Vino's Event Viewer v01c run on Windows 2008 in English Report run at 03/11/2017 7:39:20 PM Note: All dates below are in the format dd/mm/yyyy ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 'Application' Log - Critical Type ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 'Application' Log - Error Type ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Log: 'Application' Date/Time: 04/11/2017 1:34:30 AM Type: Error Category: 101 Event: 1002 Source: Application Hang The program wusa.exe version 6.1.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1f80 Start Time: 01d3550c989b0ccb Termination Time: 16 Application Path: C:\Windows\system32\wusa.exe Report Id: Log: 'Application' Date/Time: 04/11/2017 1:33:01 AM Type: Error Category: 0 Event: 513 Source: Microsoft-Windows-CAPI2 Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddWin32ServiceFiles: Unable to back up image of service Avast Antivirus since QueryServiceConfig API failed System Error: The system cannot find the file specified. . Log: 'Application' Date/Time: 04/11/2017 1:33:01 AM Type: Error Category: 0 Event: 513 Source: Microsoft-Windows-CAPI2 Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddWin32ServiceFiles: Unable to back up image of service aswbIDSAgent since QueryServiceConfig API failed System Error: The system cannot find the file specified. . Log: 'Application' Date/Time: 04/11/2017 1:33:01 AM Type: Error Category: 0 Event: 513 Source: Microsoft-Windows-CAPI2 Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary aswVmm. System Error: The system cannot find the file specified. . Log: 'Application' Date/Time: 04/11/2017 1:33:01 AM Type: Error Category: 0 Event: 513 Source: Microsoft-Windows-CAPI2 Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary aswStm. System Error: The system cannot find the file specified. . Log: 'Application' Date/Time: 04/11/2017 1:33:01 AM Type: Error Category: 0 Event: 513 Source: Microsoft-Windows-CAPI2 Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary aswSP. System Error: The system cannot find the file specified. . Log: 'Application' Date/Time: 04/11/2017 1:33:01 AM Type: Error Category: 0 Event: 513 Source: Microsoft-Windows-CAPI2 Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary aswSnx. System Error: The system cannot find the file specified. . Log: 'Application' Date/Time: 04/11/2017 1:33:01 AM Type: Error Category: 0 Event: 513 Source: Microsoft-Windows-CAPI2 Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary aswRvrt. System Error: The system cannot find the file specified. . Log: 'Application' Date/Time: 04/11/2017 1:33:01 AM Type: Error Category: 0 Event: 513 Source: Microsoft-Windows-CAPI2 Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary aswRdr. System Error: The system cannot find the file specified. . Log: 'Application' Date/Time: 04/11/2017 1:33:01 AM Type: Error Category: 0 Event: 513 Source: Microsoft-Windows-CAPI2 Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary aswMonFlt. System Error: The system cannot find the file specified. . Log: 'Application' Date/Time: 04/11/2017 1:33:01 AM Type: Error Category: 0 Event: 513 Source: Microsoft-Windows-CAPI2 Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary aswKbd. System Error: The system cannot find the file specified. . Log: 'Application' Date/Time: 04/11/2017 1:33:01 AM Type: Error Category: 0 Event: 513 Source: Microsoft-Windows-CAPI2 Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary aswbuniv. System Error: The system cannot find the file specified. . Log: 'Application' Date/Time: 04/11/2017 1:33:01 AM Type: Error Category: 0 Event: 513 Source: Microsoft-Windows-CAPI2 Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary aswblog. System Error: The system cannot find the file specified. . Log: 'Application' Date/Time: 04/11/2017 1:33:01 AM Type: Error Category: 0 Event: 513 Source: Microsoft-Windows-CAPI2 Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary aswbidsh. System Error: The system cannot find the file specified. . Log: 'Application' Date/Time: 04/11/2017 1:33:01 AM Type: Error Category: 0 Event: 513 Source: Microsoft-Windows-CAPI2 Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary aswbidsdriver. System Error: The system cannot find the file specified. . Log: 'Application' Date/Time: 