177399	5:51:46.2247470 PM	MaLa106be.exe	6436	QueryDirectory	L:\Theme\plugins\*.mplugin	SUCCESS	Filter: *.mplugin, 1: MaLaLauncher.mplugin
177437	5:51:46.2251392 PM	MaLa106be.exe	6436	QueryOpen	L:\Theme\plugins\MaLaLauncher.mplugin	SUCCESS	CreationTime: 9/27/2008 9:28:42 PM, LastAccessTime: 9/29/2008 9:14:26 AM, LastWriteTime: 5/30/2008 9:19:54 AM, ChangeTime: 9/27/2008 2:51:33 PM, AllocationSize: 12,288, EndOfFile: 9,728, FileAttributes: A
178944	5:51:46.2447696 PM	MaLa106be.exe	6436	CreateFile	L:\Theme\plugins\MaLaLauncher.mplugin	SUCCESS	Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
180611	5:51:46.2705877 PM	MaLa106be.exe	6436	QueryStandardInformationFile	L:\Theme\plugins\MaLaLauncher.mplugin	SUCCESS	AllocationSize: 12,288, EndOfFile: 9,728, NumberOfLinks: 1, DeletePending: False, Directory: False
180615	5:51:46.2707662 PM	MaLa106be.exe	6436	CloseFile	L:\Theme\plugins\MaLaLauncher.mplugin	SUCCESS	
180617	5:51:46.2710129 PM	MaLa106be.exe	6436	QueryOpen	L:\Theme\plugins\MaLaLauncher.mplugin	SUCCESS	CreationTime: 9/27/2008 9:28:42 PM, LastAccessTime: 9/29/2008 5:51:46 PM, LastWriteTime: 5/30/2008 9:19:54 AM, ChangeTime: 9/27/2008 2:51:33 PM, AllocationSize: 12,288, EndOfFile: 9,728, FileAttributes: A
180618	5:51:46.2711537 PM	MaLa106be.exe	6436	CreateFile	L:\Theme\plugins\MaLaLauncher.mplugin	SUCCESS	Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
180638	5:51:46.2717027 PM	MaLa106be.exe	6436	QueryStandardInformationFile	L:\Theme\plugins\MaLaLauncher.mplugin	SUCCESS	AllocationSize: 12,288, EndOfFile: 9,728, NumberOfLinks: 1, DeletePending: False, Directory: False
180652	5:51:46.2720080 PM	MaLa106be.exe	6436	CloseFile	L:\Theme\plugins\MaLaLauncher.mplugin	SUCCESS	
180654	5:51:46.2722592 PM	MaLa106be.exe	6436	Load Image	L:\Theme\plugins\MaLaLauncher.mplugin	SUCCESS	Image Base: 0x1580000, Image Size: 0x6000
180655	5:51:46.2722840 PM	MaLa106be.exe	6436	ReadFile	L:\Theme\plugins\MaLaLauncher.mplugin	SUCCESS	Offset: 8,704, Length: 1,024, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
180671	5:51:46.2732168 PM	MaLa106be.exe	6436	ReadFile	L:\Theme\plugins\MaLaLauncher.mplugin	SUCCESS	Offset: 1,024, Length: 3,584, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
180694	5:51:46.2740094 PM	MaLa106be.exe	6436	ReadFile	L:\Theme\plugins\MaLaLauncher.mplugin	SUCCESS	Offset: 4,608, Length: 2,048, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
180714	5:51:46.2746584 PM	MaLa106be.exe	6436	ReadFile	L:\Theme\plugins\MaLaLauncher.mplugin	SUCCESS	Offset: 7,168, Length: 1,536, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
180728	5:51:46.2752691 PM	MaLa106be.exe	6436	RegOpenKey	HKCU	SUCCESS	Desired Access: Maximum Allowed
180729	5:51:46.2752917 PM	MaLa106be.exe	6436	RegOpenKey	HKCU\Software\Policies\Microsoft\Control Panel\Desktop	NAME NOT FOUND	Desired Access: Read
180730	5:51:46.2753062 PM	MaLa106be.exe	6436	RegOpenKey	HKCU\Control Panel\Desktop	SUCCESS	Desired Access: Read
180731	5:51:46.2753244 PM	MaLa106be.exe	6436	RegQueryValue	HKCU\Control Panel\Desktop\MultiUILanguageId	NAME NOT FOUND	Length: 256
180732	5:51:46.2753657 PM	MaLa106be.exe	6436	RegCloseKey	HKCU\Control Panel\Desktop	SUCCESS	
180733	5:51:46.2753747 PM	MaLa106be.exe	6436	RegCloseKey	HKCU	SUCCESS	
