Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win32:PUP (I think) "Laptop went berserk" is an understatement


  • This topic is locked This topic is locked

#106
Sophia L

Sophia L

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 117 posts
Vino's Event Viewer v01c run on Windows Vista in English
Report run at 09/05/2012 10:02:59 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 10/05/2012 4:45:58 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 10/05/2012 4:37:12 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 10/05/2012 3:54:31 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 10/05/2012 4:43:22 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 10/05/2012 4:32:11 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 10/05/2012 4:28:30 AM
Type: Warning Category: 0
Event: 4376 Source: Microsoft-Windows-Servicing
Servicing has required reboot to complete the operation of setting package KB2604094(Security Update) into Install Requested(Install Requested) state

Log: 'System' Date/Time: 10/05/2012 4:28:30 AM
Type: Warning Category: 0
Event: 4376 Source: Microsoft-Windows-Servicing
Servicing has required reboot to complete the operation of setting package KB2604094(Security Update) into Install Requested(Install Requested) state

Log: 'System' Date/Time: 10/05/2012 4:28:30 AM
Type: Warning Category: 0
Event: 4376 Source: Microsoft-Windows-Servicing
Servicing has required reboot to complete the operation of setting package KB2604094(Security Update) into Install Requested(Install Requested) state

Log: 'System' Date/Time: 10/05/2012 4:28:30 AM
Type: Warning Category: 0
Event: 4376 Source: Microsoft-Windows-Servicing
Servicing has required reboot to complete the operation of setting package KB2604094(Security Update) into Install Requested(Install Requested) state

Log: 'System' Date/Time: 10/05/2012 4:28:30 AM
Type: Warning Category: 0
Event: 4376 Source: Microsoft-Windows-Servicing
Servicing has required reboot to complete the operation of setting package KB2604094(Security Update) into Install Requested(Install Requested) state

Log: 'System' Date/Time: 10/05/2012 4:28:21 AM
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB2604094(Security Update) is not applicable for this system

Log: 'System' Date/Time: 10/05/2012 4:28:21 AM
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB2604094(Security Update) is not applicable for this system

Log: 'System' Date/Time: 10/05/2012 4:28:20 AM
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB2604094(Security Update) is not applicable for this system

Log: 'System' Date/Time: 10/05/2012 4:28:20 AM
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB2604094(Security Update) is not applicable for this system

Log: 'System' Date/Time: 10/05/2012 4:28:20 AM
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB2604094(Security Update) is not applicable for this system

Log: 'System' Date/Time: 10/05/2012 4:28:19 AM
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB2604094(Security Update) is not applicable for this system

Log: 'System' Date/Time: 10/05/2012 4:28:19 AM
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB2604094(Security Update) is not applicable for this system

Log: 'System' Date/Time: 10/05/2012 4:28:19 AM
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB2604094(Security Update) is not applicable for this system

Log: 'System' Date/Time: 10/05/2012 4:28:18 AM
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB2604094(Security Update) is not applicable for this system

Log: 'System' Date/Time: 10/05/2012 4:28:18 AM
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB2604094(Security Update) is not applicable for this system

Log: 'System' Date/Time: 10/05/2012 4:28:18 AM
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB2604094(Security Update) is not applicable for this system

Log: 'System' Date/Time: 10/05/2012 4:28:17 AM
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB2604094(Security Update) is not applicable for this system

Log: 'System' Date/Time: 10/05/2012 4:28:17 AM
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB2604094(Security Update) is not applicable for this system
  • 0

Advertisements


#107
Sophia L

Sophia L

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 117 posts
Vino's Event Viewer v01c run on Windows Vista in English
Report run at 09/05/2012 10:06:07 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 10/05/2012 4:43:04 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-1757000932-634374023-2444453289-500_Classes:
Process 4292 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500_CLASSES
Process 4292 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500_CLASSES


