Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Internet Explorer will not load

Computer freezes

  • Please log in to reply

#46
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP

Sometimes if you run VEW for System and Applications as before we can get a hint what is going on.

 

The other thing we can do is turn on boot logging and see if that catches something.

 

To turn on boot logging, Search for

msconfig

and hit Enter.

 

Under the Boot tab check Boot Log and OK.  Then each time you boot it will record the log in C:\Windows\ntbtlog.txt and sometimes that will tell us what is not working.

 

It is possible that the hard drive is acting up.  Look at the SMART info with either speccy or speedfan and see if the numbers have increased a lot since the last time we looked.


  • 0

Advertisements


#47
shorthaul99

shorthaul99

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts

Here is the first log but I have a question on why is the date stamped on these logs as being dated today but the computer wasn't even on 12:21am this morning and the other 2 events are time and date stamped for this evening 6 hours from now into the future?? Does that make any sense to you?

 

 

'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 29/12/2016 9:10:16 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.attlocal.net timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 29/12/2016 9:08:48 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device {C5A047D8-CB5B-40E9-B9E3-316AB06B5A18}\WirelessKeyboardFilter\8&347fd6cd&0&01.

Log: 'System' Date/Time: 29/12/2016 12:21:09 AM

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 29/12/2016 3:19:38 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 28/12/2016 7:42:22 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 23/12/2016 7:47:50 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 28/12/2016 10:36:54 PM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).

Log: 'System' Date/Time: 28/12/2016 7:39:45 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {9E14B23B-5D8A-447F-B962-6D6D6897861E} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 23/12/2016 7:48:00 PM
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 1:46:45 PM on ?12/?23/?2016 was unexpected.

Log: 'System' Date/Time: 23/12/2016 7:40:35 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {9E14B23B-5D8A-447F-B962-6D6D6897861E} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 22/12/2016 7:23:16 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Microsoft Office Click-to-Run Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 22/12/2016 7:23:16 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Microsoft Office Click-to-Run Service service to connect.

Log: 'System' Date/Time: 22/12/2016 2:11:44 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 29/12/2016 9:10:16 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.attlocal.net timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 29/12/2016 9:08:48 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device {C5A047D8-CB5B-40E9-B9E3-316AB06B5A18}\WirelessKeyboardFilter\8&347fd6cd&0&01.

Log: 'System' Date/Time: 29/12/2016 12:21:09 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 28/12/2016 7:42:25 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device {C5A047D8-CB5B-40E9-B9E3-316AB06B5A18}\WirelessKeyboardFilter\8&347fd6cd&0&01.

Log: 'System' Date/Time: 28/12/2016 7:36:59 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device {C5A047D8-CB5B-40E9-B9E3-316AB06B5A18}\WirelessKeyboardFilter\8&347fd6cd&0&01.

Log: 'System' Date/Time: 24/12/2016 11:08:06 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 24/12/2016 11:03:49 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device {C5A047D8-CB5B-40E9-B9E3-316AB06B5A18}\WirelessKeyboardFilter\8&347fd6cd&0&01.

Log: 'System' Date/Time: 24/12/2016 12:11:01 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 23/12/2016 7:47:54 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device {C5A047D8-CB5B-40E9-B9E3-316AB06B5A18}\WirelessKeyboardFilter\8&347fd6cd&0&01.

Log: 'System' Date/Time: 23/12/2016 7:32:48 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device {C5A047D8-CB5B-40E9-B9E3-316AB06B5A18}\WirelessKeyboardFilter\8&347fd6cd&0&01.

Log: 'System' Date/Time: 23/12/2016 1:49:45 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 22/12/2016 7:22:14 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device {C5A047D8-CB5B-40E9-B9E3-316AB06B5A18}\WirelessKeyboardFilter\8&347fd6cd&0&01.

Log: 'System' Date/Time: 22/12/2016 3:03:43 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 21/12/2016 7:38:41 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device {C5A047D8-CB5B-40E9-B9E3-316AB06B5A18}\WirelessKeyboardFilter\8&347fd6cd&0&01.

Log: 'System' Date/Time: 20/12/2016 11:47:06 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 20/12/2016 10:07:55 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device {C5A047D8-CB5B-40E9-B9E3-316AB06B5A18}\WirelessKeyboardFilter\8&347fd6cd&0&01.

Log: 'System' Date/Time: 20/12/2016 10:07:17 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 20/12/2016 8:10:12 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device {C5A047D8-CB5B-40E9-B9E3-316AB06B5A18}\WirelessKeyboardFilter\8&347fd6cd&0&01.

Log: 'System' Date/Time: 20/12/2016 8:23:15 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 20/12/2016 4:46:39 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device {C5A047D8-CB5B-40E9-B9E3-316AB06B5A18}\WirelessKeyboardFilter\8&347fd6cd&0&01.
 

 

 

 

 

 

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 29/12/2016 3:29:28 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 29/12/2016 9:12:20 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'src\connpool.cpp' at line 1038 from function:'DBMgr::DBConnPool::init'

Log: 'Application' Date/Time: 29/12/2016 9:12:20 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
Connection String:CON=QBConnectionPool-Probe-QB_data_engine_25; ;DBF=C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\qbw;ENG=QB_data_engine_25;DBN=66d4ef91fcc5485ba737b33b0edfb211

Log: 'Application' Date/Time: 29/12/2016 9:12:20 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
Connection Error:Invalid user ID or password

Log: 'Application' Date/Time: 29/12/2016 9:12:12 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
GetMeta Data Failed Code:-77 Database name not unique.Connection String CON=MetaDataDump\192.168.7.64mta;*****************;****************;DBF=C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\qbw;ServerName=QB_ReadOnly_engine_25;APP=192.168.7.64mta;DBN=4971b4c5d73d45ceaf7fbb202a75aea6

Log: 'Application' Date/Time: 29/12/2016 9:12:12 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
DBManager::HandleDmError: statusCode:-6000, dbCode:-77 from file:'src\idbfilemgr.cpp' at line 905 from function:'DBMgr::IDBFileMgr::GetFileMetaData'

Log: 'Application' Date/Time: 29/12/2016 9:12:12 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
Database name not unique

Log: 'Application' Date/Time: 29/12/2016 9:12:12 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
Error: Metadata login failed even after timer retry.

