Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Repeated Intermittent Episodes of Runaway Disk Activity


  • Please log in to reply

#1
britechguy

britechguy

    Member

  • Member
  • PipPipPip
  • 221 posts

For some months how I have been having intermittent episodes where the disc activity light goes absolutely solid, no flickering at all, and the system slows to a crawl.  Typically the only thing I can do to cure it is to shutdown and restart.

 

I have also tried selectively closing programs to see if that resolves it.  Yesterday I exited all programs but Firefox.  This did not cure the problem immediately, but I needed to go out for several hours so left the computer running to see if this would resolve itself.  At some point it eventually did.

 

What I'd like to know is whether there is a reasonably easy way to ferret out what is causing this disk activity.   It can and does start sometimes when I'm doing nothing at all.  In virtually all cases I'm not doing anything out of the ordinary or disk intensive when the episodes start.

 

If anyone can tell me what I can do to at least figure out the root cause of this madness I would appreciate that.

 

The system in question is:    Asus K50IJ

                                             Win7 Home Premium 64-bit, SP1

 

I've also attached a snapshot of the pertinent area of the System Properties dialog.

ASUS_System_Config.jpg


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,024 posts
  • MVP
Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute or until it starts to slow down then:
 
File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

  • 0

#3
britechguy

britechguy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 221 posts

Thanks.   I have it running now.  I only wish I'd gotten it started a few minutes earlier because I just missed the last incident.

 

It may be hours to days until the next, but I'll post the log file contents you've requested once I can snag the info when the problem is occurring.


  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,024 posts
  • MVP

Let's do a log now for a baseline.


  • 0

#5
britechguy

britechguy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 221 posts

The baseline log is below.  I do want to note that I've checked CPU usage on many occasions when this is happening and it's generally well within normal limits.  That's what's the most confusing.

 

OK,  Here it is:

 

---------------------------------------------------------------------------------------

