"file","14/6/2009 3:59:54.23","C:\Program Files\Internet Explorer\IEXPLORE.EXE","Write","C:\Documents and Settings\tttt\Local Settings\Temporary Internet Files\Content.IE5\BFS2DG34\load[1].exe","-1"
"file","14/6/2009 3:59:54.23","C:\Program Files\Internet Explorer\IEXPLORE.EXE","Write","C:\Documents and Settings\tttt\Local Settings\Temporary Internet Files\Content.IE5\BFS2DG34\load[1].exe","-1"
"file","14/6/2009 3:59:54.148","C:\Program Files\Internet Explorer\IEXPLORE.EXE","Write","C:\Documents and Settings\tttt\Local Settings\Temporary Internet Files\Content.IE5\BFS2DG34\load[1].exe","-1"
"file","14/6/2009 3:59:54.383","C:\Program Files\Internet Explorer\IEXPLORE.EXE","Write","C:\Documents and Settings\tttt\Local Settings\Temporary Internet Files\Content.IE5\BFS2DG34\load[1].exe","-1"
"file","14/6/2009 3:59:54.383","C:\Program Files\Internet Explorer\IEXPLORE.EXE","Write","C:\Documents and Settings\tttt\Local Settings\Temporary Internet Files\Content.IE5\BFS2DG34\load[1].exe","-1"
"file","14/6/2009 3:59:54.508","C:\Program Files\Internet Explorer\IEXPLORE.EXE","Write","C:\Documents and Settings\tttt\Local Settings\Temporary Internet Files\Content.IE5\BFS2DG34\load[1].exe","-1"
"file","14/6/2009 3:59:54.508","C:\Program Files\Internet Explorer\IEXPLORE.EXE","Write","C:\Documents and Settings\tttt\Local Settings\Temporary Internet Files\Content.IE5\BFS2DG34\load[1].exe","-1"
"file","14/6/2009 3:59:54.633","C:\Program Files\Internet Explorer\IEXPLORE.EXE","Write","C:\Documents and Settings\tttt\Local Settings\Temporary Internet Files\Content.IE5\BFS2DG34\load[1].exe","-1"
"file","14/6/2009 3:59:54.633","C:\Program Files\Internet Explorer\IEXPLORE.EXE","Write","C:\Documents and Settings\tttt\Local Settings\Temporary Internet Files\Content.IE5\BFS2DG34\load[1].exe","-1"
"file","14/6/2009 3:59:54.648","C:\Program Files\Internet Explorer\IEXPLORE.EXE","Write","C:\Documents and Settings\tttt\Local Settings\Temporary Internet Files\Content.IE5\BFS2DG34\load[1].exe","-1"
"file","14/6/2009 3:59:54.648","C:\Program Files\Internet Explorer\IEXPLORE.EXE","Write","C:\Documents and Settings\tttt\Local Settings\Temporary Internet Files\Content.IE5\BFS2DG34\load[1].exe","-1"
"file","14/6/2009 3:59:54.648","C:\Program Files\Internet Explorer\IEXPLORE.EXE","Write","C:\Documents and Settings\tttt\file.exe","-1"
"file","14/6/2009 3:59:54.648","C:\Program Files\Internet Explorer\IEXPLORE.EXE","Write","C:\Documents and Settings\tttt\file.exe","-1"
"file","14/6/2009 3:59:54.648","C:\Program Files\Internet Explorer\IEXPLORE.EXE","Write","C:\Documents and Settings\tttt\file.exe","-1"
"file","14/6/2009 3:59:54.648","C:\Program Files\Internet Explorer\IEXPLORE.EXE","Write","C:\Documents and Settings\tttt\file.exe","-1"
"file","14/6/2009 3:59:54.648","C:\Program Files\Internet Explorer\IEXPLORE.EXE","Write","C:\Documents and Settings\tttt\file.exe","-1"
"file","14/6/2009 3:59:54.648","C:\Program Files\Internet Explorer\IEXPLORE.EXE","Write","C:\Documents and Settings\tttt\file.exe","-1"
"file","14/6/2009 3:59:54.648","C:\Program Files\Internet Explorer\IEXPLORE.EXE","Write","C:\Documents and Settings\tttt\file.exe","-1"
"file","14/6/2009 3:59:54.648","C:\Program Files\Internet Explorer\IEXPLORE.EXE","Write","C:\Documents and Settings\tttt\file.exe","-1"
"file","14/6/2009 3:59:54.648","C:\Program Files\Internet Explorer\IEXPLORE.EXE","Write","C:\Documents and Settings\tttt\file.exe","-1"
"file","14/6/2009 3:59:54.648","C:\Program Files\Internet Explorer\IEXPLORE.EXE","Write","C:\Documents and Settings\tttt\file.exe","-1"
"file","14/6/2009 3:59:54.648","C:\Program Files\Internet Explorer\IEXPLORE.EXE","Write","C:\Documents and Settings\tttt\file.exe","-1"
"file","14/6/2009 3:59:54.648","C:\Program Files\Internet Explorer\IEXPLORE.EXE","Write","C:\Documents and Settings\tttt\file.exe","-1"
"file","14/6/2009 3:59:54.648","C:\Program Files\Internet Explorer\IEXPLORE.EXE","Write","C:\Documents and Settings\tttt\file.exe","-1"
"file","14/6/2009 3:59:54.648","C:\Program Files\Internet Explorer\IEXPLORE.EXE","Write","C:\Documents and Settings\tttt\file.exe","-1"
"file","14/6/2009 3:59:54.648","C:\Program Files\Internet Explorer\IEXPLORE.EXE","Write","C:\Documents and Settings\tttt\file.exe","-1"
