continuous disk drive activity

E

Erick

Hi All,

Since a month, I have been working with my brand new Dell Dimension D
3,2GHz, 4Gb, 500Gb HDD.
Almost no additional software has been installed (XP Mediacenter, Office
and McAfee are running).

My problem:

There are continuous very audible write bursts (+/- 15 per min), even
without any user's input or activity.

I have been googling to found out which process was causing this ennoying
thing but I haven't founded yet so far.

I have disabled the automatic file indexing.
I have reduce the startup software to the minimum: clock + MacAfee + Windows
Messenger that I can't disable (but I would like!)
Monitoring the Task Manager gave me no indication of suspicious process.

Please, can you help me, I am getting crazy with this thing and Dell didn't
help me so far....

Many many thanks

Erick
 
E

Erick

Yes, definitely but at a much lesser rate. Booting Safe Mode, no Internet,
or network, no activity = still audible drive activity.

That's what I get with Diskmon....

0 23:02:33.109 0.00009537 0 Write 6465613 48
1 23:02:33.109 0.00009537 0 Write 6404181 8
2 23:02:33.109 0.00009537 0 Write 6404173 8
3 23:02:33.218 0.00012398 0 Write 10119405 1
4 23:02:33.218 0.00012398 0 Write 6404189 8
5 23:02:33.218 0.00012398 0 Write 10119406 1
6 23:02:33.218 0.00012398 0 Write 10119407 6
7 23:02:33.218 0.00012398 0 Write 9977381 2
8 23:02:33.218 0.00012398 0 Write 9977383 6
9 23:02:33.218 0.00012398 0 Write 9938221 2
10 23:02:33.218 0.00012398 0 Write 9938223 6
11 23:02:33.218 0.00012398 0 Write 9937101 2
12 23:02:33.218 0.00012398 0 Write 9937103 6
13 23:02:33.218 0.00012398 0 Write 9918981 2
14 23:02:33.218 0.00012398 0 Write 9918983 6
15 23:02:33.218 0.00012398 0 Write 9901853 2
16 23:02:33.218 0.00012398 0 Write 6404181 8
17 23:02:33.218 0.00012398 0 Write 10119405 1
18 23:02:33.218 0.00012398 0 Write 6465661 8
19 23:02:33.218 0.00012398 0 Write 6404189 8
20 23:02:33.218 0.00012398 0 Write 71874733 8
21 23:02:33.218 0.00012398 0 Write 71874901 8
22 23:02:33.218 0.00012398 0 Write 71875101 8
23 23:02:33.218 0.00012398 0 Write 71876821 8
24 23:02:33.218 0.00012398 0 Write 6404181 8
25 23:02:33.218 0.00012398 0 Write 71874045 8
26 23:02:33.218 0.00012398 0 Write 71874045 32
27 23:02:33.218 0.00012398 0 Write 6404189 8
28 23:02:33.218 0.00012398 0 Write 71874717 32
29 23:02:33.218 0.00012398 0 Write 71874053 8
30 23:02:33.218 0.00012398 0 Write 71874045 32
31 23:02:33.218 0.00012398 0 Write 71875101 32
32 23:02:33.218 0.00012398 0 Write 71874877 32
33 23:02:33.218 0.00012398 0 Write 71876797 32
34 23:02:33.218 0.00012398 0 Write 6404181 8
35 23:02:33.218 0.00012398 0 Write 71874045 8
36 23:02:33.218 0.00012398 0 Write 71874045 8
37 23:02:33.218 0.00012398 0 Write 6404189 8
38 23:02:33.218 0.00012398 0 Write 1943357 1
39 23:02:33.218 0.00012398 0 Write 6404181 8
40 23:02:33.218 0.00012398 0 Write 1943358 7
41 23:02:33.218 0.00012398 0 Write 1972661 7
42 23:02:33.218 0.00012398 0 Write 1972668 8
43 23:02:33.218 0.00012398 0 Write 1972676 1
44 23:02:33.218 0.00012398 0 Write 2045821 7
45 23:02:33.218 0.00012398 0 Write 2045828 8
46 23:02:33.218 0.00012398 0 Write 6404189 8
47 23:02:33.218 0.00012398 0 Write 1943357 1
48 23:02:33.218 0.00012398 0 Write 6404181 8
49 23:02:33.218 0.00012398 0 Write 6404189 8
50 23:02:33.218 0.00012398 0 Write 71641589 32
51 23:02:33.218 0.00012398 0 Write 6404181 8
52 23:02:33.218 0.00012398 0 Write 71658453 32
53 23:02:33.218 0.00012398 0 Write 71641589 32
54 23:02:33.218 0.00012398 0 Write 71658421 32
55 23:02:33.218 0.00012398 0 Write 6404189 8
56 23:02:33.218 0.00012398 0 Write 71641589 8
57 23:02:33.218 0.00012398 0 Write 6404181 8

TKS

Erick
 
E

Erick

Thanks, I will try this tomorrow. I 've already tried Diskmon.exe but what
can I do with this kind of info?

0 23:02:33.109 0.00009537 0 Write 6465613 48
1 23:02:33.109 0.00009537 0 Write 6404181 8
2 23:02:33.109 0.00009537 0 Write 6404173 8
3 23:02:33.218 0.00012398 0 Write 10119405 1
4 23:02:33.218 0.00012398 0 Write 6404189 8
5 23:02:33.218 0.00012398 0 Write 10119406 1
6 23:02:33.218 0.00012398 0 Write 10119407 6
7 23:02:33.218 0.00012398 0 Write 9977381 2
8 23:02:33.218 0.00012398 0 Write 9977383 6
9 23:02:33.218 0.00012398 0 Write 9938221 2
10 23:02:33.218 0.00012398 0 Write 9938223 6
11 23:02:33.218 0.00012398 0 Write 9937101 2
12 23:02:33.218 0.00012398 0 Write 9937103 6
13 23:02:33.218 0.00012398 0 Write 9918981 2
14 23:02:33.218 0.00012398 0 Write 9918983 6
15 23:02:33.218 0.00012398 0 Write 9901853 2
16 23:02:33.218 0.00012398 0 Write 6404181 8
17 23:02:33.218 0.00012398 0 Write 10119405 1
18 23:02:33.218 0.00012398 0 Write 6465661 8
19 23:02:33.218 0.00012398 0 Write 6404189 8
20 23:02:33.218 0.00012398 0 Write 71874733 8
21 23:02:33.218 0.00012398 0 Write 71874901 8
22 23:02:33.218 0.00012398 0 Write 71875101 8
23 23:02:33.218 0.00012398 0 Write 71876821 8
24 23:02:33.218 0.00012398 0 Write 6404181 8
25 23:02:33.218 0.00012398 0 Write 71874045 8
26 23:02:33.218 0.00012398 0 Write 71874045 32
27 23:02:33.218 0.00012398 0 Write 6404189 8
28 23:02:33.218 0.00012398 0 Write 71874717 32
29 23:02:33.218 0.00012398 0 Write 71874053 8
30 23:02:33.218 0.00012398 0 Write 71874045 32
31 23:02:33.218 0.00012398 0 Write 71875101 32
32 23:02:33.218 0.00012398 0 Write 71874877 32
33 23:02:33.218 0.00012398 0 Write 71876797 32
34 23:02:33.218 0.00012398 0 Write 6404181 8
35 23:02:33.218 0.00012398 0 Write 71874045 8
36 23:02:33.218 0.00012398 0 Write 71874045 8
37 23:02:33.218 0.00012398 0 Write 6404189 8
38 23:02:33.218 0.00012398 0 Write 1943357 1
39 23:02:33.218 0.00012398 0 Write 6404181 8
40 23:02:33.218 0.00012398 0 Write 1943358 7
41 23:02:33.218 0.00012398 0 Write 1972661 7
42 23:02:33.218 0.00012398 0 Write 1972668 8
43 23:02:33.218 0.00012398 0 Write 1972676 1
44 23:02:33.218 0.00012398 0 Write 2045821 7
45 23:02:33.218 0.00012398 0 Write 2045828 8
46 23:02:33.218 0.00012398 0 Write 6404189 8
47 23:02:33.218 0.00012398 0 Write 1943357 1
48 23:02:33.218 0.00012398 0 Write 6404181 8
49 23:02:33.218 0.00012398 0 Write 6404189 8
50 23:02:33.218 0.00012398 0 Write 71641589 32
51 23:02:33.218 0.00012398 0 Write 6404181 8
52 23:02:33.218 0.00012398 0 Write 71658453 32
53 23:02:33.218 0.00012398 0 Write 71641589 32
54 23:02:33.218 0.00012398 0 Write 71658421 32
55 23:02:33.218 0.00012398 0 Write 6404189 8
56 23:02:33.218 0.00012398 0 Write 71641589 8
57 23:02:33.218 0.00012398 0 Write 6404181 8

I would find it useful if the applications currently writing on the disk
were logged...

Erick



Hi Erick,

If you wish to see what is being written to the Hard Drive, download
Filemon v7.03 from http://www.sysinternals.com/FileAndDiskUtilities.html

Make sure to download the correct operating system version.
 
D

DatabaseBen

ok,
then we know that third party drivers are not loaded in safe mode.
i can think of a couple of things to try. But what seems to come to
mind is that you might have a problem with the ram.

For example if you ram was maybe like 64 megs, then your system would
be swapping data to the harddrive like crazy..... And if you have a pretty
fast
cpu, the degredation may not be as visiable. You may have sufficient ram,
but is it working...?

I think the first thing to do is to check out the ram. Has your cmos
found the ram on your mobo and reporting the correct amount and
speed. (some cmos may not provide all this info)

If so, then next is to do a diagnostics on the memory. There are several
avail and MS has one that can be downloaded and ran from a cd. Running
it from a cd at boot time is required before any data is booted from the hd.

