Vino's Event Viewer v01c run on Windows 2008 in English Report run at 19/06/2017 4:27:18 PM Note: All dates below are in the format dd/mm/yyyy ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 'Application' Log - Critical Type ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 'Application' Log - Error Type ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Log: 'Application' Date/Time: 19/06/2017 9:45:30 AM Type: Error Category: 0 Event: 10 Source: Microsoft-Windows-WMI Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 'Application' Log - Warning Type ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Log: 'Application' Date/Time: 19/06/2017 9:27:28 AM Type: Warning Category: 0 Event: 1530 Source: Microsoft-Windows-User Profiles Service Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 16 user registry handles leaked from \Registry\User\S-1-5-21-709221880-3219919037-1249648889-1000: Process 1948 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-709221880-3219919037-1249648889-1000 Process 1948 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-709221880-3219919037-1249648889-1000 Process 1948 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-709221880-3219919037-1249648889-1000 Process 1948 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-709221880-3219919037-1249648889-1000 Process 1948 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-709221880-3219919037-1249648889-1000\Software\Microsoft\SystemCertificates\Disallowed Process 1948 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-709221880-3219919037-1249648889-1000\Software\Microsoft\SystemCertificates\My Process 1948 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-709221880-3219919037-1249648889-1000\Software\Microsoft\SystemCertificates\CA Process 1948 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-709221880-3219919037-1249648889-1000\Software\Microsoft\SystemCertificates\SmartCardRoot Process 1948 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-709221880-3219919037-1249648889-1000\Software\Policies\Microsoft\SystemCertificates Process 1948 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-709221880-3219919037-1249648889-1000\Software\Policies\Microsoft\SystemCertificates Process 1948 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-709221880-3219919037-1249648889-1000\Software\Policies\Microsoft\SystemCertificates Process 1948 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-709221880-3219919037-1249648889-1000\Software\Policies\Microsoft\SystemCertificates Process 2576 (\Device\HarddiskVolume3\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe) has opened key \REGISTRY\USER\S-1-5-21-709221880-3219919037-1249648889-1000\Software\NVIDIA Corporation\Global\ShadowPlay Process 1948 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-709221880-3219919037-1249648889-1000\Software\Microsoft\SystemCertificates\TrustedPeople Process 1948 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-709221880-3219919037-1249648889-1000\Software\Microsoft\SystemCertificates\trust Process 1948 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-709221880-3219919037-1249648889-1000\Software\Microsoft\SystemCertificates\Root