"file","14/6/2009 3:59:54.648","C:\Program Files\Internet Explorer\IEXPLORE.EXE","Write","C:\Documents and Settings\tttt\file.exe","-1"
"file","14/6/2009 3:59:54.648","C:\Program Files\Internet Explorer\IEXPLORE.EXE","Write","C:\Documents and Settings\tttt\file.exe","-1"
"file","14/6/2009 3:59:54.695","System","Write","C:\Documents and Settings\tttt\file.exe","-1"
"file","14/6/2009 3:59:54.867","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM1.tmp","-1"
"file","14/6/2009 3:59:54.898","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM1.tmp","-1"
"file","14/6/2009 3:59:54.898","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM1.tmp","-1"
"file","14/6/2009 3:59:54.898","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM1.tmp","-1"
"file","14/6/2009 3:59:54.898","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM1.tmp","-1"
"file","14/6/2009 3:59:54.898","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM1.tmp","-1"
"file","14/6/2009 3:59:54.898","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM1.tmp","-1"
"file","14/6/2009 3:59:54.914","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM1.tmp","-1"
"file","14/6/2009 3:59:54.914","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM1.tmp","-1"
"file","14/6/2009 3:59:54.914","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM1.tmp","-1"
"file","14/6/2009 3:59:54.914","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM1.tmp","-1"
"file","14/6/2009 3:59:54.914","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM1.tmp","-1"
"file","14/6/2009 3:59:54.914","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM1.tmp","-1"
"file","14/6/2009 3:59:54.914","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM1.tmp","-1"
"file","14/6/2009 3:59:54.914","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM1.tmp","-1"
"file","14/6/2009 3:59:54.930","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM1.tmp","-1"
"file","14/6/2009 3:59:54.930","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM1.tmp","-1"
"file","14/6/2009 3:59:54.930","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM1.tmp","-1"
"file","14/6/2009 3:59:54.930","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM1.tmp","-1"
"file","14/6/2009 3:59:55.55","C:\Documents and Settings\tttt\file.exe","Delete","C:\WINDOWS\Temp\~TM1.tmp","-1"
"file","14/6/2009 3:59:55.70","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM2.tmp","-1"
"file","14/6/2009 3:59:55.86","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM2.tmp","-1"
"file","14/6/2009 3:59:55.86","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM2.tmp","-1"
"file","14/6/2009 3:59:55.86","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM2.tmp","-1"
"file","14/6/2009 3:59:55.86","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM2.tmp","-1"
"file","14/6/2009 3:59:55.86","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM2.tmp","-1"
"file","14/6/2009 3:59:55.86","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM2.tmp","-1"
"file","14/6/2009 3:59:55.86","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM2.tmp","-1"
"file","14/6/2009 3:59:55.86","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM2.tmp","-1"
"file","14/6/2009 3:59:55.86","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM2.tmp","-1"
"file","14/6/2009 3:59:55.164","C:\Documents and Settings\tttt\file.exe","Delete","C:\WINDOWS\Temp\~TM2.tmp","-1"
"file","14/6/2009 3:59:55.164","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM3.tmp","-1"
"file","14/6/2009 3:59:55.164","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM3.tmp","-1"
"file","14/6/2009 3:59:55.164","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM3.tmp","-1"
"file","14/6/2009 3:59:55.164","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM3.tmp","-1"
"file","14/6/2009 3:59:55.164","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM3.tmp","-1"
"file","14/6/2009 3:59:55.164","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM3.tmp","-1"
"file","14/6/2009 3:59:55.164","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM3.tmp","-1"
"file","14/6/2009 3:59:55.164","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM3.tmp","-1"
"file","14/6/2009 3:59:55.164","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM3.tmp","-1"
