Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

COM Error crashes computer when trying to email


  • Please log in to reply

#61
shorthaul99

shorthaul99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts

AvastCrash#2.jpg

 

 

 

Crashed again after disabling Trace Disk IO Calls...


  • 0

Advertisements


#62
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,012 posts
  • MVP

Did it leave you any files on the desktop?  It usually creates a log file and also a copy of the mbr.

 

It's possible that Kaspersky doesn't like it and is killing it since the last line said it was checking a Kaspersky file.  Not sure I've ever run it on a Kaspersky protected system.

 

Usually it only crashes in both modes when there is something wrong with the file structure.  It might be worth running a disk check to make sure there is nothing wrong there:

 

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check.

 

Reboot and the disk check should start.  It takes several hours depending on the size of the disk and the speed of the CPU so you might want to run it at night.

 

I usually follow up with

 

sfc /scannow

 

in case it removes a bad sector during the check:

 

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc.  This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:

Copy the next two lines:
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  %UserProfile%\desktop\junk.txt
notepad %UserProfile%\desktop\junk.txt


Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply. 

 

Then I run VEW to make sure there are no new errors.

 

Have we run Rogue Killer?

 

Let's run Rogue Killer

http://www.adlice.co...iller/#download
Portable 32 bits
Portable 64 bits

Download and Save.



Right click on the downloaded file (RogueKillerX64.exe or RogueKiller.exe)  and Run As admin

Start Scan
Start Scan

Will take about 20 minutes to complete.

Open Report
Export TXT (save it to your desktop as rk) Save

Do not let Rogue Killer remove anything until you hear from me.  Leave Rogue Killer up (but minimized) so you won't have to rescan.

Open rk.txt and copy and paste it to your next Reply.


 


  • 0

#63
shorthaul99

shorthaul99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts

ASWMBR did not leave any logs or files that I could retrieve. Also, CHKDSK didn't not come back with any kind of log or errors. 

 

Here is scannow log:

 

 

