Crashed again after disabling Trace Disk IO Calls...
COM Error crashes computer when trying to email
Started by
shorthaul99
, Oct 31 2017 04:21 PM
#62
Posted 13 December 2017 - 05:02 AM
RKinner
-
- Expert
-
- 24,748 posts
Malware Expert
Did it leave you any files on the desktop? It usually creates a log file and also a copy of the mbr.
It's possible that Kaspersky doesn't like it and is killing it since the last line said it was checking a Kaspersky file. Not sure I've ever run it on a Kaspersky protected system.
Usually it only crashes in both modes when there is something wrong with the file structure. It might be worth running a disk check to make sure there is nothing wrong there:
1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check.
Reboot and the disk check should start. It takes several hours depending on the size of the disk and the speed of the CPU so you might want to run it at night.
I usually follow up with
sfc /scannow
in case it removes a bad sector during the check:
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).
sfc /scannow
(SPACE after sfc. This will check your critical system files. Does this finish without complaint? IF it says it couldn't fix everything then:
Copy the next two lines:
findstr /c:"[SR]" \windows\logs\cbs\cbs.log > %UserProfile%\desktop\junk.txt
notepad %UserProfile%\desktop\junk.txt
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter if notepad does not open. Copy and paste the text from notepad into a reply.
Then I run VEW to make sure there are no new errors.
Have we run Rogue Killer?
Let's run Rogue Killer
http://www.adlice.co...iller/#download
Portable 32 bits
Portable 64 bits
Download and Save.
Right click on the downloaded file (RogueKillerX64.exe or RogueKiller.exe) and Run As admin
Start Scan
Start Scan
Will take about 20 minutes to complete.
Open Report
Export TXT (save it to your desktop as rk) Save
Do not let Rogue Killer remove anything until you hear from me. Leave Rogue Killer up (but minimized) so you won't have to rescan.
Open rk.txt and copy and paste it to your next Reply.
#63
Posted 13 December 2017 - 06:43 PM
shorthaul99
- Topic Starter
-
- Member
-
- 133 posts
Member
ASWMBR did not leave any logs or files that I could retrieve. Also, CHKDSK didn't not come back with any kind of log or errors.
Here is scannow log:
2017-12-13 18:34:24, Info CSI 00000009 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:24, Info CSI 0000000a [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:24, Info CSI 0000000c [SR] Verify complete
2017-12-13 18:34:24, Info CSI 0000000d [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:24, Info CSI 0000000e [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:24, Info CSI 00000010 [SR] Verify complete
2017-12-13 18:34:25, Info CSI 00000011 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:25, Info CSI 00000012 [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:25, Info CSI 00000014 [SR] Verify complete
2017-12-13 18:34:25, Info CSI 00000015 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:25, Info CSI 00000016 [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:25, Info CSI 00000018 [SR] Verify complete
2017-12-13 18:34:25, Info CSI 00000019 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:25, Info CSI 0000001a [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:26, Info CSI 0000001c [SR] Verify complete
2017-12-13 18:34:26, Info CSI 0000001d [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:26, Info CSI 0000001e [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:26, Info CSI 00000020 [SR] Verify complete
2017-12-13 18:34:26, Info CSI 00000021 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:26, Info CSI 00000022 [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:27, Info CSI 00000024 [SR] Verify complete
2017-12-13 18:34:27, Info CSI 00000025 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:27, Info CSI 00000026 [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:27, Info CSI 00000028 [SR] Verify complete
2017-12-13 18:34:27, Info CSI 00000029 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:27, Info CSI 0000002a [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:27, Info CSI 0000002c [SR] Verify complete
2017-12-13 18:34:28, Info CSI 0000002d [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:28, Info CSI 0000002e [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:28, Info CSI 00000030 [SR] Verify complete
2017-12-13 18:34:28, Info CSI 00000031 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:28, Info CSI 00000032 [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:28, Info CSI 00000034 [SR] Verify complete
2017-12-13 18:34:28, Info CSI 00000035 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:28, Info CSI 00000036 [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:29, Info CSI 00000038 [SR] Verify complete
2017-12-13 18:34:29, Info CSI 00000039 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:29, Info CSI 0000003a [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:29, Info CSI 0000003c [SR] Verify complete
2017-12-13 18:34:29, Info CSI 0000003d [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:29, Info CSI 0000003e [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:30, Info CSI 00000040 [SR] Verify complete
2017-12-13 18:34:30, Info CSI 00000041 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:30, Info CSI 00000042 [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:30, Info CSI 00000044 [SR] Verify complete
2017-12-13 18:34:30, Info CSI 00000045 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:30, Info CSI 00000046 [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:30, Info CSI 00000048 [SR] Verify complete
2017-12-13 18:34:31, Info CSI 00000049 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:31, Info CSI 0000004a [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:31, Info CSI 0000004c [SR] Verify complete
2017-12-13 18:34:31, Info CSI 0000004d [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:31, Info CSI 0000004e [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:31, Info CSI 00000050 [SR] Verify complete
2017-12-13 18:34:31, Info CSI 00000051 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:31, Info CSI 00000052 [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:32, Info CSI 00000054 [SR] Verify complete
2017-12-13 18:34:32, Info CSI 00000055 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:32, Info CSI 00000056 [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:32, Info CSI 00000058 [SR] Verify complete
2017-12-13 18:34:32, Info CSI 00000059 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:32, Info CSI 0000005a [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:33, Info CSI 0000005c [SR] Verify complete
2017-12-13 18:34:33, Info CSI 0000005d [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:33, Info CSI 0000005e [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:34, Info CSI 00000060 [SR] Verify complete
2017-12-13 18:34:34, Info CSI 00000061 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:34, Info CSI 00000062 [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:34, Info CSI 00000064 [SR] Verify complete
2017-12-13 18:34:35, Info CSI 00000065 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:35, Info CSI 00000066 [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:35, Info CSI 00000068 [SR] Verify complete
2017-12-13 18:34:35, Info CSI 00000069 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:35, Info CSI 0000006a [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:36, Info CSI 0000006c [SR] Verify complete
2017-12-13 18:34:36, Info CSI 0000006d [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:36, Info CSI 0000006e [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:37, Info CSI 00000070 [SR] Verify complete
2017-12-13 18:34:37, Info CSI 00000071 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:37, Info CSI 00000072 [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:37, Info CSI 00000074 [SR] Verify complete
2017-12-13 18:34:37, Info CSI 00000075 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:37, Info CSI 00000076 [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:38, Info CSI 00000078 [SR] Verify complete
2017-12-13 18:34:38, Info CSI 00000079 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:38, Info CSI 0000007a [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:38, Info CSI 0000007c [SR] Verify complete
2017-12-13 18:34:38, Info CSI 0000007d [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:38, Info CSI 0000007e [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:39, Info CSI 00000080 [SR] Verify complete
2017-12-13 18:34:39, Info CSI 00000081 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:39, Info CSI 00000082 [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:39, Info CSI 00000084 [SR] Verify complete
2017-12-13 18:34:39, Info CSI 00000085 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:39, Info CSI 00000086 [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:40, Info CSI 00000088 [SR] Verify complete
2017-12-13 18:34:40, Info CSI 00000089 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:40, Info CSI 0000008a [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:42, Info CSI 0000008c [SR] Verify complete
2017-12-13 18:34:42, Info CSI 0000008d [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:42, Info CSI 0000008e [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:43, Info CSI 00000090 [SR] Verify complete
2017-12-13 18:34:43, Info CSI 00000091 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:43, Info CSI 00000092 [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:44, Info CSI 00000094 [SR] Verify complete
2017-12-13 18:34:44, Info CSI 00000095 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:44, Info CSI 00000096 [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:45, Info CSI 0000009a [SR] Verify complete
2017-12-13 18:34:46, Info CSI 0000009b [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:46, Info CSI 0000009c [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:48, Info CSI 000000a1 [SR] Verify complete
