Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

explorer.exe CPU spikes to 50% every 5 seconds


  • Please log in to reply
2 replies to this topic

#1 theshermans

theshermans

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 29 April 2005 - 07:20 PM

HI guys,

Something on on my PC - getting strange CPU usage spikes every 5 seconds or so from EXPLORER.EXE - spikes to about 50%.

Here is a log from sysinternals file monitor showing what is going on.

Any ideas?

Regards
K

10:13:33 AM WINLOGON.EXE:384 IRP_MJ_CLEANUP D:\WINDOWS\addins\cps.dll SUCCESS
10:13:33 AM WINLOGON.EXE:384 IRP_MJ_CLOSE D:\WINDOWS\addins\cps.dll SUCCESS
10:13:34 AM WINLOGON.EXE:384 IRP_MJ_CREATE C:\ SUCCESS Attributes: Any Options: Open Directory
10:13:34 AM WINLOGON.EXE:384 IRP_MJ_QUERY_INFORMATION C:\ SUCCESS FileNameInformation
10:13:34 AM WINLOGON.EXE:384 IRP_MJ_QUERY_VOLUME_INFORMATION C:\ SUCCESS FileFsVolumeInformation
10:13:34 AM WINLOGON.EXE:384 IRP_MJ_CLEANUP C:\ SUCCESS
10:13:34 AM WINLOGON.EXE:384 IRP_MJ_CLOSE C:\ SUCCESS
10:13:34 AM System:4 IRP_MJ_WRITE* D:\WINDOWS\Prefetch SUCCESS Offset: 0 Length: 8192
10:13:34 AM WINLOGON.EXE:384 IRP_MJ_CREATE C:\ SUCCESS Attributes: Any Options: Open Directory
10:13:34 AM WINLOGON.EXE:384 IRP_MJ_QUERY_INFORMATION C:\ SUCCESS FileNameInformation
10:13:34 AM WINLOGON.EXE:384 IRP_MJ_QUERY_VOLUME_INFORMATION C:\ SUCCESS FileFsVolumeInformation
10:13:34 AM WINLOGON.EXE:384 IRP_MJ_CLEANUP C:\ SUCCESS
10:13:34 AM WINLOGON.EXE:384 IRP_MJ_CLOSE C:\ SUCCESS
10:13:34 AM iexplore.exe:676 IRP_MJ_CREATE C:\ SUCCESS Attributes: Any Options: Open Directory
10:13:34 AM iexplore.exe:676 IRP_MJ_QUERY_INFORMATION C:\ SUCCESS FileNameInformation
10:13:34 AM iexplore.exe:676 IRP_MJ_QUERY_VOLUME_INFORMATION C:\ SUCCESS FileFsVolumeInformation
10:13:34 AM iexplore.exe:676 IRP_MJ_CLEANUP C:\ SUCCESS
10:13:34 AM iexplore.exe:676 IRP_MJ_CLOSE C:\ SUCCESS
10:13:34 AM WINLOGON.EXE:384 IRP_MJ_CREATE D:\WINDOWS\addins\cps.dll SUCCESS Attributes: Any Options: Open
10:13:34 AM WINLOGON.EXE:384 IRP_MJ_CLEANUP D:\WINDOWS\addins\cps.dll SUCCESS
10:13:34 AM WINLOGON.EXE:384 IRP_MJ_CLOSE D:\WINDOWS\addins\cps.dll SUCCESS
10:13:35 AM WINLOGON.EXE:384 IRP_MJ_CREATE C:\ SUCCESS Attributes: Any Options: Open Directory
10:13:35 AM WINLOGON.EXE:384 IRP_MJ_QUERY_INFORMATION C:\ SUCCESS FileNameInformation
10:13:35 AM WINLOGON.EXE:384 IRP_MJ_QUERY_VOLUME_INFORMATION C:\ SUCCESS FileFsVolumeInformation
10:13:35 AM WINLOGON.EXE:384 IRP_MJ_CLEANUP C:\ SUCCESS
10:13:35 AM WINLOGON.EXE:384 IRP_MJ_CLOSE C:\ SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CREATE D:\WINDOWS\addins\spc.tmp SUCCESS Attributes: N Options: OverwriteIf
10:13:35 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.tmp FILE NOT FOUND Attributes: N Options: Open
10:13:35 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.tmp FILE NOT FOUND Attributes: N Options: Open
10:13:35 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.tmp FILE NOT FOUND Attributes: N Options: Open
10:13:35 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.tmp FILE NOT FOUND Attributes: N Options: Open
10:13:35 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.tmp FILE NOT FOUND Attributes: N Options: Open
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CREATE D:\WINDOWS\addins\ SUCCESS Attributes: N Options: Open
10:13:35 AM System:1272 IRP_MJ_CLEANUP D:\WINDOWS\addins\ SUCCESS
10:13:35 AM System:1272 IRP_MJ_CLOSE D:\WINDOWS\addins\ SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CREATE C:\ SUCCESS Attributes: Any Options: Open Directory
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_INFORMATION C:\ SUCCESS FileNameInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_VOLUME_INFORMATION C:\ SUCCESS FileFsVolumeInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLEANUP C:\ SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLOSE C:\ SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CREATE C:\ SUCCESS Attributes: Any Options: Open Directory
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_INFORMATION C:\ SUCCESS FileNameInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_VOLUME_INFORMATION C:\ SUCCESS FileFsVolumeInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLEANUP C:\ SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLOSE C:\ SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CREATE C:\ SUCCESS Attributes: Any Options: Open Directory
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_INFORMATION C:\ SUCCESS FileNameInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_VOLUME_INFORMATION C:\ SUCCESS FileFsVolumeInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLEANUP C:\ SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLOSE C:\ SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CREATE C:\ SUCCESS Attributes: Any Options: Open Directory
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_INFORMATION C:\ SUCCESS FileNameInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_VOLUME_INFORMATION C:\ SUCCESS FileFsVolumeInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLEANUP C:\ SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLOSE C:\ SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CREATE C:\ SUCCESS Attributes: Any Options: Open Directory
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_INFORMATION C:\ SUCCESS FileNameInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_VOLUME_INFORMATION C:\ SUCCESS FileFsVolumeInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLEANUP C:\ SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLOSE C:\ SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CREATE C:\ SUCCESS Attributes: Any Options: Open Directory
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_INFORMATION C:\ SUCCESS FileNameInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_VOLUME_INFORMATION C:\ SUCCESS FileFsVolumeInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLEANUP C:\ SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLOSE C:\ SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CREATE C:\ SUCCESS Attributes: Any Options: Open Directory
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_INFORMATION C:\ SUCCESS FileNameInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_VOLUME_INFORMATION C:\ SUCCESS FileFsVolumeInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLEANUP C:\ SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLOSE C:\ SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_WRITE D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 0 Length: 4096
10:13:35 AM EXPLORER.EXE:1272 FASTIO_WRITE D:\WINDOWS\addins\spc.tmp FAILURE Offset: 4096 Length: 438272
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_WRITE D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 4096 Length: 438272
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_WRITE* D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 4096 Length: 65536
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_WRITE* D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 69632 Length: 65536