2017-12-13 18:34:24, Info                  CSI    00000009 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:24, Info                  CSI    0000000a [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:24, Info                  CSI    0000000c [SR] Verify complete
2017-12-13 18:34:24, Info                  CSI    0000000d [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:24, Info                  CSI    0000000e [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:24, Info                  CSI    00000010 [SR] Verify complete
2017-12-13 18:34:25, Info                  CSI    00000011 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:25, Info                  CSI    00000012 [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:25, Info                  CSI    00000014 [SR] Verify complete
2017-12-13 18:34:25, Info                  CSI    00000015 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:25, Info                  CSI    00000016 [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:25, Info                  CSI    00000018 [SR] Verify complete
2017-12-13 18:34:25, Info                  CSI    00000019 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:25, Info                  CSI    0000001a [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:26, Info                  CSI    0000001c [SR] Verify complete
2017-12-13 18:34:26, Info                  CSI    0000001d [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:26, Info                  CSI    0000001e [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:26, Info                  CSI    00000020 [SR] Verify complete
2017-12-13 18:34:26, Info                  CSI    00000021 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:26, Info                  CSI    00000022 [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:27, Info                  CSI    00000024 [SR] Verify complete
2017-12-13 18:34:27, Info                  CSI    00000025 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:27, Info                  CSI    00000026 [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:27, Info                  CSI    00000028 [SR] Verify complete
2017-12-13 18:34:27, Info                  CSI    00000029 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:27, Info                  CSI    0000002a [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:27, Info                  CSI    0000002c [SR] Verify complete
2017-12-13 18:34:28, Info                  CSI    0000002d [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:28, Info                  CSI    0000002e [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:28, Info                  CSI    00000030 [SR] Verify complete
2017-12-13 18:34:28, Info                  CSI    00000031 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:28, Info                  CSI    00000032 [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:28, Info                  CSI    00000034 [SR] Verify complete
2017-12-13 18:34:28, Info                  CSI    00000035 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:28, Info                  CSI    00000036 [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:29, Info                  CSI    00000038 [SR] Verify complete
2017-12-13 18:34:29, Info                  CSI    00000039 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:29, Info                  CSI    0000003a [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:29, Info                  CSI    0000003c [SR] Verify complete
2017-12-13 18:34:29, Info                  CSI    0000003d [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:29, Info                  CSI    0000003e [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:30, Info                  CSI    00000040 [SR] Verify complete
2017-12-13 18:34:30, Info                  CSI    00000041 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:30, Info                  CSI    00000042 [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:30, Info                  CSI    00000044 [SR] Verify complete
2017-12-13 18:34:30, Info                  CSI    00000045 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:30, Info                  CSI    00000046 [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:30, Info                  CSI    00000048 [SR] Verify complete
2017-12-13 18:34:31, Info                  CSI    00000049 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:31, Info                  CSI    0000004a [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:31, Info                  CSI    0000004c [SR] Verify complete
2017-12-13 18:34:31, Info                  CSI    0000004d [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:31, Info                  CSI    0000004e [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:31, Info                  CSI    00000050 [SR] Verify complete
2017-12-13 18:34:31, Info                  CSI    00000051 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:31, Info                  CSI    00000052 [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:32, Info                  CSI    00000054 [SR] Verify complete
2017-12-13 18:34:32, Info                  CSI    00000055 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:32, Info                  CSI    00000056 [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:32, Info                  CSI    00000058 [SR] Verify complete
2017-12-13 18:34:32, Info                  CSI    00000059 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:32, Info                  CSI    0000005a [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:33, Info                  CSI    0000005c [SR] Verify complete
2017-12-13 18:34:33, Info                  CSI    0000005d [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:33, Info                  CSI    0000005e [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:34, Info                  CSI    00000060 [SR] Verify complete
2017-12-13 18:34:34, Info                  CSI    00000061 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:34, Info                  CSI    00000062 [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:34, Info                  CSI    00000064 [SR] Verify complete
2017-12-13 18:34:35, Info                  CSI    00000065 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:35, Info                  CSI    00000066 [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:35, Info                  CSI    00000068 [SR] Verify complete
2017-12-13 18:34:35, Info                  CSI    00000069 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:35, Info                  CSI    0000006a [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:36, Info                  CSI    0000006c [SR] Verify complete
2017-12-13 18:34:36, Info                  CSI    0000006d [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:36, Info                  CSI    0000006e [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:37, Info                  CSI    00000070 [SR] Verify complete
2017-12-13 18:34:37, Info                  CSI    00000071 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:37, Info                  CSI    00000072 [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:37, Info                  CSI    00000074 [SR] Verify complete
2017-12-13 18:34:37, Info                  CSI    00000075 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:37, Info                  CSI    00000076 [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:38, Info                  CSI    00000078 [SR] Verify complete
2017-12-13 18:34:38, Info                  CSI    00000079 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:38, Info                  CSI    0000007a [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:38, Info                  CSI    0000007c [SR] Verify complete
2017-12-13 18:34:38, Info                  CSI    0000007d [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:38, Info                  CSI    0000007e [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:39, Info                  CSI    00000080 [SR] Verify complete
2017-12-13 18:34:39, Info                  CSI    00000081 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:39, Info                  CSI    00000082 [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:39, Info                  CSI    00000084 [SR] Verify complete
2017-12-13 18:34:39, Info                  CSI    00000085 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:39, Info                  CSI    00000086 [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:40, Info                  CSI    00000088 [SR] Verify complete
2017-12-13 18:34:40, Info                  CSI    00000089 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:40, Info                  CSI    0000008a [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:42, Info                  CSI    0000008c [SR] Verify complete
2017-12-13 18:34:42, Info                  CSI    0000008d [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:42, Info                  CSI    0000008e [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:43, Info                  CSI    00000090 [SR] Verify complete
2017-12-13 18:34:43, Info                  CSI    00000091 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:43, Info                  CSI    00000092 [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:44, Info                  CSI    00000094 [SR] Verify complete
2017-12-13 18:34:44, Info                  CSI    00000095 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:44, Info                  CSI    00000096 [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:45, Info                  CSI    0000009a [SR] Verify complete
2017-12-13 18:34:46, Info                  CSI    0000009b [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:46, Info                  CSI    0000009c [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:48, Info                  CSI    000000a1 [SR] Verify complete
2017-12-13 18:34:48, Info                  CSI    000000a2 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:48, Info                  CSI    000000a3 [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:49, Info                  CSI    000000a5 [SR] Verify complete
2017-12-13 18:34:50, Info                  CSI    000000a6 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:50, Info                  CSI    000000a7 [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:51, Info                  CSI    000000aa [SR] Verify complete
2017-12-13 18:34:51, Info                  CSI    000000ab [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:51, Info                  CSI    000000ac [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:53, Info                  CSI    000000ae [SR] Verify complete
2017-12-13 18:34:53, Info                  CSI    000000af [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:53, Info                  CSI    000000b0 [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:56, Info                  CSI    000000d2 [SR] Verify complete
2017-12-13 18:34:56, Info                  CSI    000000d3 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:56, Info                  CSI    000000d4 [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:57, Info                  CSI    000000d9 [SR] Verify complete
