Vino's Event Viewer v01c run on Windows 2008 in English Report run at 05/02/2015 10:36:55 AM Note: All dates below are in the format dd/mm/yyyy ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 'Application' Log - Critical Type ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 'Application' Log - Error Type ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Log: 'Application' Date/Time: 05/02/2015 3:36:06 PM Type: Error Category: 100 Event: 1000 Source: Application Error Faulting application name: procexp64.exe, version: 16.4.0.0, time stamp: 0x5404afa3 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x0000000077b1000a Faulting process id: 0xdc Faulting application start time: 0x01d0415973e3a5df Faulting application path: C:\Users\BPV\AppData\Local\Temp\procexp64.exe Faulting module path: unknown Report Id: b2f4deb1-ad4c-11e4-b063-485b3981ae02 Log: 'Application' Date/Time: 05/02/2015 3:35:52 PM Type: Error Category: 100 Event: 1000 Source: Application Error Faulting application name: procexp64.exe, version: 16.4.0.0, time stamp: 0x5404afa3 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x0000000077b1000a Faulting process id: 0x170c Faulting application start time: 0x01d041596a74ce73 Faulting application path: C:\Users\BPV\AppData\Local\Temp\procexp64.exe Faulting module path: unknown Report Id: aa4f4da8-ad4c-11e4-b063-485b3981ae02 Log: 'Application' Date/Time: 05/02/2015 3:33:29 PM Type: Error Category: 100 Event: 1000 Source: Application Error Faulting application name: procexp64.exe, version: 16.4.0.0, time stamp: 0x5404afa3 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x0000000077b1000a Faulting process id: 0x1724 Faulting application start time: 0x01d04159161cbf47 Faulting application path: C:\Users\BPV\AppData\Local\Temp\procexp64.exe Faulting module path: unknown Report Id: 553ca0d2-ad4c-11e4-b063-485b3981ae02 Log: 'Application' Date/Time: 05/02/2015 3:32:25 PM Type: Error Category: 100 Event: 1000 Source: Application Error Faulting application name: procexp64.exe, version: 16.4.0.0, time stamp: 0x5404afa3 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x000000000007000a Faulting process id: 0x1030 Faulting application start time: 0x01d04158ed4b24d4 Faulting application path: C:\Users\BPV\AppData\Local\Temp\procexp64.exe Faulting module path: unknown Report Id: 2f1892ad-ad4c-11e4-b063-485b3981ae02 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 'Application' Log - Warning Type ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Log: 'Application' Date/Time: 05/02/2015 3:26:46 PM Type: Warning Category: 0 Event: 1530 Source: Microsoft-Windows-User Profiles Service Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 6 user registry handles leaked from \Registry\User\S-1-5-21-3700817450-263443993-1340972289-1001: Process 596 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001 Process 596 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001 Process 1924 (\Device\HarddiskVolume2\Windows\SysWOW64\Fast Boot\FastBootAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001 Process 596 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\My Process 596 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\CA Process 596 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3700817450-263443993-1340972289-1001\Software\Microsoft\SystemCertificates\Disallowed