Vino's Event Viewer v01c run on Windows 2008 in English Report run at 05/02/2015 9:51:01 AM Note: All dates below are in the format dd/mm/yyyy ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 'Application' Log - Critical Type ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 'Application' Log - Error Type ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Log: 'Application' Date/Time: 05/02/2015 2:48:57 PM Type: Error Category: 100 Event: 1000 Source: Application Error Faulting application name: procexp64.exe, version: 16.4.0.0, time stamp: 0x5404afa3 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x000000000007000a Faulting process id: 0x9c0 Faulting application start time: 0x01d04152dcdd3b70 Faulting application path: C:\Users\BPV\AppData\Local\Temp\procexp64.exe Faulting module path: unknown Report Id: 1c44f9f6-ad46-11e4-b444-485b3981ae02 Log: 'Application' Date/Time: 05/02/2015 2:48:41 PM Type: Error Category: 100 Event: 1000 Source: Application Error Faulting application name: procexp64.exe, version: 16.4.0.0, time stamp: 0x5404afa3 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x000000000007000a Faulting process id: 0x10e8 Faulting application start time: 0x01d04152d26eca96 Faulting application path: C:\Users\BPV\AppData\Local\Temp\procexp64.exe Faulting module path: unknown Report Id: 1315c488-ad46-11e4-b444-485b3981ae02 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 'Application' Log - Warning Type ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Log: 'Application' Date/Time: 05/02/2015 5:34:48 AM Type: Warning Category: 0 Event: 1530 Source: Microsoft-Windows-User Profiles Service Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-3700817450-263443993-1340972289-1001: Process 1508 (\Device\HarddiskVolume2\Windows\SysWOW64\Fast Boot\FastBootAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001 Process 1508 (\Device\HarddiskVolume2\Windows\SysWOW64\Fast Boot\FastBootAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001 Log: 'Application' Date/Time: 05/02/2015 5:19:24 AM Type: Warning Category: 3 Event: 10023 Source: Microsoft-Windows-Search The protocol host process 7200 did not respond and is being forcibly terminated {filter host process 4168}. Log: 'Application' Date/Time: 05/02/2015 4:55:04 AM Type: Warning Category: 0 Event: 1530 Source: Microsoft-Windows-User Profiles Service Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 6 user registry handles leaked from \Registry\User\S-1-5-21-3700817450-263443993-1340972289-1001: Process 544 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001 Process 544 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001 Process 1752 (\Device\HarddiskVolume2\Windows\SysWOW64\Fast Boot\FastBootAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001 Process 544 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\My Process 544 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\CA Process 544 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\Disallowed