Log: 'Application' Date/Time: 29/12/2016 12:13:38 AM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
Error: truncating TLG file failed, errorcode:1

Log: 'Application' Date/Time: 28/12/2016 11:56:22 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
****** WEBMAIL FAILURE ****** : Error code : 8

Log: 'Application' Date/Time: 28/12/2016 11:36:15 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
****** WEBMAIL FAILURE ****** : Error code : 6

Log: 'Application' Date/Time: 28/12/2016 11:36:01 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
Host Start  failed

Log: 'Application' Date/Time: 28/12/2016 11:36:01 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
Runtime not yet initialized

Log: 'Application' Date/Time: 28/12/2016 10:48:08 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'src\connpool.cpp' at line 1038 from function:'DBMgr::DBConnPool::init'

Log: 'Application' Date/Time: 28/12/2016 10:48:08 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
Connection String:CON=QBConnectionPool-Probe-QB_data_engine_25; ;DBF=C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\.qbw;ENG=QB_data_engine_25;DBN=f0fe6ca2969c433787f0f7e7b361888b

Log: 'Application' Date/Time: 28/12/2016 10:48:08 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
Connection Error:Invalid user ID or password

Log: 'Application' Date/Time: 28/12/2016 10:12:49 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'src\connpool.cpp' at line 1038 from function:'DBMgr::DBConnPool::init'

Log: 'Application' Date/Time: 28/12/2016 10:12:49 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
Connection String:CON=QBConnectionPool-Probe-QB_data_engine_25; ;DBF=C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\.qbw;ENG=QB_data_engine_25;DBN=68e029e33b3e48d58f8809511e7c592c

Log: 'Application' Date/Time: 28/12/2016 10:12:49 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
Connection Error:Invalid user ID or password

Log: 'Application' Date/Time: 28/12/2016 9:42:50 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: AdblockPlusEngine.exe, version: 1.5.0.0, time stamp: 0x56017eff Faulting module name: ntdll.dll, version: 6.1.7601.23572, time stamp: 0x57fd0651 Exception code: 0xc0000374 Fault offset: 0x00000000000bf3e2 Faulting process id: 0x16f4 Faulting application start time: 0x01d2614ac2679651 Faulting application path: C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe Faulting module path: C:\windows\SYSTEM32\ntdll.dll Report Id: 943d3663-cd46-11e6-a297-d85de2936b3c

Log: 'Application' Date/Time: 28/12/2016 9:32:35 PM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program IEXPLORE.EXE version 11.0.9600.18538 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.  Process ID: fc4  Start Time: 01d2614ac1a6c6db  Termination Time: 63  Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE  Report Id:  

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 29/12/2016 9:21:38 PM
Type: Warning Category: 0
Event: 3 Source: HP Active Health
Error running a Casl GET EmbeddedController.AuditLog.JSON command: Exception has been thrown by the target of an invocation.

Log: 'Application' Date/Time: 29/12/2016 12:21:05 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   1 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000_Classes:
Process 2016 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000_CLASSES


Log: 'Application' Date/Time: 29/12/2016 12:21:05 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   15 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 2016 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2016 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2016 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2016 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2016 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 2016 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 2016 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 2016 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2016 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 2016 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 2016 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2016 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2016 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2016 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2016 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Disallowed


Log: 'Application' Date/Time: 28/12/2016 7:54:59 PM
Type: Warning Category: 0
Event: 2901 Source: HP Active Health
Error getting Windows updates: System.Threading.ThreadAbortException: Thread was being aborted.    at Interop.WUApiLib.IUpdateSearcher.Search(String criteria)    at HP.ActiveHealth.Agents.WindowsUpdates.WindowsUpdatesAgent.GetWindowsUpdates()

Log: 'Application' Date/Time: 28/12/2016 7:54:23 PM
Type: Warning Category: 0
Event: 3 Source: HP Active Health
Error running a Casl EXECUTE Diags.ThermalDiagnostics command: Exception has been thrown by the target of an invocation.

Log: 'Application' Date/Time: 28/12/2016 7:54:23 PM
Type: Warning Category: 0
Event: 3 Source: HP Active Health
Error running a Casl EXECUTE Diags.ThermalDiagnostics command: Exception has been thrown by the target of an invocation.

Log: 'Application' Date/Time: 28/12/2016 7:54:23 PM
Type: Warning Category: 0
Event: 3 Source: HP Active Health
Error running a Casl EXECUTE Diags.ThermalDiagnostics command: Exception has been thrown by the target of an invocation.

Log: 'Application' Date/Time: 28/12/2016 7:54:17 PM
Type: Warning Category: 0
Event: 2903 Source: HP Active Health
Unable to get WindowsUpdate information in able time

Log: 'Application' Date/Time: 28/12/2016 7:54:16 PM
Type: Warning Category: 0
Event: 3 Source: HP Active Health
Error running a Casl GET EmbeddedController.AuditLog.JSON command: Exception has been thrown by the target of an invocation.

Log: 'Application' Date/Time: 28/12/2016 7:40:27 PM
Type: Warning Category: 0
Event: 6005 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> is taking long time to handle the notification event (Logoff).

Log: 'Application' Date/Time: 28/12/2016 7:40:25 PM
Type: Warning Category: 18
Event: 4627 Source: Microsoft-Windows-EventSystem
The COM+ Event System timed out attempting to fire the Logon method on event class {D5978630-5B9F-11D1-8DD2-00AA004ABD5E} for publisher  and subscriber .  The subscriber failed to respond within 180 seconds. The display name of the subscription is "wltrynt SENS Logon Spy Subscription". The HRESULT was 800705b4.

