# Time of Day Thread Module API Return Value Error Duration 1 12:50:44.929 AM 1 MSCTF.dll GetCurrentProcessId ( ) 1780 0.0000056 2 12:50:44.929 AM 1 MSCTF.dll GetCurrentProcessId ( ) 1780 0.0000045 3 12:50:45.550 AM 2 SHELL32.dll IsOS ( 33 ) FALSE 0.0000061 4 12:50:45.550 AM 1 MSCTF.dll GetCurrentProcessId ( ) 1780 0.0000053 5 12:50:45.550 AM 1 MSCTF.dll GetCurrentProcessId ( ) 1780 0.0000045 6 12:50:45.550 AM 2 MSCTF.dll OpenProcess ( STANDARD_RIGHTS_ALL | PROCESS_CREATE_PROCESS | PROCESS_CREATE_THREAD | PROCESS_DUP_HANDLE | PROCESS_QUERY_INFORMATION | PROCESS_SET_INFORMATION | PROCESS_SET_QUOTA | PROCESS_SET_SESSIONID | PROCESS_SUSPEND_RESUME | PROCESS_TERMINATE | PROCESS_VM_OPERATION | P, FALSE, 1872 ) 0x00000570 0.0000101 7 12:50:45.550 AM 2 MSCTF.dll GetCurrentProcess ( ) GetCurrentProcess() 0.0000045 8 12:50:45.560 AM 2 MSCTF.dll GetCurrentProcess ( ) GetCurrentProcess() 0.0000050 9 12:50:45.560 AM 2 comctl32.dll GetCurrentProcessId ( ) 1780 0.0000045 10 12:50:45.560 AM 2 comctl32.dll GetCurrentProcessId ( ) 1780 0.0000061 11 12:50:45.560 AM 2 comctl32.dll GetCurrentProcessId ( ) 1780 0.0000059 12 12:50:45.560 AM 2 comctl32.dll GetCurrentProcessId ( ) 1780 0.0000064 13 12:50:45.560 AM 2 comctl32.dll GetCurrentProcessId ( ) 1780 0.0000073 14 12:50:45.560 AM 2 comctl32.dll GetCurrentProcessId ( ) 1780 0.0000064 15 12:50:45.600 AM 1 MSCTF.dll GetCurrentProcess ( ) GetCurrentProcess() 0.0000059 16 12:50:45.600 AM 1 MSCTF.dll GetCurrentProcess ( ) GetCurrentProcess() 0.0000045 17 12:50:45.600 AM 1 MSCTF.dll GetCurrentProcess ( ) GetCurrentProcess() 0.0000045 18 12:50:46.301 AM 2 SHELL32.dll PathRemoveBlanksW ( "hello.bat" ) 0.0000059 19 12:50:46.301 AM 2 SHELL32.dll StrCpyNW ( 0x0214dc48, "hello.bat", 2084 ) 0x0214dc48 0.0000045 20 12:50:46.301 AM 2 SHELL32.dll PathRemoveArgsW ( "hello.bat" ) 0.0000056 21 12:50:46.301 AM 2 SHELL32.dll PathUnquoteSpacesW ( "hello.bat" ) 0.0000047 22 12:50:46.301 AM 2 SHELL32.dll PathGetDriveNumberW ( "hello.bat" ) -1 0.0000045 23 12:50:46.311 AM 3 comctl32.dll GetCurrentProcessId ( ) 1780 0.0000064 24 12:50:46.311 AM 3 comctl32.dll GetCurrentProcessId ( ) 1780 0.0000059 25 12:50:46.311 AM 1 comctl32.dll GetCurrentProcessId ( ) 1780 0.0000064 26 12:50:46.311 AM 1 comctl32.dll GetCurrentProcessId ( ) 1780 0.0000059 27 12:50:46.311 AM 1 comctl32.dll QISearch ( 0x000d3c28, 0x774220fc, {46eb5926-582e-4017-9fdf-e8998daa0950}, 0x00f2f6a4 ) S_OK 0.0000059 28 12:50:46.311 AM 1 MSCTF.dll GetCurrentProcessId ( ) 1780 0.0000059 29 12:50:46.311 AM 1 MSCTF.dll GetCurrentProcessId ( ) 1780 0.0000056 30 12:50:46.311 AM 1 MSCTF.dll GetCurrentProcessId ( ) 1780 0.0000059 31 12:50:46.311 AM 1 MSCTF.dll GetCurrentProcessId ( ) 1780 0.0000056 32 12:50:46.311 AM 3 MSCTF.dll OpenProcess ( STANDARD_RIGHTS_ALL | PROCESS_CREATE_PROCESS | PROCESS_CREATE_THREAD | PROCESS_DUP_HANDLE | PROCESS_QUERY_INFORMATION | PROCESS_SET_INFORMATION | PROCESS_SET_QUOTA | PROCESS_SET_SESSIONID | PROCESS_SUSPEND_RESUME | PROCESS_TERMINATE | PROCESS_VM_OPERATION | P, FALSE, 1872 ) 0x0000064c 0.0000120 33 12:50:46.311 AM 3 MSCTF.dll GetCurrentProcess ( ) GetCurrentProcess() 0.0000059 34 12:50:46.311 AM 2 SHELL32.dll IsOS ( 33 ) FALSE 0.0000073 35 12:50:46.311 AM 1 Explorer.EXE QISearch ( 0x000c0160, 0x01006288, {69b3f106-0f04-11d3-ae2e-00c04f8eea99}, 0x00f2fc64 ) E_NOINTERFACE 0x80004002 = No such interface supported 0.0000064 36 12:50:46.311 AM 1 Explorer.EXE QISearch ( 0x000c0160, 0x01006288, {ea5f2d61-e008-11cf-99cb-00c04fd64497}, 0x00f2fc48 ) E_NOINTERFACE 0x80004002 = No such interface supported 0.0000056 37 12:50:46.311 AM 1 BROWSEUI.dll QISearch ( 0x000c0ad0, 0x75eb9e18, {ea5f2d61-e008-11cf-99cb-00c04fd64497}, 0x00f2fc48 ) S_OK 0.0000061 38 12:50:46.311 AM 1 Explorer.EXE SHIsChildOrSelf ( 0x0001005e, 0x000a0094 ) S_FALSE 0.0000061 39 12:50:46.311 AM 2 SHELL32.dll UrlIsW ( "hello.bat", URLIS_URL ) FALSE 0.0000073 40 12:50:46.311 AM 2 SHELL32.dll StrChrW ( "hello.bat", ' ' ) NULL 0.0000056 41 12:50:46.311 AM 2 SHELL32.dll PathUnquoteSpacesW ( "hello.bat" ) 0.0000059 42 12:50:46.311 AM 2 SHELL32.dll UrlIsW ( "hello.bat", URLIS_URL ) FALSE 0.0000064 43 12:50:46.311 AM 2 SHELL32.dll StrChrW ( "hello.bat", '\' ) NULL 0.0000053 44 12:50:46.311 AM 2 SHELL32.dll StrChrW ( "hello.bat", ':' ) NULL 0.0000056 45 12:50:46.311 AM 2 SHELL32.dll SHRegGetBoolUSValueW ( "Software\Microsoft\Windows\CurrentVersion\Explorer", "MaximizeApps", FALSE, FALSE ) FALSE 0.0000486 46 12:50:46.311 AM 2 SHELL32.dll GetCurrentProcessId ( ) 1780 0.0000056 47 12:50:46.311 AM 2 comctl32.dll GetCurrentProcessId ( ) 1780 0.0000053 48 12:50:46.311 AM 1 Explorer.EXE QISearch ( 0x000c0160, 0x01006288, {69b3f106-0f04-11d3-ae2e-00c04f8eea99}, 0x00f2fc64 ) E_NOINTERFACE 0x80004002 = No such interface supported 0.0000061 49 12:50:46.311 AM 1 Explorer.EXE QISearch ( 0x000c0160, 0x01006288, {ea5f2d61-e008-11cf-99cb-00c04fd64497}, 0x00f2fc48 ) E_NOINTERFACE 0x80004002 = No such interface supported 0.0000059 50 12:50:46.311 AM 1 BROWSEUI.dll QISearch ( 0x000c0ad0, 0x75eb9e18, {ea5f2d61-e008-11cf-99cb-00c04fd64497}, 0x00f2fc48 ) S_OK 0.0000059 51 12:50:46.311 AM 2 SHELL32.dll IsOS ( 28 ) FALSE 0.0000067 52 12:50:46.311 AM 2 SHELL32.dll StrCpyNW ( 0x027729dc, "C:\Documents and Settings\Administrator", 260 ) 0x027729dc 0.0000059 53 12:50:46.311 AM 2 SHELL32.dll PathIsDirectoryW ( "C:\Documents and Settings\Administrator" ) TRUE 0.0000355 54 12:50:46.311 AM 2 SHLWAPI.dll GetFileAttributesW ( "C:\Documents and Settings\Administrator" ) FILE_ATTRIBUTE_DIRECTORY 0.0000240 55 12:50:46.311 AM 2 SHELL32.dll StrCmpICW ( "C:\Documents and Settings\Administrator", ".