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
System Idle Process    64.50    0 K    24 K    0            
chrome.exe    16.72    124,024 K    128,600 K    5096    Google Chrome    Google Inc.    (Verified) Google Inc
procexp64.exe    4.19    31,652 K    56,984 K    4336    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Sysinternals
audiodg.exe    3.10    22,508 K    23,628 K    6972    Windows Audio Device Graph Isolation     Microsoft Corporation    (Verified) Microsoft Windows
chrome.exe    1.68    120,916 K    149,696 K    4116    Google Chrome    Google Inc.    (Verified) Google Inc
Interrupts    1.34    0 K    0 K    n/a    Hardware Interrupts and DPCs        
chrome.exe    1.23    161,496 K    159,224 K    2208    Google Chrome    Google Inc.    (Verified) Google Inc
dwm.exe    1.17    60,892 K    45,880 K    2928    Desktop Window Manager    Microsoft Corporation    (Verified) Microsoft Windows
ETDCtrl.exe    1.00    3,280 K    8,556 K    2816    ETD Control Center    ELAN Microelectronic Corp.    (Verified) Microsoft Windows Hardware Compatibility Publisher
chrome.exe    0.58    133,868 K    129,792 K    6700    Google Chrome    Google Inc.    (Verified) Google Inc
csrss.exe    0.46    3,092 K    29,332 K    992    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows
System    0.38    124 K    336 K    4            
chrome.exe    0.30    126,124 K    128,136 K    6168    Google Chrome    Google Inc.    (Verified) Google Inc
zdclient.exe    0.29    64,784 K    69,596 K    1384        Mozilla Foundation    (No signature was present in the subject) Mozilla Foundation
FastBootAgent.exe    0.27    74,848 K    74,360 K    1360    ASUS FastBoot    ASUSTeK Computer Inc.    (Verified) ASUSTeK Computer Inc.
svchost.exe    0.25    29,980 K    25,676 K    940    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
networx.exe    0.24    17,132 K    18,744 K    3764    NetWorx Application (64-bit)    SoftPerfect Research    (Verified) SOFTPERFECT PTY. LTD.
PSUAMain.exe    0.22    13,008 K    588 K    3556    PSUAMain    Panda Security, S.L.    (Verified) Panda Security S.L
explorer.exe    0.17    32,212 K    51,568 K    3032    Windows Explorer    Microsoft Corporation    (Verified) Microsoft Windows
SDWSCSvc.exe    0.16    5,508 K    8,540 K    2804    Windows Security Center integration.    Safer-Networking Ltd.    (Verified) Safer Networking Ltd.
chrome.exe    0.16    30,064 K    28,356 K    1196    Google Chrome    Google Inc.    (Verified) Google Inc
SDTray.exe    0.16    17,544 K    17,872 K    4772    Spybot - Search & Destroy tray access    Safer-Networking Ltd.    (Verified) Safer Networking Ltd.
RtWLan.exe    0.15    9,256 K    11,180 K    2496    RtWLan    Realtek Semiconductor Corp.    (No signature was present in the subject) Realtek Semiconductor Corp.
svchost.exe    0.12    20,784 K    30,276 K    1144    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
SDFSSvc.exe    0.11    31,096 K    14,168 K    2532    Spybot-S&D 2 Scanner Service    Safer-Networking Ltd.    (Verified) Safer Networking Ltd.
chrome.exe    0.10    56,004 K    61,216 K    4896    Google Chrome    Google Inc.    (Verified) Google Inc
svchost.exe    0.10    149,828 K    155,324 K    1048    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
chrome.exe    0.10    106,084 K    94,664 K    3712    Google Chrome    Google Inc.    (Verified) Google Inc
SwUSB.exe    0.08    8,388 K    12,160 K    2540    Switch USB2.0/USB3.0 for WinXP SP2+ ~ Win8.1    Realtek    (No signature was present in the subject) Realtek
chrome.exe    0.07    35,804 K    35,504 K    2600    Google Chrome    Google Inc.    (Verified) Google Inc
chrome.exe    0.07    44,016 K    40,304 K    4012    Google Chrome    Google Inc.    (Verified) Google Inc
services.exe    0.05    6,004 K    10,368 K    232    Services and Controller app    Microsoft Corporation    (Verified) Microsoft Windows
googletalkplugin.exe    0.05    10,616 K    14,920 K    7368    Hangouts Plugin    Google    (Verified) Google Inc
svchost.exe    0.04    4,476 K    7,308 K    780    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
SDUpdSvc.exe    0.04    8,624 K    10,424 K    2148    Spybot-S&D 2 Background update service    Safer-Networking Ltd.    (Verified) Safer Networking Ltd.
chrome.exe    0.04    63,784 K    62,800 K    5112    Google Chrome    Google Inc.    (Verified) Google Inc
zdesktop.exe    0.04    230,760 K    148,260 K    5404            (Certificate expired)
chrome.exe    0.04    102,088 K    100,096 K    3336    Google Chrome    Google Inc.    (Verified) Google Inc
flux.exe    0.03    40,208 K    12,796 K    3720    f.lux    Flux Software LLC    (Verified) Michael Herf
chrome.exe    0.03    52,208 K    51,664 K    5548    Google Chrome    Google Inc.    (Verified) Google Inc
chrome.exe    0.02    111,836 K    109,412 K    6196    Google Chrome    Google Inc.    (Verified) Google Inc
firefox.exe    0.02    432,588 K    421,452 K    5848    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
lsm.exe    0.02    2,452 K    3,876 K    392    Local Session Manager Service    Microsoft Corporation    (Verified) Microsoft Windows
VDECK.EXE    0.01    11,364 K    11,036 K    4536    VIA HD Audio CPL    VIA    (No signature was present in the subject) VIA
wmpnetwk.exe    0.01    14,400 K    16,244 K    5448    Windows Media Player Network Sharing Service    Microsoft Corporation    (Verified) Microsoft Windows
CNMNSST.exe    0.01    1,776 K    5,516 K    2460    Canon IJ Network Scanner Selector EX    CANON INC.    (Verified) Canon Inc.
svchost.exe    0.01    41,624 K    19,092 K    3828    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
csrss.exe    0.01    2,224 K    4,372 K    908    Client Server Runtime Process    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
chrome.exe    0.01    57,576 K    60,288 K    6628    Google Chrome    Google Inc.    (Verified) Google Inc
BatteryLife.exe    0.01    2,696 K    528 K    2872    Power4Gear Hybrid    ATK    (Verified) ASUSTeK Computer Inc.
taskhost.exe    0.01    7,648 K    10,240 K    2700    Host Process for Windows Tasks    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    < 0.01    11,996 K    18,380 K    1080    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
chrome.exe    < 0.01    42,028 K    40,580 K    6436    Google Chrome    Google Inc.    (Verified) Google Inc
svchost.exe    < 0.01    11,984 K    15,044 K    6124    Host Process for Windows Services    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
chrome.exe    < 0.01    68,916 K    71,524 K    464    Google Chrome    Google Inc.    (Verified) Google Inc
chrome.exe    < 0.01    48,620 K    55,000 K    4316    Google Chrome    Google Inc.    (Verified) Google Inc
chrome.exe    < 0.01    43,876 K    46,756 K    4248    Google Chrome    Google Inc.    (Verified) Google Inc
lsass.exe    < 0.01    6,280 K    12,420 K    372    Local Security Authority Process    Microsoft Corporation    (Verified) Microsoft Windows
chrome.exe    < 0.01    39,332 K    45,352 K    6776    Google Chrome    Google Inc.    (Verified) Google Inc
SearchIndexer.exe    < 0.01    37,784 K    22,796 K    4872    Microsoft Windows Search Indexer    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    < 0.01    21,196 K    15,056 K    1388    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
PSANHost.exe    < 0.01    104,236 K    19,780 K    2256    Application Host Service    Panda Security, S.L.    (Verified) Panda Security S.L