Log: 'Application' Date/Time: 28/12/2016 7:40:25 PM
Type: Warning Category: 18
Event: 4627 Source: Microsoft-Windows-EventSystem
The COM+ Event System timed out attempting to fire the StartShell method on event class {D5978630-5B9F-11D1-8DD2-00AA004ABD5E} for publisher  and subscriber .  The subscriber failed to respond within 180 seconds. The display name of the subscription is "wltrynt SENS Logon Spy Subscription". The HRESULT was 800705b4.

Log: 'Application' Date/Time: 28/12/2016 7:40:25 PM
Type: Warning Category: 18
Event: 4627 Source: Microsoft-Windows-EventSystem
The COM+ Event System timed out attempting to fire the PostShell method on event class {D5978650-5B9F-11D1-8DD2-00AA004ABD5E} for publisher  and subscriber .  The subscriber failed to respond within 180 seconds. The display name of the subscription is "SENS Logon2 Subscription". The HRESULT was 80010002.

Log: 'Application' Date/Time: 24/12/2016 11:08:02 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   15 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 1604 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1604 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1604 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1604 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1604 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 1604 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 1604 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 1604 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1604 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 1604 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1604 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1604 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1604 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1604 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1604 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Disallowed


Log: 'Application' Date/Time: 24/12/2016 12:10:59 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   15 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 1572 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1572 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1572 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1572 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1572 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 1572 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 1572 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 1572 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1572 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 1572 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1572 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1572 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1572 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1572 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1572 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Disallowed


Log: 'Application' Date/Time: 23/12/2016 7:58:32 PM
Type: Warning Category: 0
Event: 3 Source: HP Active Health
Error running a Casl GET EmbeddedController.AuditLog.JSON command: Exception has been thrown by the target of an invocation.

Log: 'Application' Date/Time: 23/12/2016 7:43:17 PM
Type: Warning Category: 18
Event: 4627 Source: Microsoft-Windows-EventSystem
The COM+ Event System timed out attempting to fire the Logoff method on event class {D5978630-5B9F-11D1-8DD2-00AA004ABD5E} for publisher  and subscriber .  The subscriber failed to respond within 180 seconds. The display name of the subscription is "wltrynt SENS Logon Spy Subscription". The HRESULT was 800705b4.

Log: 'Application' Date/Time: 23/12/2016 7:41:17 PM
Type: Warning Category: 0
Event: 6005 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> is taking long time to handle the notification event (Logoff).

Log: 'Application' Date/Time: 23/12/2016 7:36:20 PM
Type: Warning Category: 18
Event: 4627 Source: Microsoft-Windows-EventSystem
The COM+ Event System timed out attempting to fire the StartShell method on event class {D5978630-5B9F-11D1-8DD2-00AA004ABD5E} for publisher  and subscriber .  The subscriber failed to respond within 180 seconds. The display name of the subscription is "wltrynt SENS Logon Spy Subscription". The HRESULT was 800705b4.

Log: 'Application' Date/Time: 23/12/2016 7:36:20 PM
Type: Warning Category: 18
Event: 4627 Source: Microsoft-Windows-EventSystem
The COM+ Event System timed out attempting to fire the PostShell method on event class {D5978650-5B9F-11D1-8DD2-00AA004ABD5E} for publisher  and subscriber .  The subscriber failed to respond within 180 seconds. The display name of the subscription is "SENS Logon2 Subscription". The HRESULT was 80010002.
 


  • 0

#48
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP

Log: 'Application' Date/Time: 23/12/2016 7:43:17 PM
Type: Warning Category: 18
Event: 4627 Source: Microsoft-Windows-EventSystem
The COM+ Event System timed out attempting to fire the Logoff method on event class {D5978630-5B9F-11D1-8DD2-00AA004ABD5E} for publisher  and subscriber .  The subscriber failed to respond within 180 seconds. The display name of the subscription is "wltrynt SENS Logon Spy Subscription". The HRESULT was 800705b4.

 

 

 

I think the hangs are coming from Broadcom Wireless Utility.  Supposedly you can uninstall it and disregard the warnings that it is needed as it's not.  See:

 

https://social.techn...=w7itproinstall

 

The time on event log items in vew is GMT.  They don't bother with the time zone offset.

 

You are getting a lot of errors from  QuickBooks Pro 2015.  Is there a update to that version you can use or perhaps it need to be reinstalled.

 

Is that the latest version of Kaspersky?  Lots of registry hangs that will slow down shutdown.

 

. HP Active Health is also buggy.  See if there is a newer version or just uninstall it.


  • 0

#49
shorthaul99

shorthaul99

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts

I downloaded a tool for QuickBooks to repair the installation with the .Net framework and it has cleared up a lot of the issues I was having with that program. I got all of the errors corrected regarding login in QB but now I guess I have a new issue that QB is aware of and working on but no new update until 2/1/17. I uninstalled the broadcom wireless utility and the HP active health and Kaspersky has the latest version installed of Small Business Suite. I have since rebooted and I will run another scan with VEW but in the meantime, here is the response from QB for this new error of

 

An unexpected error has occured in "QuickBooks Pro 2015":
Failed to read IE version from registry.

 

 

While working in QuickBooks, QuickBooks closes unexpectedly (crashes with or without an error)

While working in QuickBooks, QuickBooks closes unexpectedly (crashes with a QuickBooks has Stopped working, Unrecoverable Error, or you may see no error).  For example, when performing one of the following, you may experience a crash with no error message.

