| Re: Lost log in cookies
Hi Robert
I set up ProcMon as you said.
I then started it, started IE and logged into Google then shut down IE.
Below you will see the results. (over two posts)
I note there is two refs to 'delete'
16:39:11.9859328 IEXPLORE.EXE 2188 CreateFile E:\Documents and
Settings\Mike\Cookies SUCCESS Desired Access: Read Data/List Directory,
Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert,
Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete,
AllocationSize: n/a, OpenResult: Opened
16:39:11.9862019 IEXPLORE.EXE 2188 QueryDirectory E:\Documents and
Settings\Mike\Cookies SUCCESS 0: ., 1: .., 2: index.dat, 3:
mike@bs.serving-sys[1].txt, 4: mike@facebook[1].txt, 5:
mike@serving-sys[2].txt
16:39:11.9866567 IEXPLORE.EXE 2188 QueryDirectory E:\Documents and
Settings\Mike\Cookies NO MORE FILES
16:39:11.9869059 IEXPLORE.EXE 2188 CloseFile E:\Documents and
Settings\Mike\Cookies SUCCESS
16:39:12.0559218 IEXPLORE.EXE 2188 CreateFile E:\Documents and
Settings\Mike\Cookies\index.dat SUCCESS Desired Access: Read Data/List
Directory, Read Attributes, Disposition: Open, Options: Non-Directory File,
Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a,
OpenResult: Opened
16:39:12.0561796 IEXPLORE.EXE 2188 CreateFileMapping E:\Documents
and Settings\Mike\Cookies\index.dat SUCCESS SyncType:
SyncTypeCreateSection, PageProtection: PAGE_READWRITE
16:39:12.0569863 IEXPLORE.EXE 2188 QueryStandardInformationFile
E:\Documents and Settings\Mike\Cookies\index.dat SUCCESS AllocationSize:
65,536, EndOfFile: 65,536, NumberOfLinks: 1, DeletePending: False, Directory:
False
16:39:12.0576483 IEXPLORE.EXE 2188 CreateFileMapping E:\Documents
and Settings\Mike\Cookies\index.dat SUCCESS SyncType: SyncTypeOther
16:39:12.0909036 IEXPLORE.EXE 2188 CloseFile E:\Documents and
Settings\Mike\Cookies\index.dat SUCCESS
16:39:12.9218078 IEXPLORE.EXE 2188 RegOpenKey
HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet
Settings\5.0\Cache\Cookies SUCCESS Desired Access: Query Value, Set Value,
Create Sub Key, Enumerate Sub Keys
16:39:12.9218588 IEXPLORE.EXE 2188 RegQueryValue
HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet
Settings\5.0\Cache\Cookies\PerUserItem SUCCESS Type: REG_DWORD, Length: 4,
Data: 1
16:39:12.9219950 IEXPLORE.EXE 2188 RegCloseKey
HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet
Settings\5.0\Cache\Cookies SUCCESS
16:39:12.9220456 IEXPLORE.EXE 2188 RegOpenKey
HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet
Settings\5.0\Cache\Cookies SUCCESS Desired Access: Query Value, Set Value,
Create Sub Key, Enumerate Sub Keys
16:39:12.9222068 IEXPLORE.EXE 2188 RegQueryValue
HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\User Shell
Folders\Cookies SUCCESS Type: REG_EXPAND_SZ, Length: 44, Data:
%USERPROFILE%\Cookies
16:39:12.9226505 IEXPLORE.EXE 2188 QueryOpen E:\Documents and
Settings\Mike\Cookies SUCCESS CreationTime: 14/07/2005 16:35:28,
LastAccessTime: 27/07/2009 16:36:34, LastWriteTime: 27/07/2009 16:36:34,
ChangeTime: 27/07/2009 16:36:34, AllocationSize: 0, EndOfFile: 0,
FileAttributes: HSDNCI
16:39:12.9228095 IEXPLORE.EXE 2188 RegSetValue
HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Shell Folders\Cookies
SUCCESS Type: REG_SZ, Length: 78, Data: E:\Documents and
Settings\Mike\Cookies
16:39:12.9235041 IEXPLORE.EXE 2188 QueryOpen E:\Documents and
Settings\Mike\Cookies SUCCESS CreationTime: 14/07/2005 16:35:28,
LastAccessTime: 27/07/2009 16:36:34, LastWriteTime: 27/07/2009 16:36:34,
ChangeTime: 27/07/2009 16:36:34, AllocationSize: 0, EndOfFile: 0,
FileAttributes: HSDNCI
16:39:12.9235444 IEXPLORE.EXE 2188 RegQueryValue
HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet
Settings\5.0\Cache\Cookies\CachePrefix SUCCESS Type: REG_SZ, Length: 16,
Data: Cookie:
16:39:12.9236269 IEXPLORE.EXE 2188 RegQueryValue
HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet
Settings\5.0\Cache\Cookies\CachePrefix SUCCESS Type: REG_SZ, Length: 16,
Data: Cookie:
16:39:12.9236945 IEXPLORE.EXE 2188 RegQueryValue
HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet
Settings\5.0\Cache\Cookies\CacheLimit SUCCESS Type: REG_DWORD, Length: 4,
Data: 8192
16:39:12.9239411 IEXPLORE.EXE 2188 RegCloseKey
HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet
Settings\5.0\Cache\Cookies SUCCESS
16:39:12.9361799 IEXPLORE.EXE 2188 QueryOpen E:\Documents and
Settings\Mike\Cookies SUCCESS CreationTime: 14/07/2005 16:35:28,
LastAccessTime: 27/07/2009 16:36:34, LastWriteTime: 27/07/2009 16:36:34,
ChangeTime: 27/07/2009 16:36:34, AllocationSize: 0, EndOfFile: 0,
FileAttributes: HSDNCI
16:39:12.9365287 IEXPLORE.EXE 2188 CreateFile E:\Documents and
Settings\Mike\Cookies SUCCESS Desired Access: Write Attributes, Synchronize,
Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point,
Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a,
OpenResult: Opened
16:39:12.9368575 IEXPLORE.EXE 2188 SetBasicInformationFile
E:\Documents and Settings\Mike\Cookies SUCCESS CreationTime: 01/01/1601
01:00:00, LastAccessTime: 01/01/1601 01:00:00, LastWriteTime: 01/01/1601
01:00:00, ChangeTime: 01/01/1601 01:00:00, FileAttributes: HSNNCI
16:39:12.9373846 IEXPLORE.EXE 2188 CloseFile E:\Documents and
Settings\Mike\Cookies SUCCESS
16:39:12.9379195 IEXPLORE.EXE 2188 CreateFile E:\Documents and
Settings\Mike\Cookies\index.dat SUCCESS Desired Access: Generic
Read/Write, Disposition: OpenIf, Options: Synchronous IO Non-Alert,
Non-Directory File, Random Access, Attributes: HSNCI, ShareMode: Read, Write,
AllocationSize: 0, OpenResult: Opened
16:39:12.9386175 IEXPLORE.EXE 2188 SetBasicInformationFile
E:\Documents and Settings\Mike\Cookies\index.dat SUCCESS CreationTime:
01/01/1601 01:00:00, LastAccessTime: 01/01/1601 01:00:00, LastWriteTime:
27/07/2009 16:39:12, ChangeTime: 01/01/1601 01:00:00, FileAttributes: n/a
16:39:12.9391550 IEXPLORE.EXE 2188 QueryStandardInformationFile
E:\Documents and Settings\Mike\Cookies\index.dat SUCCESS AllocationSize:
65,536, EndOfFile: 65,536, NumberOfLinks: 1, DeletePending: False, Directory:
False
16:39:12.9891336 IEXPLORE.EXE 2188 RegQueryValue
HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet
Settings\PerUserCookies NAME NOT FOUND Length: 144
16:39:12.9891862 IEXPLORE.EXE 2188 RegQueryValue
HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet
Settings\LeashLegacyCookies NAME NOT FOUND Length: 144
16:40:00.6855435 IEXPLORE.EXE 2188 CreateFile E:\Documents and
Settings\Mike\Cookies\mike@google.co[3].txt NAME NOT FOUND Desired
Access: Generic Read, Disposition: Open, Options: Sequential Access,
Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read,
Delete, AllocationSize: n/a
16:40:00.6858552 IEXPLORE.EXE 2188 QueryOpen E:\Documents and
Settings\Mike\Cookies\mike@google.co[3].txt NAME NOT FOUND
16:40:00.8690293 IEXPLORE.EXE 2188 RegOpenKey
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet
Settings\Cache\Special Paths\Cookies SUCCESS Desired Access: Read
16:40:00.8691263 IEXPLORE.EXE 2188 RegQueryValue
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet
Settings\Cache\Special Paths\Cookies\Directory SUCCESS Type: REG_EXPAND_SZ,
Length: 44, Data: %USERPROFILE%\Cookies
16:40:00.8692169 IEXPLORE.EXE 2188 RegQueryValue
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet
Settings\Cache\Special Paths\Cookies\Directory SUCCESS Type: REG_EXPAND_SZ,
Length: 44, Data: %USERPROFILE%\Cookies
16:40:00.8692816 IEXPLORE.EXE 2188 RegCloseKey
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet
Settings\Cache\Special Paths\Cookies SUCCESS
16:40:00.8695438 IEXPLORE.EXE 2188 CreateFile E:\Documents and
Settings\Mike\Cookies SUCCESS Desired Access: Read Data/List Directory,
Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert,
Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult:
Opened
16:40:00.8697506 IEXPLORE.EXE 2188 QueryDirectory E:\Documents and
Settings\Mike\Cookies\* SUCCESS Filter: *, 1: .
16:40:00.8699252 IEXPLORE.EXE 2188 QueryDirectory E:\Documents and
Settings\Mike\Cookies SUCCESS 0: .., 1: index.dat, 2:
mike@bs.serving-sys[1].txt, 3: mike@facebook[1].txt, 4:
mike@serving-sys[2].txt
16:40:00.8702292 IEXPLORE.EXE 2188 CreateFile E:\Documents and
Settings\Mike\Cookies\index.dat SHARING VIOLATION Desired Access: Read
Attributes, Delete, Disposition: Open, Options: Non-Directory File, Open
Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete,
AllocationSize: n/a
16:40:00.8704998 IEXPLORE.EXE 2188 CreateFile E:\Documents and
Settings\Mike\Cookies\mike@bs.serving-sys[1].txt SUCCESS Desired Access:
Read Attributes, Delete, Disposition: Open, Options: Non-Directory File, Open
Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete,
AllocationSize: n/a, OpenResult: Opened
16:40:00.8707084 IEXPLORE.EXE 2188 QueryAttributeTagFile
E:\Documents and Settings\Mike\Cookies\mike@bs.serving-sys[1].txt SUCCESS
Attributes: ANCI, ReparseTag: 0x0
16:40:00.8708588 IEXPLORE.EXE 2188 SetDispositionInformationFile
E:\Documents and Settings\Mike\Cookies\mike@bs.serving-sys[1].txt SUCCESS
Delete: True
16:40:00.8710417 IEXPLORE.EXE 2188 CloseFile E:\Documents and
Settings\Mike\Cookies\mike@bs.serving-sys[1].txt SUCCESS
16:40:00.8716033 IEXPLORE.EXE 2188 CreateFile E:\Documents and
Settings\Mike\Cookies\mike@facebook[1].txt SUCCESS Desired Access: Read
Attributes, Delete, Disposition: Open, Options: Non-Directory File, Open
Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete,
AllocationSize: n/a, OpenResult: Opened
16:40:00.8718218 IEXPLORE.EXE 2188 QueryAttributeTagFile
E:\Documents and Settings\Mike\Cookies\mike@facebook[1].txt SUCCESS
Attributes: ANCI, ReparseTag: 0x0
16:40:00.8719744 IEXPLORE.EXE 2188 SetDispositionInformationFile
E:\Documents and Settings\Mike\Cookies\mike@facebook[1].txt SUCCESS Delete:
True
16:40:00.8721522 IEXPLORE.EXE 2188 CloseFile E:\Documents and
Settings\Mike\Cookies\mike@facebook[1].txt SUCCESS
16:40:00.8726583 IEXPLORE.EXE 2188 CreateFile E:\Documents and
Settings\Mike\Cookies\mike@serving-sys[2].txt SUCCESS Desired Access: Read
Attributes, Delete, Disposition: Open, Options: Non-Directory File, Open
Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete,
AllocationSize: n/a, OpenResult: Opened
16:40:00.8728754 IEXPLORE.EXE 2188 QueryAttributeTagFile
E:\Documents and Settings\Mike\Cookies\mike@serving-sys[2].txt SUCCESS
Attributes: ANCI, ReparseTag: 0x0
16:40:00.8730439 IEXPLORE.EXE 2188 SetDispositionInformationFile
E:\Documents and Settings\Mike\Cookies\mike@serving-sys[2].txt SUCCESS
Delete: True
16:40:00.8733482 IEXPLORE.EXE 2188 CloseFile E:\Documents and
Settings\Mike\Cookies\mike@serving-sys[2].txt SUCCESS
16:40:00.8737262 IEXPLORE.EXE 2188 QueryDirectory E:\Documents and
Settings\Mike\Cookies NO MORE FILES
16:40:00.8738859 IEXPLORE.EXE 2188 CloseFile E:\Documents and
Settings\Mike\Cookies SUCCESS
16:40:03.0365875 IEXPLORE.EXE 2188 CreateFile E:\Documents and
Settings\Mike\Cookies\mike@google.co[2].txt NAME NOT FOUND Desired
Access: Generic Read, Disposition: Open, Options: Sequential Access,
Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read,
Delete, AllocationSize: n/a
16:40:03.0368904 IEXPLORE.EXE 2188 QueryOpen E:\Documents and
Settings\Mike\Cookies\mike@google.co[2].txt NAME NOT FOUND
16:40:03.0371703 IEXPLORE.EXE 2188 QueryOpen E:\Documents and
Settings\Mike\Cookies SUCCESS CreationTime: 14/07/2005 16:35:28,
LastAccessTime: 27/07/2009 16:40:00, LastWriteTime: 27/07/2009 16:40:00,
ChangeTime: 27/07/2009 16:40:00, AllocationSize: 0, EndOfFile: 0,
FileAttributes: HSDNCI
16:40:03.0373865 IEXPLORE.EXE 2188 QueryOpen E:\Documents and
Settings\Mike\Cookies\mike@google.co[1].txt NAME NOT FOUND
16:40:03.0376084 IEXPLORE.EXE 2188 CreateFile E:\Documents and
Settings\Mike\Cookies\mike@google.co[1].txt SUCCESS Desired Access:
Generic Write, Read Attributes, Disposition: Create, Options: Synchronous IO
Non-Alert, Non-Directory File, Attributes: NCI, ShareMode: Read, Write,
Delete, AllocationSize: 0, OpenResult: Created
16:40:03.0383722 IEXPLORE.EXE 2188 CloseFile E:\Documents and
Settings\Mike\Cookies\mike@google.co[1].txt SUCCESS
16:40:03.0387363 IEXPLORE.EXE 2188 CreateFile E:\Documents and
Settings\Mike\Cookies\mike@google.co[1].txt SUCCESS Desired Access:
Generic Write, Read Attributes, Disposition: Open, Options: Synchronous IO
Non-Alert, Non-Directory File, Attributes: NCI, ShareMode: None,
AllocationSize: n/a, OpenResult: Opened
16:40:03.0389585 IEXPLORE.EXE 2188 SetAllInformationFile
E:\Documents and Settings\Mike\Cookies\mike@google.co[1].txt SUCCESS
AllocationSize: 0
16:40:03.0392234 IEXPLORE.EXE 2188 WriteFile E:\Documents and
Settings\Mike\Cookies\mike@google.co[1].txt SUCCESS Offset: 0, Length: 133
16:40:03.0397049 IEXPLORE.EXE 2188 CloseFile E:\Documents and
Settings\Mike\Cookies\mike@google.co[1].txt SUCCESS
16:40:03.0418451 IEXPLORE.EXE 2188 QueryOpen E:\Documents and
Settings\Mike\Cookies\mike@google.co[1].txt SUCCESS CreationTime:
27/07/2009 16:40:03, LastAccessTime: 27/07/2009 16:40:03, LastWriteTime:
27/07/2009 16:40:03, ChangeTime: 27/07/2009 16:40:03, AllocationSize: 136,
EndOfFile: 133, FileAttributes: ANCI
16:40:03.0419415 IEXPLORE.EXE 2188 WriteFile E:\Documents and
Settings\Mike\Cookies\index.dat SUCCESS Offset: 0, Length: 4,096, I/O
Flags: Non-cached, Paging I/O, Synchronous Paging I/O
16:40:03.0422871 IEXPLORE.EXE 2188 WriteFile E:\Documents and
Settings\Mike\Cookies\index.dat SUCCESS Offset: 16,384, Length: 12,288,
I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
16:40:15.0434864 IEXPLORE.EXE 2188 QueryOpen E:\Documents and
Settings\Mike\Cookies SUCCESS CreationTime: 14/07/2005 16:35:28,
LastAccessTime: 27/07/2009 16:40:03, LastWriteTime: 27/07/2009 16:40:03,
ChangeTime: 27/07/2009 16:40:03, AllocationSize: 0, EndOfFile: 0,
FileAttributes: HSDNCI
16:40:15.0438438 IEXPLORE.EXE 2188 QueryOpen E:\Documents and
Settings\Mike\Cookies\mike@google[1].txt NAME NOT FOUND
16:40:15.0441139 IEXPLORE.EXE 2188 CreateFile E:\Documents and
Settings\Mike\Cookies\mike@google[1].txt SUCCESS Desired Access: Generic
Write, Read Attributes, Disposition: Create, Options: Synchronous IO
Non-Alert, Non-Directory File, Attributes: NCI, ShareMode: Read, Write,
Delete, AllocationSize: 0, OpenResult: Created
16:40:15.0447789 IEXPLORE.EXE 2188 CloseFile E:\Documents and
Settings\Mike\Cookies\mike@google[1].txt SUCCESS
16:40:15.0452327 IEXPLORE.EXE 2188 CreateFile E:\Documents and
Settings\Mike\Cookies\mike@google[1].txt SUCCESS Desired Access: Generic
Write, Read Attributes, Disposition: Open, Options: Synchronous IO Non-Alert,
Non-Directory File, Attributes: NCI, ShareMode: None, AllocationSize: n/a,
OpenResult: Opened
16:40:15.0455227 IEXPLORE.EXE 2188 SetAllInformationFile
E:\Documents and Settings\Mike\Cookies\mike@google[1].txt SUCCESS
AllocationSize: 0
16:40:15.0457821 IEXPLORE.EXE 2188 WriteFile E:\Documents and
Settings\Mike\Cookies\mike@google[1].txt SUCCESS Offset: 0, Length: 267
16:40:15.0460302 IEXPLORE.EXE 2188 CloseFile E:\Documents and
Settings\Mike\Cookies\mike@google[1].txt SUCCESS
16:40:15.0471656 IEXPLORE.EXE 2188 QueryOpen E:\Documents and
Settings\Mike\Cookies\mike@google[1].txt SUCCESS CreationTime: 27/07/2009
16:40:15, LastAccessTime: 27/07/2009 16:40:15, LastWriteTime: 27/07/2009
16:40:15, ChangeTime: 27/07/2009 16:40:15, AllocationSize: 272, EndOfFile:
267, FileAttributes: ANCI
16:40:15.0472678 IEXPLORE.EXE 2188 WriteFile E:\Documents and
Settings\Mike\Cookies\index.dat SUCCESS Offset: 0, Length: 4,096, I/O
Flags: Non-cached, Paging I/O, Synchronous Paging I/O
16:40:15.0474264 IEXPLORE.EXE 2188 WriteFile E:\Documents and
Settings\Mike\Cookies\index.dat SUCCESS Offset: 16,384, Length: 4,096, I/O
Flags: Non-cached, Paging I/O, Synchronous Paging I/O
16:40:15.0475451 IEXPLORE.EXE 2188 WriteFile E:\Documents and
Settings\Mike\Cookies\index.dat SUCCESS Offset: 24,576, Length: 4,096, I/O
Flags: Non-cached, Paging I/O, Synchronous Paging I/O
16:40:15.0481742 IEXPLORE.EXE 2188 QueryOpen E:\Documents and
Settings\Mike\Cookies SUCCESS CreationTime: 14/07/2005 16:35:28,
LastAccessTime: 27/07/2009 16:40:15, LastWriteTime: 27/07/2009 16:40:15,
ChangeTime: 27/07/2009 16:40:15, AllocationSize: 0, EndOfFile: 0,
FileAttributes: HSDNCI
16:40:15.0484989 IEXPLORE.EXE 2188 QueryOpen E:\Documents and
Settings\Mike\Cookies\mike@www.google[1].txt NAME NOT FOUND
16:40:15.0488853 IEXPLORE.EXE 2188 CreateFile E:\Documents and
Settings\Mike\Cookies\mike@www.google[1].txt SUCCESS Desired Access:
Generic Write, Read Attributes, Disposition: Create, Options: Synchronous IO
Non-Alert, Non-Directory File, Attributes: NCI, ShareMode: Read, Write,
Delete, AllocationSize: 0, OpenResult: Created
16:40:15.0498601 IEXPLORE.EXE 2188 CloseFile E:\Documents and
Settings\Mike\Cookies\mike@www.google[1].txt SUCCESS
16:40:15.0502901 IEXPLORE.EXE 2188 CreateFile E:\Documents and
Settings\Mike\Cookies\mike@www.google[1].txt SUCCESS Desired Access:
Generic Write, Read Attributes, Disposition: Open, Options: Synchronous IO
Non-Alert, Non-Directory File, Attributes: NCI, ShareMode: None,
AllocationSize: n/a, OpenResult: Opened
16:40:15.0505235 IEXPLORE.EXE 2188 SetAllInformationFile
E:\Documents and Settings\Mike\Cookies\mike@www.google[1].txt SUCCESS
AllocationSize: 0
16:40:15.0507525 IEXPLORE.EXE 2188 WriteFile E:\Documents and
Settings\Mike\Cookies\mike@www.google[1].txt SUCCESS Offset: 0, Length: 280
16:40:15.0509996 IEXPLORE.EXE 2188 CloseFile E:\Documents and
Settings\Mike\Cookies\mike@www.google[1].txt SUCCESS
16:40:15.0521557 IEXPLORE.EXE 2188 QueryOpen E:\Documents and
Settings\Mike\Cookies\mike@www.google[1].txt SUCCESS CreationTime:
27/07/2009 16:40:15, LastAccessTime: 27/07/2009 16:40:15, LastWriteTime:
27/07/2009 16:40:15, ChangeTime: 27/07/2009 16:40:15, AllocationSize: 280,
EndOfFile: 280, FileAttributes: ANCI
16:40:15.0522839 IEXPLORE.EXE 2188 WriteFile E:\Documents and
Settings\Mike\Cookies\index.dat SUCCESS Offset: 0, Length: 4,096, I/O
Flags: Non-cached, Paging I/O, Synchronous Paging I/O
16:40:15.0525311 IEXPLORE.EXE 2188 WriteFile E:\Documents and
Settings\Mike\Cookies\index.dat SUCCESS Offset: 16,384, Length: 4,096, I/O
Flags: Non-cached, Paging I/O, Synchronous Paging I/O
16:40:15.0526550 IEXPLORE.EXE 2188 WriteFile E:\Documents and
Settings\Mike\Cookies\index.dat SUCCESS Offset: 24,576, Length: 4,096, I/O
Flags: Non-cached, Paging I/O, Synchronous Paging I/O
16:40:15.0532093 IEXPLORE.EXE 2188 QueryOpen E:\Documents and
Settings\Mike\Cookies SUCCESS CreationTime: 14/07/2005 16:35:28,
LastAccessTime: 27/07/2009 16:40:15, LastWriteTime: 27/07/2009 16:40:15,
ChangeTime: 27/07/2009 16:40:15, AllocationSize: 0, EndOfFile: 0,
FileAttributes: HSDNCI
16:40:15.0535507 IEXPLORE.EXE 2188 QueryOpen E:\Documents and
Settings\Mike\Cookies\mike@www.google[1].txt SUCCESS CreationTime:
27/07/2009 16:40:15, LastAccessTime: 27/07/2009 16:40:15, LastWriteTime:
27/07/2009 16:40:15, ChangeTime: 27/07/2009 16:40:15, AllocationSize: 280,
EndOfFile: 280, FileAttributes: ANCI
16:40:15.0538796 IEXPLORE.EXE 2188 QueryOpen E:\Documents and
Settings\Mike\Cookies\mike@www.google[2].txt NAME NOT FOUND
16:40:15.0542378 IEXPLORE.EXE 2188 CreateFile E:\Documents and
Settings\Mike\Cookies\mike@www.google[2].txt SUCCESS Desired Access:
Generic Write, Read Attributes, Disposition: Create, Options: Synchronous IO
Non-Alert, Non-Directory File, Attributes: NCI, ShareMode: Read, Write,
Delete, AllocationSize: 0, OpenResult: Created
16:40:15.0553988 IEXPLORE.EXE 2188 CloseFile E:\Documents and
Settings\Mike\Cookies\mike@www.google[2].txt SUCCESS
16:40:15.0561874 IEXPLORE.EXE 2188 CreateFile E:\Documents and
Settings\Mike\Cookies\mike@www.google[2].txt SUCCESS Desired Access:
Generic Write, Read Attributes, Disposition: Open, Options: Synchronous IO
Non-Alert, Non-Directory File, Attributes: NCI, ShareMode: None,
AllocationSize: n/a, OpenResult: Opened
16:40:15.0564697 IEXPLORE.EXE 2188 SetAllInformationFile
E:\Documents and Settings\Mike\Cookies\mike@www.google[2].txt SUCCESS
AllocationSize: 0
16:40:15.0567099 IEXPLORE.EXE 2188 WriteFile E:\Documents and
Settings\Mike\Cookies\mike@www.google[2].txt SUCCESS Offset: 0, Length: 280
16:40:15.0569648 IEXPLORE.EXE 2188 WriteFile E:\Documents and
Settings\Mike\Cookies\mike@www.google[2].txt FAST IO DISALLOWED Offset:
280, Length: 108
16:40:15.0571091 IEXPLORE.EXE 2188 WriteFile E:\Documents and
Settings\Mike\Cookies\mike@www.google[2].txt SUCCESS Offset: 280, Length:
108
16:40:15.0573056 IEXPLORE.EXE 2188 CloseFile E:\Documents and
Settings\Mike\Cookies\mike@www.google[2].txt SUCCESS
16:40:15.0584709 IEXPLORE.EXE 2188 QueryOpen E:\Documents and
Settings\Mike\Cookies\mike@www.google[2].txt SUCCESS CreationTime:
27/07/2009 16:40:15, LastAccessTime: 27/07/2009 16:40:15, LastWriteTime:
27/07/2009 16:40:15, ChangeTime: 27/07/2009 16:40:15, AllocationSize: 392,
EndOfFile: 388, FileAttributes: ANCI
16:40:15.0588350 IEXPLORE.EXE 2188 QueryOpen E:\Documents and
Settings\Mike\Cookies\mike@www.google[1].txt SUCCESS CreationTime:
27/07/2009 16:40:15, LastAccessTime: 27/07/2009 16:40:15, LastWriteTime:
27/07/2009 16:40:15, ChangeTime: 27/07/2009 16:40:15, AllocationSize: 280,
EndOfFile: 280, FileAttributes: ANCI
16:40:15.0591843 IEXPLORE.EXE 2188 CreateFile E:\Documents and
Settings\Mike\Cookies\mike@www.google[1].txt SUCCESS Desired Access: Read
Attributes, Delete, Disposition: Open, Options: Non-Directory File, Open
Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete,
AllocationSize: n/a, OpenResult: Opened
16:40:15.0595162 IEXPLORE.EXE 2188 QueryAttributeTagFile
E:\Documents and Settings\Mike\Cookies\mike@www.google[1].txt SUCCESS
Attributes: ANCI, ReparseTag: 0x0
16:40:15.0597695 IEXPLORE.EXE 2188 SetDispositionInformationFile
E:\Documents and Settings\Mike\Cookies\mike@www.google[1].txt SUCCESS
Delete: True
16:40:15.0600495 IEXPLORE.EXE 2188 CloseFile E:\Documents and
Settings\Mike\Cookies\mike@www.google[1].txt SUCCESS
16:40:15.0603789 IEXPLORE.EXE 2188 WriteFile E:\Documents and
Settings\Mike\Cookies\index.dat SUCCESS Offset: 0, Length: 4,096, I/O
Flags: Non-cached, Paging I/O, Synchronous Paging I/O
16:40:15.0605415 IEXPLORE.EXE 2188 WriteFile E:\Documents and
Settings\Mike\Cookies\index.dat SUCCESS Offset: 16,384, Length: 4,096, I/O
Flags: Non-cached, Paging I/O, Synchronous Paging I/O
16:40:15.0606676 IEXPLORE.EXE 2188 WriteFile E:\Documents and
Settings\Mike\Cookies\index.dat SUCCESS Offset: 28,672, Length: 4,096, I/O
Flags: Non-cached, Paging I/O, Synchronous Paging I/O
16:40:15.0612536 IEXPLORE.EXE 2188 QueryOpen E:\Documents and
Settings\Mike\Cookies SUCCESS CreationTime: 14/07/2005 16:35:28,
LastAccessTime: 27/07/2009 16:40:15, LastWriteTime: 27/07/2009 16:40:15,
ChangeTime: 27/07/2009 16:40:15, AllocationSize: 0, EndOfFile: 0,
FileAttributes: HSDNCI
16:40:15.0616037 IEXPLORE.EXE 2188 QueryOpen E:\Documents and
Settings\Mike\Cookies\mike@google[1].txt SUCCESS CreationTime: 27/07/2009
16:40:15, LastAccessTime: 27/07/2009 16:40:15, LastWriteTime: 27/07/2009
16:40:15, ChangeTime: 27/07/2009 16:40:15, AllocationSize: 272, EndOfFile:
267, FileAttributes: ANCI
16:40:15.0618294 IEXPLORE.EXE 2188 QueryOpen E:\Documents and
Settings\Mike\Cookies\mike@google[2].txt NAME NOT FOUND
16:40:15.0620654 IEXPLORE.EXE 2188 CreateFile E:\Documents and
Settings\Mike\Cookies\mike@google[2].txt SUCCESS Desired Access: Generic
Write, Read Attributes, Disposition: Create, Options: Synchronous IO
Non-Alert, Non-Directory File, Attributes: NCI, ShareMode: Read, Write,
Delete, AllocationSize: 0, OpenResult: Created
16:40:15.0626917 IEXPLORE.EXE 2188 CloseFile E:\Documents and
Settings\Mike\Cookies\mike@google[2].txt SUCCESS
16:40:15.0630298 IEXPLORE.EXE 2188 CreateFile E:\Documents and
Settings\Mike\Cookies\mike@google[2].txt SUCCESS Desired Access: Generic
Write, Read Attributes, Disposition: Open, Options: Synchronous IO Non-Alert,
Non-Directory File, Attributes: NCI, ShareMode: None, AllocationSize: n/a,
OpenResult: Opened
16:40:15.0632451 IEXPLORE.EXE 2188 SetAllInformationFile
E:\Documents and Settings\Mike\Cookies\mike@google[2].txt SUCCESS
AllocationSize: 0
16:40:15.0635284 IEXPLORE.EXE 2188 WriteFile E:\Documents and
Settings\Mike\Cookies\mike@google[2].txt SUCCESS Offset: 0, Length: 267
16:40:15.0637830 IEXPLORE.EXE 2188 WriteFile E:\Documents and
Settings\Mike\Cookies\mike@google[2].txt FAST IO DISALLOWED Offset: 267,
Length: 82
16:40:15.0639244 IEXPLORE.EXE 2188 WriteFile E:\Documents and
Settings\Mike\Cookies\mike@google[2].txt SUCCESS Offset: 267, Length: 82
16:40:15.0641034 IEXPLORE.EXE 2188 CloseFile E:\Documents and
Settings\Mike\Cookies\mike@google[2].txt SUCCESS
16:40:15.0653658 IEXPLORE.EXE 2188 QueryOpen E:\Documents and
Settings\Mike\Cookies\mike@google[2].txt SUCCESS CreationTime: 27/07/2009
16:40:15, LastAccessTime: 27/07/2009 16:40:15, LastWriteTime: 27/07/2009
16:40:15, ChangeTime: 27/07/2009 16:40:15, AllocationSize: 352, EndOfFile:
349, FileAttributes: ANCI
16:40:15.0657805 IEXPLORE.EXE 2188 QueryOpen E:\Documents and
Settings\Mike\Cookies\mike@google[1].txt SUCCESS CreationTime: 27/07/2009
16:40:15, LastAccessTime: 27/07/2009 16:40:15, LastWriteTime: 27/07/2009
16:40:15, ChangeTime: 27/07/2009 16:40:15, AllocationSize: 272, EndOfFile:
267, FileAttributes: ANCI
16:40:15.0674805 IEXPLORE.EXE 2188 CreateFile E:\Documents and
Settings\Mike\Cookies\mike@google[1].txt SUCCESS Desired Access: Read
Attributes, Delete, Disposition: Open, Options: Non-Directory File, Open
Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete,
AllocationSize: n/a, OpenResult: Opened
16:40:15.0678493 IEXPLORE.EXE 2188 QueryAttributeTagFile
E:\Documents and Settings\Mike\Cookies\mike@google[1].txt SUCCESS
Attributes: ANCI, ReparseTag: 0x0
16:40:15.0705256 IEXPLORE.EXE 2188 SetDispositionInformationFile
E:\Documents and Settings\Mike\Cookies\mike@google[1].txt SUCCESS Delete:
True
16:40:15.0711351 IEXPLORE.EXE 2188 CloseFile E:\Documents and
Settings\Mike\Cookies\mike@google[1].txt SUCCESS
 |