2017-12-13 18:34:57, Info                  CSI    000000da [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:57, Info                  CSI    000000db [SR] Beginning Verify and Repair transaction
2017-12-13 18:35:00, Info                  CSI    000000dd [SR] Verify complete
2017-12-13 18:35:00, Info                  CSI    000000de [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:35:00, Info                  CSI    000000df [SR] Beginning Verify and Repair transaction
2017-12-13 18:35:01, Info                  CSI    000000e1 [SR] Verify complete
2017-12-13 18:35:01, Info                  CSI    000000e2 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:35:01, Info                  CSI    000000e3 [SR] Beginning Verify and Repair transaction
2017-12-13 18:35:03, Info                  CSI    000000e5 [SR] Verify complete
2017-12-13 18:35:03, Info                  CSI    000000e6 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:35:03, Info                  CSI    000000e7 [SR] Beginning Verify and Repair transaction
2017-12-13 18:35:04, Info                  CSI    000000e9 [SR] Verify complete
2017-12-13 18:35:05, Info                  CSI    000000ea [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:35:05, Info                  CSI    000000eb [SR] Beginning Verify and Repair transaction
2017-12-13 18:35:07, Info                  CSI    000000ed [SR] Verify complete
2017-12-13 18:35:07, Info                  CSI    000000ee [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:35:07, Info                  CSI    000000ef [SR] Beginning Verify and Repair transaction
2017-12-13 18:35:09, Info                  CSI    00000112 [SR] Verify complete
2017-12-13 18:35:09, Info                  CSI    00000113 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:35:09, Info                  CSI    00000114 [SR] Beginning Verify and Repair transaction
2017-12-13 18:35:12, Info                  CSI    00000116 [SR] Verify complete
2017-12-13 18:35:12, Info                  CSI    00000117 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:35:12, Info                  CSI    00000118 [SR] Beginning Verify and Repair transaction
2017-12-13 18:35:16, Info                  CSI    0000011a [SR] Verify complete
2017-12-13 18:35:16, Info                  CSI    0000011b [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:35:16, Info                  CSI    0000011c [SR] Beginning Verify and Repair transaction
2017-12-13 18:35:19, Info                  CSI    00000120 [SR] Verify complete
2017-12-13 18:35:19, Info                  CSI    00000121 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:35:19, Info                  CSI    00000122 [SR] Beginning Verify and Repair transaction
2017-12-13 18:35:20, Info                  CSI    00000124 [SR] Verify complete
2017-12-13 18:35:20, Info                  CSI    00000125 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:35:20, Info                  CSI    00000126 [SR] Beginning Verify and Repair transaction
2017-12-13 18:35:21, Info                  CSI    00000128 [SR] Verify complete
2017-12-13 18:35:21, Info                  CSI    00000129 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:35:21, Info                  CSI    0000012a [SR] Beginning Verify and Repair transaction
2017-12-13 18:35:22, Info                  CSI    0000012c [SR] Verify complete
2017-12-13 18:35:22, Info                  CSI    0000012d [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:35:22, Info                  CSI    0000012e [SR] Beginning Verify and Repair transaction
2017-12-13 18:35:25, Info                  CSI    0000013e [SR] Verify complete
2017-12-13 18:35:25, Info                  CSI    0000013f [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:35:25, Info                  CSI    00000140 [SR] Beginning Verify and Repair transaction
2017-12-13 18:35:27, Info                  CSI    00000145 [SR] Verify complete
2017-12-13 18:35:27, Info                  CSI    00000146 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:35:27, Info                  CSI    00000147 [SR] Beginning Verify and Repair transaction
2017-12-13 18:35:28, Info                  CSI    00000149 [SR] Verify complete
2017-12-13 18:35:28, Info                  CSI    0000014a [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:35:28, Info                  CSI    0000014b [SR] Beginning Verify and Repair transaction
2017-12-13 18:35:30, Info                  CSI    0000014d [SR] Verify complete
2017-12-13 18:35:30, Info                  CSI    0000014e [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:35:30, Info                  CSI    0000014f [SR] Beginning Verify and Repair transaction
2017-12-13 18:35:31, Info                  CSI    00000151 [SR] Verify complete
2017-12-13 18:35:31, Info                  CSI    00000152 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:35:31, Info                  CSI    00000153 [SR] Beginning Verify and Repair transaction
2017-12-13 18:35:34, Info                  CSI    00000156 [SR] Verify complete
2017-12-13 18:35:34, Info                  CSI    00000157 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:35:34, Info                  CSI    00000158 [SR] Beginning Verify and Repair transaction
2017-12-13 18:35:36, Info                  CSI    0000015b [SR] Verify complete
2017-12-13 18:35:36, Info                  CSI    0000015c [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:35:36, Info                  CSI    0000015d [SR] Beginning Verify and Repair transaction
2017-12-13 18:35:37, Info                  CSI    0000015f [SR] Verify complete
2017-12-13 18:35:38, Info                  CSI    00000160 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:35:38, Info                  CSI    00000161 [SR] Beginning Verify and Repair transaction
2017-12-13 18:35:38, Info                  CSI    00000163 [SR] Verify complete
2017-12-13 18:35:39, Info                  CSI    00000164 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:35:39, Info                  CSI    00000165 [SR] Beginning Verify and Repair transaction
2017-12-13 18:35:41, Info                  CSI    00000167 [SR] Verify complete
2017-12-13 18:35:41, Info                  CSI    00000168 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:35:41, Info                  CSI    00000169 [SR] Beginning Verify and Repair transaction
2017-12-13 18:35:43, Info                  CSI    0000016b [SR] Verify complete
2017-12-13 18:35:43, Info                  CSI    0000016c [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:35:43, Info                  CSI    0000016d [SR] Beginning Verify and Repair transaction
2017-12-13 18:35:46, Info                  CSI    0000016f [SR] Verify complete
2017-12-13 18:35:46, Info                  CSI    00000170 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:35:46, Info                  CSI    00000171 [SR] Beginning Verify and Repair transaction
2017-12-13 18:35:50, Info                  CSI    00000189 [SR] Verify complete
2017-12-13 18:35:50, Info                  CSI    0000018a [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:35:50, Info                  CSI    0000018b [SR] Beginning Verify and Repair transaction
2017-12-13 18:35:52, Info                  CSI    0000018d [SR] Verify complete
2017-12-13 18:35:52, Info                  CSI    0000018e [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:35:52, Info                  CSI    0000018f [SR] Beginning Verify and Repair transaction
2017-12-13 18:35:57, Info                  CSI    00000191 [SR] Verify complete
2017-12-13 18:35:57, Info                  CSI    00000192 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:35:57, Info                  CSI    00000193 [SR] Beginning Verify and Repair transaction
2017-12-13 18:36:01, Info                  CSI    00000196 [SR] Verify complete
2017-12-13 18:36:01, Info                  CSI    00000197 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:36:01, Info                  CSI    00000198 [SR] Beginning Verify and Repair transaction
2017-12-13 18:36:03, Info                  CSI    0000019a [SR] Verify complete
2017-12-13 18:36:03, Info                  CSI    0000019b [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:36:03, Info                  CSI    0000019c [SR] Beginning Verify and Repair transaction
2017-12-13 18:36:05, Info                  CSI    0000019e [SR] Verify complete
2017-12-13 18:36:05, Info                  CSI    0000019f [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:36:05, Info                  CSI    000001a0 [SR] Beginning Verify and Repair transaction
2017-12-13 18:36:07, Info                  CSI    000001a2 [SR] Verify complete
2017-12-13 18:36:07, Info                  CSI    000001a3 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:36:07, Info                  CSI    000001a4 [SR] Beginning Verify and Repair transaction
2017-12-13 18:36:09, Info                  CSI    000001a6 [SR] Verify complete
2017-12-13 18:36:09, Info                  CSI    000001a7 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:36:09, Info                  CSI    000001a8 [SR] Beginning Verify and Repair transaction
2017-12-13 18:36:10, Info                  CSI    000001ac [SR] Verify complete
2017-12-13 18:36:11, Info                  CSI    000001ad [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:36:11, Info                  CSI    000001ae [SR] Beginning Verify and Repair transaction
2017-12-13 18:36:12, Info                  CSI    000001b0 [SR] Verify complete
2017-12-13 18:36:12, Info                  CSI    000001b1 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:36:12, Info                  CSI    000001b2 [SR] Beginning Verify and Repair transaction
2017-12-13 18:36:17, Info                  CSI    000001b4 [SR] Verify complete
2017-12-13 18:36:17, Info                  CSI    000001b5 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:36:17, Info                  CSI    000001b6 [SR] Beginning Verify and Repair transaction
2017-12-13 18:36:20, Info                  CSI    000001b9 [SR] Verify complete
2017-12-13 18:36:20, Info                  CSI    000001ba [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:36:20, Info                  CSI    000001bb [SR] Beginning Verify and Repair transaction
2017-12-13 18:36:21, Info                  CSI    000001be [SR] Verify complete
2017-12-13 18:36:21, Info                  CSI    000001bf [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:36:21, Info                  CSI    000001c0 [SR] Beginning Verify and Repair transaction
2017-12-13 18:36:23, Info                  CSI    000001c2 [SR] Verify complete
2017-12-13 18:36:23, Info                  CSI    000001c3 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:36:23, Info                  CSI    000001c4 [SR] Beginning Verify and Repair transaction
2017-12-13 18:36:26, Info                  CSI    000001c7 [SR] Verify complete
2017-12-13 18:36:26, Info                  CSI    000001c8 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:36:26, Info                  CSI    000001c9 [SR] Beginning Verify and Repair transaction
2017-12-13 18:36:28, Info                  CSI    000001cb [SR] Verify complete