"file","14/6/2009 3:59:55.164","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM3.tmp","-1"
"file","14/6/2009 3:59:55.477","C:\Documents and Settings\tttt\file.exe","Delete","C:\WINDOWS\Temp\~TM3.tmp","-1"
"file","14/6/2009 3:59:55.492","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM54EA3A.TMP","-1"
"file","14/6/2009 3:59:55.523","C:\WINDOWS\explorer.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\~TM5.tmp","-1"
"file","14/6/2009 3:59:55.523","C:\WINDOWS\explorer.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\~TM5.tmp","-1"
"file","14/6/2009 3:59:55.523","C:\WINDOWS\explorer.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\~TM5.tmp","-1"
"file","14/6/2009 3:59:55.523","C:\WINDOWS\explorer.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\~TM5.tmp","-1"
"file","14/6/2009 3:59:55.523","C:\WINDOWS\explorer.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\~TM5.tmp","-1"
"file","14/6/2009 3:59:55.523","C:\WINDOWS\explorer.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\~TM5.tmp","-1"
"file","14/6/2009 3:59:55.523","C:\WINDOWS\explorer.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\~TM5.tmp","-1"
"file","14/6/2009 3:59:55.523","C:\WINDOWS\explorer.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\~TM5.tmp","-1"
"file","14/6/2009 3:59:55.523","C:\WINDOWS\explorer.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\~TM5.tmp","-1"
"file","14/6/2009 3:59:55.523","C:\WINDOWS\explorer.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\~TM5.tmp","-1"
"file","14/6/2009 3:59:55.523","C:\WINDOWS\explorer.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\~TM5.tmp","-1"
"file","14/6/2009 3:59:55.523","C:\WINDOWS\explorer.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\~TM5.tmp","-1"
"file","14/6/2009 3:59:55.523","C:\WINDOWS\explorer.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\~TM5.tmp","-1"
"file","14/6/2009 3:59:55.523","C:\WINDOWS\explorer.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\~TM5.tmp","-1"
"file","14/6/2009 3:59:55.523","C:\WINDOWS\explorer.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\~TM5.tmp","-1"
"file","14/6/2009 3:59:55.523","C:\WINDOWS\explorer.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\~TM5.tmp","-1"
"file","14/6/2009 3:59:55.523","C:\WINDOWS\explorer.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\~TM5.tmp","-1"
"file","14/6/2009 3:59:55.523","C:\WINDOWS\explorer.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\~TM5.tmp","-1"
"file","14/6/2009 3:59:55.523","C:\WINDOWS\explorer.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\~TM5.tmp","-1"
"file","14/6/2009 3:59:55.617","C:\WINDOWS\explorer.exe","Delete","C:\Documents and Settings\tttt\Local Settings\Temp\~TM5.tmp","-1"
"file","14/6/2009 3:59:55.633","C:\WINDOWS\explorer.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\~TM6.tmp","-1"
"file","14/6/2009 3:59:55.633","C:\WINDOWS\explorer.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\~TM6.tmp","-1"
"file","14/6/2009 3:59:55.633","C:\WINDOWS\explorer.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\~TM6.tmp","-1"
"file","14/6/2009 3:59:55.633","C:\WINDOWS\explorer.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\~TM6.tmp","-1"
"file","14/6/2009 3:59:55.633","C:\WINDOWS\explorer.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\~TM6.tmp","-1"
"file","14/6/2009 3:59:55.633","C:\WINDOWS\explorer.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\~TM6.tmp","-1"
"file","14/6/2009 3:59:55.633","C:\WINDOWS\explorer.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\~TM6.tmp","-1"
"file","14/6/2009 3:59:55.633","C:\WINDOWS\explorer.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\~TM6.tmp","-1"
"file","14/6/2009 3:59:55.633","C:\WINDOWS\explorer.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\~TM6.tmp","-1"
"file","14/6/2009 3:59:55.633","C:\WINDOWS\explorer.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\~TM6.tmp","-1"
"file","14/6/2009 3:59:55.711","C:\WINDOWS\explorer.exe","Delete","C:\Documents and Settings\tttt\Local Settings\Temp\~TM6.tmp","-1"
"process","14/6/2009 3:59:55.633","UNKNOWN","created","3596","C:\Documents and Settings\tttt\file.exe"
"process","14/6/2009 3:59:54.711","C:\Program Files\Internet Explorer\IEXPLORE.EXE","created","3596","C:\Documents and Settings\tttt\file.exe"