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_WRITE* D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 135168 Length: 65536
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_WRITE* D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 200704 Length: 61440
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CREATE C:\ SUCCESS Attributes: Any Options: Open Directory
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_INFORMATION C:\ SUCCESS FileNameInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_VOLUME_INFORMATION C:\ SUCCESS FileFsVolumeInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLEANUP C:\ SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLOSE C:\ SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CREATE C:\ SUCCESS Attributes: Any Options: Open Directory
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_INFORMATION C:\ SUCCESS FileNameInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_VOLUME_INFORMATION C:\ SUCCESS FileFsVolumeInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLEANUP C:\ SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLOSE C:\ SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CREATE C:\ SUCCESS Attributes: Any Options: Open Directory
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_INFORMATION C:\ SUCCESS FileNameInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_VOLUME_INFORMATION C:\ SUCCESS FileFsVolumeInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLEANUP C:\ SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLOSE C:\ SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CREATE C:\ SUCCESS Attributes: Any Options: Open Directory
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_INFORMATION C:\ SUCCESS FileNameInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_VOLUME_INFORMATION C:\ SUCCESS FileFsVolumeInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLEANUP C:\ SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLOSE C:\ SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CREATE C:\ SUCCESS Attributes: Any Options: Open Directory
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_INFORMATION C:\ SUCCESS FileNameInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_VOLUME_INFORMATION C:\ SUCCESS FileFsVolumeInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLEANUP C:\ SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLOSE C:\ SUCCESS
10:13:35 AM EXPLORER.EXE:1272 FASTIO_WRITE D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 442368 Length: 2582
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLEANUP D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:35 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.tmp SUCCESS Attributes: N Options: Open
10:13:35 AM mcshield.exe:2408 IRP_MJ_QUERY_INFORMATION D:\WINDOWS\addins\spc.tmp SUCCESS FileBasicInformation
10:13:35 AM mcshield.exe:2408 IRP_MJ_SET_INFORMATION D:\WINDOWS\addins\spc.tmp SUCCESS FileBasicInformation
10:13:35 AM mcshield.exe:2408 IRP_MJ_CLEANUP D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:35 AM mcshield.exe:2408 IRP_MJ_CLOSE D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:35 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.tmp SUCCESS Attributes: N Options: Open
10:13:35 AM mcshield.exe:2408 IRP_MJ_SET_INFORMATION D:\WINDOWS\addins\spc.tmp SUCCESS FileBasicInformation
10:13:35 AM mcshield.exe:2408 IRP_MJ_CLEANUP D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:35 AM mcshield.exe:2408 IRP_MJ_CLOSE D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:35 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.tmp SUCCESS Attributes: N Options: Open
10:13:35 AM mcshield.exe:2408 IRP_MJ_SET_INFORMATION D:\WINDOWS\addins\spc.tmp SUCCESS FileBasicInformation
10:13:35 AM mcshield.exe:2408 IRP_MJ_QUERY_INFORMATION D:\WINDOWS\addins\spc.tmp SUCCESS FileStandardInformation
10:13:35 AM mcshield.exe:2408 IRP_MJ_CLEANUP D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:35 AM mcshield.exe:2408 IRP_MJ_CLOSE D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:35 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.tmp SUCCESS Attributes: N Options: Open
10:13:35 AM mcshield.exe:2408 IRP_MJ_SET_INFORMATION D:\WINDOWS\addins\spc.tmp SUCCESS FileBasicInformation
10:13:35 AM mcshield.exe:2408 IRP_MJ_READ D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 0 Length: 4096
10:13:35 AM mcshield.exe:2408 FASTIO_READ D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 28672 Length: 4096
10:13:35 AM mcshield.exe:2408 FASTIO_READ D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 20480 Length: 4096
10:13:35 AM mcshield.exe:2408 FASTIO_READ D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 4096 Length: 4096
10:13:35 AM mcshield.exe:2408 FASTIO_READ D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 24576 Length: 4096
10:13:35 AM mcshield.exe:2408 FASTIO_READ D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 65536 Length: 4096
10:13:35 AM mcshield.exe:2408 FASTIO_READ D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 8192 Length: 4096
10:13:35 AM System:4 IRP_MJ_WRITE* D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 0 Length: 4096
10:13:35 AM mcshield.exe:2408 IRP_MJ_CLEANUP D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:35 AM mcshield.exe:2408 IRP_MJ_CLOSE D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:35 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.tmp SUCCESS Attributes: N Options: Open
10:13:35 AM mcshield.exe:2408 IRP_MJ_SET_INFORMATION D:\WINDOWS\addins\spc.tmp SUCCESS FileBasicInformation
10:13:35 AM mcshield.exe:2408 IRP_MJ_QUERY_INFORMATION D:\WINDOWS\addins\spc.tmp SUCCESS FileBasicInformation
10:13:35 AM mcshield.exe:2408 IRP_MJ_CLEANUP D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:35 AM mcshield.exe:2408 IRP_MJ_CLOSE D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:35 AM System:4 IRP_MJ_WRITE* D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 262144 Length: 65536
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CREATE D:\WINDOWS\addins\spc.tmp SUCCESS Attributes: Any Options: Open
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_SET_INFORMATION D:\WINDOWS\addins\spc.tmp SUCCESS FileBasicInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLEANUP D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLOSE D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CREATE D:\WINDOWS\addins\spc.ini SUCCESS Attributes: Any Options: Open
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_INFORMATION D:\WINDOWS\addins\spc.ini INVALID PARAMETER FileObjectIdInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_SET_INFORMATION D:\WINDOWS\addins\spc.ini SUCCESS FileDispositionInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLEANUP D:\WINDOWS\addins\spc.ini SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLOSE D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLOSE D:\WINDOWS\addins\spc.ini SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CREATE D:\WINDOWS\addins\spc.tmp SUCCESS Attributes: Any Options: Open