2017-12-13 18:34:48, Info CSI 000000a2 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:48, Info CSI 000000a3 [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:49, Info CSI 000000a5 [SR] Verify complete
2017-12-13 18:34:50, Info CSI 000000a6 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:50, Info CSI 000000a7 [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:51, Info CSI 000000aa [SR] Verify complete
2017-12-13 18:34:51, Info CSI 000000ab [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:51, Info CSI 000000ac [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:53, Info CSI 000000ae [SR] Verify complete
2017-12-13 18:34:53, Info CSI 000000af [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:53, Info CSI 000000b0 [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:56, Info CSI 000000d2 [SR] Verify complete
2017-12-13 18:34:56, Info CSI 000000d3 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:56, Info CSI 000000d4 [SR] Beginning Verify and Repair transaction
2017-12-13 18:34:57, Info CSI 000000d9 [SR] Verify complete
2017-12-13 18:34:57, Info CSI 000000da [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:34:57, Info CSI 000000db [SR] Beginning Verify and Repair transaction
2017-12-13 18:35:00, Info CSI 000000dd [SR] Verify complete
2017-12-13 18:35:00, Info CSI 000000de [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:35:00, Info CSI 000000df [SR] Beginning Verify and Repair transaction
2017-12-13 18:35:01, Info CSI 000000e1 [SR] Verify complete
2017-12-13 18:35:01, Info CSI 000000e2 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:35:01, Info CSI 000000e3 [SR] Beginning Verify and Repair transaction
2017-12-13 18:35:03, Info CSI 000000e5 [SR] Verify complete
2017-12-13 18:35:03, Info CSI 000000e6 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:35:03, Info CSI 000000e7 [SR] Beginning Verify and Repair transaction
2017-12-13 18:35:04, Info CSI 000000e9 [SR] Verify complete
2017-12-13 18:35:05, Info CSI 000000ea [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:35:05, Info CSI 000000eb [SR] Beginning Verify and Repair transaction
2017-12-13 18:35:07, Info CSI 000000ed [SR] Verify complete
2017-12-13 18:35:07, Info CSI 000000ee [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:35:07, Info CSI 000000ef [SR] Beginning Verify and Repair transaction
2017-12-13 18:35:09, Info CSI 00000112 [SR] Verify complete
2017-12-13 18:35:09, Info CSI 00000113 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:35:09, Info CSI 00000114 [SR] Beginning Verify and Repair transaction
2017-12-13 18:35:12, Info CSI 00000116 [SR] Verify complete
2017-12-13 18:35:12, Info CSI 00000117 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:35:12, Info CSI 00000118 [SR] Beginning Verify and Repair transaction
2017-12-13 18:35:16, Info CSI 0000011a [SR] Verify complete
2017-12-13 18:35:16, Info CSI 0000011b [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:35:16, Info CSI 0000011c [SR] Beginning Verify and Repair transaction
2017-12-13 18:35:19, Info CSI 00000120 [SR] Verify complete
2017-12-13 18:35:19, Info CSI 00000121 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:35:19, Info CSI 00000122 [SR] Beginning Verify and Repair transaction
2017-12-13 18:35:20, Info CSI 00000124 [SR] Verify complete
2017-12-13 18:35:20, Info CSI 00000125 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:35:20, Info CSI 00000126 [SR] Beginning Verify and Repair transaction
2017-12-13 18:35:21, Info CSI 00000128 [SR] Verify complete
2017-12-13 18:35:21, Info CSI 00000129 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:35:21, Info CSI 0000012a [SR] Beginning Verify and Repair transaction
2017-12-13 18:35:22, Info CSI 0000012c [SR] Verify complete
2017-12-13 18:35:22, Info CSI 0000012d [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:35:22, Info CSI 0000012e [SR] Beginning Verify and Repair transaction
2017-12-13 18:35:25, Info CSI 0000013e [SR] Verify complete
2017-12-13 18:35:25, Info CSI 0000013f [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:35:25, Info CSI 00000140 [SR] Beginning Verify and Repair transaction
2017-12-13 18:35:27, Info CSI 00000145 [SR] Verify complete
2017-12-13 18:35:27, Info CSI 00000146 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:35:27, Info CSI 00000147 [SR] Beginning Verify and Repair transaction
2017-12-13 18:35:28, Info CSI 00000149 [SR] Verify complete
2017-12-13 18:35:28, Info CSI 0000014a [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:35:28, Info CSI 0000014b [SR] Beginning Verify and Repair transaction
2017-12-13 18:35:30, Info CSI 0000014d [SR] Verify complete
2017-12-13 18:35:30, Info CSI 0000014e [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:35:30, Info CSI 0000014f [SR] Beginning Verify and Repair transaction
2017-12-13 18:35:31, Info CSI 00000151 [SR] Verify complete
2017-12-13 18:35:31, Info CSI 00000152 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:35:31, Info CSI 00000153 [SR] Beginning Verify and Repair transaction
2017-12-13 18:35:34, Info CSI 00000156 [SR] Verify complete
2017-12-13 18:35:34, Info CSI 00000157 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:35:34, Info CSI 00000158 [SR] Beginning Verify and Repair transaction
2017-12-13 18:35:36, Info CSI 0000015b [SR] Verify complete
2017-12-13 18:35:36, Info CSI 0000015c [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:35:36, Info CSI 0000015d [SR] Beginning Verify and Repair transaction
2017-12-13 18:35:37, Info CSI 0000015f [SR] Verify complete
2017-12-13 18:35:38, Info CSI 00000160 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:35:38, Info CSI 00000161 [SR] Beginning Verify and Repair transaction
2017-12-13 18:35:38, Info CSI 00000163 [SR] Verify complete
2017-12-13 18:35:39, Info CSI 00000164 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:35:39, Info CSI 00000165 [SR] Beginning Verify and Repair transaction
2017-12-13 18:35:41, Info CSI 00000167 [SR] Verify complete
2017-12-13 18:35:41, Info CSI 00000168 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:35:41, Info CSI 00000169 [SR] Beginning Verify and Repair transaction
2017-12-13 18:35:43, Info CSI 0000016b [SR] Verify complete
2017-12-13 18:35:43, Info CSI 0000016c [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:35:43, Info CSI 0000016d [SR] Beginning Verify and Repair transaction
2017-12-13 18:35:46, Info CSI 0000016f [SR] Verify complete
2017-12-13 18:35:46, Info CSI 00000170 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:35:46, Info CSI 00000171 [SR] Beginning Verify and Repair transaction
2017-12-13 18:35:50, Info CSI 00000189 [SR] Verify complete
2017-12-13 18:35:50, Info CSI 0000018a [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:35:50, Info CSI 0000018b [SR] Beginning Verify and Repair transaction
2017-12-13 18:35:52, Info CSI 0000018d [SR] Verify complete
2017-12-13 18:35:52, Info CSI 0000018e [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:35:52, Info CSI 0000018f [SR] Beginning Verify and Repair transaction
2017-12-13 18:35:57, Info CSI 00000191 [SR] Verify complete
2017-12-13 18:35:57, Info CSI 00000192 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:35:57, Info CSI 00000193 [SR] Beginning Verify and Repair transaction
2017-12-13 18:36:01, Info CSI 00000196 [SR] Verify complete
2017-12-13 18:36:01, Info CSI 00000197 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:36:01, Info CSI 00000198 [SR] Beginning Verify and Repair transaction
2017-12-13 18:36:03, Info CSI 0000019a [SR] Verify complete
2017-12-13 18:36:03, Info CSI 0000019b [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:36:03, Info CSI 0000019c [SR] Beginning Verify and Repair transaction
2017-12-13 18:36:05, Info CSI 0000019e [SR] Verify complete
2017-12-13 18:36:05, Info CSI 0000019f [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:36:05, Info CSI 000001a0 [SR] Beginning Verify and Repair transaction
2017-12-13 18:36:07, Info CSI 000001a2 [SR] Verify complete
2017-12-13 18:36:07, Info CSI 000001a3 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:36:07, Info CSI 000001a4 [SR] Beginning Verify and Repair transaction
2017-12-13 18:36:09, Info CSI 000001a6 [SR] Verify complete
2017-12-13 18:36:09, Info CSI 000001a7 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:36:09, Info CSI 000001a8 [SR] Beginning Verify and Repair transaction
2017-12-13 18:36:10, Info CSI 000001ac [SR] Verify complete
2017-12-13 18:36:11, Info CSI 000001ad [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:36:11, Info CSI 000001ae [SR] Beginning Verify and Repair transaction
2017-12-13 18:36:12, Info CSI 000001b0 [SR] Verify complete
2017-12-13 18:36:12, Info CSI 000001b1 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:36:12, Info CSI 000001b2 [SR] Beginning Verify and Repair transaction
2017-12-13 18:36:17, Info CSI 000001b4 [SR] Verify complete
2017-12-13 18:36:17, Info CSI 000001b5 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:36:17, Info CSI 000001b6 [SR] Beginning Verify and Repair transaction
2017-12-13 18:36:20, Info CSI 000001b9 [SR] Verify complete
2017-12-13 18:36:20, Info CSI 000001ba [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:36:20, Info CSI 000001bb [SR] Beginning Verify and Repair transaction
2017-12-13 18:36:21, Info CSI 000001be [SR] Verify complete
2017-12-13 18:36:21, Info CSI 000001bf [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:36:21, Info CSI 000001c0 [SR] Beginning Verify and Repair transaction
2017-12-13 18:36:23, Info CSI 000001c2 [SR] Verify complete
2017-12-13 18:36:23, Info CSI 000001c3 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:36:23, Info CSI 000001c4 [SR] Beginning Verify and Repair transaction
2017-12-13 18:36:26, Info CSI 000001c7 [SR] Verify complete
2017-12-13 18:36:26, Info CSI 000001c8 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:36:26, Info CSI 000001c9 [SR] Beginning Verify and Repair transaction
2017-12-13 18:36:28, Info CSI 000001cb [SR] Verify complete
2017-12-13 18:36:28, Info CSI 000001cc [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:36:28, Info CSI 000001cd [SR] Beginning Verify and Repair transaction
2017-12-13 18:36:30, Info CSI 000001cf [SR] Verify complete
