Report run at 29/09/2011 2:22:30 PM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 29/09/2011 6:20:55 PM
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(.DEFAULT). hr = 0x80070539, The security ID structure is invalid. .
Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {d22aa567-14c8-44d0-971d-1c136ef70a0e}
Log: 'Application' Date/Time: 27/09/2011 9:59:27 PM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Log: 'Application' Date/Time: 27/09/2011 7:11:12 PM
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(.DEFAULT). hr = 0x80070539, The security ID structure is invalid. .
Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {f25eaba0-7979-4abd-9675-246cc9b6f1a3}
Log: 'Application' Date/Time: 21/09/2011 6:53:00 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: EXCEL.EXE, version: 12.0.6565.5003, time stamp: 0x4e5fe1a6 Faulting module name: EXCEL.EXE, version: 12.0.6565.5003, time stamp: 0x4e5fe1a6 Exception code: 0xc0000005 Fault offset: 0x00049949 Faulting process id: 0xa8 Faulting application start time: 0x01cc78888b8528da Faulting application path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE Faulting module path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE Report Id: ed369d2e-e482-11e0-88b6-e0cb4e642a13
Log: 'Application' Date/Time: 21/09/2011 6:52:51 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: EXCEL.EXE, version: 12.0.6565.5003, time stamp: 0x4e5fe1a6 Faulting module name: EXCEL.EXE, version: 12.0.6565.5003, time stamp: 0x4e5fe1a6 Exception code: 0xc0000005 Fault offset: 0x000132c6 Faulting process id: 0xa8 Faulting application start time: 0x01cc78888b8528da Faulting application path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE Faulting module path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE Report Id: e76ce69c-e482-11e0-88b6-e0cb4e642a13
Log: 'Application' Date/Time: 21/09/2011 4:48:14 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: Skype.exe, version: 5.3.0.120, time stamp: 0x4df89ed9 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651, time stamp: 0x4e211319 Exception code: 0x0eedfade Fault offset: 0x0000b9bc Faulting process id: 0xd1c Faulting application start time: 0x01cc787de74a72bb Faulting application path: C:\Program Files (x86)\Skype\Phone\Skype.exe Faulting module path: C:\Windows\syswow64\KERNELBASE.dll Report Id: 7f01a449-e471-11e0-88b6-e0cb4e642a13
Log: 'Application' Date/Time: 21/09/2011 4:24:51 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: EXCEL.EXE, version: 12.0.6565.5003, time stamp: 0x4e5fe1a6 Faulting module name: EXCEL.EXE, version: 12.0.6565.5003, time stamp: 0x4e5fe1a6 Exception code: 0xc0000005 Fault offset: 0x0005afd9 Faulting process id: 0x95c Faulting application start time: 0x01cc785716540678 Faulting application path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE Faulting module path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE Report Id: 3a675603-e46e-11e0-88b6-e0cb4e642a13
Log: 'Application' Date/Time: 21/09/2011 12:25:25 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: EXCEL.EXE, version: 12.0.6565.5003, time stamp: 0x4e5fe1a6 Faulting module name: EXCEL.EXE, version: 12.0.6565.5003, time stamp: 0x4e5fe1a6 Exception code: 0xc0000005 Fault offset: 0x000132c6 Faulting process id: 0x95c Faulting application start time: 0x01cc785716540678 Faulting application path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE Faulting module path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE Report Id: c7b572c7-e44c-11e0-88b6-e0cb4e642a13
Log: 'Application' Date/Time: 19/09/2011 6:09:18 PM
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(.DEFAULT). hr = 0x80070539, The security ID structure is invalid. .
Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {a96be55f-0896-4677-a540-3d9f316c95a9}
Log: 'Application' Date/Time: 17/09/2011 12:22:18 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: EXCEL.EXE, version: 12.0.6565.5003, time stamp: 0x4e5fe1a6 Faulting module name: EXCEL.EXE, version: 12.0.6565.5003, time stamp: 0x4e5fe1a6 Exception code: 0xc0000005 Fault offset: 0x000132c6 Faulting process id: 0x764 Faulting application start time: 0x01cc7532d7029c10 Faulting application path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE Faulting module path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE Report Id: aeea209e-e127-11e0-8d69-e0cb4e642a13
Log: 'Application' Date/Time: 16/09/2011 2:13:07 AM
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(.DEFAULT). hr = 0x80070539, The security ID structure is invalid. .
Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {3a873aef-c95a-4b32-b1ec-b9070af8e0cc}
Log: 'Application' Date/Time: 09/09/2011 5:06:09 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: EXCEL.EXE, version: 12.0.6557.5000, time stamp: 0x4da3be27 Faulting module name: EXCEL.EXE, version: 12.0.6557.5000, time stamp: 0x4da3be27 Exception code: 0xc0000005 Fault offset: 0x00057f95 Faulting process id: 0xea8 Faulting application start time: 0x01cc6e4f1b4cddb1 Faulting application path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE Faulting module path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE Report Id: 02dccc27-db06-11e0-9d39-e0cb4e642a13
Log: 'Application' Date/Time: 09/09/2011 2:39:56 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: EXCEL.EXE, version: 12.0.6557.5000, time stamp: 0x4da3be27 Faulting module name: EXCEL.EXE, version: 12.0.6557.5000, time stamp: 0x4da3be27 Exception code: 0xc0000005 Fault offset: 0x000132d6 Faulting process id: 0xea8 Faulting application start time: 0x01cc6e4f1b4cddb1 Faulting application path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE Faulting module path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE Report Id: 003e26cf-da8d-11e0-9d39-e0cb4e642a13
Log: 'Application' Date/Time: 08/09/2011 11:43:14 AM
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(.DEFAULT). hr = 0x80070539, The security ID structure is invalid. .
Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {8914b108-5ac6-4bcb-b7c3-9e9f1fd1a80d}
Log: 'Application' Date/Time: 31/08/2011 8:40:37 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: FBAgent.exe, version: 1.0.4.0, time stamp: 0x4ab1aea2 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c8f9 Exception code: 0xc0000374 Fault offset: 0x00000000000c40f2 Faulting process id: 0x494 Faulting application start time: 0x01cc6662af93e9c2 Faulting application path: C:\Windows\system32\FBAgent.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 7b103c67-d411-11e0-99d8-e0cb4e642a13
Log: 'Application' Date/Time: 27/08/2011 3:36:07 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: EXCEL.EXE, version: 12.0.6557.5000, time stamp: 0x4da3be27 Faulting module name: EXCEL.EXE, version: 12.0.6557.5000, time stamp: 0x4da3be27 Exception code: 0xc0000005 Fault offset: 0x00627be3 Faulting process id: 0xe6c Faulting application start time: 0x01cc62563ae3f844 Faulting application path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE Faulting module path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE Report Id: b21f0e31-d05d-11e0-992e-e0cb4e642a13
Log: 'Application' Date/Time: 26/08/2011 12:37:39 PM
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(.DEFAULT). hr = 0x80070539, The security ID structure is invalid. .
Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {e0b64152-a5ff-41e7-86a1-08ed87c15815}
Log: 'Application' Date/Time: 25/08/2011 11:23:55 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: EXCEL.EXE, version: 12.0.6557.5000, time stamp: 0x4da3be27 Faulting module name: EXCEL.EXE, version: 12.0.6557.5000, time stamp: 0x4da3be27 Exception code: 0xc0000005 Fault offset: 0x000132d6 Faulting process id: 0xe6c Faulting application start time: 0x01cc62563ae3f844 Faulting application path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE Faulting module path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE Report Id: b7b4e829-cf0c-11e0-992e-e0cb4e642a13
Log: 'Application' Date/Time: 22/08/2011 5:17:48 PM
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(.DEFAULT). hr = 0x80070539, The security ID structure is invalid. .
Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {de131dbe-d3ca-49f6-8006-202446692b80}
Log: 'Application' Date/Time: 15/08/2011 7:32:42 PM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Local Hostname owner-PC.local already in use; will try owner-PC-2.local instead
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 27/09/2011 7:35:53 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 7 user registry handles leaked from \Registry\User\S-1-5-21-3955990078-4111042486-1075932403-1001:
Process 1240 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1240 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1240 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1240 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1240 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1240 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
Process 1240 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\Windows\CurrentVersion\Explorer
Log: 'Application' Date/Time: 27/09/2011 7:24:55 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-3955990078-4111042486-1075932403-1001_Classes:
Process 1116 (\Device\HarddiskVolume2\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001_CLASSES
Log: 'Application' Date/Time: 27/09/2011 7:24:54 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 47 user registry handles leaked from \Registry\User\S-1-5-21-3955990078-4111042486-1075932403-1001:
Process 1620 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1620 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1620 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1620 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1308 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1308 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 952 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 952 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 952 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 952 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1116 (\Device\HarddiskVolume2\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1116 (\Device\HarddiskVolume2\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1116 (\Device\HarddiskVolume2\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1116 (\Device\HarddiskVolume2\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 952 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\SystemCertificates\My
Process 1116 (\Device\HarddiskVolume2\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\SystemCertificates\My
Process 1620 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\SystemCertificates\My
Process 952 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\SystemCertificates\CA
Process 1116 (\Device\HarddiskVolume2\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\SystemCertificates\CA
Process 1620 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\SystemCertificates\CA
Process 952 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\SystemCertificates\Disallowed
Process 1116 (\Device\HarddiskVolume2\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\SystemCertificates\Disallowed
Process 1620 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\SystemCertificates\Disallowed
Process 952 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Policies\Microsoft\SystemCertificates
Process 952 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Policies\Microsoft\SystemCertificates
Process 952 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Policies\Microsoft\SystemCertificates
Process 952 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Policies\Microsoft\SystemCertificates
Process 1116 (\Device\HarddiskVolume2\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Policies\Microsoft\SystemCertificates
Process 1116 (\Device\HarddiskVolume2\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Policies\Microsoft\SystemCertificates
Process 1116 (\Device\HarddiskVolume2\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Policies\Microsoft\SystemCertificates
Process 1116 (\Device\HarddiskVolume2\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Policies\Microsoft\SystemCertificates
Process 1620 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Policies\Microsoft\SystemCertificates
Process 1620 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Policies\Microsoft\SystemCertificates
Process 1620 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Policies\Microsoft\SystemCertificates
Process 1620 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Policies\Microsoft\SystemCertificates
Process 952 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1116 (\Device\HarddiskVolume2\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1620 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 952 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\SystemCertificates\trust
Process 1116 (\Device\HarddiskVolume2\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\SystemCertificates\trust
Process 1620 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\SystemCertificates\trust
Process 952 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1116 (\Device\HarddiskVolume2\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1620 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\SystemCertificates\TrustedPeople
Process 952 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\SystemCertificates\Root
Process 1116 (\Device\HarddiskVolume2\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\SystemCertificates\Root
Process 1620 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\SystemCertificates\Root
Log: 'Application' Date/Time: 27/09/2011 2:04:34 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-3955990078-4111042486-1075932403-1001_Classes:
Process 988 (\Device\HarddiskVolume2\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001_CLASSES
Log: 'Application' Date/Time: 27/09/2011 2:04:33 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 7 user registry handles leaked from \Registry\User\S-1-5-21-3955990078-4111042486-1075932403-1001:
Process 1156 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1156 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1156 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1156 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1156 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1156 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
Process 1156 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\Windows\CurrentVersion\Explorer
Log: 'Application' Date/Time: 25/09/2011 9:01:31 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 4 user registry handles leaked from \Registry\User\S-1-5-21-3955990078-4111042486-1075932403-1001:
Process 1248 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1248 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1248 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1248 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Log: 'Application' Date/Time: 25/09/2011 2:22:41 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-3955990078-4111042486-1075932403-1001_Classes:
