[axl2468]

Hello!

 

I currently have a problem with my internet.

 

So, I play a game called "Dota 2", which relies on good ping (<100ms). In the middle of the game, the ping skyrocketed from 70ms to 1000 - 2000ms, which lasted for several minutes. The packet loss was also really high (the game shows a number instead of the percent), going as high as 14. I did all I could to reduce this ping. Lowered the internet usage of all of my devices, begged my siblings to minimize their bandwidth usage, etc. Nothing worked. After 10 - 15 minutes, the ping lowered back to 40ms.

 

This problem is really unpredictable. Sometimes it happens, sometimes it doesn't. I'm always forced to check the ping to the game server before I start the game.

 

I'm really frustrated and want to solve this problem. One of the possible causes that I suspect is the cheap internet hub. I don't suspect that the modem causes the problem, because I've asked technicians from my ISP to check it multiple times. No problems, they said. Maybe it could also be the cables, but unfortunately I don't have extra cables (or know anyone with one) to test it. Or maybe it could just be that my ISP is horrible (from the Philippines, with notoriously bad internet for a high price).

 

Help would be appreciated!

[Advertisements]

Hopefully you have a Windows PC as I don't speak Mac.  Open an elevated command prompt:

XP: Start, All Programs, Accessories, Command Prompt

Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

 

Type:

ipconfig

(hit Enter.  Note the Default Gateway address for example 192.168.1.1.  Now type:

ping -t 192.168.1.1

(Hit Enter.  Adjust the above command to ping your Gateway.  This ping will continue until you hit Ctrl +c.  There should be no missed pings and the time should be fairly constant at a low number (mine varies between 5 and 8 but it goes through a power line extender to get to the router)  If that's what you see then the hub is working properly and is not the cause of your problem.   Try pinging game server using the same command just to make sure that whatever ping program you are using is working correctly Then try:

tracert -d 8.8.8.8

This is a google DNS.  You will get something like:

Tracing route to 8.8.8.8 over a maximum of 30 hops

  1     4 ms     4 ms     4 ms  192.168.1.254
  2    33 ms    33 ms    32 ms  99.169.92.1
  3    33 ms    37 ms    33 ms  99.168.24.177
  4    39 ms    38 ms    39 ms  12.122.106.66
  5    39 ms    39 ms    47 ms  12.122.28.125
  6    34 ms    40 ms    34 ms  12.122.141.221
  7    35 ms    37 ms    34 ms  12.247.147.26
  8    34 ms    40 ms    36 ms  108.170.249.161
  9    35 ms    35 ms    35 ms  209.85.253.235
 10    34 ms    36 ms    34 ms  8.8.8.8

Trace complete.

 

You will no doubt have much bigger hops since you have to jump the ocean to get to California.  It you leave off the -d and repeat the command you will get names for the routers along the way which may help you tell where they are.  You can also just google the IP address at the end of each hop.  The first one is your router.  The second would normally be your ISP.  Try the tracert -d to the address of your game server.  Tracert request are not high priority to a router and if it gets busy it will delay responding or not respond at all.  Cisco routers often will only respond to every other request so you may see one hop that shows a * each time you run the command.  Other routers have been told not to respond to the tracert so you will only see * * * but they will still forward the request on so the next hop may show a full response.

 

There is a small possibility that the problem is on your end.  Perhaps a virus or a bad program.

 

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.
 

If you leave Process Explorer running you may see different processes moving up to the top 5.  You might be able to correlate a large ping to a process like WMI (WmiPrvSE.exe)

 

You can also use TCPVIEW to check what processes are using the network the most.

 

 https://live.sysinte...com/Tcpview.exe

Download, Save and then run it by right clicking and Run As Admin. (XP just double click on it)

You can click on the column headers to sort things by that column.  Click on Sent Bytes once or twice until the processes with the largest Sent Bytes are at the top.  These are the suspects who are also using your internet.  If one of them seems to use a large amount that can hog your internet.