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_INFORMATION D:\WINDOWS\addins\spc.tmp INVALID PARAMETER FileObjectIdInformation
10:13:35 AM EXPLORER.EXE:1272 FASTIO_QUERY_BASIC_INFO D:\WINDOWS\addins\spc.tmp SUCCESS Attributes: HS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CREATE D:\WINDOWS\addins\spc.ini SUCCESS Attributes: Any Options: Open
10:13:35 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.ini FILE NOT FOUND Attributes: N Options: Open
10:13:35 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.ini FILE NOT FOUND Attributes: N Options: Open
10:13:35 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.ini FILE NOT FOUND Attributes: N Options: Open
10:13:35 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.ini FILE NOT FOUND Attributes: N Options: Open
10:13:35 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.ini FILE NOT FOUND Attributes: N Options: Open
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_SET_INFORMATION D:\WINDOWS\addins\spc.tmp SUCCESS FileRenameInformation
10:13:35 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.tmp SUCCESS Attributes: N Options: Open
10:13:35 AM mcshield.exe:2408 IRP_MJ_QUERY_INFORMATION D:\WINDOWS\addins\spc.tmp SUCCESS FileBasicInformation
10:13:35 AM mcshield.exe:2408 IRP_MJ_SET_INFORMATION D:\WINDOWS\addins\spc.tmp SUCCESS FileBasicInformation
10:13:35 AM mcshield.exe:2408 IRP_MJ_CLEANUP D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:35 AM mcshield.exe:2408 IRP_MJ_CLOSE D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:35 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.tmp SUCCESS Attributes: N Options: Open
10:13:35 AM mcshield.exe:2408 IRP_MJ_SET_INFORMATION D:\WINDOWS\addins\spc.tmp SUCCESS FileBasicInformation
10:13:35 AM mcshield.exe:2408 IRP_MJ_CLEANUP D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:35 AM mcshield.exe:2408 IRP_MJ_CLOSE D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:35 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.tmp SUCCESS Attributes: N Options: Open
10:13:35 AM mcshield.exe:2408 IRP_MJ_SET_INFORMATION D:\WINDOWS\addins\spc.tmp SUCCESS FileBasicInformation
10:13:35 AM mcshield.exe:2408 IRP_MJ_QUERY_INFORMATION D:\WINDOWS\addins\spc.tmp SUCCESS FileStandardInformation
10:13:35 AM mcshield.exe:2408 IRP_MJ_CLEANUP D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:35 AM mcshield.exe:2408 IRP_MJ_CLOSE D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:35 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.tmp SUCCESS Attributes: N Options: Open
10:13:35 AM mcshield.exe:2408 IRP_MJ_SET_INFORMATION D:\WINDOWS\addins\spc.tmp SUCCESS FileBasicInformation
10:13:35 AM mcshield.exe:2408 IRP_MJ_READ D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 0 Length: 4096
10:13:35 AM mcshield.exe:2408 FASTIO_READ D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 28672 Length: 4096
10:13:35 AM mcshield.exe:2408 FASTIO_READ D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 20480 Length: 4096
10:13:35 AM mcshield.exe:2408 FASTIO_READ D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 4096 Length: 4096
10:13:35 AM mcshield.exe:2408 FASTIO_READ D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 24576 Length: 4096
10:13:35 AM mcshield.exe:2408 FASTIO_READ D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 65536 Length: 4096
10:13:35 AM mcshield.exe:2408 FASTIO_READ D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 8192 Length: 4096
10:13:35 AM mcshield.exe:2408 IRP_MJ_CLEANUP D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:35 AM mcshield.exe:2408 IRP_MJ_CLOSE D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:35 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.tmp SUCCESS Attributes: N Options: Open
10:13:35 AM mcshield.exe:2408 IRP_MJ_SET_INFORMATION D:\WINDOWS\addins\spc.tmp SUCCESS FileBasicInformation
10:13:35 AM mcshield.exe:2408 IRP_MJ_QUERY_INFORMATION D:\WINDOWS\addins\spc.tmp SUCCESS FileBasicInformation
10:13:35 AM mcshield.exe:2408 IRP_MJ_CLEANUP D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:35 AM mcshield.exe:2408 IRP_MJ_CLOSE D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:35 AM System:4 IRP_MJ_SET_INFORMATION* D:\WINDOWS\addins\spc.tmp SUCCESS FileEndOfFileInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CREATE D:\WINDOWS\addins\ SUCCESS Attributes: N Options: Open
10:13:35 AM System:1272 IRP_MJ_CLEANUP D:\WINDOWS\addins\ SUCCESS
10:13:35 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.ini FILE NOT FOUND Attributes: N Options: Open
10:13:35 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.ini FILE NOT FOUND Attributes: N Options: Open
10:13:35 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.ini FILE NOT FOUND Attributes: N Options: Open
10:13:35 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.ini FILE NOT FOUND Attributes: N Options: Open
10:13:35 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.ini FILE NOT FOUND Attributes: N Options: Open
10:13:35 AM System:1272 IRP_MJ_CLOSE D:\WINDOWS\addins\ SUCCESS
10:13:35 AM System:1272 IRP_MJ_CLEANUP D:\WINDOWS\addins\spc.ini SUCCESS
10:13:35 AM System:1272 IRP_MJ_CLOSE D:\WINDOWS\addins\spc.ini SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLEANUP D:\WINDOWS\ADDINS\spc.ini SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLOSE D:\WINDOWS\ADDINS\spc.ini SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CREATE D:\WINDOWS\addins\spc.ini SUCCESS Attributes: Any Options: Open
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_SET_INFORMATION D:\WINDOWS\addins\spc.ini SUCCESS FileBasicInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLEANUP D:\WINDOWS\addins\spc.ini SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLOSE D:\WINDOWS\addins\spc.ini SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CREATE D:\WINDOWS\addins\spc.tmp SUCCESS Attributes: N Options: OverwriteIf
10:13:35 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.tmp FILE NOT FOUND Attributes: N Options: Open
10:13:35 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.tmp FILE NOT FOUND Attributes: N Options: Open
10:13:35 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.tmp FILE NOT FOUND Attributes: N Options: Open
10:13:35 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.tmp FILE NOT FOUND Attributes: N Options: Open
10:13:35 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.tmp FILE NOT FOUND Attributes: N Options: Open
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CREATE D:\WINDOWS\addins\ SUCCESS Attributes: N Options: Open
10:13:35 AM System:1272 IRP_MJ_CLEANUP D:\WINDOWS\addins\ SUCCESS
10:13:35 AM System:1272 IRP_MJ_CLOSE D:\WINDOWS\addins\ SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CREATE C:\ SUCCESS Attributes: Any Options: Open Directory
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_INFORMATION C:\ SUCCESS FileNameInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_VOLUME_INFORMATION C:\ SUCCESS FileFsVolumeInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLEANUP C:\ SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLOSE C:\ SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CREATE C:\ SUCCESS Attributes: Any Options: Open Directory