Process 3260 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001_CLASSES
Process 984 (\Device\HarddiskVolume2\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001_CLASSES
Log: 'Application' Date/Time: 25/09/2011 2:22:39 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-3955990078-4111042486-1075932403-1001:
Process 1136 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1136 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1136 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1136 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1136 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 3260 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 3260 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software
Process 1136 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
Process 3260 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Policies
Process 1136 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 3260 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 3260 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 3260 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 3260 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 3260 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\Internet Explorer\Main
Log: 'Application' Date/Time: 21/09/2011 8:45:30 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-3955990078-4111042486-1075932403-1001_Classes:
Process 860 (\Device\HarddiskVolume2\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001_CLASSES
Log: 'Application' Date/Time: 21/09/2011 8:45:29 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 4 user registry handles leaked from \Registry\User\S-1-5-21-3955990078-4111042486-1075932403-1001:
Process 1164 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1164 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1164 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1164 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Log: 'Application' Date/Time: 20/09/2011 2:13:37 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 7 user registry handles leaked from \Registry\User\S-1-5-21-3955990078-4111042486-1075932403-1001:
Process 1272 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1272 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1272 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1272 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1272 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1272 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
Process 1272 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\Windows\CurrentVersion\Explorer
Log: 'Application' Date/Time: 20/09/2011 1:09:02 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-3955990078-4111042486-1075932403-1001_Classes:
Process 660 (\Device\HarddiskVolume2\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001_CLASSES
Log: 'Application' Date/Time: 20/09/2011 1:09:02 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 7 user registry handles leaked from \Registry\User\S-1-5-21-3955990078-4111042486-1075932403-1001:
Process 1192 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1192 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1192 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1192 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1192 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1192 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
Process 1192 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\Windows\CurrentVersion\Explorer
Log: 'Application' Date/Time: 16/09/2011 2:12:49 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-3955990078-4111042486-1075932403-1001:
Process 1248 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1248 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Log: 'Application' Date/Time: 10/09/2011 8:20:19 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 17 user registry handles leaked from \Registry\User\S-1-5-21-3955990078-4111042486-1075932403-1001:
Process 1172 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1172 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1596 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1596 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1596 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1596 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1596 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\SystemCertificates\My
Process 1596 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\SystemCertificates\CA
Process 1596 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\SystemCertificates\Disallowed
Process 1596 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Policies\Microsoft\SystemCertificates
Process 1596 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Policies\Microsoft\SystemCertificates
Process 1596 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Policies\Microsoft\SystemCertificates
Process 1596 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Policies\Microsoft\SystemCertificates
Process 1596 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1596 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\SystemCertificates\trust
Process 1596 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1596 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\SystemCertificates\Root
Log: 'Application' Date/Time: 03/09/2011 10:37:23 PM
Type: Warning Category: 1
Event: 32068 Source: Microsoft Fax
The outgoing routing rule is not valid because it cannot find a valid device. Check the routing rule configuration. Country/region code: '*' Area code: '*'
Log: 'Application' Date/Time: 03/09/2011 10:37:23 PM
Type: Warning Category: 1
Event: 32026 Source: Microsoft Fax
Fax Service failed to initialize any assigned fax devices. No faxes can be sent or received until a fax device is installed.
Log: 'Application' Date/Time: 03/09/2011 2:03:27 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-3955990078-4111042486-1075932403-1001_Classes:
Process 1592 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001_CLASSES
Log: 'Application' Date/Time: 03/09/2011 2:03:26 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 7 user registry handles leaked from \Registry\User\S-1-5-21-3955990078-4111042486-1075932403-1001:
Process 1180 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1180 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1180 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1180 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1180 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1180 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
Process 1180 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\Windows\CurrentVersion\Explorer
Log: 'Application' Date/Time: 02/09/2011 2:33:06 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-3955990078-4111042486-1075932403-1001_Classes:
Process 1548 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001_CLASSES