"process","14/6/2009 3:59:57.773","C:\WINDOWS\explorer.exe","created","3812","C:\WINDOWS\system32\svchost.exe"
"process","14/6/2009 3:59:55.539","C:\Program Files\Internet Explorer\IEXPLORE.EXE","terminated","3596","C:\Documents and Settings\tttt\file.exe"
"process","14/6/2009 3:59:55.727","C:\WINDOWS\explorer.exe","created","3812","C:\WINDOWS\system32\svchost.exe"
"process","14/6/2009 4:0:2.352","C:\WINDOWS\system32\svchost.exe","created","2104","C:\WINDOWS\system32\svchost.exe"
"process","14/6/2009 4:0:1.23","C:\WINDOWS\system32\svchost.exe","created","2104","C:\WINDOWS\system32\svchost.exe"
"process","14/6/2009 4:0:2.461","C:\WINDOWS\system32\svchost.exe","created","2104","C:\WINDOWS\system32\svchost.exe"
"file","14/6/2009 4:0:1.23","C:\WINDOWS\system32\svchost.exe","Write","C:\WINDOWS\Temp\wpv181243627542.exe","-1"
"file","14/6/2009 4:0:1.39","System","Write","C:\WINDOWS\Temp\wpv181243627542.exe","-1"
"file","14/6/2009 4:0:1.55","System","Write","C:\WINDOWS\Temp\wpv181243627542.exe","-1"
"file","14/6/2009 4:0:1.55","System","Write","C:\WINDOWS\Temp\wpv181243627542.exe","-1"
"file","14/6/2009 4:0:1.70","System","Write","C:\WINDOWS\Temp\wpv181243627542.exe","-1"
"process","14/6/2009 4:0:4.55","C:\WINDOWS\system32\svchost.exe","created","2164","C:\WINDOWS\Temp\wpv181243627542.exe"
"process","14/6/2009 4:0:4.70","C:\WINDOWS\system32\svchost.exe","created","2164","C:\WINDOWS\Temp\wpv181243627542.exe"
"process","14/6/2009 4:0:1.102","C:\WINDOWS\system32\svchost.exe","created","2164","C:\WINDOWS\Temp\wpv181243627542.exe"
"process","14/6/2009 4:0:1.445","C:\WINDOWS\explorer.exe","terminated","3812","C:\WINDOWS\system32\svchost.exe"
"file","14/6/2009 4:0:1.445","C:\WINDOWS\system32\svchost.exe","Write","C:\Documents and Settings\tttt\Application Data\wiaserva.log","-1"
"file","14/6/2009 4:0:1.445","C:\WINDOWS\system32\svchost.exe","Write","C:\Documents and Settings\tttt\Application Data\wiaserva.log","-1"
"file","14/6/2009 4:0:1.898","C:\WINDOWS\Temp\wpv181243627542.exe","Delete","C:\Documents and Settings\tttt\Local Settings\Temp\RarSFX0\__tmp_rar_sfx_access_check_1320671","-1"
"file","14/6/2009 4:0:1.930","C:\WINDOWS\Temp\wpv181243627542.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\RarSFX0\install.exe","-1"
"file","14/6/2009 4:0:1.930","C:\WINDOWS\Temp\wpv181243627542.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\RarSFX0\install.exe","-1"
"file","14/6/2009 4:0:1.930","C:\WINDOWS\Temp\wpv181243627542.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\RarSFX0\install.exe","-1"
"file","14/6/2009 4:0:1.930","C:\WINDOWS\Temp\wpv181243627542.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\RarSFX0\install.exe","-1"
"file","14/6/2009 4:0:1.930","C:\WINDOWS\Temp\wpv181243627542.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\RarSFX0\install.exe","-1"
"file","14/6/2009 4:0:1.930","C:\WINDOWS\Temp\wpv181243627542.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\RarSFX0\install.exe","-1"
"file","14/6/2009 4:0:1.930","C:\WINDOWS\Temp\wpv181243627542.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\RarSFX0\install.exe","-1"
"file","14/6/2009 4:0:1.930","C:\WINDOWS\Temp\wpv181243627542.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\RarSFX0\install.exe","-1"
"file","14/6/2009 4:0:2.148","C:\Program Files\Internet Explorer\IEXPLORE.EXE","Write","C:\Documents and Settings\tttt\file.exe","-1"
"file","14/6/2009 4:0:2.148","C:\Program Files\Internet Explorer\IEXPLORE.EXE","Write","C:\Documents and Settings\tttt\file.exe","-1"
"file","14/6/2009 4:0:2.148","C:\Program Files\Internet Explorer\IEXPLORE.EXE","Write","C:\Documents and Settings\tttt\file.exe","-1"
"file","14/6/2009 4:0:2.148","C:\Program Files\Internet Explorer\IEXPLORE.EXE","Write","C:\Documents and Settings\tttt\file.exe","-1"
"file","14/6/2009 4:0:2.148","C:\Program Files\Internet Explorer\IEXPLORE.EXE","Write","C:\Documents and Settings\tttt\file.exe","-1"
"file","14/6/2009 4:0:2.148","C:\Program Files\Internet Explorer\IEXPLORE.EXE","Write","C:\Documents and Settings\tttt\file.exe","-1"
"file","14/6/2009 4:0:2.148","C:\Program Files\Internet Explorer\IEXPLORE.EXE","Write","C:\Documents and Settings\tttt\file.exe","-1"
"file","14/6/2009 4:0:2.148","C:\Program Files\Internet Explorer\IEXPLORE.EXE","Write","C:\Documents and Settings\tttt\file.exe","-1"