\" ) 53 0.0000056 56 12:50:46.311 AM 2 SHELL32.dll UrlIsW ( "hello.bat", URLIS_URL ) FALSE 0.0000061 57 12:50:46.311 AM 2 SHELL32.dll StrCpyNW ( 0x02771994, "hello.bat", 2084 ) 0x02771994 0.0011717 58 12:50:46.321 AM 2 SHELL32.dll PathUnquoteSpacesW ( "hello.bat" ) 0.0000061 59 12:50:46.321 AM 2 SHELL32.dll PathIsRootW ( "hello.bat" ) FALSE 0.0000064 60 12:50:46.321 AM 2 SHLWAPI.dll GetFileAttributesW ( "hello.bat" ) INVALID_FILE_ATTRIBUTES 2 = The system cannot find the file specified. 0.0000430 61 12:50:46.321 AM 2 SHELL32.dll StrDupW ( "hello.bat" ) 0x0215f4e0 0.0000064 62 12:50:46.321 AM 2 SHELL32.dll QISearch ( 0x0009cdb0, 0x7c8d7074, IShellFolder, 0x0214e7ac ) S_OK 0.0000061 63 12:50:46.321 AM 2 SHELL32.dll PathIsUNCW ( "hello.bat" ) FALSE 0.0000056 64 12:50:46.321 AM 2 SHELL32.dll UrlIsW ( "hello.bat", URLIS_URL ) FALSE 0.0000061 65 12:50:46.321 AM 2 SHELL32.dll SHGetValueW ( 0x0000077c, NULL, "SuppressionPolicy", NULL, 0x0214e64c, 0x0214e640 ) ERROR_FILE_NOT_FOUND 2 = The system cannot find the file specified. 0.0000089 66 12:50:46.321 AM 2 SHELL32.dll GUIDFromStringW ( "{11016101-E366-4D22-BC06-4ADA335C892B}", {00140008-23ff-77e6-0000-000060f21502} ) TRUE 0.0000078 67 12:50:46.321 AM 2 SHELL32.dll SHGetValueW ( 0x0000077c, NULL, "SuppressionPolicy", NULL, 0x0214e64c, 0x0214e640 ) ERROR_FILE_NOT_FOUND 2 = The system cannot find the file specified. 0.0000081 68 12:50:46.321 AM 2 SHELL32.dll GUIDFromStringW ( "{1f4de370-d627-11d1-ba4f-00a0c91eedba}", IE History and Feeds Shell Data Source for Windows Search ) TRUE 0.0000078 69 12:50:46.321 AM 2 SHELL32.dll SHGetValueW ( 0x0000077c, NULL, "SuppressionPolicy", NULL, 0x0214e64c, 0x0214e640 ) ERROR_FILE_NOT_FOUND 2 = The system cannot find the file specified. 0.0000087 70 12:50:46.321 AM 2 SHELL32.dll GUIDFromStringW ( "{450D8FBA-AD25-11D0-98A8-0800361B1103}", Computer Search Results Folder ) TRUE 0.0000073 71 12:50:46.321 AM 2 SHELL32.dll SHGetValueW ( 0x0000077c, NULL, "SuppressionPolicy", NULL, 0x0214e64c, 0x0214e640 ) ERROR_FILE_NOT_FOUND 2 = The system cannot find the file specified. 0.0000081 72 12:50:46.321 AM 2 SHELL32.dll GUIDFromStringW ( "{645FF040-5081-101B-9F08-00AA002F954E}", {450d8fba-ad25-11d0-98a8-0800361b1103} ) TRUE 0.0000070 73 12:50:46.321 AM 2 SHELL32.dll SHGetValueW ( 0x0000077c, NULL, "SuppressionPolicy", NULL, 0x0214e64c, 0x0214e640 ) ERROR_FILE_NOT_FOUND 2 = The system cannot find the file specified. 0.0000081 74 12:50:46.321 AM 2 SHELL32.dll GUIDFromStringW ( "{e17d4fc0-5564-11d1-83f2-00a0c90dc849}", Recycle Bin ) TRUE 0.0000073 75 12:50:46.321 AM 2 SHELL32.dll SHSkipJunction ( 0x00167378, My Computer ) FALSE 0.0000070 76 12:50:46.321 AM 2 SHELL32.dll SHQueryValueExW ( 0x0000077e, "WantsParseDisplayName", NULL, NULL, NULL, NULL ) ERROR_FILE_NOT_FOUND 2 = The system cannot find the file specified. 0.0000399 77 12:50:46.321 AM 2 SHELL32.dll SHSkipJunction ( 0x00167378, My Network Places ) FALSE 0.0000070 78 12:50:46.321 AM 2 SHELL32.dll SHQueryValueExW ( 0x0000077e, "WantsParseDisplayName", NULL, NULL, NULL, NULL ) ERROR_FILE_NOT_FOUND 2 = The system cannot find the file specified. 0.0000271 79 12:50:46.321 AM 2 SHELL32.dll SHSkipJunction ( 0x00167378, {871c5380-42a0-1069-a2ea-08002b30309d} ) FALSE 0.0000064 80 12:50:46.321 AM 2 SHELL32.dll SHQueryValueExW ( 0x0000077e, "WantsParseDisplayName", NULL, NULL, NULL, NULL ) ERROR_SUCCESS 0.0000268 81 12:50:46.321 AM 2 SHELL32.dll StrCpyNW ( 0x0214e52c, "{871C5380-42A0-1069-A2EA-08002B30309D}", 103 ) 0x0214e52c 0.0000056 82 12:50:46.321 AM 2 SHELL32.dll StrCpyNW ( 0x0214e078, "CLSID\", 167 ) 0x0214e078 0.0000056 83 12:50:46.321 AM 2 SHELL32.dll StrCatBuffW ( "CLSID\", "{871C5380-42A0-1069-A2EA-08002B30309D}", 167 ) 0x0214e078 0.0000059 84 12:50:46.321 AM 2 SHELL32.dll StrCatBuffW ( "CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}", "\InProcServer32", 167 ) 0x0214e078 0.0000075 85 12:50:46.321 AM 2 SHELL32.dll SHQueryValueExW ( 0x0000077e, NULL, NULL, NULL, 0x0214e324, 0x0214e06c ) ERROR_SUCCESS 0.0000271 86 12:50:46.321 AM 2 SHELL32.dll SHQueryValueExW ( 0x0000077e, "LoadWithoutCOM", NULL, NULL, NULL, NULL ) ERROR_FILE_NOT_FOUND 2 = The system cannot find the file specified. 0.0000232 87 12:50:46.321 AM 2 SHELL32.dll PathFindFileNameW ( "C:\WINDOWS\system32\ieframe.dll" ) 0x0214e34c 0.0000047 88 12:50:46.321 AM 2 SHELL32.dll SHQueryValueExW ( 0x00000340, "{871C5380-42A0-1069-A2EA-08002B30309D}", NULL, NULL, NULL, NULL ) ERROR_FILE_NOT_FOUND 2 = The system cannot find the file specified. 0.0000061 89 12:50:46.321 AM 2 SHELL32.dll SHQueryValueExW ( 0x00000328, "{871C5380-42A0-1069-A2EA-08002B30309D}", NULL, NULL, NULL, NULL ) ERROR_FILE_NOT_FOUND 2 = The system cannot find the file specified. 0.0000059 90 12:50:46.321 AM 2 ieframe.dll ILGetSize ( 0x0215f5c0 ) 22 0.0000059 91 12:50:46.321 AM 2 urlmon.dll PathIsUNCW ( "hello.bat" ) FALSE 0.0000056 92 12:50:46.321 AM 2 SHELL32.dll SHSkipJunction ( 0x00167378, IE History and Feeds Shell Data Source for Windows Search ) FALSE 0.0000064 93 12:50:46.321 AM 2 SHELL32.dll SHQueryValueExW ( 0x0000077e, "WantsParseDisplayName", NULL, NULL, NULL, NULL ) ERROR_FILE_NOT_FOUND 2 = The system cannot find the file specified. 0.0000279 94 12:50:46.321 AM 2 SHELL32.dll SHSkipJunction ( 0x00167378, Computer Search Results Folder ) FALSE 0.0000061 95 12:50:46.321 AM 2 SHELL32.dll SHQueryValueExW ( 0x0000077e, "WantsParseDisplayName", NULL, NULL, NULL, NULL ) ERROR_FILE_NOT_FOUND 2 = The system cannot find the file specified. 