4.76377054 winlogon.exe:656 CreateKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ SUCCESS Key: 0xE23AA740 4.76379260 winlogon.exe:656 CreateKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\\qopqo SUCCESS Key: 0xE2A8DBD8 4.76383535 winlogon.exe:656 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\\qopqo\Asynchronous SUCCESS 0x1 4.76384010 winlogon.exe:656 CreateKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54CBB12C-3481-4C5D-942D-4976C0F0A406} SUCCESS Key: 0xE231CD30 4.76385323 winlogon.exe:656 FlushKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54CBB12C-3481-4C5D-942D-4976C0F0A406} SUCCESS Key: 0xE231CD30 4.76387865 winlogon.exe:656 CloseKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54CBB12C-3481-4C5D-942D-4976C0F0A406} SUCCESS Key: 0xE231CD30 4.76389709 winlogon.exe:656 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\\qopqo\DllName SUCCESS "C:\WINDOWS\system32\qopqo.dll" 4.76390910 winlogon.exe:656 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\\qopqo\DllName SUCCESS "C:\WINDOWS\system32\qopqo.dll" 4.76392223 winlogon.exe:656 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\\qopqo\Impersonate SUCCESS 0x0 4.76395352 winlogon.exe:656 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\\qopqo\Startup SUCCESS "RealLogon" 4.76395715 winlogon.exe:656 CreateKey HKCR\CLSID\{54CBB12C-3481-4C5D-942D-4976C0F0A406} SUCCESS Key: 0xE231CD30 4.76397643 winlogon.exe:656 CreateKey HKCR\CLSID\{54CBB12C-3481-4C5D-942D-4976C0F0A406}\InprocServer32 SUCCESS Key: 0xE23FD460 4.76399654 winlogon.exe:656 QueryValue HKCR\CLSID\{54CBB12C-3481-4C5D-942D-4976C0F0A406}\InprocServer32\(Default) SUCCESS "C:\WINDOWS\system32\xxyyyxx.dll" 4.76400045 winlogon.exe:656 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\\qopqo\Startup SUCCESS "RealLogon" 4.76401274 winlogon.exe:656 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\\qopqo\Logoff SUCCESS "RealLogoff" 4.76402727 winlogon.exe:656 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\\qopqo\Logoff SUCCESS "RealLogoff" 4.76404431 winlogon.exe:656 FlushKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\\qopqo SUCCESS Key: 0xE2A8DBD8 4.76404850 winlogon.exe:656 QueryValue HKCR\CLSID\{54CBB12C-3481-4C5D-942D-4976C0F0A406}\InprocServer32\(Default) SUCCESS "C:\WINDOWS\system32\xxyyyxx.dll" 4.76407113 winlogon.exe:656 QueryValue HKCR\CLSID\{54CBB12C-3481-4C5D-942D-4976C0F0A406}\InprocServer32\ThreadingModel SUCCESS "Both" 4.76408147 winlogon.exe:656 QueryValue HKCR\CLSID\{54CBB12C-3481-4C5D-942D-4976C0F0A406}\InprocServer32\ThreadingModel SUCCESS "Both" 4.76410577 winlogon.exe:656 CloseKey HKCR\CLSID\{54CBB12C-3481-4C5D-942D-4976C0F0A406}\InprocServer32 SUCCESS Key: 0xE23FD460 4.76410968 winlogon.exe:656 CloseKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\\qopqo SUCCESS Key: 0xE2A8DBD8 4.76411974 winlogon.exe:656 FlushKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ SUCCESS Key: 0xE23AA740 4.76413678 winlogon.exe:656 CloseKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ SUCCESS Key: 0xE23AA740 4.76414097 winlogon.exe:656 FlushKey HKCR\CLSID\{54CBB12C-3481-4C5D-942D-4976C0F0A406} SUCCESS Key: 0xE231CD30 4.76415243 winlogon.exe:656 CloseKey HKCR\CLSID\{54CBB12C-3481-4C5D-942D-4976C0F0A406} SUCCESS Key: 0xE231CD30 4.76420327 winlogon.exe:656 CreateKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks SUCCESS Key: 0xE231CD30 4.76420774 winlogon.exe:656 CreateKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FE6A535-03A7-44E2-9B90-C43C246E6076} SUCCESS Key: 0xE23AA740 4.76421836 winlogon.exe:656 FlushKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FE6A535-03A7-44E2-9B90-C43C246E6076} SUCCESS Key: 0xE23AA740 4.76424294 winlogon.exe:656 CloseKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FE6A535-03A7-44E2-9B90-C43C246E6076} SUCCESS Key: 0xE23AA740 4.76424713 winlogon.exe:656 QueryValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{54CBB12C-3481-4C5D-942D-4976C0F0A406} SUCCESS "" 4.76425914 winlogon.exe:656 QueryValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{54CBB12C-3481-4C5D-942D-4976C0F0A406} SUCCESS "" 4.76427172 winlogon.exe:656 CloseKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks SUCCESS Key: 0xE231CD30 4.76437592 winlogon.exe:656 CreateKey HKCR\CLSID\{0FE6A535-03A7-44E2-9B90-C43C246E6076} SUCCESS Key: 0xE23AA740 4.76440358 winlogon.exe:656 CreateKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Settings SUCCESS Key: 0xE231CD30 4.76442006 winlogon.exe:656 QueryValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Settings\Time SUCCESS 10 AF F8 5B 5D A7 C7 01 ... 4.76442956 winlogon.exe:656 FlushKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Settings SUCCESS Key: 0xE231CD30 4.76445191 winlogon.exe:656 CreateKey HKCR\CLSID\{0FE6A535-03A7-44E2-9B90-C43C246E6076}\InprocServer32 SUCCESS Key: 0xE23FD460 4.76446392 winlogon.exe:656 QueryValue HKCR\CLSID\{0FE6A535-03A7-44E2-9B90-C43C246E6076}\InprocServer32\(Default) SUCCESS "C:\WINDOWS\system32\qopqo.dll" 4.76447454 winlogon.exe:656 QueryValue HKCR\CLSID\{0FE6A535-03A7-44E2-9B90-C43C246E6076}\InprocServer32\(Default) SUCCESS "C:\WINDOWS\system32\qopqo.dll" 4.76449633 winlogon.exe:656 QueryValue HKCR\CLSID\{0FE6A535-03A7-44E2-9B90-C43C246E6076}\InprocServer32\ThreadingModel SUCCESS "Both" 4.76449996 winlogon.exe:656 CloseKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Settings SUCCESS Key: 0xE231CD30 4.76453208 winlogon.exe:656 CreateKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyyyxx SUCCESS Key: 0xE231CD30 4.76454410 winlogon.exe:656 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyyyxx\Asynchronous SUCCESS 0x1 4.76455695 winlogon.exe:656 QueryValue HKCR\CLSID\{0FE6A535-03A7-44E2-9B90-C43C246E6076}\InprocServer32\ThreadingModel SUCCESS "Both" 4.76457175 winlogon.exe:656 CloseKey HKCR\CLSID\{0FE6A535-03A7-44E2-9B90-C43C246E6076}\InprocServer32 SUCCESS Key: 0xE23FD460 4.76458097 winlogon.exe:656 FlushKey HKCR\CLSID\{0FE6A535-03A7-44E2-9B90-C43C246E6076} SUCCESS Key: 0xE23AA740 4.76459466 winlogon.exe:656 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyyyxx\DllName SUCCESS "xxyyyxx.dll" 4.76460612 winlogon.exe:656 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyyyxx\DllName SUCCESS "xxyyyxx.dll" 4.76461953 winlogon.exe:656 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyyyxx\Impersonate SUCCESS 0x0 4.76463042 winlogon.exe:656 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyyyxx\Logon SUCCESS "Logon" 4.76464020 winlogon.exe:656 CloseKey HKCR\CLSID\{0FE6A535-03A7-44E2-9B90-C43C246E6076} SUCCESS Key: 0xE23AA740 4.76468574 winlogon.exe:656 