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_INFORMATION C:\ SUCCESS FileNameInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_VOLUME_INFORMATION C:\ SUCCESS FileFsVolumeInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLEANUP C:\ SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLOSE C:\ SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CREATE C:\ SUCCESS Attributes: Any Options: Open Directory
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_INFORMATION C:\ SUCCESS FileNameInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_VOLUME_INFORMATION C:\ SUCCESS FileFsVolumeInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLEANUP C:\ SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLOSE C:\ SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CREATE C:\ SUCCESS Attributes: Any Options: Open Directory
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_INFORMATION C:\ SUCCESS FileNameInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_VOLUME_INFORMATION C:\ SUCCESS FileFsVolumeInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLEANUP C:\ SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLOSE C:\ SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CREATE C:\ SUCCESS Attributes: Any Options: Open Directory
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_INFORMATION C:\ SUCCESS FileNameInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_VOLUME_INFORMATION C:\ SUCCESS FileFsVolumeInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLEANUP C:\ SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLOSE C:\ SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CREATE C:\ SUCCESS Attributes: Any Options: Open Directory
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_INFORMATION C:\ SUCCESS FileNameInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_VOLUME_INFORMATION C:\ SUCCESS FileFsVolumeInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLEANUP C:\ SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLOSE C:\ SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_WRITE D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 0 Length: 4096
10:13:35 AM EXPLORER.EXE:1272 FASTIO_WRITE D:\WINDOWS\addins\spc.tmp FAILURE Offset: 4096 Length: 438272
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_WRITE D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 4096 Length: 438272
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_WRITE* D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 4096 Length: 65536
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_WRITE* D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 69632 Length: 65536
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_WRITE* D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 135168 Length: 65536
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_WRITE* D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 200704 Length: 61440
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CREATE C:\ SUCCESS Attributes: Any Options: Open Directory
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_INFORMATION C:\ SUCCESS FileNameInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_VOLUME_INFORMATION C:\ SUCCESS FileFsVolumeInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLEANUP C:\ SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLOSE C:\ SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CREATE C:\ SUCCESS Attributes: Any Options: Open Directory
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_INFORMATION C:\ SUCCESS FileNameInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_VOLUME_INFORMATION C:\ SUCCESS FileFsVolumeInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLEANUP C:\ SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLOSE C:\ SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CREATE C:\ SUCCESS Attributes: Any Options: Open Directory
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_INFORMATION C:\ SUCCESS FileNameInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_VOLUME_INFORMATION C:\ SUCCESS FileFsVolumeInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLEANUP C:\ SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLOSE C:\ SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CREATE C:\ SUCCESS Attributes: Any Options: Open Directory
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_INFORMATION C:\ SUCCESS FileNameInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_VOLUME_INFORMATION C:\ SUCCESS FileFsVolumeInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLEANUP C:\ SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLOSE C:\ SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CREATE C:\ SUCCESS Attributes: Any Options: Open Directory
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_INFORMATION C:\ SUCCESS FileNameInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_VOLUME_INFORMATION C:\ SUCCESS FileFsVolumeInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLEANUP C:\ SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLOSE C:\ SUCCESS
10:13:35 AM EXPLORER.EXE:1272 FASTIO_WRITE D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 442368 Length: 2582
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLEANUP D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:35 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.tmp SUCCESS Attributes: N Options: Open
10:13:35 AM mcshield.exe:2408 IRP_MJ_QUERY_INFORMATION D:\WINDOWS\addins\spc.tmp SUCCESS FileBasicInformation
10:13:35 AM mcshield.exe:2408 IRP_MJ_SET_INFORMATION D:\WINDOWS\addins\spc.tmp SUCCESS FileBasicInformation
10:13:35 AM mcshield.exe:2408 IRP_MJ_CLEANUP D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:35 AM mcshield.exe:2408 IRP_MJ_CLOSE D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:35 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.tmp SUCCESS Attributes: N Options: Open
10:13:35 AM mcshield.exe:2408 IRP_MJ_SET_INFORMATION D:\WINDOWS\addins\spc.tmp SUCCESS FileBasicInformation
10:13:35 AM mcshield.exe:2408 IRP_MJ_CLEANUP D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:35 AM mcshield.exe:2408 IRP_MJ_CLOSE D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:35 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.tmp SUCCESS Attributes: N Options: Open
10:13:35 AM mcshield.exe:2408 IRP_MJ_SET_INFORMATION D:\WINDOWS\addins\spc.tmp SUCCESS FileBasicInformation
10:13:35 AM mcshield.exe:2408 IRP_MJ_QUERY_INFORMATION D:\WINDOWS\addins\spc.tmp SUCCESS FileStandardInformation
10:13:35 AM mcshield.exe:2408 IRP_MJ_CLEANUP D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:35 AM mcshield.exe:2408 IRP_MJ_CLOSE D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:35 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.tmp SUCCESS Attributes: N Options: Open
10:13:35 AM mcshield.exe:2408 IRP_MJ_SET_INFORMATION D:\WINDOWS\addins\spc.tmp SUCCESS FileBasicInformation
10:13:35 AM mcshield.exe:2408 IRP_MJ_READ D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 0 Length: 4096