"file","14/6/2009 4:0:2.148","C:\Program Files\Internet Explorer\IEXPLORE.EXE","Write","C:\Documents and Settings\tttt\file.exe","-1"
"file","14/6/2009 4:0:2.148","C:\Program Files\Internet Explorer\IEXPLORE.EXE","Write","C:\Documents and Settings\tttt\file.exe","-1"
"file","14/6/2009 4:0:2.148","C:\Program Files\Internet Explorer\IEXPLORE.EXE","Write","C:\Documents and Settings\tttt\file.exe","-1"
"file","14/6/2009 4:0:2.148","System","Write","C:\Documents and Settings\tttt\Local Settings\Temp\RarSFX0\install.exe","-1"
"file","14/6/2009 4:0:2.148","C:\Program Files\Internet Explorer\IEXPLORE.EXE","Write","C:\Documents and Settings\tttt\file.exe","-1"
"file","14/6/2009 4:0:2.148","C:\Program Files\Internet Explorer\IEXPLORE.EXE","Write","C:\Documents and Settings\tttt\file.exe","-1"
"file","14/6/2009 4:0:2.148","C:\Program Files\Internet Explorer\IEXPLORE.EXE","Write","C:\Documents and Settings\tttt\file.exe","-1"
"file","14/6/2009 4:0:2.148","C:\Program Files\Internet Explorer\IEXPLORE.EXE","Write","C:\Documents and Settings\tttt\file.exe","-1"
"file","14/6/2009 4:0:2.148","C:\Program Files\Internet Explorer\IEXPLORE.EXE","Write","C:\Documents and Settings\tttt\file.exe","-1"
"file","14/6/2009 4:0:2.148","C:\Program Files\Internet Explorer\IEXPLORE.EXE","Write","C:\Documents and Settings\tttt\file.exe","-1"
"file","14/6/2009 4:0:2.148","System","Write","C:\Documents and Settings\tttt\Local Settings\Temp\RarSFX0\install.exe","-1"
"file","14/6/2009 4:0:2.148","System","Write","C:\Documents and Settings\tttt\Local Settings\Temp\RarSFX0\install.exe","-1"
"file","14/6/2009 4:0:2.148","System","Write","C:\Documents and Settings\tttt\Local Settings\Temp\RarSFX0\install.exe","-1"
"file","14/6/2009 4:0:2.148","System","Write","C:\Documents and Settings\tttt\Local Settings\Temp\RarSFX0\install.exe","-1"
"registry","14/6/2009 4:0:1.945","C:\WINDOWS\Temp\wpv181243627542.exe","SetValueKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Personal","-1"
"registry","14/6/2009 4:0:1.961","C:\WINDOWS\Temp\wpv181243627542.exe","SetValueKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a27dacf-9021-11dd-8e25-806d6172696f}\BaseClass","-1"
"registry","14/6/2009 4:0:1.961","C:\WINDOWS\Temp\wpv181243627542.exe","SetValueKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a27dacd-9021-11dd-8e25-806d6172696f}\BaseClass","-1"
"registry","14/6/2009 4:0:1.977","C:\WINDOWS\Temp\wpv181243627542.exe","SetValueKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a27dacc-9021-11dd-8e25-806d6172696f}\BaseClass","-1"
"registry","14/6/2009 4:0:1.977","C:\WINDOWS\Temp\wpv181243627542.exe","SetValueKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Documents","-1"
"registry","14/6/2009 4:0:1.992","C:\WINDOWS\Temp\wpv181243627542.exe","SetValueKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Desktop","-1"
"registry","14/6/2009 4:0:1.992","C:\WINDOWS\Temp\wpv181243627542.exe","SetValueKey","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Desktop","-1"
"registry","14/6/2009 4:0:2.102","C:\WINDOWS\Temp\wpv181243627542.exe","SetValueKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass","-1"
"registry","14/6/2009 4:0:2.102","C:\WINDOWS\Temp\wpv181243627542.exe","SetValueKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName","-1"
"registry","14/6/2009 4:0:2.102","C:\WINDOWS\Temp\wpv181243627542.exe","SetValueKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet","-1"
"registry","14/6/2009 4:0:2.102","C:\WINDOWS\Temp\wpv181243627542.exe","SetValueKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass","-1"
"registry","14/6/2009 4:0:2.102","C:\WINDOWS\Temp\wpv181243627542.exe","SetValueKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName","-1"
"registry","14/6/2009 4:0:2.102","C:\WINDOWS\Temp\wpv181243627542.exe","SetValueKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet","-1"
"registry","14/6/2009 4:0:2.117","C:\WINDOWS\Temp\wpv181243627542.exe","SetValueKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache","-1"
"registry","14/6/2009 4:0:2.117","C:\WINDOWS\Temp\wpv181243627542.exe","SetValueKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cookies","-1"
"process","14/6/2009 4:0:6.805","C:\WINDOWS\Temp\wpv181243627542.exe","created","2388","C:\Documents and Settings\tttt\Local Settings\Temp\RarSFX0\install.exe"