0.0000263 96 12:50:46.321 AM 2 SHELL32.dll SHSkipJunction ( 0x00167378, {450d8fba-ad25-11d0-98a8-0800361b1103} ) FALSE 0.0000061 97 12:50:46.321 AM 2 SHELL32.dll SHQueryValueExW ( 0x0000077e, "WantsParseDisplayName", NULL, NULL, NULL, NULL ) ERROR_FILE_NOT_FOUND 2 = The system cannot find the file specified. 0.0000299 98 12:50:46.321 AM 2 SHELL32.dll SHSkipJunction ( 0x00167378, Recycle Bin ) FALSE 0.0000064 99 12:50:46.321 AM 2 SHELL32.dll SHQueryValueExW ( 0x0000077e, "WantsParseDisplayName", NULL, NULL, NULL, NULL ) ERROR_FILE_NOT_FOUND 2 = The system cannot find the file specified. 0.0000257 100 12:50:46.321 AM 2 SHELL32.dll SHSkipJunction ( 0x00167378, Search Results Folder ) FALSE 0.0000064 101 12:50:46.321 AM 2 SHELL32.dll SHQueryValueExW ( 0x0000077e, "WantsParseDisplayName", NULL, NULL, NULL, NULL ) ERROR_FILE_NOT_FOUND 2 = The system cannot find the file specified. 0.0000260 102 12:50:46.321 AM 2 SHELL32.dll UrlIsW ( "hello.bat", URLIS_URL ) FALSE 0.0000064 103 12:50:46.321 AM 2 SHELL32.dll PathIsUNCW ( "hello.bat" ) FALSE 0.0000056 104 12:50:46.321 AM 2 SHELL32.dll GUIDFromStringW ( "{AEB6717E-7E19-11d0-97EE-00C04FD91972}", IID_NULL ) TRUE 0.0000075 105 12:50:46.321 AM 2 SHELL32.dll StrCpyNW ( 0x0214e574, "{AEB6717E-7E19-11D0-97EE-00C04FD91972}", 103 ) 0x0214e574 0.0000059 106 12:50:46.321 AM 2 SHELL32.dll StrCpyNW ( 0x0214e0c0, "CLSID\", 167 ) 0x0214e0c0 0.0000059 107 12:50:46.321 AM 2 SHELL32.dll StrCatBuffW ( "CLSID\", "{AEB6717E-7E19-11D0-97EE-00C04FD91972}", 167 ) 0x0214e0c0 0.0000059 108 12:50:46.321 AM 2 SHELL32.dll StrCatBuffW ( "CLSID\{AEB6717E-7E19-11D0-97EE-00C04FD91972}", "\InProcServer32", 167 ) 0x0214e0c0 0.0000059 109 12:50:46.321 AM 2 SHELL32.dll SHQueryValueExW ( 0x00000572, NULL, NULL, NULL, 0x0214e36c, 0x0214e0b4 ) ERROR_SUCCESS 0.0000324 110 12:50:46.321 AM 2 SHELL32.dll SHQueryValueExW ( 0x00000572, "LoadWithoutCOM", NULL, NULL, NULL, NULL ) ERROR_FILE_NOT_FOUND 2 = The system cannot find the file specified. 0.0000249 111 12:50:46.321 AM 2 SHELL32.dll PathFindFileNameW ( "shell32.dll" ) 0x0214e36c 0.0000059 112 12:50:46.321 AM 2 SHELL32.dll PathFindFileNameW ( "hello.bat" ) 0x02771994 0.0000053 113 12:50:46.321 AM 2 SHELL32.dll PathFindFileNameW ( "hello.bat" ) 0x02771994 0.0000056 114 12:50:46.321 AM 2 SHELL32.dll PathFindExtensionW ( "Software\Microsoft\Windows\CurrentVersion\App Paths\hello.bat" ) 0x0214e3ea 0.0000061 115 12:50:46.321 AM 2 SHELL32.dll SHRegGetValueW ( HKEY_LOCAL_MACHINE, "Software\Microsoft\Windows\CurrentVersion\App Paths\hello.bat", NULL, SRRF_RT_REG_SZ, NULL, 0x0214e598, 0x0214e374 ) ERROR_FILE_NOT_FOUND 2 = The system cannot find the file specified. 0.0000151 116 12:50:46.321 AM 2 SHELL32.dll PathUnquoteSpacesW ( "hello.bat" ) 0.0000047 117 12:50:46.321 AM 2 SHELL32.dll PathIsRootW ( "hello.bat" ) FALSE 0.0000047 118 12:50:46.321 AM 2 SHELL32.dll PathIsFileSpecW ( "hello.bat" ) TRUE 0.0000042 119 12:50:46.321 AM 2 SHELL32.dll PathFindExtensionW ( "hello.bat" ) 0x0277199e 0.0000042 120 12:50:46.321 AM 2 SHELL32.dll PathFindOnPathW ( "hello.bat", 0x0214e7b4 ) TRUE 0.0001383 121 12:50:46.321 AM 2 SHLWAPI.dll GetFileAttributesW ( "C:\Documents and Settings\Administrator\hello.bat" ) INVALID_FILE_ATTRIBUTES 2 = The system cannot find the file specified. 0.0000369 122 12:50:46.321 AM 2 SHLWAPI.dll GetFileAttributesW ( "C:\WINDOWS\system32\hello.bat" ) INVALID_FILE_ATTRIBUTES 2 = The system cannot find the file specified. 0.0000277 123 12:50:46.321 AM 2 SHLWAPI.dll GetFileAttributesW ( "C:\WINDOWS\System\hello.bat" ) INVALID_FILE_ATTRIBUTES 2 = The system cannot find the file specified. 0.0000193 124 12:50:46.321 AM 2 SHLWAPI.dll GetFileAttributesW ( "C:\WINDOWS\hello.bat" ) FILE_ATTRIBUTE_ARCHIVE 0.0000145 125 12:50:46.321 AM 2 SHELL32.dll PathIsUNCW ( "C:\WINDOWS\hello.bat" ) FALSE 0.0000042 126 12:50:46.321 AM 2 SHELL32.dll PathGetDriveNumberW ( "C:\WINDOWS\hello.bat" ) 2 0.0000042 127 12:50:46.321 AM 2 SHELL32.dll PathFindExtensionW ( "C:\WINDOWS\hello.bat" ) 0x027719b4 0.0000053 128 12:50:46.321 AM 2 SHELL32.dll PathFindExtensionW ( "C:\WINDOWS\hello.bat" ) 0x027719b4 0.0000042 129 12:50:46.321 AM 2 SHELL32.dll GetFileAttributesW ( "C:\WINDOWS\hello.bat" ) FILE_ATTRIBUTE_ARCHIVE 0.0000162 130 12:50:46.321 AM 2 SHELL32.dll GetEnvironmentVariableW ( "SEE_MASK_NOZONECHECKS", 0x02777584, 260 ) 0 203 = The system could not find the environment option that was entered. 0.0000109 131 12:50:46.321 AM 2 SHELL32.dll PathFindExtensionW ( "C:\WINDOWS\hello.bat" ) 0x027719b4 0.0000045 132 12:50:46.321 AM 2 SHELL32.dll AssocIsDangerous ( ".bat" ) TRUE 0.0001285 133 12:50:46.321 AM 2 SHELL32.dll StrDupW ( "C:\WINDOWS\hello.bat" ) 0x00167b20 0.0007462 134 12:50:46.331 AM 2 SHELL32.dll QISearch ( 0x0009cdb0, 0x7c8d7074, IShellFolder, 0x0214e754 ) S_OK 0.0000045 135 12:50:46.331 AM 2 SHELL32.dll StrDupW ( "::{20D04FE0-3AEA-1069-A2D8-08002B30309D}" ) 0x02180718 0.0000050 136 12:50:46.331 AM 2 SHELL32.dll QISearch ( 0x0009cdb0, 0x7c8d7074, IShellFolder, 0x0214e5fc ) S_OK 0.0000045 137 12:50:46.331 AM 2 SHELL32.dll GUIDFromStringW ( "{20D04FE0-3AEA-1069-A2D8-08002B30309D}", IID_NULL ) TRUE 0.0000075 138 12:50:46.331 AM 2 SHELL32.dll QISearch ( 0x0009cdb0, 0x7c8d7074, IShellFolder, 0x0214e63c ) S_OK 0.0000050 139 12:50:46.331 AM 2 SHELL32.dll QISearch ( 0x000c1318, 0x7c8d7074, IShellFolder, 0x0214e6ac ) S_OK 0.0000047 140 12:50:46.331 AM 2 SHELL32.dll QISearch ( 0x000c12f0, 0x7c8d6f10, IPersistFolder, 0x0214e594 ) S_OK 0.0000047 141 12:50:46.331 AM 2 SHELL32.dll