WLIDSVC.EXE    < 0.01    6,880 K    10,892 K    2336    Microsoft® Windows Live ID Service    Microsoft Corp.    (Verified) Microsoft Corporation
chrome.exe    < 0.01    57,728 K    61,100 K    6956    Google Chrome    Google Inc.    (Verified) Google Inc
Everything.exe    < 0.01    23,728 K    27,848 K    3552    Everything        (No signature was present in the subject)
svchost.exe    < 0.01    8,576 K    6,940 K    2244    Host Process for Windows Services    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
wcourier.exe    < 0.01    2,852 K    1,284 K    2884    Wireless Console 3        (No signature was present in the subject)
HControl.exe    < 0.01    6,292 K    6,724 K    2948    HControl    ASUS    (Verified) ASUSTeK Computer Inc.
WUDFHost.exe        1,892 K    4,020 K    4232    Windows Driver Foundation - User-mode Driver Framework Host Process    Microsoft Corporation    (Verified) Microsoft Windows
WmiPrvSE.exe        2,904 K    6,220 K    3296    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
WLIDSVCM.EXE        1,220 K    2,676 K    3180    Microsoft® Windows Live ID Service Monitor    Microsoft Corp.    (Verified) Microsoft Corporation
wlanext.exe        1,964 K    4,676 K    1492    Windows Wireless LAN 802.11 Extensibility Framework    Microsoft Corporation    (Verified) Microsoft Windows
winlogon.exe        2,832 K    5,836 K    404    Windows Logon Application    Microsoft Corporation    (Verified) Microsoft Windows
wininit.exe        1,464 K    3,816 K    980    Windows Start-Up Application    Microsoft Corporation    (Verified) Microsoft Windows
WDC.exe        1,344 K    4,804 K    3464    WDC    ASUS    (Verified) ASUSTeK Computer Inc.
taskeng.exe        2,352 K    5,904 K    2820    Task Scheduler Engine    Microsoft Corporation    (Verified) Microsoft Windows
taskeng.exe        1,732 K    4,764 K    1840    Task Scheduler Engine    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        7,668 K    13,864 K    1724    Host Process for Windows Services    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
svchost.exe        4,256 K    7,632 K    516    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        14,416 K    12,292 K    1704    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        2,480 K    4,796 K    1248    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        2,224 K    4,652 K    5056    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
spoolsv.exe        11,612 K    12,128 K    1676    Spooler SubSystem App    Microsoft Corporation    (Verified) Microsoft Windows
smss.exe        444 K    1,020 K    800    Windows Session Manager    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
runSW.exe        1,396 K    3,756 K    2488            (No signature was present in the subject)
RtlService.exe        1,328 K    3,736 K    2412    RtlService MFC Application    Realtek    (Verified) Realtek Semiconductor Corp
PSUAService.exe        7,072 K    336 K    2348    PSUAService    Panda Security, S.L.    (Verified) Panda Security S.L
procexp.exe        2,312 K    7,312 K    4308    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
KBFiltr.exe        1,068 K    3,696 K    3456    KBFiltr    ASUS    (Verified) ASUSTeK Computer Inc.
igfxtray.exe        2,300 K    4,868 K    3268    igfxTray Module    Intel Corporation    (Verified) Microsoft Windows Hardware Compatibility Publisher
hkcmd.exe        2,808 K    8,256 K    4040    hkcmd Module    Intel Corporation    (Verified) Intel Corporation
HControlUser.exe        868 K    3,096 K    4724    HControlUser    ASUS    (Verified) ASUSTeK Computer Inc.
GoogleUpdate.exe        2,044 K    528 K    4396    Google Installer    Google Inc.    (Verified) Google Inc
GoogleCrashHandler64.exe        1,704 K    528 K    5364    Google Crash Handler    Google Inc.    (Verified) Google Inc
GoogleCrashHandler.exe        1,680 K    528 K    2132    Google Crash Handler    Google Inc.    (Verified) Google Inc
GFNEXSrv.exe        948 K    2,944 K    1560    GFNEXSrv        (No signature was present in the subject)
E_S40STB.EXE        1,324 K    3,020 K    1940    EPSON Status Monitor 3    SEIKO EPSON CORPORATION    (Verified) Microsoft Windows Hardware Compatibility Publisher
E_S40RPB.EXE        1,168 K    2,524 K    1212    EPSON Status Monitor 3    SEIKO EPSON CORPORATION    (Verified) Microsoft Windows Hardware Compatibility Publisher
DMedia.exe        1,016 K    3,592 K    4988    ATK Media    ASUS    (No signature was present in the subject) ASUS
dllhost.exe        2,428 K    7,108 K    5184    COM Surrogate    Microsoft Corporation    (Verified) Microsoft Windows
Crypserv.exe        2,396 K    4,208 K    1852    CrypKey NT Service    CrypKey (Canada) Ltd.    (No signature was present in the subject) CrypKey (Canada) Ltd.
ControlDeckStartUp.exe        41,660 K    528 K    2864    ControlDeckStartUp        (Verified) ASUSTeK Computer Inc.
conhost.exe        896 K    2,292 K    1516    Console Window Host    Microsoft Corporation    (Verified) Microsoft Windows
CISVC.EXE        1,516 K    236 K    1820    Content Index service    Microsoft Corporation    (Verified) Microsoft Windows
chrome.exe        34,196 K    37,476 K    4628    Google Chrome    Google Inc.    (Verified) Google Inc
chrome.exe        25,308 K    20,520 K    2984    Google Chrome    Google Inc.    (Verified) Google Inc
chrome.exe        36,940 K    36,508 K    3696    Google Chrome    Google Inc.    (Verified) Google Inc
chrome.exe        83,632 K    85,532 K    6584    Google Chrome    Google Inc.    (Verified) Google Inc
chrome.exe        108,264 K    104,132 K    6560    Google Chrome    Google Inc.    (Verified) Google Inc
chrome.exe        66,612 K    68,444 K    6820    Google Chrome    Google Inc.    (Verified) Google Inc
chrome.exe        41,436 K    45,708 K    3540    Google Chrome    Google Inc.    (Verified) Google Inc
chrome.exe        37,492 K    37,204 K    7144    Google Chrome    Google Inc.    (Verified) Google Inc
chrome.exe        46,424 K    48,912 K    4580    Google Chrome    Google Inc.    (Verified) Google Inc
chrome.exe        38,076 K    40,956 K    6156    Google Chrome    Google Inc.    (Verified) Google Inc
chrome.exe        38,360 K    40,820 K    1316    Google Chrome    Google Inc.    (Verified) Google Inc
chrome.exe        53,312 K    57,104 K    5888    Google Chrome    Google Inc.    (Verified) Google Inc
chrome.exe        11,428 K    12,068 K    7312    Google Chrome    Google Inc.    (Verified) Google Inc
Atouch64.exe        1,440 K    5,096 K    2956    Atouch64        (Verified) ASUSTeK Computer Inc.
ATKOSD2.exe        1,272 K    4,536 K    4824    ATKOSD2    ASUS    (Verified) ASUSTeK Computer Inc.
ATKOSD.exe        860 K    3,180 K    3440    ATKOSD    ASUS    (Verified) ASUSTeK Computer Inc.
AsLdrSrv.exe        1,064 K    3,528 K    1468    ASLDR Service    ASUS    (Verified) ASUSTeK Computer Inc.
armsvc.exe        1,156 K    3,556 K    1780    Adobe Acrobat Update Service    Adobe Systems Incorporated    (Verified) Adobe Systems
AmIcoSinglun64.exe        1,908 K    5,464 K    4016    Single LUN Icon Utility for VID 058F PID 6366    AlcorMicro Co., Ltd.    (No signature was present in the subject) AlcorMicro Co., Ltd.
AgentSvc.exe        9,980 K    14,628 K    2300    Agent Service    Panda Security, S.L.    (Verified) Panda Security S.L
 


