VEW Logs:
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 21/11/2017 12:29:35 AM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 21/11/2017 12:07:51 AM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Desktop Pro 2018":
Host Start failed
Log: 'Application' Date/Time: 21/11/2017 12:07:51 AM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Desktop Pro 2018":
Runtime not yet initialized
Log: 'Application' Date/Time: 20/11/2017 11:57:30 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Desktop Pro 2018":
Host Start failed
Log: 'Application' Date/Time: 20/11/2017 11:57:30 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Desktop Pro 2018":
Runtime not yet initialized
Log: 'Application' Date/Time: 20/11/2017 11:51:20 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Desktop Pro 2018":
Host Start failed
Log: 'Application' Date/Time: 20/11/2017 11:51:20 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Desktop Pro 2018":
Runtime not yet initialized
Log: 'Application' Date/Time: 20/11/2017 2:25:10 PM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program IEXPLORE.EXE version 11.0.9600.18838 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1bf0 Start Time: 01d3620ac01a0614 Termination Time: 45 Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Report Id:
Log: 'Application' Date/Time: 19/11/2017 1:07:36 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 8595
Log: 'Application' Date/Time: 19/11/2017 1:07:36 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledEvent 8595
Log: 'Application' Date/Time: 19/11/2017 1:07:36 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: Continuously busy for more than a second
Log: 'Application' Date/Time: 18/11/2017 6:08:59 AM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Desktop Pro 2018":
QuickBooks has experienced a problem and must be shut down, ErrorCode:2001267491.
Log: 'Application' Date/Time: 18/11/2017 6:08:19 AM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Desktop Pro 2018":
DMError Information:-6069Additional Info:An Invalid Id or password was specified.
Log: 'Application' Date/Time: 18/11/2017 6:08:19 AM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Desktop Pro 2018":
DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'src\connpool.cpp' at line 1042 from function:'DBMgr::DBConnPool::init'
Log: 'Application' Date/Time: 18/11/2017 6:08:19 AM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Desktop Pro 2018":
Connection String:CON=QBConnectionPool-Probe-QB_JB-HP_28;;DBF=C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\Short Haul Concrete LLC.qbw;CommLinks="ShMem,tcpip(IP=192.168.1.91;TO=5;DOBROADCAST=NONE;port=55378)";ServerName=QB_JB-HP_28;DBN=d7c98d3e8f6b445e97bd1f293ae3d7af
Log: 'Application' Date/Time: 18/11/2017 6:08:19 AM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Desktop Pro 2018":
Connection Error:Invalid user ID or password
Log: 'Application' Date/Time: 18/11/2017 6:08:18 AM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Desktop Pro 2018":
DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'src\connpool.cpp' at line 1042 from function:'DBMgr::DBConnPool::init'
Log: 'Application' Date/Time: 18/11/2017 6:08:18 AM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Desktop Pro 2018":
Connection String:CON=QBConnectionPool-Probe-QB_JB-HP_28;;DBF=C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\Short Haul Concrete LLC.qbw;CommLinks="ShMem,tcpip(IP=192.168.1.91;TO=5;DOBROADCAST=NONE;port=55378)";ServerName=QB_JB-HP_28;DBN=22b78cd1a04a48a8ab47312ea0761449
Log: 'Application' Date/Time: 18/11/2017 6:08:18 AM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Desktop Pro 2018":
Connection Error:Invalid user ID or password
Log: 'Application' Date/Time: 18/11/2017 5:20:05 AM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Desktop Pro 2018":
QuickBooks has experienced a problem and must be shut down, ErrorCode:2008738595.