CreateKey HKLM\SYSTEM\CurrentControlSet\Control\Session Manager SUCCESS Key: 0xE23AA740 4.76470110 winlogon.exe:656 QueryValue HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations NOTFOUND 4.76471395 winlogon.exe:656 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyyyxx\Logon SUCCESS "Logon" 4.76472764 winlogon.exe:656 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyyyxx\Logoff SUCCESS "Logoff" 4.76473854 winlogon.exe:656 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyyyxx\Logoff SUCCESS "Logoff" 4.76474915 winlogon.exe:656 FlushKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyyyxx SUCCESS Key: 0xE231CD30 4.76476368 winlogon.exe:656 QueryValue HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations2 NOTFOUND 4.76477346 winlogon.exe:656 FlushKey HKLM\SYSTEM\CurrentControlSet\Control\Session Manager SUCCESS Key: 0xE23AA740 4.76478519 winlogon.exe:656 CloseKey HKLM\SYSTEM\CurrentControlSet\Control\Session Manager SUCCESS Key: 0xE23AA740 4.76479972 winlogon.exe:656 CloseKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyyyxx SUCCESS Key: 0xE231CD30 4.96402643 winlogon.exe:656 CreateKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54CBB12C-3481-4C5D-942D-4976C0F0A406} SUCCESS Key: 0xE23AA740 4.96404068 winlogon.exe:656 FlushKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54CBB12C-3481-4C5D-942D-4976C0F0A406} SUCCESS Key: 0xE23AA740 4.96404459 winlogon.exe:656 CreateKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ SUCCESS Key: 0xE231CD30 4.96406219 winlogon.exe:656 CreateKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\\qopqo SUCCESS Key: 0xE23FD460 4.96407504 winlogon.exe:656 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\\qopqo\Asynchronous SUCCESS 0x1 4.96409376 winlogon.exe:656 CloseKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54CBB12C-3481-4C5D-942D-4976C0F0A406} SUCCESS Key: 0xE23AA740 4.96411779 winlogon.exe:656 CreateKey HKCR\CLSID\{54CBB12C-3481-4C5D-942D-4976C0F0A406} SUCCESS Key: 0xE23AA740 4.96414069 winlogon.exe:656 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\\qopqo\DllName SUCCESS "C:\WINDOWS\system32\qopqo.dll" 4.96415634 winlogon.exe:656 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\\qopqo\DllName SUCCESS "C:\WINDOWS\system32\qopqo.dll" 4.96416891 winlogon.exe:656 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\\qopqo\Impersonate SUCCESS 0x0 4.96418008 winlogon.exe:656 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\\qopqo\Startup SUCCESS "RealLogon" 4.96418651 winlogon.exe:656 CreateKey HKCR\CLSID\{54CBB12C-3481-4C5D-942D-4976C0F0A406}\InprocServer32 SUCCESS Key: 0xE2A8DBD8 4.96419824 winlogon.exe:656 QueryValue HKCR\CLSID\{54CBB12C-3481-4C5D-942D-4976C0F0A406}\InprocServer32\(Default) SUCCESS "C:\WINDOWS\system32\xxyyyxx.dll" 4.96420886 winlogon.exe:656 QueryValue HKCR\CLSID\{54CBB12C-3481-4C5D-942D-4976C0F0A406}\InprocServer32\(Default) SUCCESS "C:\WINDOWS\system32\xxyyyxx.dll" 4.96422618 winlogon.exe:656 QueryValue HKCR\CLSID\{54CBB12C-3481-4C5D-942D-4976C0F0A406}\InprocServer32\ThreadingModel SUCCESS "Both" 4.96423707 winlogon.exe:656 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\\qopqo\Startup SUCCESS "RealLogon" 4.96424937 winlogon.exe:656 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\\qopqo\Logoff SUCCESS "RealLogoff" 4.96425998 winlogon.exe:656 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\\qopqo\Logoff SUCCESS "RealLogoff" 4.96426976 winlogon.exe:656 FlushKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\\qopqo SUCCESS Key: 0xE23FD460 4.96428401 winlogon.exe:656 QueryValue HKCR\CLSID\{54CBB12C-3481-4C5D-942D-4976C0F0A406}\InprocServer32\ThreadingModel SUCCESS "Both" 4.96429881 winlogon.exe:656 CloseKey HKCR\CLSID\{54CBB12C-3481-4C5D-942D-4976C0F0A406}\InprocServer32 SUCCESS Key: 0xE2A8DBD8 4.96430775 winlogon.exe:656 FlushKey HKCR\CLSID\{54CBB12C-3481-4C5D-942D-4976C0F0A406} SUCCESS Key: 0xE23AA740 4.96432452 winlogon.exe:656 CloseKey HKCR\CLSID\{54CBB12C-3481-4C5D-942D-4976C0F0A406} SUCCESS Key: 0xE23AA740 4.96432815 winlogon.exe:656 CloseKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\\qopqo SUCCESS Key: 0xE23FD460 4.96433765 winlogon.exe:656 FlushKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ SUCCESS Key: 0xE231CD30 4.96434966 winlogon.exe:656 CloseKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ SUCCESS Key: 0xE231CD30 4.96439547 winlogon.exe:656 CreateKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks SUCCESS Key: 0xE23AA740 4.96440888 winlogon.exe:656 QueryValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{54CBB12C-3481-4C5D-942D-4976C0F0A406} SUCCESS "" 4.96442397 winlogon.exe:656 QueryValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{54CBB12C-3481-4C5D-942D-4976C0F0A406} SUCCESS "" 4.96442844 winlogon.exe:656 CreateKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FE6A535-03A7-44E2-9B90-C43C246E6076} SUCCESS Key: 0xE231CD30 4.96443850 winlogon.exe:656 FlushKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FE6A535-03A7-44E2-9B90-C43C246E6076} SUCCESS Key: 0xE231CD30 4.96445191 winlogon.exe:656 CloseKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FE6A535-03A7-44E2-9B90-C43C246E6076} SUCCESS Key: 0xE231CD30 4.96448264 winlogon.exe:656 CloseKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks SUCCESS Key: 0xE23AA740 4.96456952 winlogon.exe:656 CreateKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Settings SUCCESS Key: 0xE23AA740 4.96458852 winlogon.exe:656 QueryValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Settings\Time SUCCESS 10 AF F8 5B 5D A7 C7 01 ... 4.96459382 winlogon.exe:656 CreateKey HKCR\CLSID\{0FE6A535-03A7-44E2-9B90-C43C246E6076} SUCCESS Key: 0xE231CD30 4.96461142 winlogon.exe:656 CreateKey HKCR\CLSID\{0FE6A535-03A7-44E2-9B90-C43C246E6076}\InprocServer32 SUCCESS Key: 0xE23FD460 4.96462288 winlogon.exe:656 QueryValue HKCR\CLSID\{0FE6A535-03A7-44E2-9B90-C43C246E6076}\InprocServer32\(Default) SUCCESS "C:\WINDOWS\system32\qopqo.dll" 4.96463461 winlogon.exe:656 FlushKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Settings SUCCESS Key: 0xE23AA740 4.96464802 winlogon.exe:656 CloseKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Settings SUCCESS Key: 0xE23AA740 4.96468322 winlogon.exe:656 CreateKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyyyxx SUCCESS Key: 0xE23AA740 4.96468741 winlogon.exe:656 QueryValue HKCR\CLSID\{0FE6A535-03A7-44E2-9B90-C43C246E6076}\InprocServer32\(Default) SUCCESS "C:\WINDOWS\system32\qopqo.dll" 4.96470389 winlogon.exe:656 QueryValue HKCR\CLSID\{0FE6A535-03A7-44E2-9B90-C43C246E6076}\InprocServer32\ThreadingModel