Log: 'Application' Date/Time: 10/05/2012 4:42:58 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 17 user registry handles leaked from \Registry\User\S-1-5-21-1757000932-634374023-2444453289-500:
Process 2480 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500
Process 2480 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500
Process 2480 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500
Process 2480 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500
Process 4292 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500
Process 2480 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2480 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500\Software\Policies\Microsoft\SystemCertificates
Process 2480 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500\Software\Policies\Microsoft\SystemCertificates
Process 2480 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500\Software\Policies\Microsoft\SystemCertificates
Process 2480 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500\Software\Policies\Microsoft\SystemCertificates
Process 2480 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500\Software\Microsoft\SystemCertificates\TrustedPeople
Process 2480 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500\Software\Microsoft\SystemCertificates\Root
Process 2480 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500\Software\Microsoft\SystemCertificates\My
Process 2480 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500\Software\Microsoft\SystemCertificates\CA
Process 2480 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500\Software\Microsoft\SystemCertificates\trust
Process 4292 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500\Software\KasperskyLab\protected\AVP12
Process 2480 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500\Software\Microsoft\SystemCertificates\Disallowed


Log: 'Application' Date/Time: 10/05/2012 4:31:33 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-1757000932-634374023-2444453289-500_Classes:
Process 1940 (\Device\HarddiskVolume1\WINDOWS\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache


Log: 'Application' Date/Time: 10/05/2012 4:31:30 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 46 user registry handles leaked from \Registry\User\S-1-5-21-1757000932-634374023-2444453289-500:
Process 3568 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500
Process 3568 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500
Process 3568 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500
Process 3568 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500
Process 2008 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500
Process 2008 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500
Process 2008 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500
Process 2008 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500
Process 5888 (\Device\HarddiskVolume1\WINDOWS\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500
Process 5888 (\Device\HarddiskVolume1\WINDOWS\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500
Process 5888 (\Device\HarddiskVolume1\WINDOWS\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500
Process 5888 (\Device\HarddiskVolume1\WINDOWS\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500
Process 5888 (\Device\HarddiskVolume1\WINDOWS\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 3568 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2008 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2008 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500\Software\Policies\Microsoft\SystemCertificates
Process 2008 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500\Software\Policies\Microsoft\SystemCertificates
Process 2008 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500\Software\Policies\Microsoft\SystemCertificates
Process 2008 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500\Software\Policies\Microsoft\SystemCertificates
Process 5888 (\Device\HarddiskVolume1\WINDOWS\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500\Software\Policies\Microsoft\SystemCertificates
Process 5888 (\Device\HarddiskVolume1\WINDOWS\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500\Software\Policies\Microsoft\SystemCertificates
Process 5888 (\Device\HarddiskVolume1\WINDOWS\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500\Software\Policies\Microsoft\SystemCertificates
Process 5888 (\Device\HarddiskVolume1\WINDOWS\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500\Software\Policies\Microsoft\SystemCertificates
Process 3568 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500\Software\Policies\Microsoft\SystemCertificates
Process 3568 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500\Software\Policies\Microsoft\SystemCertificates
Process 3568 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500\Software\Policies\Microsoft\SystemCertificates
Process 3568 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500\Software\Policies\Microsoft\SystemCertificates
Process 5888 (\Device\HarddiskVolume1\WINDOWS\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500\Software\Microsoft\SystemCertificates\TrustedPeople
Process 3568 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500\Software\Microsoft\SystemCertificates\TrustedPeople
Process 2008 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500\Software\Microsoft\SystemCertificates\TrustedPeople
Process 5888 (\Device\HarddiskVolume1\WINDOWS\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500\Software\Microsoft\SystemCertificates\Root
Process 3568 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500\Software\Microsoft\SystemCertificates\Root
Process 2008 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500\Software\Microsoft\SystemCertificates\Root
Process 5888 (\Device\HarddiskVolume1\WINDOWS\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500\Software\Microsoft\SystemCertificates\My
Process 3568 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500\Software\Microsoft\SystemCertificates\My
Process 2008 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500\Software\Microsoft\SystemCertificates\My
Process 5888 (\Device\HarddiskVolume1\WINDOWS\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 5888 (\Device\HarddiskVolume1\WINDOWS\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500\Software\Microsoft\SystemCertificates\CA
Process 3568 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500\Software\Microsoft\SystemCertificates\CA
Process 2008 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500\Software\Microsoft\SystemCertificates\CA
Process 5888 (\Device\HarddiskVolume1\WINDOWS\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500\Software\Microsoft\SystemCertificates\trust
Process 3568 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500\Software\Microsoft\SystemCertificates\trust
Process 2008 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500\Software\Microsoft\SystemCertificates\trust
Process 5888 (\Device\HarddiskVolume1\WINDOWS\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500\Software\Microsoft\SystemCertificates\Disallowed
Process 3568 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500\Software\Microsoft\SystemCertificates\Disallowed
Process 2008 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500\Software\Microsoft\SystemCertificates\Disallowed