2017-12-13 18:36:28, Info                  CSI    000001cc [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:36:28, Info                  CSI    000001cd [SR] Beginning Verify and Repair transaction
2017-12-13 18:36:30, Info                  CSI    000001cf [SR] Verify complete
2017-12-13 18:36:30, Info                  CSI    000001d0 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:36:30, Info                  CSI    000001d1 [SR] Beginning Verify and Repair transaction
2017-12-13 18:36:32, Info                  CSI    000001d3 [SR] Verify complete
2017-12-13 18:36:32, Info                  CSI    000001d4 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:36:32, Info                  CSI    000001d5 [SR] Beginning Verify and Repair transaction
2017-12-13 18:36:33, Info                  CSI    000001d8 [SR] Verify complete
2017-12-13 18:36:34, Info                  CSI    000001d9 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:36:34, Info                  CSI    000001da [SR] Beginning Verify and Repair transaction
2017-12-13 18:36:35, Info                  CSI    000001dc [SR] Verify complete
2017-12-13 18:36:35, Info                  CSI    000001dd [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:36:35, Info                  CSI    000001de [SR] Beginning Verify and Repair transaction
2017-12-13 18:36:37, Info                  CSI    000001e0 [SR] Verify complete
2017-12-13 18:36:37, Info                  CSI    000001e1 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:36:37, Info                  CSI    000001e2 [SR] Beginning Verify and Repair transaction
2017-12-13 18:36:39, Info                  CSI    000001e5 [SR] Verify complete
2017-12-13 18:36:39, Info                  CSI    000001e6 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:36:39, Info                  CSI    000001e7 [SR] Beginning Verify and Repair transaction
2017-12-13 18:36:41, Info                  CSI    000001e9 [SR] Verify complete
2017-12-13 18:36:41, Info                  CSI    000001ea [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:36:41, Info                  CSI    000001eb [SR] Beginning Verify and Repair transaction
2017-12-13 18:36:42, Info                  CSI    000001ef [SR] Verify complete
2017-12-13 18:36:43, Info                  CSI    000001f0 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:36:43, Info                  CSI    000001f1 [SR] Beginning Verify and Repair transaction
2017-12-13 18:36:45, Info                  CSI    000001f3 [SR] Verify complete
2017-12-13 18:36:45, Info                  CSI    000001f4 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:36:45, Info                  CSI    000001f5 [SR] Beginning Verify and Repair transaction
2017-12-13 18:36:47, Info                  CSI    000001f8 [SR] Verify complete
2017-12-13 18:36:47, Info                  CSI    000001f9 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:36:47, Info                  CSI    000001fa [SR] Beginning Verify and Repair transaction
2017-12-13 18:36:49, Info                  CSI    000001fc [SR] Verify complete
2017-12-13 18:36:49, Info                  CSI    000001fd [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:36:49, Info                  CSI    000001fe [SR] Beginning Verify and Repair transaction
2017-12-13 18:36:50, Info                  CSI    00000200 [SR] Verify complete
2017-12-13 18:36:50, Info                  CSI    00000201 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:36:50, Info                  CSI    00000202 [SR] Beginning Verify and Repair transaction
2017-12-13 18:36:51, Info                  CSI    00000204 [SR] Verify complete
2017-12-13 18:36:51, Info                  CSI    00000205 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:36:51, Info                  CSI    00000206 [SR] Beginning Verify and Repair transaction
2017-12-13 18:36:53, Info                  CSI    00000208 [SR] Verify complete
2017-12-13 18:36:53, Info                  CSI    00000209 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:36:53, Info                  CSI    0000020a [SR] Beginning Verify and Repair transaction
2017-12-13 18:36:55, Info                  CSI    0000020c [SR] Verify complete
2017-12-13 18:36:55, Info                  CSI    0000020d [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:36:55, Info                  CSI    0000020e [SR] Beginning Verify and Repair transaction
2017-12-13 18:36:57, Info                  CSI    00000210 [SR] Verify complete
2017-12-13 18:36:57, Info                  CSI    00000211 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:36:57, Info                  CSI    00000212 [SR] Beginning Verify and Repair transaction
2017-12-13 18:36:58, Info                  CSI    00000214 [SR] Verify complete
2017-12-13 18:36:58, Info                  CSI    00000215 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:36:58, Info                  CSI    00000216 [SR] Beginning Verify and Repair transaction
2017-12-13 18:37:02, Info                  CSI    00000218 [SR] Verify complete
2017-12-13 18:37:02, Info                  CSI    00000219 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:37:02, Info                  CSI    0000021a [SR] Beginning Verify and Repair transaction
2017-12-13 18:37:11, Info                  CSI    0000021c [SR] Verify complete
2017-12-13 18:37:11, Info                  CSI    0000021d [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:37:11, Info                  CSI    0000021e [SR] Beginning Verify and Repair transaction
2017-12-13 18:37:14, Info                  CSI    00000220 [SR] Verify complete
2017-12-13 18:37:14, Info                  CSI    00000221 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:37:14, Info                  CSI    00000222 [SR] Beginning Verify and Repair transaction
2017-12-13 18:37:17, Info                  CSI    00000224 [SR] Verify complete
2017-12-13 18:37:17, Info                  CSI    00000225 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:37:17, Info                  CSI    00000226 [SR] Beginning Verify and Repair transaction
2017-12-13 18:37:18, Info                  CSI    00000228 [SR] Verify complete
2017-12-13 18:37:19, Info                  CSI    00000229 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:37:19, Info                  CSI    0000022a [SR] Beginning Verify and Repair transaction
2017-12-13 18:37:20, Info                  CSI    0000022c [SR] Verify complete
2017-12-13 18:37:20, Info                  CSI    0000022d [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:37:20, Info                  CSI    0000022e [SR] Beginning Verify and Repair transaction
2017-12-13 18:37:21, Info                  CSI    00000230 [SR] Verify complete
2017-12-13 18:37:21, Info                  CSI    00000231 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:37:21, Info                  CSI    00000232 [SR] Beginning Verify and Repair transaction
2017-12-13 18:37:23, Info                  CSI    00000234 [SR] Verify complete
2017-12-13 18:37:23, Info                  CSI    00000235 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:37:23, Info                  CSI    00000236 [SR] Beginning Verify and Repair transaction
2017-12-13 18:37:24, Info                  CSI    00000238 [SR] Verify complete
2017-12-13 18:37:24, Info                  CSI    00000239 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:37:24, Info                  CSI    0000023a [SR] Beginning Verify and Repair transaction
2017-12-13 18:37:24, Info                  CSI    0000023c [SR] Verify complete
2017-12-13 18:37:24, Info                  CSI    0000023d [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:37:24, Info                  CSI    0000023e [SR] Beginning Verify and Repair transaction
2017-12-13 18:37:27, Info                  CSI    00000246 [SR] Verify complete
2017-12-13 18:37:27, Info                  CSI    00000247 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:37:27, Info                  CSI    00000248 [SR] Beginning Verify and Repair transaction
2017-12-13 18:37:28, Info                  CSI    0000024a [SR] Verify complete
2017-12-13 18:37:28, Info                  CSI    0000024b [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:37:28, Info                  CSI    0000024c [SR] Beginning Verify and Repair transaction
2017-12-13 18:37:29, Info                  CSI    0000024e [SR] Verify complete
2017-12-13 18:37:29, Info                  CSI    0000024f [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:37:29, Info                  CSI    00000250 [SR] Beginning Verify and Repair transaction
2017-12-13 18:37:31, Info                  CSI    00000252 [SR] Verify complete
2017-12-13 18:37:31, Info                  CSI    00000253 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:37:31, Info                  CSI    00000254 [SR] Beginning Verify and Repair transaction
2017-12-13 18:37:33, Info                  CSI    00000256 [SR] Verify complete
2017-12-13 18:37:33, Info                  CSI    00000257 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:37:33, Info                  CSI    00000258 [SR] Beginning Verify and Repair transaction
2017-12-13 18:37:36, Info                  CSI    0000025b [SR] Verify complete
2017-12-13 18:37:36, Info                  CSI    0000025c [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:37:36, Info                  CSI    0000025d [SR] Beginning Verify and Repair transaction
2017-12-13 18:37:37, Info                  CSI    0000025f [SR] Verify complete
2017-12-13 18:37:37, Info                  CSI    00000260 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:37:37, Info                  CSI    00000261 [SR] Beginning Verify and Repair transaction
2017-12-13 18:37:38, Info                  CSI    00000263 [SR] Verify complete
2017-12-13 18:37:38, Info                  CSI    00000264 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:37:38, Info                  CSI    00000265 [SR] Beginning Verify and Repair transaction
2017-12-13 18:37:39, Info                  CSI    00000267 [SR] Cannot repair member file [l:26{13}]"iesysprep.dll" of Microsoft-Windows-IE-Sysprep, Version = 11.2.9600.16428, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2017-12-13 18:37:41, Info                  CSI    0000026b [SR] Cannot repair member file [l:26{13}]"iesysprep.dll" of Microsoft-Windows-IE-Sysprep, Version = 11.2.9600.16428, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2017-12-13 18:37:41, Info                  CSI    0000026c [SR] This component was referenced by [l:230{115}]"Microsoft-Windows-InternetExplorer-VistaPlus-Update~31bf3856ad364e35~amd64~~11.2.9600.16428.Internet-Explorer-amd64"
2017-12-13 18:37:42, Info                  CSI    0000026f [SR] Verify complete
2017-12-13 18:37:42, Info                  CSI    00000270 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:37:42, Info                  CSI    00000271 [SR] Beginning Verify and Repair transaction
2017-12-13 18:37:45, Info                  CSI    00000274 [SR] Verify complete
2017-12-13 18:37:45, Info                  CSI    00000275 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:37:45, Info                  CSI    00000276 [SR] Beginning Verify and Repair transaction
2017-12-13 18:37:47, Info                  CSI    0000027a [SR] Verify complete