[RKinner]

Hopefully you have a Windows PC as I don't speak Mac.  Open an elevated command prompt:

XP: Start, All Programs, Accessories, Command Prompt

Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

 

Type:

ipconfig

(hit Enter.  Note the Default Gateway address for example 192.168.1.1.  Now type:

ping -t 192.168.1.1

(Hit Enter.  Adjust the above command to ping your Gateway.  This ping will continue until you hit Ctrl +c.  There should be no missed pings and the time should be fairly constant at a low number (mine varies between 5 and 8 but it goes through a power line extender to get to the router)  If that's what you see then the hub is working properly and is not the cause of your problem.   Try pinging game server using the same command just to make sure that whatever ping program you are using is working correctly Then try:

tracert -d 8.8.8.8

This is a google DNS.  You will get something like:

Tracing route to 8.8.8.8 over a maximum of 30 hops

  1     4 ms     4 ms     4 ms  192.168.1.254
  2    33 ms    33 ms    32 ms  99.169.92.1
  3    33 ms    37 ms    33 ms  99.168.24.177
  4    39 ms    38 ms    39 ms  12.122.106.66
  5    39 ms    39 ms    47 ms  12.122.28.125
  6    34 ms    40 ms    34 ms  12.122.141.221
  7    35 ms    37 ms    34 ms  12.247.147.26
  8    34 ms    40 ms    36 ms  108.170.249.161
  9    35 ms    35 ms    35 ms  209.85.253.235
 10    34 ms    36 ms    34 ms  8.8.8.8

Trace complete.

 

You will no doubt have much bigger hops since you have to jump the ocean to get to California.  It you leave off the -d and repeat the command you will get names for the routers along the way which may help you tell where they are.  You can also just google the IP address at the end of each hop.  The first one is your router.  The second would normally be your ISP.  Try the tracert -d to the address of your game server.  Tracert request are not high priority to a router and if it gets busy it will delay responding or not respond at all.  Cisco routers often will only respond to every other request so you may see one hop that shows a * each time you run the command.  Other routers have been told not to respond to the tracert so you will only see * * * but they will still forward the request on so the next hop may show a full response.

 

There is a small possibility that the problem is on your end.  Perhaps a virus or a bad program.

 

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.
 

If you leave Process Explorer running you may see different processes moving up to the top 5.  You might be able to correlate a large ping to a process like WMI (WmiPrvSE.exe)

 

You can also use TCPVIEW to check what processes are using the network the most.

 

 https://live.sysinte...com/Tcpview.exe

Download, Save and then run it by right clicking and Run As Admin. (XP just double click on it)

You can click on the column headers to sort things by that column.  Click on Sent Bytes once or twice until the processes with the largest Sent Bytes are at the top.  These are the suspects who are also using your internet.  If one of them seems to use a large amount that can hog your internet.

[axl2468]

Sorry for the late reply, here is the text:

 

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
System Idle Process    97.32    0 K    24 K    0            
procexp64.exe    0.74    45,852 K    50,984 K    4564    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
firefox.exe    0.33    226,440 K    294,896 K    8048    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
firefox.exe    0.31    292,996 K    384,924 K    4812    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
Steam.exe    0.23    99,544 K    141,284 K    6236    Steam Client Bootstrapper    Valve Corporation    (Verified) Valve
dwm.exe    0.22    52,300 K    38,948 K    1812    Desktop Window Manager    Microsoft Corporation    (Verified) Microsoft Windows
firefox.exe    0.17    58,404 K    78,380 K    7716    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
svchost.exe    0.15    18,696 K    15,012 K    404    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
Interrupts    0.14    0 K    0 K    n/a    Hardware Interrupts and DPCs        
System    0.11    112 K    324 K    4            
csrss.exe    0.10    4,980 K    63,848 K    660    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    0.03    28,812 K    29,560 K    460    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
MBAMService.exe    0.03    148,580 K    154,756 K    1044    Malwarebytes Service    Malwarebytes    (Verified) Malwarebytes Corporation
firefox.exe    0.03    242,452 K    325,552 K    5304    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
csrss.exe    0.02    2,960 K    4,304 K    420    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    0.01    28,188 K    17,340 K    144    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
LMS.exe    0.01    2,840 K    4,188 K    5348    Local Manageability Service    Intel Corporation    (Verified) Intel Corporation
svchost.exe    0.01    5,404 K    6,204 K    3604    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    0.01    5,876 K    7,576 K    868    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
AppleMobileDeviceService.exe    0.01    5,048 K    9,392 K    1332    MobileDeviceService    Apple Inc.    (Verified) Apple Inc.
explorer.exe    0.01    110,224 K    100,236 K    2036    Windows Explorer    Microsoft Corporation    (Verified) Microsoft Windows
steamwebhelper.exe    < 0.01    28,460 K    68,456 K    2612    Steam Client WebHelper    Valve Corporation    (Verified) Valve
audiodg.exe    < 0.01    23,852 K    22,360 K    4884    Windows Audio Device Graph Isolation     Microsoft Corporation    (Verified) Microsoft Windows
Skype.exe    < 0.01    69,532 K    22,052 K    3672    Skype     Skype Technologies S.A.    (Verified) Skype Software Sarl
iPodService.exe    < 0.01    2,776 K    5,208 K    4868    iPod Service    Apple Inc.    (Verified) Apple Inc.
SteamService.exe    < 0.01    6,480 K    11,016 K    5092    Steam Client Service    Valve Corporation    (Verified) Valve
taskhost.exe    < 0.01    13,956 K    11,564 K    1732    Host Process for Windows Tasks    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    < 0.01    65,580 K    26,092 K    2632    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
avguix.exe    < 0.01    9,580 K    8,088 K    4508    AVG User Interface    AVG Technologies CZ, s.r.o.    (Verified) AVG Technologies CZ
msiexec.exe    < 0.01    7,760 K    9,956 K    3908    Windows® installer    Microsoft Corporation    (Verified) Microsoft Windows
mbamtray.exe    < 0.01    20,524 K    17,784 K    1404    Malwarebytes Tray Application    Malwarebytes    (Verified) Malwarebytes Corporation
svchost.exe    < 0.01    13,740 K    16,376 K    440    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
SearchIndexer.exe    < 0.01    25,876 K    16,784 K    3540    Microsoft Windows Search Indexer    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    < 0.01    155,124 K    155,616 K    284    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
lsass.exe    < 0.01    5,076 K    9,288 K    720    Local Security Authority Process    Microsoft Corporation    (Verified) Microsoft Windows
iTunesHelper.exe    < 0.01    5,852 K    7,908 K    3548    iTunesHelper    Apple Inc.    (Verified) Apple Inc.
firefox.exe    < 0.01    191,656 K    184,872 K    2932    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
wuauclt.exe        2,812 K    5,280 K    5528    Windows Update    Microsoft Corporation    (Verified) Microsoft Windows Component Publisher
wmpnetwk.exe        5,276 K    3,812 K    2664    Windows Media Player Network Sharing Service    Microsoft Corporation    (Verified) Microsoft Windows
WmiPrvSE.exe        4,552 K    8,120 K    8116    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
WmiPrvSE.exe        3,532 K    7,144 K    5948    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
winlogon.exe        4,388 K    5,644 K    756    Windows Logon Application    Microsoft Corporation    (Verified) Microsoft Windows
wininit.exe        2,124 K    3,556 K    632    Windows Start-Up Application    Microsoft Corporation    (Verified) Microsoft Windows
Updater.exe        3,280 K    5,376 K    1656    Updater    Popcorn Time    (No signature was present in the subject) Popcorn Time
UNS.exe        3,564 K    4,544 K    2552    User Notification Service    Intel Corporation    (Verified) Intel Corporation
svchost.exe        17,124 K    16,620 K    1168    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        5,120 K    7,356 K    948    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        2,568 K    4,388 K    1616    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
steamwebhelper.exe        23,568 K    34,732 K    5140    Steam Client WebHelper    Valve Corporation    (Verified) Valve
steamwebhelper.exe        14,800 K    18,644 K    6828    Steam Client WebHelper    Valve Corporation    (Verified) Valve
steamwebhelper.exe        25,292 K    37,908 K    5472    Steam Client WebHelper    Valve Corporation    (Verified) Valve
steamwebhelper.exe        12,300 K    13,724 K    6492    Steam Client WebHelper    Valve Corporation    (Verified) Valve
spoolsv.exe        8,216 K    7,336 K    1136    Spooler SubSystem App    Microsoft Corporation    (Verified) Microsoft Windows
smss.exe        732 K    1,272 K    268    Windows Session Manager    Microsoft Corporation    (Verified) Microsoft Windows
services.exe        7,592 K    8,160 K    700    Services and Controller app    Microsoft Corporation    (Verified) Microsoft Windows
RAVCpl64.exe        10,060 K    6,956 K    1032    Realtek HD Audio Manager    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp
procexp.exe        9,264 K    11,400 K    6012    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
notepad.exe        2,564 K    7,564 K    3896    Notepad    Microsoft Corporation    (Verified) Microsoft Windows
mDNSResponder.exe        2,992 K    4,852 K    1452    Bonjour Service    Apple Inc.    (Verified) Apple Inc.
lsm.exe        3,176 K    3,944 K    728    Local Session Manager Service    Microsoft Corporation    (Verified) Microsoft Windows
jusched.exe        3,268 K    5,868 K    4500    Java Update Scheduler    Oracle Corporation    (Verified) Oracle America
jucheck.exe        6,108 K    7,436 K    2340    Java Update Checker    Oracle Corporation    (Verified) Oracle America
igfxpers.exe        4,948 K    7,684 K    3468    persistence Module    Intel Corporation    (Verified) Intel Corporation - pGFX
ICCProxy.exe        1,452 K    4,240 K    3704    Intel® Integrated Clock Controller Service - Intel® ICCS    Intel Corporation    (Verified) Intel Corporation
hkcmd.exe        3,948 K    4,672 K    3096    hkcmd Module    Intel Corporation    (Verified) Intel Corporation - pGFX
firefox.exe        51,852 K    53,492 K    7196    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
BBPrint.exe        2,632 K    3,344 K    3576    BBPrint Application    Bluebeam Software, Inc.    (Verified) Bluebeam Software
avgsvca.exe        8,244 K    11,848 K    1368    AVG Service Process    AVG Technologies CZ, s.r.o.    (Verified) AVG Technologies CZ
armsvc.exe        1,304 K    3,168 K    1232    Adobe Acrobat Update Service    Adobe Systems Incorporated    (Verified) Adobe Systems
AdobeARM.exe        4,252 K    7,852 K    4360    Adobe Reader and Acrobat Manager    Adobe Systems Incorporated    (Verified) Adobe Systems