10:13:35 AM mcshield.exe:2408 FASTIO_READ D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 28672 Length: 4096
10:13:35 AM mcshield.exe:2408 FASTIO_READ D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 20480 Length: 4096
10:13:35 AM mcshield.exe:2408 FASTIO_READ D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 4096 Length: 4096
10:13:35 AM mcshield.exe:2408 FASTIO_READ D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 24576 Length: 4096
10:13:35 AM mcshield.exe:2408 FASTIO_READ D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 65536 Length: 4096
10:13:35 AM mcshield.exe:2408 FASTIO_READ D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 8192 Length: 4096
10:13:35 AM mcshield.exe:2408 IRP_MJ_CLEANUP D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:35 AM mcshield.exe:2408 IRP_MJ_CLOSE D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:35 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.tmp SUCCESS Attributes: N Options: Open
10:13:35 AM mcshield.exe:2408 IRP_MJ_SET_INFORMATION D:\WINDOWS\addins\spc.tmp SUCCESS FileBasicInformation
10:13:35 AM mcshield.exe:2408 IRP_MJ_QUERY_INFORMATION D:\WINDOWS\addins\spc.tmp SUCCESS FileBasicInformation
10:13:35 AM mcshield.exe:2408 IRP_MJ_CLEANUP D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:35 AM mcshield.exe:2408 IRP_MJ_CLOSE D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CREATE D:\WINDOWS\addins\spc.tmp SUCCESS Attributes: Any Options: Open
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_SET_INFORMATION D:\WINDOWS\addins\spc.tmp SUCCESS FileBasicInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLEANUP D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLOSE D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CREATE D:\WINDOWS\addins\spc.ini SUCCESS Attributes: Any Options: Open
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_INFORMATION D:\WINDOWS\addins\spc.ini INVALID PARAMETER FileObjectIdInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_SET_INFORMATION D:\WINDOWS\addins\spc.ini SUCCESS FileDispositionInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLEANUP D:\WINDOWS\addins\spc.ini SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLOSE D:\WINDOWS\addins\spc.ini SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CREATE D:\WINDOWS\addins\spc.tmp SUCCESS Attributes: Any Options: Open
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_INFORMATION D:\WINDOWS\addins\spc.tmp INVALID PARAMETER FileObjectIdInformation
10:13:35 AM EXPLORER.EXE:1272 FASTIO_QUERY_BASIC_INFO D:\WINDOWS\addins\spc.tmp SUCCESS Attributes: HS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CREATE D:\WINDOWS\addins\spc.ini SUCCESS Attributes: Any Options: Open
10:13:35 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.ini FILE NOT FOUND Attributes: N Options: Open
10:13:35 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.ini FILE NOT FOUND Attributes: N Options: Open
10:13:35 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.ini FILE NOT FOUND Attributes: N Options: Open
10:13:35 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.ini FILE NOT FOUND Attributes: N Options: Open
10:13:35 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.ini FILE NOT FOUND Attributes: N Options: Open
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_SET_INFORMATION D:\WINDOWS\addins\spc.tmp SUCCESS FileRenameInformation
10:13:35 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.tmp SUCCESS Attributes: N Options: Open
10:13:35 AM mcshield.exe:2408 IRP_MJ_QUERY_INFORMATION D:\WINDOWS\addins\spc.tmp SUCCESS FileBasicInformation
10:13:35 AM mcshield.exe:2408 IRP_MJ_SET_INFORMATION D:\WINDOWS\addins\spc.tmp SUCCESS FileBasicInformation
10:13:35 AM mcshield.exe:2408 IRP_MJ_CLEANUP D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:35 AM mcshield.exe:2408 IRP_MJ_CLOSE D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:35 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.tmp SUCCESS Attributes: N Options: Open
10:13:35 AM mcshield.exe:2408 IRP_MJ_SET_INFORMATION D:\WINDOWS\addins\spc.tmp SUCCESS FileBasicInformation
10:13:35 AM mcshield.exe:2408 IRP_MJ_CLEANUP D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:35 AM mcshield.exe:2408 IRP_MJ_CLOSE D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:35 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.tmp SUCCESS Attributes: N Options: Open
10:13:35 AM mcshield.exe:2408 IRP_MJ_SET_INFORMATION D:\WINDOWS\addins\spc.tmp SUCCESS FileBasicInformation
10:13:35 AM mcshield.exe:2408 IRP_MJ_QUERY_INFORMATION D:\WINDOWS\addins\spc.tmp SUCCESS FileStandardInformation
10:13:35 AM mcshield.exe:2408 IRP_MJ_CLEANUP D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:35 AM mcshield.exe:2408 IRP_MJ_CLOSE D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:35 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.tmp SUCCESS Attributes: N Options: Open
10:13:35 AM mcshield.exe:2408 IRP_MJ_SET_INFORMATION D:\WINDOWS\addins\spc.tmp SUCCESS FileBasicInformation
10:13:35 AM mcshield.exe:2408 IRP_MJ_READ D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 0 Length: 4096
10:13:35 AM mcshield.exe:2408 FASTIO_READ D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 28672 Length: 4096
10:13:35 AM mcshield.exe:2408 FASTIO_READ D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 20480 Length: 4096
10:13:35 AM mcshield.exe:2408 FASTIO_READ D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 4096 Length: 4096
10:13:35 AM mcshield.exe:2408 FASTIO_READ D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 24576 Length: 4096
10:13:35 AM mcshield.exe:2408 FASTIO_READ D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 65536 Length: 4096
10:13:35 AM mcshield.exe:2408 FASTIO_READ D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 8192 Length: 4096
10:13:35 AM mcshield.exe:2408 IRP_MJ_CLEANUP D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:35 AM mcshield.exe:2408 IRP_MJ_CLOSE D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:35 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.tmp SUCCESS Attributes: N Options: Open
10:13:35 AM mcshield.exe:2408 IRP_MJ_SET_INFORMATION D:\WINDOWS\addins\spc.tmp SUCCESS FileBasicInformation
10:13:35 AM mcshield.exe:2408 IRP_MJ_QUERY_INFORMATION D:\WINDOWS\addins\spc.tmp SUCCESS FileBasicInformation
10:13:35 AM mcshield.exe:2408 IRP_MJ_CLEANUP D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:35 AM mcshield.exe:2408 IRP_MJ_CLOSE D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CREATE D:\WINDOWS\addins\ SUCCESS Attributes: N Options: Open
10:13:35 AM System:1272 IRP_MJ_CLEANUP D:\WINDOWS\addins\ SUCCESS
10:13:35 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.ini FILE NOT FOUND Attributes: N Options: Open
10:13:35 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.ini FILE NOT FOUND Attributes: N Options: Open
10:13:35 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.ini FILE NOT FOUND Attributes: N Options: Open
10:13:35 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.ini FILE NOT FOUND Attributes: N Options: Open
