REGISTRATOR ACTIONS
# Time sent Dur. Process Request IRP Flags FsContext Path Status More info
1 19:03:04.593 0 weqehmof.exe IRP_MJ_QUERY_INFORMATION 00000010 E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS FileNameInformation
2 19:03:04.593 0 weqehmof.exe IRP_MJ_QUERY_INFORMATION 00000010 E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS FileNameInformation
3 19:03:04.593 0 weqehmof.exe IRP_MJ_CREATE 00000884 00000000 C:\WINDOWS\Prefetch\WEQEHMOF.EXE-0341D1E1.pf STATUS_OBJECT_NAME_NOT_FOUND FILE_OPEN CreOpts: 0x00000020 Access: 0x00120089 Share: 0 Attrib: 0 Result: FILE_SUPERSEDED
4 19:03:04.593 0 weqehmof.exe IRP_MJ_CREATE 00000884 00000000 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog STATUS_SUCCESS FILE_OPEN CreOpts: 0x00000021 Access: 0x00100020 Share: 0x00000003 Attrib: 0 Result: FILE_OPENED
5 19:03:04.593 0 weqehmof.exe IRP_MJ_FILE_SYSTEM_CONTROL/IRP_MN_USER_FS_REQUEST 00000800 E296A840 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog STATUS_SUCCESS FSCTL_IS_VOLUME_MOUNTED (0x00090028)
6 19:03:04.593 0 weqehmof.exe FASTIO_QUERY_OPEN 00000000 C:[-=Error 0xc000000d Getting Name=-] STATUS_OBJECT_NAME_NOT_FOUND FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: FILE_SUPERSEDED AllocationSize: 80535010-F30EDCF0 EndOfFile: FFFFFFFF-804D8B38 Attrib: 0x00000103
7 19:03:04.593 0 weqehmof.exe IRP_MJ_READ 00000043 E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00006000 ToRead 1200 Read 1200
8 19:03:04.593 0 weqehmof.exe FASTIO_QUERY_OPEN 00000000 C:[-=Error 0xc000000d Getting Name=-] STATUS_OBJECT_NAME_NOT_FOUND FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: FILE_SUPERSEDED AllocationSize: F30EDC84-E1840C10 EndOfFile: FE75614C-805B3A5D Attrib: 0xFE75617C
9 19:03:04.593 0 weqehmof.exe FASTIO_QUERY_OPEN 00000000 C:[-=Error 0xc000000d Getting Name=-] STATUS_SUCCESS FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: 00000038 AllocationSize: 00000000-00010000 EndOfFile: 00000000-00010000 Attrib: 0x00000020
10 19:03:04.593 0 weqehmof.exe IRP_MJ_CREATE 00000884 00000000 C:\WINDOWS\system32\ShimEng.dll STATUS_SUCCESS FILE_OPEN CreOpts: 0x00000060 Access: 0x00100020 Share: 0x00000005 Attrib: 0 Result: FILE_OPENED
11 19:03:04.593 0 weqehmof.exe IRP_MJ_QUERY_INFORMATION 00001014 E1D3F9F0 C:\WINDOWS\system32\ShimEng.dll STATUS_SUCCESS FileNameInformation
12 19:03:04.593 0 weqehmof.exe IRP_MJ_CLEANUP 00000404 E1D3F9F0 C:\WINDOWS\system32\ShimEng.dll STATUS_SUCCESS
13 19:03:04.593 0 weqehmof.exe IRP_MJ_CLOSE 00000404 E1D3F9F0 C:\WINDOWS\system32\ShimEng.dll STATUS_SUCCESS
14 19:03:04.593 0 weqehmof.exe IRP_MJ_CREATE 00000884 00000000 C:\WINDOWS\AppPatch\sysmain.sdb STATUS_SUCCESS FILE_OPEN CreOpts: 0x00000060 Access: 0x00120089 Share: 0x00000001 Attrib: 0x00000080 Result: FILE_OPENED
15 19:03:04.593 0 weqehmof.exe FASTIO_QUERY_STANDARD_INFO E2B04598 C:\WINDOWS\AppPatch\sysmain.sdb STATUS_SUCCESS AllocationSize: 00000000-00123000 EndOfFile: 00000000-00122B8C NumberOfLinks: 1 DeletePending: 0 Directory: 0
16 19:03:04.593 0 weqehmof.exe FASTIO_QUERY_STANDARD_INFO E2B04598 C:\WINDOWS\AppPatch\sysmain.sdb STATUS_SUCCESS AllocationSize: 00000000-00123000 EndOfFile: 00000000-00122B8C NumberOfLinks: 1 DeletePending: 0 Directory: 0
17 19:03:04.593 0 weqehmof.exe FASTIO_QUERY_STANDARD_INFO E2B04598 C:\WINDOWS\AppPatch\sysmain.sdb STATUS_SUCCESS AllocationSize: 00000000-00123000 EndOfFile: 00000000-00122B8C NumberOfLinks: 1 DeletePending: 0 Directory: 0
18 19:03:04.593 0 weqehmof.exe IRP_MJ_CREATE 00000884 00000000 C:\WINDOWS\AppPatch\systest.sdb STATUS_OBJECT_NAME_NOT_FOUND FILE_OPEN CreOpts: 0x00000060 Access: 0x00120089 Share: 0x00000001 Attrib: 0x00000080 Result: FILE_SUPERSEDED
19 19:03:04.593 0 weqehmof.exe IRP_MJ_CLEANUP 00000404 E2B04598 C:\WINDOWS\AppPatch\sysmain.sdb STATUS_SUCCESS
20 19:03:04.593 0 weqehmof.exe IRP_MJ_CLOSE 00000404 E2B04598 C:\WINDOWS\AppPatch\sysmain.sdb STATUS_SUCCESS
21 19:03:04.609 0 weqehmof.exe FASTIO_QUERY_OPEN 00000000 C:[-=Error 0xc000000d Getting Name=-] STATUS_OBJECT_NAME_NOT_FOUND FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: FILE_SUPERSEDED AllocationSize: F639F7B4-E1840C10 EndOfFile: FE75614C-805B3A5D Attrib: 0xFE75617C
22 19:03:04.609 0 weqehmof.exe FASTIO_QUERY_OPEN 00000000 C:[-=Error 0xc000000d Getting Name=-] STATUS_SUCCESS FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: 00000038 AllocationSize: 00000000-0000F000 EndOfFile: 00000000-0000F000 Attrib: 0x00000020
23 19:03:04.609 0 weqehmof.exe IRP_MJ_CREATE 00000884 00000000 C:\WINDOWS\system32\sockspy.dll STATUS_SUCCESS FILE_OPEN CreOpts: 0x00000060 Access: 0x00100020 Share: 0x00000005 Attrib: 0 Result: FILE_OPENED
24 19:03:04.609 0 weqehmof.exe IRP_MJ_QUERY_INFORMATION 00001014 E1BFDD90 C:\WINDOWS\system32\sockspy.dll STATUS_SUCCESS FileNameInformation
25 19:03:04.609 0 weqehmof.exe IRP_MJ_CLEANUP 00000404 E1BFDD90 C:\WINDOWS\system32\sockspy.dll STATUS_SUCCESS
26 19:03:04.609 0 weqehmof.exe IRP_MJ_CLOSE 00000404 E1BFDD90 C:\WINDOWS\system32\sockspy.dll STATUS_SUCCESS
27 19:03:04.609 0 weqehmof.exe IRP_MJ_CREATE 00000884 00000000 C:\WINDOWS\system32\SHELL32.dll STATUS_SUCCESS FILE_OPEN CreOpts: 0x00000060 Access: 0x001200A9 Share: 0x00000001 Attrib: 0 Result: FILE_OPENED
28 19:03:04.609 0 weqehmof.exe FASTIO_QUERY_STANDARD_INFO E18850D0 C:\WINDOWS\system32\SHELL32.dll STATUS_SUCCESS AllocationSize: 00000000-0081D000 EndOfFile: 00000000-0081CE00 NumberOfLinks: 1 DeletePending: 0 Directory: 0
29 19:03:04.609 0 weqehmof.exe IRP_MJ_CREATE 00000884 00000000 C:\WINDOWS\system32\SHELL32.dll.124.Manifest STATUS_OBJECT_NAME_NOT_FOUND FILE_OPEN CreOpts: 0x00000060 Access: 0x001200A9 Share: 0x00000001 Attrib: 0 Result: FILE_SUPERSEDED
30 19:03:04.609 0 weqehmof.exe IRP_MJ_CREATE 00000884 00000000 C:\WINDOWS\system32\SHELL32.dll.124.Config STATUS_OBJECT_NAME_NOT_FOUND FILE_OPEN CreOpts: 0x00000060 Access: 0x001200A9 Share: 0x00000001 Attrib: 0 Result: FILE_SUPERSEDED
31 19:03:04.609 0 weqehmof.exe IRP_MJ_CLEANUP 00000404 E18850D0 C:\WINDOWS\system32\SHELL32.dll STATUS_SUCCESS
32 19:03:04.609 0 weqehmof.exe IRP_MJ_CLOSE 00000404 E18850D0 C:\WINDOWS\system32\SHELL32.dll STATUS_SUCCESS
33 19:03:04.609 0 weqehmof.exe FASTIO_QUERY_OPEN 00000000 C:[-=Error 0xc000000d Getting Name=-] STATUS_OBJECT_NAME_NOT_FOUND FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: FILE_SUPERSEDED AllocationSize: 80543D01-81B163F0 EndOfFile: 00000008-FE7560D8 Attrib: 0
34 19:03:04.609 0 weqehmof.exe FASTIO_QUERY_OPEN 00000000 C:[-=Error 0xc000000d Getting Name=-] STATUS_SUCCESS FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: 00000038 AllocationSize: 00000000-00000000 EndOfFile: 00000000-00000000 Attrib: 0x00000010
35 19:03:04.609 0 weqehmof.exe IRP_MJ_CREATE 00000884 00000000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9 STATUS_SUCCESS FILE_OPEN CreOpts: 0x00000021 Access: 0x00100020 Share: 0x00000003 Attrib: 0 Result: FILE_OPENED
36 19:03:04.609 0 weqehmof.exe IRP_MJ_CREATE 00000884 00000000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll STATUS_SUCCESS FILE_OPEN CreOpts: 0x00000060 Access: 0x00100020 Share: 0x00000005 Attrib: 0 Result: FILE_OPENED
37 19:03:04.609 0 weqehmof.exe FASTIO_QUERY_STANDARD_INFO E1D18D90 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll STATUS_SUCCESS AllocationSize: 00000000-00101000 EndOfFile: 00000000-00100800 NumberOfLinks: 1 DeletePending: 0 Directory: 0
38 19:03:04.609 0 weqehmof.exe IRP_MJ_CLEANUP 00000404 E1D18D90 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll STATUS_SUCCESS
39 19:03:04.609 0 weqehmof.exe IRP_MJ_CLOSE 00000404 E1D18D90 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll STATUS_SUCCESS
40 19:03:04.609 0 weqehmof.exe IRP_MJ_CREATE 00000884 00000000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll STATUS_SUCCESS FILE_OPEN CreOpts: 0x00000060 Access: 0x00100020 Share: 0x00000005 Attrib: 0 Result: FILE_OPENED
41 19:03:04.609 0 weqehmof.exe IRP_MJ_QUERY_INFORMATION 00001014 E1D18D90 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll STATUS_SUCCESS FileNameInformation
42 19:03:04.609 0 weqehmof.exe IRP_MJ_CLEANUP 00000404 E1D18D90 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll STATUS_SUCCESS
43 19:03:04.609 0 weqehmof.exe IRP_MJ_CLOSE 00000404 E1D18D90 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll STATUS_SUCCESS
44 19:03:04.609 0 weqehmof.exe FASTIO_QUERY_OPEN 00000000 C:[-=Error 0xc000000d Getting Name=-] STATUS_SUCCESS FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: 00000038 AllocationSize: 00000000-00001000 EndOfFile: 00000000-000002ED Attrib: 0x00000023
45 19:03:04.609 0 weqehmof.exe IRP_MJ_CREATE 00000884 00000000 C:\WINDOWS\WindowsShell.Manifest STATUS_SUCCESS FILE_OPEN CreOpts: 0x00000060 Access: 0x00100020 Share: 0x00000005 Attrib: 0 Result: FILE_OPENED
46 19:03:04.609 0 weqehmof.exe FASTIO_QUERY_STANDARD_INFO E15820D0 C:\WINDOWS\WindowsShell.Manifest STATUS_SUCCESS AllocationSize: 00000000-00001000 EndOfFile: 00000000-000002ED NumberOfLinks: 1 DeletePending: 0 Directory: 0
47 19:03:04.609 0 weqehmof.exe IRP_MJ_CLEANUP 00000404 E15820D0 C:\WINDOWS\WindowsShell.Manifest STATUS_SUCCESS
48 19:03:04.609 0 weqehmof.exe IRP_MJ_CLOSE 00000404 E15820D0 C:\WINDOWS\WindowsShell.Manifest STATUS_SUCCESS
49 19:03:04.609 0 weqehmof.exe FASTIO_QUERY_OPEN 00000000 C:[-=Error 0xc000000d Getting Name=-] STATUS_SUCCESS FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: 00000038 AllocationSize: 00000000-00001000 EndOfFile: 00000000-000002ED Attrib: 0x00000023
50 19:03:04.609 0 weqehmof.exe IRP_MJ_CREATE 00000884 00000000 C:\WINDOWS\WindowsShell.Manifest STATUS_SUCCESS FILE_OPEN CreOpts: 0x00000060 Access: 0x00120089 Share: 0x00000005 Attrib: 0 Result: FILE_OPENED
51 19:03:04.609 0 weqehmof.exe FASTIO_QUERY_STANDARD_INFO E15820D0 C:\WINDOWS\WindowsShell.Manifest STATUS_SUCCESS AllocationSize: 00000000-00001000 EndOfFile: 00000000-000002ED NumberOfLinks: 1 DeletePending: 0 Directory: 0
52 19:03:04.609 0 weqehmof.exe IRP_MJ_CLEANUP 00000404 E15820D0 C:\WINDOWS\WindowsShell.Manifest STATUS_SUCCESS
53 19:03:04.609 0 weqehmof.exe IRP_MJ_CLOSE 00000404 E15820D0 C:\WINDOWS\WindowsShell.Manifest STATUS_SUCCESS
54 19:03:04.609 0 weqehmof.exe IRP_MJ_CREATE 00000884 00000000 C:\WINDOWS\WindowsShell.Manifest STATUS_SUCCESS FILE_OPEN CreOpts: 0x00000060 Access: 0x001200A9 Share: 0x00000001 Attrib: 0 Result: FILE_OPENED
55 19:03:04.609 0 weqehmof.exe FASTIO_QUERY_STANDARD_INFO E15820D0 C:\WINDOWS\WindowsShell.Manifest STATUS_SUCCESS AllocationSize: 00000000-00001000 EndOfFile: 00000000-000002ED NumberOfLinks: 1 DeletePending: 0 Directory: 0
56 19:03:04.609 0 weqehmof.exe FASTIO_QUERY_STANDARD_INFO E15820D0 C:\WINDOWS\WindowsShell.Manifest STATUS_SUCCESS AllocationSize: 00000000-00001000 EndOfFile: 00000000-000002ED NumberOfLinks: 1 DeletePending: 0 Directory: 0
57 19:03:04.609 0 weqehmof.exe IRP_MJ_CREATE 00000884 00000000 C:\WINDOWS\WindowsShell.Config STATUS_OBJECT_NAME_NOT_FOUND FILE_OPEN CreOpts: 0x00000060 Access: 0x001200A9 Share: 0x00000001 Attrib: 0 Result: FILE_SUPERSEDED
58 19:03:04.625 0 weqehmof.exe IRP_MJ_CLEANUP 00000404 E15820D0 C:\WINDOWS\WindowsShell.Manifest STATUS_SUCCESS
59 19:03:04.625 0 weqehmof.exe IRP_MJ_CLOSE 00000404 E15820D0 C:\WINDOWS\WindowsShell.Manifest STATUS_SUCCESS
60 19:03:04.625 0 weqehmof.exe IRP_MJ_QUERY_INFORMATION 00001014 E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_BUFFER_OVERFLOW FileNameInformation
61 19:03:04.625 0 weqehmof.exe IRP_MJ_QUERY_INFORMATION 00001014 E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS FileNameInformation
62 19:03:04.625 0 weqehmof.exe IRP_MJ_SET_INFORMATION 00000834 E18A4D90 C:\WINDOWS\system32\config\software.LOG STATUS_SUCCESS FileEndOfFileInformation EndOfFile: 00000000-00006000
63 19:03:04.625 15 weqehmof.exe IRP_MJ_READ 00000043 E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00000400 ToRead 5C00 Read 5C00
64 19:03:04.640 0 weqehmof.exe FASTIO_QUERY_OPEN 00000000 C:[-=Error 0xc000000d Getting Name=-] STATUS_SUCCESS FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: 00000038 AllocationSize: 00000000-00062000 EndOfFile: 00000000-00061200 Attrib: 0x00000020
65 19:03:04.640 0 weqehmof.exe IRP_MJ_CREATE 00000884 00000000 C:\WINDOWS\system32\rpcss.dll STATUS_SUCCESS FILE_OPEN CreOpts: 0x00000060 Access: 0x00100020 Share: 0x00000005 Attrib: 0 Result: FILE_OPENED
66 19:03:04.640 0 weqehmof.exe FASTIO_QUERY_STANDARD_INFO E17EDD90 C:\WINDOWS\system32\rpcss.dll STATUS_SUCCESS AllocationSize: 00000000-00062000 EndOfFile: 00000000-00061200 NumberOfLinks: 1 DeletePending: 0 Directory: 0
67 19:03:04.640 0 weqehmof.exe IRP_MJ_CLEANUP 00000404 E17EDD90 C:\WINDOWS\system32\rpcss.dll STATUS_SUCCESS
68 19:03:04.640 0 weqehmof.exe IRP_MJ_CLOSE 00000404 E17EDD90 C:\WINDOWS\system32\rpcss.dll STATUS_SUCCESS
69 19:03:04.640 0 weqehmof.exe FASTIO_QUERY_OPEN 00000000 C:[-=Error 0xc000000d Getting Name=-] STATUS_SUCCESS FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: 00000038 AllocationSize: 00000000-00036000 EndOfFile: 00000000-00035A00 Attrib: 0x00000020
70 19:03:04.640 0 weqehmof.exe IRP_MJ_CREATE 00000884 00000000 C:\WINDOWS\system32\UxTheme.dll STATUS_SUCCESS FILE_OPEN CreOpts: 0x00000060 Access: 0x00100020 Share: 0x00000005 Attrib: 0 Result: FILE_OPENED
71 19:03:04.640 0 weqehmof.exe FASTIO_QUERY_STANDARD_INFO E1D470D0 C:\WINDOWS\system32\UxTheme.dll STATUS_SUCCESS AllocationSize: 00000000-00036000 EndOfFile: 00000000-00035A00 NumberOfLinks: 1 DeletePending: 0 Directory: 0
72 19:03:04.640 0 weqehmof.exe IRP_MJ_CLEANUP 00000404 E1D470D0 C:\WINDOWS\system32\UxTheme.dll STATUS_SUCCESS
73 19:03:04.640 0 weqehmof.exe IRP_MJ_CLOSE 00000404 E1D470D0 C:\WINDOWS\system32\UxTheme.dll STATUS_SUCCESS
74 19:03:04.640 0 weqehmof.exe FASTIO_QUERY_OPEN 00000000 C:[-=Error 0xc000000d Getting Name=-] STATUS_SUCCESS FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: 00000038 AllocationSize: 00000000-00036000 EndOfFile: 00000000-00035A00 Attrib: 0x00000020
75 19:03:04.640 0 weqehmof.exe IRP_MJ_CREATE 00000884 00000000 C:\WINDOWS\system32\UxTheme.dll STATUS_SUCCESS FILE_OPEN CreOpts: 0x00000060 Access: 0x00100020 Share: 0x00000005 Attrib: 0 Result: FILE_OPENED
76 19:03:04.640 0 weqehmof.exe IRP_MJ_QUERY_INFORMATION 00001014 E1D470D0 C:\WINDOWS\system32\UxTheme.dll STATUS_SUCCESS FileNameInformation
77 19:03:04.640 0 weqehmof.exe IRP_MJ_CLEANUP 00000404 E1D470D0 C:\WINDOWS\system32\UxTheme.dll STATUS_SUCCESS
78 19:03:04.640 0 weqehmof.exe IRP_MJ_CLOSE 00000404 E1D470D0 C:\WINDOWS\system32\UxTheme.dll STATUS_SUCCESS
79 19:03:04.640 0 weqehmof.exe FASTIO_QUERY_OPEN 00000000 C:[-=Error 0xc000000d Getting Name=-] STATUS_SUCCESS FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: 00000038 AllocationSize: 00000000-00036000 EndOfFile: 00000000-00035A00 Attrib: 0x00000020
80 19:03:04.640 0 weqehmof.exe FASTIO_QUERY_OPEN 00000000 C:[-=Error 0xc000000d Getting Name=-] STATUS_SUCCESS FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: 00000038 AllocationSize: 00000000-00036000 EndOfFile: 00000000-00035A00 Attrib: 0x00000020
81 19:03:04.640 0 weqehmof.exe FASTIO_QUERY_OPEN 00000000 C:[-=Error 0xc000000d Getting Name=-] STATUS_SUCCESS FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: 00000038 AllocationSize: 00000000-00036000 EndOfFile: 00000000-00035A00 Attrib: 0x00000020
82 19:03:04.640 0 weqehmof.exe IRP_MJ_READ 00000043 E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00007200 ToRead 400 Read 400
83 19:03:04.640 0 weqehmof.exe IRP_MJ_CREATE 00000884 00000000 C:\DOCUME~1\INTERN~1\LOCALS~1\Temp STATUS_OBJECT_NAME_COLLISION FILE_CREATE CreOpts: 0x00000021 Access: 0x00100001 Share: 0x00000003 Attrib: 0x00000080 Result: FILE_SUPERSEDED
84 19:03:04.640 0 weqehmof.exe FASTIO_QUERY_OPEN 00000000 C:[-=Error 0xc000000d Getting Name=-] STATUS_SUCCESS FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: 00000038 AllocationSize: 00000000-00000000 EndOfFile: 00000000-00000000 Attrib: 0x00000010
85 19:03:04.640 0 weqehmof.exe IRP_MJ_CREATE 00000884 00000000 C:\DOCUME~1\INTERN~1\LOCALS~1\Temp\nsd72.tmp STATUS_SUCCESS FILE_CREATE CreOpts: 0x00000060 Access: 0x00120089 Share: 0 Attrib: 0x00000080 Result: FILE_CREATED
86 19:03:04.640 0 weqehmof.exe IRP_MJ_CLEANUP 00000404 E16970D0 C:\DOCUME~1\INTERN~1\LOCALS~1\Temp\nsd72.tmp STATUS_SUCCESS
87 19:03:04.640 0 weqehmof.exe IRP_MJ_CLOSE 00000404 E16970D0 C:\DOCUME~1\INTERN~1\LOCALS~1\Temp\nsd72.tmp STATUS_SUCCESS
88 19:03:04.640 0 weqehmof.exe IRP_MJ_CREATE 00000884 00000000 C:\DOCUME~1\INTERN~1\LOCALS~1\Temp\nsd72.tmp STATUS_SUCCESS FILE_OPEN CreOpts: 0x00200040 Access: 0x00010080 Share: 0x00000007 Attrib: 0 Result: FILE_OPENED
89 19:03:04.640 0 weqehmof.exe IRP_MJ_QUERY_INFORMATION 00000874 E16970D0 C:\DOCUME~1\INTERN~1\LOCALS~1\Temp\nsd72.tmp STATUS_SUCCESS FileAttributeTagInformation
90 19:03:04.640 0 weqehmof.exe IRP_MJ_SET_INFORMATION 00000834 E16970D0 C:\DOCUME~1\INTERN~1\LOCALS~1\Temp\nsd72.tmp STATUS_SUCCESS FileDispositionInformation DeleteFile: 1
91 19:03:04.640 0 weqehmof.exe IRP_MJ_CLEANUP 00000404 E16970D0 C:\DOCUME~1\INTERN~1\LOCALS~1\Temp\nsd72.tmp STATUS_SUCCESS
92 19:03:04.640 0 weqehmof.exe IRP_MJ_CLOSE 00000404 E16970D0 C:\DOCUME~1\INTERN~1\LOCALS~1\Temp\nsd72.tmp STATUS_SUCCESS
93 19:03:04.640 0 weqehmof.exe FASTIO_QUERY_OPEN 00000000 C:[-=Error 0xc000000d Getting Name=-] STATUS_SUCCESS FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: 00000038 AllocationSize: 00000000-0000A000 EndOfFile: 00000000-00009BC8 Attrib: 0x00000020
94 19:03:04.640 0 weqehmof.exe IRP_MJ_CREATE 00000884 00000000 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS FILE_OPEN CreOpts: 0x00000060 Access: 0x00120089 Share: 0x00000001 Attrib: 0x00000020 Result: FILE_OPENED
95 19:03:04.640 0 weqehmof.exe FASTIO_QUERY_STANDARD_INFO E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS AllocationSize: 00000000-0000A000 EndOfFile: 00000000-00009BC8 NumberOfLinks: 1 DeletePending: 0 Directory: 0
96 19:03:04.640 0 weqehmof.exe IRP_MJ_READ 00000900 E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00000000 ToRead 200 Read 200
97 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00000200 ToRead 200 Read 200
98 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00000400 ToRead 200 Read 200
99 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00000600 ToRead 200 Read 200
100 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00000800 ToRead 200 Read 200
101 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00000A00 ToRead 200 Read 200
102 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00000C00 ToRead 200 Read 200
103 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00000E00 ToRead 200 Read 200
104 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00001000 ToRead 200 Read 200
105 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00001200 ToRead 200 Read 200
106 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00001400 ToRead 200 Read 200
107 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00001600 ToRead 200 Read 200
108 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00001800 ToRead 200 Read 200
109 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00001A00 ToRead 200 Read 200
110 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00001C00 ToRead 200 Read 200
111 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00001E00 ToRead 200 Read 200
112 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00002000 ToRead 200 Read 200
113 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00002200 ToRead 200 Read 200
114 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00002400 ToRead 200 Read 200
115 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00002600 ToRead 200 Read 200
116 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00002800 ToRead 200 Read 200
117 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00002A00 ToRead 200 Read 200
118 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00002C00 ToRead 200 Read 200
119 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00002E00 ToRead 200 Read 200
120 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00003000 ToRead 200 Read 200
121 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00003200 ToRead 200 Read 200
122 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00003400 ToRead 200 Read 200
123 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00003600 ToRead 200 Read 200
124 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00003800 ToRead 200 Read 200
125 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00003A00 ToRead 200 Read 200
126 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00003C00 ToRead 200 Read 200
127 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00003E00 ToRead 200 Read 200
128 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00004000 ToRead 200 Read 200
129 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00004200 ToRead 200 Read 200
130 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00004400 ToRead 200 Read 200
131 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00004600 ToRead 200 Read 200
132 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00004800 ToRead 200 Read 200
133 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00004A00 ToRead 200 Read 200
134 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00004C00 ToRead 200 Read 200
135 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00004E00 ToRead 200 Read 200
136 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00005000 ToRead 200 Read 200
137 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00005200 ToRead 200 Read 200
138 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00005400 ToRead 200 Read 200
139 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00005600 ToRead 200 Read 200
140 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00005800 ToRead 200 Read 200
141 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00005A00 ToRead 200 Read 200
142 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00005C00 ToRead 200 Read 200
143 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00005E00 ToRead 200 Read 200
144 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00006000 ToRead 200 Read 200
145 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00006200 ToRead 200 Read 200
146 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00006400 ToRead 200 Read 200
147 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00006600 ToRead 200 Read 200
148 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00006800 ToRead 200 Read 200
149 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00006A00 ToRead 200 Read 200
150 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00006C00 ToRead 200 Read 200
151 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00006E00 ToRead 200 Read 200
152 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00007000 ToRead 200 Read 200
153 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00007200 ToRead 200 Read 200
154 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00007400 ToRead 200 Read 200
155 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00007600 ToRead 200 Read 200
156 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00007800 ToRead 200 Read 200
157 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00007A00 ToRead 200 Read 200
158 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00007C00 ToRead 200 Read 200
159 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00007E00 ToRead 200 Read 200
160 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00008000 ToRead 1BC4 Read 1BC4
161 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00009BC4 ToRead 4 Read 4
162 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00007E1C ToRead 4 Read 4
163 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00007E20 ToRead 2AA Read 2AA
164 19:03:04.640 0 weqehmof.exe IRP_MJ_CREATE 00000884 00000000 C:\ STATUS_SUCCESS FILE_OPEN CreOpts: 0x00000021 Access: 0x00100001 Share: 0x00000003 Attrib: 0 Result: FILE_OPENED
165 19:03:04.640 0 weqehmof.exe IRP_MJ_DIRECTORY_CONTROL/IRP_MN_QUERY_DIRECTORY 00000800 E176E970 C:\ STATUS_SUCCESS FileBothDirectoryInformation (FileMask = WINDOW)
166 19:03:04.640 0 weqehmof.exe IRP_MJ_CLEANUP 00000404 E176E970 C:\ STATUS_SUCCESS
167 19:03:04.640 0 weqehmof.exe IRP_MJ_CLOSE 00000404 E176E970 C:\ STATUS_SUCCESS
168 19:03:04.640 0 weqehmof.exe IRP_MJ_CREATE 00000884 00000000 C:\WINDOWS STATUS_SUCCESS FILE_OPEN CreOpts: 0x00000021 Access: 0x00100001 Share: 0x00000003 Attrib: 0 Result: FILE_OPENED
169 19:03:04.640 0 weqehmof.exe IRP_MJ_DIRECTORY_CONTROL/IRP_MN_QUERY_DIRECTORY 00000800 E176CB90 C:\WINDOWS STATUS_SUCCESS FileBothDirectoryInformation (FileMask = syste)
170 19:03:04.640 0 weqehmof.exe IRP_MJ_CLEANUP 00000404 E176CB90 C:\WINDOWS STATUS_SUCCESS
171 19:03:04.640 0 weqehmof.exe IRP_MJ_CLOSE 00000404 E176CB90 C:\WINDOWS STATUS_SUCCESS
172 19:03:04.640 0 weqehmof.exe IRP_MJ_CREATE 00000884 00000000 C:\WINDOWS\system STATUS_SUCCESS FILE_OPEN CreOpts: 0x00000021 Access: 0x00100020 Share: 0x00000003 Attrib: 0 Result: FILE_OPENED
173 19:03:04.640 0 weqehmof.exe IRP_MJ_CLEANUP 00000404 E296A840 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog STATUS_SUCCESS
174 19:03:04.640 0 weqehmof.exe IRP_MJ_CLOSE 00000404 E296A840 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog STATUS_SUCCESS
175 19:03:04.640 0 weqehmof.exe FASTIO_QUERY_OPEN 00000000 C:[-=Error 0xc000000d Getting Name=-] STATUS_OBJECT_NAME_NOT_FOUND FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: FILE_SUPERSEDED AllocationSize: 805124EB-F639FC64 EndOfFile: 8191163C-0040B5C8 Attrib: 0xFE3B3CB0
176 19:03:04.640 0 weqehmof.exe IRP_MJ_CREATE 00000884 00000000 C:\WINDOWS\system\QBTool.exe STATUS_OBJECT_NAME_NOT_FOUND FILE_OPEN CreOpts: 0x00200020 Access: 0x00100100 Share: 0x00000007 Attrib: 0 Result: FILE_SUPERSEDED
177 19:03:04.640 0 weqehmof.exe FASTIO_QUERY_OPEN 00000000 C:[-=Error 0xc000000d Getting Name=-] STATUS_OBJECT_NAME_NOT_FOUND FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: FILE_SUPERSEDED AllocationSize: 80512581-F639FC64 EndOfFile: 7C83CF1B-00000000 Attrib: 0
178 19:03:04.640 0 weqehmof.exe IRP_MJ_CREATE 00000884 00000000 C:\WINDOWS\system\QBTool.exe STATUS_SUCCESS FILE_OVERWRITE_IF CreOpts: 0x00000060 Access: 0x00120196 Share: 0x00000001 Attrib: 0 Result: FILE_CREATED
179 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-000080CA ToRead 4 Read 4
180 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-000080CE ToRead 459 Read 459
181 19:03:04.640 0 &
1 19:03:04.593 0 weqehmof.exe IRP_MJ_QUERY_INFORMATION 00000010 E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS FileNameInformation
2 19:03:04.593 0 weqehmof.exe IRP_MJ_QUERY_INFORMATION 00000010 E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS FileNameInformation
3 19:03:04.593 0 weqehmof.exe IRP_MJ_CREATE 00000884 00000000 C:\WINDOWS\Prefetch\WEQEHMOF.EXE-0341D1E1.pf STATUS_OBJECT_NAME_NOT_FOUND FILE_OPEN CreOpts: 0x00000020 Access: 0x00120089 Share: 0 Attrib: 0 Result: FILE_SUPERSEDED
4 19:03:04.593 0 weqehmof.exe IRP_MJ_CREATE 00000884 00000000 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog STATUS_SUCCESS FILE_OPEN CreOpts: 0x00000021 Access: 0x00100020 Share: 0x00000003 Attrib: 0 Result: FILE_OPENED
5 19:03:04.593 0 weqehmof.exe IRP_MJ_FILE_SYSTEM_CONTROL/IRP_MN_USER_FS_REQUEST 00000800 E296A840 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog STATUS_SUCCESS FSCTL_IS_VOLUME_MOUNTED (0x00090028)
6 19:03:04.593 0 weqehmof.exe FASTIO_QUERY_OPEN 00000000 C:[-=Error 0xc000000d Getting Name=-] STATUS_OBJECT_NAME_NOT_FOUND FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: FILE_SUPERSEDED AllocationSize: 80535010-F30EDCF0 EndOfFile: FFFFFFFF-804D8B38 Attrib: 0x00000103
7 19:03:04.593 0 weqehmof.exe IRP_MJ_READ 00000043 E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00006000 ToRead 1200 Read 1200
8 19:03:04.593 0 weqehmof.exe FASTIO_QUERY_OPEN 00000000 C:[-=Error 0xc000000d Getting Name=-] STATUS_OBJECT_NAME_NOT_FOUND FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: FILE_SUPERSEDED AllocationSize: F30EDC84-E1840C10 EndOfFile: FE75614C-805B3A5D Attrib: 0xFE75617C
9 19:03:04.593 0 weqehmof.exe FASTIO_QUERY_OPEN 00000000 C:[-=Error 0xc000000d Getting Name=-] STATUS_SUCCESS FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: 00000038 AllocationSize: 00000000-00010000 EndOfFile: 00000000-00010000 Attrib: 0x00000020
10 19:03:04.593 0 weqehmof.exe IRP_MJ_CREATE 00000884 00000000 C:\WINDOWS\system32\ShimEng.dll STATUS_SUCCESS FILE_OPEN CreOpts: 0x00000060 Access: 0x00100020 Share: 0x00000005 Attrib: 0 Result: FILE_OPENED
11 19:03:04.593 0 weqehmof.exe IRP_MJ_QUERY_INFORMATION 00001014 E1D3F9F0 C:\WINDOWS\system32\ShimEng.dll STATUS_SUCCESS FileNameInformation
12 19:03:04.593 0 weqehmof.exe IRP_MJ_CLEANUP 00000404 E1D3F9F0 C:\WINDOWS\system32\ShimEng.dll STATUS_SUCCESS
13 19:03:04.593 0 weqehmof.exe IRP_MJ_CLOSE 00000404 E1D3F9F0 C:\WINDOWS\system32\ShimEng.dll STATUS_SUCCESS
14 19:03:04.593 0 weqehmof.exe IRP_MJ_CREATE 00000884 00000000 C:\WINDOWS\AppPatch\sysmain.sdb STATUS_SUCCESS FILE_OPEN CreOpts: 0x00000060 Access: 0x00120089 Share: 0x00000001 Attrib: 0x00000080 Result: FILE_OPENED
15 19:03:04.593 0 weqehmof.exe FASTIO_QUERY_STANDARD_INFO E2B04598 C:\WINDOWS\AppPatch\sysmain.sdb STATUS_SUCCESS AllocationSize: 00000000-00123000 EndOfFile: 00000000-00122B8C NumberOfLinks: 1 DeletePending: 0 Directory: 0
16 19:03:04.593 0 weqehmof.exe FASTIO_QUERY_STANDARD_INFO E2B04598 C:\WINDOWS\AppPatch\sysmain.sdb STATUS_SUCCESS AllocationSize: 00000000-00123000 EndOfFile: 00000000-00122B8C NumberOfLinks: 1 DeletePending: 0 Directory: 0
17 19:03:04.593 0 weqehmof.exe FASTIO_QUERY_STANDARD_INFO E2B04598 C:\WINDOWS\AppPatch\sysmain.sdb STATUS_SUCCESS AllocationSize: 00000000-00123000 EndOfFile: 00000000-00122B8C NumberOfLinks: 1 DeletePending: 0 Directory: 0
18 19:03:04.593 0 weqehmof.exe IRP_MJ_CREATE 00000884 00000000 C:\WINDOWS\AppPatch\systest.sdb STATUS_OBJECT_NAME_NOT_FOUND FILE_OPEN CreOpts: 0x00000060 Access: 0x00120089 Share: 0x00000001 Attrib: 0x00000080 Result: FILE_SUPERSEDED
19 19:03:04.593 0 weqehmof.exe IRP_MJ_CLEANUP 00000404 E2B04598 C:\WINDOWS\AppPatch\sysmain.sdb STATUS_SUCCESS
20 19:03:04.593 0 weqehmof.exe IRP_MJ_CLOSE 00000404 E2B04598 C:\WINDOWS\AppPatch\sysmain.sdb STATUS_SUCCESS
21 19:03:04.609 0 weqehmof.exe FASTIO_QUERY_OPEN 00000000 C:[-=Error 0xc000000d Getting Name=-] STATUS_OBJECT_NAME_NOT_FOUND FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: FILE_SUPERSEDED AllocationSize: F639F7B4-E1840C10 EndOfFile: FE75614C-805B3A5D Attrib: 0xFE75617C
22 19:03:04.609 0 weqehmof.exe FASTIO_QUERY_OPEN 00000000 C:[-=Error 0xc000000d Getting Name=-] STATUS_SUCCESS FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: 00000038 AllocationSize: 00000000-0000F000 EndOfFile: 00000000-0000F000 Attrib: 0x00000020
23 19:03:04.609 0 weqehmof.exe IRP_MJ_CREATE 00000884 00000000 C:\WINDOWS\system32\sockspy.dll STATUS_SUCCESS FILE_OPEN CreOpts: 0x00000060 Access: 0x00100020 Share: 0x00000005 Attrib: 0 Result: FILE_OPENED
24 19:03:04.609 0 weqehmof.exe IRP_MJ_QUERY_INFORMATION 00001014 E1BFDD90 C:\WINDOWS\system32\sockspy.dll STATUS_SUCCESS FileNameInformation
25 19:03:04.609 0 weqehmof.exe IRP_MJ_CLEANUP 00000404 E1BFDD90 C:\WINDOWS\system32\sockspy.dll STATUS_SUCCESS
26 19:03:04.609 0 weqehmof.exe IRP_MJ_CLOSE 00000404 E1BFDD90 C:\WINDOWS\system32\sockspy.dll STATUS_SUCCESS
27 19:03:04.609 0 weqehmof.exe IRP_MJ_CREATE 00000884 00000000 C:\WINDOWS\system32\SHELL32.dll STATUS_SUCCESS FILE_OPEN CreOpts: 0x00000060 Access: 0x001200A9 Share: 0x00000001 Attrib: 0 Result: FILE_OPENED
28 19:03:04.609 0 weqehmof.exe FASTIO_QUERY_STANDARD_INFO E18850D0 C:\WINDOWS\system32\SHELL32.dll STATUS_SUCCESS AllocationSize: 00000000-0081D000 EndOfFile: 00000000-0081CE00 NumberOfLinks: 1 DeletePending: 0 Directory: 0
29 19:03:04.609 0 weqehmof.exe IRP_MJ_CREATE 00000884 00000000 C:\WINDOWS\system32\SHELL32.dll.124.Manifest STATUS_OBJECT_NAME_NOT_FOUND FILE_OPEN CreOpts: 0x00000060 Access: 0x001200A9 Share: 0x00000001 Attrib: 0 Result: FILE_SUPERSEDED
30 19:03:04.609 0 weqehmof.exe IRP_MJ_CREATE 00000884 00000000 C:\WINDOWS\system32\SHELL32.dll.124.Config STATUS_OBJECT_NAME_NOT_FOUND FILE_OPEN CreOpts: 0x00000060 Access: 0x001200A9 Share: 0x00000001 Attrib: 0 Result: FILE_SUPERSEDED
31 19:03:04.609 0 weqehmof.exe IRP_MJ_CLEANUP 00000404 E18850D0 C:\WINDOWS\system32\SHELL32.dll STATUS_SUCCESS
32 19:03:04.609 0 weqehmof.exe IRP_MJ_CLOSE 00000404 E18850D0 C:\WINDOWS\system32\SHELL32.dll STATUS_SUCCESS
33 19:03:04.609 0 weqehmof.exe FASTIO_QUERY_OPEN 00000000 C:[-=Error 0xc000000d Getting Name=-] STATUS_OBJECT_NAME_NOT_FOUND FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: FILE_SUPERSEDED AllocationSize: 80543D01-81B163F0 EndOfFile: 00000008-FE7560D8 Attrib: 0
34 19:03:04.609 0 weqehmof.exe FASTIO_QUERY_OPEN 00000000 C:[-=Error 0xc000000d Getting Name=-] STATUS_SUCCESS FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: 00000038 AllocationSize: 00000000-00000000 EndOfFile: 00000000-00000000 Attrib: 0x00000010
35 19:03:04.609 0 weqehmof.exe IRP_MJ_CREATE 00000884 00000000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9 STATUS_SUCCESS FILE_OPEN CreOpts: 0x00000021 Access: 0x00100020 Share: 0x00000003 Attrib: 0 Result: FILE_OPENED
36 19:03:04.609 0 weqehmof.exe IRP_MJ_CREATE 00000884 00000000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll STATUS_SUCCESS FILE_OPEN CreOpts: 0x00000060 Access: 0x00100020 Share: 0x00000005 Attrib: 0 Result: FILE_OPENED
37 19:03:04.609 0 weqehmof.exe FASTIO_QUERY_STANDARD_INFO E1D18D90 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll STATUS_SUCCESS AllocationSize: 00000000-00101000 EndOfFile: 00000000-00100800 NumberOfLinks: 1 DeletePending: 0 Directory: 0
38 19:03:04.609 0 weqehmof.exe IRP_MJ_CLEANUP 00000404 E1D18D90 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll STATUS_SUCCESS
39 19:03:04.609 0 weqehmof.exe IRP_MJ_CLOSE 00000404 E1D18D90 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll STATUS_SUCCESS
40 19:03:04.609 0 weqehmof.exe IRP_MJ_CREATE 00000884 00000000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll STATUS_SUCCESS FILE_OPEN CreOpts: 0x00000060 Access: 0x00100020 Share: 0x00000005 Attrib: 0 Result: FILE_OPENED
41 19:03:04.609 0 weqehmof.exe IRP_MJ_QUERY_INFORMATION 00001014 E1D18D90 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll STATUS_SUCCESS FileNameInformation
42 19:03:04.609 0 weqehmof.exe IRP_MJ_CLEANUP 00000404 E1D18D90 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll STATUS_SUCCESS
43 19:03:04.609 0 weqehmof.exe IRP_MJ_CLOSE 00000404 E1D18D90 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll STATUS_SUCCESS
44 19:03:04.609 0 weqehmof.exe FASTIO_QUERY_OPEN 00000000 C:[-=Error 0xc000000d Getting Name=-] STATUS_SUCCESS FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: 00000038 AllocationSize: 00000000-00001000 EndOfFile: 00000000-000002ED Attrib: 0x00000023
45 19:03:04.609 0 weqehmof.exe IRP_MJ_CREATE 00000884 00000000 C:\WINDOWS\WindowsShell.Manifest STATUS_SUCCESS FILE_OPEN CreOpts: 0x00000060 Access: 0x00100020 Share: 0x00000005 Attrib: 0 Result: FILE_OPENED
46 19:03:04.609 0 weqehmof.exe FASTIO_QUERY_STANDARD_INFO E15820D0 C:\WINDOWS\WindowsShell.Manifest STATUS_SUCCESS AllocationSize: 00000000-00001000 EndOfFile: 00000000-000002ED NumberOfLinks: 1 DeletePending: 0 Directory: 0
47 19:03:04.609 0 weqehmof.exe IRP_MJ_CLEANUP 00000404 E15820D0 C:\WINDOWS\WindowsShell.Manifest STATUS_SUCCESS
48 19:03:04.609 0 weqehmof.exe IRP_MJ_CLOSE 00000404 E15820D0 C:\WINDOWS\WindowsShell.Manifest STATUS_SUCCESS
49 19:03:04.609 0 weqehmof.exe FASTIO_QUERY_OPEN 00000000 C:[-=Error 0xc000000d Getting Name=-] STATUS_SUCCESS FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: 00000038 AllocationSize: 00000000-00001000 EndOfFile: 00000000-000002ED Attrib: 0x00000023
50 19:03:04.609 0 weqehmof.exe IRP_MJ_CREATE 00000884 00000000 C:\WINDOWS\WindowsShell.Manifest STATUS_SUCCESS FILE_OPEN CreOpts: 0x00000060 Access: 0x00120089 Share: 0x00000005 Attrib: 0 Result: FILE_OPENED
51 19:03:04.609 0 weqehmof.exe FASTIO_QUERY_STANDARD_INFO E15820D0 C:\WINDOWS\WindowsShell.Manifest STATUS_SUCCESS AllocationSize: 00000000-00001000 EndOfFile: 00000000-000002ED NumberOfLinks: 1 DeletePending: 0 Directory: 0
52 19:03:04.609 0 weqehmof.exe IRP_MJ_CLEANUP 00000404 E15820D0 C:\WINDOWS\WindowsShell.Manifest STATUS_SUCCESS
53 19:03:04.609 0 weqehmof.exe IRP_MJ_CLOSE 00000404 E15820D0 C:\WINDOWS\WindowsShell.Manifest STATUS_SUCCESS
54 19:03:04.609 0 weqehmof.exe IRP_MJ_CREATE 00000884 00000000 C:\WINDOWS\WindowsShell.Manifest STATUS_SUCCESS FILE_OPEN CreOpts: 0x00000060 Access: 0x001200A9 Share: 0x00000001 Attrib: 0 Result: FILE_OPENED
55 19:03:04.609 0 weqehmof.exe FASTIO_QUERY_STANDARD_INFO E15820D0 C:\WINDOWS\WindowsShell.Manifest STATUS_SUCCESS AllocationSize: 00000000-00001000 EndOfFile: 00000000-000002ED NumberOfLinks: 1 DeletePending: 0 Directory: 0
56 19:03:04.609 0 weqehmof.exe FASTIO_QUERY_STANDARD_INFO E15820D0 C:\WINDOWS\WindowsShell.Manifest STATUS_SUCCESS AllocationSize: 00000000-00001000 EndOfFile: 00000000-000002ED NumberOfLinks: 1 DeletePending: 0 Directory: 0
57 19:03:04.609 0 weqehmof.exe IRP_MJ_CREATE 00000884 00000000 C:\WINDOWS\WindowsShell.Config STATUS_OBJECT_NAME_NOT_FOUND FILE_OPEN CreOpts: 0x00000060 Access: 0x001200A9 Share: 0x00000001 Attrib: 0 Result: FILE_SUPERSEDED
58 19:03:04.625 0 weqehmof.exe IRP_MJ_CLEANUP 00000404 E15820D0 C:\WINDOWS\WindowsShell.Manifest STATUS_SUCCESS
59 19:03:04.625 0 weqehmof.exe IRP_MJ_CLOSE 00000404 E15820D0 C:\WINDOWS\WindowsShell.Manifest STATUS_SUCCESS
60 19:03:04.625 0 weqehmof.exe IRP_MJ_QUERY_INFORMATION 00001014 E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_BUFFER_OVERFLOW FileNameInformation
61 19:03:04.625 0 weqehmof.exe IRP_MJ_QUERY_INFORMATION 00001014 E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS FileNameInformation
62 19:03:04.625 0 weqehmof.exe IRP_MJ_SET_INFORMATION 00000834 E18A4D90 C:\WINDOWS\system32\config\software.LOG STATUS_SUCCESS FileEndOfFileInformation EndOfFile: 00000000-00006000
63 19:03:04.625 15 weqehmof.exe IRP_MJ_READ 00000043 E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00000400 ToRead 5C00 Read 5C00
64 19:03:04.640 0 weqehmof.exe FASTIO_QUERY_OPEN 00000000 C:[-=Error 0xc000000d Getting Name=-] STATUS_SUCCESS FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: 00000038 AllocationSize: 00000000-00062000 EndOfFile: 00000000-00061200 Attrib: 0x00000020
65 19:03:04.640 0 weqehmof.exe IRP_MJ_CREATE 00000884 00000000 C:\WINDOWS\system32\rpcss.dll STATUS_SUCCESS FILE_OPEN CreOpts: 0x00000060 Access: 0x00100020 Share: 0x00000005 Attrib: 0 Result: FILE_OPENED
66 19:03:04.640 0 weqehmof.exe FASTIO_QUERY_STANDARD_INFO E17EDD90 C:\WINDOWS\system32\rpcss.dll STATUS_SUCCESS AllocationSize: 00000000-00062000 EndOfFile: 00000000-00061200 NumberOfLinks: 1 DeletePending: 0 Directory: 0
67 19:03:04.640 0 weqehmof.exe IRP_MJ_CLEANUP 00000404 E17EDD90 C:\WINDOWS\system32\rpcss.dll STATUS_SUCCESS
68 19:03:04.640 0 weqehmof.exe IRP_MJ_CLOSE 00000404 E17EDD90 C:\WINDOWS\system32\rpcss.dll STATUS_SUCCESS
69 19:03:04.640 0 weqehmof.exe FASTIO_QUERY_OPEN 00000000 C:[-=Error 0xc000000d Getting Name=-] STATUS_SUCCESS FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: 00000038 AllocationSize: 00000000-00036000 EndOfFile: 00000000-00035A00 Attrib: 0x00000020
70 19:03:04.640 0 weqehmof.exe IRP_MJ_CREATE 00000884 00000000 C:\WINDOWS\system32\UxTheme.dll STATUS_SUCCESS FILE_OPEN CreOpts: 0x00000060 Access: 0x00100020 Share: 0x00000005 Attrib: 0 Result: FILE_OPENED
71 19:03:04.640 0 weqehmof.exe FASTIO_QUERY_STANDARD_INFO E1D470D0 C:\WINDOWS\system32\UxTheme.dll STATUS_SUCCESS AllocationSize: 00000000-00036000 EndOfFile: 00000000-00035A00 NumberOfLinks: 1 DeletePending: 0 Directory: 0
72 19:03:04.640 0 weqehmof.exe IRP_MJ_CLEANUP 00000404 E1D470D0 C:\WINDOWS\system32\UxTheme.dll STATUS_SUCCESS
73 19:03:04.640 0 weqehmof.exe IRP_MJ_CLOSE 00000404 E1D470D0 C:\WINDOWS\system32\UxTheme.dll STATUS_SUCCESS
74 19:03:04.640 0 weqehmof.exe FASTIO_QUERY_OPEN 00000000 C:[-=Error 0xc000000d Getting Name=-] STATUS_SUCCESS FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: 00000038 AllocationSize: 00000000-00036000 EndOfFile: 00000000-00035A00 Attrib: 0x00000020
75 19:03:04.640 0 weqehmof.exe IRP_MJ_CREATE 00000884 00000000 C:\WINDOWS\system32\UxTheme.dll STATUS_SUCCESS FILE_OPEN CreOpts: 0x00000060 Access: 0x00100020 Share: 0x00000005 Attrib: 0 Result: FILE_OPENED
76 19:03:04.640 0 weqehmof.exe IRP_MJ_QUERY_INFORMATION 00001014 E1D470D0 C:\WINDOWS\system32\UxTheme.dll STATUS_SUCCESS FileNameInformation
77 19:03:04.640 0 weqehmof.exe IRP_MJ_CLEANUP 00000404 E1D470D0 C:\WINDOWS\system32\UxTheme.dll STATUS_SUCCESS
78 19:03:04.640 0 weqehmof.exe IRP_MJ_CLOSE 00000404 E1D470D0 C:\WINDOWS\system32\UxTheme.dll STATUS_SUCCESS
79 19:03:04.640 0 weqehmof.exe FASTIO_QUERY_OPEN 00000000 C:[-=Error 0xc000000d Getting Name=-] STATUS_SUCCESS FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: 00000038 AllocationSize: 00000000-00036000 EndOfFile: 00000000-00035A00 Attrib: 0x00000020
80 19:03:04.640 0 weqehmof.exe FASTIO_QUERY_OPEN 00000000 C:[-=Error 0xc000000d Getting Name=-] STATUS_SUCCESS FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: 00000038 AllocationSize: 00000000-00036000 EndOfFile: 00000000-00035A00 Attrib: 0x00000020
81 19:03:04.640 0 weqehmof.exe FASTIO_QUERY_OPEN 00000000 C:[-=Error 0xc000000d Getting Name=-] STATUS_SUCCESS FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: 00000038 AllocationSize: 00000000-00036000 EndOfFile: 00000000-00035A00 Attrib: 0x00000020
82 19:03:04.640 0 weqehmof.exe IRP_MJ_READ 00000043 E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00007200 ToRead 400 Read 400
83 19:03:04.640 0 weqehmof.exe IRP_MJ_CREATE 00000884 00000000 C:\DOCUME~1\INTERN~1\LOCALS~1\Temp STATUS_OBJECT_NAME_COLLISION FILE_CREATE CreOpts: 0x00000021 Access: 0x00100001 Share: 0x00000003 Attrib: 0x00000080 Result: FILE_SUPERSEDED
84 19:03:04.640 0 weqehmof.exe FASTIO_QUERY_OPEN 00000000 C:[-=Error 0xc000000d Getting Name=-] STATUS_SUCCESS FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: 00000038 AllocationSize: 00000000-00000000 EndOfFile: 00000000-00000000 Attrib: 0x00000010
85 19:03:04.640 0 weqehmof.exe IRP_MJ_CREATE 00000884 00000000 C:\DOCUME~1\INTERN~1\LOCALS~1\Temp\nsd72.tmp STATUS_SUCCESS FILE_CREATE CreOpts: 0x00000060 Access: 0x00120089 Share: 0 Attrib: 0x00000080 Result: FILE_CREATED
86 19:03:04.640 0 weqehmof.exe IRP_MJ_CLEANUP 00000404 E16970D0 C:\DOCUME~1\INTERN~1\LOCALS~1\Temp\nsd72.tmp STATUS_SUCCESS
87 19:03:04.640 0 weqehmof.exe IRP_MJ_CLOSE 00000404 E16970D0 C:\DOCUME~1\INTERN~1\LOCALS~1\Temp\nsd72.tmp STATUS_SUCCESS
88 19:03:04.640 0 weqehmof.exe IRP_MJ_CREATE 00000884 00000000 C:\DOCUME~1\INTERN~1\LOCALS~1\Temp\nsd72.tmp STATUS_SUCCESS FILE_OPEN CreOpts: 0x00200040 Access: 0x00010080 Share: 0x00000007 Attrib: 0 Result: FILE_OPENED
89 19:03:04.640 0 weqehmof.exe IRP_MJ_QUERY_INFORMATION 00000874 E16970D0 C:\DOCUME~1\INTERN~1\LOCALS~1\Temp\nsd72.tmp STATUS_SUCCESS FileAttributeTagInformation
90 19:03:04.640 0 weqehmof.exe IRP_MJ_SET_INFORMATION 00000834 E16970D0 C:\DOCUME~1\INTERN~1\LOCALS~1\Temp\nsd72.tmp STATUS_SUCCESS FileDispositionInformation DeleteFile: 1
91 19:03:04.640 0 weqehmof.exe IRP_MJ_CLEANUP 00000404 E16970D0 C:\DOCUME~1\INTERN~1\LOCALS~1\Temp\nsd72.tmp STATUS_SUCCESS
92 19:03:04.640 0 weqehmof.exe IRP_MJ_CLOSE 00000404 E16970D0 C:\DOCUME~1\INTERN~1\LOCALS~1\Temp\nsd72.tmp STATUS_SUCCESS
93 19:03:04.640 0 weqehmof.exe FASTIO_QUERY_OPEN 00000000 C:[-=Error 0xc000000d Getting Name=-] STATUS_SUCCESS FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: 00000038 AllocationSize: 00000000-0000A000 EndOfFile: 00000000-00009BC8 Attrib: 0x00000020
94 19:03:04.640 0 weqehmof.exe IRP_MJ_CREATE 00000884 00000000 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS FILE_OPEN CreOpts: 0x00000060 Access: 0x00120089 Share: 0x00000001 Attrib: 0x00000020 Result: FILE_OPENED
95 19:03:04.640 0 weqehmof.exe FASTIO_QUERY_STANDARD_INFO E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS AllocationSize: 00000000-0000A000 EndOfFile: 00000000-00009BC8 NumberOfLinks: 1 DeletePending: 0 Directory: 0
96 19:03:04.640 0 weqehmof.exe IRP_MJ_READ 00000900 E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00000000 ToRead 200 Read 200
97 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00000200 ToRead 200 Read 200
98 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00000400 ToRead 200 Read 200
99 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00000600 ToRead 200 Read 200
100 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00000800 ToRead 200 Read 200
101 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00000A00 ToRead 200 Read 200
102 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00000C00 ToRead 200 Read 200
103 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00000E00 ToRead 200 Read 200
104 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00001000 ToRead 200 Read 200
105 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00001200 ToRead 200 Read 200
106 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00001400 ToRead 200 Read 200
107 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00001600 ToRead 200 Read 200
108 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00001800 ToRead 200 Read 200
109 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00001A00 ToRead 200 Read 200
110 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00001C00 ToRead 200 Read 200
111 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00001E00 ToRead 200 Read 200
112 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00002000 ToRead 200 Read 200
113 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00002200 ToRead 200 Read 200
114 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00002400 ToRead 200 Read 200
115 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00002600 ToRead 200 Read 200
116 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00002800 ToRead 200 Read 200
117 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00002A00 ToRead 200 Read 200
118 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00002C00 ToRead 200 Read 200
119 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00002E00 ToRead 200 Read 200
120 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00003000 ToRead 200 Read 200
121 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00003200 ToRead 200 Read 200
122 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00003400 ToRead 200 Read 200
123 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00003600 ToRead 200 Read 200
124 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00003800 ToRead 200 Read 200
125 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00003A00 ToRead 200 Read 200
126 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00003C00 ToRead 200 Read 200
127 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00003E00 ToRead 200 Read 200
128 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00004000 ToRead 200 Read 200
129 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00004200 ToRead 200 Read 200
130 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00004400 ToRead 200 Read 200
131 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00004600 ToRead 200 Read 200
132 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00004800 ToRead 200 Read 200
133 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00004A00 ToRead 200 Read 200
134 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00004C00 ToRead 200 Read 200
135 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00004E00 ToRead 200 Read 200
136 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00005000 ToRead 200 Read 200
137 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00005200 ToRead 200 Read 200
138 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00005400 ToRead 200 Read 200
139 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00005600 ToRead 200 Read 200
140 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00005800 ToRead 200 Read 200
141 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00005A00 ToRead 200 Read 200
142 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00005C00 ToRead 200 Read 200
143 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00005E00 ToRead 200 Read 200
144 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00006000 ToRead 200 Read 200
145 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00006200 ToRead 200 Read 200
146 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00006400 ToRead 200 Read 200
147 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00006600 ToRead 200 Read 200
148 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00006800 ToRead 200 Read 200
149 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00006A00 ToRead 200 Read 200
150 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00006C00 ToRead 200 Read 200
151 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00006E00 ToRead 200 Read 200
152 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00007000 ToRead 200 Read 200
153 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00007200 ToRead 200 Read 200
154 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00007400 ToRead 200 Read 200
155 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00007600 ToRead 200 Read 200
156 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00007800 ToRead 200 Read 200
157 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00007A00 ToRead 200 Read 200
158 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00007C00 ToRead 200 Read 200
159 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00007E00 ToRead 200 Read 200
160 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00008000 ToRead 1BC4 Read 1BC4
161 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00009BC4 ToRead 4 Read 4
162 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00007E1C ToRead 4 Read 4
163 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-00007E20 ToRead 2AA Read 2AA
164 19:03:04.640 0 weqehmof.exe IRP_MJ_CREATE 00000884 00000000 C:\ STATUS_SUCCESS FILE_OPEN CreOpts: 0x00000021 Access: 0x00100001 Share: 0x00000003 Attrib: 0 Result: FILE_OPENED
165 19:03:04.640 0 weqehmof.exe IRP_MJ_DIRECTORY_CONTROL/IRP_MN_QUERY_DIRECTORY 00000800 E176E970 C:\ STATUS_SUCCESS FileBothDirectoryInformation (FileMask = WINDOW)
166 19:03:04.640 0 weqehmof.exe IRP_MJ_CLEANUP 00000404 E176E970 C:\ STATUS_SUCCESS
167 19:03:04.640 0 weqehmof.exe IRP_MJ_CLOSE 00000404 E176E970 C:\ STATUS_SUCCESS
168 19:03:04.640 0 weqehmof.exe IRP_MJ_CREATE 00000884 00000000 C:\WINDOWS STATUS_SUCCESS FILE_OPEN CreOpts: 0x00000021 Access: 0x00100001 Share: 0x00000003 Attrib: 0 Result: FILE_OPENED
169 19:03:04.640 0 weqehmof.exe IRP_MJ_DIRECTORY_CONTROL/IRP_MN_QUERY_DIRECTORY 00000800 E176CB90 C:\WINDOWS STATUS_SUCCESS FileBothDirectoryInformation (FileMask = syste)
170 19:03:04.640 0 weqehmof.exe IRP_MJ_CLEANUP 00000404 E176CB90 C:\WINDOWS STATUS_SUCCESS
171 19:03:04.640 0 weqehmof.exe IRP_MJ_CLOSE 00000404 E176CB90 C:\WINDOWS STATUS_SUCCESS
172 19:03:04.640 0 weqehmof.exe IRP_MJ_CREATE 00000884 00000000 C:\WINDOWS\system STATUS_SUCCESS FILE_OPEN CreOpts: 0x00000021 Access: 0x00100020 Share: 0x00000003 Attrib: 0 Result: FILE_OPENED
173 19:03:04.640 0 weqehmof.exe IRP_MJ_CLEANUP 00000404 E296A840 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog STATUS_SUCCESS
174 19:03:04.640 0 weqehmof.exe IRP_MJ_CLOSE 00000404 E296A840 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog STATUS_SUCCESS
175 19:03:04.640 0 weqehmof.exe FASTIO_QUERY_OPEN 00000000 C:[-=Error 0xc000000d Getting Name=-] STATUS_OBJECT_NAME_NOT_FOUND FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: FILE_SUPERSEDED AllocationSize: 805124EB-F639FC64 EndOfFile: 8191163C-0040B5C8 Attrib: 0xFE3B3CB0
176 19:03:04.640 0 weqehmof.exe IRP_MJ_CREATE 00000884 00000000 C:\WINDOWS\system\QBTool.exe STATUS_OBJECT_NAME_NOT_FOUND FILE_OPEN CreOpts: 0x00200020 Access: 0x00100100 Share: 0x00000007 Attrib: 0 Result: FILE_SUPERSEDED
177 19:03:04.640 0 weqehmof.exe FASTIO_QUERY_OPEN 00000000 C:[-=Error 0xc000000d Getting Name=-] STATUS_OBJECT_NAME_NOT_FOUND FILE_OPEN CreOpts: 0x00200000 Access: 0x00000080 Share: 0x00000007 Attrib: 0 Result: FILE_SUPERSEDED AllocationSize: 80512581-F639FC64 EndOfFile: 7C83CF1B-00000000 Attrib: 0
178 19:03:04.640 0 weqehmof.exe IRP_MJ_CREATE 00000884 00000000 C:\WINDOWS\system\QBTool.exe STATUS_SUCCESS FILE_OVERWRITE_IF CreOpts: 0x00000060 Access: 0x00120196 Share: 0x00000001 Attrib: 0 Result: FILE_CREATED
179 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-000080CA ToRead 4 Read 4
180 19:03:04.640 0 weqehmof.exe FASTIO_READ E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS Offset 00000000-000080CE ToRead 459 Read 459
181 19:03:04.640 0 &