04/11/2017 12:14:23 AM Type: Error Category: 0 Event: 257 Source: Microsoft-Windows-CAPI2 The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -528. Log: 'Application' Date/Time: 04/11/2017 12:14:23 AM Type: Error Category: 3 Event: 455 Source: ESENT Catalog Database (1436) Catalog Database: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Windows\system32\CatRoot2\edb.log. Log: 'Application' Date/Time: 03/11/2017 11:33:57 PM Type: Error Category: 0 Event: 8193 Source: VSS Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040154, Class not registered . Operation: Instantiating VSS server Log: 'Application' Date/Time: 03/11/2017 11:33:57 PM Type: Error Category: 0 Event: 22 Source: VSS Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered. This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider. The error returned from CoCreateInstance on class with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and Name IVssCoordinatorEx2 is [0x80040154, Class not registered ]. Operation: Instantiating VSS server ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 'Application' Log - Warning Type ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Log: 'Application' Date/Time: 04/11/2017 1:47:04 AM Type: Warning Category: 1 Event: 1000 Source: ISCTAgent CAgentState::DoPeriodicSuspendResume NetDetect is now disabled since this is not a mobile platform Log: 'Application' Date/Time: 04/11/2017 1:35:43 AM Type: Warning Category: 1 Event: 1000 Source: ISCTAgent CAgentState::DoPeriodicSuspendResume NetDetect is now disabled since this is not a mobile platform Log: 'Application' Date/Time: 04/11/2017 1:34:45 AM Type: Warning Category: 0 Event: 1530 Source: Microsoft-Windows-User Profiles Service Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 13 user registry handles leaked from \Registry\User\S-1-5-21-4135327567-4282227739-3352556458-1000: Process 2648 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4135327567-4282227739-3352556458-1000 Process 2648 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4135327567-4282227739-3352556458-1000 Process 2648 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4135327567-4282227739-3352556458-1000 Process 2648 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4135327567-4282227739-3352556458-1000\Software\Microsoft\SystemCertificates\Disallowed Process 2212 (\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe) has opened key \REGISTRY\USER\S-1-5-21-4135327567-4282227739-3352556458-1000\Software\NVIDIA Corporation\Global\ShadowPlay Process 2648 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4135327567-4282227739-3352556458-1000\Software\Microsoft\SystemCertificates\Root Process 2648 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4135327567-4282227739-3352556458-1000\Software\Microsoft\SystemCertificates\SmartCardRoot Process 2648 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4135327567-4282227739-3352556458-1000\Software\Microsoft\SystemCertificates\My Process 2648 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4135327567-4282227739-3352556458-1000\Software\Microsoft\SystemCertificates\CA Process 2648 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4135327567-4282227739-3352556458-1000\Software\Microsoft\SystemCertificates\trust Process 2648 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4135327567-4282227739-3352556458-1000\Software\Policies\Microsoft\SystemCertificates Process 2648 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4135327567-4282227739-3352556458-1000\Software\Policies\Microsoft\SystemCertificates Process 2648 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4135327567-4282227739-3352556458-1000\Software\Policies\Microsoft\SystemCertificates Log: 'Application' Date/Time: 04/11/2017 1:28:27 AM Type: Warning Category: 1 Event: 1000 Source: ISCTAgent CAgentState::DoPeriodicSuspendResume NetDetect is now disabled since this is not a mobile platform Log: 'Application' Date/Time: 04/11/2017 1:26:43 AM Type: Warning Category: 0 Event: 1530 Source: Microsoft-Windows-User Profiles Service Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-4135327567-4282227739-3352556458-1000: Process 1576 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4135327567-4282227739-3352556458-1000 Process 2320 (\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe) has opened key \REGISTRY\USER\S-1-5-21-4135327567-4282227739-3352556458-1000\Software\NVIDIA Corporation\Global\ShadowPlay Log: 'Application' Date/Time: 04/11/2017 12:33:53 AM Type: Warning Category: 1 Event: 1000 Source: ISCTAgent CAgentState::DoPeriodicSuspendResume NetDetect is now disabled since this is not a mobile platform Log: 'Application' Date/Time: 04/11/2017 12:32:24 AM Type: Warning Category: 0 Event: 1530 Source: Microsoft-Windows-User Profiles Service Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-4135327567-4282227739-3352556458-1000: Process 1616 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4135327567-4282227739-3352556458-1000 Process 2328 (\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe) has opened key \REGISTRY\USER\S-1-5-21-4135327567-4282227739-3352556458-1000\Software\NVIDIA Corporation\Global\ShadowPlay Log: 'Application' Date/Time: 04/11/2017 12:14:05 AM Type: Warning Category: 1 Event: 1000 Source: ISCTAgent CAgentState::DoPeriodicSuspendResume NetDetect is now disabled since this is not a mobile platform Log: 'Application' Date/Time: 04/11/2017 12:12:44 AM Type: Warning Category: 0 Event: 1530 Source: Microsoft-Windows-User Profiles Service Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-4135327567-4282227739-3352556458-1000: Process 1624 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4135327567-4282227739-3352556458-1000 Process 2332 (\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe) has opened key \REGISTRY\USER\S-1-5-21-4135327567-4282227739-3352556458-1000\Software\NVIDIA Corporation\Global\ShadowPlay Log: 'Application' Date/Time: 03/11/2017 11:28:14 PM Type: Warning Category: 1 Event: 1000 Source: ISCTAgent CAgentState::DoPeriodicSuspendResume NetDetect is now disabled since this is not a mobile platform Log: 'Application' Date/Time: 03/11/2017 11:19:53 PM Type: Warning Category: 3 Event: 3086 Source: Microsoft-Windows-Search The system locale has changed. Existing data will be deleted and the index must be recreated. Context: Application, SystemIndex Catalog Log: 'Application' Date/Time: 03/11/2017 11:19:32 PM Type: Warning Category: 1 Event: 1000 Source: ISCTAgent CAgentState::DoPeriodicSuspendResume NetDetect is now disabled since this is not a mobile platform Log: 'Application' Date/Time: 03/11/2017 11:18:11 PM Type: Warning Category: 0 Event: 1530 Source: Microsoft-Windows-User Profiles Service Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-4135327567-4282227739-3352556458-1000: Process 1644 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4135327567-4282227739-3352556458-1000 Process 2360 (\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe) has opened key \REGISTRY\USER\S-1-5-21-4135327567-4282227739-3352556458-1000\Software\NVIDIA Corporation\Global\ShadowPlay Log: 'Application' Date/Time: 03/11/2017 11:15:56 PM Type: Warning Category: 1 Event: 1000 Source: ISCTAgent CAgentState::DoPeriodicSuspendResume NetDetect is now disabled since this is not a mobile platform Log: 'Application' Date/Time: 03/11/2017 11:14:26 PM Type: Warning Category: 0 Event: 1530 Source: Microsoft-Windows-User Profiles Service Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-4135327567-4282227739-3352556458-1000: Process 1664 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4135327567-4282227739-3352556458-1000 Process 2356 (\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe) has opened key \REGISTRY\USER\S-1-5-21-4135327567-4282227739-3352556458-1000\Software\NVIDIA Corporation\Global\ShadowPlay Log: 'Application' Date/Time: 03/11/2017 11:08:16 PM Type: Warning Category: 1 Event: 1000 Source: ISCTAgent CAgentState::DoPeriodicSuspendResume NetDetect is now disabled since this is not a mobile platform Log: 'Application' Date/Time: 03/11/2017 11:06:46 PM Type: Warning Category: 0 Event: 1530 Source: Microsoft-Windows-User Profiles Service Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-4135327567-4282227739-3352556458-1000: Process 1588 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-4135327567-4282227739-3352556458-1000 Process 2332 (\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe) has opened key \REGISTRY\USER\S-1-5-21-4135327567-4282227739-3352556458-1000\Software\NVIDIA Corporation\Global\ShadowPlay