Once faulty memory is ruled out, then we can go to the next set of
questions..., tomorrow.
 
T

thecreator

Hi Erick,

Nothing, because I do not use this program. I do not know.

I do use Filemon. With Filemon, you see which programs are doing the reading and writing to the Disks. And you see which processes are successful and which fail.
 
E

Erick

Thanks, I will use Filemon and report my findings...

Erick


Hi Erick,

Nothing, because I do not use this program. I do not know.

I do use Filemon. With Filemon, you see which programs are doing the
reading and writing to the Disks. And you see which processes are successful
and which fail.
 
E

Erick

OK but I've got 4 Gb at my disposal and I find this new PC dual core even
slower than my old one....
But can you believe me: when I check the System info by rightclicking "My
computer" and selecting "properties", I get only 3,25Gb RAM mentioned....
Do you think this could be an indication of prob. with my RAM?
When I get into the Bios, 4 Gb are well recognized....

Anyway, I will try the memory test you suggested and see the results that I
will report to you.

Thanks a lot for your input.

Erick
 
E

Erick

My first 2 minutes log of Filemon takes 8,47Mb.....and more than 100000
entries!
How do I proceed to allow you to analyse it?
Here follows the first 500 ms!

Erick

1 13:41:55.328 Filemon.exe:2476 IRP_MJ_QUERY_VOLUME_INFORMATION C:\ SUCCESS
FileFsAttributeInformation
2 13:41:55.328 Filemon.exe:2476 IRP_MJ_CLEANUP C:\ SUCCESS
3 13:41:55.328 Filemon.exe:2476 IRP_MJ_CLOSE C:\ SUCCESS
4 13:41:55.328 Filemon.exe:2476 IRP_MJ_QUERY_VOLUME_INFORMATION D:\ SUCCESS
FileFsAttributeInformation
5 13:41:55.328 Filemon.exe:2476 IRP_MJ_CLEANUP D:\ SUCCESS
6 13:41:55.328 Filemon.exe:2476 IRP_MJ_CLOSE D:\ SUCCESS
7 13:41:55.328 Filemon.exe:2476 IRP_MJ_CLEANUP \Device\LanmanRedirector
SUCCESS
8 13:41:55.328 Filemon.exe:2476 IRP_MJ_CLOSE \Device\LanmanRedirector
SUCCESS
9 13:41:55.328 explorer.exe:1996 FASTIO_QUERY_OPEN C:\Documents and
Settings\Papa\Desktop\Filemon\Filemon.exe SUCCESS Attributes: A
10 13:41:55.328 explorer.exe:1996 FASTIO_QUERY_OPEN C:\Documents and
Settings\Papa\Desktop\Filemon\Filemon.exe SUCCESS Attributes: A
11 13:41:55.328 explorer.exe:1996 FASTIO_QUERY_OPEN C:\Documents and
Settings\Papa\Desktop\Filemon\Filemon.exe SUCCESS Attributes: A
12 13:41:55.328 explorer.exe:1996 IRP_MJ_CREATE C:\Documents and
Settings\Papa\Desktop\Filemon\Filemon.exe SUCCESS Options: Open Access:
00100020
13 13:41:55.328 explorer.exe:1996 FASTIO_QUERY_STANDARD_INFO C:\Documents
and Settings\Papa\Desktop\Filemon\Filemon.exe SUCCESS Length: 446464
14 13:41:55.328 explorer.exe:1996 IRP_MJ_CLEANUP C:\Documents and
Settings\Papa\Desktop\Filemon\Filemon.exe SUCCESS
15 13:41:55.328 explorer.exe:1996 IRP_MJ_CLOSE C:\Documents and
Settings\Papa\Desktop\Filemon\Filemon.exe SUCCESS
16 13:41:55.343 Filemon.exe:2476 FASTIO_QUERY_OPEN
C:\progra~1\mcafee.com\vso\McVSSkt.dll SUCCESS Attributes: A
17 13:41:55.343 Filemon.exe:2476 IRP_MJ_CREATE
C:\progra~1\mcafee.com\vso\McVSSkt.dll SUCCESS Options: Open Access:
00100020
18 13:41:55.343 Filemon.exe:2476 FASTIO_QUERY_STANDARD_INFO
C:\progra~1\mcafee.com\vso\McVSSkt.dll SUCCESS Length: 98304
19 13:41:55.343 Filemon.exe:2476 IRP_MJ_CLEANUP
C:\progra~1\mcafee.com\vso\McVSSkt.dll SUCCESS
20 13:41:55.343 Filemon.exe:2476 IRP_MJ_CLOSE
C:\progra~1\mcafee.com\vso\McVSSkt.dll SUCCESS
21 13:41:55.343 System:4 IRP_MJ_QUERY_INFORMATION C:\Program
Files\McAfee.com\VSO\McVSSkt.Dll SUCCESS FileNameInformation
22 13:41:55.343 Filemon.exe:2476 FASTIO_QUERY_OPEN
C:\progra~1\mcafee.com\vso\McVSSkt.dll SUCCESS Attributes: A
23 13:41:55.343 Filemon.exe:2476 IRP_MJ_CREATE
C:\progra~1\mcafee.com\vso\McVSSkt.dll SUCCESS Options: Open Access:
00100020
24 13:41:55.343 Filemon.exe:2476 IRP_MJ_CLEANUP
C:\progra~1\mcafee.com\vso\McVSSkt.dll SUCCESS
25 13:41:55.343 Filemon.exe:2476 IRP_MJ_CLOSE
C:\progra~1\mcafee.com\vso\McVSSkt.dll SUCCESS
26 13:41:55.343 Filemon.exe:2476 FASTIO_QUERY_OPEN
C:\progra~1\mcafee.com\vso\WS2_32.dll NOT FOUND Attributes: Error
27 13:41:55.343 Filemon.exe:2476 FASTIO_QUERY_OPEN
C:\WINDOWS\system32\WS2_32.dll SUCCESS Attributes: A
28 13:41:55.343 Filemon.exe:2476 IRP_MJ_CREATE
C:\WINDOWS\system32\WS2_32.dll SUCCESS Options: Open Access: 00100020
29 13:41:55.343 Filemon.exe:2476 IRP_MJ_CLEANUP
C:\WINDOWS\system32\WS2_32.dll SUCCESS
30 13:41:55.343 Filemon.exe:2476 IRP_MJ_CLOSE
C:\WINDOWS\system32\WS2_32.dll SUCCESS
31 13:41:55.343 System:4 IRP_MJ_QUERY_INFORMATION
C:\WINDOWS\system32\ws2_32.dll SUCCESS FileNameInformation
32 13:41:55.343 Filemon.exe:2476 FASTIO_QUERY_OPEN
C:\progra~1\mcafee.com\vso\WS2HELP.dll NOT FOUND Attributes: Error
33 13:41:55.343 Filemon.exe:2476 FASTIO_QUERY_OPEN
C:\WINDOWS\system32\WS2HELP.dll SUCCESS Attributes: A
34 13:41:55.343 Filemon.exe:2476 IRP_MJ_CREATE
C:\WINDOWS\system32\WS2HELP.dll SUCCESS Options: Open Access: 00100020
35 13:41:55.343 Filemon.exe:2476 IRP_MJ_CLEANUP
C:\WINDOWS\system32\WS2HELP.dll SUCCESS
36 13:41:55.343 Filemon.exe:2476 IRP_MJ_CLOSE
C:\WINDOWS\system32\WS2HELP.dll SUCCESS
37 13:41:55.343 System:4 IRP_MJ_QUERY_INFORMATION
C:\WINDOWS\system32\ws2help.dll SUCCESS FileNameInformation
38 13:41:55.343 Filemon.exe:2476 IRP_MJ_CREATE C:\Documents and
Settings\Papa\Desktop\Filemon\appinit.ini NOT FOUND Options: Open Access:
Read
39 13:41:55.343 Filemon.exe:2476 IRP_MJ_READ* C: SUCCESS Offset: 1245184
Length: 8192
40 13:41:55.359 Filemon.exe:2476 IRP_MJ_READ* C: SUCCESS Offset: 937984
Length: 16384
41 13:41:55.359 mscifapp.exe:3496 FASTIO_QUERY_OPEN
C:\WINDOWS\system32\wtsapi32.dll SUCCESS Attributes: A
42 13:41:55.359 Filemon.exe:2476 FASTIO_QUERY_OPEN
C:\WINDOWS\system32\ntdll.dll SUCCESS Attributes: A
43 13:41:55.562 System:4 IRP_MJ_WRITE* C:\pagefile.sys SUCCESS Offset:
13856768 Length: 65536
44 13:41:55.562 System:4 IRP_MJ_WRITE* C:\pagefile.sys SUCCESS Offset:
13922304 Length: 65536
45 13:41:55.562 System:4 IRP_MJ_WRITE* C:\pagefile.sys SUCCESS Offset:
13987840 Length: 65536
46 13:41:55.562 System:4 IRP_MJ_WRITE* C:\pagefile.sys SUCCESS Offset:
14053376 Length: 65536
47 13:41:55.562 System:4 IRP_MJ_WRITE* C:\pagefile.sys SUCCESS Offset:
14118912 Length: 65536
48 13:41:55.562 System:4 IRP_MJ_WRITE* C:\pagefile.sys SUCCESS Offset:
14184448 Length: 65536
49 13:41:55.593 System:4 IRP_MJ_CREATE C:\Program Files\Logitech\Desktop
Messenger\8876480\Users\Papa\Data\L0000002.FCS SUCCESS Options: Open
Access: Read-Attributes
50 13:41:55.593 System:4 IRP_MJ_QUERY_INFORMATION C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS FileNetworkOpenInformation
51 13:41:55.593 System:4 IRP_MJ_CLEANUP C:\Program Files\Logitech\Desktop
Messenger\8876480\Users\Papa\Data\L0000002.FCS SUCCESS
52 13:41:55.593 System:4 IRP_MJ_CLOSE C:\Program Files\Logitech\Desktop
Messenger\8876480\Users\Papa\Data\L0000002.FCS SUCCESS
53 13:41:55.593 McShield.exe:608 IRP_MJ_CREATE C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS Options: Open Access: 00120180
54 13:41:55.593 McShield.exe:608 IRP_MJ_QUERY_INFORMATION C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS FileBasicInformation
55 13:41:55.593 McShield.exe:608 IRP_MJ_SET_INFORMATION C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS FileBasicInformation
56 13:41:55.593 McShield.exe:608 IRP_MJ_QUERY_INFORMATION C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS FileStandardInformation
57 13:41:55.593 McShield.exe:608 IRP_MJ_CLEANUP C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS
58 13:41:55.593 McShield.exe:608 IRP_MJ_CLOSE C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS
59 13:41:55.593 McShield.exe:608 IRP_MJ_CREATE C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS Options: Open Access: 00120180
60 13:41:55.593 McShield.exe:608 IRP_MJ_SET_INFORMATION C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS FileBasicInformation
61 13:41:55.593 McShield.exe:608 IRP_MJ_QUERY_INFORMATION C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS FileStandardInformation
62 13:41:55.593 McShield.exe:608 IRP_MJ_CLEANUP C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS
63 13:41:55.593 McShield.exe:608 IRP_MJ_CLOSE C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS
64 13:41:55.593 McShield.exe:608 IRP_MJ_CREATE C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SHARING VIOLATION Options: Open Access: 00120181
65 13:41:55.593 McShield.exe:608 IRP_MJ_CREATE C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS Options: Open Access: 00120180
66 13:41:55.593 McShield.exe:608 IRP_MJ_SET_INFORMATION C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS FileBasicInformation
67 13:41:55.593 McShield.exe:608 IRP_MJ_QUERY_INFORMATION C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS FileBasicInformation
68 13:41:55.593 McShield.exe:608 IRP_MJ_CLEANUP C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS
69 13:41:55.593 McShield.exe:608 IRP_MJ_CLOSE C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS
70 13:41:55.593 System:4 IRP_MJ_CREATE C:\Program Files\Logitech\Desktop
Messenger\8876480\Users\Papa\Data\L0000002.FCS SUCCESS Options: Open
Access: Read-Attributes
71 13:41:55.593 System:4 IRP_MJ_QUERY_INFORMATION C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS FileNetworkOpenInformation
72 13:41:55.593 System:4 IRP_MJ_CLEANUP C:\Program Files\Logitech\Desktop
Messenger\8876480\Users\Papa\Data\L0000002.FCS SUCCESS
73 13:41:55.593 System:4 IRP_MJ_CLOSE C:\Program Files\Logitech\Desktop
Messenger\8876480\Users\Papa\Data\L0000002.FCS SUCCESS
74 13:41:55.593 McShield.exe:608 IRP_MJ_CREATE C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS Options: Open Access: 00120180
75 13:41:55.593 McShield.exe:608 IRP_MJ_QUERY_INFORMATION C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS FileBasicInformation
76 13:41:55.593 McShield.exe:608 IRP_MJ_SET_INFORMATION C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS FileBasicInformation
77 13:41:55.593 McShield.exe:608 IRP_MJ_QUERY_INFORMATION C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS FileStandardInformation
78 13:41:55.593 McShield.exe:608 IRP_MJ_CLEANUP C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS
79 13:41:55.593 McShield.exe:608 IRP_MJ_CLOSE C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS
80 13:41:55.593 McShield.exe:608 IRP_MJ_CREATE C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS Options: Open Access: 00120180
81 13:41:55.593 McShield.exe:608 IRP_MJ_SET_INFORMATION C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS FileBasicInformation
82 13:41:55.593 McShield.exe:608 IRP_MJ_QUERY_INFORMATION C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS FileStandardInformation
83 13:41:55.593 McShield.exe:608 IRP_MJ_CLEANUP C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS
84 13:41:55.593 McShield.exe:608 IRP_MJ_CLOSE C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS
85 13:41:55.593 McShield.exe:608 IRP_MJ_CREATE C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SHARING VIOLATION Options: Open Access: 00120181
86 13:41:55.593 McShield.exe:608 IRP_MJ_CREATE C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS Options: Open Access: 00120180
87 13:41:55.593 McShield.exe:608 IRP_MJ_SET_INFORMATION C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS FileBasicInformation
88 13:41:55.593 McShield.exe:608 IRP_MJ_QUERY_INFORMATION C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS FileBasicInformation
89 13:41:55.593 McShield.exe:608 IRP_MJ_CLEANUP C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS
90 13:41:55.593 McShield.exe:608 IRP_MJ_CLOSE C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS
91 13:41:55.593 System:4 IRP_MJ_CREATE C:\Program Files\Logitech\Desktop
Messenger\8876480\Users\Papa\Data\L0000002.FCS SUCCESS Options: Open
Access: Read-Attributes
92 13:41:55.593 System:4 IRP_MJ_CREATE C:\Program Files\Logitech\Desktop
Messenger\8876480\Users\Papa\Data\L0000002.FCS SUCCESS Options: Open
Access: Read-Attributes
93 13:41:55.593 System:4 IRP_MJ_QUERY_INFORMATION C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS FileNetworkOpenInformation
94 13:41:55.593 System:4 IRP_MJ_QUERY_INFORMATION C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS FileNetworkOpenInformation
95 13:41:55.593 System:4 IRP_MJ_CLEANUP C:\Program Files\Logitech\Desktop
Messenger\8876480\Users\Papa\Data\L0000002.FCS SUCCESS
96 13:41:55.593 System:4 IRP_MJ_CLEANUP C:\Program Files\Logitech\Desktop
Messenger\8876480\Users\Papa\Data\L0000002.FCS SUCCESS
97 13:41:55.593 System:4 IRP_MJ_CLOSE C:\Program Files\Logitech\Desktop
Messenger\8876480\Users\Papa\Data\L0000002.FCS SUCCESS
98 13:41:55.593 System:4 IRP_MJ_CLOSE C:\Program Files\Logitech\Desktop
Messenger\8876480\Users\Papa\Data\L0000002.FCS SUCCESS
99 13:41:55.593 McShield.exe:608 IRP_MJ_CREATE C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS Options: Open Access: 00120180
100 13:41:55.593 McShield.exe:608 IRP_MJ_QUERY_INFORMATION C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS FileBasicInformation
101 13:41:55.593 McShield.exe:608 IRP_MJ_SET_INFORMATION C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS FileBasicInformation
102 13:41:55.593 McShield.exe:608 IRP_MJ_CREATE C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS Options: Open Access: 00120180
103 13:41:55.593 McShield.exe:608 IRP_MJ_QUERY_INFORMATION C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS FileStandardInformation
104 13:41:55.593 McShield.exe:608 IRP_MJ_CLEANUP C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS
105 13:41:55.593 McShield.exe:608 IRP_MJ_QUERY_INFORMATION C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS FileBasicInformation
106 13:41:55.593 McShield.exe:608 IRP_MJ_CLOSE C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS
107 13:41:55.593 McShield.exe:608 IRP_MJ_SET_INFORMATION C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS FileBasicInformation
108 13:41:55.593 McShield.exe:608 IRP_MJ_QUERY_INFORMATION C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS FileStandardInformation
109 13:41:55.593 McShield.exe:608 IRP_MJ_CLEANUP C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS
110 13:41:55.593 McShield.exe:608 IRP_MJ_CLOSE C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS
111 13:41:55.593 McShield.exe:608 IRP_MJ_CREATE C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS Options: Open Access: 00120180
112 13:41:55.593 McShield.exe:608 IRP_MJ_SET_INFORMATION C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS FileBasicInformation
113 13:41:55.593 McShield.exe:608 IRP_MJ_QUERY_INFORMATION C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS FileStandardInformation
114 13:41:55.593 McShield.exe:608 IRP_MJ_CLEANUP C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS
115 13:41:55.593 McShield.exe:608 IRP_MJ_CLOSE C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS
116 13:41:55.593 McShield.exe:608 IRP_MJ_CREATE C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS Options: Open Access: 00120180
117 13:41:55.593 McShield.exe:608 IRP_MJ_CREATE C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SHARING VIOLATION Options: Open Access: 00120181
118 13:41:55.593 McShield.exe:608 IRP_MJ_SET_INFORMATION C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS FileBasicInformation
119 13:41:55.593 McShield.exe:608 IRP_MJ_QUERY_INFORMATION C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS FileStandardInformation
120 13:41:55.593 McShield.exe:608 IRP_MJ_CLEANUP C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS
121 13:41:55.593 McShield.exe:608 IRP_MJ_CLOSE C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS
122 13:41:55.593 McShield.exe:608 IRP_MJ_CREATE C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS Options: Open Access: 00120180
123 13:41:55.593 McShield.exe:608 IRP_MJ_CREATE C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SHARING VIOLATION Options: Open Access: 00120181
124 13:41:55.593 McShield.exe:608 IRP_MJ_SET_INFORMATION C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS FileBasicInformation
125 13:41:55.593 McShield.exe:608 IRP_MJ_QUERY_INFORMATION C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS FileBasicInformation
126 13:41:55.593 McShield.exe:608 IRP_MJ_CLEANUP C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS
127 13:41:55.593 McShield.exe:608 IRP_MJ_CLOSE C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS
128 13:41:55.593 McShield.exe:608 IRP_MJ_CREATE C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS Options: Open Access: 00120180
129 13:41:55.593 System:4 IRP_MJ_CREATE C:\Program Files\Logitech\Desktop
Messenger\8876480\Users\Papa\Data\L0000002.FCS SUCCESS Options: Open
Access: Read-Attributes
130 13:41:55.593 McShield.exe:608 IRP_MJ_SET_INFORMATION C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS FileBasicInformation
131 13:41:55.593 System:4 IRP_MJ_QUERY_INFORMATION C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS FileNetworkOpenInformation
132 13:41:55.593 McShield.exe:608 IRP_MJ_QUERY_INFORMATION C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS FileBasicInformation
133 13:41:55.593 System:4 IRP_MJ_CLEANUP C:\Program Files\Logitech\Desktop
Messenger\8876480\Users\Papa\Data\L0000002.FCS SUCCESS
134 13:41:55.593 McShield.exe:608 IRP_MJ_CLEANUP C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS
135 13:41:55.593 System:4 IRP_MJ_CLOSE C:\Program Files\Logitech\Desktop
Messenger\8876480\Users\Papa\Data\L0000002.FCS SUCCESS
136 13:41:55.593 McShield.exe:608 IRP_MJ_CLOSE C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS
137 13:41:55.593 McShield.exe:608 IRP_MJ_CREATE C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS Options: Open Access: 00120180
138 13:41:55.593 System:4 IRP_MJ_CREATE C:\Program Files\Logitech\Desktop
Messenger\8876480\Users\Papa\Data\L0000002.FCS SUCCESS Options: Open
Access: Read-Attributes
139 13:41:55.593 McShield.exe:608 IRP_MJ_QUERY_INFORMATION C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS FileBasicInformation
140 13:41:55.593 System:4 IRP_MJ_QUERY_INFORMATION C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS FileNetworkOpenInformation
141 13:41:55.593 McShield.exe:608 IRP_MJ_SET_INFORMATION C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS FileBasicInformation
142 13:41:55.593 McShield.exe:608 IRP_MJ_QUERY_INFORMATION C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS FileStandardInformation
143 13:41:55.593 System:4 IRP_MJ_CLEANUP C:\Program Files\Logitech\Desktop
Messenger\8876480\Users\Papa\Data\L0000002.FCS SUCCESS
144 13:41:55.593 McShield.exe:608 IRP_MJ_CLEANUP C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS
145 13:41:55.593 System:4 IRP_MJ_CLOSE C:\Program Files\Logitech\Desktop
Messenger\8876480\Users\Papa\Data\L0000002.FCS SUCCESS
146 13:41:55.593 McShield.exe:608 IRP_MJ_CLOSE C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS
147 13:41:55.593 McShield.exe:608 IRP_MJ_CREATE C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS Options: Open Access: 00120180
148 13:41:55.593 McShield.exe:608 IRP_MJ_CREATE C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS Options: Open Access: 00120180
149 13:41:55.593 McShield.exe:608 IRP_MJ_QUERY_INFORMATION C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS FileBasicInformation
150 13:41:55.593 McShield.exe:608 IRP_MJ_SET_INFORMATION C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS FileBasicInformation
151 13:41:55.593 McShield.exe:608 IRP_MJ_SET_INFORMATION C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS FileBasicInformation
152 13:41:55.593 McShield.exe:608 IRP_MJ_QUERY_INFORMATION C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS FileStandardInformation
153 13:41:55.593 McShield.exe:608 IRP_MJ_QUERY_INFORMATION C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS FileStandardInformation
154 13:41:55.593 McShield.exe:608 IRP_MJ_CLEANUP C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS
155 13:41:55.593 McShield.exe:608 IRP_MJ_CLEANUP C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS
156 13:41:55.593 McShield.exe:608 IRP_MJ_CLOSE C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS
157 13:41:55.593 McShield.exe:608 IRP_MJ_CLOSE C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS
158 13:41:55.593 McShield.exe:608 IRP_MJ_CREATE C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SHARING VIOLATION Options: Open Access: 00120181
159 13:41:55.593 McShield.exe:608 IRP_MJ_CREATE C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS Options: Open Access: 00120180
160 13:41:55.593 McShield.exe:608 IRP_MJ_SET_INFORMATION C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS FileBasicInformation
161 13:41:55.593 McShield.exe:608 IRP_MJ_CREATE C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS Options: Open Access: 00120180
162 13:41:55.593 McShield.exe:608 IRP_MJ_QUERY_INFORMATION C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS FileStandardInformation
163 13:41:55.593 McShield.exe:608 IRP_MJ_SET_INFORMATION C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS FileBasicInformation
164 13:41:55.593 McShield.exe:608 IRP_MJ_CLEANUP C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS
165 13:41:55.593 McShield.exe:608 IRP_MJ_QUERY_INFORMATION C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS FileBasicInformation
166 13:41:55.593 McShield.exe:608 IRP_MJ_CLOSE C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS
167 13:41:55.593 McShield.exe:608 IRP_MJ_CLEANUP C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS
168 13:41:55.593 McShield.exe:608 IRP_MJ_CLOSE C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS
169 13:41:55.593 McShield.exe:608 IRP_MJ_CREATE C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SHARING VIOLATION Options: Open Access: 00120181
170 13:41:55.593 McShield.exe:608 IRP_MJ_CREATE C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS Options: Open Access: 00120180
171 13:41:55.593 McShield.exe:608 IRP_MJ_SET_INFORMATION C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS FileBasicInformation
172 13:41:55.593 McShield.exe:608 IRP_MJ_QUERY_INFORMATION C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS FileBasicInformation
173 13:41:55.593 McShield.exe:608 IRP_MJ_CLEANUP C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS
174 13:41:55.593 McShield.exe:608 IRP_MJ_CLOSE C:\Program