2017-12-13 18:37:48, Info                  CSI    0000027b [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:37:48, Info                  CSI    0000027c [SR] Beginning Verify and Repair transaction
2017-12-13 18:37:50, Info                  CSI    00000286 [SR] Verify complete
2017-12-13 18:37:50, Info                  CSI    00000287 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:37:50, Info                  CSI    00000288 [SR] Beginning Verify and Repair transaction
2017-12-13 18:37:52, Info                  CSI    0000028f [SR] Verify complete
2017-12-13 18:37:53, Info                  CSI    00000290 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:37:53, Info                  CSI    00000291 [SR] Beginning Verify and Repair transaction
2017-12-13 18:37:54, Info                  CSI    00000296 [SR] Verify complete
2017-12-13 18:37:54, Info                  CSI    00000297 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:37:54, Info                  CSI    00000298 [SR] Beginning Verify and Repair transaction
2017-12-13 18:37:56, Info                  CSI    0000029c [SR] Verify complete
2017-12-13 18:37:56, Info                  CSI    0000029d [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:37:56, Info                  CSI    0000029e [SR] Beginning Verify and Repair transaction
2017-12-13 18:37:57, Info                  CSI    000002a0 [SR] Verify complete
2017-12-13 18:37:57, Info                  CSI    000002a1 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:37:57, Info                  CSI    000002a2 [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:00, Info                  CSI    000002c7 [SR] Verify complete
2017-12-13 18:38:00, Info                  CSI    000002c8 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:38:00, Info                  CSI    000002c9 [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:02, Info                  CSI    000002cb [SR] Verify complete
2017-12-13 18:38:02, Info                  CSI    000002cc [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:38:02, Info                  CSI    000002cd [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:03, Info                  CSI    000002cf [SR] Verify complete
2017-12-13 18:38:04, Info                  CSI    000002d0 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:38:04, Info                  CSI    000002d1 [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:05, Info                  CSI    000002d3 [SR] Verify complete
2017-12-13 18:38:06, Info                  CSI    000002d4 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:38:06, Info                  CSI    000002d5 [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:07, Info                  CSI    000002e2 [SR] Verify complete
2017-12-13 18:38:07, Info                  CSI    000002e3 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:38:07, Info                  CSI    000002e4 [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:08, Info                  CSI    000002e7 [SR] Verify complete
2017-12-13 18:38:08, Info                  CSI    000002e8 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:38:08, Info                  CSI    000002e9 [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:11, Info                  CSI    000002ed [SR] Verify complete
2017-12-13 18:38:11, Info                  CSI    000002ee [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:38:11, Info                  CSI    000002ef [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:14, Info                  CSI    000002fb [SR] Verify complete
2017-12-13 18:38:14, Info                  CSI    000002fc [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:38:14, Info                  CSI    000002fd [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:15, Info                  CSI    000002ff [SR] Verify complete
2017-12-13 18:38:15, Info                  CSI    00000300 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:38:15, Info                  CSI    00000301 [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:17, Info                  CSI    00000304 [SR] Verify complete
2017-12-13 18:38:17, Info                  CSI    00000305 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:38:17, Info                  CSI    00000306 [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:18, Info                  CSI    00000308 [SR] Verify complete
2017-12-13 18:38:18, Info                  CSI    00000309 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:38:18, Info                  CSI    0000030a [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:20, Info                  CSI    0000030c [SR] Verify complete
2017-12-13 18:38:20, Info                  CSI    0000030d [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:38:20, Info                  CSI    0000030e [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:22, Info                  CSI    00000310 [SR] Verify complete
2017-12-13 18:38:22, Info                  CSI    00000311 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:38:22, Info                  CSI    00000312 [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:24, Info                  CSI    00000314 [SR] Verify complete
2017-12-13 18:38:24, Info                  CSI    00000315 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:38:24, Info                  CSI    00000316 [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:27, Info                  CSI    00000330 [SR] Verify complete
2017-12-13 18:38:27, Info                  CSI    00000331 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:38:27, Info                  CSI    00000332 [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:29, Info                  CSI    00000334 [SR] Verify complete
2017-12-13 18:38:29, Info                  CSI    00000335 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:38:29, Info                  CSI    00000336 [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:34, Info                  CSI    00000338 [SR] Verify complete
2017-12-13 18:38:34, Info                  CSI    00000339 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:38:34, Info                  CSI    0000033a [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:36, Info                  CSI    0000033c [SR] Verify complete
2017-12-13 18:38:36, Info                  CSI    0000033d [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:38:36, Info                  CSI    0000033e [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:37, Info                  CSI    00000342 [SR] Verify complete
2017-12-13 18:38:37, Info                  CSI    00000343 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:38:37, Info                  CSI    00000344 [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:38, Info                  CSI    00000346 [SR] Verify complete
2017-12-13 18:38:39, Info                  CSI    00000347 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:38:39, Info                  CSI    00000348 [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:41, Info                  CSI    0000034a [SR] Verify complete
2017-12-13 18:38:41, Info                  CSI    0000034b [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:38:41, Info                  CSI    0000034c [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:42, Info                  CSI    0000034e [SR] Verify complete
2017-12-13 18:38:42, Info                  CSI    0000034f [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:38:42, Info                  CSI    00000350 [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:44, Info                  CSI    00000353 [SR] Verify complete
2017-12-13 18:38:44, Info                  CSI    00000354 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:38:44, Info                  CSI    00000355 [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:45, Info                  CSI    00000357 [SR] Verify complete
2017-12-13 18:38:45, Info                  CSI    00000358 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:38:45, Info                  CSI    00000359 [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:47, Info                  CSI    0000035b [SR] Verify complete
2017-12-13 18:38:47, Info                  CSI    0000035c [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:38:47, Info                  CSI    0000035d [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:48, Info                  CSI    0000035f [SR] Verify complete
2017-12-13 18:38:48, Info                  CSI    00000360 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:38:48, Info                  CSI    00000361 [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:51, Info                  CSI    00000364 [SR] Verify complete
2017-12-13 18:38:51, Info                  CSI    00000365 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:38:51, Info                  CSI    00000366 [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:52, Info                  CSI    00000368 [SR] Verify complete
2017-12-13 18:38:52, Info                  CSI    00000369 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:38:52, Info                  CSI    0000036a [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:54, Info                  CSI    0000036c [SR] Verify complete
2017-12-13 18:38:54, Info                  CSI    0000036d [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:38:54, Info                  CSI    0000036e [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:56, Info                  CSI    00000370 [SR] Verify complete
2017-12-13 18:38:56, Info                  CSI    00000371 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:38:56, Info                  CSI    00000372 [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:58, Info                  CSI    00000374 [SR] Verify complete
2017-12-13 18:38:58, Info                  CSI    00000375 [SR] Verifying 27 (0x000000000000001b) components
2017-12-13 18:38:58, Info                  CSI    00000376 [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:58, Info                  CSI    00000378 [SR] Verify complete
2017-12-13 18:38:58, Info                  CSI    00000379 [SR] Repairing 1 components
2017-12-13 18:38:58, Info                  CSI    0000037a [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:58, Info                  CSI    0000037c [SR] Cannot repair member file [l:26{13}]"iesysprep.dll" of Microsoft-Windows-IE-Sysprep, Version = 11.2.9600.16428, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2017-12-13 18:38:58, Info                  CSI    0000037e [SR] Cannot repair member file [l:26{13}]"iesysprep.dll" of Microsoft-Windows-IE-Sysprep, Version = 11.2.9600.16428, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2017-12-13 18:38:58, Info                  CSI    0000037f [SR] This component was referenced by [l:230{115}]"Microsoft-Windows-InternetExplorer-VistaPlus-Update~31bf3856ad364e35~amd64~~11.2.9600.16428.Internet-Explorer-amd64"
2017-12-13 18:38:58, Info                  CSI    00000381 [SR] Repair complete
2017-12-13 18:38:58, Info                  CSI    00000382 [SR] Committing transaction
2017-12-13 18:38:58, Info                  CSI    00000386 [SR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction  have been successfully repaired

 

 

 

Here is VEW application:

 

 

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 13/12/2017 6:42:18 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 13/12/2017 8:23:17 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Desktop Pro 2018":
Host Start  failed

Log: 'Application' Date/Time: 13/12/2017 8:23:17 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Desktop Pro 2018":
Runtime not yet initialized

Log: 'Application' Date/Time: 13/12/2017 4:38:59 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: aswmbr.exe, version: 1.0.1.2290, time stamp: 0x54b4df14 Faulting module name: ntdll.dll, version: 6.1.7601.23915, time stamp: 0x59b94a16 Exception code: 0xc0000005 Fault offset: 0x0002e49b Faulting process id: 0xc7c Faulting application start time: 0x01d373c87c235a19 Faulting application path: C:\Users\JB\Desktop\aswmbr.exe Faulting module path: C:\windows\SysWOW64\ntdll.dll Report Id: 88b3e5bf-dfbf-11e7-8a36-d85de2936b3c

Log: 'Application' Date/Time: 12/12/2017 11:24:10 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: aswmbr.exe, version: 1.0.1.2290, time stamp: 0x54b4df14 Faulting module name: ntdll.dll, version: 6.1.7601.23915, time stamp: 0x59b94a16 Exception code: 0xc0000005 Fault offset: 0x0002e49b Faulting process id: 0x1918 Faulting application start time: 0x01d3739d3f8a72b5 Faulting application path: C:\Users\JB\Desktop\aswmbr.exe Faulting module path: C:\windows\SysWOW64\ntdll.dll Report Id: 8e17cf8c-df93-11e7-8a36-d85de2936b3c

Log: 'Application' Date/Time: 12/12/2017 11:01:06 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Desktop Pro 2018":
QuickBooks has experienced a problem and must be shut down, ErrorCode:2004937507.

Log: 'Application' Date/Time: 11/12/2017 9:23:15 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Desktop Pro 2018":
Host Start  failed

Log: 'Application' Date/Time: 11/12/2017 9:23:15 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Desktop Pro 2018":
Runtime not yet initialized

Log: 'Application' Date/Time: 11/12/2017 9:22:32 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Desktop Pro 2018":
V28.0D R3 (M=1066, L=335, C=249, V=0 (0))

Log: 'Application' Date/Time: 11/12/2017 8:36:47 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Desktop Pro 2018":
Host Start  failed

Log: 'Application' Date/Time: 11/12/2017 8:36:47 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Desktop Pro 2018":
Runtime not yet initialized

Log: 'Application' Date/Time: 11/12/2017 8:27:40 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Desktop Pro 2018":
DMError Information:-6069Additional Info:An Invalid Id or password was specified.