"process","14/6/2009 4:0:2.211","C:\WINDOWS\Temp\wpv181243627542.exe","created","2388","C:\Documents and Settings\tttt\Local Settings\Temp\RarSFX0\install.exe"
"file","14/6/2009 4:0:2.383","System","Write","C:\Documents and Settings\tttt\file.exe","-1"
"file","14/6/2009 4:0:2.383","System","Write","C:\Documents and Settings\tttt\Local Settings\Temporary Internet Files\Content.IE5\BFS2DG34\load[1].exe","-1"
"process","14/6/2009 4:0:8.273","UNKNOWN","created","2480","C:\Documents and Settings\tttt\file.exe"
"process","14/6/2009 4:0:3.8","C:\Program Files\Internet Explorer\IEXPLORE.EXE","created","2480","C:\Documents and Settings\tttt\file.exe"
"file","14/6/2009 4:0:3.602","C:\Documents and Settings\tttt\Local Settings\Temp\RarSFX0\install.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\7.tmp","-1"
"process","14/6/2009 4:0:4.8","C:\Program Files\Internet Explorer\IEXPLORE.EXE","terminated","2480","C:\Documents and Settings\tttt\file.exe"
"file","14/6/2009 4:0:3.680","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM8.tmp","-1"
"file","14/6/2009 4:0:3.680","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM8.tmp","-1"
"file","14/6/2009 4:0:3.680","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM8.tmp","-1"
"file","14/6/2009 4:0:3.680","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM8.tmp","-1"
"file","14/6/2009 4:0:3.680","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM8.tmp","-1"
"file","14/6/2009 4:0:3.680","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM8.tmp","-1"
"file","14/6/2009 4:0:3.680","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM8.tmp","-1"
"file","14/6/2009 4:0:3.680","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM8.tmp","-1"
"file","14/6/2009 4:0:3.680","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM8.tmp","-1"
"file","14/6/2009 4:0:3.680","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM8.tmp","-1"
"file","14/6/2009 4:0:3.680","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM8.tmp","-1"
"file","14/6/2009 4:0:3.695","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM8.tmp","-1"
"file","14/6/2009 4:0:3.695","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM8.tmp","-1"
"file","14/6/2009 4:0:3.695","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM8.tmp","-1"
"file","14/6/2009 4:0:3.695","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM8.tmp","-1"
"file","14/6/2009 4:0:3.695","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM8.tmp","-1"
"file","14/6/2009 4:0:3.695","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM8.tmp","-1"
"file","14/6/2009 4:0:3.695","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM8.tmp","-1"
"file","14/6/2009 4:0:3.695","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM8.tmp","-1"
"file","14/6/2009 4:0:3.789","C:\Documents and Settings\tttt\file.exe","Delete","C:\WINDOWS\Temp\~TM8.tmp","-1"
"file","14/6/2009 4:0:3.805","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM9.tmp","-1"
"file","14/6/2009 4:0:3.805","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM9.tmp","-1"
"file","14/6/2009 4:0:3.805","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM9.tmp","-1"
"file","14/6/2009 4:0:3.805","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM9.tmp","-1"
"file","14/6/2009 4:0:3.805","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM9.tmp","-1"
"file","14/6/2009 4:0:3.805","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM9.tmp","-1"
"file","14/6/2009 4:0:3.805","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM9.tmp","-1"
"file","14/6/2009 4:0:3.805","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM9.tmp","-1"
"file","14/6/2009 4:0:3.805","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM9.tmp","-1"
"file","14/6/2009 4:0:3.805","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM9.tmp","-1"
"file","14/6/2009 4:0:3.883","C:\Documents and Settings\tttt\file.exe","Delete","C:\WINDOWS\Temp\~TM9.tmp","-1"
"file","14/6/2009 4:0:3.883","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TMA.tmp","-1"
"file","14/6/2009 4:0:3.883","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TMA.tmp","-1"
"file","14/6/2009 4:0:3.883","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TMA.tmp","-1"