  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,024 posts
  • MVP

Even your baseline looks ugly.  We normally see System Idle at over 90 %.  What is Chrome doing that it needs 16.72 % of the CPU's time?

 

I'm wondering if one of your search programs is periodically indexing the drive.  I  see you have two running:

 

SearchIndexer.exe    
Everything.exe     

 

I have never used Everything but I always turn off Windows Search because I don't need it.  If you use Everything then you should stop the Windows Search service.


  • 0

#7
britechguy

britechguy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 221 posts

I have never understood Chrome's program structure.   I have no idea why it runs as many processes as it does.  Still, I'm not complaining about "normal performance" and this is "normal performance."

 

The use of Everything along with Windows Search is intentional.  Everything is my primary tool since I have always given files meaningful names and search more on filename than anything else.  However, I have a number of files, mostly PDFs, that are downloaded and that I cannot change the names on that I occasionally need to search on content in the file.  Everything can't do that and it's essential that I have that capability.

 

If it turns out that Chrome is what's hijacking the disk drive it will go.  But I have repeatedly tried exiting specific programs to see if that fixes the issue, but it hasn't so far.  I even once turned off Windows indexing and that didn't fix it.

 

Normally I can figure out what program is causing this kind of behavior and, when I do, get rid of it.  There's been no such luck this time.


  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,024 posts
  • MVP

I don't think it's Chrome per se.  Probably some add on or extension or a sign of its bad health is causing the CPU hogging.  I have 6 tabs open and the busiest Chrome entry in Process Explorer is only a little over 1%.  

 

For your original problem, let's see if it left any errors:

 

 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.

  • 0

#9
britechguy

britechguy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 221 posts

I have very few extensions in Chrome: Adblock Plus, Ghostery, HTTPS Everywhere, Application Launcher for Google Drive, Google Hangouts, & Shoot the Cookies by McVitie's.   I also had Chromecast and Cisco WebEx, but removed both of those to see if it would make any difference - it didn't.  I need to put Chromecast back.

 

SYSTEM LOG:

--------------------------------------------------------------------------------------

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 01/02/2015 3:09:06 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 31/01/2015 3:36:35 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 25/12/2014 12:15:13 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 11/12/2014 4:20:04 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 24/11/2014 2:23:30 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 17/11/2014 10:21:13 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 07/11/2014 3:08:39 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 23/10/2014 5:20:12 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 23/10/2014 4:37:58 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 17/10/2014 11:35:56 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 16/10/2014 11:03:15 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 15/10/2014 1:19:44 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 06/10/2014 11:14:49 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 02/10/2014 4:34:50 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 23/09/2014 5:31:58 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 25/08/2014 5:27:53 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 28/07/2014 8:26:54 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 01/02/2015 6:26:41 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 01/02/2015 6:26:35 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 01/02/2015 6:26:01 PM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Realtek DHCP Service service terminated unexpectedly.  It has done this 1 time(s).

Log: 'System' Date/Time: 01/02/2015 6:25:53 PM
Type: Error Category: 0
Event: 7006 Source: Service Control Manager
The ScRegSetValueExW call failed for FailureActions with the following error:  Access is denied.

Log: 'System' Date/Time: 01/02/2015 6:25:33 PM
Type: Error Category: 0
Event: 4 Source: Microsoft-Windows-Time-Service
The time provider 'VMICTimeProvider' failed to start due to the following error: The specified module could not be found. (0x8007007E)

Log: 'System' Date/Time: 01/02/2015 6:25:16 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Garmin Core Update Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 01/02/2015 6:25:16 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.

Log: 'System' Date/Time: 01/02/2015 6:15:21 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 01/02/2015 6:14:29 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 01/02/2015 6:04:22 AM
Type: Error Category: 0
Event: 36 Source: volsnap
The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Log: 'System' Date/Time: 31/01/2015 3:39:20 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 31/01/2015 3:38:33 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 31/01/2015 3:38:21 PM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Realtek DHCP Service service terminated unexpectedly.  It has done this 1 time(s).

Log: 'System' Date/Time: 31/01/2015 3:37:33 PM
Type: Error Category: 0
Event: 4 Source: Microsoft-Windows-Time-Service
The time provider 'VMICTimeProvider' failed to start due to the following error: The specified module could not be found. (0x8007007E)

Log: 'System' Date/Time: 31/01/2015 3:37:26 PM
Type: Error Category: 0
Event: 7006 Source: Service Control Manager
The ScRegSetValueExW call failed for FailureActions with the following error:  Access is denied.

Log: 'System' Date/Time: 31/01/2015 3:37:11 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Garmin Core Update Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 31/01/2015 3:37:11 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.

Log: 'System' Date/Time: 31/01/2015 3:36:58 PM
Type: Error Category: 0
Event: 1001 Source: Microsoft-Windows-WER-SystemErrorReporting
The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000c5 (0xfffff880089c1403, 0x0000000000000002, 0x0000000000000000, 0xfffff80002fb09fa). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 013115-22947-01.

Log: 'System' Date/Time: 31/01/2015 3:36:49 PM
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 10:35:20 AM on ?1/?31/?2015 was unexpected.

Log: 'System' Date/Time: 31/01/2015 2:56:09 PM
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The Windows Update service hung on starting.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 01/02/2015 6:26:09 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_MULTIPLE&PROD_CARD_READER&REV_1.00#058F63666433&0#.

Log: 'System' Date/Time: 01/02/2015 6:25:12 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 31/01/2015 3:38:29 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_MULTIPLE&PROD_CARD_READER&REV_1.00#058F63666433&0#.