Log: 'Application' Date/Time: 11/12/2017 8:27:40 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Desktop Pro 2018":
DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'src\connpool.cpp' at line 1042 from function:'DBMgr::DBConnPool::init'

Log: 'Application' Date/Time: 11/12/2017 8:27:40 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Desktop Pro 2018":
Connection String:CON=QBConnectionPool-Probe-QB_JB-HP_28;;DBF=C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\Short Haul Concrete LLC.qbw;CommLinks="ShMem,tcpip(IP=192.168.7.81;TO=5;DOBROADCAST=NONE;port=55378)";ServerName=QB_JB-HP_28;DBN=81b183e537844ac384bc26d615598f2f

Log: 'Application' Date/Time: 11/12/2017 8:27:40 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Desktop Pro 2018":
Connection Error:Invalid user ID or password

Log: 'Application' Date/Time: 11/12/2017 8:27:39 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Desktop Pro 2018":
DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'src\connpool.cpp' at line 1042 from function:'DBMgr::DBConnPool::init'

Log: 'Application' Date/Time: 11/12/2017 8:27:39 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Desktop Pro 2018":
Connection String:CON=QBConnectionPool-Probe-QB_JB-HP_28;;DBF=C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\Short Haul Concrete LLC.qbw;CommLinks="ShMem,tcpip(IP=192.168.7.81;TO=5;DOBROADCAST=NONE;port=55378)";ServerName=QB_JB-HP_28;DBN=76ea9268c9354e96b76d7e3a6a953c97

Log: 'Application' Date/Time: 11/12/2017 8:27:39 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Desktop Pro 2018":
Connection Error:Invalid user ID or password

Log: 'Application' Date/Time: 11/12/2017 8:26:38 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Desktop Pro 2018":
QuickBooks has experienced a problem and must be shut down, ErrorCode:2004937507.

Log: 'Application' Date/Time: 11/12/2017 8:10:48 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Desktop Pro 2018":
DMError Information:-6069Additional Info:An Invalid Id or password was specified.

Log: 'Application' Date/Time: 11/12/2017 8:10:48 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Desktop Pro 2018":
DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'src\connpool.cpp' at line 1042 from function:'DBMgr::DBConnPool::init'

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 14/12/2017 12:08:37 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   24 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 6596 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6596 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2008 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2008 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2008 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2008 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6596 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 2008 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 6596 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 2008 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 6596 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 2008 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 6596 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2008 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 6596 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 2008 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 2008 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 2008 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2008 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2008 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2008 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 6596 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 6596 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2008 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Disallowed

Log: 'Application' Date/Time: 13/12/2017 5:14:53 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   1 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000_Classes:
Process 6872 (\Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft-windows-rundll32_31bf3856ad364e35_6.1.7601.23755_none_368a88b9dac77673\rundll32.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000_CLASSES

Log: 'Application' Date/Time: 13/12/2017 5:14:53 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   24 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 4468 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 4468 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1956 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1956 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1956 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1956 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 4468 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 1956 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 4468 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 1956 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 4468 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 1956 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 4468 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1956 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 4468 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 1956 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 1956 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1956 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1956 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1956 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1956 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 4468 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 4468 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1956 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Disallowed

Log: 'Application' Date/Time: 11/12/2017 6:50:56 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   24 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 6448 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6448 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 6448 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 6448 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 6448 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 6448 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 6448 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 6448 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 6448 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Disallowed

Log: 'Application' Date/Time: 11/12/2017 12:03:18 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   24 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 6436 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6436 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2016 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2016 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2016 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2016 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6436 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 2016 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 2016 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 6436 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 6436 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 2016 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 6436 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2016 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 6436 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 2016 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 2016 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 2016 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2016 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2016 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2016 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 6436 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 6436 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2016 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Disallowed

Log: 'Application' Date/Time: 10/12/2017 11:39:04 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   24 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 6596 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6596 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2032 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2032 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2032 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2032 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6596 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 2032 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 2032 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 6596 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 6596 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 2032 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 6596 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2032 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 6596 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 2032 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 2032 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 2032 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2032 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2032 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2032 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 6596 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 6596 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2032 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Disallowed

Log: 'Application' Date/Time: 10/12/2017 10:26:11 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   9 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 6480 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6480 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6480 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 6480 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 6480 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 6480 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 6480 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 6480 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 6480 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates

Log: 'Application' Date/Time: 10/12/2017 10:23:22 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   11 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 6828 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6828 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1852 (\Device\HarddiskVolume3\Windows\System32\CompatTelRunner.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6828 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 6828 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 6828 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 6828 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 6828 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 1852 (\Device\HarddiskVolume3\Windows\System32\CompatTelRunner.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 6828 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 6828 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates

Log: 'Application' Date/Time: 08/12/2017 4:57:26 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   24 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 1976 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1976 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1976 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1976 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6580 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6580 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1976 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 6580 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 1976 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 6580 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 1976 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 6580 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 1976 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 6580 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1976 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 6580 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 1976 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 6580 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 6580 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1976 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1976 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1976 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1976 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1976 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Disallowed

Log: 'Application' Date/Time: 08/12/2017 1:44:29 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   24 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 7068 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 7068 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1996 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1996 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1996 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1996 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 7068 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 1996 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 7068 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 1996 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 7068 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 1996 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 7068 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1996 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 7068 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 1996 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 1996 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1996 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1996 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1996 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1996 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 7068 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 7068 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1996 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Disallowed

Log: 'Application' Date/Time: 07/12/2017 9:37:40 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   24 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 2036 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2036 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2036 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2036 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6628 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6628 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2036 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 6628 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 2036 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 6628 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 2036 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 6628 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 2036 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 6628 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2036 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 6628 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 2036 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 6628 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 6628 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2036 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2036 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2036 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2036 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2036 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Disallowed

Log: 'Application' Date/Time: 07/12/2017 2:21:01 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   24 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 7088 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 7088 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1948 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1948 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1948 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1948 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1948 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 7088 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 7088 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 1948 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 1948 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 7088 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 1948 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 7088 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1948 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 7088 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 1948 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 7088 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 7088 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1948 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1948 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1948 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1948 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1948 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Disallowed

Log: 'Application' Date/Time: 05/12/2017 9:32:29 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   24 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 6540 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6540 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 6540 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 6540 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 6540 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 6540 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 6540 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 6540 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 6540 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Disallowed

Log: 'Application' Date/Time: 01/12/2017 9:36:35 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   24 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 2012 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2012 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2012 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2012 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 7116 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 7116 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 7116 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 2012 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 7116 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 2012 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 7116 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 2012 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 7116 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2012 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 7116 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 2012 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 2012 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 2012 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2012 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2012 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2012 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 7116 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 7116 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2012 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Disallowed

Log: 'Application' Date/Time: 01/12/2017 4:12:19 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   24 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 2028 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2028 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2028 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2028 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6696 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6696 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2028 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 6696 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 2028 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 6696 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 2028 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 6696 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 2028 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 6696 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2028 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 6696 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 2028 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 6696 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 6696 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2028 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2028 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2028 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2028 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2028 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Disallowed

Log: 'Application' Date/Time: 30/11/2017 5:40:22 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   15 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Disallowed

