Vino's Event Viewer v01c run on Windows 2008 in English Report run at 26/12/2016 12:00:03 AM Note: All dates below are in the format dd/mm/yyyy ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 'Application' Log - Critical Type ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 'Application' Log - Error Type ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Log: 'Application' Date/Time: 26/12/2016 2:00:04 AM Type: Error Category: 0 Event: 8193 Source: VSS Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-3910213348-232855233-1580435985-1000.bak). hr = 0x80070539, The security ID structure is invalid. . Operation: OnIdentify event Gathering Writer Data Context: Execution Context: Shadow Copy Optimization Writer Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Writer Name: Shadow Copy Optimization Writer Writer Instance ID: {a35e2fd0-4002-47d5-ba5d-09fe5626f472} Log: 'Application' Date/Time: 25/12/2016 11:24:13 PM Type: Error Category: 3 Event: 320 Source: DbxSvc Failed to connect to the driver: (-2147024894) The system cannot find the file specified. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 'Application' Log - Warning Type ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Log: 'Application' Date/Time: 25/12/2016 11:23:24 PM Type: Warning Category: 0 Event: 1530 Source: Microsoft-Windows-User Profiles Service Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 16 user registry handles leaked from \Registry\User\S-1-5-21-3910213348-232855233-1580435985-1000: Process 1492 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-3910213348-232855233-1580435985-1000 Process 2568 (\Device\HarddiskVolume3\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.6\ToolbarUpdater.exe) has opened key \REGISTRY\USER\S-1-5-21-3910213348-232855233-1580435985-1000\Software\AVG Web TuneUp\Campaigns\0816tb Process 2568 (\Device\HarddiskVolume3\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.6\ToolbarUpdater.exe) has opened key \REGISTRY\USER\S-1-5-21-3910213348-232855233-1580435985-1000\Software\AVG Web TuneUp\Campaigns\0516tb Process 2568 (\Device\HarddiskVolume3\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.6\ToolbarUpdater.exe) has opened key \REGISTRY\USER\S-1-5-21-3910213348-232855233-1580435985-1000\Software\AVG Web TuneUp\Campaigns\0715av Process 2568 (\Device\HarddiskVolume3\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.6\ToolbarUpdater.exe) has opened key \REGISTRY\USER\S-1-5-21-3910213348-232855233-1580435985-1000\Software\AVG Web TuneUp\Campaigns\0415av Process 2568 (\Device\HarddiskVolume3\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.6\ToolbarUpdater.exe) has opened key \REGISTRY\USER\S-1-5-21-3910213348-232855233-1580435985-1000\Software\AVG Web TuneUp\Campaigns\1015tb Process 2568 (\Device\HarddiskVolume3\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.6\ToolbarUpdater.exe) has opened key \REGISTRY\USER\S-1-5-21-3910213348-232855233-1580435985-1000\Software\AVG Web TuneUp\Campaigns\1016tb Process 2568 (\Device\HarddiskVolume3\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.6\ToolbarUpdater.exe) has opened key \REGISTRY\USER\S-1-5-21-3910213348-232855233-1580435985-1000\Software\AVG Web TuneUp\Campaigns\0716tb Process 2568 (\Device\HarddiskVolume3\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.6\ToolbarUpdater.exe) has opened key \REGISTRY\USER\S-1-5-21-3910213348-232855233-1580435985-1000\Software\AVG Web TuneUp\Campaigns\0816tb2 Process 2568 (\Device\HarddiskVolume3\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.6\ToolbarUpdater.exe) has opened key \REGISTRY\USER\S-1-5-21-3910213348-232855233-1580435985-1000\Software\AVG Web TuneUp\Campaigns\0116tb Process 2568 (\Device\HarddiskVolume3\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.6\ToolbarUpdater.exe) has opened key \REGISTRY\USER\S-1-5-21-3910213348-232855233-1580435985-1000\Software\AVG Web TuneUp\Campaigns\0915tb Process 2568 (\Device\HarddiskVolume3\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.6\ToolbarUpdater.exe) has opened key \REGISTRY\USER\S-1-5-21-3910213348-232855233-1580435985-1000\Software\AVG Web TuneUp\Campaigns\1215tb Process 2568 (\Device\HarddiskVolume3\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.6\ToolbarUpdater.exe) has opened key \REGISTRY\USER\S-1-5-21-3910213348-232855233-1580435985-1000\Software\AVG Web TuneUp\Campaigns\0316tb Process 2568 (\Device\HarddiskVolume3\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.6\ToolbarUpdater.exe) has opened key \REGISTRY\USER\S-1-5-21-3910213348-232855233-1580435985-1000\Software\AVG Web TuneUp\Campaigns\0616tb Process 2568 (\Device\HarddiskVolume3\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.6\ToolbarUpdater.exe) has opened key \REGISTRY\USER\S-1-5-21-3910213348-232855233-1580435985-1000\Software\AVG Web TuneUp\Campaigns\1216tb Process 2568 (\Device\HarddiskVolume3\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.6\ToolbarUpdater.exe) has opened key \REGISTRY\USER\S-1-5-21-3910213348-232855233-1580435985-1000\Software\AVG Web TuneUp\Campaigns\0916tb