In TCPVIEW, there seems to be nothing wrong. The only process having the highest sent bytes (1.2k) is "process". I feel like the real problem is the internet itself.

[RKinner]

Process Explorer looks pretty good.  The only thing that some of my tools would object to is popcorn time but I think it is harmless adware,  PC does not seem to be slow.  

 

As a test you might try stopping Windows Management Instrumentation.  It triggers about once every 10-15 seconds and I have seen it cause prob

 

Search for

 

services.msc

hit Enter

Scroll down to 

Windows Management Instrumentation

right click and select Properties then STOP the service.

 

Play your game and see if that helps.  If not start the service.

 

Were you able to run the ping and tracert commands?  

[axl2468]

Okay, so I didn't do the WMI test yet because the only way I can reliably test the ping is through actually playing the game (the ping screen on the main menu can be inaccurate at times), but I don't have time to play right now.

 

Earlier however, something happened while I was playing. The packet loss went to 100 (100%?) and I was immediately disconnected from the game as the client went "offline mode", even though I checked and my internet was fine. After a minute or two, the connection returned and I saw that I was the only one affected by it. This also happened quite a few times for the last few months. Do you know what could cause this?

 

I was able to run the ping and tracert commands, all was well. No ping spikes (the highest was about 200, and that was the tracert command to the valve server).

[RKinner]

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

 

[axl2468]

Here is the system one:

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 19/07/2018 1:04:28 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 05/07/2018 5:54:25 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 16/06/2018 12:53:37 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 11/06/2018 1:44:02 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 03/06/2018 11:09:33 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 30/05/2018 3:01:57 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 20/05/2018 10:36:05 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 18/05/2018 11:43:41 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 17/05/2018 12:42:11 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 08/05/2018 11:01:40 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 08/05/2018 6:44:32 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 02/05/2018 7:00:32 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 02/05/2018 5:55:31 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 29/04/2018 2:41:29 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 25/04/2018 8:12:55 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 17/04/2018 11:27:03 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 17/04/2018 1:58:33 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 12/04/2018 12:08:11 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 05/04/2018 3:54:08 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 18/07/2018 11:35:49 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load:  cdrom

Log: 'System' Date/Time: 18/07/2018 11:24:07 PM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.

