Vino's Event Viewer v01c run on Windows 2008 in English Report run at 17/02/2020 12:17:22 PM Note: All dates below are in the format dd/mm/yyyy ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 'Application' Log - Critical Type ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 'Application' Log - Error Type ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 'Application' Log - Warning Type ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Log: 'Application' Date/Time: 16/02/2020 10:53:20 PM Type: Warning Category: 0 Event: 1530 Source: Microsoft-Windows-User Profiles Service Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 12 user registry handles leaked from \Registry\User\S-1-5-21-3384263181-369055421-3260215636-1000: Process 1964 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000 Process 1964 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000 Process 1964 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000 Process 1964 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000\Software\Microsoft\SystemCertificates\SmartCardRoot Process 1964 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000\Software\Policies\Microsoft\SystemCertificates Process 1964 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000\Software\Policies\Microsoft\SystemCertificates Process 1964 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000\Software\Policies\Microsoft\SystemCertificates Process 1964 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000\Software\Microsoft\SystemCertificates\Root Process 1964 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000\Software\Microsoft\SystemCertificates\Disallowed Process 1964 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000\Software\Microsoft\SystemCertificates\My Process 1964 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000\Software\Microsoft\SystemCertificates\CA Process 1964 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000\Software\Microsoft\SystemCertificates\trust