  • Emailing a large report
  • Working randomly on transactions, such as Invoices and Sales Orders
  • Running many reports side by side
  • Working in different centers
  • Working in the report center
 

The errors you may see are:

  • QuickBooks has stopped working
  • No error (QuickBooks just disappears while working)
  • Unrecoverable Error (random codes)
 

Important: Please make sure you first try updating to the latest release of QuickBooks.  If you are on the latest release and continue to run into these issues, please sign up below to be notified when we have an update for this article.

 

containmentsignup.png

Updates

Current Status:

We are still investigating this issue for possible root causes and solutions. At this time, we do have any additional information to provide. We will have an update on 2/1/2017.

QuickBooks can close unexpectedly for a variety of technical reasons, many being related to issues on the computer itself, that can be caused in part by system and environmental problems in addition to problems with how QuickBooks interacts with these variables. For this reason, some customers may experience this problem doing a particular task while others will not. We always recommend updating to the latest release of QuickBooks.

Next update:

2/1/2017

Other Articles To Try
Was this article helpful?
 
Do you still have a question?

Ask your question to the community. Most questions get a response in about a day.

 
 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 03/01/2017 7:42:52 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 04/01/2017 1:11:32 AM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
Failed to read IE version from registry.

Log: 'Application' Date/Time: 04/01/2017 1:11:29 AM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
Failed to read IE version from registry.

Log: 'Application' Date/Time: 04/01/2017 12:56:56 AM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'src\connpool.cpp' at line 1038 from function:'DBMgr::DBConnPool::init'

Log: 'Application' Date/Time: 04/01/2017 12:56:56 AM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
Connection String:CON=QBConnectionPool-Probe-QB_data_engine_25; ;DBF=C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\.qbw;ENG=QB_data_engine_25;DBN=739fcbb6b8a0491e8461ef84e8bca66e

Log: 'Application' Date/Time: 04/01/2017 12:56:55 AM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
Connection Error:Invalid user ID or password

Log: 'Application' Date/Time: 04/01/2017 12:54:52 AM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'src\connpool.cpp' at line 1038 from function:'DBMgr::DBConnPool::init'

Log: 'Application' Date/Time: 04/01/2017 12:54:52 AM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
Connection String:CON=QBConnectionPool-Probe-QB_data_engine_25; ;DBF=C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\.qbw;ENG=QB_data_engine_25;DBN=b5a60c2b591a44a691022cd7d411e31d

Log: 'Application' Date/Time: 04/01/2017 12:54:52 AM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
Connection Error:Invalid user ID or password

Log: 'Application' Date/Time: 04/01/2017 12:41:35 AM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'src\connpool.cpp' at line 1038 from function:'DBMgr::DBConnPool::init'

Log: 'Application' Date/Time: 04/01/2017 12:41:35 AM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
Connection String:CON=QBConnectionPool-Probe-QB_data_engine_25; ;DBF=C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\.qbw;ENG=QB_data_engine_25;DBN=bb74957435814125b4782b8b51513e03

Log: 'Application' Date/Time: 04/01/2017 12:41:35 AM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
Connection Error:Invalid user ID or password

Log: 'Application' Date/Time: 03/01/2017 11:05:10 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'src\connpool.cpp' at line 1038 from function:'DBMgr::DBConnPool::init'

Log: 'Application' Date/Time: 03/01/2017 11:05:10 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
Connection String:CON=QBConnectionPool-Probe-QB_data_engine_25; ;DBF=C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\.qbw;ENG=QB_data_engine_25;DBN=6c226af10b6f4d7091ffafd5fc7fc9e8

Log: 'Application' Date/Time: 03/01/2017 11:05:10 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
Connection Error:Invalid user ID or password

Log: 'Application' Date/Time: 03/01/2017 10:55:47 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
Failed to read IE version from registry.

Log: 'Application' Date/Time: 03/01/2017 10:55:46 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
Failed to read IE version from registry.

Log: 'Application' Date/Time: 03/01/2017 10:39:24 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
Failed to read IE version from registry.

Log: 'Application' Date/Time: 03/01/2017 10:37:15 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
Failed to read IE version from registry.

Log: 'Application' Date/Time: 03/01/2017 10:32:04 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
Failed to read IE version from registry.

Log: 'Application' Date/Time: 03/01/2017 10:20:43 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
Failed to read IE version from registry.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 04/01/2017 1:07:49 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   15 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 2012 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2012 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2012 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2012 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2012 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 2012 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 2012 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 2012 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2012 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 2012 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 2012 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2012 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2012 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2012 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2012 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Disallowed


Log: 'Application' Date/Time: 04/01/2017 1:05:28 AM
Type: Warning Category: 1
Event: 1020 Source: ASP.NET 4.0.30319.0
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Log: 'Application' Date/Time: 04/01/2017 1:05:24 AM
Type: Warning Category: 1
Event: 1020 Source: ASP.NET 4.0.30319.0
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Log: 'Application' Date/Time: 04/01/2017 1:03:51 AM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avpui.exe' (pid 1444) cannot be restarted - Application SID does not match Conductor SID..

Log: 'Application' Date/Time: 04/01/2017 12:38:52 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   15 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Disallowed


Log: 'Application' Date/Time: 03/01/2017 10:49:33 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   1 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000_Classes:
Process 1884 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000_CLASSES


Log: 'Application' Date/Time: 03/01/2017 10:49:32 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   15 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 1884 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1884 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1884 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1884 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1884 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 1884 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 1884 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 1884 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1884 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 1884 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1884 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1884 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1884 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1884 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1884 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Disallowed


Log: 'Application' Date/Time: 03/01/2017 10:48:23 PM
Type: Warning Category: 1
Event: 1020 Source: ASP.NET 4.0.30319.0
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Log: 'Application' Date/Time: 03/01/2017 10:48:19 PM
Type: Warning Category: 1
Event: 1020 Source: ASP.NET 4.0.30319.0
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Log: 'Application' Date/Time: 03/01/2017 10:45:54 PM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avpui.exe' (pid 2704) cannot be restarted - Application SID does not match Conductor SID..