2017-12-13 18:36:30, Info CSI 000001d0 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:36:30, Info CSI 000001d1 [SR] Beginning Verify and Repair transaction
2017-12-13 18:36:32, Info CSI 000001d3 [SR] Verify complete
2017-12-13 18:36:32, Info CSI 000001d4 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:36:32, Info CSI 000001d5 [SR] Beginning Verify and Repair transaction
2017-12-13 18:36:33, Info CSI 000001d8 [SR] Verify complete
2017-12-13 18:36:34, Info CSI 000001d9 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:36:34, Info CSI 000001da [SR] Beginning Verify and Repair transaction
2017-12-13 18:36:35, Info CSI 000001dc [SR] Verify complete
2017-12-13 18:36:35, Info CSI 000001dd [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:36:35, Info CSI 000001de [SR] Beginning Verify and Repair transaction
2017-12-13 18:36:37, Info CSI 000001e0 [SR] Verify complete
2017-12-13 18:36:37, Info CSI 000001e1 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:36:37, Info CSI 000001e2 [SR] Beginning Verify and Repair transaction
2017-12-13 18:36:39, Info CSI 000001e5 [SR] Verify complete
2017-12-13 18:36:39, Info CSI 000001e6 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:36:39, Info CSI 000001e7 [SR] Beginning Verify and Repair transaction
2017-12-13 18:36:41, Info CSI 000001e9 [SR] Verify complete
2017-12-13 18:36:41, Info CSI 000001ea [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:36:41, Info CSI 000001eb [SR] Beginning Verify and Repair transaction
2017-12-13 18:36:42, Info CSI 000001ef [SR] Verify complete
2017-12-13 18:36:43, Info CSI 000001f0 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:36:43, Info CSI 000001f1 [SR] Beginning Verify and Repair transaction
2017-12-13 18:36:45, Info CSI 000001f3 [SR] Verify complete
2017-12-13 18:36:45, Info CSI 000001f4 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:36:45, Info CSI 000001f5 [SR] Beginning Verify and Repair transaction
2017-12-13 18:36:47, Info CSI 000001f8 [SR] Verify complete
2017-12-13 18:36:47, Info CSI 000001f9 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:36:47, Info CSI 000001fa [SR] Beginning Verify and Repair transaction
2017-12-13 18:36:49, Info CSI 000001fc [SR] Verify complete
2017-12-13 18:36:49, Info CSI 000001fd [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:36:49, Info CSI 000001fe [SR] Beginning Verify and Repair transaction
2017-12-13 18:36:50, Info CSI 00000200 [SR] Verify complete
2017-12-13 18:36:50, Info CSI 00000201 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:36:50, Info CSI 00000202 [SR] Beginning Verify and Repair transaction
2017-12-13 18:36:51, Info CSI 00000204 [SR] Verify complete
2017-12-13 18:36:51, Info CSI 00000205 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:36:51, Info CSI 00000206 [SR] Beginning Verify and Repair transaction
2017-12-13 18:36:53, Info CSI 00000208 [SR] Verify complete
2017-12-13 18:36:53, Info CSI 00000209 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:36:53, Info CSI 0000020a [SR] Beginning Verify and Repair transaction
2017-12-13 18:36:55, Info CSI 0000020c [SR] Verify complete
2017-12-13 18:36:55, Info CSI 0000020d [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:36:55, Info CSI 0000020e [SR] Beginning Verify and Repair transaction
2017-12-13 18:36:57, Info CSI 00000210 [SR] Verify complete
2017-12-13 18:36:57, Info CSI 00000211 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:36:57, Info CSI 00000212 [SR] Beginning Verify and Repair transaction
2017-12-13 18:36:58, Info CSI 00000214 [SR] Verify complete
2017-12-13 18:36:58, Info CSI 00000215 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:36:58, Info CSI 00000216 [SR] Beginning Verify and Repair transaction
2017-12-13 18:37:02, Info CSI 00000218 [SR] Verify complete
2017-12-13 18:37:02, Info CSI 00000219 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:37:02, Info CSI 0000021a [SR] Beginning Verify and Repair transaction
2017-12-13 18:37:11, Info CSI 0000021c [SR] Verify complete
2017-12-13 18:37:11, Info CSI 0000021d [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:37:11, Info CSI 0000021e [SR] Beginning Verify and Repair transaction
2017-12-13 18:37:14, Info CSI 00000220 [SR] Verify complete
2017-12-13 18:37:14, Info CSI 00000221 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:37:14, Info CSI 00000222 [SR] Beginning Verify and Repair transaction
2017-12-13 18:37:17, Info CSI 00000224 [SR] Verify complete
2017-12-13 18:37:17, Info CSI 00000225 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:37:17, Info CSI 00000226 [SR] Beginning Verify and Repair transaction
2017-12-13 18:37:18, Info CSI 00000228 [SR] Verify complete
2017-12-13 18:37:19, Info CSI 00000229 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:37:19, Info CSI 0000022a [SR] Beginning Verify and Repair transaction
2017-12-13 18:37:20, Info CSI 0000022c [SR] Verify complete
2017-12-13 18:37:20, Info CSI 0000022d [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:37:20, Info CSI 0000022e [SR] Beginning Verify and Repair transaction
2017-12-13 18:37:21, Info CSI 00000230 [SR] Verify complete
2017-12-13 18:37:21, Info CSI 00000231 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:37:21, Info CSI 00000232 [SR] Beginning Verify and Repair transaction
2017-12-13 18:37:23, Info CSI 00000234 [SR] Verify complete
2017-12-13 18:37:23, Info CSI 00000235 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:37:23, Info CSI 00000236 [SR] Beginning Verify and Repair transaction
2017-12-13 18:37:24, Info CSI 00000238 [SR] Verify complete
2017-12-13 18:37:24, Info CSI 00000239 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:37:24, Info CSI 0000023a [SR] Beginning Verify and Repair transaction
2017-12-13 18:37:24, Info CSI 0000023c [SR] Verify complete
2017-12-13 18:37:24, Info CSI 0000023d [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:37:24, Info CSI 0000023e [SR] Beginning Verify and Repair transaction
2017-12-13 18:37:27, Info CSI 00000246 [SR] Verify complete
2017-12-13 18:37:27, Info CSI 00000247 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:37:27, Info CSI 00000248 [SR] Beginning Verify and Repair transaction
2017-12-13 18:37:28, Info CSI 0000024a [SR] Verify complete
2017-12-13 18:37:28, Info CSI 0000024b [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:37:28, Info CSI 0000024c [SR] Beginning Verify and Repair transaction
2017-12-13 18:37:29, Info CSI 0000024e [SR] Verify complete
2017-12-13 18:37:29, Info CSI 0000024f [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:37:29, Info CSI 00000250 [SR] Beginning Verify and Repair transaction
2017-12-13 18:37:31, Info CSI 00000252 [SR] Verify complete
2017-12-13 18:37:31, Info CSI 00000253 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:37:31, Info CSI 00000254 [SR] Beginning Verify and Repair transaction
2017-12-13 18:37:33, Info CSI 00000256 [SR] Verify complete
2017-12-13 18:37:33, Info CSI 00000257 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:37:33, Info CSI 00000258 [SR] Beginning Verify and Repair transaction
2017-12-13 18:37:36, Info CSI 0000025b [SR] Verify complete
2017-12-13 18:37:36, Info CSI 0000025c [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:37:36, Info CSI 0000025d [SR] Beginning Verify and Repair transaction
2017-12-13 18:37:37, Info CSI 0000025f [SR] Verify complete
2017-12-13 18:37:37, Info CSI 00000260 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:37:37, Info CSI 00000261 [SR] Beginning Verify and Repair transaction
2017-12-13 18:37:38, Info CSI 00000263 [SR] Verify complete
2017-12-13 18:37:38, Info CSI 00000264 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:37:38, Info CSI 00000265 [SR] Beginning Verify and Repair transaction
2017-12-13 18:37:39, Info CSI 00000267 [SR] Cannot repair member file [l:26{13}]"iesysprep.dll" of Microsoft-Windows-IE-Sysprep, Version = 11.2.9600.16428, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2017-12-13 18:37:41, Info CSI 0000026b [SR] Cannot repair member file [l:26{13}]"iesysprep.dll" of Microsoft-Windows-IE-Sysprep, Version = 11.2.9600.16428, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2017-12-13 18:37:41, Info CSI 0000026c [SR] This component was referenced by [l:230{115}]"Microsoft-Windows-InternetExplorer-VistaPlus-Update~31bf3856ad364e35~amd64~~11.2.9600.16428.Internet-Explorer-amd64"
2017-12-13 18:37:42, Info CSI 0000026f [SR] Verify complete
2017-12-13 18:37:42, Info CSI 00000270 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:37:42, Info CSI 00000271 [SR] Beginning Verify and Repair transaction
2017-12-13 18:37:45, Info CSI 00000274 [SR] Verify complete
2017-12-13 18:37:45, Info CSI 00000275 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:37:45, Info CSI 00000276 [SR] Beginning Verify and Repair transaction
2017-12-13 18:37:47, Info CSI 0000027a [SR] Verify complete
2017-12-13 18:37:48, Info CSI 0000027b [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:37:48, Info CSI 0000027c [SR] Beginning Verify and Repair transaction
2017-12-13 18:37:50, Info CSI 00000286 [SR] Verify complete
2017-12-13 18:37:50, Info CSI 00000287 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:37:50, Info CSI 00000288 [SR] Beginning Verify and Repair transaction
2017-12-13 18:37:52, Info CSI 0000028f [SR] Verify complete
2017-12-13 18:37:53, Info CSI 00000290 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:37:53, Info CSI 00000291 [SR] Beginning Verify and Repair transaction
2017-12-13 18:37:54, Info CSI 00000296 [SR] Verify complete
2017-12-13 18:37:54, Info CSI 00000297 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:37:54, Info CSI 00000298 [SR] Beginning Verify and Repair transaction
2017-12-13 18:37:56, Info CSI 0000029c [SR] Verify complete
2017-12-13 18:37:56, Info CSI 0000029d [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:37:56, Info CSI 0000029e [SR] Beginning Verify and Repair transaction
2017-12-13 18:37:57, Info CSI 000002a0 [SR] Verify complete
2017-12-13 18:37:57, Info CSI 000002a1 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:37:57, Info CSI 000002a2 [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:00, Info CSI 000002c7 [SR] Verify complete
2017-12-13 18:38:00, Info CSI 000002c8 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:38:00, Info CSI 000002c9 [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:02, Info CSI 000002cb [SR] Verify complete
2017-12-13 18:38:02, Info CSI 000002cc [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:38:02, Info CSI 000002cd [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:03, Info CSI 000002cf [SR] Verify complete
2017-12-13 18:38:04, Info CSI 000002d0 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:38:04, Info CSI 000002d1 [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:05, Info CSI 000002d3 [SR] Verify complete
2017-12-13 18:38:06, Info CSI 000002d4 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:38:06, Info CSI 000002d5 [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:07, Info CSI 000002e2 [SR] Verify complete
2017-12-13 18:38:07, Info CSI 000002e3 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:38:07, Info CSI 000002e4 [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:08, Info CSI 000002e7 [SR] Verify complete
2017-12-13 18:38:08, Info CSI 000002e8 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:38:08, Info CSI 000002e9 [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:11, Info CSI 000002ed [SR] Verify complete
2017-12-13 18:38:11, Info CSI 000002ee [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:38:11, Info CSI 000002ef [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:14, Info CSI 000002fb [SR] Verify complete
2017-12-13 18:38:14, Info CSI 000002fc [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:38:14, Info CSI 000002fd [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:15, Info CSI 000002ff [SR] Verify complete
2017-12-13 18:38:15, Info CSI 00000300 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:38:15, Info CSI 00000301 [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:17, Info CSI 00000304 [SR] Verify complete
2017-12-13 18:38:17, Info CSI 00000305 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:38:17, Info CSI 00000306 [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:18, Info CSI 00000308 [SR] Verify complete
2017-12-13 18:38:18, Info CSI 00000309 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:38:18, Info CSI 0000030a [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:20, Info CSI 0000030c [SR] Verify complete
2017-12-13 18:38:20, Info CSI 0000030d [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:38:20, Info CSI 0000030e [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:22, Info CSI 00000310 [SR] Verify complete
2017-12-13 18:38:22, Info CSI 00000311 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:38:22, Info CSI 00000312 [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:24, Info CSI 00000314 [SR] Verify complete
2017-12-13 18:38:24, Info CSI 00000315 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:38:24, Info CSI 00000316 [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:27, Info CSI 00000330 [SR] Verify complete
2017-12-13 18:38:27, Info CSI 00000331 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:38:27, Info CSI 00000332 [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:29, Info CSI 00000334 [SR] Verify complete
2017-12-13 18:38:29, Info CSI 00000335 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:38:29, Info CSI 00000336 [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:34, Info CSI 00000338 [SR] Verify complete
2017-12-13 18:38:34, Info CSI 00000339 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:38:34, Info CSI 0000033a [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:36, Info CSI 0000033c [SR] Verify complete
2017-12-13 18:38:36, Info CSI 0000033d [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:38:36, Info CSI 0000033e [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:37, Info CSI 00000342 [SR] Verify complete
2017-12-13 18:38:37, Info CSI 00000343 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:38:37, Info CSI 00000344 [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:38, Info CSI 00000346 [SR] Verify complete
2017-12-13 18:38:39, Info CSI 00000347 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:38:39, Info CSI 00000348 [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:41, Info CSI 0000034a [SR] Verify complete
2017-12-13 18:38:41, Info CSI 0000034b [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:38:41, Info CSI 0000034c [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:42, Info CSI 0000034e [SR] Verify complete
2017-12-13 18:38:42, Info CSI 0000034f [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:38:42, Info CSI 00000350 [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:44, Info CSI 00000353 [SR] Verify complete
2017-12-13 18:38:44, Info CSI 00000354 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:38:44, Info CSI 00000355 [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:45, Info CSI 00000357 [SR] Verify complete
2017-12-13 18:38:45, Info CSI 00000358 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:38:45, Info CSI 00000359 [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:47, Info CSI 0000035b [SR] Verify complete
2017-12-13 18:38:47, Info CSI 0000035c [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:38:47, Info CSI 0000035d [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:48, Info CSI 0000035f [SR] Verify complete
2017-12-13 18:38:48, Info CSI 00000360 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:38:48, Info CSI 00000361 [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:51, Info CSI 00000364 [SR] Verify complete
2017-12-13 18:38:51, Info CSI 00000365 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:38:51, Info CSI 00000366 [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:52, Info CSI 00000368 [SR] Verify complete
2017-12-13 18:38:52, Info CSI 00000369 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:38:52, Info CSI 0000036a [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:54, Info CSI 0000036c [SR] Verify complete
2017-12-13 18:38:54, Info CSI 0000036d [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:38:54, Info CSI 0000036e [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:56, Info CSI 00000370 [SR] Verify complete
2017-12-13 18:38:56, Info CSI 00000371 [SR] Verifying 100 (0x0000000000000064) components
2017-12-13 18:38:56, Info CSI 00000372 [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:58, Info CSI 00000374 [SR] Verify complete
2017-12-13 18:38:58, Info CSI 00000375 [SR] Verifying 27 (0x000000000000001b) components
2017-12-13 18:38:58, Info CSI 00000376 [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:58, Info CSI 00000378 [SR] Verify complete
2017-12-13 18:38:58, Info CSI 00000379 [SR] Repairing 1 components
2017-12-13 18:38:58, Info CSI 0000037a [SR] Beginning Verify and Repair transaction
2017-12-13 18:38:58, Info CSI 0000037c [SR] Cannot repair member file [l:26{13}]"iesysprep.dll" of Microsoft-Windows-IE-Sysprep, Version = 11.2.9600.16428, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2017-12-13 18:38:58, Info CSI 0000037e [SR] Cannot repair member file [l:26{13}]"iesysprep.dll" of Microsoft-Windows-IE-Sysprep, Version = 11.2.9600.16428, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2017-12-13 18:38:58, Info CSI 0000037f [SR] This component was referenced by [l:230{115}]"Microsoft-Windows-InternetExplorer-VistaPlus-Update~31bf3856ad364e35~amd64~~11.2.9600.16428.Internet-Explorer-amd64"
2017-12-13 18:38:58, Info CSI 00000381 [SR] Repair complete
2017-12-13 18:38:58, Info CSI 00000382 [SR] Committing transaction
2017-12-13 18:38:58, Info CSI 00000386 [SR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction have been successfully repaired
Here is VEW application:
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 13/12/2017 6:42:18 PM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 13/12/2017 8:23:17 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Desktop Pro 2018":
Host Start failed
Log: 'Application' Date/Time: 13/12/2017 8:23:17 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Desktop Pro 2018":
Runtime not yet initialized
Log: 'Application' Date/Time: 13/12/2017 4:38:59 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: aswmbr.exe, version: 1.0.1.2290, time stamp: 0x54b4df14 Faulting module name: ntdll.dll, version: 6.1.7601.23915, time stamp: 0x59b94a16 Exception code: 0xc0000005 Fault offset: 0x0002e49b Faulting process id: 0xc7c Faulting application start time: 0x01d373c87c235a19 Faulting application path: C:\Users\JB\Desktop\aswmbr.exe Faulting module path: C:\windows\SysWOW64\ntdll.dll Report Id: 88b3e5bf-dfbf-11e7-8a36-d85de2936b3c
Log: 'Application' Date/Time: 12/12/2017 11:24:10 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: aswmbr.exe, version: 1.0.1.2290, time stamp: 0x54b4df14 Faulting module name: ntdll.dll, version: 6.1.7601.23915, time stamp: 0x59b94a16 Exception code: 0xc0000005 Fault offset: 0x0002e49b Faulting process id: 0x1918 Faulting application start time: 0x01d3739d3f8a72b5 Faulting application path: C:\Users\JB\Desktop\aswmbr.exe Faulting module path: C:\windows\SysWOW64\ntdll.dll Report Id: 8e17cf8c-df93-11e7-8a36-d85de2936b3c
Log: 'Application' Date/Time: 12/12/2017 11:01:06 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Desktop Pro 2018":
QuickBooks has experienced a problem and must be shut down, ErrorCode:2004937507.
Log: 'Application' Date/Time: 11/12/2017 9:23:15 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Desktop Pro 2018":
Host Start failed
Log: 'Application' Date/Time: 11/12/2017 9:23:15 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Desktop Pro 2018":
Runtime not yet initialized
Log: 'Application' Date/Time: 11/12/2017 9:22:32 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Desktop Pro 2018":
V28.0D R3 (M=1066, L=335, C=249, V=0 (0))
Log: 'Application' Date/Time: 11/12/2017 8:36:47 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Desktop Pro 2018":
Host Start failed
Log: 'Application' Date/Time: 11/12/2017 8:36:47 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Desktop Pro 2018":
Runtime not yet initialized
Log: 'Application' Date/Time: 11/12/2017 8:27:40 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Desktop Pro 2018":
DMError Information:-6069Additional Info:An Invalid Id or password was specified.
Log: 'Application' Date/Time: 11/12/2017 8:27:40 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Desktop Pro 2018":
DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'src\connpool.cpp' at line 1042 from function:'DBMgr::DBConnPool::init'
Log: 'Application' Date/Time: 11/12/2017 8:27:40 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Desktop Pro 2018":
Connection String:CON=QBConnectionPool-Probe-QB_JB-HP_28;;DBF=C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\Short Haul Concrete LLC.qbw;CommLinks="ShMem,tcpip(IP=192.168.7.81;TO=5;DOBROADCAST=NONE;port=55378)";ServerName=QB_JB-HP_28;DBN=81b183e537844ac384bc26d615598f2f
Log: 'Application' Date/Time: 11/12/2017 8:27:40 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Desktop Pro 2018":
Connection Error:Invalid user ID or password
Log: 'Application' Date/Time: 11/12/2017 8:27:39 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Desktop Pro 2018":
DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'src\connpool.cpp' at line 1042 from function:'DBMgr::DBConnPool::init'
Log: 'Application' Date/Time: 11/12/2017 8:27:39 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Desktop Pro 2018":
Connection String:CON=QBConnectionPool-Probe-QB_JB-HP_28;;DBF=C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\Short Haul Concrete LLC.qbw;CommLinks="ShMem,tcpip(IP=192.168.7.81;TO=5;DOBROADCAST=NONE;port=55378)";ServerName=QB_JB-HP_28;DBN=76ea9268c9354e96b76d7e3a6a953c97
Log: 'Application' Date/Time: 11/12/2017 8:27:39 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Desktop Pro 2018":
Connection Error:Invalid user ID or password
Log: 'Application' Date/Time: 11/12/2017 8:26:38 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Desktop Pro 2018":
QuickBooks has experienced a problem and must be shut down, ErrorCode:2004937507.
Log: 'Application' Date/Time: 11/12/2017 8:10:48 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Desktop Pro 2018":
DMError Information:-6069Additional Info:An Invalid Id or password was specified.
Log: 'Application' Date/Time: 11/12/2017 8:10:48 PM
Type: Error Category: 2
Event: 4 Source: QuickBooks
An unexpected error has occured in "QuickBooks Desktop Pro 2018":
DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'src\connpool.cpp' at line 1042 from function:'DBMgr::DBConnPool::init'
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 14/12/2017 12:08:37 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 24 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 6596 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6596 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2008 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2008 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2008 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2008 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6596 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 2008 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 6596 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 2008 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 6596 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 2008 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 6596 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2008 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 6596 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 2008 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 2008 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 2008 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2008 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2008 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2008 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 6596 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 6596 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2008 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Disallowed
Log: 'Application' Date/Time: 13/12/2017 5:14:53 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000_Classes:
Process 6872 (\Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft-windows-rundll32_31bf3856ad364e35_6.1.7601.23755_none_368a88b9dac77673\rundll32.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000_CLASSES
Log: 'Application' Date/Time: 13/12/2017 5:14:53 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 24 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 4468 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 4468 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1956 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1956 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1956 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1956 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 4468 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 1956 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 4468 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 1956 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 4468 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 1956 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 4468 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1956 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 4468 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 1956 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 1956 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1956 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1956 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1956 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1956 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 4468 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 4468 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1956 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Disallowed
Log: 'Application' Date/Time: 11/12/2017 6:50:56 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 24 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 6448 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6448 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 6448 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 6448 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 6448 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 6448 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 6448 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 6448 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 6448 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Disallowed
Log: 'Application' Date/Time: 11/12/2017 12:03:18 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 24 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 6436 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6436 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2016 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2016 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2016 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2016 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6436 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 2016 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 2016 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 6436 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 6436 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 2016 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 6436 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2016 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 6436 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 2016 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 2016 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 2016 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2016 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2016 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2016 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 6436 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 6436 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2016 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Disallowed
Log: 'Application' Date/Time: 10/12/2017 11:39:04 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 24 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 6596 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6596 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2032 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2032 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2032 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2032 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6596 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 2032 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 2032 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 6596 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 6596 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 2032 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 6596 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2032 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 6596 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 2032 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 2032 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 2032 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2032 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2032 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2032 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 6596 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 6596 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2032 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Disallowed
Log: 'Application' Date/Time: 10/12/2017 10:26:11 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 9 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 6480 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6480 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6480 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 6480 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 6480 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 6480 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 6480 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 6480 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 6480 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Log: 'Application' Date/Time: 10/12/2017 10:23:22 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 11 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 6828 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6828 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1852 (\Device\HarddiskVolume3\Windows\System32\CompatTelRunner.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6828 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 6828 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 6828 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 6828 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 6828 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 1852 (\Device\HarddiskVolume3\Windows\System32\CompatTelRunner.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 6828 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 6828 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Log: 'Application' Date/Time: 08/12/2017 4:57:26 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 24 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 1976 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1976 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1976 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1976 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6580 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6580 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1976 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 6580 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 1976 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 6580 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 1976 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 6580 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 1976 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 6580 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1976 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 6580 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 1976 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 6580 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 6580 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1976 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1976 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1976 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1976 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1976 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Disallowed
Log: 'Application' Date/Time: 08/12/2017 1:44:29 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 24 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 7068 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 7068 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1996 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1996 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1996 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1996 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 7068 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 1996 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 7068 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 1996 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 7068 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 1996 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 7068 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1996 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 7068 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 1996 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 1996 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1996 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1996 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1996 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1996 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 7068 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 7068 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1996 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Disallowed
Log: 'Application' Date/Time: 07/12/2017 9:37:40 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 24 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 2036 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2036 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2036 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2036 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6628 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6628 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2036 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 6628 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 2036 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 6628 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 2036 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 6628 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 2036 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 6628 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2036 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 6628 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 2036 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 6628 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 6628 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2036 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2036 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2036 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2036 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2036 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Disallowed
Log: 'Application' Date/Time: 07/12/2017 2:21:01 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 24 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 7088 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 7088 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1948 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1948 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1948 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1948 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1948 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 7088 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 7088 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 1948 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 1948 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 7088 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 1948 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 7088 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1948 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 7088 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 1948 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 7088 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 7088 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1948 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1948 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1948 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1948 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1948 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Disallowed
Log: 'Application' Date/Time: 05/12/2017 9:32:29 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 24 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 6540 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6540 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 6540 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 6540 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 6540 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 6540 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 6540 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 6540 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 6540 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Disallowed
Log: 'Application' Date/Time: 01/12/2017 9:36:35 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 24 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 2012 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2012 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2012 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2012 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 7116 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 7116 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 7116 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 2012 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 7116 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 2012 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 7116 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 2012 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 7116 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2012 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 7116 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 2012 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 2012 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 2012 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2012 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2012 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2012 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 7116 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 7116 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2012 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Disallowed
Log: 'Application' Date/Time: 01/12/2017 4:12:19 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 24 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 2028 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2028 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2028 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2028 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6696 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6696 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2028 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 6696 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 2028 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 6696 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 2028 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 6696 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 2028 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 6696 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2028 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 6696 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 2028 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 6696 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 6696 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2028 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2028 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2028 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2028 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2028 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Disallowed
Log: 'Application' Date/Time: 30/11/2017 5:40:22 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Disallowed
Log: 'Application' Date/Time: 28/11/2017 11:27:53 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1001:
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1001
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1001
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1001
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1001
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1001\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1001\Software\Microsoft\SystemCertificates\trust
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1001\Software\Microsoft\SystemCertificates\Disallowed
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1001\Software\Microsoft\SystemCertificates\My
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1001\Software\Microsoft\SystemCertificates\CA
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1001\Software\Policies\Microsoft\SystemCertificates
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1001\Software\Policies\Microsoft\SystemCertificates
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1001\Software\Policies\Microsoft\SystemCertificates
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1001\Software\Policies\Microsoft\SystemCertificates
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1001\Software\Microsoft\SystemCertificates\Root
Log: 'Application' Date/Time: 28/11/2017 11:10:04 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000_Classes:
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000_CLASSES
Log: 'Application' Date/Time: 28/11/2017 11:10:04 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 24 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 6600 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6600 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 6600 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 6600 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 6600 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 6600 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 6600 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 6600 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 6600 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 1984 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Disallowed
Log: 'Application' Date/Time: 28/11/2017 2:06:38 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 24 user registry handles leaked from \Registry\User\S-1-5-21-2577112198-3913129868-2286876578-1000:
Process 6416 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 6416 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 6416 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\trust
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 6416 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\My
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 6416 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\CA
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 6416 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 6416 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Root
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 6416 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 6416 (\Device\HarddiskVolume3\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Policies\Microsoft\SystemCertificates
Process 2000 (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 17.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2577112198-3913129868-2286876578-1000\Software\Microsoft\SystemCertificates\Disallowed
And VEW system:
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 13/12/2017 6:43:03 PM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 13/12/2017 8:05:31 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 13/12/2017 8:01:53 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 10/12/2017 10:14:13 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 10/12/2017 10:10:02 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 13/12/2017 8:05:33 PM
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 2:04:53 PM on ?12/?13/?2017 was unexpected.
Log: 'System' Date/Time: 13/12/2017 8:04:26 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.
Log: 'System' Date/Time: 13/12/2017 8:02:37 PM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.
Log: 'System' Date/Time: 13/12/2017 8:01:55 PM
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 2:01:02 PM on ?12/?13/?2017 was unexpected.
Log: 'System' Date/Time: 13/12/2017 5:15:23 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.
Log: 'System' Date/Time: 10/12/2017 10:39:34 PM
Type: Error Category: 0
Event: 5 Source: BTHUSB
The Bluetooth driver expected an HCI event with a certain size but did not receive it.
Log: 'System' Date/Time: 10/12/2017 10:33:10 PM
Type: Error Category: 0
Event: 5 Source: BTHUSB
The Bluetooth driver expected an HCI event with a certain size but did not receive it.
Log: 'System' Date/Time: 10/12/2017 10:31:18 PM
Type: Error Category: 0
Event: 5 Source: BTHUSB
The Bluetooth driver expected an HCI event with a certain size but did not receive it.
Log: 'System' Date/Time: 10/12/2017 10:14:15 PM
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 4:13:02 PM on ?12/?10/?2017 was unexpected.
Log: 'System' Date/Time: 10/12/2017 10:10:45 PM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.
Log: 'System' Date/Time: 10/12/2017 10:10:04 PM
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 4:08:48 PM on ?12/?10/?2017 was unexpected.
Log: 'System' Date/Time: 10/12/2017 10:08:21 PM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AVP17.0.0 service.
Log: 'System' Date/Time: 10/12/2017 10:08:11 PM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.
Log: 'System' Date/Time: 01/12/2017 3:48:06 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user JB-HP\JB SID (S-1-5-21-2577112198-3913129868-2286876578-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 01/12/2017 3:48:06 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user JB-HP\JB SID (S-1-5-21-2577112198-3913129868-2286876578-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 30/11/2017 5:16:06 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user JB-HP\JB SID (S-1-5-21-2577112198-3913129868-2286876578-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 30/11/2017 5:16:06 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user JB-HP\JB SID (S-1-5-21-2577112198-3913129868-2286876578-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 28/11/2017 8:53:31 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user JB-HP\JB SID (S-1-5-21-2577112198-3913129868-2286876578-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 28/11/2017 8:53:31 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user JB-HP\JB SID (S-1-5-21-2577112198-3913129868-2286876578-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 28/11/2017 1:25:18 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user JB-HP\JB SID (S-1-5-21-2577112198-3913129868-2286876578-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 14/12/2017 12:08:38 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.
Log: 'System' Date/Time: 13/12/2017 5:17:00 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.
Log: 'System' Date/Time: 11/12/2017 6:50:58 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.
Log: 'System' Date/Time: 11/12/2017 12:03:19 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.
Log: 'System' Date/Time: 10/12/2017 11:42:21 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.attlocal.net timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 10/12/2017 11:42:14 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name www.msftncsi.com timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 10/12/2017 11:42:07 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name dns.msftncsi.com timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 10/12/2017 11:41:55 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name patt81xmpp.att.motive.com timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 10/12/2017 11:40:31 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name btms.samsungsemi.com timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 10/12/2017 11:39:48 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.attlocal.net timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 10/12/2017 11:39:06 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.
Log: 'System' Date/Time: 10/12/2017 10:58:35 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name www.msftncsi.com timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 10/12/2017 10:58:28 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name teredo.ipv6.microsoft.com timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 10/12/2017 10:58:20 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.attlocal.net timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 10/12/2017 10:52:26 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name dns.msftncsi.com timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 10/12/2017 10:40:08 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name teredo.ipv6.microsoft.com timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 10/12/2017 10:40:06 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name dnl-03.geo.kaspersky.com timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 10/12/2017 10:40:05 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.attlocal.net timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 10/12/2017 10:40:00 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.attlocal.net timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 10/12/2017 10:39:56 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.attlocal.net timed out after none of the configured DNS servers responded.
Rogue Killer coming up...
#64
Posted 13 December 2017 - 09:10 PM
RKinner
-
- Expert
-
- 24,748 posts
Malware Expert
The file that sfc is complaining about isn't important in normal operation. It's used when you run Sysprep:
https://blogs.techne...w-step-by-step/
When you ran sfcfix last time it claimed to fix it but we didn't go back and rerun sfc /scannow to see if it did.
For the WPAD stuff:
Try opening Control panel. Internet Options, Connection , LAN Settings then note which boxes are checked then uncheck everything and OK.
Our Internet is acting up again. May fail any minute.
#65
Posted 14 December 2017 - 02:22 PM
shorthaul99
- Topic Starter
-
- Member
-
- 133 posts
Member
We have run Rogue Killer in the past on post #25 but this time it found a couple more items?
RogueKiller V12.11.28.0 (x64) [Dec 11 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.co...ad/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : JB [Administrator]
Started from : C:\Users\JB\Desktop\RogueKiller_portable64.exe
Mode : Scan -- Date : 12/13/2017 18:46:34 (Duration : 00:46:22)
¤¤¤ Processes : 1 ¤¤¤
[Root.Wajam|Adw.Elex] svchost.exe(2704) -- C:\Windows\System32\svchost.exe[7] -> Found
¤¤¤ Registry : 50 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5A134DD5-9609-460B-876D-D6D240D948BF} | DhcpNameServer : 172.20.10.1 ([]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{5A134DD5-9609-460B-876D-D6D240D948BF} | DhcpNameServer : 172.20.10.1 ([]) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {07B06AB4-522B-4C4F-B99D-9DE5873EDB03} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\JB\AppData\Local\Temp\7zS16D5\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {78A2AA77-A970-43C6-98D7-C6C6D5659933} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\JB\AppData\Local\Temp\7zS16D5\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {9077B2AE-2F18-4FB7-B757-AE122B015C53} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\JB\AppData\Local\Temp\7zS18B2\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {88571F9F-D999-4DEA-B108-F9DF772450A7} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\JB\AppData\Local\Temp\7zS18B2\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {7A27F99D-B365-4AF9-A185-58ED93305AC1} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\JB\AppData\Local\Temp\7zS2790\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {9E94AFF2-4632-42D9-8000-DCCE635A8EE7} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\JB\AppData\Local\Temp\7zS2790\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {BC856DA0-34DF-48E9-9334-EDF9B9ED8258} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\JB\AppData\Local\Temp\7zS27D8\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A1038E70-2382-419D-9D8D-87CF1A1806A0} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\JB\AppData\Local\Temp\7zS27D8\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {44A3F013-F920-4448-86CE-41B358FC2138} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\JB\AppData\Local\Temp\7zS27A4\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {BADF1A0F-BBDF-4F91-895F-184DC93E6A3A} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\JB\AppData\Local\Temp\7zS27A4\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {92652BF0-8A8A-49C6-A477-E349AD1C697F} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\JB\AppData\Local\Temp\7zS2977\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {541920F7-9E3C-4240-93A5-2E9EB4EB3DDF} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\JB\AppData\Local\Temp\7zS2977\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {88D60679-EACF-4B70-882A-330A9B3BB57A} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\JB\AppData\Local\Temp\7zS3DD2\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {633FA523-67CC-4FA3-B869-D090138C3265} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\JB\AppData\Local\Temp\7zS3DD2\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {405C44A0-E411-46C2-AAFC-CC1F60B57B9B} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\JB\AppData\Local\Temp\7zS3DFC\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {832B3613-2108-46B5-921B-1036F32016C6} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\JB\AppData\Local\Temp\7zS3DFC\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {9DB2E288-D457-4FB1-B9B0-1354E8C6D2BA} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\JB\AppData\Local\Temp\7zS2E35\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {D357794E-00DA-4B04-BE5F-AF1981ECB3B7} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\JB\AppData\Local\Temp\7zS2E35\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {140573B5-1C0F-4732-972C-31FD0614CB10} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\JB\AppData\Local\Temp\7zS5EC7\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {96CC9EEC-1223-4FFE-B43F-7A0D4D402D58} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\JB\AppData\Local\Temp\7zS5EC7\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {CBEB0721-EE38-4D82-B7FB-4473BC65E689} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\JB\AppData\Local\Temp\7zS5EF4\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1A69642B-024F-4E0A-963F-415262C257C4} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\JB\AppData\Local\Temp\7zS5EF4\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A046F598-86DB-47E1-B726-E59DF19750A9} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\JB\AppData\Local\Temp\7zS6112\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {28C34809-E0DD-4A71-88F7-543778E3D5FF} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\JB\AppData\Local\Temp\7zS6112\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {07B06AB4-522B-4C4F-B99D-9DE5873EDB03} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\JB\AppData\Local\Temp\7zS16D5\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {78A2AA77-A970-43C6-98D7-C6C6D5659933} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\JB\AppData\Local\Temp\7zS16D5\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {9077B2AE-2F18-4FB7-B757-AE122B015C53} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\JB\AppData\Local\Temp\7zS18B2\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {88571F9F-D999-4DEA-B108-F9DF772450A7} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\JB\AppData\Local\Temp\7zS18B2\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {7A27F99D-B365-4AF9-A185-58ED93305AC1} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\JB\AppData\Local\Temp\7zS2790\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {9E94AFF2-4632-42D9-8000-DCCE635A8EE7} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\JB\AppData\Local\Temp\7zS2790\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {BC856DA0-34DF-48E9-9334-EDF9B9ED8258} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\JB\AppData\Local\Temp\7zS27D8\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A1038E70-2382-419D-9D8D-87CF1A1806A0} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\JB\AppData\Local\Temp\7zS27D8\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {44A3F013-F920-4448-86CE-41B358FC2138} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\JB\AppData\Local\Temp\7zS27A4\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {BADF1A0F-BBDF-4F91-895F-184DC93E6A3A} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\JB\AppData\Local\Temp\7zS27A4\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {92652BF0-8A8A-49C6-A477-E349AD1C697F} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\JB\AppData\Local\Temp\7zS2977\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {541920F7-9E3C-4240-93A5-2E9EB4EB3DDF} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\JB\AppData\Local\Temp\7zS2977\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {88D60679-EACF-4B70-882A-330A9B3BB57A} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\JB\AppData\Local\Temp\7zS3DD2\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {633FA523-67CC-4FA3-B869-D090138C3265} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\JB\AppData\Local\Temp\7zS3DD2\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {405C44A0-E411-46C2-AAFC-CC1F60B57B9B} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\JB\AppData\Local\Temp\7zS3DFC\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {832B3613-2108-46B5-921B-1036F32016C6} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\JB\AppData\Local\Temp\7zS3DFC\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {9DB2E288-D457-4FB1-B9B0-1354E8C6D2BA} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\JB\AppData\Local\Temp\7zS2E35\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {D357794E-00DA-4B04-BE5F-AF1981ECB3B7} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\JB\AppData\Local\Temp\7zS2E35\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {140573B5-1C0F-4732-972C-31FD0614CB10} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\JB\AppData\Local\Temp\7zS5EC7\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {96CC9EEC-1223-4FFE-B43F-7A0D4D402D58} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\JB\AppData\Local\Temp\7zS5EC7\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {CBEB0721-EE38-4D82-B7FB-4473BC65E689} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\JB\AppData\Local\Temp\7zS5EF4\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1A69642B-024F-4E0A-963F-415262C257C4} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\JB\AppData\Local\Temp\7zS5EF4\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A046F598-86DB-47E1-B726-E59DF19750A9} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\JB\AppData\Local\Temp\7zS6112\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {28C34809-E0DD-4A71-88F7-543778E3D5FF} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\JB\AppData\Local\Temp\7zS6112\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ WMI : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Samsung SSD 850 PRO 512G SCSI Disk Device +++++
--- User ---
[MBR] a0df6803bfd5f93786ffb521cdd4a3c7
[BSP] ef5444ce539a871217aac157ae0020e8 : Empty MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 100 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 206848 | Size: 128 MB
2 - Basic data partition | Offset (sectors): 468992 | Size: 488153 MB
User = LL1 ... OK
User = LL2 ... OK
The LAN settings was checked to automatically detect settings so I unchecked it and saved and closed.
In regards to SFC, I have never had any files that were able to be repaired to my recent memory or knowledge.
#66
Posted 14 December 2017 - 02:39 PM
RKinner
-
- Expert
-
- 24,748 posts
Malware Expert
This one looks interesting:
[Root.Wajam|Adw.Elex] svchost.exe(2704) -- C:\Windows\System32\svchost.exe[7] -> Found
Open Process Explorer and see if you can find the svchost.exe with Process ID 2704. Hover over it and it should say what services it is running.
If it's just the one service then let RK remove it. Then do step 24 on:
https://www.bleeping...ads-wnetenhance
If it's more then one service then tell me what is running or you can:
Copy the next 2 lines:
TASKLIST /SVC > \junk.txt
notepad \junk.txt
Open an Elevated Command Prompt:
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open. Copy and paste the text from notepad into a reply.
The rest are OK.
When I did a search for sfcfix on this topic it came up with a log from sfcfix so I thought we had run it and it appeared to be happy from the log. Try running sfc /scannow then immediately after it finishes run sfcfix. (Right click and Run As Admin.) If you no longer have the file it is at:
http://www.majorgeek...ils/sfcfix.html
#67
Posted 14 December 2017 - 03:17 PM
shorthaul99
- Topic Starter
-
- Member
-
- 133 posts
Member
I have searched on Google and it seems like there are several ways to get to process explorer but I can't find it on my computer? I don't think I have ever needed to run that program before.
#68
Posted 14 December 2017 - 04:23 PM
RKinner
-
- Expert
-
- 24,748 posts
Malware Expert
Soory. Thought we had:
Get Process Explorer
http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.
Wait a full minute then:
File, Save As, Save. Note the file name. Open the file on your desktop and copy and paste the text to a reply.
#69
Posted 14 December 2017 - 06:42 PM
shorthaul99
- Topic Starter
-
- Member
-
- 133 posts
Member
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 90.74 0 K 24 K 0
procexp64.exe 3.52 40,284 K 61,760 K 7756 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
avp.exe 2.35 305,476 K 192,932 K 1976 Kaspersky Anti-Virus AO Kaspersky Lab (Verified) Kaspersky Lab
dwm.exe 0.64 34,536 K 26,704 K 4348 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
QBW32.EXE 0.61 298,240 K 84,448 K 6776 QuickBooks Intuit Inc. (Verified) Intuit
Interrupts 0.49 0 K 0 K n/a Hardware Interrupts and DPCs
iexplore.exe 0.31 138,604 K 160,588 K 8688 Internet Explorer Microsoft Corporation (Verified) Microsoft Corporation
System 0.27 280 K 1,940 K 4
csrss.exe 0.27 3,664 K 39,684 K 744 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
MB3Service.exe 0.17 21,500 K 20,904 K 2792 Malwarebytes Service Malwarebytes (Verified) Malwarebytes Corporation
explorer.exe 0.12 54,780 K 46,668 K 2200 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
node.exe 0.09 55,252 K 33,616 K 1988 Evented I/O for V8 JavaScript Joyent, Inc (No signature was present in the subject) Joyent, Inc
QBDBMgrN.exe 0.06 553,708 K 90,932 K 4384 Intuit Network Database Manager Intuit, Inc. (No signature was present in the subject) Intuit, Inc.
MAHostService.exe 0.05 1,764 K 708 K 1924 MAHostService Alcatel-Lucent (No signature was present in the subject) Alcatel-Lucent
avpui.exe 0.04 84,440 K 5,344 K 2572 Kaspersky Anti-Virus AO Kaspersky Lab (Verified) Kaspersky Lab
Keystatus.exe 0.04 1,648 K 2,328 K 5960 Caps Lock | Num Lock | Scroll Lock State (No signature was present in the subject)
taskhost.exe 0.04 26,284 K 14,344 K 3896 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 0.02 25,568 K 10,384 K 796
LogMeInSystray.exe 0.02 4,624 K 3,548 K 4576 LogMeIn Control Panel LogMeIn, Inc. (Verified) LogMeIn
iexplore.exe 0.02 18,928 K 45,088 K 5308 Internet Explorer Microsoft Corporation (Verified) Microsoft Corporation
pcTrayApp.exe 0.02 4,740 K 5,580 K 4672 mcci+McciTrayApp Alcatel-Lucent (No signature was present in the subject) Alcatel-Lucent
OUTLOOK.EXE 0.01 120,420 K 98,096 K 5568 Microsoft Outlook Microsoft Corporation (Verified) Microsoft Corporation
CLMLSvc_P2G8.exe 0.01 3,288 K 2,180 K 7096 CyberLink MediaLibrary Service CyberLink (Verified) CyberLink Corp.
HPNetworkCommunicatorCom.exe < 0.01 4,712 K 6,484 K 5544 HPNetworkCommunicatorCom Hewlett-Packard Development Company, LP (Verified) Hewlett Packard
iPodService.exe < 0.01 2,464 K 2,504 K 5396 iPod Service Apple Inc. (Verified) Apple Inc.
HPKEYBOARDx.EXE < 0.01 7,124 K 2,772 K 5240 HP Keyboard Kit OSD Hewlett-Packard (No signature was present in the subject) Hewlett-Packard
svchost.exe < 0.01 12,556 K 15,596 K 872 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
mbae.exe < 0.01 20,028 K 17,724 K 5436 Malwarebytes Anti-Exploit Malwarebytes Corporation (Verified) Malwarebytes Corporation
ScanToPCActivationApp.exe < 0.01 6,068 K 7,452 K 4300 ScanToPCActivationApp Hewlett-Packard Development Company, LP (Verified) Hewlett Packard
BTStackServer.exe < 0.01 26,432 K 13,072 K 5640 Bluetooth Stack COM Server Broadcom Corporation. (Verified) Broadcom Corporation
mbae-svc.exe < 0.01 6,980 K 4,828 K 2148 Malwarebytes Anti-Exploit Service Malwarebytes Corporation (Verified) Malwarebytes Corporation
RogueKiller_portable64.exe < 0.01 577,564 K 62,944 K 4792 Anti-malware remediation tool Adlice Software (Verified) Adlice
SearchIndexer.exe < 0.01 50,852 K 18,040 K 1336 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
iusb3mon.exe < 0.01 2,388 K 1,668 K 5796 iusb3mon Intel Corporation (Verified) Intel Corporation - Client Components Group
mbarw.exe < 0.01 22,280 K 7,760 K 3132 Malwarebytes Malwarebytes (Verified) Malwarebytes Corporation
services.exe < 0.01 7,164 K 6,260 K 788 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
BTTray.exe < 0.01 7,380 K 5,840 K 748 Bluetooth Tray Application Broadcom Corporation. (Verified) Broadcom Corporation
AppleMobileDeviceService.exe < 0.01 4,208 K 3,152 K 1892 MobileDeviceService Apple Inc. (Verified) Apple Inc.
rundll32.exe < 0.01 1,692 K 1,096 K 6040 Windows host process (Rundll32) Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 15,424 K 9,708 K 1520 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
pcContextHookShim.exe < 0.01 1,696 K 1,032 K 4172 mcci+McciContextHookShim Alcatel-Lucent (No signature was present in the subject) Alcatel-Lucent
RtkNGUI64.exe < 0.01 14,364 K 7,384 K 4852 Realtek HD Audio Manager Realtek Semiconductor (Verified) Realtek Semiconductor Corp
mbamgui.exe < 0.01 4,244 K 2,184 K 4180 Malwarebytes Anti-Malware (Corporate) Malwarebytes Corporation (Verified) Malwarebytes Corporation
FlashUtil64_28_0_0_126_ActiveX.exe < 0.01 4,560 K 10,796 K 8632 Adobe® Flash® Player Installer/Uninstaller 28.0 r0 Adobe Systems Incorporated (Verified) Adobe Systems Incorporated
OfficeClickToRun.exe < 0.01 30,888 K 16,920 K 1048 Microsoft Office Click-to-Run (SxS) Microsoft Corporation (Verified) Microsoft Corporation
taskeng.exe < 0.01 2,824 K 3,016 K 6184 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
qbupdate.exe < 0.01 16,476 K 7,560 K 3880 QuickBooks Automatic Update Intuit Inc. (Verified) Intuit
svchost.exe < 0.01 36,380 K 30,472 K 1040 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 33,924 K 26,780 K 1712 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
iTunesHelper.exe < 0.01 5,416 K 3,472 K 4712 iTunesHelper Apple Inc. (Verified) Apple Inc.
axlbridge.exe < 0.01 1,964 K 1,724 K 7332 AXLBridge Module Intuit Inc. (Verified) Intuit
conhost.exe < 0.01 1,184 K 352 K 2328 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
csrss.exe < 0.01 2,812 K 2,500 K 624 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 182,536 K 33,304 K 2704 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
LMIGuardianSvc.exe < 0.01 2,860 K 1,752 K 2100 LMIGuardianSvc LogMeIn, Inc. (Verified) LogMeIn
spoolsv.exe < 0.01 12,416 K 11,864 K 1664 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
mbae64.exe < 0.01 1,892 K 1,568 K 2304 Malwarebytes Anti-Exploit 64bit tasks Malwarebytes Corporation (Verified) Malwarebytes Corporation
mbamservice.exe < 0.01 157,368 K 41,108 K 2296 Malwarebytes Anti-Malware (Corporate) Malwarebytes Corporation (Verified) Malwarebytes Corporation
igfxEM.exe < 0.01 4,204 K 4,292 K 4840 igfxEM Module Intel Corporation (Verified) Intel Corporation - pGFX
wmpnetwk.exe 5,640 K 7,584 K 6060 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 3,088 K 7,024 K 9128 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 12,596 K 6,988 K 6432 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 13,764 K 3,836 K 6912 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 3,380 K 2,012 K 876 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,772 K 416 K 720 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe 2,400 K 2,012 K 6212 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 3,676 K 5,248 K 3796 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 6,412 K 5,356 K 952 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 9,728 K 8,644 K 576 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 7,528 K 6,748 K 160 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 25,932 K 12,276 K 668 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4,748 K 4,652 K 1156 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,144 K 1,984 K 3700 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,776 K 3,300 K 4588 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 7,528 K 7,600 K 2052 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
splwow64.exe 6,044 K 1,148 K 596 Print driver host for 32bit applications Microsoft Corporation (Verified) Microsoft Windows
smss.exe 564 K 412 K 444 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
SamsungMagician.exe 11,828 K 4,340 K 6708 Samsung Magician Samsung Electronics Co. Ltd. (Verified) Samsung Electronics Co.
RtkAudioService64.exe 2,252 K 1,500 K 1328 Realtek Audio Service Realtek Semiconductor (Verified) Realtek Semiconductor Corp
RAVBg64.exe 15,004 K 4,000 K 1496 HD Audio Background Process Realtek Semiconductor (Verified) Realtek Semiconductor Corp
QBIDPService.exe 8,676 K 1,072 K 2596 QBIDPService Intuit Inc. (Verified) Intuit
QBCFMonitorService.exe 11,196 K 5,604 K 2528 Intuit Inc. (Verified) Intuit
procexp.exe 2,532 K 7,940 K 8912 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
PresentationFontCache.exe 28,236 K 1,320 K 4364 PresentationFontCache.exe Microsoft Corporation (Verified) Microsoft Corporation
pcCMService.exe 1,984 K 1,360 K 2428 mcci+McciCMService Alcatel-Lucent (No signature was present in the subject) Alcatel-Lucent
pcCMService.exe 2,292 K 1,656 K 2484 mcci+McciCMService Alcatel-Lucent (No signature was present in the subject) Alcatel-Lucent
notepad.exe 1,928 K 800 K 6032 Notepad Microsoft Corporation (Verified) Microsoft Windows
mbamscheduler.exe 4,836 K 1,980 K 2240 Malwarebytes Anti-Malware (Corporate) Malwarebytes Corporation (Verified) Malwarebytes Corporation
lsm.exe 3,008 K 2,556 K 804 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
LMS.exe 4,728 K 2,912 K 4240 Intel® Local Management Service Intel Corporation (Verified) Intel Corporation - Intel® Management Engine Firmware
jhi_service.exe 1,604 K 596 K 2548 Intel® Dynamic Application Loader Host Interface Intel Corporation (Verified) Intel Corporation - Intel® Management Engine Firmware
igfxHK.exe 2,896 K 2,048 K 3916 igfxHK Module Intel Corporation (Verified) Intel Corporation - pGFX
igfxCUIService.exe 2,516 K 3,224 K 1288 igfxCUIService Module Intel Corporation (Verified) Intel Corporation - pGFX
HPSupportSolutionsFrameworkService.exe 38,892 K 4,936 K 5104 HP Support Solutions Framework Service HP Inc. (Verified) HP Inc.
dllhost.exe 2,420 K 6,428 K 4472 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
conhost.exe 1,460 K 724 K 1996 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
btwdins.exe 3,344 K 4,292 K 2032 Bluetooth Support Server Broadcom Corporation. (Verified) Broadcom Corporation
audiodg.exe 18,384 K 18,784 K 4088 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
armsvc.exe 1,244 K 464 K 1836 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
#70
Posted 14 December 2017 - 06:48 PM
shorthaul99
- Topic Starter
-
- Member
-
- 133 posts
Member
It appears that there is only 1 service attached to it and it claims it is part of Windows Defender package.
#71
Posted 14 December 2017 - 06:58 PM
RKinner
-
- Expert
-
- 24,748 posts
Malware Expert
Probably a false positive then. Best to leave it tho I have to wonder why Windows Defender is running when you have an antivirus. Normally when you install an antivirus the first thing it does is turn off Windows Defender.
Do you use Log Me In?
#72
Posted 14 December 2017 - 07:13 PM
shorthaul99
- Topic Starter
-
- Member
-
- 133 posts
Member
My bookkeeper uses Log Me In occasionally when she needs to update something but it has been several months since she has needed in via remote.
I keep it disabled unless she asks me to keep computer on and Log Me In on so she can do some work.
I find it funny that the 2704 process wasn't caught on the original logs from Rogue Killer back on post #25...
Also, if this truly is an issue, I wonder why I pay for Corporate MBAM and it doesn't even see it as a threat plus it doesn't appear like it is running live in the startup bar?
Every time I open it, it does the little pop up windows for admin privileges to start it. It never used to do that.
#73
Posted 14 December 2017 - 07:45 PM
RKinner
-
- Expert
-
- 24,748 posts
Malware Expert
They are always updating RK. Probably an update caused the false positive but it really should not be running since you have an antivirus. Search for:
services.msc
Scroll down to Windows Defender
Right click and select Properties then change the Startup Type to Disabled. Apply. Stop the service.
That should make the svchost 2704 go away.
You can close RK.
Back to the QB problem. Have you tried logging in to your email provider and leaving it connected while you run QB and try to mail?
I'll get back to looking at the Proc Mon logs but I have to put my Win 7 machine back together. Borrowed the keyboard to use on my other PC.
#74
Posted 14 December 2017 - 07:57 PM
shorthaul99
- Topic Starter
-
- Member
-
- 133 posts
Member
It makes no difference when emailing if Outlook is open or not. I usually keep it open while I am working so I can get updates of new emails throughout the day
but some days I will only monitor my email on my phone while working.
I asked QB forum and here is their response:
https://community.in...nt=new_question
#75
Posted 15 December 2017 - 05:54 AM
RKinner
-
- Expert
-
- 24,748 posts
Malware Expert
I'm getting closer to the failure point.
The first thing the good one does that the bad one doesn't is open WebMail.dll which lives at c:\Program Files (x86)\Intuit\QuickBooks 2018\WebMail.dll
It doesn't even try. This is right after both read C:\ProgramData\Intuit\QuickBooks 2018\Components\Messages\LEDCLSConfig.XML so could you send me a copy of the LEDCLSConfig.XML file?
Instead of opening WebMail.dll the bad one searches through tcpip connections then looks for
C:\Program Files (x86)\Intuit\QuickBooks 2018\FileLocations.ini
and
C:\Program Files (x86)\Intuit\QuickBooks 2018\SendError.ini
I expect if the last file existed it would tell the program what to do instead of crashing.
Also when it fails it creates a dump file:
C:\Users\JB\AppData\Local\Temp\MemDump.dmp
I probably can't read it but send it to me anyway just in case.
Also send me a copy of
C:\Users\JB\AppData\Local\Intuit\CLSLibrary\CLSClientLogger.log
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