180743	5:51:46.2759284 PM	MaLa106be.exe	6436	CreateFile	L:\Theme\plugins\MaLaLauncher.mplugin.2.Manifest	NAME NOT FOUND	Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a
180747	5:51:46.2762868 PM	MaLa106be.exe	6436	CreateFile	L:\Theme\plugins\MaLaLauncher.mplugin.2.Config	NAME NOT FOUND	Desired Access: Generic Read/Execute, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a
181324	5:51:46.2945614 PM	MaLa106be.exe	6436	QueryDirectory	L:\Theme\plugins	SUCCESS	0: MatureAlarm.mplugin
181335	5:51:46.2948070 PM	MaLa106be.exe	6436	QueryOpen	L:\Theme\plugins\MatureAlarm.mplugin	SUCCESS	CreationTime: 9/28/2008 9:17:44 AM, LastAccessTime: 9/29/2008 9:14:27 AM, LastWriteTime: 10/12/2006 12:17:10 PM, ChangeTime: 9/28/2008 9:17:44 AM, AllocationSize: 81,920, EndOfFile: 81,920, FileAttributes: A
182074	5:51:46.3122380 PM	MaLa106be.exe	6436	CreateFile	L:\Theme\plugins\MatureAlarm.mplugin	SUCCESS	Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
182675	5:51:46.3505884 PM	MaLa106be.exe	6436	QueryStandardInformationFile	L:\Theme\plugins\MatureAlarm.mplugin	SUCCESS	AllocationSize: 81,920, EndOfFile: 81,920, NumberOfLinks: 1, DeletePending: False, Directory: False
182679	5:51:46.3506758 PM	MaLa106be.exe	6436	CloseFile	L:\Theme\plugins\MatureAlarm.mplugin	SUCCESS	
182681	5:51:46.3509365 PM	MaLa106be.exe	6436	QueryOpen	L:\Theme\plugins\MatureAlarm.mplugin	SUCCESS	CreationTime: 9/28/2008 9:17:44 AM, LastAccessTime: 9/29/2008 5:51:46 PM, LastWriteTime: 10/12/2006 12:17:10 PM, ChangeTime: 9/28/2008 9:17:44 AM, AllocationSize: 81,920, EndOfFile: 81,920, FileAttributes: A
182682	5:51:46.3510748 PM	MaLa106be.exe	6436	CreateFile	L:\Theme\plugins\MatureAlarm.mplugin	SUCCESS	Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
182689	5:51:46.3513391 PM	MaLa106be.exe	6436	QueryStandardInformationFile	L:\Theme\plugins\MatureAlarm.mplugin	SUCCESS	AllocationSize: 81,920, EndOfFile: 81,920, NumberOfLinks: 1, DeletePending: False, Directory: False
182698	5:51:46.3515606 PM	MaLa106be.exe	6436	CloseFile	L:\Theme\plugins\MatureAlarm.mplugin	SUCCESS	
182699	5:51:46.3515905 PM	MaLa106be.exe	6436	ReadFile	L:\Theme\plugins\MatureAlarm.mplugin	SUCCESS	Offset: 67,072, Length: 14,848, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
182705	5:51:46.3527507 PM	MaLa106be.exe	6436	Load Image	L:\Theme\plugins\MatureAlarm.mplugin	SUCCESS	Image Base: 0x1580000, Image Size: 0x18000
182706	5:51:46.3527733 PM	MaLa106be.exe	6436	ReadFile	L:\Theme\plugins\MatureAlarm.mplugin	SUCCESS	Offset: 50,688, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
182707	5:51:46.3533122 PM	MaLa106be.exe	6436	ReadFile	L:\Theme\plugins\MatureAlarm.mplugin	SUCCESS	Offset: 1,024, Length: 32,768, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
182708	5:51:46.3547311 PM	MaLa106be.exe	6436	ReadFile	L:\Theme\plugins\MatureAlarm.mplugin	SUCCESS	Offset: 33,792, Length: 12,288, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
182709	5:51:46.3555737 PM	MaLa106be.exe	6436	ReadFile	L:\Theme\plugins\MatureAlarm.mplugin	SUCCESS	Offset: 46,080, Length: 1,536, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
182710	5:51:46.3560782 PM	MaLa106be.exe	6436	ReadFile	L:\Theme\plugins\MatureAlarm.mplugin	SUCCESS	Offset: 54,784, Length: 12,288, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
182711	5:51:46.3569998 PM	MaLa106be.exe	6436	ReadFile	L:\Theme\plugins\MatureAlarm.mplugin	SUCCESS	Offset: 47,616, Length: 2,560, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
182712	5:51:46.3578164 PM	MaLa106be.exe	6436	ReadFile	L:\Theme\plugins\MatureAlarm.mplugin	SUCCESS	Offset: 50,176, Length: 512, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
182713	5:51:46.3583067 PM	MaLa106be.exe	6436	RegOpenKey	HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MatureAlarm.mplugin	NAME NOT FOUND	Desired Access: Read
182714	5:51:46.3583601 PM	MaLa106be.exe	6436	RegOpenKey	HKCU\Software\Borland\Locales	NAME NOT FOUND	Desired Access: All Access
182715	5:51:46.3583777 PM	MaLa106be.exe	6436	RegOpenKey	HKCU\Software\Borland\Delphi\Locales	NAME NOT FOUND	Desired Access: All Access
182716	5:51:46.3586171 PM	MaLa106be.exe	6436	QueryOpen	L:\Theme\plugins\MatureAlarm.ENU	NAME NOT FOUND	
182717	5:51:46.3587897 PM	MaLa106be.exe	6436	QueryOpen	L:\Theme\plugins\MatureAlarm.ENU	NAME NOT FOUND	
182718	5:51:46.3589238 PM	MaLa106be.exe	6436	QueryOpen	L:\Theme\plugins\MatureAlarm.ENU.DLL	NAME NOT FOUND	
182719	5:51:46.3590649 PM	MaLa106be.exe	6436	QueryOpen	L:\Theme\plugins\MatureAlarm.EN	NAME NOT FOUND	
182720	5:51:46.3592065 PM	MaLa106be.exe	6436	QueryOpen	L:\Theme\plugins\MatureAlarm.EN	NAME NOT FOUND	
182721	5:51:46.3593348 PM	MaLa106be.exe	6436	QueryOpen	L:\Theme\plugins\MatureAlarm.EN.DLL	NAME NOT FOUND	
182722	5:51:46.3595351 PM	MaLa106be.exe	6436	QueryDirectory	L:\Theme\plugins	NO MORE FILES	
182723	5:51:46.3595990 PM	MaLa106be.exe	6436	CloseFile	L:\Theme\plugins	SUCCESS	
182725	5:51:46.3598678 PM	MaLa106be.exe	6436	QueryOpen	L:\Theme\backups	SUCCESS	CreationTime: 9/10/2008 7:23:59 AM, LastAccessTime: 9/29/2008 5:51:45 PM, LastWriteTime: 9/10/2008 7:23:59 AM, ChangeTime: 9/10/2008 7:23:59 AM, AllocationSize: 0, EndOfFile: 0, FileAttributes: D
182726	5:51:46.3608545 PM	MaLa106be.exe	6436	QueryOpen	L:\Theme\MaLa106be.exe	SUCCESS	CreationTime: 9/27/2008 11:58:51 AM, LastAccessTime: 9/29/2008 5:51:44 PM, LastWriteTime: 9/27/2008 3:16:56 PM, ChangeTime: 9/29/2008 5:51:44 PM, AllocationSize: 3,362,816, EndOfFile: 3,360,256, FileAttributes: A
182727	5:51:46.3625410 PM	MaLa106be.exe	6436	ReadFile	L:\Theme\MaLa106be.exe	SUCCESS	Offset: 3,338,752, Length: 16,384, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
182846	5:51:46.3812336 PM	MaLa106be.exe	6436	ReadFile	L:\Theme\MaLa106be.exe	SUCCESS	Offset: 3,322,368, Length: 16,384, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
182848	5:51:46.3823321 PM	MaLa106be.exe	6436	RegOpenKey	HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion	SUCCESS	Desired Access: All Access
182849	5:51:46.3823796 PM	MaLa106be.exe	6436	RegQueryValue	HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductName	SUCCESS	Type: REG_SZ, Length: 42, Data: Microsoft Windows XP
182850	5:51:46.3823969 PM	MaLa106be.exe	6436	RegQueryValue	HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductName	SUCCESS	Type: REG_SZ, Length: 42, Data: Microsoft Windows XP
182851	5:51:46.3824067 PM	MaLa106be.exe	6436	RegQueryValue	HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductName	SUCCESS	Type: REG_SZ, Length: 42, Data: Microsoft Windows XP
182852	5:51:46.3824148 PM	MaLa106be.exe	6436	RegQueryValue	HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductName	SUCCESS	Type: REG_SZ, Length: 42, Data: Microsoft Windows XP
182853	5:51:46.3824240 PM	MaLa106be.exe	6436	RegQueryValue	HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CurrentVersion	SUCCESS	Type: REG_SZ, Length: 8, Data: 5.1
182854	5:51:46.3824335 PM	MaLa106be.exe	6436	RegQueryValue	HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CurrentVersion	SUCCESS	Type: REG_SZ, Length: 8, Data: 5.1
182855	5:51:46.3824422 PM	MaLa106be.exe	6436	RegQueryValue	HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CurrentVersion	SUCCESS	Type: REG_SZ, Length: 8, Data: 5.1
182856	5:51:46.3824503 PM	MaLa106be.exe	6436	RegQueryValue	HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CurrentVersion	SUCCESS	Type: REG_SZ, Length: 8, Data: 5.1
182857	5:51:46.3824662 PM	MaLa106be.exe	6436	RegCloseKey	HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion	SUCCESS	
182858	5:51:46.3825738 PM	MaLa106be.exe	6436	RegOpenKey	HKCU\Software\Microsoft\Multimedia\DrawDib	SUCCESS	Desired Access: Maximum Allowed
182859	5:51:46.3826154 PM	MaLa106be.exe	6436	RegQueryValue	HKCU\Software\Microsoft\Multimedia\DrawDib\Halftone	NAME NOT FOUND	Length: 144
182860	5:51:46.3826260 PM	MaLa106be.exe	6436	RegQueryValue	HKCU\Software\Microsoft\Multimedia\DrawDib\DrawToBitmap	NAME NOT FOUND	Length: 144
182861	5:51:46.3826352 PM	MaLa106be.exe	6436	RegQueryValue	HKCU\Software\Microsoft\Multimedia\DrawDib\DecompressToBitmap	NAME NOT FOUND	Length: 144
182862	5:51:46.3826439 PM	MaLa106be.exe	6436	RegQueryValue	HKCU\Software\Microsoft\Multimedia\DrawDib\DecompressToScreen	NAME NOT FOUND	Length: 144
182863	5:51:46.3826576 PM	MaLa106be.exe	6436	ReadFile	C:\WINDOWS\system32\msvfw32.dll	SUCCESS	Offset: 29,696, Length: 32,768, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
182880	5:51:46.3971776 PM	MaLa106be.exe	6436	RegQueryValue	HKCU\Software\Microsoft\Multimedia\DrawDib\dva	NAME NOT FOUND	Length: 144
182881	5:51:46.3973575 PM	MaLa106be.exe	6436	QueryOpen	L:\Theme\DCIMAN32.DLL	NAME NOT FOUND	
182882	5:51:46.3975698 PM	MaLa106be.exe	6436	QueryOpen	C:\WINDOWS\system32\dciman32.dll	SUCCESS	CreationTime: 3/31/2003 5:00:00 AM, LastAccessTime: 9/29/2008 5:51:45 PM, LastWriteTime: 4/14/2008 5:41:52 AM, ChangeTime: 8/27/2008 8:13:20 PM, AllocationSize: 12,288, EndOfFile: 8,704, FileAttributes: A
182883	5:51:46.3977746 PM	MaLa106be.exe	6436	CreateFile	C:\WINDOWS\system32\dciman32.dll	SUCCESS	Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
182890	5:51:46.3980956 PM	MaLa106be.exe	6436	CloseFile	C:\WINDOWS\system32\dciman32.dll	SUCCESS	
182893	5:51:46.3983436 PM	MaLa106be.exe	6436	Load Image	C:\WINDOWS\system32\dciman32.dll	SUCCESS	Image Base: 0x73bc0000, Image Size: 0x6000
182894	5:51:46.3984241 PM	MaLa106be.exe	6436	RegOpenKey	HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DCIMAN32.DLL	NAME NOT FOUND	Desired Access: Read
182895	5:51:46.3986523 PM	MaLa106be.exe	6436	RegOpenKey	HKLM\System\CurrentControlSet\Control\Video\{34CEAD39-9961-40A6-9F38-FDBC9BFC83F4}\0000	SUCCESS	Desired Access: Read, Maximum Allowed
182896	5:51:46.3986886 PM	MaLa106be.exe	6436	RegQueryValue	HKLM\System\CurrentControlSet\Control\Video\{34CEAD39-9961-40A6-9F38-FDBC9BFC83F4}\0000\D3D_10491844	NAME NOT FOUND	Length: 130
   |
   | CONTINUES ON WITH A LOT OF HKLM AND WIN DLL STUFF.
   |
  \/