Log: 'Application' Date/Time: 28/11/2017 11:27:53 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   15 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1001:
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1001
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1001
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1001
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1001
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1001\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1001\Software\Microsoft\SystemCertificates\trust
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1001\Software\Microsoft\SystemCertificates\Disallowed
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1001\Software\Microsoft\SystemCertificates\My
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1001\Software\Microsoft\SystemCertificates\CA
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1001\Software\Policies\Microsoft\SystemCertificates
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1001\Software\Policies\Microsoft\SystemCertificates
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1001\Software\Policies\Microsoft\SystemCertificates
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1001\Software\Policies\Microsoft\SystemCertificates
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1001\Software\Microsoft\SystemCertificates\Root

Log: 'Application' Date/Time: 28/11/2017 11:10:04 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   1 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000_Classes:
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000_CLASSES

Log: 'Application' Date/Time: 28/11/2017 11:10:04 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   24 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 6600 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6600 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 6600 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 6600 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 6600 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 6600 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 6600 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 6600 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 6600 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Disallowed

Log: 'Application' Date/Time: 28/11/2017 2:06:38 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   24 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 6416 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6416 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 6416 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 6416 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 6416 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 6416 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 6416 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 6416 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 6416 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Disallowed

 

And VEW system:

 

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 13/12/2017 6:43:03 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 13/12/2017 8:05:31 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 13/12/2017 8:01:53 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 10/12/2017 10:14:13 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 10/12/2017 10:10:02 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 13/12/2017 8:05:33 PM
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 2:04:53 PM on ?12/?13/?2017 was unexpected.

Log: 'System' Date/Time: 13/12/2017 8:04:26 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 13/12/2017 8:02:37 PM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.

Log: 'System' Date/Time: 13/12/2017 8:01:55 PM
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 2:01:02 PM on ?12/?13/?2017 was unexpected.

Log: 'System' Date/Time: 13/12/2017 5:15:23 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 10/12/2017 10:39:34 PM
Type: Error Category: 0
Event: 5 Source: BTHUSB
The Bluetooth driver expected an HCI event with a certain size but did not receive it.

Log: 'System' Date/Time: 10/12/2017 10:33:10 PM
Type: Error Category: 0
Event: 5 Source: BTHUSB
The Bluetooth driver expected an HCI event with a certain size but did not receive it.

Log: 'System' Date/Time: 10/12/2017 10:31:18 PM
Type: Error Category: 0
Event: 5 Source: BTHUSB
The Bluetooth driver expected an HCI event with a certain size but did not receive it.

Log: 'System' Date/Time: 10/12/2017 10:14:15 PM
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 4:13:02 PM on ?12/?10/?2017 was unexpected.

Log: 'System' Date/Time: 10/12/2017 10:10:45 PM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.

Log: 'System' Date/Time: 10/12/2017 10:10:04 PM
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 4:08:48 PM on ?12/?10/?2017 was unexpected.

Log: 'System' Date/Time: 10/12/2017 10:08:21 PM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AVP17.0.0 service.

Log: 'System' Date/Time: 10/12/2017 10:08:11 PM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.

Log: 'System' Date/Time: 01/12/2017 3:48:06 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D3DCB472-7261-43CE-924B-0704BD730D5F}  and APPID  {D3DCB472-7261-43CE-924B-0704BD730D5F}  to the user JB-HP\JB SID (S-1-5-21-2577112198-3913129868-2286876578-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 01/12/2017 3:48:06 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {145B4335-FE2A-4927-A040-7C35AD3180EF}  and APPID  {145B4335-FE2A-4927-A040-7C35AD3180EF}  to the user JB-HP\JB SID (S-1-5-21-2577112198-3913129868-2286876578-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 30/11/2017 5:16:06 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D3DCB472-7261-43CE-924B-0704BD730D5F}  and APPID  {D3DCB472-7261-43CE-924B-0704BD730D5F}  to the user JB-HP\JB SID (S-1-5-21-2577112198-3913129868-2286876578-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 30/11/2017 5:16:06 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {145B4335-FE2A-4927-A040-7C35AD3180EF}  and APPID  {145B4335-FE2A-4927-A040-7C35AD3180EF}  to the user JB-HP\JB SID (S-1-5-21-2577112198-3913129868-2286876578-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 28/11/2017 8:53:31 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D3DCB472-7261-43CE-924B-0704BD730D5F}  and APPID  {D3DCB472-7261-43CE-924B-0704BD730D5F}  to the user JB-HP\JB SID (S-1-5-21-2577112198-3913129868-2286876578-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 28/11/2017 8:53:31 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {145B4335-FE2A-4927-A040-7C35AD3180EF}  and APPID  {145B4335-FE2A-4927-A040-7C35AD3180EF}  to the user JB-HP\JB SID (S-1-5-21-2577112198-3913129868-2286876578-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 28/11/2017 1:25:18 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D3DCB472-7261-43CE-924B-0704BD730D5F}  and APPID  {D3DCB472-7261-43CE-924B-0704BD730D5F}  to the user JB-HP\JB SID (S-1-5-21-2577112198-3913129868-2286876578-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 14/12/2017 12:08:38 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 13/12/2017 5:17:00 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 11/12/2017 6:50:58 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 11/12/2017 12:03:19 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 10/12/2017 11:42:21 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.attlocal.net timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 10/12/2017 11:42:14 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name www.msftncsi.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 10/12/2017 11:42:07 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name dns.msftncsi.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 10/12/2017 11:41:55 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name patt81xmpp.att.motive.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 10/12/2017 11:40:31 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name btms.samsungsemi.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 10/12/2017 11:39:48 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.attlocal.net timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 10/12/2017 11:39:06 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 10/12/2017 10:58:35 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name www.msftncsi.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 10/12/2017 10:58:28 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name teredo.ipv6.microsoft.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 10/12/2017 10:58:20 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.attlocal.net timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 10/12/2017 10:52:26 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name dns.msftncsi.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 10/12/2017 10:40:08 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name teredo.ipv6.microsoft.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 10/12/2017 10:40:06 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name dnl-03.geo.kaspersky.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 10/12/2017 10:40:05 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.attlocal.net timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 10/12/2017 10:40:00 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.attlocal.net timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 10/12/2017 10:39:56 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.attlocal.net timed out after none of the configured DNS servers responded.

 

Rogue Killer coming up...


  • 0

#64
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,012 posts
  • MVP

The file that sfc is complaining about isn't important in normal operation.  It's used when you run Sysprep:

 

https://blogs.techne...w-step-by-step/

 

When you ran sfcfix last time it claimed to fix it but we didn't go back and rerun sfc /scannow to see if it did.

 

For the WPAD stuff:

 

Try opening Control panel. Internet Options, Connection , LAN Settings then note which boxes are checked then uncheck everything and OK.

 

Our Internet is acting up again.  May fail any minute.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP