===============================
PID: 1896 - KB00777165.exe
===============================

FILE/DIR ACCESSED+OPENED BY KB00777165.exe (Success only list)
------------------------------------------------------------------
20:39:47.1719309","KB00777165.exe","1896","Create/CloseFile","C:\Documents and Settings\rik","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
20:39:47.2313938","KB00777165.exe","1896","Create/CloseFile","C:\WINDOWS\system32\imm32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
20:39:47.2325199","KB00777165.exe","1896","Create/CloseFile","C:\WINDOWS\system32\imm32.dll","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
20:39:47.2339994","KB00777165.exe","1896","Create/CloseFile","C:\WINDOWS\system32\imm32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
20:39:47.2352462","KB00777165.exe","1896","Create/CloseFile","C:\WINDOWS\system32\imm32.dll","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
20:39:47.2602527","KB00777165.exe","1896","Create/CloseFile","C:\WINDOWS\system32\imm32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
20:39:47.2723814","KB00777165.exe","1896","Create/CloseFile","C:\WINDOWS\system32\imm32.dll","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
20:39:47.2754899","KB00777165.exe","1896","Create/CloseFile","C:\WINDOWS\system32\imm32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
20:39:47.2771487","KB00777165.exe","1896","Create/CloseFile","C:\WINDOWS\system32\imm32.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
20:39:47.2900085","KB00777165.exe","1896","Create/CloseFile","C:\WINDOWS\system32\lpk.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
20:39:47.2918308","KB00777165.exe","1896","Create/CloseFile","C:\WINDOWS\system32\lpk.dll","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
20:39:47.2957885","KB00777165.exe","1896","Create/CloseFile","C:\WINDOWS\system32\usp10.dll","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
20:39:47.2976094","KB00777165.exe","1896","Create/CloseFile","C:\WINDOWS\system32\usp10.dll","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
20:39:55.2605779","KB00777165.exe","1896","Create/CloseFile","C:\WINDOWS\system32\shell32.dll","SUCCESS","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
20:39:55.2894685","KB00777165.exe","1896","Create/CloseFile","C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
20:39:55.2903876","KB00777165.exe","1896","Create/CloseFile","C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
20:39:55.2905943","KB00777165.exe","1896","Create/CloseFile","C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
20:39:55.2919135","KB00777165.exe","1896","Create/CloseFile","C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
20:39:55.2965981","KB00777165.exe","1896","Create/CloseFile","C:\WINDOWS\WindowsShell.Manifest","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
20:39:55.2968432","KB00777165.exe","1896","Create/CloseFile","C:\WINDOWS\WindowsShell.Manifest","SUCCESS","Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
20:39:55.3000505","KB00777165.exe","1896","Create/CloseFile","C:\WINDOWS\WindowsShell.Manifest","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
20:39:55.3008956","KB00777165.exe","1896","Create/CloseFile","C:\WINDOWS\WindowsShell.Manifest","SUCCESS","Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened"
20:39:55.3019097","KB00777165.exe","1896","Create/CloseFile","C:\WINDOWS\WindowsShell.Manifest","SUCCESS","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
20:39:55.3255085","KB00777165.exe","1896","Create/CloseFile","C:\WINDOWS\system32\comctl32.dll","SUCCESS","Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened"
20:39:55.3298188","KB00777165.exe","1896","Create/CloseFile","C:\","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
20:39:55.3305896","KB00777165.exe","1896","Create/CloseFile","C:\Documents and Settings\rik\Application Data","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"


THE QUERIED VALUE
------------------------
20:39:55.3298521","KB00777165.exe","1896","QueryNameInformationFile","C:\","SUCCESS","Name: \"
20:39:55.3298817","KB00777165.exe","1896","QueryInformationVolume","C:\","SUCCESS","VolumeCreationTime: 1601/01/01 9:00:00, VolumeSerialNumber: 9455-E50D, SupportsObjects: False, VolumeLabel: "
20:39:55.3306555","KB00777165.exe","1896","QueryBasicInformationFile","C:\Documents and Settings\rik\Application Data","SUCCESS","CreationTime: 2012/10/07 18:49:52, LastAccessTime: 2012/10/07 0:00:00, LastWriteTime: 2012/10/07 18:19:58, ChangeTime: 1601/01/01 9:00:00, FileAttributes: RHD"