Log: 'Application' Date/Time: 03/01/2017 5:55:37 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   20 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 2876 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1160 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1160 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1160 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1160 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2876 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 1160 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 1160 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 1160 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 2876 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1160 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2876 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 1160 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 1160 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1160 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1160 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1160 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1160 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2876 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1160 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Disallowed


Log: 'Application' Date/Time: 03/01/2017 4:15:01 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   15 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 2040 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2040 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2040 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2040 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2040 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 2040 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 2040 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 2040 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2040 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 2040 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 2040 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2040 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2040 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2040 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2040 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Disallowed


Log: 'Application' Date/Time: 03/01/2017 3:54:52 PM
Type: Warning Category: 0
Event: 3 Source: HP Active Health
Error running a Casl GET EmbeddedController.AuditLog.JSON command: Exception has been thrown by the target of an invocation.

Log: 'Application' Date/Time: 03/01/2017 3:50:43 PM
Type: Warning Category: 0
Event: 59 Source: Outlook
Outlook disabled the following add-in(s):



ProgID: OutlookKLAsAddin.Addin_1FB137BE-29DF-463A-9BC8-404F24407C2F
GUID: {BF281344-478C-466C-BF5A-E0D853D95DAC}
Name: Kaspersky Outlook Anti-Spam Addin
Description: Addin for anti-spam protection
Load Behavior: 3
HKLM: 1
Location: c:\program files (x86)\kaspersky lab\kaspersky small office security 17.0.0\mcouas.dll
Threshold Time (Milliseconds): 1000
Time Taken (Milliseconds): 1373
Disable Reason: This add-in caused Outlook to start slowly.
Policy Exception (Allow List): 0

Log: 'Application' Date/Time: 31/12/2016 12:41:43 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   15 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 1052 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1052 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1052 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1052 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1052 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 1052 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 1052 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 1052 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1052 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 1052 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1052 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1052 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1052 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1052 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1052 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Disallowed


Log: 'Application' Date/Time: 30/12/2016 11:17:53 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <mapi16://{S-1-5-21-2577112198-3913129868-2286876578-1000}/> cannot be accessed.

Context:  Application, SystemIndex Catalog

Details:
    A server error occurred. Check that the server is available.  (HRESULT : 0x80041206) (0x80041206)


Log: 'Application' Date/Time: 30/12/2016 9:44:35 PM
Type: Warning Category: 0
Event: 3 Source: HP Active Health
Error running a Casl GET EmbeddedController.AuditLog.JSON command: Exception has been thrown by the target of an invocation.

Log: 'Application' Date/Time: 30/12/2016 1:24:26 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   15 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 1456 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1456 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1456 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1456 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1456 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 1456 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 1456 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 1456 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1456 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 1456 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1456 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1456 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1456 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1456 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1456 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Disallowed


Log: 'Application' Date/Time: 30/12/2016 12:11:25 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <mapi16://{S-1-5-21-2577112198-3913129868-2286876578-1000}/> cannot be accessed.

Context:  Application, SystemIndex Catalog

Details:
    A server error occurred. Check that the server is available.  (HRESULT : 0x80041206) (0x80041206)


Log: 'Application' Date/Time: 29/12/2016 11:11:25 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <mapi16://{S-1-5-21-2577112198-3913129868-2286876578-1000}/> cannot be accessed.

Context:  Application, SystemIndex Catalog

Details:
    A server error occurred. Check that the server is available.  (HRESULT : 0x80041206) (0x80041206)

 

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 03/01/2017 7:42:52 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 04/01/2017 1:11:32 AM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
Failed to read IE version from registry.

Log: 'Application' Date/Time: 04/01/2017 1:11:29 AM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
Failed to read IE version from registry.

Log: 'Application' Date/Time: 04/01/2017 12:56:56 AM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'src\connpool.cpp' at line 1038 from function:'DBMgr::DBConnPool::init'

Log: 'Application' Date/Time: 04/01/2017 12:56:56 AM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
Connection String:CON=QBConnectionPool-Probe-QB_data_engine_25; ;DBF=C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\.qbw;ENG=QB_data_engine_25;DBN=739fcbb6b8a0491e8461ef84e8bca66e

Log: 'Application' Date/Time: 04/01/2017 12:56:55 AM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
Connection Error:Invalid user ID or password

Log: 'Application' Date/Time: 04/01/2017 12:54:52 AM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'src\connpool.cpp' at line 1038 from function:'DBMgr::DBConnPool::init'

Log: 'Application' Date/Time: 04/01/2017 12:54:52 AM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
Connection String:CON=QBConnectionPool-Probe-QB_data_engine_25; ;DBF=C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\.qbw;ENG=QB_data_engine_25;DBN=b5a60c2b591a44a691022cd7d411e31d

Log: 'Application' Date/Time: 04/01/2017 12:54:52 AM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
Connection Error:Invalid user ID or password

Log: 'Application' Date/Time: 04/01/2017 12:41:35 AM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'src\connpool.cpp' at line 1038 from function:'DBMgr::DBConnPool::init'

Log: 'Application' Date/Time: 04/01/2017 12:41:35 AM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
Connection String:CON=QBConnectionPool-Probe-QB_data_engine_25; ;DBF=C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\.qbw;ENG=QB_data_engine_25;DBN=bb74957435814125b4782b8b51513e03

Log: 'Application' Date/Time: 04/01/2017 12:41:35 AM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
Connection Error:Invalid user ID or password

Log: 'Application' Date/Time: 03/01/2017 11:05:10 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'src\connpool.cpp' at line 1038 from function:'DBMgr::DBConnPool::init'

Log: 'Application' Date/Time: 03/01/2017 11:05:10 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
Connection String:CON=QBConnectionPool-Probe-QB_data_engine_25; ;DBF=C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\.qbw;ENG=QB_data_engine_25;DBN=6c226af10b6f4d7091ffafd5fc7fc9e8

Log: 'Application' Date/Time: 03/01/2017 11:05:10 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
Connection Error:Invalid user ID or password

Log: 'Application' Date/Time: 03/01/2017 10:55:47 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
Failed to read IE version from registry.

Log: 'Application' Date/Time: 03/01/2017 10:55:46 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
Failed to read IE version from registry.

Log: 'Application' Date/Time: 03/01/2017 10:39:24 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
Failed to read IE version from registry.

Log: 'Application' Date/Time: 03/01/2017 10:37:15 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
Failed to read IE version from registry.

Log: 'Application' Date/Time: 03/01/2017 10:32:04 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
Failed to read IE version from registry.

Log: 'Application' Date/Time: 03/01/2017 10:20:43 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
Failed to read IE version from registry.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 04/01/2017 1:07:49 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   15 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 2012 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2012 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2012 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2012 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2012 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 2012 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 2012 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 2012 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2012 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 2012 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 2012 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2012 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2012 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2012 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2012 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Disallowed


Log: 'Application' Date/Time: 04/01/2017 1:05:28 AM
Type: Warning Category: 1
Event: 1020 Source: ASP.NET 4.0.30319.0
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Log: 'Application' Date/Time: 04/01/2017 1:05:24 AM
Type: Warning Category: 1
Event: 1020 Source: ASP.NET 4.0.30319.0
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Log: 'Application' Date/Time: 04/01/2017 1:03:51 AM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avpui.exe' (pid 1444) cannot be restarted - Application SID does not match Conductor SID..

Log: 'Application' Date/Time: 04/01/2017 12:38:52 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   15 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Disallowed


Log: 'Application' Date/Time: 03/01/2017 10:49:33 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   1 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000_Classes:
Process 1884 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000_CLASSES


Log: 'Application' Date/Time: 03/01/2017 10:49:32 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   15 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 1884 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1884 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1884 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1884 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1884 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 1884 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 1884 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 1884 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1884 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 1884 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1884 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1884 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1884 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1884 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1884 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Disallowed


Log: 'Application' Date/Time: 03/01/2017 10:48:23 PM
Type: Warning Category: 1
Event: 1020 Source: ASP.NET 4.0.30319.0
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Log: 'Application' Date/Time: 03/01/2017 10:48:19 PM
Type: Warning Category: 1
Event: 1020 Source: ASP.NET 4.0.30319.0
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Log: 'Application' Date/Time: 03/01/2017 10:45:54 PM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avpui.exe' (pid 2704) cannot be restarted - Application SID does not match Conductor SID..

Log: 'Application' Date/Time: 03/01/2017 5:55:37 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   20 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 2876 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1160 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1160 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1160 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1160 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2876 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 1160 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 1160 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 1160 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 2876 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1160 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2876 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 1160 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 1160 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1160 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1160 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1160 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1160 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2876 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1160 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Disallowed


Log: 'Application' Date/Time: 03/01/2017 4:15:01 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   15 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 2040 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2040 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2040 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2040 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2040 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 2040 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 2040 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 2040 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2040 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 2040 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 2040 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2040 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2040 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2040 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2040 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Disallowed


Log: 'Application' Date/Time: 03/01/2017 3:54:52 PM
Type: Warning Category: 0
Event: 3 Source: HP Active Health
Error running a Casl GET EmbeddedController.AuditLog.JSON command: Exception has been thrown by the target of an invocation.

Log: 'Application' Date/Time: 03/01/2017 3:50:43 PM
Type: Warning Category: 0
Event: 59 Source: Outlook
Outlook disabled the following add-in(s):



ProgID: OutlookKLAsAddin.Addin_1FB137BE-29DF-463A-9BC8-404F24407C2F
GUID: {BF281344-478C-466C-BF5A-E0D853D95DAC}
Name: Kaspersky Outlook Anti-Spam Addin
Description: Addin for anti-spam protection
Load Behavior: 3
HKLM: 1
Location: c:\program files (x86)\kaspersky lab\kaspersky small office security 17.0.0\mcouas.dll
Threshold Time (Milliseconds): 1000
Time Taken (Milliseconds): 1373
Disable Reason: This add-in caused Outlook to start slowly.
Policy Exception (Allow List): 0

Log: 'Application' Date/Time: 31/12/2016 12:41:43 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   15 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 1052 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1052 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1052 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1052 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1052 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 1052 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 1052 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 1052 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1052 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 1052 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1052 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1052 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1052 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1052 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1052 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Disallowed


Log: 'Application' Date/Time: 30/12/2016 11:17:53 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <mapi16://{S-1-5-21-2577112198-3913129868-2286876578-1000}/> cannot be accessed.

Context:  Application, SystemIndex Catalog

Details:
    A server error occurred. Check that the server is available.  (HRESULT : 0x80041206) (0x80041206)


Log: 'Application' Date/Time: 30/12/2016 9:44:35 PM
Type: Warning Category: 0
Event: 3 Source: HP Active Health
Error running a Casl GET EmbeddedController.AuditLog.JSON command: Exception has been thrown by the target of an invocation.

Log: 'Application' Date/Time: 30/12/2016 1:24:26 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   15 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 1456 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1456 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1456 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1456 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1456 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 1456 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 1456 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 1456 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1456 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 1456 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1456 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1456 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1456 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1456 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1456 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Disallowed


Log: 'Application' Date/Time: 30/12/2016 12:11:25 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <mapi16://{S-1-5-21-2577112198-3913129868-2286876578-1000}/> cannot be accessed.

Context:  Application, SystemIndex Catalog

Details:
    A server error occurred. Check that the server is available.  (HRESULT : 0x80041206) (0x80041206)


Log: 'Application' Date/Time: 29/12/2016 11:11:25 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <mapi16://{S-1-5-21-2577112198-3913129868-2286876578-1000}/> cannot be accessed.

Context:  Application, SystemIndex Catalog

Details:
    A server error occurred. Check that the server is available.  (HRESULT : 0x80041206) (0x80041206)

 


  • 0

#50
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP

 Log: 'Application' Date/Time: 04/01/2017 1:05:28 AM

Type: Warning Category: 1
Event: 1020 Source: ASP.NET 4.0.30319.0
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Log: 'Application' Date/Time: 04/01/2017 1:05:24 AM
Type: Warning Category: 1
Event: 1020 Source: ASP.NET 4.0.30319.0
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

 

 

1) Delete the account, leaving the .NET Framework installed: • Launch the Computer Management tool within your Administrative Tools folder (under Control Panel) • Select the Local Users and Groups node • Click the Users sub node, highlighting the ASPNET account • Right click the highlighted account and choose delete

 

That should fix the quoted errors.  Shouldn't make a big difference in anything tho.

 

Lot of Kaspersky errors.  I would expect better from them.

 

Quickbooks is still unhappy but your knew that.

 

Go in and clear the alarms:

 

 
Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
 
Reboot. 
 
So that next timne you run vew we will just see fresh alarms.
 
Is it still acting up?

  • 0

#51
shorthaul99

shorthaul99

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts

After reboot, it locked up again and so I rebooted again and got her going again. When I went to admin tools, there was no such thing under the user folder with ASPNET account. Since there was nothing to delete, I proceeded to the next step and cleared the logs. Here is a fresh set:

 

 

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 03/01/2017 9:51:56 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 04/01/2017 3:42:25 AM
Type: Warning Category: 18
Event: 4627 Source: Microsoft-Windows-EventSystem
The COM+ Event System timed out attempting to fire the PostShell method on event class {D5978650-5B9F-11D1-8DD2-00AA004ABD5E} for publisher  and subscriber .  The subscriber failed to respond within 180 seconds. The display name of the subscription is "SENS Logon2 Subscription". The HRESULT was 80010002.

Log: 'Application' Date/Time: 04/01/2017 3:38:36 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   15 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 2020 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2020 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2020 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2020 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2020 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 2020 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 2020 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 2020 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2020 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 2020 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 2020 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2020 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2020 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2020 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2020 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Disallowed

 

 

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 03/01/2017 9:59:16 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 04/01/2017 3:43:55 AM
Type: Error Category: 0
Event: 7043 Source: Service Control Manager
The Diagnostics Tracking Service service did not shut down properly after receiving a preshutdown control.

Log: 'System' Date/Time: 04/01/2017 3:43:22 AM
Type: Error Category: 0
Event: 7043 Source: Service Control Manager
The Group Policy Client service did not shut down properly after receiving a preshutdown control.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 04/01/2017 3:44:30 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device {C5A047D8-CB5B-40E9-B9E3-316AB06B5A18}\WirelessKeyboardFilter\8&347fd6cd&0&01.

Log: 'System' Date/Time: 04/01/2017 3:43:55 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 04/01/2017 3:39:10 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device {C5A047D8-CB5B-40E9-B9E3-316AB06B5A18}\WirelessKeyboardFilter\8&347fd6cd&0&01.

Log: 'System' Date/Time: 04/01/2017 3:38:37 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.
 


  • 0

#52
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP
Log: 'Application' Date/Time: 04/01/2017 3:42:25 AM
Type: Warning Category: 18
Event: 4627 Source: Microsoft-Windows-EventSystem
The COM+ Event System timed out attempting to fire the PostShell method on event class {D5978650-5B9F-11D1-8DD2-00AA004ABD5E} for publisher  and subscriber .  The subscriber failed to respond within 180 seconds. The display name of the subscription is "SENS Logon2 Subscription". The HRESULT was 80010002.

 

 

Not sure about this error but it may be telling us why the logon failed.
 
Your Kaspersky is showing a bucket full of errors and I saw a complaint about a similar error as the above from a McAfee user after an update so it may possibly be Kaspersky related.  I don't know if it is just a bad install or an error on their part but it might be wise to temporarily replace Kaspersky with the free Avast.
 
 
Click on Download then choose the free version.
 
Uninstall Kaspersky (keeping the license info for reuse)
 
Reboot.  
 
Install the free Avast by right clicking and Run As Admin.
 
Decline any optional software.
 
 
Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
 
Reboot. 
 
Decline any optional software and stay with the Basic free service.
 
You don't really need to register since this is only a test.
 
Run VEW again as before.
 
 
 

  • 0

#53
shorthaul99

shorthaul99

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 04/01/2017 6:12:47 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 04/01/2017 6:13:19 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 05/01/2017 12:09:12 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device {C5A047D8-CB5B-40E9-B9E3-316AB06B5A18}\WirelessKeyboardFilter\8&347fd6cd&0&01.

Log: 'System' Date/Time: 05/01/2017 12:08:25 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.
 


  • 0

#54
shorthaul99

shorthaul99

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts

RKinner,

 

What do you think? I really would like to get Kaspersky back on here.

 

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 10/01/2017 12:45:15 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 10/01/2017 5:14:39 AM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
Failed to read IE version from registry.

Log: 'Application' Date/Time: 10/01/2017 3:36:17 AM
Type: Error Category: 0
Event: 4103 Source: Windows Backup
The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Log: 'Application' Date/Time: 09/01/2017 11:28:15 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
Failed to read IE version from registry.

Log: 'Application' Date/Time: 09/01/2017 11:27:31 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'src\connpool.cpp' at line 1038 from function:'DBMgr::DBConnPool::init'

Log: 'Application' Date/Time: 09/01/2017 11:27:31 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
Connection String:CON=QBConnectionPool-Probe-QB_data_engine_25; ;DBF=C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\.qbw;ENG=QB_data_engine_25;DBN=8c2245eebe434621a71da94a0f8ef04c

Log: 'Application' Date/Time: 09/01/2017 11:27:31 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
Connection Error:Invalid user ID or password

Log: 'Application' Date/Time: 06/01/2017 12:45:13 AM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
QuickBooks has experienced a problem and must be shut down.

Log: 'Application' Date/Time: 06/01/2017 12:29:12 AM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
Failed to read IE version from registry.

Log: 'Application' Date/Time: 06/01/2017 12:28:56 AM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'src\connpool.cpp' at line 1038 from function:'DBMgr::DBConnPool::init'

Log: 'Application' Date/Time: 06/01/2017 12:28:56 AM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
Connection String:CON=QBConnectionPool-Probe-QB_data_engine_25; ;DBF=C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\.qbw;ENG=QB_data_engine_25;DBN=255de3b43fb24a22ad950f00be192adb

Log: 'Application' Date/Time: 06/01/2017 12:28:56 AM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Pro 2015":
Connection Error:Invalid user ID or password

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 06/01/2017 12:47:52 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   1 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 1620 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000


Log: 'Application' Date/Time: 05/01/2017 12:23:22 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   1 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 860 (\Device\HarddiskVolume3\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\Windows\CurrentVersion\Explorer


Log: 'Application' Date/Time: 05/01/2017 12:18:11 AM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Windows\explorer.exe' (pid 2340) cannot be restarted - Application SID does not match Conductor SID..
 

 

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 10/01/2017 12:49:20 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 09/01/2017 11:22:00 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Microsoft Office Click-to-Run Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 09/01/2017 11:22:00 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Microsoft Office Click-to-Run Service service to connect.

Log: 'System' Date/Time: 05/01/2017 8:52:59 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Apple Mobile Device Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 05/01/2017 8:52:59 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device Service service to connect.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 09/01/2017 11:20:54 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device {C5A047D8-CB5B-40E9-B9E3-316AB06B5A18}\WirelessKeyboardFilter\8&347fd6cd&0&01.

Log: 'System' Date/Time: 06/01/2017 10:25:59 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 06/01/2017 10:18:17 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device {C5A047D8-CB5B-40E9-B9E3-316AB06B5A18}\WirelessKeyboardFilter\8&347fd6cd&0&01.

Log: 'System' Date/Time: 06/01/2017 12:47:55 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 05/01/2017 8:52:17 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device {C5A047D8-CB5B-40E9-B9E3-316AB06B5A18}\WirelessKeyboardFilter\8&347fd6cd&0&01.

Log: 'System' Date/Time: 05/01/2017 12:23:24 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 05/01/2017 12:09:12 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device {C5A047D8-CB5B-40E9-B9E3-316AB06B5A18}\WirelessKeyboardFilter\8&347fd6cd&0&01.

Log: 'System' Date/Time: 05/01/2017 12:08:25 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.
 


  • 0

#55
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP

Doesn't look too bad.  You can put Kaspersky back.  It's best to reboot after uninstalling Avast and before installing Kaspersky.

 

Search for 

 

services.msc 

 

and hit Enter and find

 

Windows Driver Foundation - User-mode Driver Framework

 

right click on it and Properties.  Verify that it is Started and that the Startup Type is set to Automatic.

 

 

If you are not using

Microsoft Office Click-to-Run Service 

I would uninstall it.

 

 


  • 0

Advertisements


#56
shorthaul99

shorthaul99

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts

Well, I reinstalled Kaspersky and the last week has been utter crap. Everything keeps crashing even to the point that when I log into windows, it rejects the passcode/password combo and just sits there or it will log me into a temporary profile and I cant access any files on the HDD. It took me 4 tries today just to log in and get the computer where I could do a couple of invoices and then to open this website and the computer is running super slow.  I have a bad feeling the HDD is on the way out.  I am looking at a solid state HDD for $78.00 and 1 TB of storage brand new on Amazon. The down time messing with this HDD is costing our company money because computer wont work or goes very slow. I love diving into things to find a fix but at this point, I'm spent...your thoughts RKinner?


  • 0

#57
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP

Can you check speccy again and see if the command timeouts have changed.

 

If you buy a new drive stay away from seagate.  Very low reliabilty.  Western Digital blacks are the best.


  • 0

#58
shorthaul99

shorthaul99

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts

here it is:

 

 

Attached Files


  • 0

#59
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP

The command timeouts are increasing so I'd say the drive is failing.

 

This is a fairly simple operation on a desktop.  Most usually have 4 SATA jacks on the motherboard and only two are in use.  If you want to use one of the free SATA jacks you will need a SATA cable but since this is not a permanent thing you can just steal the cable from the DVD drive (keep it plugged to the same Motherboard jack).  There should be an extra power cable and you don't have to mount it.  Just make sure it doesn't short anything out.  I always recommend Western Digital Black drives.  They last longer but anything is better than a Seagate.  You need a desktop hard drive so a 3.5 " SATA 3 1 TB which is what you have or a 2 TB if you want to allow for growth.  Don't go any higher or you will run into the NTFS limit.  

 

To clone the drive, you can use the program from your new hard drive or even from Seagate or you can use one of the free ones:
 
 
 
Some of them require you to boot from a CD or USB drive (it's faster that way but others like aomei can clone from within windows.)

  • 0

#60
shorthaul99

shorthaul99

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts

Stupid question here...I can't seem to find any Western Digital Black drives 3.5 " SATA 3 1 TB in a solid state offering. Only the 2.5" appears to be offered in the solid state config. Were you suggesting to buy the standard 7200 RPM regular spin drive HDD instead of the Seagate Solid State drive that I found for $78.00? Are you saying not to go Solid State? I'm seems like you rarely hear of a SSD drive taking a dump vs a standard HDD.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP