9:33:32.4510216 PM	vmtoolsd.exe	1144	CreateFile	C:\bin\blah.txt	NAME NOT FOUND	Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: FS92008-TST\Administrator
9:33:32.4512318 PM	vmtoolsd.exe	1144	CreateFile	C:\bin	SUCCESS	Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: FS92008-TST\Administrator, OpenResult: Opened
9:33:32.4512856 PM	vmtoolsd.exe	1144	QueryNetworkOpenInformationFile	C:\bin	SUCCESS	CreationTime: 14/02/2013 2:55:10 PM, LastAccessTime: 7/03/2013 9:32:41 PM, LastWriteTime: 7/03/2013 9:32:41 PM, ChangeTime: 7/03/2013 9:32:41 PM, AllocationSize: 1/01/1601 9:30:00 AM, EndOfFile: 1/01/1601 9:30:00 AM, FileAttributes: D
9:33:32.4513092 PM	vmtoolsd.exe	1144	CloseFile	C:\bin	SUCCESS	
9:33:32.4514899 PM	vmtoolsd.exe	1144	CreateFile	C:\bin\vmware197	SUCCESS	Desired Access: Generic Read/Write, Disposition: Create, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: 0, Impersonating: FS92008-TST\Administrator, OpenResult: Created
9:33:32.4516789 PM	vmtoolsd.exe	1144	CloseFile	C:\bin\vmware197	SUCCESS	
9:33:32.4517488 PM	vmtoolsd.exe	1144	ReadFile	C:	SUCCESS	Offset: 6,586,368, Length: 80, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal
9:33:32.4519220 PM	Explorer.EXE	436	NotifyChangeDirectory	C:\bin	SUCCESS	Filter: FILE_NOTIFY_CHANGE_FILE_NAME, FILE_NOTIFY_CHANGE_ATTRIBUTES, FILE_NOTIFY_CHANGE_LAST_WRITE
9:33:32.4519351 PM	vmtoolsd.exe	1144	CreateFile	C:\bin\vmware197	SUCCESS	Desired Access: Read Attributes, Delete, Disposition: Open, Options: Non-Directory File, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: FS92008-TST\Administrator, OpenResult: Opened
9:33:32.4519768 PM	Explorer.EXE	436	NotifyChangeDirectory	C:\	SUCCESS	Filter: FILE_NOTIFY_CHANGE_FILE_NAME, FILE_NOTIFY_CHANGE_ATTRIBUTES, FILE_NOTIFY_CHANGE_LAST_WRITE
9:33:32.4520031 PM	vmtoolsd.exe	1144	QueryAttributeTagFile	C:\bin\vmware197	SUCCESS	Attributes: A, ReparseTag: 0x0
9:33:32.4520276 PM	vmtoolsd.exe	1144	SetDispositionInformationFile	C:\bin\vmware197	SUCCESS	Delete: True
9:33:32.4520548 PM	vmtoolsd.exe	1144	CloseFile	C:\bin\vmware197	SUCCESS	
9:33:32.4521598 PM	Explorer.EXE	436	NotifyChangeDirectory	C:\bin		Filter: FILE_NOTIFY_CHANGE_FILE_NAME, FILE_NOTIFY_CHANGE_ATTRIBUTES, FILE_NOTIFY_CHANGE_LAST_WRITE
9:33:33.4660290 PM	Explorer.EXE	436	CreateFile	C:\	SUCCESS	Desired Access: Read Data/List Directory, Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
9:33:33.4660962 PM	Explorer.EXE	436	FileSystemControl	C:\	INVALID DEVICE REQUEST	Control: FSCTL_LMR_QUERY_DEBUG_INFO
9:33:33.4661248 PM	Explorer.EXE	436	QueryDirectory	C:\bin	SUCCESS	Filter: bin, 1: bin
9:33:33.4661752 PM	Explorer.EXE	436	CloseFile	C:\	SUCCESS	
9:33:33.4663485 PM	Explorer.EXE	436	ReadFile	C:\Windows\System32\ExplorerFrame.dll	SUCCESS	Offset: 1,437,696, Length: 7,168, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal
9:33:33.4668524 PM	Explorer.EXE	436	CreateFile	C:\bin	SUCCESS	Desired Access: Read Data/List Directory, Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
9:33:33.4668937 PM	Explorer.EXE	436	FileSystemControl	C:\bin	INVALID DEVICE REQUEST	Control: FSCTL_LMR_QUERY_DEBUG_INFO
9:33:33.4669180 PM	Explorer.EXE	436	QueryDirectory	C:\bin\vmware197	NO SUCH FILE	Filter: vmware197
9:33:33.4669491 PM	Explorer.EXE	436	CloseFile	C:\bin	SUCCESS	
9:33:33.4670369 PM	Explorer.EXE	436	NotifyChangeDirectory	C:\		Filter: FILE_NOTIFY_CHANGE_FILE_NAME, FILE_NOTIFY_CHANGE_ATTRIBUTES, FILE_NOTIFY_CHANGE_LAST_WRITE
9:33:33.4671877 PM	Explorer.EXE	436	CreateFile	C:\bin\vmware197	NAME NOT FOUND	Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a
9:33:33.4675413 PM	Explorer.EXE	436	CreateFile	C:\bin	SUCCESS	Desired Access: Read Data/List Directory, Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
9:33:33.4675830 PM	Explorer.EXE	436	FileSystemControl	C:\bin	INVALID DEVICE REQUEST	Control: FSCTL_LMR_QUERY_DEBUG_INFO
9:33:33.4676085 PM	Explorer.EXE	436	QueryDirectory	C:\bin	SUCCESS	0: ., 1: .., 2: addDisk.ps1, 3: Eula.txt, 4: joinDomain.ps1, 5: myd2.txt, 6: myd3.txt, 7: myd4.txt, 8: procmon.chm, 9: Procmon.exe, 10: Procmon64.exe, 11: temp
9:33:33.4677655 PM	Explorer.EXE	436	QueryDirectory	C:\bin	NO MORE FILES	
9:33:33.4678971 PM	Explorer.EXE	436	CloseFile	C:\bin	SUCCESS