe","2116","QueryBasicInformationFile","C:\Documents and Settings\rik\Application Data\KB00777165.exe","SUCCESS","CreationTime: 2013/01/26 20:39:06, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2013/01/26 18:42:16, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A" 20:39:06.9933697","about1.exe","2116","QueryStandardInformationFile","C:\Documents and Settings\rik\Application Data\KB00777165.exe","SUCCESS","AllocationSize: 98,304, EndOfFile: 98,304, NumberOfLinks: 1, DeletePending: False, Directory: False" 20:39:06.9935353","about1.exe","2116","CloseFile","C:\WINDOWS\AppPatch\sysmain.sdb","SUCCESS","" 20:39:06.9944597","about1.exe","2116","QueryNameInformationFile","C:\Documents and Settings\rik\Application Data\KB00777165.exe","SUCCESS","Name: \Documents and Settings\RIK\Application Data\KB00777165.exe" 20:39:06.9954828","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\Application Data\KB00777165.exe","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" 20:39:06.9955532","about1.exe","2116","QueryBasicInformationFile","C:\Documents and Settings\rik\Application Data\KB00777165.exe","SUCCESS","CreationTime: 2013/01/26 20:39:06, LastAccessTime: 2013/01/26 0:00:00, LastWriteTime: 2013/01/26 18:42:16, ChangeTime: 1601/01/01 9:00:00, FileAttributes: A" 20:39:06.9956149","about1.exe","2116","CloseFile","C:\Documents and Settings\rik\Application Data\KB00777165.exe","SUCCESS","" 20:39:06.9963530","about1.exe","2116","CreateFile","C:\Documents and Settings","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened" 20:39:06.9963837","about1.exe","2116","QueryDirectory","C:\Documents and Settings\RIK","SUCCESS","Filter: RIK, 1: rik" 20:39:06.9964245","about1.exe","2116","CloseFile","C:\Documents and Settings","SUCCESS","" 20:39:06.9978929","about1.exe","2116","QueryStandardInformationFile","C:\Documents and Settings\rik\Application Data\KB00777165.exe","SUCCESS","AllocationSize: 98,304, EndOfFile: 98,304, NumberOfLinks: 1, DeletePending: False, Directory: False" 20:39:06.9979571","about1.exe","2116","CreateFileMapping","C:\Documents and Settings\rik\Application Data\KB00777165.exe","SUCCESS","SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY" 20:39:06.9979702","about1.exe","2116","QueryStandardInformationFile","C:\Documents and Settings\rik\Application Data\KB00777165.exe","SUCCESS","AllocationSize: 98,304, EndOfFile: 98,304, NumberOfLinks: 1, DeletePending: False, Directory: False" 20:39:06.9979934","about1.exe","2116","CreateFileMapping","C:\Documents and Settings\rik\Application Data\KB00777165.exe","SUCCESS","SyncType: SyncTypeOther" 20:39:06.9983681","about1.exe","2116","CreateFile","C:\Documents and Settings\rik\Application Data\KB00777165.exe.Manifest","NAME NOT FOUND","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a" 20:39:06.9984572","about1.exe","2116","ReadFile","C:\Documents and Settings\rik\Application Data\KB00777165.exe","SUCCESS","Offset: 96,256, Length: 2,048, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:07.0196998","about1.exe","2116","CloseFile","C:\Documents and Settings\rik\Application Data\KB00777165.exe","SUCCESS","" 20:39:07.0210631","about1.exe","2116","CloseFile","C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83","SUCCESS","" 20:39:07.0221610","about1.exe","2116","ReadFile","C:\WINDOWS\SYSTEM32\MSVCP60.DLL","SUCCESS","Offset: 344,064, Length: 16,384, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O" 20:39:07.1199880","about1.exe","2116","CloseFile","C:\Documents and Settings\rik\繝・せ繧ッ繝医ャ繝・,"SUCCESS","" 20:39:07.1201414","about1.exe","2116","CloseFile","C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83","SUCCESS",""