Log: 'System' Date/Time: 31/01/2015 3:36:55 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 31/01/2015 2:51:00 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_MULTIPLE&PROD_CARD_READER&REV_1.00#058F63666433&0#.

Log: 'System' Date/Time: 31/01/2015 2:48:39 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 31/01/2015 3:14:07 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name clients4.google.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 30/01/2015 1:13:53 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name washingtonpost.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 29/01/2015 4:37:39 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_MULTIPLE&PROD_CARD_READER&REV_1.00#058F63666433&0#.

Log: 'System' Date/Time: 29/01/2015 4:36:27 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 28/01/2015 2:18:36 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_MULTIPLE&PROD_CARD_READER&REV_1.00#058F63666433&0#.

Log: 'System' Date/Time: 28/01/2015 2:17:43 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 27/01/2015 1:57:00 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name Bpv-dx442b.home timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 27/01/2015 1:56:26 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_MULTIPLE&PROD_CARD_READER&REV_1.00#058F63666433&0#.

Log: 'System' Date/Time: 27/01/2015 1:55:32 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 27/01/2015 1:53:58 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 27/01/2015 1:53:57 AM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\Windows\system32\Rtlihvs.dll

Log: 'System' Date/Time: 26/01/2015 8:40:11 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name api.echoenabled.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 26/01/2015 8:39:04 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name accounts.google.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 26/01/2015 8:38:59 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name zrxsbkdgiwnybh.home timed out after none of the configured DNS servers responded.
 

--------------------------------------------------------------------------------------

 

APPLICATION LOG:

--------------------------------------------------------------------------------------

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 01/02/2015 3:13:40 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 31/01/2015 6:10:11 AM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "c:\program files\CCleaner\CCleaner.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Log: 'Application' Date/Time: 31/01/2015 12:41:24 AM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "c:\program files\CCleaner\CCleaner.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Log: 'Application' Date/Time: 29/01/2015 5:50:04 AM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "c:\program files\CCleaner\CCleaner.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Log: 'Application' Date/Time: 28/01/2015 7:33:05 AM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "c:\program files\CCleaner\CCleaner.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Log: 'Application' Date/Time: 27/01/2015 10:53:59 PM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "c:\program files\CCleaner\CCleaner.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Log: 'Application' Date/Time: 26/01/2015 6:16:22 AM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "c:\program files\CCleaner\CCleaner.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Log: 'Application' Date/Time: 25/01/2015 10:11:26 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: plugin-container.exe, version: 35.0.0.5486, time stamp: 0x54af7153 Faulting module name: mozalloc.dll, version: 35.0.0.5486, time stamp: 0x54af69d4 Exception code: 0x80000003 Fault offset: 0x00001425 Faulting process id: 0x1610 Faulting application start time: 0x01d038dfccc7103c Faulting application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting module path: C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll Report Id: 1a3a7271-a4df-11e4-bf9c-485b3981ae02

Log: 'Application' Date/Time: 25/01/2015 10:11:16 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: plugin-container.exe, version: 35.0.0.5486, time stamp: 0x54af7153 Faulting module name: mozalloc.dll, version: 35.0.0.5486, time stamp: 0x54af69d4 Exception code: 0x80000003 Fault offset: 0x00001425 Faulting process id: 0x15cc Faulting application start time: 0x01d03775e596cf50 Faulting application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting module path: C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll Report Id: 149fe2df-a4df-11e4-bf9c-485b3981ae02

Log: 'Application' Date/Time: 25/01/2015 10:11:09 PM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program firefox.exe version 35.0.0.5486 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.  Process ID: 8f4  Start Time: 01d03775ccd96b21  Termination Time: 40212  Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Report Id: bea00253-a4de-11e4-bf9c-485b3981ae02

Log: 'Application' Date/Time: 25/01/2015 7:36:52 PM
Type: Error Category: 0
Event: 1 Source: Chrome
The event description cannot be found.

Log: 'Application' Date/Time: 25/01/2015 6:03:07 AM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "c:\program files\CCleaner\CCleaner.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Log: 'Application' Date/Time: 24/01/2015 6:07:20 AM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "c:\program files\CCleaner\CCleaner.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Log: 'Application' Date/Time: 24/01/2015 1:19:30 AM
Type: Error Category: 3
Event: 7010 Source: Microsoft-Windows-Search
The index cannot be initialized.

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)


Log: 'Application' Date/Time: 24/01/2015 1:19:30 AM
Type: Error Category: 3
Event: 3058 Source: Microsoft-Windows-Search
The application cannot be initialized.

Context: Windows Application

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)


Log: 'Application' Date/Time: 24/01/2015 1:19:30 AM
Type: Error Category: 3
Event: 3028 Source: Microsoft-Windows-Search
The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)


Log: 'Application' Date/Time: 24/01/2015 1:19:29 AM
Type: Error Category: 3
Event: 3029 Source: Microsoft-Windows-Search
The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)


Log: 'Application' Date/Time: 24/01/2015 1:19:28 AM
Type: Error Category: 3
Event: 3029 Source: Microsoft-Windows-Search
The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)


Log: 'Application' Date/Time: 24/01/2015 1:19:28 AM
Type: Error Category: 1
Event: 9002 Source: Microsoft-Windows-Search
The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)


Log: 'Application' Date/Time: 24/01/2015 1:19:28 AM
Type: Error Category: 3
Event: 7042 Source: Microsoft-Windows-Search
The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)


Log: 'Application' Date/Time: 24/01/2015 1:19:28 AM
Type: Error Category: 3
Event: 7040 Source: Microsoft-Windows-Search
The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 01/02/2015 6:15:43 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   16 user registry handles leaked from \Registry\User\S-1-5-21-3700817450-263443993-1340972289-1001:
Process 3052 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001
Process 3052 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001
Process 3052 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001
Process 3052 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001
Process 1624 (\Device\HarddiskVolume2\Windows\SysWOW64\Fast Boot\FastBootAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001
Process 3052 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 3052 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\trust
Process 3052 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\My
Process 3052 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\TrustedPeople
Process 3052 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\CA
Process 3052 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Policies\Microsoft\SystemCertificates
Process 3052 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Policies\Microsoft\SystemCertificates
Process 3052 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Policies\Microsoft\SystemCertificates
Process 3052 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Policies\Microsoft\SystemCertificates
Process 3052 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\Root
Process 3052 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\Disallowed


Log: 'Application' Date/Time: 01/02/2015 1:01:19 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-RPC-Events
Possible Memory Leak.  Application (C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted) (PID: 1052) has passed a non-NULL pointer to RPC for an [out] parameter marked [allocate(all_nodes)].  [allocate(all_nodes)] parameters are always reallocated; if the original pointer contained the address of valid memory, that memory will be leaked.  The call originated on the interface with UUID ({3F31C91E-2545-4B7B-9311-9529E8BFFEF6}), Method number (20).  User Action: Contact your application vendor for an updated version of the application.

Log: 'Application' Date/Time: 31/01/2015 3:04:13 PM
Type: Warning Category: 3
Event: 10023 Source: Microsoft-Windows-Search
The protocol host process 5560 did not respond and is being forcibly terminated {filter host process 3220}.