"file","14/6/2009 4:0:3.883","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TMA.tmp","-1"
"file","14/6/2009 4:0:3.883","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TMA.tmp","-1"
"file","14/6/2009 4:0:3.883","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TMA.tmp","-1"
"file","14/6/2009 4:0:3.883","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TMA.tmp","-1"
"file","14/6/2009 4:0:3.883","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TMA.tmp","-1"
"file","14/6/2009 4:0:3.898","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TMA.tmp","-1"
"file","14/6/2009 4:0:3.898","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TMA.tmp","-1"
"file","14/6/2009 4:0:3.961","C:\Documents and Settings\tttt\file.exe","Delete","C:\WINDOWS\Temp\~TMA.tmp","-1"
"file","14/6/2009 4:0:3.977","C:\Documents and Settings\tttt\file.exe","Write","C:\WINDOWS\Temp\~TM54EA3A.TMP","-1"
"file","14/6/2009 4:0:4.8","C:\WINDOWS\explorer.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\~TMC.tmp","-1"
"file","14/6/2009 4:0:4.8","C:\WINDOWS\explorer.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\~TMC.tmp","-1"
"file","14/6/2009 4:0:4.8","C:\WINDOWS\explorer.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\~TMC.tmp","-1"
"file","14/6/2009 4:0:4.8","C:\WINDOWS\explorer.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\~TMC.tmp","-1"
"file","14/6/2009 4:0:4.8","C:\WINDOWS\explorer.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\~TMC.tmp","-1"
"file","14/6/2009 4:0:4.8","C:\WINDOWS\explorer.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\~TMC.tmp","-1"
"file","14/6/2009 4:0:4.8","C:\WINDOWS\explorer.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\~TMC.tmp","-1"
"file","14/6/2009 4:0:4.8","C:\WINDOWS\explorer.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\~TMC.tmp","-1"
"file","14/6/2009 4:0:4.8","C:\WINDOWS\explorer.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\~TMC.tmp","-1"
"file","14/6/2009 4:0:4.8","C:\WINDOWS\explorer.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\~TMC.tmp","-1"
"file","14/6/2009 4:0:4.8","C:\WINDOWS\explorer.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\~TMC.tmp","-1"
"file","14/6/2009 4:0:4.8","C:\WINDOWS\explorer.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\~TMC.tmp","-1"
"file","14/6/2009 4:0:4.8","C:\WINDOWS\explorer.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\~TMC.tmp","-1"
"file","14/6/2009 4:0:4.8","C:\WINDOWS\explorer.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\~TMC.tmp","-1"
"file","14/6/2009 4:0:4.8","C:\WINDOWS\explorer.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\~TMC.tmp","-1"
"file","14/6/2009 4:0:4.8","C:\WINDOWS\explorer.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\~TMC.tmp","-1"
"file","14/6/2009 4:0:4.8","C:\WINDOWS\explorer.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\~TMC.tmp","-1"
"file","14/6/2009 4:0:4.8","C:\WINDOWS\explorer.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\~TMC.tmp","-1"
"file","14/6/2009 4:0:4.8","C:\WINDOWS\explorer.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\~TMC.tmp","-1"
"file","14/6/2009 4:0:4.70","C:\WINDOWS\explorer.exe","Delete","C:\Documents and Settings\tttt\Local Settings\Temp\~TMC.tmp","-1"
"file","14/6/2009 4:0:4.86","C:\WINDOWS\explorer.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\~TMD.tmp","-1"
"file","14/6/2009 4:0:4.86","C:\WINDOWS\explorer.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\~TMD.tmp","-1"
"file","14/6/2009 4:0:4.86","C:\WINDOWS\explorer.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\~TMD.tmp","-1"
"file","14/6/2009 4:0:4.86","C:\WINDOWS\explorer.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\~TMD.tmp","-1"
"file","14/6/2009 4:0:4.86","C:\WINDOWS\explorer.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\~TMD.tmp","-1"
"file","14/6/2009 4:0:4.86","C:\WINDOWS\explorer.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\~TMD.tmp","-1"
"file","14/6/2009 4:0:4.86","C:\WINDOWS\explorer.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\~TMD.tmp","-1"
"file","14/6/2009 4:0:4.86","C:\WINDOWS\explorer.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\~TMD.tmp","-1"
"file","14/6/2009 4:0:4.86","C:\WINDOWS\explorer.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\~TMD.tmp","-1"
"file","14/6/2009 4:0:4.86","C:\WINDOWS\explorer.exe","Write","C:\Documents and Settings\tttt\Local Settings\Temp\~TMD.tmp","-1"
"file","14/6/2009 4:0:4.148","C:\WINDOWS\explorer.exe","Delete","C:\Documents and Settings\tttt\Local Settings\Temp\~TMD.tmp","-1"
"file","14/6/2009 4:0:5.633","C:\Documents and Settings\tttt\Local Settings\Temp\RarSFX0\install.exe","Write","C:\WINDOWS\system32\drivers\beep.sys","-1"
"process","14/6/2009 4:0:14.320","C:\WINDOWS\system32\svchost.exe","created","2900","C:\WINDOWS\system32\svchost.exe"
"file","14/6/2009 4:0:7.242","C:\WINDOWS\system32\svchost.exe","Write","C:\Documents and Settings\tttt\Application Data\wiaserva.log","-1"
"file","14/6/2009 4:0:7.242","C:\WINDOWS\system32\svchost.exe","Write","C:\Documents and Settings\tttt\Application Data\wiaserva.log","-1"
"file","14/6/2009 4:0:7.758","C:\Documents and Settings\tttt\Local Settings\Temp\RarSFX0\install.exe","Write","C:\WINDOWS\system32\drivers\beep.sys","-1"
"file","14/6/2009 4:0:7.758","C:\Documents and Settings\tttt\Local Settings\Temp\RarSFX0\install.exe","Delete","C:\Documents and Settings\tttt\Local Settings\Temp\7.tmp","-1"
"file","14/6/2009 4:0:7.758","C:\Documents and Settings\tttt\Local Settings\Temp\RarSFX0\install.exe","Write","C:\Program Files\Capture\logs\deleted_files\C\Documents and Settings\tttt\Local Settings\Temp\RarSFX0\install.exe","-1"
"file","14/6/2009 4:0:7.758","C:\Documents and Settings\tttt\Local Settings\Temp\RarSFX0\install.exe","Write","C:\Program Files\Capture\logs\deleted_files\C\Documents and Settings\tttt\Local Settings\Temp\RarSFX0\install.exe","-1"
"file","14/6/2009 4:0:7.758","C:\Documents and Settings\tttt\Local Settings\Temp\RarSFX0\install.exe","Write","C:\Program Files\Capture\logs\deleted_files\C\Documents and Settings\tttt\Local Settings\Temp\RarSFX0\install.exe","-1"
"file","14/6/2009 4:0:7.758","C:\Documents and Settings\tttt\Local Settings\Temp\RarSFX0\install.exe","Write","C:\Program Files\Capture\logs\deleted_files\C\Documents and Settings\tttt\Local Settings\Temp\RarSFX0\install.exe","-1"
"file","14/6/2009 4:0:7.758","C:\Documents and Settings\tttt\Local Settings\Temp\RarSFX0\install.exe","Write","C:\Program Files\Capture\logs\deleted_files\C\Documents and Settings\tttt\Local Settings\Temp\RarSFX0\install.exe","-1"
"file","14/6/2009 4:0:7.758","C:\Documents and Settings\tttt\Local Settings\Temp\RarSFX0\install.exe","Delete","C:\Documents and Settings\tttt\Local Settings\Temp\RarSFX0\install.exe","-1"
"file","14/6/2009 4:0:8.680","C:\WINDOWS\Temp\wpv181243627542.exe","Delete","C:\Documents and Settings\tttt\Local Settings\Temp\RarSFX0","-1"
"file","14/6/2009 4:0:8.758","C:\WINDOWS\Temp\wpv181243627542.exe","Write","C:\Documents and Settings\tttt\Application Data\Microsoft\IMJP8_1\imjp81u.dic","-1"
"file","14/6/2009 4:0:12.977","C:\WINDOWS\system32\winlogon.exe","Write","C:\WINDOWS\system32\dllcache\beep.sys.new","-1"
"process","14/6/2009 4:0:13.23","UNKNOWN","created","1300","C:\WINDOWS\system32\svchost.exe"
"registry","14/6/2009 4:0:7.773","C:\Documents and Settings\tttt\Local Settings\Temp\RarSFX0\install.exe","SetValueKey","HKLM\SYSTEM\ControlSet001\Control\Session tttt\PendingFileRenameOperations","-1"
"file","14/6/2009 4:0:16.664","System","Write","C:\Program Files\Capture\logs\deleted_files\C\Documents and Settings\tttt\Local Settings\Temp\RarSFX0\install.exe","-1"
"registry","14/6/2009 4:0:11.742","C:\WINDOWS\system32\winlogon.exe","SetValueKey","HKU\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ParseAutoexec","-1"
"file","14/6/2009 4:0:17.664","System","Write","C:\Program Files\Capture\logs\deleted_files\C\Documents and Settings\tttt\Local Settings\Temp\RarSFX0\install.exe","-1"
"file","14/6/2009 4:0:17.664","System","Write","C:\Program Files\Capture\logs\deleted_files\C\Documents and Settings\tttt\Local Settings\Temp\RarSFX0\install.exe","-1"
"file","14/6/2009 4:0:18.664","System","Write","C:\Program Files\Capture\logs\deleted_files\C\Documents and Settings\tttt\Local Settings\Temp\RarSFX0\install.exe","-1"
"file","14/6/2009 4:0:18.664","System","Write","C:\Program Files\Capture\logs\deleted_files\C\Documents and Settings\tttt\Local Settings\Temp\RarSFX0\install.exe","-1"