Log: 'System' Date/Time: 18/07/2018 11:22:44 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 18/07/2018 10:27:48 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load:  cdrom

Log: 'System' Date/Time: 18/07/2018 3:45:15 PM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.

Log: 'System' Date/Time: 18/07/2018 12:31:45 AM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load:  cdrom

Log: 'System' Date/Time: 17/07/2018 8:36:44 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load:  cdrom

Log: 'System' Date/Time: 17/07/2018 8:22:14 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load:  cdrom

Log: 'System' Date/Time: 17/07/2018 3:31:12 AM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load:  cdrom

Log: 'System' Date/Time: 16/07/2018 11:06:44 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load:  cdrom

Log: 'System' Date/Time: 16/07/2018 1:10:14 PM
Type: Error Category: 0
Event: 36 Source: volsnap
The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Log: 'System' Date/Time: 15/07/2018 11:03:46 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load:  cdrom

Log: 'System' Date/Time: 15/07/2018 9:35:58 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load:  cdrom

Log: 'System' Date/Time: 15/07/2018 8:39:43 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load:  cdrom

Log: 'System' Date/Time: 15/07/2018 9:50:02 AM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load:  cdrom

Log: 'System' Date/Time: 15/07/2018 3:06:55 AM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load:  cdrom

Log: 'System' Date/Time: 14/07/2018 11:52:09 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load:  cdrom

Log: 'System' Date/Time: 14/07/2018 8:21:33 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load:  cdrom

Log: 'System' Date/Time: 14/07/2018 2:28:21 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 14/07/2018 12:24:42 AM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load:  cdrom

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 18/07/2018 11:35:49 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 18/07/2018 10:27:46 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 18/07/2018 3:39:43 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name incoming.telemetry.mozilla.org timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 18/07/2018 2:39:46 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name t.vqmc28ll.bid timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 18/07/2018 12:31:43 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 17/07/2018 8:36:43 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 17/07/2018 8:22:15 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 17/07/2018 1:47:49 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name www.kiss.net timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 17/07/2018 7:19:32 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name 88.0.105.130.in-addr.arpa timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 17/07/2018 3:31:09 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 16/07/2018 11:06:43 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 15/07/2018 11:03:43 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 15/07/2018 9:35:54 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 15/07/2018 8:39:40 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 15/07/2018 9:50:02 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 15/07/2018 3:06:52 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 14/07/2018 11:52:08 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 14/07/2018 8:21:32 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 14/07/2018 2:56:00 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name steamcommunity-a.akamaihd.net timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 14/07/2018 12:24:41 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

 

And here's for the application:

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 19/07/2018 1:06:04 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 19/07/2018 12:53:26 AM
Type: Error Category: 0
Event: 3011 Source: Microsoft-Windows-LoadPerf
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Log: 'Application' Date/Time: 19/07/2018 12:53:26 AM
Type: Error Category: 0
Event: 3012 Source: Microsoft-Windows-LoadPerf
The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Log: 'Application' Date/Time: 18/07/2018 11:37:27 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 18/07/2018 10:29:23 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 18/07/2018 2:41:16 PM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program mbamtray.exe version 3.0.0.1523 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.  Process ID: fa0  Start Time: 01d41e2ecf7bcd64  Termination Time: 60000  Application Path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe  Report Id: 73ac7734-8a98-11e8-bcfd-14dae9b468f6

Log: 'Application' Date/Time: 18/07/2018 1:03:47 PM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
520: DNSServiceGetAddrInfo      v4v6 Axl.local.

Log: 'Application' Date/Time: 18/07/2018 1:03:46 PM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
520: Could not write data to client because of error - aborting connection

Log: 'Application' Date/Time: 18/07/2018 1:03:43 PM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
send_msg ERROR: failed to write 65 of 65 bytes to fd 520 errno 10053 (An established connection was aborted by the software in your host machine.)

Log: 'Application' Date/Time: 18/07/2018 12:33:22 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 17/07/2018 8:41:57 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: rundll32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc637 Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7 Exception code: 0xc0000374 Fault offset: 0x000ce753 Faulting process id: 0x15e8 Faulting application start time: 0x01d41e0e93a28ff6 Faulting application path: C:\Windows\SysWOW64\rundll32.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id: d8a91744-8a01-11e8-8c91-14dae9b468f6

Log: 'Application' Date/Time: 17/07/2018 8:38:27 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 17/07/2018 8:30:48 PM
Type: Error Category: 0
Event: 3011 Source: Microsoft-Windows-LoadPerf
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Log: 'Application' Date/Time: 17/07/2018 8:30:48 PM
Type: Error Category: 0
Event: 3012 Source: Microsoft-Windows-LoadPerf
The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Log: 'Application' Date/Time: 17/07/2018 8:26:12 PM
Type: Error Category: 0
Event: 3011 Source: Microsoft-Windows-LoadPerf
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Log: 'Application' Date/Time: 17/07/2018 8:26:12 PM
Type: Error Category: 0
Event: 3012 Source: Microsoft-Windows-LoadPerf
The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Log: 'Application' Date/Time: 17/07/2018 8:23:52 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 17/07/2018 3:32:49 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 16/07/2018 11:08:21 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 15/07/2018 11:05:22 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 15/07/2018 9:37:32 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 17/07/2018 9:18:05 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   0 user registry handles leaked from \Registry\User\S-1-5-21-1001631739-621710209-3946131499-1000:


Log: 'Application' Date/Time: 17/07/2018 8:35:13 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   1 user registry handles leaked from \Registry\User\S-1-5-21-1001631739-621710209-3946131499-1000_Classes:
Process 2464 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1001631739-621710209-3946131499-1000_CLASSES


Log: 'Application' Date/Time: 17/07/2018 8:35:10 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   1 user registry handles leaked from \Registry\User\S-1-5-21-1001631739-621710209-3946131499-1000:
Process 2464 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1001631739-621710209-3946131499-1000


Log: 'Application' Date/Time: 17/07/2018 3:11:21 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   2 user registry handles leaked from \Registry\User\S-1-5-21-1001631739-621710209-3946131499-1000:
Process 404 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1001631739-621710209-3946131499-1000
Process 404 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1001631739-621710209-3946131499-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections


Log: 'Application' Date/Time: 15/07/2018 9:42:03 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   1 user registry handles leaked from \Registry\User\S-1-5-21-1001631739-621710209-3946131499-1000:
Process 156 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1001631739-621710209-3946131499-1000\Software\Microsoft\SystemCertificates\Root


Log: 'Application' Date/Time: 15/07/2018 9:41:59 AM
Type: Warning Category: 17
Event: 4609 Source: Microsoft-Windows-EventSystem
The COM+ Event System detected a bad return code during its internal processing.  HRESULT was 800706e5 from line 75 of d:\w7rtm\com\complus\src\events\tier2\security.cpp.  This warning may be expected if the computer is low on resources.  If the computer is not low on resources, and these warnings persist, it may indicate a problem in the COM+ Event System.

Log: 'Application' Date/Time: 14/07/2018 8:34:49 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   1 user registry handles leaked from \Registry\User\S-1-5-21-1001631739-621710209-3946131499-1000_Classes:
Process 2572 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1001631739-621710209-3946131499-1000_CLASSES


Log: 'Application' Date/Time: 14/07/2018 8:34:48 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   1 user registry handles leaked from \Registry\User\S-1-5-21-1001631739-621710209-3946131499-1000:
Process 2572 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1001631739-621710209-3946131499-1000


Log: 'Application' Date/Time: 14/07/2018 2:28:37 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   5 user registry handles leaked from \Registry\User\S-1-5-21-1001631739-621710209-3946131499-1000:
Process 432 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1001631739-621710209-3946131499-1000
Process 432 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1001631739-621710209-3946131499-1000\Software\Microsoft\SystemCertificates\Root
Process 432 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1001631739-621710209-3946131499-1000\Software\Microsoft\SystemCertificates\trust
Process 432 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1001631739-621710209-3946131499-1000\Software\Policies\Microsoft\SystemCertificates
Process 432 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1001631739-621710209-3946131499-1000\Software\Microsoft\SystemCertificates\SmartCardRoot


Log: 'Application' Date/Time: 12/07/2018 5:12:11 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   1 user registry handles leaked from \Registry\User\S-1-5-21-1001631739-621710209-3946131499-1000:
Process 292 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1001631739-621710209-3946131499-1000\Software\Microsoft\SystemCertificates\Root


Log: 'Application' Date/Time: 11/07/2018 3:51:19 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   5 user registry handles leaked from \Registry\User\S-1-5-21-1001631739-621710209-3946131499-1000:
Process 148 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1001631739-621710209-3946131499-1000
Process 148 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1001631739-621710209-3946131499-1000\Software\Microsoft\SystemCertificates\Root
Process 148 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1001631739-621710209-3946131499-1000\Software\Microsoft\SystemCertificates\trust
Process 148 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1001631739-621710209-3946131499-1000\Software\Policies\Microsoft\SystemCertificates
Process 148 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1001631739-621710209-3946131499-1000\Software\Microsoft\SystemCertificates\SmartCardRoot


Log: 'Application' Date/Time: 10/07/2018 3:26:27 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   1 user registry handles leaked from \Registry\User\S-1-5-21-1001631739-621710209-3946131499-1000:
Process 536 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1001631739-621710209-3946131499-1000\Software\Microsoft\SystemCertificates\Root


Log: 'Application' Date/Time: 09/07/2018 2:02:30 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   15 user registry handles leaked from \Registry\User\S-1-5-21-1001631739-621710209-3946131499-1000:
Process 280 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1001631739-621710209-3946131499-1000
Process 280 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1001631739-621710209-3946131499-1000
Process 280 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1001631739-621710209-3946131499-1000
Process 280 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1001631739-621710209-3946131499-1000
Process 280 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1001631739-621710209-3946131499-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 280 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1001631739-621710209-3946131499-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 280 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1001631739-621710209-3946131499-1000\Software\Microsoft\SystemCertificates\My
Process 280 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1001631739-621710209-3946131499-1000\Software\Microsoft\SystemCertificates\Root
Process 280 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1001631739-621710209-3946131499-1000\Software\Microsoft\SystemCertificates\CA
Process 280 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1001631739-621710209-3946131499-1000\Software\Microsoft\SystemCertificates\trust
Process 280 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1001631739-621710209-3946131499-1000\Software\Policies\Microsoft\SystemCertificates
Process 280 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1001631739-621710209-3946131499-1000\Software\Policies\Microsoft\SystemCertificates
Process 280 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1001631739-621710209-3946131499-1000\Software\Policies\Microsoft\SystemCertificates
Process 280 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1001631739-621710209-3946131499-1000\Software\Policies\Microsoft\SystemCertificates
Process 280 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1001631739-621710209-3946131499-1000\Software\Microsoft\SystemCertificates\SmartCardRoot


Log: 'Application' Date/Time: 08/07/2018 1:46:19 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   1 user registry handles leaked from \Registry\User\S-1-5-21-1001631739-621710209-3946131499-1000_Classes:
Process 2492 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1001631739-621710209-3946131499-1000_CLASSES


Log: 'Application' Date/Time: 08/07/2018 1:46:16 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   1 user registry handles leaked from \Registry\User\S-1-5-21-1001631739-621710209-3946131499-1000:
Process 2492 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1001631739-621710209-3946131499-1000


Log: 'Application' Date/Time: 05/07/2018 1:35:54 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   1 user registry handles leaked from \Registry\User\S-1-5-21-1001631739-621710209-3946131499-1000_Classes:
Process 2356 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1001631739-621710209-3946131499-1000_CLASSES


Log: 'Application' Date/Time: 05/07/2018 1:35:53 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   1 user registry handles leaked from \Registry\User\S-1-5-21-1001631739-621710209-3946131499-1000:
Process 2356 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1001631739-621710209-3946131499-1000


Log: 'Application' Date/Time: 04/07/2018 2:28:05 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   1 user registry handles leaked from \Registry\User\S-1-5-21-1001631739-621710209-3946131499-1000_Classes:
Process 2400 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1001631739-621710209-3946131499-1000_CLASSES


Log: 'Application' Date/Time: 04/07/2018 2:28:04 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   1 user registry handles leaked from \Registry\User\S-1-5-21-1001631739-621710209-3946131499-1000:
Process 2400 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1001631739-621710209-3946131499-1000


Log: 'Application' Date/Time: 03/07/2018 10:21:24 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   0 user registry handles leaked from \Registry\User\S-1-5-21-1001631739-621710209-3946131499-1000:

 

[RKinner]

Is this Windows 10?

 

Uninstall:

 

Bonjour

 

This is an Apple program that detects Apple products on your network.  If you need it you can get a new version by downloading or updating itunes.

 

Also uninstall: 

MalwareBytes AntiMalware

 

It's not working correctly and may need to be reinstalled.

 

I'm seeing some WMI problems so get:

 

Windows Repair all in one

http://www.tweaking....all_in_one.html

Download it and save it then run it.
 

You can skip to step 4 or 5 where they run the program.

I understand they now offer preprogramed options.  Doesn't matter which one you chose since we are going to uncheck all but one:

 

Repair WMI
 

(if you have a CD/DVD player or burner you can also check:
Repair CD/DVD Missing/Not Working )

 

Reboot when done and run VEW again.

 

 

Also there is a chance it's overheating:  Get

Speedfan to monitor your temps in real time:



http://www.filehippo...nload_speedfan/

Download, save and Install it (Win 7+ or Vista right click and Run As Admin.) then run it (Win 7+ or Vista right click and Run As Admin.).

It will tell you your temps in real time tho the default is to show the hard drive temp in the systray.  You can change it:  Hit Configure then click on the highest temp and check Show in tray.  With no other programs running what is the highest temp you see?  Run an anti-virus scan, play one of your games or watch a video for at least 5 minutes.  What is the highest temp now?
 

We don't really want it to go over about 65 under load.  If it does it usually means either the fan is defective (speedfan should tell you your fan speed so you can see if it is running) or (most likely) the interface between the fan and the heatsink is clogged with dust. The best fix for a clogged heatsink is to remove the fan (not the heatsink or heatpipe) and vacuum out the heatsink.  However on some PCs this is major surgery.  Sometimes you can blow air backwards through the exhaust vent while vacuuming at the input vent and if you are lucky it may clear the heatsink.  Don't do it too long as the fan may overrev.
 

 

Sometimes it helps to search for

 

device manager

hit Enter

Find the Network Adapters (open by clicking on the + in front)  Under should be your network adapters.  Usually there is one for your Ethernet and one for Wireless.  Right click on the one you use and select Properties.  There should be a Power Management tab.  We want to make sure

Allow the computer to turn off this device is unchecked. 

OK

 

Can you leave the ping -t command running when you play the game?

 

[axl2468]

I'm using Windows 7.

 

Btw, I uninstalled the programs and fixed the WMI.

 

Also checked my temperature, CPU was constantly at 80 - 90 C (both without and with programs) while the both Core 1 and Core 2 were at 40 C (without programs) and 80 C (with programs).

 

I haven't tried to do the ping -t command while playing the game yet, but I'm on it. I also haven't tried to configure the network adapters yet.

[axl2468]

Okay, I did the ping -t command.

 

Ping statistics for 103.28.54.1:

Packers: Sent = 1350 Received = 1350 Lost = 0

Approximate round trip times in milli-seconds:

Minimum = 42ms, Maximum = 375ms, Average = 85ms

 

The maximum is not the real maximum because one of my siblings was downloading something as I was playing (I asked him to pause for a while). I think the real maximum is 150 or below.

[RKinner]

Also checked my temperature, CPU was constantly at 80 - 90 C (both without and with programs) while the both Core 1 and Core 2 were at 40 C (without programs) and 80 C (with programs).

 

 

There's your problem.  PC is about to melt down.  We don't want it to get over about 65 C.  Time to open it up and get the dust out of the heatsink.  (Remove the fan not the heatsink as removing the heatsink requires new thermal paste.)  If this is a laptop google the make and model number and you will usually find a video or instructions on how to take it apart.

[axl2468]

Okay, got it.

Thanks for your help