Log: 'Application' Date/Time: 31/01/2015 2:45:25 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   1 user registry handles leaked from \Registry\User\S-1-5-21-3700817450-263443993-1340972289-1001_Classes:
Process 5380 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001_CLASSES


Log: 'Application' Date/Time: 31/01/2015 2:45:14 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   42 user registry handles leaked from \Registry\User\S-1-5-21-3700817450-263443993-1340972289-1001:
Process 2352 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001
Process 2352 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001
Process 2352 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001
Process 2352 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001
Process 520 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001
Process 520 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001
Process 520 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001
Process 1324 (\Device\HarddiskVolume2\Windows\SysWOW64\Fast Boot\FastBootAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001
Process 2308 (\Device\HarddiskVolume2\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001
Process 2308 (\Device\HarddiskVolume2\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001
Process 2308 (\Device\HarddiskVolume2\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001
Process 2308 (\Device\HarddiskVolume2\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001
Process 5380 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001
Process 520 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2308 (\Device\HarddiskVolume2\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2352 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 520 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\trust
Process 2308 (\Device\HarddiskVolume2\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\trust
Process 2352 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\trust
Process 2352 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\My
Process 520 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\My
Process 2308 (\Device\HarddiskVolume2\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\My
Process 2308 (\Device\HarddiskVolume2\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\TrustedPeople
Process 2352 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\TrustedPeople
Process 520 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\CA
Process 2308 (\Device\HarddiskVolume2\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\CA
Process 2352 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\CA
Process 2352 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Policies\Microsoft\SystemCertificates
Process 2352 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Policies\Microsoft\SystemCertificates
Process 520 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Policies\Microsoft\SystemCertificates
Process 2308 (\Device\HarddiskVolume2\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Policies\Microsoft\SystemCertificates
Process 2308 (\Device\HarddiskVolume2\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Policies\Microsoft\SystemCertificates
Process 2308 (\Device\HarddiskVolume2\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Policies\Microsoft\SystemCertificates
Process 2308 (\Device\HarddiskVolume2\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Policies\Microsoft\SystemCertificates
Process 2352 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Policies\Microsoft\SystemCertificates
Process 2352 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Policies\Microsoft\SystemCertificates
Process 520 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\Root
Process 2308 (\Device\HarddiskVolume2\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\Root
Process 2352 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\Root
Process 520 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\Disallowed
Process 2308 (\Device\HarddiskVolume2\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\Disallowed
Process 2352 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\Disallowed


Log: 'Application' Date/Time: 29/01/2015 4:32:38 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   35 user registry handles leaked from \Registry\User\S-1-5-21-3700817450-263443993-1340972289-1001:
Process 3108 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001
Process 3108 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001
Process 3108 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001
Process 3108 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001
Process 368 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001
Process 368 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001
Process 368 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001
Process 368 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001
Process 368 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001
Process 368 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001
Process 1476 (\Device\HarddiskVolume2\Windows\SysWOW64\Fast Boot\FastBootAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001
Process 3108 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 368 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 3108 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\trust
Process 368 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\trust
Process 3108 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\My
Process 368 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\My
Process 368 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\My
Process 3108 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\TrustedPeople
Process 368 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\TrustedPeople
Process 3108 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\CA
Process 368 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\CA
Process 368 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\CA
Process 368 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Policies\Microsoft\SystemCertificates
Process 368 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Policies\Microsoft\SystemCertificates
Process 368 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Policies\Microsoft\SystemCertificates
Process 3108 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Policies\Microsoft\SystemCertificates
Process 3108 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Policies\Microsoft\SystemCertificates
Process 3108 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Policies\Microsoft\SystemCertificates
Process 3108 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Policies\Microsoft\SystemCertificates
Process 3108 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\Root
Process 368 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\Root
Process 3108 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\Disallowed
Process 368 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\Disallowed
Process 368 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\Disallowed


Log: 'Application' Date/Time: 28/01/2015 2:27:11 AM
Type: Warning Category: 0
Event: 2 Source: WSH
Zimbra Desktop: ZD service not running

Log: 'Application' Date/Time: 28/01/2015 2:27:11 AM
Type: Warning Category: 0
Event: 2 Source: WSH
Zimbra Desktop: ZD shutdown completed, ready to start new instance

Log: 'Application' Date/Time: 28/01/2015 2:27:11 AM
Type: Warning Category: 0
Event: 2 Source: WSH
Zimbra Desktop: ZD service shutdown may be in progress

Log: 'Application' Date/Time: 28/01/2015 2:13:03 AM
Type: Warning Category: 0
Event: 6006 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Profiles> took 72 second(s) to handle the notification event (Logoff).

Log: 'Application' Date/Time: 28/01/2015 2:12:51 AM
Type: Warning Category: 0
Event: 6005 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Profiles> is taking long time to handle the notification event (Logoff).

Log: 'Application' Date/Time: 27/01/2015 4:53:38 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <iehistory://{S-1-5-18}/> cannot be accessed.

Context:  Application, SystemIndex Catalog

Details:
    (HRESULT : 0x80004005) (0x80004005)


Log: 'Application' Date/Time: 27/01/2015 4:53:37 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <iehistory://{S-1-5-21-3700817450-263443993-1340972289-1003}/> cannot be accessed.

Context:  Application, SystemIndex Catalog

Details:
    (HRESULT : 0x80004005) (0x80004005)


Log: 'Application' Date/Time: 27/01/2015 4:53:37 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <ONEINDEX14://{S-1-5-21-3700817450-263443993-1340972289-1001}/> cannot be accessed.

Context:  Application, SystemIndex Catalog

Details:
    (HRESULT : 0x80004005) (0x80004005)


Log: 'Application' Date/Time: 27/01/2015 1:53:42 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   1 user registry handles leaked from \Registry\User\S-1-5-21-3700817450-263443993-1340972289-1001:
Process 1424 (\Device\HarddiskVolume2\Windows\SysWOW64\Fast Boot\FastBootAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001


Log: 'Application' Date/Time: 26/01/2015 6:41:25 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <iehistory://{S-1-5-18}/> cannot be accessed.

Context:  Application, SystemIndex Catalog

Details:
    (HRESULT : 0x80004005) (0x80004005)


Log: 'Application' Date/Time: 26/01/2015 6:41:25 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <iehistory://{S-1-5-21-3700817450-263443993-1340972289-1003}/> cannot be accessed.

Context:  Application, SystemIndex Catalog

Details:
    (HRESULT : 0x80004005) (0x80004005)


Log: 'Application' Date/Time: 26/01/2015 6:41:23 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <ONEINDEX14://{S-1-5-21-3700817450-263443993-1340972289-1001}/> cannot be accessed.

Context:  Application, SystemIndex Catalog

Details:
    (HRESULT : 0x80004005) (0x80004005)


Log: 'Application' Date/Time: 25/01/2015 11:40:44 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   7 user registry handles leaked from \Registry\User\S-1-5-21-3700817450-263443993-1340972289-1001:
Process 1124 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001
Process 488 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001
Process 488 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001
Process 756 (\Device\HarddiskVolume2\Windows\SysWOW64\Fast Boot\FastBootAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001
Process 488 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\My
Process 488 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\CA
Process 488 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\Disallowed


Log: 'Application' Date/Time: 25/01/2015 11:29:53 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-RPC-Events
Possible Memory Leak.  Application (C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted) (PID: 968) has passed a non-NULL pointer to RPC for an [out] parameter marked [allocate(all_nodes)].  [allocate(all_nodes)] parameters are always reallocated; if the original pointer contained the address of valid memory, that memory will be leaked.  The call originated on the interface with UUID ({3F31C91E-2545-4B7B-9311-9529E8BFFEF6}), Method number (20).  User Action: Contact your application vendor for an updated version of the application.
 

--------------------------------------------------------------------------------------


  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,024 posts
  • MVP
I see one BSOD so let's look at it:
 
 
Download BlueScreenView
 
Double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit, Select All.
 
Go File, Save Selected Items, and save the report as BSOD.txt.

Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

 

I would uninstall the Garmin program and also CCleaner as neither are working.  If you can live without it I would uninstall Windows Live.  If you really use it try to get a newer version.