Log: 'Application' Date/Time: 17/11/2017 10:01:41 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Desktop Pro 2018":
V28.0D R3 (M=1066, L=335, C=249, V=0 (0))
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 21/11/2017 12:15:49 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 24 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 6992 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6992 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1952 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1952 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1952 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1952 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6992 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 1952 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 6992 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 1952 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 6992 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 1952 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 6992 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1952 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 6992 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 1952 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 1952 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1952 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1952 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1952 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1952 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 6992 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 6992 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1952 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Disallowed
Log: 'Application' Date/Time: 20/11/2017 11:59:00 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 9 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 6992 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6992 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6992 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 6992 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 6992 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 6992 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 6992 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 6992 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 6992 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Log: 'Application' Date/Time: 20/11/2017 11:53:05 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 8 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000_Classes:
Process 1848 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000_CLASSES
Process 1848 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000_CLASSES
Process 1848 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000_CLASSES
Process 1848 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000_CLASSES
Process 1848 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000_CLASSES
Process 1848 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000_CLASSES
Process 1848 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000_CLASSES
Process 1848 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000_CLASSES
Log: 'Application' Date/Time: 20/11/2017 11:53:05 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 35 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 6452 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1848 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1848 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1848 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1848 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1848 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1848 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1848 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1848 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1848 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1848 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1848 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1848 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1848 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1848 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 3948 (\Device\HarddiskVolume3\Windows\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6452 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1848 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 6452 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 1848 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 6452 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 1848 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 6452 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 1848 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 6452 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1848 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 6452 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 1848 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1848 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1848 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1848 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1848 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 6452 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 6452 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1848 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Disallowed
Log: 'Application' Date/Time: 20/11/2017 5:39:25 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000_Classes:
Process 4236 (\Device\HarddiskVolume3\Windows\System32\rundll32.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000_CLASSES
Log: 'Application' Date/Time: 20/11/2017 5:39:25 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 24 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 4788 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 4788 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1908 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1908 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1908 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1908 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 4788 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 1908 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 1908 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 4788 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 4788 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 1908 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 4788 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1908 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 4788 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 1908 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 1908 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 4788 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 4788 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1908 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1908 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1908 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1908 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1908 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Disallowed
Log: 'Application' Date/Time: 19/11/2017 8:42:19 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000_Classes:
Process 2972 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000_CLASSES
Process 10228 (\Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft-windows-rundll32_31bf3856ad364e35_6.1.7601.23755_none_368a88b9dac77673\rundll32.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000_CLASSES
Log: 'Application' Date/Time: 19/11/2017 8:42:19 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 32 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 6616 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6616 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6616 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6616 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1952 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1952 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1952 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1952 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2972 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 10228 (\Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft-windows-rundll32_31bf3856ad364e35_6.1.7601.23755_none_368a88b9dac77673\rundll32.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6616 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 1952 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 6616 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 1952 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 6616 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 1952 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 6616 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1952 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 6616 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 1952 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 6616 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1952 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1952 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1952 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1952 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1952 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 6616 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 6616 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 6616 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 6616 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 6616 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 1952 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Disallowed
Log: 'Application' Date/Time: 18/11/2017 7:17:38 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 24 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 6340 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6340 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1972 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1972 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1972 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1972 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6340 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 1972 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 6340 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 1972 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 6340 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 1972 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 6340 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1972 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 6340 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 1972 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 1972 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1972 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1972 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1972 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1972 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 6340 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 6340 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1972 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Disallowed
Log: 'Application' Date/Time: 18/11/2017 6:34:11 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
Log: 'Application' Date/Time: 18/11/2017 6:34:11 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
Log: 'Application' Date/Time: 18/11/2017 6:24:10 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
Log: 'Application' Date/Time: 18/11/2017 6:23:18 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 9 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 6344 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6344 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6344 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 6344 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 6344 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 6344 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 6344 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 6344 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 6344 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Log: 'Application' Date/Time: 18/11/2017 6:16:34 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 24 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 6580 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6580 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1940 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1940 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1940 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1940 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6580 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 1940 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 1940 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 6580 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 6580 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 1940 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 6580 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1940 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 6580 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 1940 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 1940 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1940 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1940 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1940 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1940 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 6580 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 6580 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1940 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Disallowed
Log: 'Application' Date/Time: 18/11/2017 5:54:22 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 24 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 7152 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 7152 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1948 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1948 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1948 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1948 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 7152 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 1948 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 7152 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 1948 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 7152 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 1948 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 7152 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1948 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 7152 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 1948 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 1948 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1948 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1948 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1948 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1948 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 7152 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 7152 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1948 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Disallowed
Log: 'Application' Date/Time: 17/11/2017 8:31:07 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 24 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 1972 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1972 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1972 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1972 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6764 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6764 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1972 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 6764 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 1972 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 6764 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 1972 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 6764 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 1972 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 6764 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1972 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 6764 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 1972 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 6764 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 6764 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1972 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1972 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1972 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1972 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1972 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Disallowed
Log: 'Application' Date/Time: 17/11/2017 3:42:28 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 9 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 6372 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6372 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6372 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 6372 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 6372 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 6372 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 6372 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 6372 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 6372 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Log: 'Application' Date/Time: 17/11/2017 3:03:27 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 24 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 6372 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6372 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1960 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1960 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1960 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1960 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6372 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 1960 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 6372 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 1960 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 6372 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 1960 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 6372 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1960 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 6372 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 1960 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 1960 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1960 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1960 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1960 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1960 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 6372 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 6372 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1960 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Disallowed
Log: 'Application' Date/Time: 16/11/2017 8:59:31 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 9 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 6540 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6540 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6540 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 6540 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 6540 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 6540 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 6540 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 6540 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 6540 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Log: 'Application' Date/Time: 16/11/2017 2:40:19 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 1968 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1968 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1968 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1968 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1968 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 1968 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 1968 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 1968 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1968 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 1968 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1968 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1968 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1968 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1968 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1968 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Disallowed
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 21/11/2017 12:31:22 AM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 21/11/2017 12:05:19 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 20/11/2017 2:18:17 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 21/11/2017 12:05:21 AM
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 6:04:16 PM on ?11/?20/?2017 was unexpected.
Log: 'System' Date/Time: 21/11/2017 12:04:04 AM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RtkAudioService service.
Log: 'System' Date/Time: 21/11/2017 12:03:34 AM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.
Log: 'System' Date/Time: 21/11/2017 12:03:34 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
Log: 'System' Date/Time: 21/11/2017 12:03:34 AM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.
Log: 'System' Date/Time: 21/11/2017 12:03:04 AM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.
Log: 'System' Date/Time: 21/11/2017 12:02:59 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Bluetooth Support Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
Log: 'System' Date/Time: 21/11/2017 12:02:59 AM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Bluetooth Support Service service to connect.
Log: 'System' Date/Time: 20/11/2017 5:58:12 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 20/11/2017 5:57:39 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 20/11/2017 2:19:54 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 20/11/2017 2:19:22 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 20/11/2017 2:18:19 PM
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 8:17:16 AM on ?11/?20/?2017 was unexpected.
Log: 'System' Date/Time: 19/11/2017 8:28:47 PM
Type: Error Category: 0
Event: 36 Source: volsnap
The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
Log: 'System' Date/Time: 18/11/2017 11:46:16 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 18/11/2017 11:45:14 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 18/11/2017 6:36:56 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 18/11/2017 6:36:45 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 18/11/2017 6:35:21 AM
Type: Error Category: 0
Event: 12291 Source: Microsoft-Windows-Directory-Services-SAM
SAM failed to start the TCP/IP or SPX/IPX listening thread
Log: 'System' Date/Time: 18/11/2017 6:35:21 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The IPsec Policy Agent service terminated with the following error: The authentication service is unknown.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 21/11/2017 12:15:50 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.
Log: 'System' Date/Time: 20/11/2017 11:59:01 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.
Log: 'System' Date/Time: 20/11/2017 11:53:06 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.
Log: 'System' Date/Time: 20/11/2017 11:45:54 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_USB_DISK_2.0&REV_PMAP#070B53D328489639&0#.
Log: 'System' Date/Time: 20/11/2017 11:08:44 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.attlocal.net timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 20/11/2017 7:26:19 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.attlocal.net timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 20/11/2017 5:39:26 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.
Log: 'System' Date/Time: 19/11/2017 8:07:26 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.attlocal.net timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 18/11/2017 11:46:16 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_05AC&PID_12A8&MI_00\0.
Log: 'System' Date/Time: 18/11/2017 7:17:39 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.
Log: 'System' Date/Time: 18/11/2017 6:35:22 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.
Log: 'System' Date/Time: 18/11/2017 6:34:49 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.
Log: 'System' Date/Time: 18/11/2017 6:23:59 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\klhk failed to load for the device Root\SYSTEM\0001.
Log: 'System' Date/Time: 18/11/2017 6:23:20 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.
Log: 'System' Date/Time: 18/11/2017 6:16:35 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.
Log: 'System' Date/Time: 18/11/2017 5:54:23 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.
Log: 'System' Date/Time: 18/11/2017 5:17:27 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.
Log: 'System' Date/Time: 18/11/2017 12:53:38 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.attlocal.net timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 17/11/2017 3:42:30 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.
Log: 'System' Date/Time: 17/11/2017 2:38:22 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_USB_DISK_2.0&REV_PMAP#070B53D328489639&0#.