QISearch ( 0x000c12f0, 0x7c8d6f10, {c7264bf0-edb6-11d1-8546-006008059368}, 0x0214e590 ) S_OK 0.0000045 142 12:50:46.331 AM 2 SHELL32.dll PathBuildRootA ( 0x0214e5ab, 2 ) 0x0214e5ab 0.0000042 143 12:50:46.331 AM 2 SHELL32.dll SHGetValueW ( HKEY_CLASSES_ROOT, "Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}", "DriveMask", NULL, 0x0214e2a8, 0x0214e2a4 ) ERROR_SUCCESS 0.0000386 144 12:50:46.331 AM 2 SHELL32.dll PathBuildRootW ( 0x0214e4b4, 2 ) 0x0214e4b4 0.0000042 145 12:50:46.331 AM 2 SHELL32.dll SHAnsiToUnicode ( "C:\", 0x0214e0e4, 260 ) 4 0.0000053 146 12:50:46.331 AM 2 SHELL32.dll StrDupW ( "C:\" ) 0x0215fae0 0.0000056 147 12:50:46.331 AM 2 SHELL32.dll QISearch ( 0x021722a8, 0x7c8d7268, IShellFolder, 0x0214e5a4 ) S_OK 0.0000045 148 12:50:46.331 AM 2 SHELL32.dll StrChrW ( "WINDOWS\hello.bat", '\' ) 0x00167b34 0.0000042 149 12:50:46.331 AM 2 SHELL32.dll PathAppendW ( "C:\", "WINDOWS" ) TRUE 0.0000059 150 12:50:46.331 AM 2 SHELL32.dll FindFirstFileExW ( "C:\WINDOWS", FindExInfoStandard, 0x0017ccb8, FindExSearchNameMatch, NULL, 0 ) 0x00167880 0.0000355 151 12:50:46.331 AM 2 SHELL32.dll FindClose ( 0x00167880 ) TRUE 0.0000126 152 12:50:46.331 AM 2 SHELL32.dll StrCpyW ( "", "WINDOWS" ) 0x0218a3fa 0.0000042 153 12:50:46.331 AM 2 SHELL32.dll PathFindExtensionW ( "WINDOWS" ) 0x0017ccf2 0.0000042 154 12:50:46.331 AM 2 SHELL32.dll PathFindExtensionW ( "WINDOWS" ) 0x0218a408 0.0000042 155 12:50:46.331 AM 2 SHELL32.dll QISearch ( 0x02172da0, 0x7c8d7268, IShellFolder, 0x0214e570 ) S_OK 0.0000042 156 12:50:46.331 AM 2 SHELL32.dll QISearch ( 0x02172da0, 0x7c8d7268, IPersistFolder3, 0x0214de6c ) S_OK 0.0000045 157 12:50:46.331 AM 2 SHELL32.dll StrCpyNW ( 0x0214de86, "WINDOWS", 257 ) 0x0214de86 0.0000045 158 12:50:46.331 AM 2 SHELL32.dll StrDupW ( "C:\WINDOWS" ) 0x0215f4e0 0.0000050 159 12:50:46.331 AM 2 SHELL32.dll StrChrW ( "hello.bat", '\' ) NULL 0.0000042 160 12:50:46.331 AM 2 SHELL32.dll SHUnicodeToUnicode ( "hello.bat", 0x0214e4ec, 10 ) 10 0.0000045 161 12:50:46.331 AM 2 SHELL32.dll PathAppendW ( "C:\WINDOWS", "hello.bat" ) TRUE 0.0000056 162 12:50:46.331 AM 2 SHELL32.dll FindFirstFileExW ( "C:\WINDOWS\hello.bat", FindExInfoStandard, 0x0017ccb8, FindExSearchNameMatch, NULL, 0 ) 0x00167880 0.0000310 163 12:50:46.331 AM 2 SHELL32.dll FindClose ( 0x00167880 ) TRUE 0.0000106 164 12:50:46.331 AM 2 SHELL32.dll StrCpyW ( "", "hello.bat" ) 0x021b1824 0.0000045 165 12:50:46.331 AM 2 SHELL32.dll QISearch ( 0x0009cdb0, 0x7c8d7074, IShellFolder, 0x0214e72c ) S_OK 0.0000045 166 12:50:46.331 AM 2 SHELL32.dll QISearch ( 0x000c1318, 0x7c8d7074, IShellFolder, 0x0214e6f4 ) S_OK 0.0000045 167 12:50:46.331 AM 2 SHELL32.dll SHAnsiToUnicode ( "C:\", 0x0214e200, 260 ) 4 0.0000047 168 12:50:46.331 AM 2 SHELL32.dll StrDupW ( "C:\" ) 0x0215fae0 0.0000047 169 12:50:46.331 AM 2 SHELL32.dll QISearch ( 0x021722a8, 0x7c8d7268, IShellFolder, 0x0214e6a4 ) S_OK 0.0000047 170 12:50:46.331 AM 2 SHELL32.dll StrCpyNW ( 0x0214e1dc, "WINDOWS", 260 ) 0x0214e1dc 0.0000045 171 12:50:46.331 AM 2 SHELL32.dll PathFindExtensionW ( "WINDOWS" ) 0x0214e1ea 0.0000042 172 12:50:46.331 AM 2 SHELL32.dll StrCmpCW ( "Directory", "Directory" ) 0 0.0000042 173 12:50:46.331 AM 2 SHELL32.dll QISearch ( 0x02172da0, 0x7c8d7268, IShellFolder, 0x0214e798 ) S_OK 0.0000042 174 12:50:46.331 AM 2 SHELL32.dll QISearch ( 0x02172da0, 0x7c8d7268, IPersistFolder3, 0x0214dfb8 ) S_OK 0.0000047 175 12:50:46.331 AM 2 SHELL32.dll StrCpyNW ( 0x0214dd70, "WINDOWS", 260 ) 0x0214dd70 0.0000042 176 12:50:46.331 AM 2 SHELL32.dll StrCpyNW ( 0x0214dfd2, "WINDOWS", 257 ) 0x0214dfd2 0.0000042 177 12:50:46.331 AM 2 SHELL32.dll StrDupW ( "C:\WINDOWS" ) 0x0215f4e0 0.0000045 178 12:50:46.331 AM 2 SHELL32.dll AssocCreate ( Query file associations, {ee9165bf-a4d9-474b-8236-6735cb7e28b6}, 0x0214e484 ) S_OK 0.0000229 179 12:50:46.331 AM 2 SHLWAPI.dll SHCoCreateInstance ( NULL, Query file associations, NULL, {ee9165bf-a4d9-474b-8236-6735cb7e28b6}, 0x0214e484 ) S_OK 0.0000140 180 12:50:46.331 AM 2 SHELL32.dll QISearch ( 0x021b0f38, 0x7c92b550, {ee9165bf-a4d9-474b-8236-6735cb7e28b6}, 0x0214e484 ) S_OK 0.0000045 181 12:50:46.331 AM 2 SHELL32.dll StrCpyNW ( 0x0214e4e0, "hello.bat", 260 ) 0x0214e4e0 0.0000047 182 12:50:46.331 AM 2 SHELL32.dll PathFindExtensionW ( "hello.bat" ) 0x0214e4ea 0.0000042 183 12:50:46.331 AM 2 SHELL32.dll SHStrDupW ( ".bat", 0x021b0f4c ) S_OK 0.0000050 184 12:50:46.331 AM 2 SHELL32.dll AssocCreate ( {9016d0dd-7c41-46cc-a664-bf22f7cb186a}, {3c44ba76-de0e-4049-b6e4-6b31a5262707}, 0x0214e3e0 ) S_OK 0.0000053 185 12:50:46.331 AM 2 SHELL32.dll StrCpyNW ( 0x0214e218, "hello.bat", 260 ) 0x0214e218 0.0000045 186 12:50:46.331 AM 2 SHELL32.dll StrCpyNW ( 0x021901a2, "hello.bat", 249 ) 0x021901a2 0.0000045 187 12:50:46.331 AM 2 SHELL32.dll QISearch ( 0x021b0f38, 0x7c92b550, IQueryAssociations, 0x027779c0 ) S_OK 0.0000045 188 12:50:46.331 AM 2 SHELL32.dll PathFindExtensionW ( "C:\WINDOWS\hello.bat" ) 0x027719b4 0.0000045 189 12:50:46.331 AM 2 SHELL32.dll PathFindFileNameW ( "C:\WINDOWS\hello.bat" ) 0x027719aa 0.0000042 190 12:50:46.331 AM 2 SHELL32.dll PathFindExtensionW ( "Software\Microsoft\Windows\CurrentVersion\App Paths\hello.bat" ) 0x027775f6 0.0000053 191 12:50:46.331 AM 2 SHELL32.dll SHGetValueW ( HKEY_LOCAL_MACHINE, "Software\Microsoft\Windows\CurrentVersion\App Paths\hello.bat", "RunAsCommand", NULL, 0x02773c2c, 0x0214e7c0 ) ERROR_FILE_NOT_FOUND 2 = The system cannot find the file specified. 