 

 

 

Your Windows Search is hosed.  That may be the cause of your drive activity.

 

Log: 'Application' Date/Time: 24/01/2015 1:19:28 AM
Type: Error Category: 3
Event: 7040 Source: Microsoft-Windows-Search
The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

 

 

 

Try rebuilding the index:

 

http://www.sevenforu...ex-rebuild.html

 

It's possible that a hard drive error is making this happen so I would run a disk check first:

 

 
1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.
 
Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs.  Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.
 
 
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
 
sfc /scannow
 
(SPACE after sfc.  This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
 
Copy the next two lines:
 
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
notepad \windows\logs\cbs\junk.txt 
 
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.  Close nOtepad.  Close the Command Window.
 
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.

  • 0

Advertisements


#11
britechguy

britechguy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 221 posts

A mixed response to your suggestions.  When all this started I ran a number of chkdsk cycles at startup as well as well as sfc.   Everything was clean and I have no reason to believe that's changed since then.   If you *really* want the results from these I'll run them again later, but not right now.

 

I am rebuilding the Windows index right now.  I'm surprised it became corrupted because I thought I'd done the "delete and rebuild" when I had turned the service off, and then on again.  Perhaps not.

 

I have Garmin Express disabled for automatic startup, but since I do occasionally use it I'll keep it.   I have no idea what you mean by "Ccleaner [isn't working]."  I use it quite frequently and it's doing what it's always done and doing it well.

 

Here's the text from the BSOD.txt file:

---------------------------------------------------------------------

==================================================
Dump File         : 013115-22947-01.dmp
Crash Time        : 1/31/2015 10:35:53 AM
Bug Check String  : DRIVER_CORRUPTED_EXPOOL
Bug Check Code    : 0x000000c5
Parameter 1       : fffff880`089c1403
Parameter 2       : 00000000`00000002
Parameter 3       : 00000000`00000000
Parameter 4       : fffff800`02fb09fa
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+76e80
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18700 (win7sp1_gdr.141211-1742)
Processor         : x64
Crash Address     : ntoskrnl.exe+76e80
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\013115-22947-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 277,704
Dump File Time    : 1/31/2015 10:36:58 AM
==================================================
 


  • 0

#12
britechguy

britechguy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 221 posts

I've now got a chkdsk set to run on reboot and have cleared the System and Application Logs.  It will probably be several hours before it's convenient to reboot, but I'll get the rest of the information you requested after I do.

 

This will be a good excuse to focus completely on Downton Abbey and Grantchester when they're on tonight.  ;-)


  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,024 posts
  • MVP

Looks like it didn't install correctly:

 

Log: 'Application' Date/Time: 25/01/2015 6:03:07 AM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "c:\program files\CCleaner\CCleaner.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Log: 'Application' Date/Time: 24/01/2015 6:07:20 AM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "c:\program files\CCleaner\CCleaner.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

 

 

 

The bluescreenview log shows ntoskrnl.exe as the cause but this is unlikely.  More likely is a driver problem but no idea which one.  Sometimes this is heat related or it could be a RAM error.

 

Get the free version of Speccy:

 
http://www.filehippo...download_speccy  (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Download, Save and Install it.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (It will be near the top about 10 lines down.) Attach the file to your next post as it is usually too large for the forum (Click on More Reply Options then Choose file, select the file, Open, Attach this File) Uninstall Speccy.  Speccy will give us the temps and also the condition of the hard drive.
 
Also try the RAM test:
 

  • 0

#14
britechguy

britechguy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 221 posts

Alrighty then. . .

 

CHKDSK took approximately 1 hour and 10 minutes to complete and came back perfectly clean.  The SFC found no errors, either.

 

I find it very peculiar that the results from VEW show date time stamps that are "into the future" from when it was actually run.  Some of the dates are showing as 2/2/2015 and it's nowhere near to midnight here.

 

VEW System Log:

-----------------------------------------------------------------------------

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 01/02/2015 7:46:57 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 02/02/2015 12:18:38 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 02/02/2015 12:18:33 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 02/02/2015 12:17:52 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Realtek DHCP Service service terminated unexpectedly.  It has done this 1 time(s).

Log: 'System' Date/Time: 02/02/2015 12:17:37 AM
Type: Error Category: 0
Event: 4 Source: Microsoft-Windows-Time-Service
The time provider 'VMICTimeProvider' failed to start due to the following error: The specified module could not be found. (0x8007007E)

Log: 'System' Date/Time: 02/02/2015 12:17:23 AM
Type: Error Category: 0
Event: 7006 Source: Service Control Manager
The ScRegSetValueExW call failed for FailureActions with the following error:  Access is denied.

Log: 'System' Date/Time: 02/02/2015 12:16:58 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Garmin Core Update Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 02/02/2015 12:16:58 AM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 02/02/2015 12:17:58 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_MULTIPLE&PROD_CARD_READER&REV_1.00#058F63666433&0#.

Log: 'System' Date/Time: 02/02/2015 12:16:53 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.
 

-----------------------------------------------------------------------------

 

VEW Application Log:

-----------------------------------------------------------------------------

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 01/02/2015 7:47:52 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 01/02/2015 9:51:17 PM
Type: Error Category: 0
Event: 1 Source: Chrome
The event description cannot be found.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 01/02/2015 11:05:04 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   1 user registry handles leaked from \Registry\User\S-1-5-21-3700817450-263443993-1340972289-1001_Classes:
Process 5952 (\Device\HarddiskVolume2\Program Files (x86)\Google\Update\GoogleUpdate.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001_CLASSES


Log: 'Application' Date/Time: 01/02/2015 11:05:02 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   31 user registry handles leaked from \Registry\User\S-1-5-21-3700817450-263443993-1340972289-1001:
Process 2336 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001
Process 2336 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001
Process 2336 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001
Process 2336 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001
Process 372 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001
Process 372 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001
Process 372 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001
Process 372 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001
Process 1360 (\Device\HarddiskVolume2\Windows\SysWOW64\Fast Boot\FastBootAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001
Process 2336 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 372 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2336 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\trust
Process 372 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\trust
Process 372 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\My
Process 2336 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\My
Process 2336 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\TrustedPeople
Process 372 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\TrustedPeople
Process 372 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\CA
Process 2336 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\CA
Process 372 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Policies\Microsoft\SystemCertificates
Process 372 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Policies\Microsoft\SystemCertificates
Process 372 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Policies\Microsoft\SystemCertificates
Process 372 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Policies\Microsoft\SystemCertificates
Process 2336 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Policies\Microsoft\SystemCertificates
Process 2336 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Policies\Microsoft\SystemCertificates
Process 2336 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Policies\Microsoft\SystemCertificates
Process 2336 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Policies\Microsoft\SystemCertificates
Process 2336 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\Root
Process 372 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\Root
Process 372 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\Disallowed
Process 2336 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\Disallowed


Log: 'Application' Date/Time: 01/02/2015 10:44:18 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <iehistory://{S-1-5-18}/> cannot be accessed.

Context:  Application, SystemIndex Catalog

Details:
    (HRESULT : 0x80004005) (0x80004005)


Log: 'Application' Date/Time: 01/02/2015 10:44:14 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <iehistory://{S-1-5-21-3700817450-263443993-1340972289-1003}/> cannot be accessed.

Context:  Application, SystemIndex Catalog

Details:
    (HRESULT : 0x80004005) (0x80004005)


Log: 'Application' Date/Time: 01/02/2015 10:26:00 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <ONEINDEX14://{S-1-5-21-3700817450-263443993-1340972289-1001}/> cannot be accessed.

Context:  Application, SystemIndex Catalog

Details:
    (HRESULT : 0x80004005) (0x80004005)

-----------------------------------------------------------------------------

 

The Speccy Log is attached.

 

I will run the memory test only if necessary after all of this is reviewed.  I have no indications of issues with memory that I am familiar with.

 

Attached Files


  • 0

#15
britechguy

britechguy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 221 posts

I also forgot to add that, in light of what Chrome was doing CPU-usage-wise I decided to do a full uninstall and reinstall.  I didn't even remove my browsing history or extensions, but after the reinstall the CPU usage is down quite a bit.

 

I also elected to uninstall CCleaner before installing the latest version rather than doing an "install over" installation.

 

This is what the snapshot from Process Explorer looked like a few moments ago:

-----------------------------------------------------------------------------

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
System Idle Process    60.86    0 K    24 K    0            
procexp64.exe    9.41    32,684 K    46,536 K    6372    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Sysinternals
dwm.exe    6.35    65,704 K    38,032 K    2952    Desktop Window Manager    Microsoft Corporation    (Verified) Microsoft Windows
ETDCtrl.exe    2.50    3,320 K    1,764 K    3728    ETD Control Center    ELAN Microelectronic Corp.    (Verified) Microsoft Windows Hardware Compatibility Publisher
Interrupts    2.83    0 K    0 K    n/a    Hardware Interrupts and DPCs        
chrome.exe    2.04    375,360 K    349,968 K    4792    Google Chrome    Google Inc.    (Verified) Google Inc
zdclient.exe    1.80    56,416 K    63,500 K    7884        Mozilla Foundation    (No signature was present in the subject) Mozilla Foundation
chrome.exe    1.61    223,996 K    119,960 K    7016    Google Chrome    Google Inc.    (Verified) Google Inc
firefox.exe    1.23    421,300 K    349,960 K    4396    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
svchost.exe    0.99    30,524 K    18,124 K    948    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
System    3.57    124 K    144 K    4            
chrome.exe    0.88    192,404 K    143,804 K    1716    Google Chrome    Google Inc.    (Verified) Google Inc
SDWSCSvc.exe    0.85    6,180 K    2,888 K    1084    Windows Security Center integration.    Safer-Networking Ltd.    (Verified) Safer Networking Ltd.
csrss.exe    0.85    4,028 K    32,708 K    1004    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows
chrome.exe    0.69    173,080 K    136,196 K    5804    Google Chrome    Google Inc.    (Verified) Google Inc
networx.exe    0.44    17,836 K    6,784 K    3996    NetWorx Application (64-bit)    SoftPerfect Research    (Verified) SOFTPERFECT PTY. LTD.
PSUAMain.exe    0.43    22,320 K    784 K    3776    PSUAMain    Panda Security, S.L.    (Verified) Panda Security S.L
RtWLan.exe    0.43    9,288 K    2,452 K    2480    RtWLan    Realtek Semiconductor Corp.    (No signature was present in the subject) Realtek Semiconductor Corp.
FastBootAgent.exe    0.40    8,792 K    2,224 K    1408    ASUS FastBoot    ASUSTeK Computer Inc.    (Verified) ASUSTeK Computer Inc.
svchost.exe    0.36    28,648 K    17,912 K    1176    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
explorer.exe    0.32    54,180 K    50,336 K    2976    Windows Explorer    Microsoft Corporation    (Verified) Microsoft Windows
SDTray.exe    0.32    18,192 K    7,104 K    3984    Spybot - Search & Destroy tray access    Safer-Networking Ltd.    (Verified) Safer Networking Ltd.
chrome.exe    0.28    82,260 K    32,388 K    5496    Google Chrome    Google Inc.    (Verified) Google Inc
SDFSSvc.exe    0.24    30,736 K    5,020 K    2516    Spybot-S&D 2 Scanner Service    Safer-Networking Ltd.    (Verified) Safer Networking Ltd.
SwUSB.exe    0.21    8,524 K    2,476 K    2528    Switch USB2.0/USB3.0 for WinXP SP2+ ~ Win8.1    Realtek    (No signature was present in the subject) Realtek
services.exe    0.20    6,412 K    5,144 K    352    Services and Controller app    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    0.20    158,232 K    144,060 K    1052    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
chrome.exe    0.16    43,880 K    18,388 K    6688    Google Chrome    Google Inc.    (Verified) Google Inc
CNMNSST.exe    0.15    1,776 K    1,896 K    3124    Canon IJ Network Scanner Selector EX    CANON INC.    (Verified) Canon Inc.
zdesktop.exe    0.15    233,448 K    125,288 K    6580            (Certificate expired)
svchost.exe    0.11    4,672 K    4,472 K    848    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
SDUpdSvc.exe    0.10    9,200 K    1,980 K    3208    Spybot-S&D 2 Background update service    Safer-Networking Ltd.    (Verified) Safer Networking Ltd.
chrome.exe    0.09    89,620 K    33,360 K    5424    Google Chrome    Google Inc.    (Verified) Google Inc
flux.exe    0.07    13,628 K    3,384 K    4080    f.lux    Flux Software LLC    (Verified) Michael Herf
svchost.exe    0.05    43,696 K    10,044 K    2396    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
chrome.exe    0.05    77,152 K    35,712 K    5312    Google Chrome    Google Inc.    (Verified) Google Inc
lsm.exe    0.04    2,684 K    1,532 K    416    Local Session Manager Service    Microsoft Corporation    (Verified) Microsoft Windows
chrome.exe    0.04    54,180 K    31,388 K    4656    Google Chrome    Google Inc.    (Verified) Google Inc
VDECK.EXE    0.04    11,372 K    812 K    3888    VIA HD Audio CPL    VIA    (No signature was present in the subject) VIA
wmpnetwk.exe    0.03    14,712 K    16,268 K    2012    Windows Media Player Network Sharing Service    Microsoft Corporation    (Verified) Microsoft Windows
chrome.exe    0.03    227,956 K    164,676 K    5492    Google Chrome    Google Inc.    (Verified) Google Inc
csrss.exe    0.02    2,444 K    1,976 K    944    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows
taskhost.exe    0.02    12,624 K    4,008 K    2692    Host Process for Windows Tasks    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    0.02    8,232 K    9,180 K    1080    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
chrome.exe    0.02    66,108 K    8,900 K    6528    Google Chrome    Google Inc.    (Verified) Google Inc
svchost.exe    0.02    17,800 K    15,436 K    1124    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
lsass.exe    0.02    7,332 K    7,548 K    408    Local Security Authority Process    Microsoft Corporation    (Verified) Microsoft Windows
chrome.exe    0.02    65,788 K    12,048 K    3520    Google Chrome    Google Inc.    (Verified) Google Inc
chrome.exe    0.02    58,996 K    11,792 K    1044    Google Chrome    Google Inc.    (Verified) Google Inc
BatteryLife.exe    0.02    2,660 K    384 K    2824    Power4Gear Hybrid    ATK    (Verified) ASUSTeK Computer Inc.
svchost.exe    0.02    8,724 K    2,632 K    3816    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    0.02    12,560 K    6,888 K    5444    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
chrome.exe    0.02    72,932 K    32,316 K    5316    Google Chrome    Google Inc.    (Verified) Google Inc
chrome.exe    0.02    163,908 K    65,932 K    4728    Google Chrome    Google Inc.    (Verified) Google Inc
chrome.exe    0.02    148,172 K    61,460 K    2268    Google Chrome    Google Inc.    (Verified) Google Inc
chrome.exe    0.01    79,192 K    21,548 K    6748    Google Chrome    Google Inc.    (Verified) Google Inc
chrome.exe    0.01    134,292 K    111,116 K    4124    Google Chrome    Google Inc.    (Verified) Google Inc
chrome.exe    0.01    51,612 K    28,892 K    4380    Google Chrome    Google Inc.    (Verified) Google Inc
PSANHost.exe    0.01    104,984 K    14,480 K    2248    Application Host Service    Panda Security, S.L.    (Verified) Panda Security S.L
svchost.exe    < 0.01    21,808 K    7,760 K    1380    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
WLIDSVC.EXE    < 0.01    6,828 K    1,968 K    3292    Microsoft® Windows Live ID Service    Microsoft Corp.    (Verified) Microsoft Corporation
AsScrPro.exe    < 0.01    1,352 K    676 K    3376    AsScrPro    ASUS    (Verified) ASUSTeK Computer Inc.
WmiPrvSE.exe    < 0.01    10,196 K    5,132 K    4500    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
HControl.exe    < 0.01    6,312 K    1,616 K    2896    HControl    ASUS    (Verified) ASUSTeK Computer Inc.
armsvc.exe    < 0.01    1,152 K    348 K    1780    Adobe Acrobat Update Service    Adobe Systems Incorporated    (Verified) Adobe Systems
WUDFHost.exe        1,888 K    348 K    1980    Windows Driver Foundation - User-mode Driver Framework Host Process    Microsoft Corporation    (Verified) Microsoft Windows
WLIDSVCM.EXE        1,216 K    444 K    3756    Microsoft® Windows Live ID Service Monitor    Microsoft Corp.    (Verified) Microsoft Corporation
wlanext.exe        1,964 K    1,512 K    1512    Windows Wireless LAN 802.11 Extensibility Framework    Microsoft Corporation    (Verified) Microsoft Windows
winlogon.exe        2,872 K    1,868 K    396    Windows Logon Application    Microsoft Corporation    (Verified) Microsoft Windows
wininit.exe        1,528 K    296 K    980    Windows Start-Up Application    Microsoft Corporation    (Verified) Microsoft Windows
WDC.exe        1,336 K    392 K    4344    WDC    ASUS    (Verified) ASUSTeK Computer Inc.
wcourier.exe        2,864 K    1,176 K    2836    Wireless Console 3        (No signature was present in the subject)
taskeng.exe        1,760 K    2,092 K    1768    Task Scheduler Engine    Microsoft Corporation    (Verified) Microsoft Windows
taskeng.exe        2,352 K    580 K    2760    Task Scheduler Engine    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        13,776 K    7,584 K    1700    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        4,680 K    3,396 K    640    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        2,784 K    1,356 K    1252    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        2,384 K    408 K    4392    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
spoolsv.exe        12,320 K    6,928 K    1672    Spooler SubSystem App    Microsoft Corporation    (Verified) Microsoft Windows
smss.exe        444 K    272 K    800    Windows Session Manager    Microsoft Corporation    (Verified) Microsoft Windows
SearchIndexer.exe        44,936 K    30,188 K    4808    Microsoft Windows Search Indexer    Microsoft Corporation    (Verified) Microsoft Windows
runSW.exe        1,268 K    420 K    2488            (No signature was present in the subject)
RtlService.exe        1,328 K    528 K    2404    RtlService MFC Application    Realtek    (Verified) Realtek Semiconductor Corp
PSUAService.exe        7,188 K    296 K    2336    PSUAService    Panda Security, S.L.    (Verified) Panda Security S.L
procexp.exe        2,340 K    1,336 K    3748    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
KBFiltr.exe        1,044 K    320 K    4260    KBFiltr    ASUS    (Verified) ASUSTeK Computer Inc.
igfxtray.exe        2,292 K    480 K    3780    igfxTray Module    Intel Corporation    (Verified) Microsoft Windows Hardware Compatibility Publisher
hkcmd.exe        2,800 K    528 K    3836    hkcmd Module    Intel Corporation    (Verified) Microsoft Windows Hardware Compatibility Publisher
HControlUser.exe        860 K    320 K    4068    HControlUser    ASUS    (Verified) ASUSTeK Computer Inc.
GoogleUpdate.exe        2,068 K    528 K    5728    Google Installer    Google Inc.    (Verified) Google Inc
GoogleCrashHandler64.exe        1,832 K    824 K    3176    Google Crash Handler    Google Inc.    (Verified) Google Inc
GoogleCrashHandler.exe        1,500 K    528 K    3976    Google Crash Handler    Google Inc.    (Verified) Google Inc
GFNEXSrv.exe        944 K    244 K    1560    GFNEXSrv        (No signature was present in the subject)
Everything.exe        25,192 K    16,892 K    3916    Everything        (No signature was present in the subject)
E_S40STB.EXE        1,316 K    412 K    1932    EPSON Status Monitor 3    SEIKO EPSON CORPORATION    (Verified) Microsoft Windows Hardware Compatibility Publisher
E_S40RPB.EXE        1,160 K    384 K    1276    EPSON Status Monitor 3    SEIKO EPSON CORPORATION    (Verified) Microsoft Windows Hardware Compatibility Publisher
DMedia.exe        1,008 K    304 K    3608    ATK Media    ASUS    (No signature was present in the subject) ASUS
dllhost.exe        2,460 K    528 K    5268    COM Surrogate    Microsoft Corporation    (Verified) Microsoft Windows
Crypserv.exe        2,392 K    528 K    1848    CrypKey NT Service    CrypKey (Canada) Ltd.    (No signature was present in the subject) CrypKey (Canada) Ltd.
ControlDeckStartUp.exe        41,680 K    528 K    2812    ControlDeckStartUp        (Verified) ASUSTeK Computer Inc.
conhost.exe        888 K    320 K    1524    Console Window Host    Microsoft Corporation    (Verified) Microsoft Windows
CISVC.EXE        1,516 K    188 K    1824    Content Index service    Microsoft Corporation    (Verified) Microsoft Windows
chrome.exe        78,124 K    70,632 K    5212    Google Chrome    Google Inc.    (Verified) Google Inc
chrome.exe        59,228 K    32,708 K    3992    Google Chrome    Google Inc.    (Verified) Google Inc
chrome.exe        129,624 K    104,600 K    3316    Google Chrome    Google Inc.    (Verified) Google Inc
chrome.exe        50,940 K    32,272 K    4744    Google Chrome    Google Inc.    (Verified) Google Inc
chrome.exe        54,040 K    11,068 K    6976    Google Chrome    Google Inc.    (Verified) Google Inc
chrome.exe        64,264 K    10,512 K    4772    Google Chrome    Google Inc.    (Verified) Google Inc
chrome.exe        58,408 K    25,808 K    6572    Google Chrome    Google Inc.    (Verified) Google Inc
chrome.exe        108,272 K    8,284 K    6544    Google Chrome    Google Inc.    (Verified) Google Inc
chrome.exe        74,076 K    47,592 K    7436    Google Chrome    Google Inc.    (Verified) Google Inc
Atouch64.exe        1,436 K    448 K    2904    Atouch64        (Verified) ASUSTeK Computer Inc.
ATKOSD2.exe        1,256 K    388 K    3388    ATKOSD2    ASUS    (Verified) ASUSTeK Computer Inc.
ATKOSD.exe        860 K    328 K    4900    ATKOSD    ASUS    (Verified) ASUSTeK Computer Inc.
AsLdrSrv.exe        1,052 K    292 K    1504    ASLDR Service    ASUS    (Verified) ASUSTeK Computer Inc.
AmIcoSinglun64.exe        1,868 K    432 K    3456    Single LUN Icon Utility for VID 058F PID 6366    AlcorMicro Co., Ltd.    (No signature was present in the subject) AlcorMicro Co., Ltd.
AgentSvc.exe        10,488 K    6,248 K    2284    Agent Service    Panda Security, S.L.    (Verified) Panda Security S.L
 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP