Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Computer slows down, almost freezes

Started by BerDov , May 29 2019 12:55 PM

Please log in to reply

#1
BerDov

Posted 29 May 2019 - 12:55 PM

Member

Member
228 posts

Hello,

The computer slows down to the point of freezing. I do not understand if there are internal s/w conflicts, or memory problems, or it was infected with malware or something else.

It is an HP ProDesk 400, 3 y.o.

Intel i3-6100 processor; 8GB RAM; 64 bit. OS is Win 7 Pro, SP1.

The latest example: a new Word file with 5 words written, took about 80sec to save;

About 10 min ago, soft shut down lasted for about 7-8 min.

Moving a small file between folders takes forever, like 1-3 min.

I can cite a dozen more examples.

I've been told that an anti-virus program like Avast may cause slow down but my feeling is there is more.

If anybody can help with diagnosing the problem, it will be greatly appreciated.

Boris

Edited by BerDov, 29 May 2019 - 12:57 PM.

#2
RKinner

Posted 29 May 2019 - 01:43 PM

Malware Expert

Expert
24,625 posts

Get Process Explorer

https://live.sysinte...com/procexp.exe

Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures

Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a full minute then:

File, Save As, Save. Note the file name. Open the file on your desktop and copy and paste the text to a reply.

Copy the next 2 lines:

TASKLIST /SVC > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open. Copy and paste the text from notepad into a reply.

Get the free version of Speccy:

http://www.filehippo...ownload_speccy/

(Look in the upper right for the Download
Latest Version button - Do NOT press the large Start Download button on the upper left!)
Download, Save and Install it. Tell it you do not need CCLEANER. Run Speccy. When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System.
(It will be near the top, 10-20 lines down.) Save the file. Attach the file to your next post. Attaching the log is the best option as it is too big for the forum. Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it. Point it at the file and hit Open.
Now click on Attach this file.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application. (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

Ron

#3
BerDov

Posted 29 May 2019 - 06:33 PM

Member

Topic Starter
Member
228 posts

Ron,

Thank you very much for the prompt and detailed instructions.    Please see below.

================================ <System Idle Process.txt> 8:07 PM 5/29/2019 ================================

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
System Idle Process    89.28    0 K    24 K    0
WmiPrvSE.exe    2.55    10,088 K    16,180 K    464    WMI Provider Host    Microsoft Corporation    (Verified)

Microsoft Windows
procexp64.exe    1.37    58,972 K    74,832 K    6356    Sysinternals Process Explorer    Sysinternals -

www.sysinternals.com    (Verified) Microsoft Corporation
firefox.exe    0.66    175,404 K    346,500 K    3528    Firefox    Mozilla Corporation    (Verified) Mozilla

Corporation
AvastUI.exe    0.63    23,364 K    39,024 K    2924    Avast Antivirus    AVAST Software    (Verified) AVAST Software

s.r.o.
firefox.exe    0.08    338,504 K    416,376 K    1148    Firefox    Mozilla Corporation    (Verified) Mozilla

Corporation
firefox.exe    0.03    338,140 K    440,860 K    6788    Firefox    Mozilla Corporation    (Verified) Mozilla

Corporation
Photoshop.exe    0.32    465,312 K    219,812 K    3360    Adobe Photoshop CS5    Adobe Systems, Incorporated

(Verified) Adobe Systems Incorporated
Interrupts    0.28    0 K    0 K    n/a    Hardware Interrupts and DPCs
System    0.20    272 K    6,868 K    4
svchost.exe    0.24    29,228 K    47,528 K    408    Host Process for Windows Services    Microsoft

Corporation    (Verified) Microsoft Windows
firefox.exe    0.11    129,940 K    280,992 K    3276    Firefox    Mozilla Corporation    (Verified) Mozilla

Corporation
csrss.exe    0.17    19,208 K    20,816 K    600    Client Server Runtime Process    Microsoft Corporation

(Verified) Microsoft Windows
GFIAgent.exe    0.10    8,280 K    12,236 K    2884    GFI BackUp Freeware    GFI Software Ltd.    (Verified) GFI

Software Development Ltd.
explorer.exe    0.06    84,948 K    82,956 K    2412    Windows Explorer    Microsoft Corporation    (Verified)

Microsoft Windows
AvastSvc.exe    0.04    186,012 K    45,260 K    1448    Avast Service    AVAST Software    (Verified) AVAST Software

s.r.o.
firefox.exe    0.03    101,748 K    114,180 K    6220    Firefox    Mozilla Corporation    (Verified) Mozilla

Corporation
firefox.exe    0.02    118,920 K    273,316 K    3308    Firefox    Mozilla Corporation    (Verified) Mozilla

Corporation
OUTLOOK.EXE    0.64    73,684 K    121,720 K    4048    Microsoft Office Outlook    Microsoft Corporation

(Verified) Microsoft Corporation
Avast Driver Updater.exe    0.02    18,856 K    2,744 K    2508    Avast Driver Updater    AVAST Software    (Verified)

Avast Software s.r.o.
Skype.exe    0.01    152,656 K    167,080 K    4856    Skype    Skype Technologies S.A.    (Verified) Skype Software

Sarl
lsass.exe    0.02    5,900 K    13,580 K    700    Local Security Authority Process    Microsoft Corporation

(Verified) Microsoft Windows
svchost.exe    0.04    24,500 K    23,484 K    988    Host Process for Windows Services    Microsoft

Corporation    (Verified) Microsoft Windows
BrYNSvc.exe        4,664 K    10,088 K    3924    BrYNCSvc    Brother Industries, Ltd.    (No signature was

present in the subject) Brother Industries, Ltd.
lsm.exe        2,940 K    4,964 K    708    Local Session Manager Service    Microsoft Corporation    (Verified) Microsoft Windows
BrStMonW.exe        5,336 K    12,820 K    1264    Status Monitor Application    Brother Industries, Ltd.    (No

signature was present in the subject) Brother Industries, Ltd.
svchost.exe    0.46    12,004 K    15,976 K    6012    Host Process for Windows Services    Microsoft

Corporation    (Verified) Microsoft Windows
aswidsagent.exe    0.04    21,380 K    36,660 K    4176    Avast Behavior Shield    AVAST Software    (Verified) AVAST

Software s.r.o.
svchost.exe    0.01    3,848 K    8,316 K    2016    Host Process for Windows Services    Microsoft Corporation    (Verified)

Microsoft Windows
svchost.exe    0.02    9,432 K    17,652 K    5044    Host Process for Windows Services    Microsoft Corporation

(Verified) Microsoft Windows
CCleaner64.exe    0.01    14,160 K    2,252 K    2280    CCleaner    Piriform Software Ltd    (Verified) Piriform Software

Ltd
wpwin9.exe    0.01    14,896 K    31,896 K    4304    WordPerfect® 9    Corel Corporation Limited    (No

signature was present in the subject) Corel Corporation Limited
svchost.exe    < 0.01    12,108 K    21,560 K    476    Host Process for Windows Services    Microsoft

Corporation    (Verified) Microsoft Windows
taskhost.exe    0.01    12,720 K    13,820 K    2300    Host Process for Windows Tasks    Microsoft Corporation

(Verified) Microsoft Windows
svchost.exe    < 0.01    16,100 K    17,520 K    1388    Host Process for Windows Services    Microsoft

Corporation    (Verified) Microsoft Windows
Skype.exe    2.40    34,520 K    67,244 K    3004    Skype    Skype Technologies S.A.    (Verified) Skype Software

Sarl
WINWORD.EXE    < 0.01    33,908 K    76,056 K    3408    Microsoft Office Word    Microsoft Corporation    (Verified)

Microsoft Corporation
SearchIndexer.exe    < 0.01    48,468 K    38,576 K    4284    Microsoft Windows Search Indexer    Microsoft

Corporation    (Verified) Microsoft Windows
csrss.exe    < 0.01    2,552 K    5,180 K    532    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft

Windows
SynTPEnh.exe    < 0.01    8,896 K    14,936 K    2420    Synaptics TouchPad 64-bit Enhancements    Synaptics Incorporated

(Verified) Synaptics Incorporated
spoolsv.exe    < 0.01    9,352 K    17,044 K    1564    Spooler SubSystem App    Microsoft Corporation    (Verified) Microsoft

Windows
wuauclt.exe        2,128 K    7,144 K    3676    Windows Update    Microsoft Corporation    (Verified) Microsoft Windows
wmpnetwk.exe    < 0.01    10,204 K    10,328 K    4324    Windows Media Player Network Sharing Service    Microsoft

Corporation    (Verified) Microsoft Windows
WmiPrvSE.exe        2,956 K    7,380 K    3064    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
winlogon.exe        2,220 K    6,200 K    672    Windows Logon Application    Microsoft Corporation    (Verified) Microsoft

Windows
wininit.exe        1,668 K    4,940 K    580    Windows Start-Up Application    Microsoft Corporation    (Verified) Microsoft

Windows
unsecapp.exe        1,736 K    5,544 K    4628    Sink to receive asynchronous callbacks for WMI client application

Microsoft Corporation    (Verified) Microsoft Windows
unsecapp.exe        1,916 K    6,464 K    3968    Sink to receive asynchronous callbacks for WMI client application

Microsoft Corporation    (Verified) Microsoft Windows
taskeng.exe        2,112 K    6,120 K    2364    Task Scheduler Engine    Microsoft Corporation    (Verified) Microsoft Windows
SynTPHelper.exe        1,068 K    3,180 K    4016    Synaptics Pointing Device Helper    Synaptics Incorporated    (Verified)

Synaptics Incorporated
SynTPEnhService.exe        1,564 K    4,840 K    1064    64-bit Synaptics Pointing Enhance Service    Synaptics

Incorporated    (Verified) Synaptics Incorporated
svchost.exe    < 0.01    5,480 K    10,124 K    912    Host Process for Windows Services    Microsoft Corporation

(Verified) Microsoft Windows
svchost.exe    0.07    180,540 K    190,052 K    160    Host Process for Windows Services    Microsoft

Corporation    (Verified) Microsoft Windows
svchost.exe        12,404 K    16,376 K    1592    Host Process for Windows Services    Microsoft

Corporation    (Verified) Microsoft Windows
svchost.exe        4,936 K    10,724 K    816    Host Process for Windows Services    Microsoft Corporation

(Verified) Microsoft Windows
svchost.exe        4,236 K    8,004 K    1684    Host Process for Windows Services    Microsoft Corporation    (Verified)

Microsoft Windows
splwow64.exe        3,324 K    7,460 K    1044    Print driver host for 32bit applications    Microsoft Corporation

(Verified) Microsoft Windows
smss.exe        588 K    1,376 K    368    Windows Session Manager    Microsoft Corporation    (Verified) Microsoft Windows
Skype.exe    < 0.01    34,888 K    34,916 K    3704    Skype    Skype Technologies S.A.    (Verified) Skype Software

Sarl
Skype.exe        4,812 K    9,156 K    996    Skype    Skype Technologies S.A.    (Verified) Skype Software Sarl
services.exe    < 0.01    7,040 K    11,316 K    640    Services and Controller app    Microsoft Corporation    (Verified)

Microsoft Windows
RtkNGUI64.exe        12,764 K    10,272 K    2840    Realtek HD Audio Manager    Realtek Semiconductor

(Verified) Realtek Semiconductor Corp
RtkAudioService64.exe        2,012 K    5,768 K    1140    Realtek Audio Service    Realtek Semiconductor    (Verified) Realtek

Semiconductor Corp
RAVBg64.exe        14,404 K    11,704 K    1364    HD Audio Background Process    Realtek Semiconductor

(Verified) Realtek Semiconductor Corp
procexp.exe        2,472 K    8,136 K    5904    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com

(Verified) Microsoft Corporation
PresentationFontCache.exe        26,920 K    18,720 K    2796    PresentationFontCache.exe    Microsoft

Corporation    (Verified) Microsoft Corporation
notepad.exe        1,848 K    6,296 K    1192    Notepad    Microsoft Corporation    (Verified) Microsoft Windows
LMS.exe        3,992 K    10,728 K    5288    Intel® Local Management Service    Intel Corporation    (Verified)

Intel Corporation - Embedded Subsystems and IP Blocks Group
jhi_service.exe        1,396 K    4,764 K    4320    Intel® Dynamic Application Loader Host Interface    Intel Corporation

(Verified) Intel Corporation - Embedded Subsystems and IP Blocks Group
igfxEM.exe        3,724 K    9,808 K    4216    igfxEM Module    Intel Corporation    (Verified) Intel® pGFX
igfxCUIService.exe        1,916 K    6,932 K    1100    igfxCUIService Module    Intel Corporation    (Verified) Intel®

pGFX
IAStorIcon.exe        21,348 K    27,972 K    3976    IAStorIcon    Intel Corporation    (Verified) Intel

Corporation - Rapid Storage Technology
IAStorDataMgrSvc.exe        33,848 K    44,604 K    5064    IAStorDataSvc    Intel Corporation    (Verified)

Intel Corporation - Rapid Storage Technology
GFIFSC~1.EXE    0.02    3,580 K    7,136 K    1944    GFI BackUp Freeware    GFI Software Ltd.    (Verified) GFI Software

Development Ltd.
GFIFInst.exe        3,632 K    6,172 K    1768    GFI BackUp Freeware    GFI Software Ltd.    (Verified) GFI Software

Development Ltd.
firefox.exe    0.01    302,748 K    378,520 K    7132    Firefox    Mozilla Corporation    (Verified) Mozilla

Corporation
firefox.exe        92,528 K    90,760 K    6360    Firefox    Mozilla Corporation    (Verified) Mozilla

Corporation
firefox.exe        44,940 K    44,884 K    5448    Firefox    Mozilla Corporation    (Verified) Mozilla

Corporation
EXCEL.EXE        26,860 K    58,580 K    6984    Microsoft Office Excel    Microsoft Corporation    (Verified)

Microsoft Corporation
E_S40RPB.EXE        1,452 K    3,764 K    1744    EPSON Status Monitor 3    SEIKO EPSON CORPORATION    (Verified) Microsoft Windows

Hardware Compatibility Publisher
CS5ServiceManager.exe        4,204 K    7,944 K    3040    Adobe CS5 Service Manager    Adobe Systems Incorporated

(Verified) Adobe Systems Incorporated
audiodg.exe        22,168 K    23,696 K    4368    Windows Audio Device Graph Isolation     Microsoft

Corporation    (Verified) Microsoft Windows

================================ <junk.txt> 8:24 PM 5/29/2019 ================================

Image Name                     PID Services
========================= ======== ============================================
System Idle Process              0 N/A
System                           4 N/A
smss.exe                       368 N/A
csrss.exe                      532 N/A
wininit.exe                    580 N/A
csrss.exe                      600 N/A
services.exe                   640 N/A
winlogon.exe                   672 N/A
lsass.exe                      700 KeyIso, ProtectedStorage, SamSs
lsm.exe                        708 N/A
svchost.exe                    816 DcomLaunch, PlugPlay, Power
svchost.exe                    912 RpcEptMapper, RpcSs
svchost.exe                    988 AudioSrv, Dhcp, eventlog,
                                   HomeGroupProvider, lmhosts, wscsvc
svchost.exe                    160 AudioEndpointBuilder, hidserv,
                                   HomeGroupListener, Netman, PcaSvc, SysMain,
                                   TrkWks, wudfsvc
svchost.exe                    476 EventSystem, fdPHost, FontCache, netprofm,
                                   nsi, WdiServiceHost
svchost.exe                    408 Appinfo, BITS, Browser, gpsvc, iphlpsvc,
                                   LanmanServer, MMCSS, ProfSvc, Schedule,
                                   SENS, ShellHWDetection, Winmgmt, wuauserv
igfxCUIService.exe            1100 igfxCUIService2.0.0.0
RtkAudioService64.exe         1140 RtkAudioService
RAVBg64.exe                   1364 N/A
svchost.exe                   1388 CryptSvc, Dnscache, LanmanWorkstation,
                                   NlaSvc
AvastSvc.exe                  1448 avast! Antivirus
spoolsv.exe                   1564 Spooler
svchost.exe                   1592 BFE, DPS, MpsSvc
svchost.exe                   1684 DiagTrack
E_S40RPB.EXE                  1744 EPSON_PM_RPCV4_01
GFIFInst.exe                  1768 GFIBckFAtt
GFIFSC~1.EXE                  1944 GFIBckFSched
svchost.exe                   2016 stisvc
SynTPEnhService.exe           1064 SynTPEnhService
taskhost.exe                  2300 N/A
taskeng.exe                   2364 N/A
explorer.exe                  2412 N/A
SynTPEnh.exe                  2420 N/A
Avast Driver Updater.exe      2508 N/A
RtkNGUI64.exe                 2840 N/A
GFIAgent.exe                  2884 N/A
AvastUI.exe                   2924 N/A
Skype.exe                     3004 N/A
CCleaner64.exe                2280 N/A
BrStMonW.exe                  1264 N/A
BrYNSvc.exe                   3924 BrYNSvc
unsecapp.exe                  3968 N/A
IAStorIcon.exe                3976 N/A
OUTLOOK.EXE                   4048 N/A
WmiPrvSE.exe                   464 N/A
PresentationFontCache.exe     2796 FontCache3.0.0.0
SynTPHelper.exe               4016 N/A
Skype.exe                      996 N/A
Skype.exe                     3704 N/A
aswidsagent.exe               4176 aswbIDSAgent
igfxEM.exe                    4216 N/A
SearchIndexer.exe             4284 WSearch
unsecapp.exe                  4628 N/A
Skype.exe                     4856 N/A
IAStorDataMgrSvc.exe          5064 IAStorDataMgrSvc
wmpnetwk.exe                  4324 WMPNetworkSvc
svchost.exe                   5044 FDResPub, SSDPSRV, upnphost, wcncsvc
jhi_service.exe               4320 jhi_service
LMS.exe                       5288 LMS
svchost.exe                   6012 p2pimsvc, p2psvc, PNRPsvc
wuauclt.exe                   3676 N/A
WINWORD.EXE                   3408 N/A
splwow64.exe                  1044 N/A
wpwin9.exe                    4304 N/A
EXCEL.EXE                     6984 N/A
firefox.exe                   7132 N/A
firefox.exe                   6360 N/A
firefox.exe                   6220 N/A
firefox.exe                   1148 N/A
firefox.exe                   6788 N/A
firefox.exe                   3528 N/A
firefox.exe                   3276 N/A
notepad.exe                   1192 N/A
firefox.exe                   3308 N/A
firefox.exe                   5448 N/A
Photoshop.exe                 3360 N/A
CS5ServiceManager.exe         3040 N/A
procexp.exe                   5904 N/A
procexp64.exe                 6356 N/A
WmiPrvSE.exe                  3064 N/A
notepad.exe                   6060 N/A
SearchProtocolHost.exe        1876 N/A
SearchFilterHost.exe          6832 N/A
audiodg.exe                   3584 N/A
cmd.exe                       6516 N/A
conhost.exe                   3760 N/A
tasklist.exe                  6048 N/A

<end>

NOTE, Re speccy download.

If it is important: the large green button is on the Right, it reads [Donwload Latest Version (6.89MB)] .

There was no other option to download so I pressed the large button.

Also, during the install, I was NOT asked to include ccleaner

The output refers to Compaq domain because my previous computer was a Compaq so I renamed HP "Compaq" to preserve the drive mapping convention. It might be a bit confusing, sorry.

================================== VEW.txt [Events] 8:27 PM 5/29/2019 ==================================

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 29/05/2019 7:57:21 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 28/05/2019 6:16:26 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 28/05/2019 5:59:46 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 28/05/2019 12:34:46 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 04/05/2019 3:42:28 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 21/02/2019 2:49:37 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 29/05/2019 6:24:39 PM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

Log: 'System' Date/Time: 29/05/2019 6:24:33 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 29/05/2019 6:24:32 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Log: 'System' Date/Time: 29/05/2019 6:23:55 PM
Type: Error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk1\DR1.

Log: 'System' Date/Time: 29/05/2019 6:23:53 PM
Type: Error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk1\DR1.

Log: 'System' Date/Time: 29/05/2019 6:23:53 PM
Type: Error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk1\DR1.

Log: 'System' Date/Time: 29/05/2019 6:12:42 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Log: 'System' Date/Time: 29/05/2019 6:09:36 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Log: 'System' Date/Time: 29/05/2019 2:27:33 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Log: 'System' Date/Time: 28/05/2019 7:38:39 PM
Type: Error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk1\DR1.

Log: 'System' Date/Time: 28/05/2019 7:34:00 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error: After starting, the service hung in a start-pending state.

Log: 'System' Date/Time: 28/05/2019 7:34:00 PM
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The Server service hung on starting.

Log: 'System' Date/Time: 28/05/2019 7:32:09 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error: After starting, the service hung in a start-pending state.

Log: 'System' Date/Time: 28/05/2019 7:32:09 PM
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The Server service hung on starting.

Log: 'System' Date/Time: 28/05/2019 7:30:17 PM
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The Server service hung on starting.

Log: 'System' Date/Time: 28/05/2019 7:21:11 PM
Type: Error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk1\DR1.

Log: 'System' Date/Time: 28/05/2019 7:21:08 PM
Type: Error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk1\DR1.

Log: 'System' Date/Time: 28/05/2019 7:17:13 PM
Type: Error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk1\DR1.

Log: 'System' Date/Time: 28/05/2019 6:32:20 PM
Type: Error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk1\DR1.

Log: 'System' Date/Time: 28/05/2019 6:24:58 PM
Type: Error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk1\DR1.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 29/05/2019 6:47:50 PM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

Log: 'System' Date/Time: 29/05/2019 6:47:46 PM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

Log: 'System' Date/Time: 29/05/2019 6:47:42 PM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

Log: 'System' Date/Time: 29/05/2019 6:47:38 PM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

Log: 'System' Date/Time: 29/05/2019 6:47:32 PM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

Log: 'System' Date/Time: 29/05/2019 6:47:25 PM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

Log: 'System' Date/Time: 29/05/2019 6:47:16 PM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

Log: 'System' Date/Time: 29/05/2019 6:46:02 PM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

Log: 'System' Date/Time: 29/05/2019 6:32:51 PM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

Log: 'System' Date/Time: 29/05/2019 6:25:55 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.hsd1.md.comcast.net timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 29/05/2019 6:19:16 PM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

Log: 'System' Date/Time: 29/05/2019 6:18:08 PM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

Log: 'System' Date/Time: 29/05/2019 6:12:42 PM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

Log: 'System' Date/Time: 29/05/2019 10:26:57 AM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

Log: 'System' Date/Time: 29/05/2019 10:10:26 AM
Type: Warning Category: 0
Event: 17 Source: Microsoft-Windows-WHEA-Logger
A corrected hardware error has occurred. Component: PCI Express Root Port Error Source: Advanced Error Reporting (PCI Express) Bus:Device:Function: 0x0:0x1c:0x0 Vendor ID:Device ID: 0x8086:0xa114 Class Code: 0x30400 The details view of this entry contains further information.

Log: 'System' Date/Time: 29/05/2019 9:49:05 AM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

Log: 'System' Date/Time: 29/05/2019 9:35:52 AM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

Log: 'System' Date/Time: 29/05/2019 9:22:42 AM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

Log: 'System' Date/Time: 29/05/2019 9:22:39 AM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

Log: 'System' Date/Time: 29/05/2019 9:02:04 AM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

=================================================== <VEW_application.txt> 8:28 PM 5/29/2019 ==========================

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 29/05/2019 8:02:05 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 29/05/2019 6:25:16 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND

TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003.

Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 29/05/2019 2:25:02 PM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program UltraFileSearchLite.exe version 4.9.0.17037 stopped interacting with Windows and was closed. To see if more

information about the problem is available, check the problem history in the Action Center control panel. Process ID: 173c

Start Time: 01d51629afd141d1 Termination Time: 10 Application Path: C:\Program Files (x86)\Stegisoft\UltraFileSearch Lite

\UltraFileSearchLite.exe Report Id:

Log: 'Application' Date/Time: 28/05/2019 7:29:28 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND

TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003.

Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 28/05/2019 6:56:29 PM
Type: Error Category: 0
Event: 8193 Source: System Restore
Failed to create restore point (Process = C:\Windows\servicing\TrustedInstaller.exe; Description = Windows Modules

Installer; Error = 0x81000101).

Log: 'Application' Date/Time: 28/05/2019 6:46:22 PM
Type: Error Category: 0
Event: 8193 Source: System Restore
Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error =

0x81000101).

Log: 'Application' Date/Time: 28/05/2019 6:23:21 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND

TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003.

Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 28/05/2019 6:18:17 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND

TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003.

Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 28/05/2019 6:00:11 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND

TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003.

Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 28/05/2019 4:04:21 PM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program firefox.exe version 66.0.5.7066 stopped interacting with Windows and was closed. To see if more information

about the problem is available, check the problem history in the Action Center control panel. Process ID: 1b40 Start Time:

01d5156de3730c2a Termination Time: 16222 Application Path: C:\Program Files\Mozilla Firefox\firefox.exe Report Id:

Log: 'Application' Date/Time: 28/05/2019 3:04:26 PM
Type: Error Category: 3
Event: 3100 Source: Microsoft-Windows-Search
Unable to initialize the filter host process. Terminating.

Details:
    This operation returned because the timeout period

expired. (HRESULT : 0x800705b4) (0x800705b4)

Log: 'Application' Date/Time: 28/05/2019 3:02:32 PM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program firefox.exe version 66.0.5.7066 stopped interacting with Windows and was closed. To see if more information

about the problem is available, check the problem history in the Action Center control panel. Process ID: f8c Start Time:

01d5155b1e3216ca Termination Time: 60000 Application Path: C:\Program Files\Mozilla Firefox\firefox.exe Report Id:

Log: 'Application' Date/Time: 28/05/2019 1:16:07 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND

TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003.

Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 28/05/2019 1:12:12 PM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program wpwin9.exe version 9.0.0.528 stopped interacting with Windows and was closed. To see if more information about

the problem is available, check the problem history in the Action Center control panel. Process ID: 484 Start Time:

01d5155698f99d68 Termination Time: 60000 Application Path: C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs

\wpwin9.exe Report Id:

Log: 'Application' Date/Time: 28/05/2019 12:35:29 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND

TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003.

Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 28/05/2019 12:20:35 PM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program i_view64.exe version 4.52.0.0 stopped interacting with Windows and was closed. To see if more information about

the problem is available, check the problem history in the Action Center control panel. Process ID: 1fe4 Start Time:

01d5154f5a285510 Termination Time: 60000 Application Path: C:\Program Files\IrfanView\i_view64.exe Report Id:

Log: 'Application' Date/Time: 28/05/2019 12:20:08 PM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program explorer.exe version 6.1.7601.17514 stopped interacting with Windows and was closed. To see if more information

about the problem is available, check the problem history in the Action Center control panel. Process ID: 25e8 Start Time:

01d514aea0c66800 Termination Time: 60000 Application Path: C:\Windows\explorer.exe Report Id:

Log: 'Application' Date/Time: 27/05/2019 5:07:15 PM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program explorer.exe version 6.1.7601.17514 stopped interacting with Windows and was closed. To see if more information

about the problem is available, check the problem history in the Action Center control panel. Process ID: 2390 Start Time:

01d5147b5ccbf120 Termination Time: 2700 Application Path: C:\Windows\explorer.exe Report Id:

Log: 'Application' Date/Time: 27/05/2019 11:04:33 AM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program i_view64.exe version 4.52.0.0 stopped interacting with Windows and was closed. To see if more information about

the problem is available, check the problem history in the Action Center control panel. Process ID: 1ec0 Start Time:

01d5147b1d91b940 Termination Time: 60000 Application Path: C:\Program Files\IrfanView\i_view64.exe Report Id:

Log: 'Application' Date/Time: 27/05/2019 11:04:33 AM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program i_view64.exe version 4.52.0.0 stopped interacting with Windows and was closed. To see if more information about

the problem is available, check the problem history in the Action Center control panel. Process ID: 920 Start Time:

01d5147b39eb6a00 Termination Time: 60000 Application Path: C:\Program Files\IrfanView\i_view64.exe Report Id:

Log: 'Application' Date/Time: 27/05/2019 11:01:14 AM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program Explorer.EXE version 6.1.7601.17514 stopped interacting with Windows and was closed. To see if more information

about the problem is available, check the problem history in the Action Center control panel. Process ID: 9e4 Start Time:

01d5109399572602 Termination Time: 59595 Application Path: C:\Windows\Explorer.EXE Report Id:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 29/05/2019 6:14:52 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The

applications or services that hold your registry file may not function properly afterwards.     DETAIL -   93 user registry

handles leaked from \Registry\User\S-1-5-21-956995889-4081865807-2724082783-1000_Classes:
Process 1340 (\Device

\HarddiskVolume3\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE) has opened key \REGISTRY\USER\S-1-5-21-

956995889-4081865807-2724082783-1000_CLASSES
Process 1484 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast

\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES
Process 5908 (\Device

\HarddiskVolume3\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE) has opened key \REGISTRY\USER\S-1-5-21-

956995889-4081865807-2724082783-1000_CLASSES
Process 5908 (\Device\HarddiskVolume3\Program Files (x86)\Microsoft Office

\Office12\WINWORD.EXE) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES
Process 1340

(\Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE) has opened key \REGISTRY\USER\S-1-5-21-

956995889-4081865807-2724082783-1000_CLASSES
Process 3620 (\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect

Office 2000\programs\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local

Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\161\Shell
Process 3620 (\Device\HarddiskVolume3\Program Files (x86)\Corel

\WordPerfect Office 2000\programs\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-

1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\161\Shell
Process 5908 (\Device\HarddiskVolume3\Program

Files (x86)\Microsoft Office\Office12\WINWORD.EXE) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-

1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\12\Shell
Process 5908 (\Device\HarddiskVolume3\Program

Files (x86)\Microsoft Office\Office12\WINWORD.EXE) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-

1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\12\Shell
Process 1340 (\Device\HarddiskVolume3\Program

Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-

1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\12\Shell
Process 1340 (\Device\HarddiskVolume3\Program

Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-

1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\12\Shell
Process 3620 (\Device\HarddiskVolume3\Program

Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-

2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\1473\Shell
Process 3620 (\Device

\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5

-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\1473\Shell
Process 3620

(\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe) has opened key \REGISTRY

\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\1473\Shell
Process 3620 (\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe) has opened key

\REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags

\1473\Shell
Process 1340 (\Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE) has opened key

\REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags

\21\Shell
Process 1340 (\Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE) has opened key

\REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags

\21\Shell
Process 5908 (\Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE) has opened key

\REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\WOW6432NODE\CLSID
Process 1340 (\Device

\HarddiskVolume3\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE) has opened key \REGISTRY\USER\S-1-5-21-

956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\11\ComDlg\{B3690E58-E961-

423B-B687-386EBFD83239}
Process 1340 (\Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE) has

opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows

\Shell\Bags\11\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}
Process 5908 (\Device\HarddiskVolume3\Program Files

(x86)\Microsoft Office\Office12\WINWORD.EXE) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-

1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\11\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}
Process

5908 (\Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE) has opened key \REGISTRY\USER\S-1-

5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\11\ComDlg\{B3690E58-

E961-423B-B687-386EBFD83239}
Process 5908 (\Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE)

has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT

\Windows\Shell\Bags\AllFolders\Shell
Process 3620 (\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office

2000\programs\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local

Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\AllFolders\Shell
Process 3620 (\Device\HarddiskVolume3\Program Files

(x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-

2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\AllFolders\Shell
Process 3620 (\Device

\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5

-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\AllFolders\Shell
Process 3620 (\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe) has opened key

\REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags

\AllFolders\Shell
Process 3620 (\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs

\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE

\MICROSOFT\Windows\Shell\Bags\AllFolders\Shell
Process 3620 (\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect

Office 2000\programs\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local

Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\AllFolders\Shell
Process 5908 (\Device\HarddiskVolume3\Program Files

(x86)\Microsoft Office\Office12\WINWORD.EXE) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-

1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\AllFolders\Shell
Process 3620 (\Device

\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5

-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\AllFolders\Shell
Process 3596 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-

2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\AllFolders\Shell
Process 1340 (\Device

\HarddiskVolume3\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE) has opened key \REGISTRY\USER\S-1-5-21-

956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\AllFolders\Shell
Process

1340 (\Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE) has opened key \REGISTRY\USER\S-1-

5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\AllFolders\Shell
Process 1340 (\Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE) has opened key \REGISTRY

\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\AllFolders

\Shell
Process 1340 (\Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE) has opened key

\REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags

\AllFolders\Shell
Process 3620 (\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs

\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE

\MICROSOFT\Windows\Shell\Bags\AllFolders\Shell
Process 3596 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key

\REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags

\AllFolders\Shell
Process 3596 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-

956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\AllFolders\Shell
Process

3596 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-

1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\AllFolders\Shell
Process 1340 (\Device

\HarddiskVolume3\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE) has opened key \REGISTRY\USER\S-1-5-21-

956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\21\ComDlg\{5C4F28B5-F869-

4E84-8E60-F11DB97C5CC7}
Process 1340 (\Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE) has

opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows

\Shell\Bags\21\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Process 3596 (\Device\HarddiskVolume3\Windows\explorer.exe) has

opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows

\Shell\Bags\829\Shell\{B3690E58-E961-423B-B687-386EBFD83239}
Process 3596 (\Device\HarddiskVolume3\Windows\explorer.exe) has

opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows

\Shell\Bags\829\Shell\{B3690E58-E961-423B-B687-386EBFD83239}
Process 5908 (\Device\HarddiskVolume3\Program Files

(x86)\Microsoft Office\Office12\WINWORD.EXE) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-

1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell
Process 3596 (\Device\HarddiskVolume3\Windows\explorer.exe) has

opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows

\Shell
Process 1340 (\Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE) has opened key

\REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell
Process

3620 (\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe) has opened key

\REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell
Process

5908 (\Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE) has opened key \REGISTRY\USER\S-1-

5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\11\Shell
Process 5908

(\Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE) has opened key \REGISTRY\USER\S-1-5-21-

956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\11\Shell
Process 3596

(\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-

1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\11\Shell
Process 3596 (\Device\HarddiskVolume3\Windows

\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE

\MICROSOFT\Windows\Shell\Bags\11\Shell
Process 3596 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY

\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\11\Shell
Process 3596 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-

2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\11\Shell
Process 1340 (\Device

\HarddiskVolume3\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE) has opened key \REGISTRY\USER\S-1-5-21-

956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\11\Shell
Process 1340

(\Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE) has opened key \REGISTRY\USER\S-1-5-21-

956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\11\Shell
Process 1340

(\Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE) has opened key \REGISTRY\USER\S-1-5-21-

956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\9\Shell
Process 1340

(\Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE) has opened key \REGISTRY\USER\S-1-5-21-

956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\9\Shell
Process 3596

(\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-

1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\9\Shell
Process 3596 (\Device\HarddiskVolume3\Windows

\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE

\MICROSOFT\Windows\Shell\Bags\9\Shell
Process 3620 (\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office

2000\programs\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local

Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\9\Shell
Process 3620 (\Device\HarddiskVolume3\Program Files (x86)\Corel

\WordPerfect Office 2000\programs\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-

1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\9\Shell
Process 5908 (\Device\HarddiskVolume3\Program Files

(x86)\Microsoft Office\Office12\WINWORD.EXE) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-

1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Process

5908 (\Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE) has opened key \REGISTRY\USER\S-1-

5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-

F869-4E84-8E60-F11DB97C5CC7}
Process 1340 (\Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE)

has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT

\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Process 1340 (\Device\HarddiskVolume3\Program Files

(x86)\Microsoft Office\Office12\OUTLOOK.EXE) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-

1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Process

5908 (\Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE) has opened key \REGISTRY\USER\S-1-

5-21-956995889-4081865807-2724082783-1000_CLASSES\.html
Process 5908 (\Device\HarddiskVolume3\Program Files (x86)\Microsoft

Office\Office12\WINWORD.EXE) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\.htm
Process

1340 (\Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE) has opened key \REGISTRY\USER\S-1-

5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-

F869-4E84-8E60-F11DB97C5CC7}
Process 1340 (\Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE)

has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT

\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Process 3620 (\Device\HarddiskVolume3\Program Files

(x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-

2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\1540\Shell
Process 3620 (\Device

\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5

-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\1540\Shell
Process 3620

(\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe) has opened key \REGISTRY

\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\1540\Shell
Process 3620 (\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe) has opened key

\REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags

\1540\Shell
Process 3620 (\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe) has

opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows

\Shell\Bags\1540\Shell
Process 3620 (\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs

\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE

\MICROSOFT\Windows\Shell\Bags\1540\Shell
Process 5908 (\Device\HarddiskVolume3\Program Files (x86)\Microsoft Office

\Office12\WINWORD.EXE) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings

\SOFTWARE\MICROSOFT\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-

EC83085F08CC}
Process 5908 (\Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE) has opened key

\REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags

\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}
Process 3596 (\Device

\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES

\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\12\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Process 3596 (\Device

\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES

\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\12\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Process 3620 (\Device

\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5

-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\162\Shell
Process 3620

(\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe) has opened key \REGISTRY

\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\162\Shell
Process 5908 (\Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE) has opened key \REGISTRY

\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\355\ComDlg
Process 5908 (\Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE) has opened key \REGISTRY

\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\355\ComDlg
Process 5908 (\Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE) has opened key \REGISTRY

\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\355\ComDlg
Process 3596 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-

2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\829\Shell
Process 3596 (\Device

\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES

\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\829\Shell
Process 1340 (\Device\HarddiskVolume3\Program Files

(x86)\Microsoft Office\Office12\OUTLOOK.EXE) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-

1000_CLASSES\MIME\Database
Process 3596 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-

21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\11\Shell\{B3690E58-

E961-423B-B687-386EBFD83239}
Process 3596 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5

-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\11\Shell\{B3690E58-

E961-423B-B687-386EBFD83239}
Process 3596 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5

-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\11\Shell\{B3690E58-

E961-423B-B687-386EBFD83239}
Process 3596 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5

-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\MuiCache
Process 3620

(\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe) has opened key \REGISTRY

\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\MuiCache

Log: 'Application' Date/Time: 29/05/2019 6:14:52 PM
Type: Warning Category: 0
Event: 6006 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> took 155 second(s) to handle the notification event (Logoff).

Log: 'Application' Date/Time: 29/05/2019 6:13:16 PM
Type: Warning Category: 0
Event: 6005 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> is taking long time to handle the notification event (Logoff).

Log: 'Application' Date/Time: 28/05/2019 7:50:28 PM
Type: Warning Category: 3
Event: 10023 Source: Microsoft-Windows-Search
The protocol host process 6544 did not respond and is being forcibly terminated {filter host process 5496}.

Log: 'Application' Date/Time: 28/05/2019 7:36:04 PM
Type: Warning Category: 0
Event: 6006 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <TrustedInstaller> took 338 second(s) to handle the notification event (CreateSession).

Log: 'Application' Date/Time: 28/05/2019 7:31:26 PM
Type: Warning Category: 0
Event: 6005 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <TrustedInstaller> is taking long time to handle the notification event

(CreateSession).

Log: 'Application' Date/Time: 28/05/2019 7:21:20 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The

applications or services that hold your registry file may not function properly afterwards.     DETAIL -   14 user registry

handles leaked from \Registry\User\S-1-5-21-956995889-4081865807-2724082783-1000_Classes:
Process 2176 (\Device

\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES
Process 2176 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-

2724082783-1000_CLASSES
Process 2176 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-

956995889-4081865807-2724082783-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell
Process

2176 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-

1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell
Process 2176 (\Device

\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES

\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell
Process 2176 (\Device\HarddiskVolume3\Windows

\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\Software

\Microsoft\Windows\Shell\Bags\AllFolders\Shell
Process 2176 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key

\REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags

\829\Shell\{B3690E58-E961-423B-B687-386EBFD83239}
Process 2176 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key

\REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags

\829\Shell\{B3690E58-E961-423B-B687-386EBFD83239}
Process 2176 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key

\REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell
Process

2176 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-

1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel
Process

2176 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-

1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\829\Shell
Process 2176 (\Device\HarddiskVolume3\Windows

\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\Software

\Microsoft\Windows\Shell\Bags\829\Shell
Process 2176 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY

\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\4643\Shell

\{DE4F0660-FA10-4B8F-A494-068B20B22307}
Process 2176 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY

\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\4643\Shell

\{DE4F0660-FA10-4B8F-A494-068B20B22307}

Log: 'Application' Date/Time: 28/05/2019 7:21:20 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The

applications or services that hold your registry file may not function properly afterwards.     DETAIL -   25 user registry

handles leaked from \Registry\User\S-1-5-21-956995889-4081865807-2724082783-1000:
Process 2176 (\Device

\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000
Process

1324 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-

956995889-4081865807-2724082783-1000
Process 1324 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe)

has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000
Process 1324 (\Device\HarddiskVolume3\Program

Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000
Process

2176 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-

1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
Process 2176 (\Device\HarddiskVolume3\Windows

\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software
Process 2176 (\Device

\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software

\Microsoft\Windows\CurrentVersion\Ext\Settings\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}
Process 2176 (\Device

\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software

\Microsoft\Internet Explorer\Main\WindowsSearch
Process 2176 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key

\REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings

\{AA58ED58-01DD-4D91-8333-CF10577473F7}
Process 2176 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY

\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist

\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
Process 2176 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key

\REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
Process 2176 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-

2724082783-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 2176 (\Device

\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software

\Microsoft\Windows\CurrentVersion\Internet Settings
Process 2176 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened

key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Windows\CurrentVersion\Internet

Settings
Process 2176 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-

4081865807-2724082783-1000\Software\Microsoft\Windows\Shell\Bags\1\Desktop
Process 2176 (\Device\HarddiskVolume3\Windows

\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Internet

Explorer\Main\FeatureControl
Process 2176 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5

-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 2176 (\Device

\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software

\Microsoft\Windows\CurrentVersion\Explorer
Process 2176 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key

\REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings

\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}
Process 2176 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY

\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Windows NT\CurrentVersion
Process 2176 (\Device

\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software

\Microsoft\Windows\Shell
Process 2176 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-

956995889-4081865807-2724082783-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Process 2176

(\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-

1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count
Process 2176

(\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-

1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Process 2176 (\Device

\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software

\Policies

Log: 'Application' Date/Time: 28/05/2019 7:10:41 PM
Type: Warning Category: 3
Event: 10023 Source: Microsoft-Windows-Search
The protocol host process 8020 did not respond and is being forcibly terminated {filter host process 6504}.

Log: 'Application' Date/Time: 28/05/2019 7:03:41 PM
Type: Warning Category: 3
Event: 10023 Source: Microsoft-Windows-Search
The protocol host process 2460 did not respond and is being forcibly terminated {filter host process 7072}.

Log: 'Application' Date/Time: 28/05/2019 6:49:55 PM
Type: Warning Category: 3
Event: 10024 Source: Microsoft-Windows-Search
The filter host process 1676 did not respond and is being forcibly terminated.

Log: 'Application' Date/Time: 28/05/2019 6:49:25 PM
Type: Warning Category: 3
Event: 10023 Source: Microsoft-Windows-Search
The protocol host process 2944 did not respond and is being forcibly terminated {filter host process 1676}.

Log: 'Application' Date/Time: 28/05/2019 6:42:25 PM
Type: Warning Category: 3
Event: 10024 Source: Microsoft-Windows-Search
The filter host process 7232 did not respond and is being forcibly terminated.

Log: 'Application' Date/Time: 28/05/2019 6:41:55 PM
Type: Warning Category: 3
Event: 10023 Source: Microsoft-Windows-Search
The protocol host process 6920 did not respond and is being forcibly terminated {filter host process 7232}.

Log: 'Application' Date/Time: 28/05/2019 6:20:32 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The

applications or services that hold your registry file may not function properly afterwards.     DETAIL -   2 user registry

handles leaked from \Registry\User\S-1-5-21-956995889-4081865807-2724082783-1000_Classes:
Process 3840 (\Device

\HarddiskVolume3\Program Files\Synaptics\SynTP\SynTPEnh.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-

2724082783-1000_CLASSES
Process 3840 (\Device\HarddiskVolume3\Program Files\Synaptics\SynTP\SynTPEnh.exe) has opened key

\REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES

Log: 'Application' Date/Time: 28/05/2019 6:20:31 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The

applications or services that hold your registry file may not function properly afterwards.     DETAIL -   18 user registry

handles leaked from \Registry\User\S-1-5-21-956995889-4081865807-2724082783-1000:
Process 1312 (\Device

\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-

4081865807-2724082783-1000
Process 1312 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened

key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000
Process 3412 (\Device\HarddiskVolume3\Program Files

\Synaptics\SynTP\SynTPEnh.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000
Process 3840

(\Device\HarddiskVolume3\Program Files\Synaptics\SynTP\SynTPEnh.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-

4081865807-2724082783-1000
Process 3412 (\Device\HarddiskVolume3\Program Files\Synaptics\SynTP\SynTPEnh.exe) has opened key

\REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Synaptics\SynTP
Process 3840 (\Device

\HarddiskVolume3\Program Files\Synaptics\SynTP\SynTPEnh.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-

2724082783-1000\Software
Process 3840 (\Device\HarddiskVolume3\Program Files\Synaptics\SynTP\SynTPEnh.exe) has opened key

\REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Internet Explorer\Main
Process 3840 (\Device

\HarddiskVolume3\Program Files\Synaptics\SynTP\SynTPEnh.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-

2724082783-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
Process 3840 (\Device\HarddiskVolume3\Program

Files\Synaptics\SynTP\SynTPEnh.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software

\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 3840 (\Device\HarddiskVolume3\Program Files\Synaptics

\SynTP\SynTPEnh.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Windows

\CurrentVersion\Internet Settings
Process 3840 (\Device\HarddiskVolume3\Program Files\Synaptics\SynTP\SynTPEnh.exe) has

opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Internet Explorer\Main

\FeatureControl
Process 3412 (\Device\HarddiskVolume3\Program Files\Synaptics\SynTP\SynTPEnh.exe) has opened key \REGISTRY

\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 3840 (\Device

\HarddiskVolume3\Program Files\Synaptics\SynTP\SynTPEnh.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-

2724082783-1000\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 3412 (\Device\HarddiskVolume3\Program Files

\Synaptics\SynTP\SynTPEnh.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software

\Microsoft\Windows NT\CurrentVersion
Process 3840 (\Device\HarddiskVolume3\Program Files\Synaptics\SynTP\SynTPEnh.exe) has

opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Windows NT\CurrentVersion
Process

3412 (\Device\HarddiskVolume3\Program Files\Synaptics\SynTP\SynTPEnh.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-

4081865807-2724082783-1000\Control Panel\Mouse
Process 3840 (\Device\HarddiskVolume3\Program Files\Synaptics\SynTP

\SynTPEnh.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Windows

\CurrentVersion\Internet Settings\ZoneMap
Process 3840 (\Device\HarddiskVolume3\Program Files\Synaptics\SynTP\SynTPEnh.exe)

has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Policies

Log: 'Application' Date/Time: 28/05/2019 5:49:47 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The

applications or services that hold your registry file may not function properly afterwards.     DETAIL -   18 user registry

handles leaked from \Registry\User\S-1-5-21-956995889-4081865807-2724082783-1000_Classes:
Process 4556 (\Device

\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5

-21-956995889-4081865807-2724082783-1000_CLASSES
Process 4556 (\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect

Office 2000\programs\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES
Process

4556 (\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe) has opened key

\REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags

\AllFolders\Shell
Process 4556 (\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs

\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\Software

\Microsoft\Windows\Shell\Bags\AllFolders\Shell
Process 4556 (\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect

Office 2000\programs\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local

Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell
Process 4556 (\Device\HarddiskVolume3\Program Files

(x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-

2724082783-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell
Process 4556 (\Device

\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5

-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell
Process 4556 (\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe) has opened key

\REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell
Process

4556 (\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe) has opened key

\REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags

\11\Shell
Process 4556 (\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe) has

opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\Software\Microsoft\Windows

\Shell\Bags\11\Shell
Process 4556 (\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs

\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\Software

\Microsoft\Windows\Shell\Bags\3735\Shell
Process 4556 (\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office

2000\programs\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local

Settings\Software\Microsoft\Windows\Shell\Bags\3735\Shell
Process 4556 (\Device\HarddiskVolume3\Program Files (x86)\Corel

\WordPerfect Office 2000\programs\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-

1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell
Process 4556 (\Device\HarddiskVolume3\Program Files

(x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-

2724082783-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell
Process 4556 (\Device

\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5

-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\221\Shell
Process 4556

(\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe) has opened key \REGISTRY

\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\221\Shell
Process 4556 (\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe) has opened key

\REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags

\3684\Shell
Process 4556 (\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe) has

opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\Software\Microsoft\Windows

\Shell\Bags\3684\Shell

Log: 'Application' Date/Time: 28/05/2019 5:49:46 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The

applications or services that hold your registry file may not function properly afterwards.     DETAIL -   19 user registry

handles leaked from \Registry\User\S-1-5-21-956995889-4081865807-2724082783-1000:
Process 4556 (\Device

\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5

-21-956995889-4081865807-2724082783-1000
Process 1280 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast

\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000
Process 1280 (\Device

\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-

4081865807-2724082783-1000
Process 1280 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened

key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Windows\CurrentVersion\Internet

Settings\5.0\Cache
Process 1280 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key

\REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software
Process 4556 (\Device\HarddiskVolume3\Program Files

(x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-

2724082783-1000\Software\Corel\WritingTools\9\Main Word Lists\US
Process 1280 (\Device\HarddiskVolume3\Program Files\AVAST

Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft

\Internet Explorer\Main
Process 4556 (\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs

\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Corel\WordPerfect

\9\Writing Tools
Process 4556 (\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe)

has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Windows\CurrentVersion

\Explorer\FileExts
Process 4556 (\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs

\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Corel\PerfectScript

\9\Commands\WordPerfect
Process 1280 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key

\REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1280 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-

21-956995889-4081865807-2724082783-1000\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows

Policy to modify. See aka.ms/browserpolicy
Process 4556 (\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office

2000\programs\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Corel

\WritingTools\9\Grammatik\US
Process 4556 (\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office

2000\programs\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Corel

\Conversions\9\CodePageData\EN
Process 4556 (\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office

2000\programs\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft

\Windows\CurrentVersion\Explorer
Process 4556 (\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office

2000\programs\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft

\Windows NT\CurrentVersion
Process 4556 (\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs

\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Corel\WritingTools

\9\Thesaurus\US
Process 4556 (\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe)

has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Corel\WordPerfect\9\Third Party
Process

1280 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-

956995889-4081865807-2724082783-1000\Software\Policies

Log: 'Application' Date/Time: 28/05/2019 5:44:33 PM
Type: Warning Category: 3
Event: 10024 Source: Microsoft-Windows-Search
The filter host process 8152 did not respond and is being forcibly terminated.

Log: 'Application' Date/Time: 28/05/2019 5:44:03 PM
Type: Warning Category: 3
Event: 10023 Source: Microsoft-Windows-Search
The protocol host process 7800 did not respond and is being forcibly terminated {filter host process 8152}.

I hope I did not miss anything. Thank you very much!!

Boris

Attached Files

COMPAQ.txt 169.55KB 524 downloads

#4
RKinner

Posted 29 May 2019 - 07:45 PM

Malware Expert

Expert
24,625 posts

In Notepad before you copy a log click on Format then UNCHECK Word Wrap.

Also please just copy and paste without making changes to the font or format.

Is there a reason for running both Word Perfect and Word?

Log: 'System' Date/Time: 29/05/2019 6:23:55 PM
Type: Error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk1\DR1.

This may be your problem. Usually a disk check will clear the error tho it's hard to know for sure which drive they are complaining about so it's best to check both:

1. Double-click Computer, and then right-click the hard disk that you want to check. C: (As you have two drives you should repeat the disk check for the K drive too tho it probably won't need a reboot)
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then click on the Event Viewer. Next click on the arrow in front of Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after the line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. Does this finish without complaint? IF it says it couldn't fix everything then:

Copy the next two lines:

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  %UserProfile%\desktop\junk.txt

notepad %UserProfile%\desktop\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter if notepad does not open. Copy and paste the text from notepad into a reply. Close notepad. Close the Command Window.

Do the disk check on K: before going further.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application. (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

#5
BerDov

Posted 31 May 2019 - 05:45 AM

Member

Topic Starter
Member
228 posts

Thank you, Ron!

I still use WP, an old, at least 20 y.o. version, for all my personal notes and correspondence because I love it. In my opinion, it was superior to Word, but Corel lost to Microsoft.

NOTE. The steps to Clear Log differed from what you described:

Here is the steps performed:

Right click on (My) Computer and select Manage (Continue)

Then click on the Event Viewer.

Highlight 'System' in the 'Log Summary' pane;

In the 'Actions' menu, which appears on the right, click on 'View events in this log' ;

Click on 'Clear log...' in the Actions menu.

[this was the first time that the Clear Log option appeared].

Repeat for Application.

Reboot. The disk check will run and will probably take an hour or more to finish.

Ran check disk on C:\ [took 3hrs to complete]

Executed sfc /scannow

Returned:

"Verification 100% complete.

Windows Resource Protection did not find any integrity violations."

Ran Check disk on K:\

"No problems were found on the device or disk".

Executed VEW.exe for System

================ <VEW_system_2.txt> 7:30 AM 5/31/2019 =====================

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 31/05/2019 7:27:59 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 31/05/2019 11:24:46 AM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

Log: 'System' Date/Time: 31/05/2019 11:24:42 AM
Type: Warning Category: 0
Event: 17 Source: Microsoft-Windows-WHEA-Logger
A corrected hardware error has occurred. Component: PCI Express Endpoint Error Source: Advanced Error Reporting (PCI Express) Bus:Device:Function: 0x1:0x0:0x0 Vendor ID:Device ID: 0x10ec:0x8168 Class Code: 0x10000 The details view of this entry contains further information.

Log: 'System' Date/Time: 31/05/2019 11:24:42 AM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

Log: 'System' Date/Time: 31/05/2019 11:24:38 AM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

Log: 'System' Date/Time: 31/05/2019 11:24:34 AM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

Log: 'System' Date/Time: 31/05/2019 11:24:30 AM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

Log: 'System' Date/Time: 31/05/2019 11:24:27 AM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

Log: 'System' Date/Time: 31/05/2019 11:19:13 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name updatesproductnews.gfi.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 31/05/2019 5:34:15 AM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

Log: 'System' Date/Time: 31/05/2019 5:34:11 AM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

Log: 'System' Date/Time: 31/05/2019 5:34:04 AM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

Log: 'System' Date/Time: 31/05/2019 5:34:01 AM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

Log: 'System' Date/Time: 31/05/2019 5:33:57 AM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

Log: 'System' Date/Time: 31/05/2019 5:33:52 AM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

Log: 'System' Date/Time: 31/05/2019 5:33:49 AM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

Log: 'System' Date/Time: 31/05/2019 5:33:45 AM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

Log: 'System' Date/Time: 31/05/2019 5:33:41 AM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

Log: 'System' Date/Time: 31/05/2019 5:33:37 AM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

Log: 'System' Date/Time: 31/05/2019 5:33:33 AM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

Log: 'System' Date/Time: 31/05/2019 5:32:05 AM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.

Executed VEW.exe for Application.

================ < VEW_application_2.txt> 7:39 AM 5/31/2019 =================

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 31/05/2019 7:38:34 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 30/05/2019 7:56:09 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 30/05/2019 5:01:26 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-956995889-4081865807-2724082783-1000_Classes:
Process 1448 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES
Process 7368 (\Device\HarddiskVolume3\Windows\System32\rundll32.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES

Log: 'Application' Date/Time: 30/05/2019 5:01:25 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 14 user registry handles leaked from \Registry\User\S-1-5-21-956995889-4081865807-2724082783-1000:
Process 1448 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000
Process 1448 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000
Process 1448 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000
Process 1448 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000
Process 7368 (\Device\HarddiskVolume3\Windows\System32\rundll32.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000
Process 1448 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
Process 1448 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software
Process 1448 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Internet Explorer\Main
Process 1448 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
Process 1448 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1448 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy
Process 1564 (\Device\HarddiskVolume3\Windows\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Acro Software Inc\CPW
Process 1564 (\Device\HarddiskVolume3\Windows\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Acro Software Inc\CPW
Process 1448 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Policies

==============================================================

QUESTION. The K:\ disk is an external backup disk to the main "data" disk G:\, also external (after experiencing a crush years ago I started keeping all data on external USB drives). Why did I not have to check disk G:\ ?

Thank you!

Boris

#6
RKinner

Posted 31 May 2019 - 08:13 AM

Malware Expert

Expert
24,625 posts

Sorry missed it. We do need to check it since we are still getting the same error.

Clear the alarms then run the disk check on G: then run VEW again.

Also it looks like you need a new driver for your network adapter. Realtek PCIe GBE Family Controller

You can try right click on Computer, select Manage then Device Manager. Click on the arrow in front of Network Adapters then find the Realtek PCIe GBE Family Controller right click and Update Driver. IF it says you have the latest then right click on the adapter again and select Properties then

Details then change where it says Device Description to Hardware Ids. You will get something like:

PCI\VEN_10EC&DEV_8168&SUBSYS_367417AA&REV_09
PCI\VEN_10EC&DEV_8168&SUBSYS_367417AA
PCI\VEN_10EC&DEV_8168&CC_020000
PCI\VEN_10EC&DEV_8168&CC_0200

Click on the top line then right click and Copy. Move to a reply and Paste (Ctrl + v)

#7
BerDov

Posted 31 May 2019 - 02:49 PM

Member

Topic Starter
Member
228 posts

Ron,

I think my G:\ drive stopped working, totally. I will spare you the details right now (unless you want to know exactly). What are my options? I think there is a command c:\>chkdsk g: I can run, but I do not know how to write the parameters which you described as "check both boxes".

Thank you!

Boris

#8
RKinner

Posted 31 May 2019 - 03:30 PM

Malware Expert

Expert
24,625 posts

chkdsk /r G:

I see now why I didn't pick up on the G: the first time. In Speccy it doesn't have any SMART info. Usually a bad sign unless it is terribly old.

Since this is an external drive it might help to move it to a different port. Perhaps swap with the K: to rule out the USB port.

Every external drive I've seen is just a standard hard drive (usually a 2.5 inch) inside a box which has a USB to SATA adapter, Normally you can get it out of the box by unscrewing a few screws.

If the problem is the USB to SATA adapter and the drive is the smallish 2.5 size then you can get a simple one:

USB 3.0 SATA III Hard Drive Adapter Cable for 2.5 Inch SSD & HDD with Support UASP-20cm, Black

Amazon $7.88

If it's the larger size you need:

UGREEN SATA to USB Cable USB 3.0 to Hard Drive Adapter Converter for 2.5 3.5 Inch Hard Drive Disk HDD SATA III and SSD Support UASP with 12V 2A Power Adapter

Amazon $17.99

or a SATA Dock (nicer option) and works for either size for $1 more:

WAVLINK USB 3.0 to SATA External Hard Drive Docking Station for 2.5/3.5 Inch SATA I/II/III HDD SSD, Support Backup/UASP Functions [10TB],Tool-Free-Black

Or since you have a desktop you might be able to mount it internally if you have a spare SATA port and power connection. (You can usually borrow the cables from the DVD as a test). Might not be able to mount it but just make sure it doesn't short to anything

#9
BerDov

Posted 01 June 2019 - 05:07 PM

Member

Topic Starter
Member
228 posts

Thank you so much for the reply!!

Firstly, I checked the driver properties as you previously suggested:

RE Driver update: "Windows determined that the driver s/w is up to date"

From Properties/details/hardware ID's:

PCI\VEN_10EC&DEV_8168&SUBSYS_8061103C&REV_15

PCI\VEN_10EC&DEV_8168&SUBSYS_8061103C

PCI\VEN_10EC&DEV_8168&CC_020000

PCI\VEN_10EC&DEV_8168&CC_0200

Next, I executed chkdsk /r G:

============== ========================================================

Microsoft Windows [Version 6.1.7601]

C:\ >chkdsk /r g:

The type of the file system is NTFS.

Chkdsk cannot run because the volume is in use by another

process. Chkdsk may run if this volume is dismounted first.

ALL OPENED HANDLES TO THIS VOLUME WOULD THEN BE INVALID.

Would you like to force a dismount on this volume? (Y/N) y

Volume dismounted. All opened handles to this volume are now invalid.

Volume label is zz_TOSHIBA EXT.

CHKDSK is verifying files (stage 1 of 5)...

0 percent complete. (0 of 317696 file records processed)

Deleting corrupt attribute record (128, "")

from file record segment 18327.

317696 file records processed.

File verification completed.

13 large file records processed.

0 bad file records processed.

0 EA records processed.

0 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 5)...

10 percent complete. (317698 of 350496 index entries processed)

Correcting error in index $O for file 25.

Insufficient disk space to correct errors

in index $O of file 25.

Insufficient disk space to insert the index entry.

============== ========================================================

The disk shows 601GB free of 931GB, so I do not know how to interpret the last line.

Here is what I think. The disk is 3 yrs 2 months old and is in use daily. Perhaps it is coming to an end of life hence all these problems. I see two options. One: scrap it and buy a new one; two: reformat it in the hope it will last another year or two. Do you have an opinion?

QUESTION. In my initial post I wrote: " Moving a small file between folders takes forever, like 1-3 min."

This may be an issue related to Win 7 rather than the disk. Quite often, when moving or copying or deleting files, windows displays a message reading "Discovering items..." and then nothing happens for 5-10min or longer. I looked for, but found nothing just now in geekstogo forums. There are few old, dated 2011-2014, cries to heavens found on the web but no practical solution. Someone suggested the slowdown might be caused by an anti-virus s/w, but when the "suspect" is a 50K jpg file this seems illogical.

Do you happen to know what is this and if this can be fixed?

Thank you!

#10
RKinner

Posted 01 June 2019 - 09:33 PM

Malware Expert

Expert
24,625 posts

Drive is failing. Don't think reformatting will help. Expect it is also the reason your file transfers are so slow.

Forgot to ask you for the Driver Version. Go back into Device Manager and right click on the Realtek and select Properties then Driver. It should show the Driver Version.

#11
BerDov

Posted 02 June 2019 - 09:00 AM

Member

Topic Starter
Member
228 posts

Thanks, Ron,

Realtek driver version: 7.94.723.2015.

A few months ago I installed, on a different computer, a program called Hard Disk Sentinel. I forgot about it, but installed it here just now and immediately got this message, in RED:

Failure Predicted - Attribute: 5 Reallocated Sectors Count, Count of sectors moved to the spare area. Indicate problem with the disk surface or the read/write heads.

There are 16376 bad sectors on the disk surface. The contents of these sectors were moved to the spare area.

Based on the number of remapping operations, the bad sectors may form continuous areas.

Replace hard disk immediately.

It is recommended to backup immediately to prevent data loss.

This confirms everything you've said and I really really appreciate your time and advice.

Now that we are talking, do you mind if I bring up a different issue?

Boris

Edited by BerDov, 02 June 2019 - 09:00 AM.

#12
RKinner

Posted 02 June 2019 - 02:30 PM

Malware Expert

Expert
24,625 posts

See if you can get this driver to install:

https://drp.su/en/hw...s=windows-7-x64

Look for the link below where it says:

Download PCI\VEN_10EC&DEV_8168 device drivers for Windows 7 x64 for free

Download, Save then right click and Extract All. Then you need to double click on

Realtek then on

matchvers

then on

FORCED

then on

7X64

then on

PCIe....

then right click on rt64win7.inf

then INSTALL. Hopefully that will work. Alternatively you can do a driver update and point it at the same folder (PCIe...)

Glad to help with any problem if I can. What's the problem?

#13
BerDov

Posted 02 June 2019 - 06:29 PM

Member

Topic Starter
Member
228 posts

Thanks!

The first method did not work, the second did:

...then INSTALL. Hopefully that will work.

"The INF file you selected does not support this method of installation"

Alternatively you can do a driver update and point it at the same folder (PCIe...)

"Windows has successfully updated..."

I erased the disk G:\ and ordered a new one today.

If this issue is closed, I will prepare a short description of the other one.

#14
RKinner

Posted 02 June 2019 - 09:11 PM

Malware Expert

Expert
24,625 posts

could you reboot and run VEW again to make sure the driver solved the problem?

Go ahead and tell me about your other problem.

#15
BerDov

Posted 03 June 2019 - 10:09 AM

Member

Topic Starter
Member
228 posts

Rebooted the machine;

logs:

========== Vino's Event Viewer 'System' Log 03/06/2019 11:58:34 AM =====================

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 03/06/2019 11:58:34 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 31/05/2019 8:23:45 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 03/06/2019 11:45:08 AM
Type: Error Category: 0
Event: 2017 Source: srv
The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.

Log: 'System' Date/Time: 03/06/2019 12:18:09 AM
Type: Error Category: 0
Event: 2017 Source: srv
The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.

Log: 'System' Date/Time: 02/06/2019 9:27:04 PM
Type: Error Category: 0
Event: 2017 Source: srv
The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.

Log: 'System' Date/Time: 02/06/2019 2:48:09 PM
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume zz_TOSHIBA EXT.

Log: 'System' Date/Time: 02/06/2019 1:12:23 PM
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume zz_TOSHIBA EXT.

Log: 'System' Date/Time: 02/06/2019 11:45:04 AM
Type: Error Category: 0
Event: 2017 Source: srv
The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.

Log: 'System' Date/Time: 02/06/2019 1:31:13 AM
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume zz_TOSHIBA EXT.

Log: 'System' Date/Time: 02/06/2019 1:31:13 AM
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume zz_TOSHIBA EXT.

Log: 'System' Date/Time: 01/06/2019 10:01:42 PM
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume zz_TOSHIBA EXT.

Log: 'System' Date/Time: 01/06/2019 10:01:42 PM
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume zz_TOSHIBA EXT.

Log: 'System' Date/Time: 01/06/2019 10:01:22 PM
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume zz_TOSHIBA EXT.

Log: 'System' Date/Time: 01/06/2019 10:01:20 PM
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume zz_TOSHIBA EXT.

Log: 'System' Date/Time: 01/06/2019 10:01:15 PM
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume zz_TOSHIBA EXT.

Log: 'System' Date/Time: 01/06/2019 9:35:47 PM
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume G:.

Log: 'System' Date/Time: 31/05/2019 11:22:50 PM
Type: Error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk1\DR1.

Log: 'System' Date/Time: 31/05/2019 11:03:10 PM
Type: Error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk1\DR1.

Log: 'System' Date/Time: 31/05/2019 8:52:27 PM
Type: Error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk1\DR1.

Log: 'System' Date/Time: 31/05/2019 8:39:55 PM
Type: Error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk1\DR1.

Log: 'System' Date/Time: 31/05/2019 8:30:09 PM
Type: Error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk1\DR1.

Log: 'System' Date/Time: 31/05/2019 8:30:06 PM
Type: Error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk1\DR1.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 03/06/2019 1:29:34 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name dnd.tools.avast.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 03/06/2019 1:26:58 PM
Type: Warning Category: 0
Event: 1073 Source: USER32
The attempt by user Compaq\DovBer to restart/shutdown computer COMPAQ failed

Log: 'System' Date/Time: 02/06/2019 10:47:34 PM
Type: Warning Category: 0
Event: 17 Source: Microsoft-Windows-WHEA-Logger
A corrected hardware error has occurred. Component: PCI Express Endpoint Error Source: Advanced Error Reporting (PCI Express) Bus:Device:Function: 0x1:0x0:0x0 Vendor ID:Device ID: 0x10ec:0x8168 Class Code: 0x10000 The details view of this entry contains further information.

Log: 'System' Date/Time: 02/06/2019 2:51:54 PM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR5 during a paging operation.

Log: 'System' Date/Time: 02/06/2019 4:36:36 AM
Type: Warning Category: 0
Event: 130 Source: Ntfs
The file system structure on volume G: has now been repaired.

Log: 'System' Date/Time: 02/06/2019 12:47:11 AM
Type: Warning Category: 0
Event: 17 Source: Microsoft-Windows-WHEA-Logger
A corrected hardware error has occurred. Component: PCI Express Endpoint Error Source: Advanced Error Reporting (PCI Express) Bus:Device:Function: 0x1:0x0:0x0 Vendor ID:Device ID: 0x10ec:0x8168 Class Code: 0x10000 The details view of this entry contains further information.

Log: 'System' Date/Time: 01/06/2019 10:57:28 PM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR5 during a paging operation.

Log: 'System' Date/Time: 01/06/2019 9:26:06 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name teredo.ipv6.microsoft.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 01/06/2019 9:26:01 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name ipv6.msftncsi.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 01/06/2019 9:25:22 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.hsd1.md.comcast.net timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 01/06/2019 9:25:19 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.hsd1.md.comcast.net timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 01/06/2019 9:25:10 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.hsd1.md.comcast.net timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 01/06/2019 9:25:06 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name www.msftconnecttest.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 01/06/2019 9:24:48 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.hsd1.md.comcast.net timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 01/06/2019 2:08:27 PM
Type: Warning Category: 0
Event: 17 Source: Microsoft-Windows-WHEA-Logger
A corrected hardware error has occurred. Component: PCI Express Root Port Error Source: Advanced Error Reporting (PCI Express) Bus:Device:Function: 0x0:0x1c:0x0 Vendor ID:Device ID: 0x8086:0xa114 Class Code: 0x30400 The details view of this entry contains further information.

Log: 'System' Date/Time: 01/06/2019 9:59:27 AM
Type: Warning Category: 0
Event: 17 Source: Microsoft-Windows-WHEA-Logger
A corrected hardware error has occurred. Component: PCI Express Endpoint Error Source: Advanced Error Reporting (PCI Express) Bus:Device:Function: 0x1:0x0:0x0 Vendor ID:Device ID: 0x10ec:0x8168 Class Code: 0x10000 The details view of this entry contains further information.

Log: 'System' Date/Time: 01/06/2019 7:02:19 AM
Type: Warning Category: 0
Event: 17 Source: Microsoft-Windows-WHEA-Logger
A corrected hardware error has occurred. Component: PCI Express Root Port Error Source: Advanced Error Reporting (PCI Express) Bus:Device:Function: 0x0:0x1c:0x0 Vendor ID:Device ID: 0x8086:0xa114 Class Code: 0x30400 The details view of this entry contains further information.

Log: 'System' Date/Time: 01/06/2019 2:05:00 AM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR3 during a paging operation.

Log: 'System' Date/Time: 01/06/2019 2:04:56 AM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR3 during a paging operation.

Log: 'System' Date/Time: 01/06/2019 2:04:52 AM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR3 during a paging operation.

========== Vino's Event Viewer 'Application' Log 03/06/2019 11:59:59 AM =====================

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 03/06/2019 11:59:59 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 03/06/2019 1:28:45 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 31/05/2019 8:41:00 PM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program explorer.exe version 6.1.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: e0c Start Time: 01d517ef83677629 Termination Time: 60000 Application Path: C:\Windows\explorer.exe Report Id:

Log: 'Application' Date/Time: 31/05/2019 8:40:16 PM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program WINWORD.EXE version 12.0.4518.1014 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 53c Start Time: 01d517f0e1f102a9 Termination Time: 10 Application Path: C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE Report Id:

Log: 'Application' Date/Time: 31/05/2019 8:29:14 PM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program Explorer.EXE version 6.1.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: bb4 Start Time: 01d517eed9a2a562 Termination Time: 0 Application Path: C:\Windows\Explorer.EXE Report Id:

Log: 'Application' Date/Time: 31/05/2019 8:25:25 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 31/05/2019 7:55:42 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 31/05/2019 7:45:23 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 30/05/2019 7:56:09 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 03/06/2019 1:27:20 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   3 user registry handles leaked from \Registry\User\S-1-5-21-956995889-4081865807-2724082783-1000_Classes:
Process 1256 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES
Process 8720 (\Device\HarddiskVolume3\Program Files\Synaptics\SynTP\SynTPEnh.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES
Process 8720 (\Device\HarddiskVolume3\Program Files\Synaptics\SynTP\SynTPEnh.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES

Log: 'Application' Date/Time: 03/06/2019 1:27:19 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   19 user registry handles leaked from \Registry\User\S-1-5-21-956995889-4081865807-2724082783-1000:
Process 1256 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000
Process 1256 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000
Process 1256 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000
Process 1256 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000
Process 1256 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000
Process 5912 (\Device\HarddiskVolume3\Program Files\Synaptics\SynTP\SynTPEnh.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000
Process 1256 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Policies\Microsoft\SystemCertificates
Process 1256 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Policies\Microsoft\SystemCertificates
Process 1256 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\SystemCertificates\CA
Process 5912 (\Device\HarddiskVolume3\Program Files\Synaptics\SynTP\SynTPEnh.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Synaptics\SynTPEnh
Process 1256 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
Process 1256 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1256 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1256 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\SystemCertificates\Root
Process 1256 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy
Process 1256 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\SystemCertificates\trust
Process 1256 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl
Process 5912 (\Device\HarddiskVolume3\Program Files\Synaptics\SynTP\SynTPEnh.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 1256 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\SystemCertificates\SmartCardRoot

Log: 'Application' Date/Time: 03/06/2019 7:38:38 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <file:G:/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
   A server error occurred. Check that the server is available. (HRESULT : 0x80041206) (0x80041206)

Log: 'Application' Date/Time: 02/06/2019 7:38:30 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <file:G:/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
   A server error occurred. Check that the server is available. (HRESULT : 0x80041206) (0x80041206)

Log: 'Application' Date/Time: 02/06/2019 4:38:29 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <file:G:/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
   A server error occurred. Check that the server is available. (HRESULT : 0x80041206) (0x80041206)

Log: 'Application' Date/Time: 02/06/2019 3:38:30 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <file:G:/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
   A server error occurred. Check that the server is available. (HRESULT : 0x80041206) (0x80041206)

Log: 'Application' Date/Time: 02/06/2019 3:36:30 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <file:G:/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
   A server error occurred. Check that the server is available. (HRESULT : 0x80041206) (0x80041206)

Log: 'Application' Date/Time: 31/05/2019 7:20:59 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   16 user registry handles leaked from \Registry\User\S-1-5-21-956995889-4081865807-2724082783-1000_Classes:
Process 3928 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES
Process 3928 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES
Process 1300 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES
Process 3928 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell
Process 3928 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell
Process 3928 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell
Process 3928 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell
Process 3928 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\Shell
Process 3928 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\829\Shell\{B3690E58-E961-423B-B687-386EBFD83239}
Process 3928 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\829\Shell\{B3690E58-E961-423B-B687-386EBFD83239}
Process 3928 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\829\Shell\{B3690E58-E961-423B-B687-386EBFD83239}
Process 3928 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell
Process 3928 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Process 3928 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Process 3928 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\829\Shell
Process 3928 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache

Log: 'Application' Date/Time: 31/05/2019 7:20:59 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   45 user registry handles leaked from \Registry\User\S-1-5-21-956995889-4081865807-2724082783-1000:
Process 3928 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000
Process 1300 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000
Process 1300 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000
Process 1300 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000
Process 1300 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000
Process 1300 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000
Process 1300 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000
Process 1300 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000
Process 1300 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Policies\Microsoft\SystemCertificates
Process 1300 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Policies\Microsoft\SystemCertificates
Process 1300 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Policies\Microsoft\SystemCertificates
Process 1300 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Policies\Microsoft\SystemCertificates
Process 1300 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\SystemCertificates\CA
Process 3928 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Direct3D
Process 1300 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1300 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
Process 3928 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
Process 1300 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software
Process 3928 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software
Process 3928 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}
Process 3928 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch
Process 3928 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AA58ED58-01DD-4D91-8333-CF10577473F7}
Process 3928 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
Process 1300 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 1300 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
Process 3928 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
Process 1300 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 3928 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1300 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\SystemCertificates\Root
Process 1300 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy
Process 3928 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Windows\Shell\Bags\1\Desktop
Process 1300 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\SystemCertificates\trust
Process 3928 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl
Process 3928 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 3928 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 1300 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 3928 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}
Process 3928 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Windows NT\CurrentVersion
Process 3928 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Windows\Shell
Process 3928 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Process 3928 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count
Process 3928 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Process 1300 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Policies
Process 3928 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Policies
Process 1300 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\SystemCertificates\My

Log: 'Application' Date/Time: 30/05/2019 5:01:26 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   2 user registry handles leaked from \Registry\User\S-1-5-21-956995889-4081865807-2724082783-1000_Classes:
Process 1448 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES
Process 7368 (\Device\HarddiskVolume3\Windows\System32\rundll32.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES

Log: 'Application' Date/Time: 30/05/2019 5:01:25 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   14 user registry handles leaked from \Registry\User\S-1-5-21-956995889-4081865807-2724082783-1000:
Process 1448 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000
Process 1448 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000
Process 1448 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000
Process 1448 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000
Process 7368 (\Device\HarddiskVolume3\Windows\System32\rundll32.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000
Process 1448 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
Process 1448 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software
Process 1448 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Internet Explorer\Main
Process 1448 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
Process 1448 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1448 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy
Process 1564 (\Device\HarddiskVolume3\Windows\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Acro Software Inc\CPW
Process 1564 (\Device\HarddiskVolume3\Windows\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Acro Software Inc\CPW
Process 1448 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Policies

=================================================================================

I see that the reports indicate errors...

The Hard Disk Sentinel, which apparently activates on startup, reported that the C:\ drive is OK and its estimated remaining lifetime is "more than 751 days". To me, such a prediction has as much meaning as "49% chance of rain". Are you familiar with this program? Should it be believed?

The other problem will be posted separately.