10:13:35 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.ini FILE NOT FOUND Attributes: N Options: Open
10:13:35 AM System:1272 IRP_MJ_CLOSE D:\WINDOWS\addins\ SUCCESS
10:13:35 AM System:1272 IRP_MJ_CLEANUP D:\WINDOWS\addins\spc.ini SUCCESS
10:13:35 AM System:1272 IRP_MJ_CLOSE D:\WINDOWS\addins\spc.ini SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLEANUP D:\WINDOWS\ADDINS\spc.ini SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLOSE D:\WINDOWS\ADDINS\spc.ini SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CREATE D:\WINDOWS\addins\spc.ini SUCCESS Attributes: Any Options: Open
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_SET_INFORMATION D:\WINDOWS\addins\spc.ini SUCCESS FileBasicInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLEANUP D:\WINDOWS\addins\spc.ini SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLOSE D:\WINDOWS\addins\spc.ini SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CREATE D:\WINDOWS\addins\spc.tmp SUCCESS Attributes: N Options: OverwriteIf
10:13:35 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.tmp FILE NOT FOUND Attributes: N Options: Open
10:13:35 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.tmp FILE NOT FOUND Attributes: N Options: Open
10:13:35 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.tmp FILE NOT FOUND Attributes: N Options: Open
10:13:35 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.tmp FILE NOT FOUND Attributes: N Options: Open
10:13:35 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.tmp FILE NOT FOUND Attributes: N Options: Open
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CREATE D:\WINDOWS\addins\ SUCCESS Attributes: N Options: Open
10:13:35 AM System:1272 IRP_MJ_CLEANUP D:\WINDOWS\addins\ SUCCESS
10:13:35 AM System:1272 IRP_MJ_CLOSE D:\WINDOWS\addins\ SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CREATE C:\ SUCCESS Attributes: Any Options: Open Directory
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_INFORMATION C:\ SUCCESS FileNameInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_VOLUME_INFORMATION C:\ SUCCESS FileFsVolumeInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLEANUP C:\ SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLOSE C:\ SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CREATE C:\ SUCCESS Attributes: Any Options: Open Directory
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_INFORMATION C:\ SUCCESS FileNameInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_VOLUME_INFORMATION C:\ SUCCESS FileFsVolumeInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLEANUP C:\ SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLOSE C:\ SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CREATE C:\ SUCCESS Attributes: Any Options: Open Directory
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_INFORMATION C:\ SUCCESS FileNameInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_VOLUME_INFORMATION C:\ SUCCESS FileFsVolumeInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLEANUP C:\ SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLOSE C:\ SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CREATE C:\ SUCCESS Attributes: Any Options: Open Directory
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_INFORMATION C:\ SUCCESS FileNameInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_VOLUME_INFORMATION C:\ SUCCESS FileFsVolumeInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLEANUP C:\ SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLOSE C:\ SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CREATE C:\ SUCCESS Attributes: Any Options: Open Directory
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_INFORMATION C:\ SUCCESS FileNameInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_VOLUME_INFORMATION C:\ SUCCESS FileFsVolumeInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLEANUP C:\ SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLOSE C:\ SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CREATE C:\ SUCCESS Attributes: Any Options: Open Directory
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_INFORMATION C:\ SUCCESS FileNameInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_VOLUME_INFORMATION C:\ SUCCESS FileFsVolumeInformation
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLEANUP C:\ SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_CLOSE C:\ SUCCESS
10:13:35 AM WINLOGON.EXE:384 IRP_MJ_CREATE C:\ SUCCESS Attributes: Any Options: Open Directory
10:13:35 AM WINLOGON.EXE:384 IRP_MJ_QUERY_INFORMATION C:\ SUCCESS FileNameInformation
10:13:35 AM WINLOGON.EXE:384 IRP_MJ_QUERY_VOLUME_INFORMATION C:\ SUCCESS FileFsVolumeInformation
10:13:35 AM WINLOGON.EXE:384 IRP_MJ_CLEANUP C:\ SUCCESS
10:13:35 AM WINLOGON.EXE:384 IRP_MJ_CLOSE C:\ SUCCESS
10:13:35 AM WINLOGON.EXE:384 IRP_MJ_CREATE D:\WINDOWS\addins\cps.dll SUCCESS Attributes: Any Options: Open
10:13:35 AM WINLOGON.EXE:384 IRP_MJ_CLEANUP D:\WINDOWS\addins\cps.dll SUCCESS
10:13:35 AM WINLOGON.EXE:384 IRP_MJ_CLOSE D:\WINDOWS\addins\cps.dll SUCCESS
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_WRITE D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 0 Length: 4096
10:13:35 AM EXPLORER.EXE:1272 FASTIO_WRITE D:\WINDOWS\addins\spc.tmp FAILURE Offset: 4096 Length: 438272
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_WRITE D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 4096 Length: 438272
10:13:35 AM EXPLORER.EXE:1272 IRP_MJ_WRITE* D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 4096 Length: 65536
10:13:35 AM System:4 IRP_MJ_WRITE* D:\System Volume Information\_restore{66980748-769C-4F20-968C-CCC8466589D4}\RP299 SUCCESS Offset: 0 Length: 4096
10:13:36 AM EXPLORER.EXE:1272 IRP_MJ_WRITE* D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 69632 Length: 65536
10:13:36 AM EXPLORER.EXE:1272 IRP_MJ_WRITE* D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 135168 Length: 65536
10:13:36 AM WINLOGON.EXE:384 IRP_MJ_CREATE C:\ SUCCESS Attributes: Any Options: Open Directory
10:13:36 AM WINLOGON.EXE:384 IRP_MJ_QUERY_INFORMATION C:\ SUCCESS FileNameInformation
10:13:36 AM WINLOGON.EXE:384 IRP_MJ_QUERY_VOLUME_INFORMATION C:\ SUCCESS FileFsVolumeInformation
10:13:36 AM WINLOGON.EXE:384 IRP_MJ_CLEANUP C:\ SUCCESS
10:13:36 AM WINLOGON.EXE:384 IRP_MJ_CLOSE C:\ SUCCESS
10:13:36 AM EXPLORER.EXE:1272 IRP_MJ_WRITE* D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 200704 Length: 61440
10:13:36 AM EXPLORER.EXE:1272 IRP_MJ_CREATE C:\ SUCCESS Attributes: Any Options: Open Directory
10:13:36 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_INFORMATION C:\ SUCCESS FileNameInformation
10:13:36 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_VOLUME_INFORMATION C:\ SUCCESS FileFsVolumeInformation
10:13:36 AM EXPLORER.EXE:1272 IRP_MJ_CLEANUP C:\ SUCCESS
10:13:36 AM EXPLORER.EXE:1272 IRP_MJ_CLOSE C:\ SUCCESS
10:13:36 AM EXPLORER.EXE:1272 IRP_MJ_CREATE C:\ SUCCESS Attributes: Any Options: Open Directory
10:13:36 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_INFORMATION C:\ SUCCESS FileNameInformation