0.0000129 192 12:50:46.331 AM 2 SHELL32.dll StrCpyNW ( 0x0277653c, ""%1" %*", 2084 ) 0x0277653c 0.0000042 193 12:50:46.331 AM 2 SHELL32.dll SHUnicodeToUnicode ( ""%1" %*", 0x02773c2c, 2084 ) 8 0.0000045 194 12:50:46.331 AM 2 SHELL32.dll StrCmpNW ( ""%1" %*", "%1", 2 ) -1 0.0000050 195 12:50:46.331 AM 2 SHELL32.dll StrCmpNW ( ""%1" %*", ""%1"", 4 ) 0 0.0000045 196 12:50:46.331 AM 2 SHELL32.dll AssocQueryStringW ( 66, ASSOCSTR_FRIENDLYAPPNAME, "C:\WINDOWS\hello.bat", NULL, 0x0277528c, 0x0214e59c ) S_OK 0.0001316 197 12:50:46.331 AM 2 SHLWAPI.dll SHCoCreateInstance ( NULL, Query file associations, NULL, IQueryAssociations, 0x0214e474 ) S_OK 0.0000140 198 12:50:46.331 AM 2 SHELL32.dll QISearch ( 0x021b17f8, 0x7c92b550, IQueryAssociations, 0x0214e474 ) S_OK 0.0000045 199 12:50:46.331 AM 2 SHELL32.dll AssocCreate ( {0c2bf91b-8746-4fb1-b4d7-7c03f890b168}, {3c44ba76-de0e-4049-b6e4-6b31a5262707}, 0x0214e438 ) S_OK 0.0000053 200 12:50:46.331 AM 2 SHLWAPI.dll GetFileAttributesW ( "C:\WINDOWS\hello.bat" ) FILE_ATTRIBUTE_ARCHIVE 0.0000154 201 12:50:46.331 AM 2 SHELL32.dll StrCpyNW ( 0x0277528c, "hello", 260 ) 0x0277528c 0.0000045 202 12:50:46.331 AM 2 SHELL32.dll StrCpyNW ( 0x02772be6, "C:\WINDOWS\hello.bat", 21 ) 0x02772be6 0.0000042 203 12:50:46.331 AM 2 SHELL32.dll PathIsUNCW ( "C:\WINDOWS\hello.bat" ) FALSE 0.0000042 204 12:50:46.331 AM 2 SHELL32.dll PathFindFileNameW ( "C:\WINDOWS\hello.bat" ) 0x02774e92 0.0000045 205 12:50:46.331 AM 2 SHELL32.dll PathFindExtensionW ( "Software\Microsoft\Windows\CurrentVersion\App Paths\hello.bat" ) 0x027765ae 0.0000047 206 12:50:46.331 AM 2 SHELL32.dll SHGetValueW ( HKEY_LOCAL_MACHINE, "Software\Microsoft\Windows\CurrentVersion\App Paths\hello.bat", "AppendPath", NULL, 0x0214e7a8, 0x0214e7b0 ) ERROR_FILE_NOT_FOUND 2 = The system cannot find the file specified. 0.0000120 207 12:50:46.331 AM 2 SHELL32.dll SHGetValueW ( HKEY_LOCAL_MACHINE, "Software\Microsoft\Windows\CurrentVersion\App Paths\hello.bat", "PATH", NULL, 0x0277653c, 0x0214e7b0 ) ERROR_FILE_NOT_FOUND 2 = The system cannot find the file specified. 0.0000103 208 12:50:46.331 AM 2 SHELL32.dll IsOS ( 24 ) FALSE 0.0000042 209 12:50:46.331 AM 2 SHELL32.dll PathFindFileNameW ( "C:\WINDOWS\hello.bat" ) 0x02774e92 0.0000045 210 12:50:46.331 AM 2 SHELL32.dll PathFindExtensionW ( "Software\Microsoft\Windows\CurrentVersion\App Paths\hello.bat" ) 0x0214daf6 0.0000047 211 12:50:46.331 AM 2 SHELL32.dll SHGetValueW ( HKEY_LOCAL_MACHINE, "Software\Microsoft\Windows\CurrentVersion\App Paths\hello.bat", "RunAsOnNonAdminInstall", NULL, 0x0214da80, 0x0214da7c ) ERROR_FILE_NOT_FOUND 2 = The system cannot find the file specified. 0.0000101 212 12:50:46.331 AM 2 SHELL32.dll PathFindFileNameW ( "C:\WINDOWS\hello.bat" ) 0x02774e92 0.0000042 213 12:50:46.331 AM 2 SHELL32.dll PathMatchSpecW ( "h", "*" ) TRUE 0.0000070 214 12:50:46.331 AM 2 SHELL32.dll CreateProcessW ( NULL, ""C:\WINDOWS\hello.bat" ", NULL, NULL, FALSE, CREATE_DEFAULT_ERROR_MODE | CREATE_NEW_CONSOLE | CREATE_UNICODE_ENVIRONMENT, NULL, "C:\Documents and Settings\Administrator", 0x027764e0, 0x0277652c ) TRUE 1.4415977 215 12:50:46.331 AM 3 MSCTF.dll GetCurrentProcess ( ) GetCurrentProcess() 0.0000047 216 12:50:46.351 AM 1 Explorer.EXE OpenProcess ( PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, 2424 ) NULL 5 = Access is denied. 0.0000112 217 12:50:46.351 AM 1 Explorer.EXE PathFindFileNameW ( "" ) 0x00f2f8fc 0.0000045 218 12:50:46.351 AM 1 comctl32.dll QISearch ( 0x000c0880, 0x77422f6c, {01e13875-2e58-4671-be46-59945432be6e}, 0x02160a60 ) S_OK 0.0000050 219 12:50:46.351 AM 1 comctl32.dll QISearch ( 0x02160a30, 0x77423034, {50cf8c58-029d-41bf-b8dd-4ce4f95d9257}, 0x000ec7f4 ) S_OK 0.0000050 220 12:50:46.351 AM 1 Explorer.EXE AssocQueryKeyW ( 66, ASSOCKEY_APP, "", NULL, 0x00f2f624 ) -2147024894 0x80070002 = The system cannot find the file specified. 0.0000651 221 12:50:46.351 AM 1 SHLWAPI.dll SHCoCreateInstance ( NULL, Query file associations, NULL, IQueryAssociations, 0x00f2f500 ) S_OK 0.0000154 222 12:50:46.351 AM 1 SHELL32.dll QISearch ( 0x021b0d58, 0x7c92b550, IQueryAssociations, 0x00f2f500 ) S_OK 0.0000042 223 12:50:46.351 AM 1 SHELL32.dll AssocCreate ( {0c2bf91b-8746-4fb1-b4d7-7c03f890b168}, {3c44ba76-de0e-4049-b6e4-6b31a5262707}, 0x00f2f4c4 ) S_OK 0.0000059 224 12:50:46.351 AM 1 Explorer.EXE Shell_GetCachedImageIndex ( "", 0, 0 ) -1 0.0001173 225 12:50:46.351 AM 1 SHELL32.dll PathFindFileNameW ( "" ) 0x0215f920 0.0000042 226 12:50:46.351 AM 1 SHELL32.dll StrCpyNW ( 0x00f2f2d8, "", 260 ) 0x00f2f2d8 0.0000042 227 12:50:46.351 AM 1 SHELL32.dll PathFindFileNameW ( "" ) 0x0215f920 0.0000042 228 12:50:46.351 AM 1 SHELL32.dll StrCpyNW ( 0x00f2f2a0, "", 260 ) 0x00f2f2a0 0.0000042 229 12:50:46.351 AM 1 SHELL32.dll StrCmpCW ( "", "" ) 0 0.0000042 230 12:50:46.351 AM 1 SHELL32.dll PathIsUNCW ( "" ) FALSE 0.0000042 231 12:50:46.351 AM 1 SHELL32.dll PathGetDriveNumberW ( "" ) -1 0.0000045 232 12:50:46.351 AM 1 SHELL32.dll GetFileAttributesW ( "" ) INVALID_FILE_ATTRIBUTES 3 = The system cannot find the path specified. 0.0000070 233 12:50:46.351 AM 1 USER32.dll SearchPathW ( NULL, "", NULL, 260, 0x00f2f258, NULL ) 0 87 = The parameter is incorrect. 0.0000047 234 12:50:46.351 AM 1 SHELL32.dll PathFindFileNameW ( "" ) 0x0215f920 0.0000042 235 12:50:46.351 AM 1 SHELL32.dll StrCpyNW ( 0x00f2f298, "", 260 ) 0x00f2f298 0.0000042 236 12:50:46.351 AM 1 SHELL32.dll StrCmpCW ( "", "" ) 0 0.0000042 237 12:50:46.351 AM 1 comctl32.dll QISearch ( 0x000d3c28, 0x774220fc, {46eb5926-582e-4017-9fdf-e8998daa0950}, 0x00f2f810 ) S_OK 0.0000045 238 12:50:46.351 AM 1 comctl32.dll QISearch ( 0x000d3c28, 0x774220fc, {46eb5926-582e-4017-9fdf-e8998daa0950}, 0x00f2f048 ) S_OK 0.0000045 239 12:50:46.351 AM 1 comctl32.dll GetCurrentProcessId ( ) 1780 0.0000045 240 12:50:46.351 AM 1 comctl32.dll GetCurrentProcessId ( ) 1780 0.0000042 241 12:50:46.351 AM 1 comctl32.dll QISearch ( 0x000d3c28, 0x774220fc, {46eb5926-582e-4017-9fdf-e8998daa0950}, 0x00f2e3a8 ) S_OK 0.0000045 242 12:50:46.351 AM 1 comctl32.dll GetCurrentProcessId ( ) 1780 0.0000045 243 12:50:46.351 AM 1 comctl32.dll QISearch ( 0x000d3c28, 0x774220fc, {46eb5926-582e-4017-9fdf-e8998daa0950}, 0x00f2e3a8 ) S_OK 0.0000042 244 12:50:46.351 AM 1 Explorer.EXE AssocQueryKeyW ( 66, ASSOCKEY_APP, "", NULL, 0x00f2f0b0 ) -2147024894 0x80070002 = The system cannot find the file specified. 0.0000570 245 12:50:46.351 AM 1 SHLWAPI.dll SHCoCreateInstance ( NULL, Query file associations, NULL, IQueryAssociations, 0x00f2ef58 ) S_OK 0.0000145 246 12:50:46.351 AM 1 SHELL32.dll QISearch ( 0x021b0da8, 0x7c92b550, IQueryAssociations, 0x00f2ef58 ) S_OK 0.0000042 247 12:50:46.351 AM 1 SHELL32.dll AssocCreate ( {0c2bf91b-8746-4fb1-b4d7-7c03f890b168}, {3c44ba76-de0e-4049-b6e4-6b31a5262707}, 0x00f2ef1c ) S_OK 0.0000056 248 12:50:46.351 AM 3 MSCTF.dll GetCurrentProcess ( ) GetCurrentProcess() 0.0000047 249 12:50:46.351 AM 3 MSCTF.dll GetCurrentProcess ( ) GetCurrentProcess() 0.0000042 250 12:50:46.361 AM 1 MSCTF.dll GetCurrentProcess ( ) GetCurrentProcess() 0.0000095 251 12:50:46.361 AM 1 MSCTF.dll GetCurrentProcess ( ) GetCurrentProcess() 0.0000053 252 12:50:46.361 AM 1 MSCTF.dll GetCurrentProcess ( ) GetCurrentProcess() 0.0000045 253 12:50:46.371 AM 3 BROWSEUI.dll SHIsChildOrSelf ( 0x0001008c, 0x0001008e ) S_OK 0.0000070 254 12:50:46.371 AM 3 BROWSEUI.dll SHIsChildOrSelf ( 0x0001006c, 0x0001008e ) S_OK 0.0000053 255 12:50:46.451 AM 1 comctl32.dll QISearch ( 0x000d3c28, 0x774220fc, {46eb5926-582e-4017-9fdf-e8998daa0950}, 0x00f2f69c ) S_OK 0.0000059 256 12:50:46.451 AM 1 comctl32.dll GetCurrentProcessId ( ) 1780 0.0000047 257 12:50:46.451 AM 1 comctl32.dll GetCurrentProcessId ( ) 1780 0.0000039 258 12:50:46.451 AM 1 comctl32.dll QISearch ( 0x000d3c28, 0x774220fc, {46eb5926-582e-4017-9fdf-e8998daa0950}, 0x00f2e9fc ) S_OK 0.0000045 259 12:50:46.451 AM 1 Explorer.EXE AssocQueryKeyW ( 66, ASSOCKEY_APP, "", NULL, 0x00f2f704 ) -2147024894 0x80070002 = The system cannot find the file specified. 0.0000724 260 12:50:46.451 AM 1 SHLWAPI.dll SHCoCreateInstance ( NULL, Query file associations, NULL, IQueryAssociations, 0x00f2f5ac ) S_OK 0.0000162 261 12:50:46.451 AM 1 SHELL32.dll QISearch ( 0x021b0d58, 0x7c92b550, IQueryAssociations, 0x00f2f5ac ) S_OK 0.0000042 262 12:50:46.451 AM 1 SHELL32.dll AssocCreate ( {0c2bf91b-8746-4fb1-b4d7-7c03f890b168}, {3c44ba76-de0e-4049-b6e4-6b31a5262707}, 0x00f2f570 ) S_OK 0.0000061 263 12:50:46.871 AM 1 comctl32.dll QISearch ( 0x000d3c28, 0x774220fc, {46eb5926-582e-4017-9fdf-e8998daa0950}, 0x00f2f69c ) S_OK 0.0000059 264 12:50:46.871 AM 1 comctl32.dll GetCurrentProcessId ( ) 1780 0.0000047 265 12:50:46.871 AM 1 comctl32.dll GetCurrentProcessId ( ) 1780 0.0000042 266 12:50:46.871 AM 1 comctl32.dll QISearch ( 0x000d3c28, 0x774220fc, {46eb5926-582e-4017-9fdf-e8998daa0950}, 0x00f2e9fc ) S_OK 0.0000045 267 12:50:46.871 AM 1 Explorer.EXE AssocQueryKeyW ( 66, ASSOCKEY_APP, "", NULL, 0x00f2f704 ) -2147024894 0x80070002 = The system cannot find the file specified. 0.0000715 268 12:50:46.871 AM 1 SHLWAPI.dll SHCoCreateInstance ( NULL, Query file associations, NULL, IQueryAssociations, 0x00f2f5ac ) S_OK 0.0000176 269 12:50:46.871 AM 1 SHELL32.dll QISearch ( 0x021b0d58, 0x7c92b550, IQueryAssociations, 0x00f2f5ac ) S_OK 0.0000042 270 12:50:46.871 AM 1 SHELL32.dll AssocCreate ( {0c2bf91b-8746-4fb1-b4d7-7c03f890b168}, {3c44ba76-de0e-4049-b6e4-6b31a5262707}, 0x00f2f570 ) S_OK 0.0000064 271 12:50:47.502 AM 1 comctl32.dll QISearch ( 0x000d3c28, 0x774220fc, {46eb5926-582e-4017-9fdf-e8998daa0950}, 0x00f2f69c ) S_OK 0.0000061 272 12:50:47.502 AM 1 comctl32.dll GetCurrentProcessId ( ) 1780 0.0000047 273 12:50:47.502 AM 1 comctl32.dll GetCurrentProcessId ( ) 1780 0.0000042 274 12:50:47.502 AM 1 comctl32.dll QISearch ( 0x000d3c28, 0x774220fc, {46eb5926-582e-4017-9fdf-e8998daa0950}, 0x00f2e9fc ) S_OK 0.0000045 275 12:50:47.502 AM 1 Explorer.EXE AssocQueryKeyW ( 66, ASSOCKEY_APP, "", NULL, 0x00f2f704 ) -2147024894 0x80070002 = The system cannot find the file specified. 0.0000729 276 12:50:47.502 AM 1 SHLWAPI.dll SHCoCreateInstance ( NULL, Query file associations, NULL, IQueryAssociations, 0x00f2f5ac ) S_OK 0.0000201 277 12:50:47.502 AM 1 SHELL32.dll QISearch ( 0x021b0d58, 0x7c92b550, IQueryAssociations, 0x00f2f5ac ) S_OK 0.0000045 278 12:50:47.502 AM 1 SHELL32.dll AssocCreate ( {0c2bf91b-8746-4fb1-b4d7-7c03f890b168}, {3c44ba76-de0e-4049-b6e4-6b31a5262707}, 0x00f2f570 ) S_OK 0.0000061 279 12:50:47.643 AM 3 comctl32.dll GetCurrentProcessId ( ) 1780 0.0000070 280 12:50:47.643 AM 3 comctl32.dll GetCurrentProcessId ( ) 1780 0.0000056 281 12:50:47.643 AM 1 MSCTF.dll GetCurrentProcessId ( ) 1780 0.0000061 282 12:50:47.643 AM 1 MSCTF.dll GetCurrentProcessId ( ) 1780 0.0000050 283 12:50:47.643 AM 1 comctl32.dll GetCurrentProcessId ( ) 1780 0.0000053 284 12:50:47.643 AM 1 comctl32.dll GetCurrentProcessId ( ) 1780 0.0000050 285 12:50:47.643 AM 1 comctl32.dll QISearch ( 0x000d3c28, 0x774220fc, {46eb5926-582e-4017-9fdf-e8998daa0950}, 0x00f2f6a4 ) S_OK 0.0000056 286 12:50:47.643 AM 1 comctl32.dll GetCurrentProcessId ( ) 1780 0.0000053 287 12:50:47.693 AM 1 MSCTF.dll GetCurrentProcess ( ) GetCurrentProcess() 0.0000053 288 12:50:47.693 AM 1 MSCTF.dll GetCurrentProcess ( ) GetCurrentProcess() 0.0000053 289 12:50:47.693 AM 1 MSCTF.dll GetCurrentProcess ( ) GetCurrentProcess() 0.0000045 290 12:50:47.763 AM 1 comctl32.dll GetCurrentProcessId ( ) 1780 0.0000053 291 12:50:47.763 AM 1 comctl32.dll QISearch ( 0x000d3c28, 0x774220fc, {46eb5926-582e-4017-9fdf-e8998daa0950}, 0x00f2fa78 ) S_OK 0.0000047 292 12:50:47.763 AM 1 MSCTF.dll GetCurrentProcessId ( ) 1780 0.0000045 293 12:50:47.763 AM 1 MSCTF.dll GetCurrentProcessId ( ) 1780 0.0000042 294 12:50:47.763 AM 1 comctl32.dll GetCurrentProcessId ( ) 1780 0.0000042 295 12:50:47.763 AM 1 comctl32.dll GetCurrentProcessId ( ) 1780 0.0000042 296 12:50:47.763 AM 1 comctl32.dll QISearch ( 0x000d3c28, 0x774220fc, {46eb5926-582e-4017-9fdf-e8998daa0950}, 0x00f2f6a4 ) S_OK 0.0000045 297 12:50:47.763 AM 1 comctl32.dll GetCurrentProcessId ( ) 1780 0.0000042 298 12:50:47.773 AM 2 BROWSEUI.dll StrCmpW ( "UEME_RUNPATH", "UEME_CTLSESSION" ) 1 0.0000056 299 12:50:47.773 AM 2 BROWSEUI.dll StrCmpW ( "UEME_RUNPATH", "UEME_CTLCUACount:ctor" ) 1 0.0000045 300 12:50:47.773 AM 2 BROWSEUI.dll SHQueryValueExW ( 0x000002ec, "HRZR_EHACNGU", NULL, 0x0214bb48, 0x0214cc00, 0x0214cbb4 ) ERROR_SUCCESS 0.0000123 301 12:50:47.773 AM 2 BROWSEUI.dll StrCmpW ( "UEME_RUNPATH", "UEME_CTLSESSION" ) 1 0.0000045 302 12:50:47.773 AM 2 BROWSEUI.dll StrCmpW ( "UEME_RUNPATH", "UEME_CTLCUACount:ctor" ) 1 0.0000042 303 12:50:47.773 AM 2 BROWSEUI.dll StrCmpW ( "UEME_CTLSESSION", "UEME_CTLSESSION" ) 0 0.0000045 304 12:50:47.773 AM 2 BROWSEUI.dll StrCmpW ( "UEME_RUNPATH", "UEME_CTLSESSION" ) 1 0.0000042 305 12:50:47.773 AM 2 BROWSEUI.dll StrCmpW ( "UEME_RUNPATH", "UEME_CTLCUACount:ctor" ) 1 0.0000042 306 12:50:47.773 AM 2 BROWSEUI.dll StrCmpW ( "UEME_RUNPATH:(null)", "UEME_CTLSESSION" ) 1 0.0000047 307 12:50:47.773 AM 2 BROWSEUI.dll StrCmpW ( "UEME_RUNPATH:(null)", "UEME_CTLCUACount:ctor" ) 1 0.0000042 308 12:50:47.773 AM 2 BROWSEUI.dll SHQueryValueExW ( 0x000002ec, "HRZR_EHACNGU:(ahyy)", NULL, 0x0214bb48, 0x0214cc00, 0x0214cbb4 ) ERROR_SUCCESS 0.0000098 309 12:50:47.773 AM 2 BROWSEUI.dll StrCmpW ( "UEME_RUNPATH:(null)", "UEME_CTLSESSION" ) 1 0.0000042 310 12:50:47.773 AM 2 BROWSEUI.dll StrCmpW ( "UEME_RUNPATH:(null)", "UEME_CTLCUACount:ctor" ) 1 0.0000042 311 12:50:47.773 AM 2 BROWSEUI.dll StrCmpW ( "UEME_CTLSESSION", "UEME_CTLSESSION" ) 0 0.0000042 312 12:50:47.773 AM 2 BROWSEUI.dll StrCmpW ( "UEME_RUNPATH:(null)", "UEME_CTLSESSION" ) 1 0.0000042 313 12:50:47.773 AM 2 BROWSEUI.dll StrCmpW ( "UEME_RUNPATH:(null)", "UEME_CTLCUACount:ctor" ) 1 0.0000042 314 12:50:47.773 AM 2 SHELL32.dll PathFindExtensionW ( "C:\WINDOWS\hello.bat" ) 0x027719b4 0.0000047 315 12:50:47.773 AM 2 SHELL32.dll StrCmpICW ( ".bat", ".exe" ) -3 0.0000042 316 12:50:47.773 AM 2 SHELL32.dll PathFindExtensionW ( "C:\WINDOWS\hello.bat" ) 0x02774e9c 0.0000042 317 12:50:47.773 AM 2 SHELL32.dll StrCmpCW ( ".bat", ".bat" ) 0 0.0000045 318 12:50:47.773 AM 2 SHELL32.dll GetCurrentProcessId ( ) 1780 0.0000045 319 12:50:47.773 AM 2 comctl32.dll GetCurrentProcessId ( ) 1780 0.0000042 320 12:50:47.773 AM 1 Explorer.EXE QISearch ( 0x000c0160, 0x01006288, {69b3f106-0f04-11d3-ae2e-00c04f8eea99}, 0x00f2fc64 ) E_NOINTERFACE 0x80004002 = No such interface supported 0.0000053 321 12:50:47.773 AM 1 Explorer.EXE QISearch ( 0x000c0160, 0x01006288, {ea5f2d61-e008-11cf-99cb-00c04fd64497}, 0x00f2fc48 ) E_NOINTERFACE 0x80004002 = No such interface supported 0.0000042 322 12:50:47.773 AM 1 BROWSEUI.dll QISearch ( 0x000c0ad0, 0x75eb9e18, {ea5f2d61-e008-11cf-99cb-00c04fd64497}, 0x00f2fc48 ) S_OK 0.0000047 323 12:50:47.773 AM 2 SHELL32.dll StrCatBuffW ( "hello.bat", "\1", 262 ) 0x0214eec0 0.0000053 324 12:50:47.773 AM 2 comctl32.dll GetCurrentProcessId ( ) 1780 0.0000042 325 12:50:47.773 AM 2 comctl32.dll GetCurrentProcessId ( ) 1780 0.0000042 326 12:50:47.773 AM 2 comctl32.dll GetCurrentProcessId ( ) 1780 0.0000039 327 12:50:47.773 AM 2 comctl32.dll GetCurrentProcessId ( ) 1780 0.0000039 328 12:50:47.773 AM 2 comctl32.dll GetCurrentProcessId ( ) 1780 0.0000045 329 12:50:47.783 AM 2 Explorer.EXE ILFree ( 0x001868b8 ) 0.0000059 330 12:50:47.793 AM 1 Explorer.EXE OpenProcess ( PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, 3272 ) 0x00000474 0.0000763 331 12:50:47.793 AM 1 Explorer.EXE PathFindFileNameW ( "C:\WINDOWS\system32\cmd.exe" ) 0x00f2f924 0.0000140 332 12:50:47.793 AM 1 comctl32.dll QISearch ( 0x000c0880, 0x77422f6c, {01e13875-2e58-4671-be46-59945432be6e}, 0x021608c0 ) S_OK 0.0000123 333 12:50:47.793 AM 1 comctl32.dll QISearch ( 0x02160890, 0x77423034, {50cf8c58-029d-41bf-b8dd-4ce4f95d9257}, 0x000ec7f4 ) S_OK 0.0000092 334 12:50:47.793 AM 1 Explorer.EXE AssocQueryKeyW ( 66, ASSOCKEY_APP, "C:\WINDOWS\system32\cmd.exe", NULL, 0x00f2f624 ) E_NOINTERFACE 0x80004002 = No such interface supported 0.0002794 335 12:50:47.793 AM 1 SHLWAPI.dll SHCoCreateInstance ( NULL, Query file associations, NULL, IQueryAssociations, 0x00f2f500 ) S_OK 0.0000173 336 12:50:47.793 AM 1 SHELL32.dll QISearch ( 0x021b1168, 0x7c92b550, IQueryAssociations, 0x00f2f500 ) S_OK 0.0000045 337 12:50:47.793 AM 1 SHELL32.dll AssocCreate ( {0c2bf91b-8746-4fb1-b4d7-7c03f890b168}, {3c44ba76-de0e-4049-b6e4-6b31a5262707}, 0x00f2f4c4 ) S_OK 0.0000154 338 12:50:47.793 AM 1 SHLWAPI.dll GetFileAttributesW ( "C:\WINDOWS\system32\cmd.exe" ) FILE_ATTRIBUTE_ARCHIVE 0.0000905 339 12:50:47.793 AM 1 Explorer.EXE Shell_GetCachedImageIndex ( "C:\WINDOWS\system32\cmd.exe", 0, 0 ) 116 0.0000489 340 12:50:47.793 AM 1 SHELL32.dll PathFindFileNameW ( "C:\WINDOWS\system32\cmd.exe" ) 0x0215e188 0.0000081 341 12:50:47.793 AM 1 SHELL32.dll StrCpyNW ( 0x00f2f2d8, "C:\WINDOWS\system32\cmd.exe", 260 ) 0x00f2f2d8 0.0000047 342 12:50:47.793 AM 1 Explorer.EXE AssocQueryStringW ( 66, ASSOCSTR_FRIENDLYAPPNAME, "C:\WINDOWS\system32\cmd.exe", NULL, 0x00f2f7e4, 0x00f2f598 ) S_OK 0.0001436 343 12:50:47.793 AM 1 SHLWAPI.dll SHCoCreateInstance ( NULL, Query file associations, NULL, IQueryAssociations, 0x00f2f470 ) S_OK 0.0000154 344 12:50:47.793 AM 1 SHELL32.dll QISearch ( 0x021b1168, 0x7c92b550, IQueryAssociations, 0x00f2f470 ) S_OK 0.0000042 345 12:50:47.793 AM 1 SHELL32.dll AssocCreate ( {0c2bf91b-8746-4fb1-b4d7-7c03f890b168}, {3c44ba76-de0e-4049-b6e4-6b31a5262707}, 0x00f2f434 ) S_OK 0.0000059 346 12:50:47.793 AM 1 SHLWAPI.dll GetFileAttributesW ( "C:\WINDOWS\system32\cmd.exe" ) FILE_ATTRIBUTE_ARCHIVE 0.0000226 347 12:50:47.793 AM 1 SHELL32.dll StrCpyNW ( 0x00f2f7e4, "Windows Command Processor", 80 ) 0x00f2f7e4 0.0000045 348 12:50:47.793 AM 1 comctl32.dll QISearch ( 0x000c0880, 0x77422f6c, {01e13875-2e58-4671-be46-59945432be6e}, 0x02160580 ) S_OK 0.0000047 349 12:50:47.793 AM 1 comctl32.dll QISearch ( 0x02160550, 0x77423034, {50cf8c58-029d-41bf-b8dd-4ce4f95d9257}, 0x000ec824 ) S_OK 0.0000042 350 12:50:47.793 AM 1 comctl32.dll QISearch ( 0x000d3c28, 0x774220fc, {46eb5926-582e-4017-9fdf-e8998daa0950}, 0x00f2f80c ) S_OK 0.0000045 351 12:50:47.793 AM 1 Explorer.EXE AssocQueryStringW ( 66, ASSOCSTR_FRIENDLYAPPNAME, "C:\WINDOWS\system32\cmd.exe", NULL, 0x00f2f606, 0x00f2f3c8 ) S_OK 0.0001238 352 12:50:47.793 AM 1 SHLWAPI.dll SHCoCreateInstance ( NULL, Query file associations, NULL, IQueryAssociations, 0x00f2f2a0 ) S_OK 0.0000142 353 12:50:47.793 AM 1 SHELL32.dll QISearch ( 0x021b1168, 0x7c92b550, IQueryAssociations, 0x00f2f2a0 ) S_OK 0.0000045 354 12:50:47.793 AM 1 SHELL32.dll AssocCreate ( {0c2bf91b-8746-4fb1-b4d7-7c03f890b168}, {3c44ba76-de0e-4049-b6e4-6b31a5262707}, 0x00f2f264 ) S_OK 0.0000056 355 12:50:47.793 AM 1 SHLWAPI.dll GetFileAttributesW ( "C:\WINDOWS\system32\cmd.exe" ) FILE_ATTRIBUTE_ARCHIVE 0.0000198 356 12:50:47.793 AM 1 SHELL32.dll StrCpyNW ( 0x00f2f606, "Windows Command Processor", 257 ) 0x00f2f606 0.0000045 357 12:50:47.793 AM 1 comctl32.dll QISearch ( 0x000d3c28, 0x774220fc, {46eb5926-582e-4017-9fdf-e8998daa0950}, 0x00f2f048 ) S_OK 0.0000045 358 12:50:47.793 AM 1 comctl32.dll GetCurrentProcessId ( ) 1780 0.0000045 359 12:50:47.793 AM 1 comctl32.dll GetCurrentProcessId ( ) 1780 0.0000039 360 12:50:47.793 AM 1 comctl32.dll QISearch ( 0x000d3c28, 0x774220fc, {46eb5926-582e-4017-9fdf-e8998daa0950}, 0x00f2e3a8 ) S_OK 0.0000045 361 12:50:47.793 AM 1 comctl32.dll GetCurrentProcessId ( ) 1780 0.0000042 362 12:50:47.793 AM 1 comctl32.dll GetCurrentProcessId ( ) 1780 0.0000042 363 12:50:47.793 AM 1 comctl32.dll QISearch ( 0x000d3c28, 0x774220fc, {46eb5926-582e-4017-9fdf-e8998daa0950}, 0x00f2e3a8 ) S_OK 0.0000047 364 12:50:47.793 AM 1 Explorer.EXE AssocQueryKeyW ( 66, ASSOCKEY_APP, "C:\WINDOWS\system32\cmd.exe", NULL, 0x00f2f0b0 ) E_NOINTERFACE 0x80004002 = No such interface supported 0.0000807 365 12:50:47.793 AM 1 SHLWAPI.dll SHCoCreateInstance ( NULL, Query file associations, NULL, IQueryAssociations, 0x00f2ef58 ) S_OK 0.0000145 366 12:50:47.793 AM 1 SHELL32.dll QISearch ( 0x021b1168, 0x7c92b550, IQueryAssociations, 0x00f2ef58 ) S_OK 0.0000045 367 12:50:47.793 AM 1 SHELL32.dll AssocCreate ( {0c2bf91b-8746-4fb1-b4d7-7c03f890b168}, {3c44ba76-de0e-4049-b6e4-6b31a5262707}, 0x00f2ef1c ) S_OK 0.0000053 368 12:50:47.793 AM 1 SHLWAPI.dll GetFileAttributesW ( "C:\WINDOWS\system32\cmd.exe" ) FILE_ATTRIBUTE_ARCHIVE 0.0000179 369 12:50:47.793 AM 1 MSCTF.dll GetCurrentProcessId ( ) 1780 0.0000042 370 12:50:47.793 AM 1 MSCTF.dll GetCurrentProcessId ( ) 1780 0.0000042 371 12:50:47.793 AM 1 MSCTF.dll GetCurrentProcessId ( ) 1780 0.0000045 372 12:50:47.793 AM 1 MSCTF.dll GetCurrentProcessId ( ) 1780 0.0000042 373 12:50:47.843 AM 1 comctl32.dll GetCurrentProcessId ( ) 1780 0.0000056 374 12:50:47.843 AM 1 comctl32.dll GetCurrentProcessId ( ) 1780 0.0000042 375 12:50:47.843 AM 1 comctl32.dll QISearch ( 0x000d3c28, 0x774220fc, {46eb5926-582e-4017-9fdf-e8998daa0950}, 0x00f2f6a4 ) S_OK 0.0000047 376 12:50:47.843 AM 1 comctl32.dll GetCurrentProcessId ( ) 1780 0.0000042 377 12:50:47.843 AM 1 comctl32.dll QISearch ( 0x000d3c28, 0x774220fc, {46eb5926-582e-4017-9fdf-e8998daa0950}, 0x00f2f6a4 ) S_OK 0.0000045 378 12:50:47.843 AM 1 comctl32.dll GetCurrentProcessId ( ) 1780 0.0000045 379 12:50:48.914 AM 1 comctl32.dll GetCurrentProcessId ( ) 1780 0.0000059 380 12:50:48.914 AM 1 Explorer.EXE SHFree ( NULL ) 0.0000053 381 12:50:48.914 AM 1 comctl32.dll QISearch ( 0x000d3c28, 0x774220fc, {46eb5926-582e-4017-9fdf-e8998daa0950}, 0x00f2fa78 ) S_OK 0.0000045 382 12:50:48.914 AM 1 comctl32.dll GetCurrentProcessId ( ) 1780 0.0000045 383 12:50:48.914 AM 1 MSCTF.dll GetCurrentProcessId ( ) 1780 0.0000045 384 12:50:48.914 AM 1 MSCTF.dll GetCurrentProcessId ( ) 1780 0.0000042 385 12:50:48.914 AM 1 comctl32.dll GetCurrentProcessId ( ) 1780 0.0000047 386 12:50:48.914 AM 1 comctl32.dll GetCurrentProcessId ( ) 1780 0.0000039 387 12:50:48.914 AM 1 comctl32.dll QISearch ( 0x000d3c28, 0x774220fc, {46eb5926-582e-4017-9fdf-e8998daa0950}, 0x00f2f6a4 ) S_OK 0.0000045 388 12:50:48.914 AM 1 comctl32.dll GetCurrentProcessId ( ) 1780 0.0000042 389 12:50:48.964 AM 1 MSCTF.dll GetCurrentProcess ( ) GetCurrentProcess() 0.0000067 390 12:50:48.964 AM 1 MSCTF.dll GetCurrentProcess ( ) GetCurrentProcess() 0.0000056 391 12:50:48.964 AM 1 MSCTF.dll GetCurrentProcess ( ) GetCurrentProcess() 0.0000056