Files\Logitech\Desktop Messenger\8876480\Users\Papa\Data\L0000002.FCS
SUCCESS
175 13:41:55.828 Filemon.exe:2476 FASTIO_QUERY_OPEN
C:\WINDOWS\system32\SHELL32.dll SUCCESS Attributes: A
176 13:41:55.828 Filemon.exe:2476 FASTIO_QUERY_OPEN C:\Documents and
Settings\Papa\Desktop\Filemon\SETUPAPI.dll NOT FOUND Attributes: Error
177 13:41:55.828 Filemon.exe:2476 FASTIO_QUERY_OPEN
C:\WINDOWS\system32\SETUPAPI.dll SUCCESS Attributes: A
178 13:41:55.828 Filemon.exe:2476 IRP_MJ_CREATE
C:\WINDOWS\system32\SETUPAPI.dll SUCCESS Options: Open Access: 00100020
179 13:41:55.828 Filemon.exe:2476 IRP_MJ_CLEANUP
C:\WINDOWS\system32\SETUPAPI.dll SUCCESS
180 13:41:55.828 Filemon.exe:2476 IRP_MJ_CLOSE
C:\WINDOWS\system32\SETUPAPI.dll SUCCESS
181 13:41:55.828 System:4 IRP_MJ_QUERY_INFORMATION
C:\WINDOWS\system32\setupapi.dll SUCCESS FileNameInformation
182 13:41:55.828 Filemon.exe:2476 FASTIO_QUERY_OPEN C:\WINDOWS\ SUCCESS
Attributes: D
183 13:41:55.828 Filemon.exe:2476 IRP_MJ_CREATE C:\ SUCCESS Options: Open
Directory Access: 00100001
184 13:41:55.828 Filemon.exe:2476 IRP_MJ_DIRECTORY_CONTROL C:\ SUCCESS
FileBothDirectoryInformation: Documents and Settings
185 13:41:55.828 Filemon.exe:2476 IRP_MJ_CLEANUP C:\ SUCCESS
186 13:41:55.828 Filemon.exe:2476 IRP_MJ_CLOSE C:\ SUCCESS
187 13:41:55.828 Filemon.exe:2476 IRP_MJ_CREATE C:\Documents and Settings\
SUCCESS Options: Open Directory Access: 00100001
188 13:41:55.828 Filemon.exe:2476 IRP_MJ_DIRECTORY_CONTROL C:\Documents and
Settings\ SUCCESS FileBothDirectoryInformation: Papa
189 13:41:55.828 Filemon.exe:2476 IRP_MJ_CLEANUP C:\Documents and Settings\
SUCCESS
190 13:41:55.828 Filemon.exe:2476 IRP_MJ_CLOSE C:\Documents and Settings\
SUCCESS
191 13:41:55.828 Filemon.exe:2476 IRP_MJ_CREATE C:\Documents and
Settings\Papa\ SUCCESS Options: Open Directory Access: 00100001
192 13:41:55.828 Filemon.exe:2476 IRP_MJ_DIRECTORY_CONTROL C:\Documents and
Settings\Papa\ SUCCESS FileBothDirectoryInformation: Desktop
193 13:41:55.828 Filemon.exe:2476 IRP_MJ_CLEANUP C:\Documents and
Settings\Papa\ SUCCESS
194 13:41:55.828 Filemon.exe:2476 IRP_MJ_CLOSE C:\Documents and
Settings\Papa\ SUCCESS
195 13:41:55.828 Filemon.exe:2476 IRP_MJ_CREATE C:\Documents and
Settings\Papa\Desktop\ SUCCESS Options: Open Directory Access: 00100001
196 13:41:55.828 Filemon.exe:2476 IRP_MJ_DIRECTORY_CONTROL C:\Documents and
Settings\Papa\Desktop\ SUCCESS FileBothDirectoryInformation: Filemon
197 13:41:55.828 Filemon.exe:2476 IRP_MJ_CLEANUP C:\Documents and
Settings\Papa\Desktop\ SUCCESS
198 13:41:55.828 Filemon.exe:2476 IRP_MJ_CLOSE C:\Documents and
Settings\Papa\Desktop\ SUCCESS
199 13:41:55.828 Filemon.exe:2476 IRP_MJ_CREATE C:\Documents and
Settings\Papa\Desktop\Filemon\ SUCCESS Options: Open Directory Access:
00100001
200 13:41:55.828 Filemon.exe:2476 IRP_MJ_DIRECTORY_CONTROL C:\Documents and
Settings\Papa\Desktop\Filemon\ SUCCESS FileBothDirectoryInformation:
Filemon.exe
201 13:41:55.828 Filemon.exe:2476 IRP_MJ_CLEANUP C:\Documents and
Settings\Papa\Desktop\Filemon\ SUCCESS
202 13:41:55.828 Filemon.exe:2476 IRP_MJ_CLOSE C:\Documents and
Settings\Papa\Desktop\Filemon\ SUCCESS
203 13:41:55.843 Filemon.exe:2476 FASTIO_QUERY_OPEN
C:\WINDOWS\system32\SHELL32.dll SUCCESS Attributes: A
204 13:41:55.843 Filemon.exe:2476 FASTIO_QUERY_OPEN
C:\WINDOWS\system32\SHELL32.dll SUCCESS Attributes: A
205 13:41:55.843 Filemon.exe:2476 FASTIO_QUERY_OPEN
C:\WINDOWS\system32\SHELL32.dll SUCCESS Attributes: A
206 13:41:55.843 Filemon.exe:2476 FASTIO_QUERY_OPEN
C:\WINDOWS\system32\SHELL32.dll SUCCESS Attributes: A
207 13:41:55.843 Filemon.exe:2476 FASTIO_QUERY_OPEN
C:\WINDOWS\system32\SHELL32.dll SUCCESS Attributes: A
208 13:41:55.843 Filemon.exe:2476 FASTIO_QUERY_OPEN
C:\WINDOWS\system32\SHELL32.dll SUCCESS Attributes: A
209 13:41:55.843 Filemon.exe:2476 FASTIO_QUERY_OPEN
C:\WINDOWS\system32\SHELL32.dll SUCCESS Attributes: A
210 13:41:55.843 Filemon.exe:2476 FASTIO_QUERY_OPEN
C:\WINDOWS\system32\SHELL32.dll SUCCESS Attributes: A
211 13:41:55.843 Filemon.exe:2476 FASTIO_QUERY_OPEN
C:\WINDOWS\system32\SHELL32.dll SUCCESS Attributes: A
212 13:41:55.843 Filemon.exe:2476 FASTIO_QUERY_OPEN
C:\WINDOWS\system32\SHELL32.dll SUCCESS Attributes: A
213 13:41:55.843 Filemon.exe:2476 FASTIO_QUERY_OPEN
C:\WINDOWS\system32\SHELL32.dll SUCCESS Attributes: A
214 13:41:55.843 Filemon.exe:2476 FASTIO_QUERY_OPEN
C:\WINDOWS\system32\SHELL32.dll SUCCESS Attributes: A
215 13:41:55.843 Filemon.exe:2476 FASTIO_QUERY_OPEN
C:\WINDOWS\system32\rpcss.dll SUCCESS Attributes: A
216 13:41:55.843 Filemon.exe:2476 IRP_MJ_CREATE
C:\WINDOWS\system32\rpcss.dll SUCCESS Options: Open Access: 00100020
217 13:41:55.843 Filemon.exe:2476 FASTIO_QUERY_STANDARD_INFO
C:\WINDOWS\system32\rpcss.dll SUCCESS Length: 397824
218 13:41:55.843 Filemon.exe:2476 IRP_MJ_CLEANUP
C:\WINDOWS\system32\rpcss.dll SUCCESS
219 13:41:55.843 Filemon.exe:2476 IRP_MJ_CLOSE
C:\WINDOWS\system32\rpcss.dll SUCCESS
220 13:41:55.843 System:4 IRP_MJ_QUERY_INFORMATION
C:\WINDOWS\system32\rpcss.dll SUCCESS FileNameInformation
221 13:41:55.843 System:4 IRP_MJ_QUERY_INFORMATION
C:\WINDOWS\system32\apphelp.dll SUCCESS FileNameInformation
222 13:41:55.843 Filemon.exe:2476 IRP_MJ_CREATE
C:\WINDOWS\System32\cscui.dll SUCCESS Options: Open Access: Read
223 13:41:55.843 Filemon.exe:2476 FASTIO_QUERY_BASIC_INFO
C:\WINDOWS\System32\cscui.dll SUCCESS Attributes: A
224 13:41:55.843 Filemon.exe:2476 FASTIO_QUERY_STANDARD_INFO
C:\WINDOWS\System32\cscui.dll SUCCESS Length: 326656
225 13:41:55.843 Filemon.exe:2476 IRP_MJ_CLEANUP
C:\WINDOWS\System32\cscui.dll SUCCESS
226 13:41:55.843 Filemon.exe:2476 IRP_MJ_CLOSE
C:\WINDOWS\System32\cscui.dll SUCCESS
227 13:41:55.843 Filemon.exe:2476 FASTIO_QUERY_OPEN C:\Documents and
Settings\Papa\Desktop\Filemon\CLBCATQ.DLL NOT FOUND Attributes: Error
228 13:41:55.843 Filemon.exe:2476 FASTIO_QUERY_OPEN
C:\WINDOWS\system32\CLBCATQ.DLL SUCCESS Attributes: A
229 13:41:55.843 Filemon.exe:2476 IRP_MJ_CREATE
C:\WINDOWS\system32\CLBCATQ.DLL SUCCESS Options: Open Access: 00100020
230 13:41:55.843 Filemon.exe:2476 IRP_MJ_CLEANUP
C:\WINDOWS\system32\CLBCATQ.DLL SUCCESS
231 13:41:55.843 Filemon.exe:2476 IRP_MJ_CLOSE
C:\WINDOWS\system32\CLBCATQ.DLL SUCCESS
232 13:41:55.843 System:4 IRP_MJ_QUERY_INFORMATION
C:\WINDOWS\system32\clbcatq.dll SUCCESS FileNameInformation
233 13:41:55.843 Filemon.exe:2476 FASTIO_QUERY_OPEN C:\Documents and
Settings\Papa\Desktop\Filemon\COMRes.dll NOT FOUND Attributes: Error
234 13:41:55.843 Filemon.exe:2476 FASTIO_QUERY_OPEN
C:\WINDOWS\system32\COMRes.dll SUCCESS Attributes: A
235 13:41:55.843 Filemon.exe:2476 IRP_MJ_CREATE
C:\WINDOWS\system32\COMRes.dll SUCCESS Options: Open Access: 00100020
236 13:41:55.843 Filemon.exe:2476 IRP_MJ_CLEANUP
C:\WINDOWS\system32\COMRes.dll SUCCESS
237 13:41:55.843 Filemon.exe:2476 IRP_MJ_CLOSE
C:\WINDOWS\system32\COMRes.dll SUCCESS
238 13:41:55.843 System:4 IRP_MJ_QUERY_INFORMATION
C:\WINDOWS\system32\comres.dll SUCCESS FileNameInformation
239 13:41:55.843 Filemon.exe:2476 FASTIO_QUERY_OPEN C:\WINDOWS\Registration
SUCCESS Attributes: D
240 13:41:55.843 Filemon.exe:2476 IRP_MJ_CREATE
C:\WINDOWS\Registration\R00000000001a.clb SUCCESS Options: Open Access:
Read
241 13:41:55.843 Filemon.exe:2476 FASTIO_QUERY_STANDARD_INFO
C:\WINDOWS\Registration\R00000000001a.clb SUCCESS Length: 34536
242 13:41:55.843 Filemon.exe:2476 IRP_MJ_READ
C:\WINDOWS\Registration\R00000000001a.clb SUCCESS Offset: 0 Length: 34536
243 13:41:55.843 System:4 IRP_MJ_CLOSE
C:\WINDOWS\Registration\R00000000001a.clb SUCCESS
244 13:41:55.843 System:4 IRP_MJ_QUERY_INFORMATION
C:\WINDOWS\Registration\R00000000001a.clb SUCCESS FileNameInformation
245 13:41:55.843 Filemon.exe:2476 IRP_MJ_CLEANUP
C:\WINDOWS\Registration\R00000000001a.clb SUCCESS
246 13:41:55.843 Filemon.exe:2476 FASTIO_QUERY_OPEN
C:\WINDOWS\System32\cscui.dll SUCCESS Attributes: A
247 13:41:55.843 Filemon.exe:2476 IRP_MJ_CREATE
C:\WINDOWS\System32\cscui.dll SUCCESS Options: Open Access: 00100020
248 13:41:55.843 Filemon.exe:2476 FASTIO_QUERY_STANDARD_INFO
C:\WINDOWS\System32\cscui.dll SUCCESS Length: 326656
249 13:41:55.843 Filemon.exe:2476 IRP_MJ_CLEANUP
C:\WINDOWS\System32\cscui.dll SUCCESS
250 13:41:55.843 Filemon.exe:2476 IRP_MJ_CLOSE
C:\WINDOWS\System32\cscui.dll SUCCESS
251 13:41:55.843 System:4 IRP_MJ_QUERY_INFORMATION
C:\WINDOWS\system32\cscui.dll SUCCESS FileNameInformation
252 13:41:55.843 Filemon.exe:2476 FASTIO_QUERY_OPEN
C:\WINDOWS\System32\cscui.dll SUCCESS Attributes: A
253 13:41:55.843 Filemon.exe:2476 IRP_MJ_CREATE
C:\WINDOWS\System32\cscui.dll SUCCESS Options: Open Access: 00100020
254 13:41:55.843 Filemon.exe:2476 IRP_MJ_CLEANUP
C:\WINDOWS\System32\cscui.dll SUCCESS
255 13:41:55.843 Filemon.exe:2476 IRP_MJ_CLOSE
C:\WINDOWS\System32\cscui.dll SUCCESS
256 13:41:55.843 Filemon.exe:2476 FASTIO_QUERY_OPEN
C:\WINDOWS\System32\CSCDLL.dll SUCCESS Attributes: A
257 13:41:55.843 Filemon.exe:2476 IRP_MJ_CREATE
C:\WINDOWS\System32\CSCDLL.dll SUCCESS Options: Open Access: 00100020
258 13:41:55.843 Filemon.exe:2476 IRP_MJ_CLEANUP
C:\WINDOWS\System32\CSCDLL.dll SUCCESS
259 13:41:55.843 Filemon.exe:2476 IRP_MJ_CLOSE
C:\WINDOWS\System32\CSCDLL.dll SUCCESS
260 13:41:55.843 System:4 IRP_MJ_QUERY_INFORMATION
C:\WINDOWS\system32\cscdll.dll SUCCESS FileNameInformation
261 13:41:55.843 Filemon.exe:2476 IRP_MJ_CREATE
C:\WINDOWS\System32\cscui.dll SUCCESS Options: Open Access: 001200A9
262 13:41:55.843 Filemon.exe:2476 FASTIO_QUERY_STANDARD_INFO
C:\WINDOWS\System32\cscui.dll SUCCESS Length: 326656
263 13:41:55.843 Filemon.exe:2476 IRP_MJ_CREATE
C:\WINDOWS\System32\cscui.dll.124.Manifest NOT FOUND Options: Open Access:
001200A9
264 13:41:55.843 Filemon.exe:2476 IRP_MJ_CREATE
C:\WINDOWS\System32\cscui.dll.124.Config NOT FOUND Options: Open Access:
001200A9
265 13:41:55.843 csrss.exe:768 IRP_MJ_CREATE
C:\WINDOWS\WinSxS\Policies\x86_Policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_en-US_580a28ff\
NOT FOUND Options: Open Directory Access: 00100001
266 13:41:55.843 csrss.exe:768 IRP_MJ_CREATE
C:\WINDOWS\Assembly\GAC\Policy.6.0.Microsoft.Windows.Common-Controls\ NOT
FOUND Options: Open Directory Access: 00100001
267 13:41:55.843 csrss.exe:768 FASTIO_QUERY_OPEN C:\WINDOWS\System32\en-US
NOT FOUND Attributes: Error
268 13:41:55.843 csrss.exe:768 FASTIO_QUERY_OPEN C:\WINDOWS\System32\en NOT
FOUND Attributes: Error
269 13:41:55.843 csrss.exe:768 FASTIO_QUERY_OPEN C:\WINDOWS\System32\
SUCCESS Attributes: D
270 13:41:55.843 csrss.exe:768 FASTIO_QUERY_OPEN C:\WINDOWS\System32\
SUCCESS Attributes: D
271 13:41:55.843 csrss.exe:768 FASTIO_QUERY_OPEN
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_en-US_f6b1e800.Manifest
NOT FOUND Attributes: Error
272 13:41:55.843 csrss.exe:768 FASTIO_QUERY_OPEN
C:\WINDOWS\assembly\GAC\Microsoft.Windows.Common-Controls\6.0.0.0_en-US_6595b64144ccf1df\Microsoft.Windows.Common-Controls.DLL
PATH NOT FOUND Attributes: Error
273 13:41:55.843 csrss.exe:768 IRP_MJ_CREATE
C:\WINDOWS\WinSxS\Policies\x86_Policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_en_66c5eee6\
NOT FOUND Options: Open Directory Access: 00100001
274 13:41:55.843 csrss.exe:768 IRP_MJ_CREATE
C:\WINDOWS\Assembly\GAC\Policy.6.0.Microsoft.Windows.Common-Controls\ NOT
FOUND Options: Open Directory Access: 00100001
275 13:41:55.843 csrss.exe:768 FASTIO_QUERY_OPEN
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_en_5cce9bd9.Manifest
NOT FOUND Attributes: Error
276 13:41:55.843 csrss.exe:768 FASTIO_QUERY_OPEN
C:\WINDOWS\assembly\GAC\Microsoft.Windows.Common-Controls\6.0.0.0_en_6595b64144ccf1df\Microsoft.Windows.Common-Controls.DLL
PATH NOT FOUND Attributes: Error
277 13:41:55.843 csrss.exe:768 IRP_MJ_CREATE
C:\WINDOWS\WinSxS\Policies\x86_Policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\
SUCCESS Options: Open Directory Access: 00100001
278 13:41:55.843 csrss.exe:768 IRP_MJ_DIRECTORY_CONTROL
C:\WINDOWS\WinSxS\Policies\x86_Policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\
SUCCESS FileBothDirectoryInformation: *.policy
279 13:41:55.843 csrss.exe:768 IRP_MJ_DIRECTORY_CONTROL
C:\WINDOWS\WinSxS\Policies\x86_Policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\
NO MORE FILES FileBothDirectoryInformation
280 13:41:55.843 csrss.exe:768 IRP_MJ_CLEANUP
C:\WINDOWS\WinSxS\Policies\x86_Policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\
SUCCESS
281 13:41:55.843 csrss.exe:768 IRP_MJ_CLOSE
C:\WINDOWS\WinSxS\Policies\x86_Policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\
SUCCESS
282 13:41:55.843 csrss.exe:768 IRP_MJ_CREATE
C:\WINDOWS\WinSxS\Policies\x86_Policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.2180.Policy
SUCCESS Options: Open Sequential Access: Read
283 13:41:55.843 csrss.exe:768 IRP_MJ_QUERY_VOLUME_INFORMATION
C:\WINDOWS\WinSxS\Policies\x86_Policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.2180.Policy
SUCCESS FileFsVolumeInformation
284 13:41:55.843 csrss.exe:768 IRP_MJ_QUERY_INFORMATION
C:\WINDOWS\WinSxS\Policies\x86_Policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.2180.Policy
BUFFER OVERFLOW FileAllInformation
285 13:41:55.843 csrss.exe:768 IRP_MJ_READ
C:\WINDOWS\WinSxS\Policies\x86_Policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.2180.Policy
SUCCESS Offset: 0 Length: 4095
286 13:41:55.843 System:4 IRP_MJ_CLOSE
C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.2180.Policy
SUCCESS
287 13:41:55.843 csrss.exe:768 FASTIO_READ
C:\WINDOWS\WinSxS\Policies\x86_Policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.2180.Policy
END OF FILE Offset: 621 Length: 8178
288 13:41:55.843 csrss.exe:768 IRP_MJ_CLEANUP
C:\WINDOWS\WinSxS\Policies\x86_Policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.2180.Policy
SUCCESS
289 13:41:55.843 csrss.exe:768 IRP_MJ_CREATE
C:\WINDOWS\Assembly\GAC\Policy.6.0.Microsoft.Windows.Common-Controls\ NOT
FOUND Options: Open Directory Access: 00100001
290 13:41:55.843 csrss.exe:768 FASTIO_QUERY_OPEN
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9.Manifest
SUCCESS Attributes: A
291 13:41:55.843 csrss.exe:768 FASTIO_QUERY_OPEN
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9.Manifest
SUCCESS Attributes: A
292 13:41:55.843 csrss.exe:768 IRP_MJ_CREATE
C:\WINDOWS\WinSxS\Policies\x86_Policy.6.0.Microsoft.Windows.Common-Controls.mui_6595b64144ccf1df_en-US_186470ec\
NOT FOUND Options: Open Directory Access: 00100001
293 13:41:55.843 csrss.exe:768 IRP_MJ_CREATE
C:\WINDOWS\Assembly\GAC\Policy.6.0.Microsoft.Windows.Common-Controls.mui\
NOT FOUND Options: Open Directory Access: 00100001
294 13:41:55.843 csrss.exe:768 FASTIO_QUERY_OPEN
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls.mui_6595b64144ccf1df_6.0.2600.2180_en-US_90e45242.Manifest
NOT FOUND Attributes: Error
295 13:41:55.843 csrss.exe:768 FASTIO_QUERY_OPEN
C:\WINDOWS\assembly\GAC\Microsoft.Windows.Common-Controls.mui\6.0.2600.2180_en-US_6595b64144ccf1df\Microsoft.Windows.Common-Controls.mui.DLL
PATH NOT FOUND Attributes: Error