10:13:36 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_VOLUME_INFORMATION C:\ SUCCESS FileFsVolumeInformation
10:13:36 AM EXPLORER.EXE:1272 IRP_MJ_CLEANUP C:\ SUCCESS
10:13:36 AM EXPLORER.EXE:1272 IRP_MJ_CLOSE C:\ SUCCESS
10:13:36 AM EXPLORER.EXE:1272 IRP_MJ_CREATE C:\ SUCCESS Attributes: Any Options: Open Directory
10:13:36 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_INFORMATION C:\ SUCCESS FileNameInformation
10:13:36 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_VOLUME_INFORMATION C:\ SUCCESS FileFsVolumeInformation
10:13:36 AM EXPLORER.EXE:1272 IRP_MJ_CLEANUP C:\ SUCCESS
10:13:36 AM EXPLORER.EXE:1272 IRP_MJ_CLOSE C:\ SUCCESS
10:13:36 AM EXPLORER.EXE:1272 IRP_MJ_CREATE C:\ SUCCESS Attributes: Any Options: Open Directory
10:13:36 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_INFORMATION C:\ SUCCESS FileNameInformation
10:13:36 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_VOLUME_INFORMATION C:\ SUCCESS FileFsVolumeInformation
10:13:36 AM EXPLORER.EXE:1272 IRP_MJ_CLEANUP C:\ SUCCESS
10:13:36 AM EXPLORER.EXE:1272 IRP_MJ_CLOSE C:\ SUCCESS
10:13:36 AM EXPLORER.EXE:1272 IRP_MJ_CREATE C:\ SUCCESS Attributes: Any Options: Open Directory
10:13:36 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_INFORMATION C:\ SUCCESS FileNameInformation
10:13:36 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_VOLUME_INFORMATION C:\ SUCCESS FileFsVolumeInformation
10:13:36 AM EXPLORER.EXE:1272 IRP_MJ_CLEANUP C:\ SUCCESS
10:13:36 AM EXPLORER.EXE:1272 IRP_MJ_CLOSE C:\ SUCCESS
10:13:36 AM EXPLORER.EXE:1272 FASTIO_WRITE D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 442368 Length: 2582
10:13:36 AM EXPLORER.EXE:1272 IRP_MJ_CLEANUP D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:36 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.tmp SUCCESS Attributes: N Options: Open
10:13:36 AM mcshield.exe:2408 IRP_MJ_QUERY_INFORMATION D:\WINDOWS\addins\spc.tmp SUCCESS FileBasicInformation
10:13:36 AM mcshield.exe:2408 IRP_MJ_SET_INFORMATION D:\WINDOWS\addins\spc.tmp SUCCESS FileBasicInformation
10:13:36 AM mcshield.exe:2408 IRP_MJ_CLEANUP D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:36 AM mcshield.exe:2408 IRP_MJ_CLOSE D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:36 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.tmp SUCCESS Attributes: N Options: Open
10:13:36 AM mcshield.exe:2408 IRP_MJ_SET_INFORMATION D:\WINDOWS\addins\spc.tmp SUCCESS FileBasicInformation
10:13:36 AM mcshield.exe:2408 IRP_MJ_CLEANUP D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:36 AM mcshield.exe:2408 IRP_MJ_CLOSE D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:36 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.tmp SUCCESS Attributes: N Options: Open
10:13:36 AM mcshield.exe:2408 IRP_MJ_SET_INFORMATION D:\WINDOWS\addins\spc.tmp SUCCESS FileBasicInformation
10:13:36 AM mcshield.exe:2408 IRP_MJ_QUERY_INFORMATION D:\WINDOWS\addins\spc.tmp SUCCESS FileStandardInformation
10:13:36 AM mcshield.exe:2408 IRP_MJ_CLEANUP D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:36 AM mcshield.exe:2408 IRP_MJ_CLOSE D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:36 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.tmp SUCCESS Attributes: N Options: Open
10:13:36 AM mcshield.exe:2408 IRP_MJ_SET_INFORMATION D:\WINDOWS\addins\spc.tmp SUCCESS FileBasicInformation
10:13:36 AM mcshield.exe:2408 IRP_MJ_READ D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 0 Length: 4096
10:13:36 AM mcshield.exe:2408 FASTIO_READ D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 28672 Length: 4096
10:13:36 AM mcshield.exe:2408 FASTIO_READ D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 20480 Length: 4096
10:13:36 AM mcshield.exe:2408 FASTIO_READ D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 4096 Length: 4096
10:13:36 AM mcshield.exe:2408 FASTIO_READ D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 24576 Length: 4096
10:13:36 AM mcshield.exe:2408 FASTIO_READ D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 65536 Length: 4096
10:13:36 AM mcshield.exe:2408 FASTIO_READ D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 8192 Length: 4096
10:13:36 AM mcshield.exe:2408 IRP_MJ_CLEANUP D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:36 AM mcshield.exe:2408 IRP_MJ_CLOSE D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:36 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.tmp SUCCESS Attributes: N Options: Open
10:13:36 AM mcshield.exe:2408 IRP_MJ_SET_INFORMATION D:\WINDOWS\addins\spc.tmp SUCCESS FileBasicInformation
10:13:36 AM mcshield.exe:2408 IRP_MJ_QUERY_INFORMATION D:\WINDOWS\addins\spc.tmp SUCCESS FileBasicInformation
10:13:36 AM mcshield.exe:2408 IRP_MJ_CLEANUP D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:36 AM mcshield.exe:2408 IRP_MJ_CLOSE D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:36 AM EXPLORER.EXE:1272 IRP_MJ_CREATE D:\WINDOWS\addins\spc.tmp SUCCESS Attributes: Any Options: Open
10:13:36 AM EXPLORER.EXE:1272 IRP_MJ_SET_INFORMATION D:\WINDOWS\addins\spc.tmp SUCCESS FileBasicInformation
10:13:36 AM EXPLORER.EXE:1272 IRP_MJ_CLEANUP D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:36 AM EXPLORER.EXE:1272 IRP_MJ_CLOSE D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:36 AM EXPLORER.EXE:1272 IRP_MJ_CREATE D:\WINDOWS\addins\spc.ini SUCCESS Attributes: Any Options: Open
10:13:36 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_INFORMATION D:\WINDOWS\addins\spc.ini INVALID PARAMETER FileObjectIdInformation
10:13:36 AM EXPLORER.EXE:1272 IRP_MJ_SET_INFORMATION D:\WINDOWS\addins\spc.ini SUCCESS FileDispositionInformation
10:13:36 AM EXPLORER.EXE:1272 IRP_MJ_CLEANUP D:\WINDOWS\addins\spc.ini SUCCESS
10:13:36 AM EXPLORER.EXE:1272 IRP_MJ_CLOSE D:\WINDOWS\addins\spc.ini SUCCESS
10:13:36 AM EXPLORER.EXE:1272 IRP_MJ_CREATE D:\WINDOWS\addins\spc.tmp SUCCESS Attributes: Any Options: Open
10:13:36 AM EXPLORER.EXE:1272 IRP_MJ_QUERY_INFORMATION D:\WINDOWS\addins\spc.tmp INVALID PARAMETER FileObjectIdInformation
10:13:36 AM EXPLORER.EXE:1272 FASTIO_QUERY_BASIC_INFO D:\WINDOWS\addins\spc.tmp SUCCESS Attributes: HS
10:13:36 AM EXPLORER.EXE:1272 IRP_MJ_CREATE D:\WINDOWS\addins\spc.ini SUCCESS Attributes: Any Options: Open
10:13:36 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.ini FILE NOT FOUND Attributes: N Options: Open
10:13:36 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.ini FILE NOT FOUND Attributes: N Options: Open
10:13:36 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.ini FILE NOT FOUND Attributes: N Options: Open
10:13:36 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.ini FILE NOT FOUND Attributes: N Options: Open
10:13:36 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.ini FILE NOT FOUND Attributes: N Options: Open
10:13:36 AM EXPLORER.EXE:1272 IRP_MJ_SET_INFORMATION D:\WINDOWS\addins\spc.tmp SUCCESS FileRenameInformation
10:13:36 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.tmp SUCCESS Attributes: N Options: Open
10:13:36 AM mcshield.exe:2408 IRP_MJ_QUERY_INFORMATION D:\WINDOWS\addins\spc.tmp SUCCESS FileBasicInformation
10:13:36 AM mcshield.exe:2408 IRP_MJ_SET_INFORMATION D:\WINDOWS\addins\spc.tmp SUCCESS FileBasicInformation
10:13:36 AM mcshield.exe:2408 IRP_MJ_CLEANUP D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:36 AM mcshield.exe:2408 IRP_MJ_CLOSE D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:36 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.tmp SUCCESS Attributes: N Options: Open
10:13:36 AM mcshield.exe:2408 IRP_MJ_SET_INFORMATION D:\WINDOWS\addins\spc.tmp SUCCESS FileBasicInformation
10:13:36 AM mcshield.exe:2408 IRP_MJ_CLEANUP D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:36 AM mcshield.exe:2408 IRP_MJ_CLOSE D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:36 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.tmp SUCCESS Attributes: N Options: Open
10:13:36 AM mcshield.exe:2408 IRP_MJ_SET_INFORMATION D:\WINDOWS\addins\spc.tmp SUCCESS FileBasicInformation
10:13:36 AM mcshield.exe:2408 IRP_MJ_QUERY_INFORMATION D:\WINDOWS\addins\spc.tmp SUCCESS FileStandardInformation
10:13:36 AM mcshield.exe:2408 IRP_MJ_CLEANUP D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:36 AM mcshield.exe:2408 IRP_MJ_CLOSE D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:36 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.tmp SUCCESS Attributes: N Options: Open
10:13:36 AM mcshield.exe:2408 IRP_MJ_SET_INFORMATION D:\WINDOWS\addins\spc.tmp SUCCESS FileBasicInformation
10:13:36 AM mcshield.exe:2408 IRP_MJ_READ D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 0 Length: 4096
10:13:36 AM mcshield.exe:2408 FASTIO_READ D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 28672 Length: 4096
10:13:36 AM mcshield.exe:2408 FASTIO_READ D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 20480 Length: 4096
10:13:36 AM mcshield.exe:2408 FASTIO_READ D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 4096 Length: 4096
10:13:36 AM mcshield.exe:2408 FASTIO_READ D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 24576 Length: 4096
10:13:36 AM mcshield.exe:2408 FASTIO_READ D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 65536 Length: 4096
10:13:36 AM mcshield.exe:2408 FASTIO_READ D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 8192 Length: 4096
10:13:36 AM mcshield.exe:2408 IRP_MJ_CLEANUP D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:36 AM mcshield.exe:2408 IRP_MJ_CLOSE D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:36 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.tmp SUCCESS Attributes: N Options: Open
10:13:36 AM mcshield.exe:2408 IRP_MJ_SET_INFORMATION D:\WINDOWS\addins\spc.tmp SUCCESS FileBasicInformation
10:13:36 AM mcshield.exe:2408 IRP_MJ_QUERY_INFORMATION D:\WINDOWS\addins\spc.tmp SUCCESS FileBasicInformation
10:13:36 AM mcshield.exe:2408 IRP_MJ_CLEANUP D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:36 AM mcshield.exe:2408 IRP_MJ_CLOSE D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:36 AM EXPLORER.EXE:1272 IRP_MJ_CREATE D:\WINDOWS\addins\ SUCCESS Attributes: N Options: Open
10:13:36 AM System:1272 IRP_MJ_CLEANUP D:\WINDOWS\addins\ SUCCESS
10:13:36 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.ini FILE NOT FOUND Attributes: N Options: Open
10:13:36 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.ini FILE NOT FOUND Attributes: N Options: Open
10:13:36 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.ini FILE NOT FOUND Attributes: N Options: Open
10:13:36 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.ini FILE NOT FOUND Attributes: N Options: Open
10:13:36 AM mcshield.exe:2408 IRP_MJ_CREATE D:\WINDOWS\addins\spc.ini FILE NOT FOUND Attributes: N Options: Open
10:13:36 AM System:1272 IRP_MJ_CLOSE D:\WINDOWS\addins\ SUCCESS
10:13:36 AM System:1272 IRP_MJ_CLEANUP D:\WINDOWS\addins\spc.ini SUCCESS
10:13:36 AM System:1272 IRP_MJ_CLOSE D:\WINDOWS\addins\spc.ini SUCCESS
10:13:36 AM EXPLORER.EXE:1272 IRP_MJ_CLEANUP D:\WINDOWS\ADDINS\spc.ini SUCCESS
10:13:36 AM EXPLORER.EXE:1272 IRP_MJ_CLOSE D:\WINDOWS\ADDINS\spc.ini SUCCESS
10:13:36 AM EXPLORER.EXE:1272 IRP_MJ_CREATE D:\WINDOWS\addins\spc.ini SUCCESS Attributes: Any Options: Open
10:13:36 AM EXPLORER.EXE:1272 IRP_MJ_SET_INFORMATION D:\WINDOWS\addins\spc.ini SUCCESS FileBasicInformation
10:13:36 AM EXPLORER.EXE:1272 IRP_MJ_CLEANUP D:\WINDOWS\addins\spc.ini SUCCESS
10:13:36 AM EXPLORER.EXE:1272 IRP_MJ_CLOSE D:\WINDOWS\addins\spc.ini SUCCESS
10:13:36 AM System:4 IRP_MJ_WRITE* D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 327680 Length: 65536
10:13:36 AM System:4 IRP_MJ_WRITE* D:\WINDOWS\addins\spc.tmp SUCCESS Offset: 393216 Length: 53248
10:13:36 AM System:4 IRP_MJ_SET_INFORMATION* D:\WINDOWS\addins\spc.tmp SUCCESS FileEndOfFileInformation
10:13:36 AM System:4 IRP_MJ_CLOSE D:\WINDOWS\addins\spc.tmp SUCCESS
10:13:36 AM WINLOGON.EXE:384 IRP_MJ_CREATE C:\ SUCCESS Attributes: Any Options: Open Directory
10:13:36 AM WINLOGON.EXE:384 IRP_MJ_QUERY_INFORMATION C:\ SUCCESS FileNameInformation
10:13:36 AM WINLOGON.EXE:384 IRP_MJ_QUERY_VOLUME_INFORMATION C:\ SUCCESS FileFsVolumeInformation
10:13:36 AM WINLOGON.EXE:384 IRP_MJ_CLEANUP C:\ SUCCESS
10:13:36 AM WINLOGON.EXE:384 IRP_MJ_CLOSE C:\ SUCCESS
10:13:36 AM iexplore.exe:676 IRP_MJ_CREATE C:\ SUCCESS Attributes: Any Options: Open Directory
10:13:36 AM iexplore.exe:676 IRP_MJ_QUERY_INFORMATION C:\ SUCCESS FileNameInformation
10:13:36 AM iexplore.exe:676 IRP_MJ_QUERY_VOLUME_INFORMATION C:\ SUCCESS FileFsVolumeInformation
10:13:36 AM iexplore.exe:676 IRP_MJ_CLEANUP C:\ SUCCESS
10:13:36 AM iexplore.exe:676 IRP_MJ_CLOSE C:\ SUCCESS
10:13:36 AM WINLOGON.EXE:384 IRP_MJ_CREATE D:\WINDOWS\addins\cps.dll SUCCESS Attributes: Any Options: Open
10:13:36 AM WINLOGON.EXE:384 IRP_MJ_CLEANUP D:\WINDOWS\addins\cps.dll SUCCESS
10:13:36 AM WINLOGON.EXE:384 IRP_MJ_CLOSE D:\WINDOWS\addins\cps.dll SUCCESS
10:13:37 AM System:4 IRP_MJ_WRITE* D: SUCCESS Offset: 1593344 Length: 4096
10:13:37 AM System:4 IRP_MJ_WRITE* D: SUCCESS Offset: 1609728 Length: 4096

BC AdBot (Login to Remove)

 


m

#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:58 AM

Posted 30 April 2005 - 01:05 PM

You have a msevents hijacker. Btw excellent way of getting us info.

Create a directory on your hardrive, to save HijackThis.exe, called c:\hijackthis. This is a mandatory step, for the backup and restore functions, of HijackThis, to be able to work.

Download the latest version, from here.

Read the pinned post in the HJT forum, here

Then, run a log, and post it in the HJT forum. Do not fix anything, yet.
A member, of the HJT Team, will help you out.
Please, be patient, these people are volunteers. They will help you out, as soon as possible.

#3 theshermans

theshermans
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 30 April 2005 - 04:28 PM

Thank you VERY much.

I had done this in parrallel to this posting as I had some strange browser re-direction issues and I was not at all sure if the problems were related.

You guys are birlliant because I got quick responses and was able to remove the offending entries thanks to your help.

Keep up the BRILLIANT service.

Kind regards
K




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users