SUCCESS "Both" 4.96471423 winlogon.exe:656 QueryValue HKCR\CLSID\{0FE6A535-03A7-44E2-9B90-C43C246E6076}\InprocServer32\ThreadingModel SUCCESS "Both" 4.96473714 winlogon.exe:656 CloseKey HKCR\CLSID\{0FE6A535-03A7-44E2-9B90-C43C246E6076}\InprocServer32 SUCCESS Key: 0xE23FD460 4.96474105 winlogon.exe:656 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyyyxx\Asynchronous SUCCESS 0x1 4.96475222 winlogon.exe:656 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyyyxx\DllName SUCCESS "xxyyyxx.dll" 4.96476256 winlogon.exe:656 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyyyxx\DllName SUCCESS "xxyyyxx.dll" 4.96478100 winlogon.exe:656 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyyyxx\Impersonate SUCCESS 0x0 4.96478519 winlogon.exe:656 FlushKey HKCR\CLSID\{0FE6A535-03A7-44E2-9B90-C43C246E6076} SUCCESS Key: 0xE231CD30 4.96479720 winlogon.exe:656 CloseKey HKCR\CLSID\{0FE6A535-03A7-44E2-9B90-C43C246E6076} SUCCESS Key: 0xE231CD30 4.96484805 winlogon.exe:656 CreateKey HKLM\SYSTEM\CurrentControlSet\Control\Session Manager SUCCESS Key: 0xE231CD30 4.96485196 winlogon.exe:656 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyyyxx\Logon SUCCESS "Logon" 4.96486257 winlogon.exe:656 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyyyxx\Logon SUCCESS "Logon" 4.96487542 winlogon.exe:656 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyyyxx\Logoff SUCCESS "Logoff" 4.96489554 winlogon.exe:656 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyyyxx\Logoff SUCCESS "Logoff" 4.96489945 winlogon.exe:656 QueryValue HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations NOTFOUND 4.96491118 winlogon.exe:656 QueryValue HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations2 NOTFOUND 4.96492012 winlogon.exe:656 FlushKey HKLM\SYSTEM\CurrentControlSet\Control\Session Manager SUCCESS Key: 0xE231CD30 4.96493968 winlogon.exe:656 CloseKey HKLM\SYSTEM\CurrentControlSet\Control\Session Manager SUCCESS Key: 0xE231CD30 4.96494415 winlogon.exe:656 FlushKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyyyxx SUCCESS Key: 0xE23AA740 4.96495700 winlogon.exe:656 CloseKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyyyxx SUCCESS Key: 0xE23AA740 5.16439547 winlogon.exe:656 CreateKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ SUCCESS Key: 0xE23AA740 5.16441782 winlogon.exe:656 CreateKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\\qopqo SUCCESS Key: 0xE23FD460 5.16442257 winlogon.exe:656 CreateKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54CBB12C-3481-4C5D-942D-4976C0F0A406} SUCCESS Key: 0xE231CD30 5.16443682 winlogon.exe:656 FlushKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54CBB12C-3481-4C5D-942D-4976C0F0A406} SUCCESS Key: 0xE231CD30 5.16445945 winlogon.exe:656 CloseKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54CBB12C-3481-4C5D-942D-4976C0F0A406} SUCCESS Key: 0xE231CD30 5.16450080 winlogon.exe:656 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\\qopqo\Asynchronous SUCCESS 0x1 5.16451448 winlogon.exe:656 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\\qopqo\DllName SUCCESS "C:\WINDOWS\system32\qopqo.dll" 5.16452622 winlogon.exe:656 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\\qopqo\DllName SUCCESS "C:\WINDOWS\system32\qopqo.dll" 5.16454298 winlogon.exe:656 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\\qopqo\Impersonate SUCCESS 0x0 5.16454633 winlogon.exe:656 CreateKey HKCR\CLSID\{54CBB12C-3481-4C5D-942D-4976C0F0A406} SUCCESS Key: 0xE231CD30 5.16456533 winlogon.exe:656 CreateKey HKCR\CLSID\{54CBB12C-3481-4C5D-942D-4976C0F0A406}\InprocServer32 SUCCESS Key: 0xE2A8DBD8 5.16457762 winlogon.exe:656 QueryValue HKCR\CLSID\{54CBB12C-3481-4C5D-942D-4976C0F0A406}\InprocServer32\(Default) SUCCESS "C:\WINDOWS\system32\xxyyyxx.dll" 5.16459634 winlogon.exe:656 QueryValue HKCR\CLSID\{54CBB12C-3481-4C5D-942D-4976C0F0A406}\InprocServer32\(Default) SUCCESS "C:\WINDOWS\system32\xxyyyxx.dll" 5.16460025 winlogon.exe:656 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\\qopqo\Startup SUCCESS "RealLogon" 5.16461114 winlogon.exe:656 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\\qopqo\Startup SUCCESS "RealLogon" 5.16462288 winlogon.exe:656 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\\qopqo\Logoff SUCCESS "RealLogoff" 5.16465165 winlogon.exe:656 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\\qopqo\Logoff SUCCESS "RealLogoff" 5.16465556 winlogon.exe:656 QueryValue HKCR\CLSID\{54CBB12C-3481-4C5D-942D-4976C0F0A406}\InprocServer32\ThreadingModel SUCCESS "Both" 5.16466618 winlogon.exe:656 QueryValue HKCR\CLSID\{54CBB12C-3481-4C5D-942D-4976C0F0A406}\InprocServer32\ThreadingModel SUCCESS "Both" 5.16468071 winlogon.exe:656 CloseKey HKCR\CLSID\{54CBB12C-3481-4C5D-942D-4976C0F0A406}\InprocServer32 SUCCESS Key: 0xE2A8DBD8 5.16469384 winlogon.exe:656 FlushKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\\qopqo SUCCESS Key: 0xE23FD460 5.16470725 winlogon.exe:656 CloseKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\\qopqo SUCCESS Key: 0xE23FD460 5.16471674 winlogon.exe:656 FlushKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ SUCCESS Key: 0xE23AA740 5.16473043 winlogon.exe:656 FlushKey HKCR\CLSID\{54CBB12C-3481-4C5D-942D-4976C0F0A406} SUCCESS Key: 0xE231CD30 5.16474245 winlogon.exe:656 CloseKey HKCR\CLSID\{54CBB12C-3481-4C5D-942D-4976C0F0A406} SUCCESS Key: 0xE231CD30 5.16476815 winlogon.exe:656 CreateKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks SUCCESS Key: 0xE231CD30 5.16477541 winlogon.exe:656 CloseKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ SUCCESS Key: 0xE23AA740 5.16480474 winlogon.exe:656 CreateKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FE6A535-03A7-44E2-9B90-C43C246E6076} SUCCESS Key: 0xE23AA740 5.16481871 winlogon.exe:656 FlushKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FE6A535-03A7-44E2-9B90-C43C246E6076} SUCCESS Key: 0xE23AA740 5.16483883 winlogon.exe:656 QueryValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{54CBB12C-3481-4C5D-942D-4976C0F0A406} SUCCESS "" 5.16485168 winlogon.exe:656 QueryValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{54CBB12C-3481-4C5D-942D-4976C0F0A406} SUCCESS "" 5.16486453 winlogon.exe:656 CloseKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks SUCCESS Key: 0xE231CD30 5.16500114 winlogon.exe:656 CloseKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FE6A535-03A7-44E2-9B90-C43C246E6076} SUCCESS Key: 0xE23AA740 5.16502656 winlogon.exe:656 CreateKey HKCR\CLSID\{0FE6A535-03A7-44E2-9B90-C43C246E6076} SUCCESS Key: 0xE23AA740 5.16504779 winlogon.exe:656 CreateKey HKCR\CLSID\{0FE6A535-03A7-44E2-9B90-C43C246E6076}\InprocServer32 SUCCESS Key: 0xE23FD460 5.16505142 winlogon.exe:656 CreateKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Settings SUCCESS Key: 0xE231CD30 5.16506819 winlogon.exe:656 QueryValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Settings\Time SUCCESS 10 AF F8 5B 5D A7 C7 01 ... 5.16507768 winlogon.exe:656 FlushKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Settings SUCCESS Key: 0xE231CD30 5.16509920 winlogon.exe:656 CloseKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Settings SUCCESS Key: 0xE231CD30 5.16510339 winlogon.exe:656 QueryValue HKCR\CLSID\{0FE6A535-03A7-44E2-9B90-C43C246E6076}\InprocServer32\(Default) SUCCESS "C:\WINDOWS\system32\qopqo.dll" 5.16511372 winlogon.exe:656 QueryValue HKCR\CLSID\{0FE6A535-03A7-44E2-9B90-C43C246E6076}\InprocServer32\(Default) SUCCESS "C:\WINDOWS\system32\qopqo.dll" 5.16513048 winlogon.exe:656 QueryValue HKCR\CLSID\{0FE6A535-03A7-44E2-9B90-C43C246E6076}\InprocServer32\ThreadingModel SUCCESS "Both" 5.16516876 winlogon.exe:656 QueryValue HKCR\CLSID\{0FE6A535-03A7-44E2-9B90-C43C246E6076}\InprocServer32\ThreadingModel SUCCESS "Both" 5.16517267 winlogon.exe:656 CreateKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyyyxx SUCCESS Key: 0xE231CD30 5.16518468 winlogon.exe:656 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyyyxx\Asynchronous SUCCESS 0x1 5.16520759 winlogon.exe:656 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyyyxx\DllName SUCCESS "xxyyyxx.dll" 5.16521150 winlogon.exe:656 CloseKey HKCR\CLSID\{0FE6A535-03A7-44E2-9B90-C43C246E6076}\InprocServer32 SUCCESS Key: 0xE23FD460 5.16522072 winlogon.exe:656 FlushKey HKCR\CLSID\{0FE6A535-03A7-44E2-9B90-C43C246E6076} SUCCESS Key: 0xE23AA740 5.16523217 winlogon.exe:656 CloseKey HKCR\CLSID\{0FE6A535-03A7-44E2-9B90-C43C246E6076} SUCCESS Key: 0xE23AA740 5.16525620 winlogon.exe:656 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyyyxx\DllName SUCCESS "xxyyyxx.dll" 5.16526961 winlogon.exe:656 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyyyxx\Impersonate SUCCESS 0x0 5.16528022 winlogon.exe:656 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyyyxx\Logon SUCCESS "Logon" 5.16532045 winlogon.exe:656 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyyyxx\Logon SUCCESS "Logon" 5.16532408 winlogon.exe:656 CreateKey HKLM\SYSTEM\CurrentControlSet\Control\Session Manager SUCCESS Key: 0xE23AA740 5.16534029 winlogon.exe:656 QueryValue HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations NOTFOUND 5.16535537 winlogon.exe:656 QueryValue HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations2 NOTFOUND 5.16537437 winlogon.exe:656 FlushKey HKLM\SYSTEM\CurrentControlSet\Control\Session Manager SUCCESS Key: 0xE23AA740 5.16537828 winlogon.exe:656 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyyyxx\Logoff SUCCESS "Logoff" 5.16538918 winlogon.exe:656 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyyyxx\Logoff SUCCESS "Logoff" 5.16539979 winlogon.exe:656 FlushKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyyyxx SUCCESS Key: 0xE231CD30 5.16542158 winlogon.exe:656 CloseKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyyyxx SUCCESS Key: 0xE231CD30 5.16542521 winlogon.exe:656 CloseKey HKLM\SYSTEM\CurrentControlSet\Control\Session Manager SUCCESS Key: 0xE23AA740