Log: 'Application' Date/Time: 10/05/2012 3:52:44 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 12 user registry handles leaked from \Registry\User\S-1-5-21-1757000932-634374023-2444453289-500:
Process 3836 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500
Process 3836 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500
Process 3836 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500
Process 3836 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 3836 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500\Software\Policies\Microsoft\SystemCertificates
Process 3836 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500\Software\Policies\Microsoft\SystemCertificates
Process 3836 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500\Software\Policies\Microsoft\SystemCertificates
Process 3836 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500\Software\Microsoft\SystemCertificates\Root
Process 3836 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500\Software\Microsoft\SystemCertificates\My
Process 3836 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500\Software\Microsoft\SystemCertificates\CA
Process 3836 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500\Software\Microsoft\SystemCertificates\trust
Process 3836 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1757000932-634374023-2444453289-500\Software\Microsoft\SystemCertificates\Disallowed
  • 0

#108
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
I will get back to you tomorrow with the next steps.

Regards,

CompCav
  • 0

#109
Sophia L

Sophia L

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 117 posts
No change. Still get this message between HP and Windows: Checking file system on C: The type of file system is NTFS.Cannot open volume for direct access.Windows has finished checking the disk.================================================================================================================================================================================================== How come we got stuck in this Groundgog Day of disk check? :unsure:
  • 0

#110
Sophia L

Sophia L

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 117 posts

I will get back to you tomorrow with the next steps.

================================================================================================================================================================================ You're a prince!
  • 0

#111
Sophia L

Sophia L

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 117 posts
CompCav, don't know if it's of any significance or just an ad... I was going to log off the computer. Close my Chrome window. Behind it there was another full screen-size window I never opened, with this URL: http://d3.zedo.com/j...16;w=1024;h=768 ============================================================================================================================================================================================================================ All white screen with two huge buttons on it and nothing else. One was DOWNLOAD, the other - PLAY...
  • 0

#112
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
I have reviewed your topic with several experts at G2G and there are a few questions to ask and an overall analysis that we have.

Questions

Have you dropped this computer or bumped it real hard?
(There is evidence of hard drive hits on the hard drive)

Is the battery the original or have you had it replaced?
If original it may need to be replaced.
Please go into here and follow the instructions to see if you need a new battery.

Does the ringing noise occur when the computer has been off long enough to be cold?


Overall Analysis

The remaining issues are not malware driven.

The monitor flashing is typical of a video card failure or monitor failure in the late stages just prior to complete failure.

The errors on start up are indicative of either a hardware failure or corruption of the operating system requiring a total reinstall (from your recovery partition) or at minimum an inplace/upgrade with a Vista SP2 install disk.

The keyboard may have a fix but if not would have to be replaced. This could be checked after the reinstall or factory reset.

The ringing may be a warning of either overheating or a fan (cooling system) failure that could lead to overheating.


Path Forward

Regardless of whether you want to continue trying to repair and reinstall or simply replace we should make sure you have all your data retrieved from the computer. These next steps will hopefully stabilize things a little so you can do the backups.


Step 1.

Remove Bluetooth Device from the computer.


Click Start >> Right-click Computer >> Click Properties >> Click Device Manager

Right click on Bluetooth Peripheral Device >> Click Uninstall

Repeat for the second device as well.

Please let me know the make and model number of the device, I have a friend here on the tech side that will retrieve the latest driver for us.


Now completely shutdown the computer


Step 2.

  • Disconnect all peripheral devices and remove all USB devices and SD media cards. You want to test the computer not the accessories!
  • Disconnect the AC power adapter, remove the battery, and then press and hold the power button for at least 15 seconds to drain all residual power and restore default startup settings.
  • Reconnect the AC power adapter (but do not insert the battery), Press the Power button, Look for glowing LEDs near caps lock and num lock keys
  • Listen for sounds of a fan or other moving parts turning.

Please note all the sounds and the changes as it boots up and you have to go through your sequence to get it to boot.


Step 3.


Please post your observations of the computer during the startup and until it settles and is useable.


Step 4.

If you already have a backup system you are using please run it and save all the data you want from this computer.

If you do not have a backup system please go here and follow the directions to retrieve your data.


Step 5.


Your decision we can go to the next step of factory reset (if the recovery partition is healthy) or inplace-upgrade/reinstall (requires Vista SP2 DVD)

Please let me know which way you want to go

Following this step we will address the other issues that remain related to hardware (video card, monitor, keyboard, cooling system, etc.)
  • 0

#113
Sophia L

Sophia L

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 117 posts
Hi ComCav, thank yo and your friends for looking it over.================================================================================================================ Answers: 1.Did not drop or bump the laptop. 2. I have 2 original batteries, one regular and one extended battery. I've been using the larger one because it lifts the rear of the laptop up in the air and I thought it would be good for ventilation. Just checked both batteries on HP's site, it said that these were not affected. (I did, in the past, get a few emails from HP about this program and that my batteries might be affected...)=================================================================================================================================================== Uninstalled the peripheral bluetooth devices. What I found was: HP Integrated Module with Bluetooth wireless technology by Broadcom. HCI version 3.8489 LMP version 3.16847=========================================================================================================================== Did the next steps you suggested. Plugged in without the battery. The first time, HP came on but there were no prompts at the bottom whatsoever. Had to manually shut it down. The second time after it went to HP screen, when I clicked on ESC, the laptop turned off. The third time, everything was the same as before. When I was looking for sounds and LED lights -- no LED lights came on, the fan sound was the same as always. When it goes from HP to Windows, the fan gets a lot louder. That happens always (lately). ENTER still doesn't work.================================================================================================================================================ Thinking of reinstalling Windows. Going to follow your steps for back up, unless I hear otherwise. Thanks, CompCav!
  • 0

#114
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
When you boot up on Puppy Linux in Step 4 please let me know what of the symptoms during startup are eliminated and which ones stay. That will help sort out what will likely be cured by a reinstall and what is hardware related that we will need to address after the reinstall.

Regards,

CompCav
  • 0

#115
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
We should also check temperatures for your computer.

Before running any other tools do this:

Reason to look here is the fan behavior on start up the cooling system maybe compromised.


Download Speedfan and install it.

Once it's installed, run the program by right clicking it and run as administrator and post here the information it shows.
The information I want you to post is the stuff that is circled in the example picture (especially the tempereatures) I have attached.

Posted Image

If the temperatures are hot we can cool it with using a cooling pad (TJ Max or Big Lots has them for $10 or less) and is some cases use speedfan and set fans to automatic speed control.
  • 0

Advertisements


#116
Sophia L

Sophia L

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 117 posts
Hi, CompCav. Here are the temperatures. For some reason, those are the only values I got. The other two things you circled did not show up. ===========================
GPU 60C
HDO 48C
TEMP1 59C
CORE 0 57C
CORE 1 56c

Haven't done Puppy Linux or backup yet. Thanks. Going to do it now. Should I do anything else or redo the temperatures in a different way, to get the other two things you wanted? THANK!
  • 0

#117
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts

Should I do anything else or redo the temperatures in a different way, to get the other two things you wanted?

No the critical data is the temps and on some machines the other does not show. :thumbsup:

Temps over 50 are high so you may want to do this:

Could you clean out your computer following these steps

Laptop

Once done let me know of any improvement.

Also a cool pad will help with your computer.

After cleaning would be good to run the Linux disk.

Regards,

CompCav
  • 0

#118
Sophia L

Sophia L

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 117 posts
Did a complete reinstall. Followed all directions. The only thing I didn't do was the unscrewing the back to clean the fan.

Absolutely NOTHING has changed... Goes to HP screen only, have to press ESC. to get to Windows, plus the rest of the list that I recited many times. Very disappointing... :(
  • 0

#119
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
OK this sounds like all hardware related issues. But to test that please boot up on the Puppy Linux disk and see if the hardware symptoms are the same.
  • 0

#120
Sophia L

Sophia L

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 117 posts
I don't understand why booting to HP only would be a hardware issue. Same question about the task manager. Why merely turning on the task manager gives me back control over clicking on something? Why would that be a hardware issue?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP