Ron,
Thank you very much for the prompt and detailed instructions. Please see below.
================================ <System Idle Process.txt> 8:07 PM 5/29/2019 ================================
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 89.28 0 K 24 K 0
WmiPrvSE.exe 2.55 10,088 K 16,180 K 464 WMI Provider Host Microsoft Corporation (Verified)
Microsoft Windows
procexp64.exe 1.37 58,972 K 74,832 K 6356 Sysinternals Process Explorer Sysinternals -
www.sysinternals.com (Verified) Microsoft Corporation
firefox.exe 0.66 175,404 K 346,500 K 3528 Firefox Mozilla Corporation (Verified) Mozilla
Corporation
AvastUI.exe 0.63 23,364 K 39,024 K 2924 Avast Antivirus AVAST Software (Verified) AVAST Software
s.r.o.
firefox.exe 0.08 338,504 K 416,376 K 1148 Firefox Mozilla Corporation (Verified) Mozilla
Corporation
firefox.exe 0.03 338,140 K 440,860 K 6788 Firefox Mozilla Corporation (Verified) Mozilla
Corporation
Photoshop.exe 0.32 465,312 K 219,812 K 3360 Adobe Photoshop CS5 Adobe Systems, Incorporated
(Verified) Adobe Systems Incorporated
Interrupts 0.28 0 K 0 K n/a Hardware Interrupts and DPCs
System 0.20 272 K 6,868 K 4
svchost.exe 0.24 29,228 K 47,528 K 408 Host Process for Windows Services Microsoft
Corporation (Verified) Microsoft Windows
firefox.exe 0.11 129,940 K 280,992 K 3276 Firefox Mozilla Corporation (Verified) Mozilla
Corporation
csrss.exe 0.17 19,208 K 20,816 K 600 Client Server Runtime Process Microsoft Corporation
(Verified) Microsoft Windows
GFIAgent.exe 0.10 8,280 K 12,236 K 2884 GFI BackUp Freeware GFI Software Ltd. (Verified) GFI
Software Development Ltd.
explorer.exe 0.06 84,948 K 82,956 K 2412 Windows Explorer Microsoft Corporation (Verified)
Microsoft Windows
AvastSvc.exe 0.04 186,012 K 45,260 K 1448 Avast Service AVAST Software (Verified) AVAST Software
s.r.o.
firefox.exe 0.03 101,748 K 114,180 K 6220 Firefox Mozilla Corporation (Verified) Mozilla
Corporation
firefox.exe 0.02 118,920 K 273,316 K 3308 Firefox Mozilla Corporation (Verified) Mozilla
Corporation
OUTLOOK.EXE 0.64 73,684 K 121,720 K 4048 Microsoft Office Outlook Microsoft Corporation
(Verified) Microsoft Corporation
Avast Driver Updater.exe 0.02 18,856 K 2,744 K 2508 Avast Driver Updater AVAST Software (Verified)
Avast Software s.r.o.
Skype.exe 0.01 152,656 K 167,080 K 4856 Skype Skype Technologies S.A. (Verified) Skype Software
Sarl
lsass.exe 0.02 5,900 K 13,580 K 700 Local Security Authority Process Microsoft Corporation
(Verified) Microsoft Windows
svchost.exe 0.04 24,500 K 23,484 K 988 Host Process for Windows Services Microsoft
Corporation (Verified) Microsoft Windows
BrYNSvc.exe 4,664 K 10,088 K 3924 BrYNCSvc Brother Industries, Ltd. (No signature was
present in the subject) Brother Industries, Ltd.
lsm.exe 2,940 K 4,964 K 708 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
BrStMonW.exe 5,336 K 12,820 K 1264 Status Monitor Application Brother Industries, Ltd. (No
signature was present in the subject) Brother Industries, Ltd.
svchost.exe 0.46 12,004 K 15,976 K 6012 Host Process for Windows Services Microsoft
Corporation (Verified) Microsoft Windows
aswidsagent.exe 0.04 21,380 K 36,660 K 4176 Avast Behavior Shield AVAST Software (Verified) AVAST
Software s.r.o.
svchost.exe 0.01 3,848 K 8,316 K 2016 Host Process for Windows Services Microsoft Corporation (Verified)
Microsoft Windows
svchost.exe 0.02 9,432 K 17,652 K 5044 Host Process for Windows Services Microsoft Corporation
(Verified) Microsoft Windows
CCleaner64.exe 0.01 14,160 K 2,252 K 2280 CCleaner Piriform Software Ltd (Verified) Piriform Software
Ltd
wpwin9.exe 0.01 14,896 K 31,896 K 4304 WordPerfect® 9 Corel Corporation Limited (No
signature was present in the subject) Corel Corporation Limited
svchost.exe < 0.01 12,108 K 21,560 K 476 Host Process for Windows Services Microsoft
Corporation (Verified) Microsoft Windows
taskhost.exe 0.01 12,720 K 13,820 K 2300 Host Process for Windows Tasks Microsoft Corporation
(Verified) Microsoft Windows
svchost.exe < 0.01 16,100 K 17,520 K 1388 Host Process for Windows Services Microsoft
Corporation (Verified) Microsoft Windows
Skype.exe 2.40 34,520 K 67,244 K 3004 Skype Skype Technologies S.A. (Verified) Skype Software
Sarl
WINWORD.EXE < 0.01 33,908 K 76,056 K 3408 Microsoft Office Word Microsoft Corporation (Verified)
Microsoft Corporation
SearchIndexer.exe < 0.01 48,468 K 38,576 K 4284 Microsoft Windows Search Indexer Microsoft
Corporation (Verified) Microsoft Windows
csrss.exe < 0.01 2,552 K 5,180 K 532 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft
Windows
SynTPEnh.exe < 0.01 8,896 K 14,936 K 2420 Synaptics TouchPad 64-bit Enhancements Synaptics Incorporated
(Verified) Synaptics Incorporated
spoolsv.exe < 0.01 9,352 K 17,044 K 1564 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft
Windows
wuauclt.exe 2,128 K 7,144 K 3676 Windows Update Microsoft Corporation (Verified) Microsoft Windows
wmpnetwk.exe < 0.01 10,204 K 10,328 K 4324 Windows Media Player Network Sharing Service Microsoft
Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 2,956 K 7,380 K 3064 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 2,220 K 6,200 K 672 Windows Logon Application Microsoft Corporation (Verified) Microsoft
Windows
wininit.exe 1,668 K 4,940 K 580 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft
Windows
unsecapp.exe 1,736 K 5,544 K 4628 Sink to receive asynchronous callbacks for WMI client application
Microsoft Corporation (Verified) Microsoft Windows
unsecapp.exe 1,916 K 6,464 K 3968 Sink to receive asynchronous callbacks for WMI client application
Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe 2,112 K 6,120 K 2364 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
SynTPHelper.exe 1,068 K 3,180 K 4016 Synaptics Pointing Device Helper Synaptics Incorporated (Verified)
Synaptics Incorporated
SynTPEnhService.exe 1,564 K 4,840 K 1064 64-bit Synaptics Pointing Enhance Service Synaptics
Incorporated (Verified) Synaptics Incorporated
svchost.exe < 0.01 5,480 K 10,124 K 912 Host Process for Windows Services Microsoft Corporation
(Verified) Microsoft Windows
svchost.exe 0.07 180,540 K 190,052 K 160 Host Process for Windows Services Microsoft
Corporation (Verified) Microsoft Windows
svchost.exe 12,404 K 16,376 K 1592 Host Process for Windows Services Microsoft
Corporation (Verified) Microsoft Windows
svchost.exe 4,936 K 10,724 K 816 Host Process for Windows Services Microsoft Corporation
(Verified) Microsoft Windows
svchost.exe 4,236 K 8,004 K 1684 Host Process for Windows Services Microsoft Corporation (Verified)
Microsoft Windows
splwow64.exe 3,324 K 7,460 K 1044 Print driver host for 32bit applications Microsoft Corporation
(Verified) Microsoft Windows
smss.exe 588 K 1,376 K 368 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
Skype.exe < 0.01 34,888 K 34,916 K 3704 Skype Skype Technologies S.A. (Verified) Skype Software
Sarl
Skype.exe 4,812 K 9,156 K 996 Skype Skype Technologies S.A. (Verified) Skype Software Sarl
services.exe < 0.01 7,040 K 11,316 K 640 Services and Controller app Microsoft Corporation (Verified)
Microsoft Windows
RtkNGUI64.exe 12,764 K 10,272 K 2840 Realtek HD Audio Manager Realtek Semiconductor
(Verified) Realtek Semiconductor Corp
RtkAudioService64.exe 2,012 K 5,768 K 1140 Realtek Audio Service Realtek Semiconductor (Verified) Realtek
Semiconductor Corp
RAVBg64.exe 14,404 K 11,704 K 1364 HD Audio Background Process Realtek Semiconductor
(Verified) Realtek Semiconductor Corp
procexp.exe 2,472 K 8,136 K 5904 Sysinternals Process Explorer Sysinternals - www.sysinternals.com
(Verified) Microsoft Corporation
PresentationFontCache.exe 26,920 K 18,720 K 2796 PresentationFontCache.exe Microsoft
Corporation (Verified) Microsoft Corporation
notepad.exe 1,848 K 6,296 K 1192 Notepad Microsoft Corporation (Verified) Microsoft Windows
LMS.exe 3,992 K 10,728 K 5288 Intel® Local Management Service Intel Corporation (Verified)
Intel Corporation - Embedded Subsystems and IP Blocks Group
jhi_service.exe 1,396 K 4,764 K 4320 Intel® Dynamic Application Loader Host Interface Intel Corporation
(Verified) Intel Corporation - Embedded Subsystems and IP Blocks Group
igfxEM.exe 3,724 K 9,808 K 4216 igfxEM Module Intel Corporation (Verified) Intel® pGFX
igfxCUIService.exe 1,916 K 6,932 K 1100 igfxCUIService Module Intel Corporation (Verified) Intel®
pGFX
IAStorIcon.exe 21,348 K 27,972 K 3976 IAStorIcon Intel Corporation (Verified) Intel
Corporation - Rapid Storage Technology
IAStorDataMgrSvc.exe 33,848 K 44,604 K 5064 IAStorDataSvc Intel Corporation (Verified)
Intel Corporation - Rapid Storage Technology
GFIFSC~1.EXE 0.02 3,580 K 7,136 K 1944 GFI BackUp Freeware GFI Software Ltd. (Verified) GFI Software
Development Ltd.
GFIFInst.exe 3,632 K 6,172 K 1768 GFI BackUp Freeware GFI Software Ltd. (Verified) GFI Software
Development Ltd.
firefox.exe 0.01 302,748 K 378,520 K 7132 Firefox Mozilla Corporation (Verified) Mozilla
Corporation
firefox.exe 92,528 K 90,760 K 6360 Firefox Mozilla Corporation (Verified) Mozilla
Corporation
firefox.exe 44,940 K 44,884 K 5448 Firefox Mozilla Corporation (Verified) Mozilla
Corporation
EXCEL.EXE 26,860 K 58,580 K 6984 Microsoft Office Excel Microsoft Corporation (Verified)
Microsoft Corporation
E_S40RPB.EXE 1,452 K 3,764 K 1744 EPSON Status Monitor 3 SEIKO EPSON CORPORATION (Verified) Microsoft Windows
Hardware Compatibility Publisher
CS5ServiceManager.exe 4,204 K 7,944 K 3040 Adobe CS5 Service Manager Adobe Systems Incorporated
(Verified) Adobe Systems Incorporated
audiodg.exe 22,168 K 23,696 K 4368 Windows Audio Device Graph Isolation Microsoft
Corporation (Verified) Microsoft Windows
================================ <junk.txt> 8:24 PM 5/29/2019 ================================
Image Name PID Services
========================= ======== ============================================
System Idle Process 0 N/A
System 4 N/A
smss.exe 368 N/A
csrss.exe 532 N/A
wininit.exe 580 N/A
csrss.exe 600 N/A
services.exe 640 N/A
winlogon.exe 672 N/A
lsass.exe 700 KeyIso, ProtectedStorage, SamSs
lsm.exe 708 N/A
svchost.exe 816 DcomLaunch, PlugPlay, Power
svchost.exe 912 RpcEptMapper, RpcSs
svchost.exe 988 AudioSrv, Dhcp, eventlog,
HomeGroupProvider, lmhosts, wscsvc
svchost.exe 160 AudioEndpointBuilder, hidserv,
HomeGroupListener, Netman, PcaSvc, SysMain,
TrkWks, wudfsvc
svchost.exe 476 EventSystem, fdPHost, FontCache, netprofm,
nsi, WdiServiceHost
svchost.exe 408 Appinfo, BITS, Browser, gpsvc, iphlpsvc,
LanmanServer, MMCSS, ProfSvc, Schedule,
SENS, ShellHWDetection, Winmgmt, wuauserv
igfxCUIService.exe 1100 igfxCUIService2.0.0.0
RtkAudioService64.exe 1140 RtkAudioService
RAVBg64.exe 1364 N/A
svchost.exe 1388 CryptSvc, Dnscache, LanmanWorkstation,
NlaSvc
AvastSvc.exe 1448 avast! Antivirus
spoolsv.exe 1564 Spooler
svchost.exe 1592 BFE, DPS, MpsSvc
svchost.exe 1684 DiagTrack
E_S40RPB.EXE 1744 EPSON_PM_RPCV4_01
GFIFInst.exe 1768 GFIBckFAtt
GFIFSC~1.EXE 1944 GFIBckFSched
svchost.exe 2016 stisvc
SynTPEnhService.exe 1064 SynTPEnhService
taskhost.exe 2300 N/A
taskeng.exe 2364 N/A
explorer.exe 2412 N/A
SynTPEnh.exe 2420 N/A
Avast Driver Updater.exe 2508 N/A
RtkNGUI64.exe 2840 N/A
GFIAgent.exe 2884 N/A
AvastUI.exe 2924 N/A
Skype.exe 3004 N/A
CCleaner64.exe 2280 N/A
BrStMonW.exe 1264 N/A
BrYNSvc.exe 3924 BrYNSvc
unsecapp.exe 3968 N/A
IAStorIcon.exe 3976 N/A
OUTLOOK.EXE 4048 N/A
WmiPrvSE.exe 464 N/A
PresentationFontCache.exe 2796 FontCache3.0.0.0
SynTPHelper.exe 4016 N/A
Skype.exe 996 N/A
Skype.exe 3704 N/A
aswidsagent.exe 4176 aswbIDSAgent
igfxEM.exe 4216 N/A
SearchIndexer.exe 4284 WSearch
unsecapp.exe 4628 N/A
Skype.exe 4856 N/A
IAStorDataMgrSvc.exe 5064 IAStorDataMgrSvc
wmpnetwk.exe 4324 WMPNetworkSvc
svchost.exe 5044 FDResPub, SSDPSRV, upnphost, wcncsvc
jhi_service.exe 4320 jhi_service
LMS.exe 5288 LMS
svchost.exe 6012 p2pimsvc, p2psvc, PNRPsvc
wuauclt.exe 3676 N/A
WINWORD.EXE 3408 N/A
splwow64.exe 1044 N/A
wpwin9.exe 4304 N/A
EXCEL.EXE 6984 N/A
firefox.exe 7132 N/A
firefox.exe 6360 N/A
firefox.exe 6220 N/A
firefox.exe 1148 N/A
firefox.exe 6788 N/A
firefox.exe 3528 N/A
firefox.exe 3276 N/A
notepad.exe 1192 N/A
firefox.exe 3308 N/A
firefox.exe 5448 N/A
Photoshop.exe 3360 N/A
CS5ServiceManager.exe 3040 N/A
procexp.exe 5904 N/A
procexp64.exe 6356 N/A
WmiPrvSE.exe 3064 N/A
notepad.exe 6060 N/A
SearchProtocolHost.exe 1876 N/A
SearchFilterHost.exe 6832 N/A
audiodg.exe 3584 N/A
cmd.exe 6516 N/A
conhost.exe 3760 N/A
tasklist.exe 6048 N/A
<end>
NOTE, Re speccy download.
If it is important: the large green button is on the Right, it reads [Donwload Latest Version (6.89MB)] .
There was no other option to download so I pressed the large button.
Also, during the install, I was NOT asked to include ccleaner
The output refers to Compaq domain because my previous computer was a Compaq so I renamed HP "Compaq" to preserve the drive mapping convention. It might be a bit confusing, sorry.
================================== VEW.txt [Events] 8:27 PM 5/29/2019 ==================================
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 29/05/2019 7:57:21 PM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 28/05/2019 6:16:26 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 28/05/2019 5:59:46 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 28/05/2019 12:34:46 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 04/05/2019 3:42:28 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 21/02/2019 2:49:37 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 29/05/2019 6:24:39 PM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
Log: 'System' Date/Time: 29/05/2019 6:24:33 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
Log: 'System' Date/Time: 29/05/2019 6:24:32 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
Log: 'System' Date/Time: 29/05/2019 6:23:55 PM
Type: Error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk1\DR1.
Log: 'System' Date/Time: 29/05/2019 6:23:53 PM
Type: Error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk1\DR1.
Log: 'System' Date/Time: 29/05/2019 6:23:53 PM
Type: Error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk1\DR1.
Log: 'System' Date/Time: 29/05/2019 6:12:42 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
Log: 'System' Date/Time: 29/05/2019 6:09:36 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
Log: 'System' Date/Time: 29/05/2019 2:27:33 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
Log: 'System' Date/Time: 28/05/2019 7:38:39 PM
Type: Error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk1\DR1.
Log: 'System' Date/Time: 28/05/2019 7:34:00 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error: After starting, the service hung in a start-pending state.
Log: 'System' Date/Time: 28/05/2019 7:34:00 PM
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The Server service hung on starting.
Log: 'System' Date/Time: 28/05/2019 7:32:09 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error: After starting, the service hung in a start-pending state.
Log: 'System' Date/Time: 28/05/2019 7:32:09 PM
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The Server service hung on starting.
Log: 'System' Date/Time: 28/05/2019 7:30:17 PM
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The Server service hung on starting.
Log: 'System' Date/Time: 28/05/2019 7:21:11 PM
Type: Error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk1\DR1.
Log: 'System' Date/Time: 28/05/2019 7:21:08 PM
Type: Error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk1\DR1.
Log: 'System' Date/Time: 28/05/2019 7:17:13 PM
Type: Error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk1\DR1.
Log: 'System' Date/Time: 28/05/2019 6:32:20 PM
Type: Error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk1\DR1.
Log: 'System' Date/Time: 28/05/2019 6:24:58 PM
Type: Error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk1\DR1.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 29/05/2019 6:47:50 PM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.
Log: 'System' Date/Time: 29/05/2019 6:47:46 PM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.
Log: 'System' Date/Time: 29/05/2019 6:47:42 PM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.
Log: 'System' Date/Time: 29/05/2019 6:47:38 PM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.
Log: 'System' Date/Time: 29/05/2019 6:47:32 PM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.
Log: 'System' Date/Time: 29/05/2019 6:47:25 PM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.
Log: 'System' Date/Time: 29/05/2019 6:47:16 PM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.
Log: 'System' Date/Time: 29/05/2019 6:46:02 PM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.
Log: 'System' Date/Time: 29/05/2019 6:32:51 PM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.
Log: 'System' Date/Time: 29/05/2019 6:25:55 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.hsd1.md.comcast.net timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 29/05/2019 6:19:16 PM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.
Log: 'System' Date/Time: 29/05/2019 6:18:08 PM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.
Log: 'System' Date/Time: 29/05/2019 6:12:42 PM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.
Log: 'System' Date/Time: 29/05/2019 10:26:57 AM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.
Log: 'System' Date/Time: 29/05/2019 10:10:26 AM
Type: Warning Category: 0
Event: 17 Source: Microsoft-Windows-WHEA-Logger
A corrected hardware error has occurred. Component: PCI Express Root Port Error Source: Advanced Error Reporting (PCI Express) Bus:Device:Function: 0x0:0x1c:0x0 Vendor ID:Device ID: 0x8086:0xa114 Class Code: 0x30400 The details view of this entry contains further information.
Log: 'System' Date/Time: 29/05/2019 9:49:05 AM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.
Log: 'System' Date/Time: 29/05/2019 9:35:52 AM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.
Log: 'System' Date/Time: 29/05/2019 9:22:42 AM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.
Log: 'System' Date/Time: 29/05/2019 9:22:39 AM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.
Log: 'System' Date/Time: 29/05/2019 9:02:04 AM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\DR1 during a paging operation.
=================================================== <VEW_application.txt> 8:28 PM 5/29/2019 ==========================
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 29/05/2019 8:02:05 PM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 29/05/2019 6:25:16 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND
TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003.
Events cannot be delivered through this filter until the problem is corrected.
Log: 'Application' Date/Time: 29/05/2019 2:25:02 PM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program UltraFileSearchLite.exe version 4.9.0.17037 stopped interacting with Windows and was closed. To see if more
information about the problem is available, check the problem history in the Action Center control panel. Process ID: 173c
Start Time: 01d51629afd141d1 Termination Time: 10 Application Path: C:\Program Files (x86)\Stegisoft\UltraFileSearch Lite
\UltraFileSearchLite.exe Report Id:
Log: 'Application' Date/Time: 28/05/2019 7:29:28 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND
TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003.
Events cannot be delivered through this filter until the problem is corrected.
Log: 'Application' Date/Time: 28/05/2019 6:56:29 PM
Type: Error Category: 0
Event: 8193 Source: System Restore
Failed to create restore point (Process = C:\Windows\servicing\TrustedInstaller.exe; Description = Windows Modules
Installer; Error = 0x81000101).
Log: 'Application' Date/Time: 28/05/2019 6:46:22 PM
Type: Error Category: 0
Event: 8193 Source: System Restore
Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error =
0x81000101).
Log: 'Application' Date/Time: 28/05/2019 6:23:21 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND
TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003.
Events cannot be delivered through this filter until the problem is corrected.
Log: 'Application' Date/Time: 28/05/2019 6:18:17 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND
TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003.
Events cannot be delivered through this filter until the problem is corrected.
Log: 'Application' Date/Time: 28/05/2019 6:00:11 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND
TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003.
Events cannot be delivered through this filter until the problem is corrected.
Log: 'Application' Date/Time: 28/05/2019 4:04:21 PM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program firefox.exe version 66.0.5.7066 stopped interacting with Windows and was closed. To see if more information
about the problem is available, check the problem history in the Action Center control panel. Process ID: 1b40 Start Time:
01d5156de3730c2a Termination Time: 16222 Application Path: C:\Program Files\Mozilla Firefox\firefox.exe Report Id:
Log: 'Application' Date/Time: 28/05/2019 3:04:26 PM
Type: Error Category: 3
Event: 3100 Source: Microsoft-Windows-Search
Unable to initialize the filter host process. Terminating.
Details:
This operation returned because the timeout period
expired. (HRESULT : 0x800705b4) (0x800705b4)
Log: 'Application' Date/Time: 28/05/2019 3:02:32 PM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program firefox.exe version 66.0.5.7066 stopped interacting with Windows and was closed. To see if more information
about the problem is available, check the problem history in the Action Center control panel. Process ID: f8c Start Time:
01d5155b1e3216ca Termination Time: 60000 Application Path: C:\Program Files\Mozilla Firefox\firefox.exe Report Id:
Log: 'Application' Date/Time: 28/05/2019 1:16:07 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND
TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003.
Events cannot be delivered through this filter until the problem is corrected.
Log: 'Application' Date/Time: 28/05/2019 1:12:12 PM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program wpwin9.exe version 9.0.0.528 stopped interacting with Windows and was closed. To see if more information about
the problem is available, check the problem history in the Action Center control panel. Process ID: 484 Start Time:
01d5155698f99d68 Termination Time: 60000 Application Path: C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs
\wpwin9.exe Report Id:
Log: 'Application' Date/Time: 28/05/2019 12:35:29 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND
TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003.
Events cannot be delivered through this filter until the problem is corrected.
Log: 'Application' Date/Time: 28/05/2019 12:20:35 PM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program i_view64.exe version 4.52.0.0 stopped interacting with Windows and was closed. To see if more information about
the problem is available, check the problem history in the Action Center control panel. Process ID: 1fe4 Start Time:
01d5154f5a285510 Termination Time: 60000 Application Path: C:\Program Files\IrfanView\i_view64.exe Report Id:
Log: 'Application' Date/Time: 28/05/2019 12:20:08 PM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program explorer.exe version 6.1.7601.17514 stopped interacting with Windows and was closed. To see if more information
about the problem is available, check the problem history in the Action Center control panel. Process ID: 25e8 Start Time:
01d514aea0c66800 Termination Time: 60000 Application Path: C:\Windows\explorer.exe Report Id:
Log: 'Application' Date/Time: 27/05/2019 5:07:15 PM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program explorer.exe version 6.1.7601.17514 stopped interacting with Windows and was closed. To see if more information
about the problem is available, check the problem history in the Action Center control panel. Process ID: 2390 Start Time:
01d5147b5ccbf120 Termination Time: 2700 Application Path: C:\Windows\explorer.exe Report Id:
Log: 'Application' Date/Time: 27/05/2019 11:04:33 AM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program i_view64.exe version 4.52.0.0 stopped interacting with Windows and was closed. To see if more information about
the problem is available, check the problem history in the Action Center control panel. Process ID: 1ec0 Start Time:
01d5147b1d91b940 Termination Time: 60000 Application Path: C:\Program Files\IrfanView\i_view64.exe Report Id:
Log: 'Application' Date/Time: 27/05/2019 11:04:33 AM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program i_view64.exe version 4.52.0.0 stopped interacting with Windows and was closed. To see if more information about
the problem is available, check the problem history in the Action Center control panel. Process ID: 920 Start Time:
01d5147b39eb6a00 Termination Time: 60000 Application Path: C:\Program Files\IrfanView\i_view64.exe Report Id:
Log: 'Application' Date/Time: 27/05/2019 11:01:14 AM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program Explorer.EXE version 6.1.7601.17514 stopped interacting with Windows and was closed. To see if more information
about the problem is available, check the problem history in the Action Center control panel. Process ID: 9e4 Start Time:
01d5109399572602 Termination Time: 59595 Application Path: C:\Windows\Explorer.EXE Report Id:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 29/05/2019 6:14:52 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The
applications or services that hold your registry file may not function properly afterwards. DETAIL - 93 user registry
handles leaked from \Registry\User\S-1-5-21-956995889-4081865807-2724082783-1000_Classes:
Process 1340 (\Device
\HarddiskVolume3\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE) has opened key \REGISTRY\USER\S-1-5-21-
956995889-4081865807-2724082783-1000_CLASSES
Process 1484 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast
\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES
Process 5908 (\Device
\HarddiskVolume3\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE) has opened key \REGISTRY\USER\S-1-5-21-
956995889-4081865807-2724082783-1000_CLASSES
Process 5908 (\Device\HarddiskVolume3\Program Files (x86)\Microsoft Office
\Office12\WINWORD.EXE) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES
Process 1340
(\Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE) has opened key \REGISTRY\USER\S-1-5-21-
956995889-4081865807-2724082783-1000_CLASSES
Process 3620 (\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect
Office 2000\programs\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local
Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\161\Shell
Process 3620 (\Device\HarddiskVolume3\Program Files (x86)\Corel
\WordPerfect Office 2000\programs\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-
1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\161\Shell
Process 5908 (\Device\HarddiskVolume3\Program
Files (x86)\Microsoft Office\Office12\WINWORD.EXE) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-
1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\12\Shell
Process 5908 (\Device\HarddiskVolume3\Program
Files (x86)\Microsoft Office\Office12\WINWORD.EXE) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-
1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\12\Shell
Process 1340 (\Device\HarddiskVolume3\Program
Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-
1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\12\Shell
Process 1340 (\Device\HarddiskVolume3\Program
Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-
1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\12\Shell
Process 3620 (\Device\HarddiskVolume3\Program
Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-
2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\1473\Shell
Process 3620 (\Device
\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5
-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\1473\Shell
Process 3620
(\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe) has opened key \REGISTRY
\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\1473\Shell
Process 3620 (\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe) has opened key
\REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags
\1473\Shell
Process 1340 (\Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE) has opened key
\REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags
\21\Shell
Process 1340 (\Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE) has opened key
\REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags
\21\Shell
Process 5908 (\Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE) has opened key
\REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\WOW6432NODE\CLSID
Process 1340 (\Device
\HarddiskVolume3\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE) has opened key \REGISTRY\USER\S-1-5-21-
956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\11\ComDlg\{B3690E58-E961-
423B-B687-386EBFD83239}
Process 1340 (\Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE) has
opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows
\Shell\Bags\11\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}
Process 5908 (\Device\HarddiskVolume3\Program Files
(x86)\Microsoft Office\Office12\WINWORD.EXE) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-
1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\11\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}
Process
5908 (\Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE) has opened key \REGISTRY\USER\S-1-
5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\11\ComDlg\{B3690E58-
E961-423B-B687-386EBFD83239}
Process 5908 (\Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE)
has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT
\Windows\Shell\Bags\AllFolders\Shell
Process 3620 (\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office
2000\programs\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local
Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\AllFolders\Shell
Process 3620 (\Device\HarddiskVolume3\Program Files
(x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-
2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\AllFolders\Shell
Process 3620 (\Device
\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5
-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\AllFolders\Shell
Process 3620 (\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe) has opened key
\REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags
\AllFolders\Shell
Process 3620 (\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs
\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE
\MICROSOFT\Windows\Shell\Bags\AllFolders\Shell
Process 3620 (\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect
Office 2000\programs\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local
Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\AllFolders\Shell
Process 5908 (\Device\HarddiskVolume3\Program Files
(x86)\Microsoft Office\Office12\WINWORD.EXE) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-
1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\AllFolders\Shell
Process 3620 (\Device
\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5
-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\AllFolders\Shell
Process 3596 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-
2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\AllFolders\Shell
Process 1340 (\Device
\HarddiskVolume3\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE) has opened key \REGISTRY\USER\S-1-5-21-
956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\AllFolders\Shell
Process
1340 (\Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE) has opened key \REGISTRY\USER\S-1-
5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\AllFolders\Shell
Process 1340 (\Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE) has opened key \REGISTRY
\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\AllFolders
\Shell
Process 1340 (\Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE) has opened key
\REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags
\AllFolders\Shell
Process 3620 (\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs
\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE
\MICROSOFT\Windows\Shell\Bags\AllFolders\Shell
Process 3596 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key
\REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags
\AllFolders\Shell
Process 3596 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-
956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\AllFolders\Shell
Process
3596 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-
1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\AllFolders\Shell
Process 1340 (\Device
\HarddiskVolume3\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE) has opened key \REGISTRY\USER\S-1-5-21-
956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\21\ComDlg\{5C4F28B5-F869-
4E84-8E60-F11DB97C5CC7}
Process 1340 (\Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE) has
opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows
\Shell\Bags\21\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Process 3596 (\Device\HarddiskVolume3\Windows\explorer.exe) has
opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows
\Shell\Bags\829\Shell\{B3690E58-E961-423B-B687-386EBFD83239}
Process 3596 (\Device\HarddiskVolume3\Windows\explorer.exe) has
opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows
\Shell\Bags\829\Shell\{B3690E58-E961-423B-B687-386EBFD83239}
Process 5908 (\Device\HarddiskVolume3\Program Files
(x86)\Microsoft Office\Office12\WINWORD.EXE) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-
1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell
Process 3596 (\Device\HarddiskVolume3\Windows\explorer.exe) has
opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows
\Shell
Process 1340 (\Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE) has opened key
\REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell
Process
3620 (\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe) has opened key
\REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell
Process
5908 (\Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE) has opened key \REGISTRY\USER\S-1-
5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\11\Shell
Process 5908
(\Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE) has opened key \REGISTRY\USER\S-1-5-21-
956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\11\Shell
Process 3596
(\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-
1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\11\Shell
Process 3596 (\Device\HarddiskVolume3\Windows
\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE
\MICROSOFT\Windows\Shell\Bags\11\Shell
Process 3596 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY
\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\11\Shell
Process 3596 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-
2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\11\Shell
Process 1340 (\Device
\HarddiskVolume3\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE) has opened key \REGISTRY\USER\S-1-5-21-
956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\11\Shell
Process 1340
(\Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE) has opened key \REGISTRY\USER\S-1-5-21-
956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\11\Shell
Process 1340
(\Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE) has opened key \REGISTRY\USER\S-1-5-21-
956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\9\Shell
Process 1340
(\Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE) has opened key \REGISTRY\USER\S-1-5-21-
956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\9\Shell
Process 3596
(\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-
1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\9\Shell
Process 3596 (\Device\HarddiskVolume3\Windows
\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE
\MICROSOFT\Windows\Shell\Bags\9\Shell
Process 3620 (\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office
2000\programs\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local
Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\9\Shell
Process 3620 (\Device\HarddiskVolume3\Program Files (x86)\Corel
\WordPerfect Office 2000\programs\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-
1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\9\Shell
Process 5908 (\Device\HarddiskVolume3\Program Files
(x86)\Microsoft Office\Office12\WINWORD.EXE) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-
1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Process
5908 (\Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE) has opened key \REGISTRY\USER\S-1-
5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-
F869-4E84-8E60-F11DB97C5CC7}
Process 1340 (\Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE)
has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT
\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Process 1340 (\Device\HarddiskVolume3\Program Files
(x86)\Microsoft Office\Office12\OUTLOOK.EXE) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-
1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Process
5908 (\Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE) has opened key \REGISTRY\USER\S-1-
5-21-956995889-4081865807-2724082783-1000_CLASSES\.html
Process 5908 (\Device\HarddiskVolume3\Program Files (x86)\Microsoft
Office\Office12\WINWORD.EXE) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\.htm
Process
1340 (\Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE) has opened key \REGISTRY\USER\S-1-
5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-
F869-4E84-8E60-F11DB97C5CC7}
Process 1340 (\Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE)
has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT
\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Process 3620 (\Device\HarddiskVolume3\Program Files
(x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-
2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\1540\Shell
Process 3620 (\Device
\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5
-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\1540\Shell
Process 3620
(\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe) has opened key \REGISTRY
\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\1540\Shell
Process 3620 (\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe) has opened key
\REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags
\1540\Shell
Process 3620 (\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe) has
opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows
\Shell\Bags\1540\Shell
Process 3620 (\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs
\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE
\MICROSOFT\Windows\Shell\Bags\1540\Shell
Process 5908 (\Device\HarddiskVolume3\Program Files (x86)\Microsoft Office
\Office12\WINWORD.EXE) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings
\SOFTWARE\MICROSOFT\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-
EC83085F08CC}
Process 5908 (\Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE) has opened key
\REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags
\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}
Process 3596 (\Device
\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES
\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\12\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Process 3596 (\Device
\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES
\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\12\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Process 3620 (\Device
\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5
-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\162\Shell
Process 3620
(\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe) has opened key \REGISTRY
\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\162\Shell
Process 5908 (\Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE) has opened key \REGISTRY
\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\355\ComDlg
Process 5908 (\Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE) has opened key \REGISTRY
\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\355\ComDlg
Process 5908 (\Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE) has opened key \REGISTRY
\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\355\ComDlg
Process 3596 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-
2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\829\Shell
Process 3596 (\Device
\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES
\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\829\Shell
Process 1340 (\Device\HarddiskVolume3\Program Files
(x86)\Microsoft Office\Office12\OUTLOOK.EXE) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-
1000_CLASSES\MIME\Database
Process 3596 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-
21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\11\Shell\{B3690E58-
E961-423B-B687-386EBFD83239}
Process 3596 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5
-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\11\Shell\{B3690E58-
E961-423B-B687-386EBFD83239}
Process 3596 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5
-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\Bags\11\Shell\{B3690E58-
E961-423B-B687-386EBFD83239}
Process 3596 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5
-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\MuiCache
Process 3620
(\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe) has opened key \REGISTRY
\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\SOFTWARE\MICROSOFT\Windows\Shell\MuiCache
Log: 'Application' Date/Time: 29/05/2019 6:14:52 PM
Type: Warning Category: 0
Event: 6006 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> took 155 second(s) to handle the notification event (Logoff).
Log: 'Application' Date/Time: 29/05/2019 6:13:16 PM
Type: Warning Category: 0
Event: 6005 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> is taking long time to handle the notification event (Logoff).
Log: 'Application' Date/Time: 28/05/2019 7:50:28 PM
Type: Warning Category: 3
Event: 10023 Source: Microsoft-Windows-Search
The protocol host process 6544 did not respond and is being forcibly terminated {filter host process 5496}.
Log: 'Application' Date/Time: 28/05/2019 7:36:04 PM
Type: Warning Category: 0
Event: 6006 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <TrustedInstaller> took 338 second(s) to handle the notification event (CreateSession).
Log: 'Application' Date/Time: 28/05/2019 7:31:26 PM
Type: Warning Category: 0
Event: 6005 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <TrustedInstaller> is taking long time to handle the notification event
(CreateSession).
Log: 'Application' Date/Time: 28/05/2019 7:21:20 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The
applications or services that hold your registry file may not function properly afterwards. DETAIL - 14 user registry
handles leaked from \Registry\User\S-1-5-21-956995889-4081865807-2724082783-1000_Classes:
Process 2176 (\Device
\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES
Process 2176 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-
2724082783-1000_CLASSES
Process 2176 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-
956995889-4081865807-2724082783-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell
Process
2176 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-
1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell
Process 2176 (\Device
\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES
\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell
Process 2176 (\Device\HarddiskVolume3\Windows
\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\Software
\Microsoft\Windows\Shell\Bags\AllFolders\Shell
Process 2176 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key
\REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags
\829\Shell\{B3690E58-E961-423B-B687-386EBFD83239}
Process 2176 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key
\REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags
\829\Shell\{B3690E58-E961-423B-B687-386EBFD83239}
Process 2176 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key
\REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell
Process
2176 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-
1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel
Process
2176 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-
1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\829\Shell
Process 2176 (\Device\HarddiskVolume3\Windows
\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\Software
\Microsoft\Windows\Shell\Bags\829\Shell
Process 2176 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY
\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\4643\Shell
\{DE4F0660-FA10-4B8F-A494-068B20B22307}
Process 2176 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY
\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\4643\Shell
\{DE4F0660-FA10-4B8F-A494-068B20B22307}
Log: 'Application' Date/Time: 28/05/2019 7:21:20 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The
applications or services that hold your registry file may not function properly afterwards. DETAIL - 25 user registry
handles leaked from \Registry\User\S-1-5-21-956995889-4081865807-2724082783-1000:
Process 2176 (\Device
\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000
Process
1324 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-
956995889-4081865807-2724082783-1000
Process 1324 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe)
has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000
Process 1324 (\Device\HarddiskVolume3\Program
Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000
Process
2176 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-
1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
Process 2176 (\Device\HarddiskVolume3\Windows
\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software
Process 2176 (\Device
\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software
\Microsoft\Windows\CurrentVersion\Ext\Settings\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}
Process 2176 (\Device
\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software
\Microsoft\Internet Explorer\Main\WindowsSearch
Process 2176 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key
\REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings
\{AA58ED58-01DD-4D91-8333-CF10577473F7}
Process 2176 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY
\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist
\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
Process 2176 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key
\REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
Process 2176 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-
2724082783-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 2176 (\Device
\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software
\Microsoft\Windows\CurrentVersion\Internet Settings
Process 2176 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened
key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Windows\CurrentVersion\Internet
Settings
Process 2176 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-
4081865807-2724082783-1000\Software\Microsoft\Windows\Shell\Bags\1\Desktop
Process 2176 (\Device\HarddiskVolume3\Windows
\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Internet
Explorer\Main\FeatureControl
Process 2176 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5
-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 2176 (\Device
\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software
\Microsoft\Windows\CurrentVersion\Explorer
Process 2176 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key
\REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings
\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}
Process 2176 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY
\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Windows NT\CurrentVersion
Process 2176 (\Device
\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software
\Microsoft\Windows\Shell
Process 2176 (\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-
956995889-4081865807-2724082783-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Process 2176
(\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-
1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count
Process 2176
(\Device\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-
1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Process 2176 (\Device
\HarddiskVolume3\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software
\Policies
Log: 'Application' Date/Time: 28/05/2019 7:10:41 PM
Type: Warning Category: 3
Event: 10023 Source: Microsoft-Windows-Search
The protocol host process 8020 did not respond and is being forcibly terminated {filter host process 6504}.
Log: 'Application' Date/Time: 28/05/2019 7:03:41 PM
Type: Warning Category: 3
Event: 10023 Source: Microsoft-Windows-Search
The protocol host process 2460 did not respond and is being forcibly terminated {filter host process 7072}.
Log: 'Application' Date/Time: 28/05/2019 6:49:55 PM
Type: Warning Category: 3
Event: 10024 Source: Microsoft-Windows-Search
The filter host process 1676 did not respond and is being forcibly terminated.
Log: 'Application' Date/Time: 28/05/2019 6:49:25 PM
Type: Warning Category: 3
Event: 10023 Source: Microsoft-Windows-Search
The protocol host process 2944 did not respond and is being forcibly terminated {filter host process 1676}.
Log: 'Application' Date/Time: 28/05/2019 6:42:25 PM
Type: Warning Category: 3
Event: 10024 Source: Microsoft-Windows-Search
The filter host process 7232 did not respond and is being forcibly terminated.
Log: 'Application' Date/Time: 28/05/2019 6:41:55 PM
Type: Warning Category: 3
Event: 10023 Source: Microsoft-Windows-Search
The protocol host process 6920 did not respond and is being forcibly terminated {filter host process 7232}.
Log: 'Application' Date/Time: 28/05/2019 6:20:32 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The
applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry
handles leaked from \Registry\User\S-1-5-21-956995889-4081865807-2724082783-1000_Classes:
Process 3840 (\Device
\HarddiskVolume3\Program Files\Synaptics\SynTP\SynTPEnh.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-
2724082783-1000_CLASSES
Process 3840 (\Device\HarddiskVolume3\Program Files\Synaptics\SynTP\SynTPEnh.exe) has opened key
\REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES
Log: 'Application' Date/Time: 28/05/2019 6:20:31 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The
applications or services that hold your registry file may not function properly afterwards. DETAIL - 18 user registry
handles leaked from \Registry\User\S-1-5-21-956995889-4081865807-2724082783-1000:
Process 1312 (\Device
\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-
4081865807-2724082783-1000
Process 1312 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened
key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000
Process 3412 (\Device\HarddiskVolume3\Program Files
\Synaptics\SynTP\SynTPEnh.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000
Process 3840
(\Device\HarddiskVolume3\Program Files\Synaptics\SynTP\SynTPEnh.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-
4081865807-2724082783-1000
Process 3412 (\Device\HarddiskVolume3\Program Files\Synaptics\SynTP\SynTPEnh.exe) has opened key
\REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Synaptics\SynTP
Process 3840 (\Device
\HarddiskVolume3\Program Files\Synaptics\SynTP\SynTPEnh.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-
2724082783-1000\Software
Process 3840 (\Device\HarddiskVolume3\Program Files\Synaptics\SynTP\SynTPEnh.exe) has opened key
\REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Internet Explorer\Main
Process 3840 (\Device
\HarddiskVolume3\Program Files\Synaptics\SynTP\SynTPEnh.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-
2724082783-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
Process 3840 (\Device\HarddiskVolume3\Program
Files\Synaptics\SynTP\SynTPEnh.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software
\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 3840 (\Device\HarddiskVolume3\Program Files\Synaptics
\SynTP\SynTPEnh.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Windows
\CurrentVersion\Internet Settings
Process 3840 (\Device\HarddiskVolume3\Program Files\Synaptics\SynTP\SynTPEnh.exe) has
opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Internet Explorer\Main
\FeatureControl
Process 3412 (\Device\HarddiskVolume3\Program Files\Synaptics\SynTP\SynTPEnh.exe) has opened key \REGISTRY
\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 3840 (\Device
\HarddiskVolume3\Program Files\Synaptics\SynTP\SynTPEnh.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-
2724082783-1000\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 3412 (\Device\HarddiskVolume3\Program Files
\Synaptics\SynTP\SynTPEnh.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software
\Microsoft\Windows NT\CurrentVersion
Process 3840 (\Device\HarddiskVolume3\Program Files\Synaptics\SynTP\SynTPEnh.exe) has
opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Windows NT\CurrentVersion
Process
3412 (\Device\HarddiskVolume3\Program Files\Synaptics\SynTP\SynTPEnh.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-
4081865807-2724082783-1000\Control Panel\Mouse
Process 3840 (\Device\HarddiskVolume3\Program Files\Synaptics\SynTP
\SynTPEnh.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Windows
\CurrentVersion\Internet Settings\ZoneMap
Process 3840 (\Device\HarddiskVolume3\Program Files\Synaptics\SynTP\SynTPEnh.exe)
has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Policies
Log: 'Application' Date/Time: 28/05/2019 5:49:47 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The
applications or services that hold your registry file may not function properly afterwards. DETAIL - 18 user registry
handles leaked from \Registry\User\S-1-5-21-956995889-4081865807-2724082783-1000_Classes:
Process 4556 (\Device
\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5
-21-956995889-4081865807-2724082783-1000_CLASSES
Process 4556 (\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect
Office 2000\programs\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES
Process
4556 (\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe) has opened key
\REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags
\AllFolders\Shell
Process 4556 (\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs
\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\Software
\Microsoft\Windows\Shell\Bags\AllFolders\Shell
Process 4556 (\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect
Office 2000\programs\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local
Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell
Process 4556 (\Device\HarddiskVolume3\Program Files
(x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-
2724082783-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell
Process 4556 (\Device
\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5
-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell
Process 4556 (\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe) has opened key
\REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell
Process
4556 (\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe) has opened key
\REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags
\11\Shell
Process 4556 (\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe) has
opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\Software\Microsoft\Windows
\Shell\Bags\11\Shell
Process 4556 (\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs
\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\Software
\Microsoft\Windows\Shell\Bags\3735\Shell
Process 4556 (\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office
2000\programs\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local
Settings\Software\Microsoft\Windows\Shell\Bags\3735\Shell
Process 4556 (\Device\HarddiskVolume3\Program Files (x86)\Corel
\WordPerfect Office 2000\programs\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-
1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell
Process 4556 (\Device\HarddiskVolume3\Program Files
(x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-
2724082783-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell
Process 4556 (\Device
\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5
-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\221\Shell
Process 4556
(\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe) has opened key \REGISTRY
\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\221\Shell
Process 4556 (\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe) has opened key
\REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags
\3684\Shell
Process 4556 (\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe) has
opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000_CLASSES\Local Settings\Software\Microsoft\Windows
\Shell\Bags\3684\Shell
Log: 'Application' Date/Time: 28/05/2019 5:49:46 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The
applications or services that hold your registry file may not function properly afterwards. DETAIL - 19 user registry
handles leaked from \Registry\User\S-1-5-21-956995889-4081865807-2724082783-1000:
Process 4556 (\Device
\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5
-21-956995889-4081865807-2724082783-1000
Process 1280 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast
\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000
Process 1280 (\Device
\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-
4081865807-2724082783-1000
Process 1280 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened
key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\5.0\Cache
Process 1280 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key
\REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software
Process 4556 (\Device\HarddiskVolume3\Program Files
(x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-
2724082783-1000\Software\Corel\WritingTools\9\Main Word Lists\US
Process 1280 (\Device\HarddiskVolume3\Program Files\AVAST
Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft
\Internet Explorer\Main
Process 4556 (\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs
\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Corel\WordPerfect
\9\Writing Tools
Process 4556 (\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe)
has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Windows\CurrentVersion
\Explorer\FileExts
Process 4556 (\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs
\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Corel\PerfectScript
\9\Commands\WordPerfect
Process 1280 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key
\REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1280 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-
21-956995889-4081865807-2724082783-1000\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows
Policy to modify. See aka.ms/browserpolicy
Process 4556 (\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office
2000\programs\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Corel
\WritingTools\9\Grammatik\US
Process 4556 (\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office
2000\programs\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Corel
\Conversions\9\CodePageData\EN
Process 4556 (\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office
2000\programs\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft
\Windows\CurrentVersion\Explorer
Process 4556 (\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office
2000\programs\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Microsoft
\Windows NT\CurrentVersion
Process 4556 (\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs
\wpwin9.exe) has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Corel\WritingTools
\9\Thesaurus\US
Process 4556 (\Device\HarddiskVolume3\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe)
has opened key \REGISTRY\USER\S-1-5-21-956995889-4081865807-2724082783-1000\Software\Corel\WordPerfect\9\Third Party
Process
1280 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-
956995889-4081865807-2724082783-1000\Software\Policies
Log: 'Application' Date/Time: 28/05/2019 5:44:33 PM
Type: Warning Category: 3
Event: 10024 Source: Microsoft-Windows-Search
The filter host process 8152 did not respond and is being forcibly terminated.
Log: 'Application' Date/Time: 28/05/2019 5:44:03 PM
Type: Warning Category: 3
Event: 10023 Source: Microsoft-Windows-Search
The protocol host process 7800 did not respond and is being forcibly terminated {filter host process 8152}.
I hope I did not miss anything. Thank you very much!!
Boris