296 13:41:55.843 csrss.exe:768 IRP_MJ_CREATE
C:\WINDOWS\WinSxS\Policies\x86_Policy.6.0.Microsoft.Windows.Common-Controls.mui_6595b64144ccf1df_en_272036d3\
NOT FOUND Options: Open Directory Access: 00100001
297 13:41:55.843 csrss.exe:768 IRP_MJ_CREATE
C:\WINDOWS\Assembly\GAC\Policy.6.0.Microsoft.Windows.Common-Controls.mui\
NOT FOUND Options: Open Directory Access: 00100001
298 13:41:55.843 csrss.exe:768 FASTIO_QUERY_OPEN
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls.mui_6595b64144ccf1df_6.0.2600.2180_en_f701061b.Manifest
NOT FOUND Attributes: Error
299 13:41:55.843 csrss.exe:768 FASTIO_QUERY_OPEN
C:\WINDOWS\assembly\GAC\Microsoft.Windows.Common-Controls.mui\6.0.2600.2180_en_6595b64144ccf1df\Microsoft.Windows.Common-Controls.mui.DLL
PATH NOT FOUND Attributes: Error
300 13:41:55.843 csrss.exe:768 IRP_MJ_CREATE
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9.Manifest
SUCCESS Options: Open Sequential Access: Read
301 13:41:55.843 csrss.exe:768 IRP_MJ_READ
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9.Manifest
SUCCESS Offset: 0 Length: 2
302 13:41:55.843 System:4 IRP_MJ_CLOSE
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9.Manifest
SUCCESS
303 13:41:55.843 csrss.exe:768 IRP_MJ_CLEANUP
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9.Manifest
SUCCESS
304 13:41:55.843 csrss.exe:768 IRP_MJ_CREATE
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9.Manifest
SUCCESS Options: Open Sequential Access: Read
305 13:41:55.843 csrss.exe:768 IRP_MJ_QUERY_VOLUME_INFORMATION
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9.Manifest
SUCCESS FileFsVolumeInformation
306 13:41:55.843 csrss.exe:768 IRP_MJ_QUERY_INFORMATION
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9.Manifest
BUFFER OVERFLOW FileAllInformation
307 13:41:55.843 csrss.exe:768 IRP_MJ_READ
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9.Manifest
SUCCESS Offset: 0 Length: 4095
308 13:41:55.843 csrss.exe:768 FASTIO_READ
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9.Manifest
END OF FILE Offset: 1862 Length: 8178
309 13:41:55.843 csrss.exe:768 IRP_MJ_CLEANUP
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9.Manifest
SUCCESS
310 13:41:55.843 csrss.exe:768 IRP_MJ_CLOSE
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9.Manifest
SUCCESS
311 13:41:55.843 Filemon.exe:2476 IRP_MJ_CLEANUP
C:\WINDOWS\System32\cscui.dll SUCCESS
312 13:41:55.843 Filemon.exe:2476 IRP_MJ_CLOSE
C:\WINDOWS\System32\cscui.dll SUCCESS
313 13:41:55.859 Filemon.exe:2476 FASTIO_QUERY_OPEN C:\Documents and
Settings\Papa\Desktop\Filemon\Filemon.exe.Local\ NOT FOUND Attributes: Error
314 13:41:55.859 Filemon.exe:2476 FASTIO_QUERY_OPEN
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9
SUCCESS Attributes: D
315 13:41:55.859 Filemon.exe:2476 IRP_MJ_CREATE
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9
SUCCESS Options: Open Directory Access: 00100020
316 13:41:55.859 Filemon.exe:2476 IRP_MJ_CREATE \Device\LanmanRedirector
SUCCESS Options: Open Access: 001000A0
317 13:41:55.859 Filemon.exe:2476 FASTIO_DEVICE_CONTROL
\Device\LanmanRedirector FAILURE IOCTL: 0x140FFB
318 13:41:55.859 Filemon.exe:2476 IRP_MJ_DEVICE_CONTROL
\Device\LanmanRedirector SUCCESS IOCTL: 0x140FFB
319 13:41:55.859 Filemon.exe:2476 IRP_MJ_CLEANUP \Device\LanmanRedirector
SUCCESS
320 13:41:55.859 Filemon.exe:2476 IRP_MJ_CLOSE \Device\LanmanRedirector
SUCCESS
321 13:41:55.859 Filemon.exe:2476 IRP_MJ_CLEANUP
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9
SUCCESS
322 13:41:55.859 Filemon.exe:2476 IRP_MJ_CLOSE
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9
SUCCESS
323 13:41:55.859 Filemon.exe:2476 FASTIO_QUERY_OPEN C:\Documents and
Settings\Papa\Desktop\Filemon\shell32.dll NOT FOUND Attributes: Error
324 13:41:55.859 Filemon.exe:2476 FASTIO_QUERY_OPEN C:\Documents and
Settings\Papa\Desktop\Filemon\shell32.dll NOT FOUND Attributes: Error
325 13:41:55.859 Filemon.exe:2476 FASTIO_QUERY_OPEN C:\Documents and
Settings\Papa\Desktop\Filemon\shell32.dll NOT FOUND Attributes: Error
326 13:41:55.859 Filemon.exe:2476 FASTIO_QUERY_OPEN
C:\WINDOWS\system32\shell32.dll SUCCESS Attributes: A
327 13:41:55.859 Filemon.exe:2476 IRP_MJ_CREATE
C:\WINDOWS\system32\shell32.dll SUCCESS Options: Open Access: 00120189
328 13:41:55.859 Filemon.exe:2476 FASTIO_QUERY_BASIC_INFO
C:\WINDOWS\system32\shell32.dll SUCCESS Attributes: A
329 13:41:55.859 Filemon.exe:2476 IRP_MJ_SET_INFORMATION
C:\WINDOWS\system32\shell32.dll SUCCESS FileBasicInformation
330 13:41:55.859 Filemon.exe:2476 IRP_MJ_READ
C:\WINDOWS\system32\shell32.dll SUCCESS Offset: 0 Length: 12
331 13:41:55.859 System:4 IRP_MJ_CLOSE C:\WINDOWS\system32\shell32.dll
SUCCESS
332 13:41:55.859 Filemon.exe:2476 FASTIO_QUERY_STANDARD_INFO
C:\WINDOWS\system32\shell32.dll SUCCESS Length: 8453632
333 13:41:55.859 Filemon.exe:2476 FASTIO_QUERY_STANDARD_INFO
C:\WINDOWS\system32\shell32.dll SUCCESS Length: 8453632
334 13:41:55.859 Filemon.exe:2476 IRP_MJ_CLEANUP
C:\WINDOWS\system32\shell32.dll SUCCESS
335 13:41:55.859 Filemon.exe:2476 FASTIO_QUERY_OPEN C:\Documents and
Settings\Papa\Desktop\Filemon\shell32.dll NOT FOUND Attributes: Error
336 13:41:55.859 Filemon.exe:2476 FASTIO_QUERY_OPEN C:\Documents and
Settings\Papa\Desktop\Filemon\shell32.dll NOT FOUND Attributes: Error
337 13:41:55.859 Filemon.exe:2476 FASTIO_QUERY_OPEN C:\Documents and
Settings\Papa\Desktop\Filemon\shell32.dll NOT FOUND Attributes: Error
338 13:41:55.859 Filemon.exe:2476 FASTIO_QUERY_OPEN
C:\WINDOWS\system32\shell32.dll SUCCESS Attributes: A
339 13:41:55.859 Filemon.exe:2476 IRP_MJ_CREATE
C:\WINDOWS\system32\shell32.dll SUCCESS Options: Open Access: 00120189
340 13:41:55.859 Filemon.exe:2476 FASTIO_QUERY_BASIC_INFO
C:\WINDOWS\system32\shell32.dll SUCCESS Attributes: A
341 13:41:55.859 Filemon.exe:2476 IRP_MJ_SET_INFORMATION
C:\WINDOWS\system32\shell32.dll SUCCESS FileBasicInformation
342 13:41:55.859 Filemon.exe:2476 IRP_MJ_READ
C:\WINDOWS\system32\shell32.dll SUCCESS Offset: 0 Length: 12
343 13:41:55.859 Filemon.exe:2476 FASTIO_QUERY_STANDARD_INFO
C:\WINDOWS\system32\shell32.dll SUCCESS Length: 8453632
344 13:41:55.859 Filemon.exe:2476 FASTIO_QUERY_STANDARD_INFO
C:\WINDOWS\system32\shell32.dll SUCCESS Length: 8453632
345 13:41:55.859 Filemon.exe:2476 IRP_MJ_CLEANUP
C:\WINDOWS\system32\shell32.dll SUCCESS
346 13:41:55.859 Filemon.exe:2476 IRP_MJ_CLOSE
C:\WINDOWS\system32\shell32.dll SUCCESS
347 13:41:55.859 Filemon.exe:2476 FASTIO_QUERY_OPEN C:\Documents and
Settings\Papa\Desktop\Filemon\shell32.dll NOT FOUND Attributes: Error
348 13:41:55.859 Filemon.exe:2476 FASTIO_QUERY_OPEN C:\Documents and
Settings\Papa\Desktop\Filemon\shell32.dll NOT FOUND Attributes: Error
349 13:41:55.859 Filemon.exe:2476 FASTIO_QUERY_OPEN C:\Documents and
Settings\Papa\Desktop\Filemon\shell32.dll NOT FOUND Attributes: Error
350 13:41:55.859 Filemon.exe:2476 FASTIO_QUERY_OPEN
C:\WINDOWS\system32\shell32.dll SUCCESS Attributes: A
351 13:41:55.859 Filemon.exe:2476 IRP_MJ_CREATE
C:\WINDOWS\system32\shell32.dll SUCCESS Options: Open Access: 00120189
352 13:41:55.859 Filemon.exe:2476 FASTIO_QUERY_BASIC_INFO
C:\WINDOWS\system32\shell32.dll SUCCESS Attributes: A
353 13:41:55.859 Filemon.exe:2476 IRP_MJ_SET_INFORMATION
C:\WINDOWS\system32\shell32.dll SUCCESS FileBasicInformation
354 13:41:55.859 Filemon.exe:2476 IRP_MJ_READ
C:\WINDOWS\system32\shell32.dll SUCCESS Offset: 0 Length: 12
355 13:41:55.859 Filemon.exe:2476 FASTIO_QUERY_STANDARD_INFO
C:\WINDOWS\system32\shell32.dll SUCCESS Length: 8453632
356 13:41:55.859 Filemon.exe:2476 FASTIO_QUERY_STANDARD_INFO
C:\WINDOWS\system32\shell32.dll SUCCESS Length: 8453632
357 13:41:55.859 Filemon.exe:2476 IRP_MJ_CLEANUP
C:\WINDOWS\system32\shell32.dll SUCCESS
358 13:41:55.859 Filemon.exe:2476 IRP_MJ_CLOSE
C:\WINDOWS\system32\shell32.dll SUCCESS
359 13:41:55.859 Filemon.exe:2476 FASTIO_QUERY_OPEN C:\Documents and
Settings\Papa\Desktop\Filemon\shell32.dll NOT FOUND Attributes: Error
360 13:41:55.859 Filemon.exe:2476 FASTIO_QUERY_OPEN C:\Documents and
Settings\Papa\Desktop\Filemon\shell32.dll NOT FOUND Attributes: Error
361 13:41:55.859 Filemon.exe:2476 FASTIO_QUERY_OPEN C:\Documents and
Settings\Papa\Desktop\Filemon\shell32.dll NOT FOUND Attributes: Error
362 13:41:55.859 Filemon.exe:2476 FASTIO_QUERY_OPEN
C:\WINDOWS\system32\shell32.dll SUCCESS Attributes: A
363 13:41:55.859 Filemon.exe:2476 IRP_MJ_CREATE
C:\WINDOWS\system32\shell32.dll SUCCESS Options: Open Access: 00120189
364 13:41:55.859 Filemon.exe:2476 FASTIO_QUERY_BASIC_INFO
C:\WINDOWS\system32\shell32.dll SUCCESS Attributes: A
365 13:41:55.859 Filemon.exe:2476 IRP_MJ_SET_INFORMATION
C:\WINDOWS\system32\shell32.dll SUCCESS FileBasicInformation
366 13:41:55.859 Filemon.exe:2476 IRP_MJ_READ
C:\WINDOWS\system32\shell32.dll SUCCESS Offset: 0 Length: 12
367 13:41:55.859 Filemon.exe:2476 FASTIO_QUERY_STANDARD_INFO
C:\WINDOWS\system32\shell32.dll SUCCESS Length: 8453632
368 13:41:55.859 Filemon.exe:2476 FASTIO_QUERY_STANDARD_INFO
C:\WINDOWS\system32\shell32.dll SUCCESS Length: 8453632
369 13:41:55.859 Filemon.exe:2476 IRP_MJ_CLEANUP
C:\WINDOWS\system32\shell32.dll SUCCESS
370 13:41:55.859 Filemon.exe:2476 IRP_MJ_CLOSE
C:\WINDOWS\system32\shell32.dll SUCCESS
371 13:41:55.859 Filemon.exe:2476 FASTIO_QUERY_OPEN C:\Documents and
Settings\Papa\Desktop\Filemon\Filemon.exe SUCCESS Attributes: A
372 13:41:55.859 Filemon.exe:2476 FASTIO_QUERY_OPEN C:\Documents and
Settings\Papa\Desktop\Filemon\Filemon.exe SUCCESS Attributes: A
373 13:41:55.859 Filemon.exe:2476 IRP_MJ_CREATE C:\Documents and
Settings\Papa\Desktop\Filemon\Filemon.exe SUCCESS Options: Open Access:
00120189
374 13:41:55.859 Filemon.exe:2476 FASTIO_QUERY_BASIC_INFO C:\Documents and
Settings\Papa\Desktop\Filemon\Filemon.exe SUCCESS Attributes: A
375 13:41:55.859 Filemon.exe:2476 IRP_MJ_SET_INFORMATION C:\Documents and
Settings\Papa\Desktop\Filemon\Filemon.exe SUCCESS FileBasicInformation
376 13:41:55.859 Filemon.exe:2476 IRP_MJ_READ C:\Documents and
Settings\Papa\Desktop\Filemon\Filemon.exe SUCCESS Offset: 0 Length: 12
377 13:41:55.859 System:4 IRP_MJ_CLOSE C:\Documents and
Settings\Papa\Desktop\Filemon\Filemon.exe SUCCESS
378 13:41:55.859 Filemon.exe:2476 FASTIO_QUERY_STANDARD_INFO C:\Documents
and Settings\Papa\Desktop\Filemon\Filemon.exe SUCCESS Length: 446464
379 13:41:55.859 Filemon.exe:2476 FASTIO_QUERY_STANDARD_INFO C:\Documents
and Settings\Papa\Desktop\Filemon\Filemon.exe SUCCESS Length: 446464
380 13:41:55.859 Filemon.exe:2476 IRP_MJ_CLEANUP C:\Documents and
Settings\Papa\Desktop\Filemon\Filemon.exe SUCCESS
381 13:41:55.859 Filemon.exe:2476 FASTIO_QUERY_OPEN C:\Documents and
Settings\Papa\Desktop\Filemon\Filemon.exe SUCCESS Attributes: A
382 13:41:55.859 Filemon.exe:2476 FASTIO_QUERY_OPEN C:\Documents and
Settings\Papa\Desktop\Filemon\Filemon.exe SUCCESS Attributes: A
383 13:41:55.859 Filemon.exe:2476 IRP_MJ_CREATE C:\Documents and
Settings\Papa\Desktop\Filemon\Filemon.exe SUCCESS Options: Open Access:
00120189
384 13:41:55.859 Filemon.exe:2476 FASTIO_QUERY_BASIC_INFO C:\Documents and
Settings\Papa\Desktop\Filemon\Filemon.exe SUCCESS Attributes: A
385 13:41:55.859 Filemon.exe:2476 IRP_MJ_SET_INFORMATION C:\Documents and
Settings\Papa\Desktop\Filemon\Filemon.exe SUCCESS FileBasicInformation
386 13:41:55.859 Filemon.exe:2476 IRP_MJ_READ C:\Documents and
Settings\Papa\Desktop\Filemon\Filemon.exe SUCCESS Offset: 0 Length: 12
387 13:41:55.859 Filemon.exe:2476 FASTIO_QUERY_STANDARD_INFO C:\Documents
and Settings\Papa\Desktop\Filemon\Filemon.exe SUCCESS Length: 446464
388 13:41:55.859 Filemon.exe:2476 FASTIO_QUERY_STANDARD_INFO C:\Documents
and Settings\Papa\Desktop\Filemon\Filemon.exe SUCCESS Length: 446464
389 13:41:55.859 Filemon.exe:2476 IRP_MJ_CLEANUP C:\Documents and
Settings\Papa\Desktop\Filemon\Filemon.exe SUCCESS
390 13:41:55.859 Filemon.exe:2476 IRP_MJ_CLOSE C:\Documents and
Settings\Papa\Desktop\Filemon\Filemon.exe SUCCESS
391 13:41:55.859 Filemon.exe:2476 IRP_MJ_CREATE C:\ SUCCESS Options: Open
Directory Access: 00100001
392 13:41:55.859 Filemon.exe:2476 IRP_MJ_DIRECTORY_CONTROL C:\ SUCCESS
FileBothDirectoryInformation: Documents and Settings
393 13:41:55.859 Filemon.exe:2476 IRP_MJ_CLEANUP C:\ SUCCESS
394 13:41:55.859 Filemon.exe:2476 IRP_MJ_CLOSE C:\ SUCCESS
395 13:41:55.859 Filemon.exe:2476 IRP_MJ_CREATE C:\Documents and Settings\
SUCCESS Options: Open Directory Access: 00100001
396 13:41:55.859 Filemon.exe:2476 IRP_MJ_DIRECTORY_CONTROL C:\Documents and
Settings\ SUCCESS FileBothDirectoryInformation: Papa
397 13:41:55.859 Filemon.exe:2476 IRP_MJ_CLEANUP C:\Documents and Settings\
SUCCESS
398 13:41:55.859 Filemon.exe:2476 IRP_MJ_CLOSE C:\Documents and Settings\
SUCCESS
399 13:41:55.859 Filemon.exe:2476 IRP_MJ_CREATE C:\Documents and
Settings\Papa\ SUCCESS Options: Open Directory Access: 00100001
400 13:41:55.859 Filemon.exe:2476 IRP_MJ_DIRECTORY_CONTROL C:\Documents and
Settings\Papa\ SUCCESS FileBothDirectoryInformation: Desktop
401 13:41:55.859 Filemon.exe:2476 IRP_MJ_CLEANUP C:\Documents and
Settings\Papa\ SUCCESS
402 13:41:55.859 Filemon.exe:2476 IRP_MJ_CLOSE C:\Documents and
Settings\Papa\ SUCCESS
403 13:41:55.859 Filemon.exe:2476 IRP_MJ_CREATE C:\Documents and
Settings\Papa\Desktop\ SUCCESS Options: Open Directory Access: 00100001
404 13:41:55.859 Filemon.exe:2476 IRP_MJ_DIRECTORY_CONTROL C:\Documents and
Settings\Papa\Desktop\ SUCCESS FileBothDirectoryInformation: Filemon
405 13:41:55.859 Filemon.exe:2476 IRP_MJ_CLEANUP C:\Documents and
Settings\Papa\Desktop\ SUCCESS
406 13:41:55.859 Filemon.exe:2476 IRP_MJ_CLOSE C:\Documents and
Settings\Papa\Desktop\ SUCCESS
407 13:41:55.859 Filemon.exe:2476 IRP_MJ_CREATE C:\Documents and
Settings\Papa\Desktop\Filemon\ SUCCESS Options: Open Directory Access:
00100001
408 13:41:55.859 Filemon.exe:2476 IRP_MJ_DIRECTORY_CONTROL C:\Documents and
Settings\Papa\Desktop\Filemon\ SUCCESS FileBothDirectoryInformation:
Filemon.exe
409 13:41:55.859 Filemon.exe:2476 IRP_MJ_CLEANUP C:\Documents and
Settings\Papa\Desktop\Filemon\ SUCCESS
410 13:41:55.859 Filemon.exe:2476 IRP_MJ_CLOSE C:\Documents and
Settings\Papa\Desktop\Filemon\ SUCCESS
Hi Erick,

Nothing, because I do not use this program. I do not know.

I do use Filemon. With Filemon, you see which programs are doing the
reading and writing to the Disks. And you see which processes are successful
and which fail.
 
D

DatabaseBen

oh, ok.
i have heard that these larger systems require special fine tuning.
but i havent looked into them since mine is small...

have your tried turning off your swap file.

then ensured your windows kernal is loaded into memery?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Vista Excessive Disk Activity 14
Constant Hard Drive Activity - Can't Stop 9
Spurious disk activity, disabled the usual suspects. 5
Continuous hard drive activity problem. 6
Random 1-2 min freezes with Vista 2
Kaspersky conflict 6
Excessive CPU utilization after coming out of standby 15
XP System Backup. ASR No floppy drive 13

Top