Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Can't install Win7 SP1 for x64 (KB976932)

25 Mar 2011   #11

Windows Vista HP 64-bit, Windows 7 P 64-bit, Leopard 10.5.8, Windows 7 P 32-bit
 
 

I've run Restore several times, and have also checked the disk for errors several times, so the whole history of crashes may not be there, but here it is. Thanks for the help:

Quote:
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 26/03/2011 12:45:56 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 26/03/2011 4:31:17 AM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Program Files (x86)\Acronis\TrueImageHome\BartPE\Files\TrueImage.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 26/03/2011 4:30:59 AM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Program Files (x86)\Common Files\Acronis\DiskDirector\WinPE\Files\mmsBundle.dll". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 26/03/2011 4:30:56 AM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Program Files (x86)\Common Files\Acronis\DiskDirector\WinPE\Files\ManagementConsole.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 26/03/2011 4:30:48 AM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Program Files (x86)\Common Files\Acronis\DiskDirector\WinPE\Files\RecoveryExpert.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 26/03/2011 4:30:25 AM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Program Files (x86)\Common Files\Acronis\DiskDirector\WinPE\Files\systeminfo.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 26/03/2011 4:06:35 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: mcbuilder.exe, version: 6.1.7601.17514, time stamp: 0x4ce793fe Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c8f9 Exception code: 0xc0000374 Fault offset: 0x00000000000c40f2 Faulting process id: 0xd90 Faulting application start time: 0x01cbeb6b2f098ff7 Faulting application path: C:\Windows\system32\mcbuilder.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 70267ef4-575e-11e0-a38f-485b39c9e9c0

Log: 'Application' Date/Time: 26/03/2011 12:12:31 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: sump.exe, version: 4.2.7.4, time stamp: 0x4918019c Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7ba58 Exception code: 0xc0000005 Fault offset: 0x0002e3fb Faulting process id: 0x1abc Faulting application start time: 0x01cbeb4a3158348a Faulting application path: C:\Program Files (x86)\Uniblue\SpeedUpMyPC\sump.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id: bda9f2ef-573d-11e0-afb5-485b39c9e9c0

Log: 'Application' Date/Time: 26/03/2011 12:12:31 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: driverscanner.exe, version: 2.2.3.7, time stamp: 0x4918019c Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x1e01fd21 Faulting process id: 0x530 Faulting application start time: 0x01cbeb4a7ed4d99e Faulting application path: C:\Program Files (x86)\Uniblue\DriverScanner\driverscanner.exe Faulting module path: unknown Report Id: bda8935a-573d-11e0-afb5-485b39c9e9c0

Log: 'Application' Date/Time: 26/03/2011 12:06:35 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1 Faulting module name: sysmain.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c9db Exception code: 0xc0000005 Fault offset: 0x00000000000032df Faulting process id: 0xf34 Faulting application start time: 0x01cbeb445f8ae5f9 Faulting application path: C:\Windows\system32\svchost.exe Faulting module path: c:\windows\system32\sysmain.dll Report Id: e969a672-573c-11e0-afb5-485b39c9e9c0

Log: 'Application' Date/Time: 25/03/2011 11:42:26 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: svchost.exe_WerSvc, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1 Faulting module name: wer.dll, version: 6.1.7600.16385, time stamp: 0x4a5be081 Exception code: 0xc0000005 Fault offset: 0x000000000005a0e0 Faulting process id: 0x158c Faulting application start time: 0x01cbeb464b7960c4 Faulting application path: C:\Windows\System32\svchost.exe Faulting module path: C:\Windows\System32\wer.dll Report Id: 8997d197-5739-11e0-afb5-485b39c9e9c0

Log: 'Application' Date/Time: 25/03/2011 11:42:25 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: lxebcoms.exe, version: 9.2.33.0, time stamp: 0x4b200765 Faulting module name: lxebhcp.dll_unloaded, version: 0.0.0.0, time stamp: 0x4b20079e Exception code: 0xc0000005 Fault offset: 0x000000006a04b0d0 Faulting process id: 0x894 Faulting application start time: 0x01cbeb3db94f993c Faulting application path: C:\Windows\system32\lxebcoms.exe Faulting module path: lxebhcp.dll Report Id: 892d0047-5739-11e0-afb5-485b39c9e9c0

Log: 'Application' Date/Time: 25/03/2011 11:27:39 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1 Faulting module name: sysmain.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c9db Exception code: 0xc0000005 Fault offset: 0x00000000000170c2 Faulting process id: 0x1a28 Faulting application start time: 0x01cbeb443993b6e9 Faulting application path: C:\Windows\system32\svchost.exe Faulting module path: c:\windows\system32\sysmain.dll Report Id: 7912f568-5737-11e0-afb5-485b39c9e9c0

Log: 'Application' Date/Time: 25/03/2011 11:26:32 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1 Faulting module name: sysmain.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c9db Exception code: 0xc0000005 Fault offset: 0x00000000000089dc Faulting process id: 0x4c8 Faulting application start time: 0x01cbeb3da64830fb Faulting application path: C:\Windows\System32\svchost.exe Faulting module path: c:\windows\system32\sysmain.dll Report Id: 51335021-5737-11e0-afb5-485b39c9e9c0

Log: 'Application' Date/Time: 25/03/2011 10:05:32 PM
Type: Error Category: 1
Event: 7042 Source: Microsoft-Windows-Search
The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. 0xc0041801 (0xc0041801)


Log: 'Application' Date/Time: 25/03/2011 10:05:32 PM
Type: Error Category: 1
Event: 7040 Source: Microsoft-Windows-Search
The search service has detected corrupted data files in the index {id=4300}. The service will attempt to automatically correct this problem by rebuilding the index.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. 0xc0041801 (0xc0041801)


Log: 'Application' Date/Time: 25/03/2011 9:45:00 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: VideoReDo4.exe, version: 4.20.6.610, time stamp: 0x4ce589e3 Faulting module name: mc_mux_mp4.dll, version: 8.7.0.28412, time stamp: 0x4c8169b0 Exception code: 0xc0000005 Fault offset: 0x0004fa1f Faulting process id: 0xfdc Faulting application start time: 0x01cbeb358672a82a Faulting application path: C:\Program Files (x86)\VideoReDoTVSuite4\VideoReDo4.exe Faulting module path: C:\Program Files (x86)\VideoReDoTVSuite4\mc_mux_mp4.dll Report Id: 2210f208-5729-11e0-be23-485b39c9e9c0

Log: 'Application' Date/Time: 25/03/2011 9:04:55 PM
Type: Error Category: 0
Event: 512 Source: Microsoft-Windows-CAPI2
The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress. .

Log: 'Application' Date/Time: 25/03/2011 8:22:31 PM
Type: Error Category: 3
Event: 215 Source: ESENT
WinMail (4224) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.

Log: 'Application' Date/Time: 25/03/2011 8:22:25 PM
Type: Error Category: 3
Event: 215 Source: ESENT
WinMail (5072) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.

Log: 'Application' Date/Time: 25/03/2011 1:47:57 PM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Program Files (x86)\Acronis\TrueImageHome\BartPE\Files\TrueImage.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 26/03/2011 2:52:45 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <csc://{S-1-5-21-1676719344-2982793480-2128229957-1000}/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
(HRESULT : 0x80004005) (0x80004005)


Log: 'Application' Date/Time: 26/03/2011 12:17:59 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-1676719344-2982793480-2128229957-1000_Classes:
Process 3756 (\Device\HarddiskVolume1\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000_CLASSES


Log: 'Application' Date/Time: 26/03/2011 12:17:58 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 14 user registry handles leaked from \Registry\User\S-1-5-21-1676719344-2982793480-2128229957-1000:
Process 3756 (\Device\HarddiskVolume1\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000
Process 3756 (\Device\HarddiskVolume1\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software
Process 3756 (\Device\HarddiskVolume1\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software
Process 5124 (\Device\HarddiskVolume1\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Control Panel\International
Process 3756 (\Device\HarddiskVolume1\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Process 3756 (\Device\HarddiskVolume1\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Process 3756 (\Device\HarddiskVolume1\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows NT\CurrentVersion\Network\Location Awareness
Process 3756 (\Device\HarddiskVolume1\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Internet Explorer\IETld
Process 3756 (\Device\HarddiskVolume1\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 3756 (\Device\HarddiskVolume1\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 3756 (\Device\HarddiskVolume1\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN
Process 3756 (\Device\HarddiskVolume1\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Policies
Process 3756 (\Device\HarddiskVolume1\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Policies
Process 3756 (\Device\HarddiskVolume1\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings


Log: 'Application' Date/Time: 25/03/2011 11:45:18 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <csc://{S-1-5-21-1676719344-2982793480-2128229957-1002}/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
(HRESULT : 0x80004005) (0x80004005)


Log: 'Application' Date/Time: 25/03/2011 11:45:14 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <iehistory://{S-1-5-21-1676719344-2982793480-2128229957-1002}/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
(HRESULT : 0x80004005) (0x80004005)


Log: 'Application' Date/Time: 25/03/2011 10:16:45 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <csc://{S-1-5-21-1676719344-2982793480-2128229957-1002}/> cannot be accessed.

Context: Windows Application, SystemIndex Catalog

Details:
(HRESULT : 0x80004005) (0x80004005)


Log: 'Application' Date/Time: 25/03/2011 10:16:45 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <csc://{S-1-5-21-1676719344-2982793480-2128229957-1002}/> cannot be accessed.

Context: Windows Application, SystemIndex Catalog

Details:
(HRESULT : 0x80004005) (0x80004005)


Log: 'Application' Date/Time: 25/03/2011 10:16:36 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <iehistory://{S-1-5-21-1676719344-2982793480-2128229957-1002}/> cannot be accessed.

Context: Windows Application, SystemIndex Catalog

Details:
(HRESULT : 0x80004005) (0x80004005)


Log: 'Application' Date/Time: 25/03/2011 10:16:36 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <iehistory://{S-1-5-21-1676719344-2982793480-2128229957-1002}/> cannot be accessed.

Context: Windows Application, SystemIndex Catalog

Details:
(HRESULT : 0x80004005) (0x80004005)


Log: 'Application' Date/Time: 25/03/2011 10:13:01 PM
Type: Warning Category: 1
Event: 1008 Source: Microsoft-Windows-Search
The Windows Search Service is starting up and attempting to remove the old search index {Reason: Index Corruption}.


Log: 'Application' Date/Time: 25/03/2011 9:25:27 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 35 user registry handles leaked from \Registry\User\S-1-5-21-1676719344-2982793480-2128229957-1000:
Process 964 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000
Process 964 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000
Process 1548 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Search Assistant
Process 1548 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce
Process 1548 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows\CurrentVersion\RunServices
Process 1548 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows\ShellNoRoam\MUICache
Process 964 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 1548 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
Process 964 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\SystemCertificates\My
Process 964 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\SystemCertificates\CA
Process 1548 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunServicesOnce
Process 1548 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows
Process 1548 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnceEx
Process 1548 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
Process 1548 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Process 1548 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist
Process 1548 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Process 1548 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Process 7128 (\Device\HarddiskVolume1\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Control Panel\International
Process 1548 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
Process 1548 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce
Process 1548 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows\CurrentVersion\RunServiceOnce
Process 1548 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Internet Explorer
Process 1548 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
Process 1548 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1548 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunServices
Process 1548 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
Process 1548 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows\CurrentVersion\Policies
Process 1548 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
Process 1548 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
Process 1548 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Wow6432Node\Microsoft\Search Assistant
Process 1548 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows\CurrentVersion\RunService
Process 1548 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunService
Process 1548 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunServiceOnce
Process 1548 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows\CurrentVersion\Run


Log: 'Application' Date/Time: 25/03/2011 9:04:55 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 5 user registry handles leaked from \Registry\User\S-1-5-21-1676719344-2982793480-2128229957-1000:
Process 832 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000
Process 832 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000
Process 832 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 832 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\SystemCertificates\My
Process 832 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\SystemCertificates\CA


Log: 'Application' Date/Time: 25/03/2011 9:04:55 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 25/03/2011 9:04:54 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 25/03/2011 8:42:00 PM
Type: Warning Category: 0
Event: 1015 Source: MsiInstaller
Failed to connect to server. Error: 0x8007043C

Log: 'Application' Date/Time: 25/03/2011 8:41:35 PM
Type: Warning Category: 0
Event: 1015 Source: MsiInstaller
Failed to connect to server. Error: 0x8007043C

Log: 'Application' Date/Time: 25/03/2011 8:35:27 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 25/03/2011 8:13:58 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 6 user registry handles leaked from \Registry\User\S-1-5-21-1676719344-2982793480-2128229957-1000:
Process 920 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000
Process 920 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000
Process 920 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 920 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\SystemCertificates\My
Process 920 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\SystemCertificates\CA
Process 1396 (\Device\HarddiskVolume1\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Control Panel\International


Log: 'Application' Date/Time: 25/03/2011 7:40:46 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 30 user registry handles leaked from \Registry\User\S-1-5-21-1676719344-2982793480-2128229957-1000:
Process 4216 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Search Assistant
Process 4216 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce
Process 4216 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows\CurrentVersion\RunServices
Process 4216 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows\ShellNoRoam\MUICache
Process 4216 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
Process 4216 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunServicesOnce
Process 4216 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows
Process 4216 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnceEx
Process 4216 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
Process 4216 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Process 4216 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist
Process 4216 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Process 4216 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Process 4996 (\Device\HarddiskVolume1\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Control Panel\International
Process 4216 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
Process 4216 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce
Process 4216 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows\CurrentVersion\RunServiceOnce
Process 4216 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Internet Explorer
Process 4216 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
Process 4216 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 4216 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunServices
Process 4216 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
Process 4216 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows\CurrentVersion\Policies
Process 4216 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
Process 4216 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
Process 4216 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Wow6432Node\Microsoft\Search Assistant
Process 4216 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows\CurrentVersion\RunService
Process 4216 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunService
Process 4216 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunServiceOnce
Process 4216 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows\CurrentVersion\Run


Log: 'Application' Date/Time: 25/03/2011 6:10:30 PM
Type: Warning Category: 0
Event: 8230 Source: VSS
Volume Shadow Copy Service error: Failed resolving account SYSTEM with status 2226. Check connection to domain controller and VssAccessControl registry key.

Operation:
Initializing Writer

Context:
Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Writer Name: MSSearch Service Writer

Error-specific details:
Error: NetLocalGroupGetMemebers(SYSTEM), 0x800708b2, This operation is only allowed on the primary domain controller of the domain.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 25/03/2011 10:40:16 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 25/03/2011 9:19:09 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 25/03/2011 8:35:00 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 25/03/2011 5:57:10 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 25/03/2011 6:09:45 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 24/03/2011 11:08:49 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 21/03/2011 8:50:14 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 21/03/2011 8:37:51 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 20/03/2011 4:34:58 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 20/03/2011 4:04:51 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 27/01/2011 7:06:14 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 18/10/2010 2:00:02 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 16/10/2010 5:43:42 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 16/10/2010 5:41:10 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 16/10/2010 5:32:54 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 16/10/2010 4:07:38 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 26/09/2010 2:29:35 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 25/09/2010 7:06:40 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 23/09/2010 9:19:34 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 14/09/2010 1:15:12 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 26/03/2011 3:11:53 AM
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 26/03/2011 3:11:49 AM
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 26/03/2011 2:52:12 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The regi service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 26/03/2011 2:52:10 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The lxebCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 26/03/2011 2:52:10 AM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the lxebCATSCustConnectService service to connect.

Log: 'System' Date/Time: 26/03/2011 2:52:08 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The AMPingService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 26/03/2011 2:52:08 AM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the AMPingService service to connect.

Log: 'System' Date/Time: 26/03/2011 12:14:05 AM
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume Mid Birtha.

Log: 'System' Date/Time: 26/03/2011 12:06:36 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Superfetch service terminated unexpectedly. It has done this 3 time(s).

Log: 'System' Date/Time: 25/03/2011 11:44:26 PM
Type: Error Category: 0
Event: 7032 Source: Service Control Manager
The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Error Reporting Service service, but this action failed with the following error: An instance of the service is already running.

Log: 'System' Date/Time: 25/03/2011 11:42:26 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Windows Error Reporting Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Log: 'System' Date/Time: 25/03/2011 11:42:26 PM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The lxeb_device service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 25/03/2011 11:28:36 PM
Type: Error Category: 0
Event: 7032 Source: Service Control Manager
The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Human Interface Device Access service, but this action failed with the following error: An instance of the service is already running.

Log: 'System' Date/Time: 25/03/2011 11:27:40 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Superfetch service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Log: 'System' Date/Time: 25/03/2011 11:26:36 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Log: 'System' Date/Time: 25/03/2011 11:26:36 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Log: 'System' Date/Time: 25/03/2011 11:26:36 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Log: 'System' Date/Time: 25/03/2011 11:26:36 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Remote Desktop Services UserMode Port Redirector service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Log: 'System' Date/Time: 25/03/2011 11:26:36 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Log: 'System' Date/Time: 25/03/2011 11:26:36 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 25/03/2011 10:06:05 PM
Type: Warning Category: 0
Event: 8021 Source: BROWSER
The browser service was unable to retrieve a list of servers from the browser master \\SCOTTGATEWAY on the network \Device\NetBT_Tcpip_{F5FAF3FE-19AB-419A-94F9-C3F7D17910A0}. Browser master: \\SCOTTGATEWAY Network: \Device\NetBT_Tcpip_{F5FAF3FE-19AB-419A-94F9-C3F7D17910A0} This event may be caused by a temporary loss of network connectivity. If this message appears again, verify that the server is still connected to the network. The return code is in the Data text box.

Log: 'System' Date/Time: 25/03/2011 9:04:56 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 25/03/2011 7:40:11 PM
Type: Warning Category: 223
Event: 225 Source: Microsoft-Windows-Kernel-PnP
The application \Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe with process id 4216 stopped the removal or ejection for the device USB\VID_0634&PID_3400\302AC2070835351.

Log: 'System' Date/Time: 25/03/2011 5:58:32 PM
Type: Warning Category: 0
Event: 1 Source: Microsoft-Windows-Kernel-Tm
The Transaction (UOW={4A68E040-5709-11E0-8DC7-485B39C9E9C0}, Description='') was unable to be committed, and instead rolled back; this was due to an error message returned by CLFS while attempting to write a Prepare or Commit record for the Transaction. The CLFS error returned was: 0xc0190052.

Log: 'System' Date/Time: 25/03/2011 6:29:03 AM
Type: Warning Category: 2
Event: 57 Source: Ntfs
The system failed to flush data to the transaction log. Corruption may occur.

Log: 'System' Date/Time: 25/03/2011 6:29:03 AM
Type: Warning Category: 2
Event: 57 Source: Ntfs
The system failed to flush data to the transaction log. Corruption may occur.

Log: 'System' Date/Time: 25/03/2011 6:29:03 AM
Type: Warning Category: 2
Event: 57 Source: Ntfs
The system failed to flush data to the transaction log. Corruption may occur.

Log: 'System' Date/Time: 25/03/2011 6:29:02 AM
Type: Warning Category: 2
Event: 57 Source: Ntfs
The system failed to flush data to the transaction log. Corruption may occur.

Log: 'System' Date/Time: 25/03/2011 6:29:02 AM
Type: Warning Category: 2
Event: 57 Source: Ntfs
The system failed to flush data to the transaction log. Corruption may occur.

Log: 'System' Date/Time: 25/03/2011 6:23:16 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name dns.msftncsi.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 25/03/2011 2:32:23 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name dns.msftncsi.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 25/03/2011 1:47:47 AM
Type: Warning Category: 0
Event: 8021 Source: BROWSER
The browser service was unable to retrieve a list of servers from the browser master \\SCOTTGATEWAY on the network \Device\NetBT_Tcpip_{F5FAF3FE-19AB-419A-94F9-C3F7D17910A0}. Browser master: \\SCOTTGATEWAY Network: \Device\NetBT_Tcpip_{F5FAF3FE-19AB-419A-94F9-C3F7D17910A0} This event may be caused by a temporary loss of network connectivity. If this message appears again, verify that the server is still connected to the network. The return code is in the Data text box.

Log: 'System' Date/Time: 25/03/2011 1:39:56 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 25/03/2011 1:38:36 AM
Type: Warning Category: 0
Event: 8021 Source: BROWSER
The browser service was unable to retrieve a list of servers from the browser master \\SCOTTGATEWAY on the network \Device\NetBT_Tcpip_{F5FAF3FE-19AB-419A-94F9-C3F7D17910A0}. Browser master: \\SCOTTGATEWAY Network: \Device\NetBT_Tcpip_{F5FAF3FE-19AB-419A-94F9-C3F7D17910A0} This event may be caused by a temporary loss of network connectivity. If this message appears again, verify that the server is still connected to the network. The return code is in the Data text box.

Log: 'System' Date/Time: 25/03/2011 12:59:08 AM
Type: Warning Category: 0
Event: 8021 Source: BROWSER
The browser service was unable to retrieve a list of servers from the browser master \\SCOTTGATEWAY on the network \Device\NetBT_Tcpip_{F5FAF3FE-19AB-419A-94F9-C3F7D17910A0}. Browser master: \\SCOTTGATEWAY Network: \Device\NetBT_Tcpip_{F5FAF3FE-19AB-419A-94F9-C3F7D17910A0} This event may be caused by a temporary loss of network connectivity. If this message appears again, verify that the server is still connected to the network. The return code is in the Data text box.

Log: 'System' Date/Time: 23/03/2011 9:10:49 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name www.cjuasaebl.co.cc timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 23/03/2011 3:39:31 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name biscotti.lsops.net timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 23/03/2011 10:30:16 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name dns.msftncsi.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 22/03/2011 4:26:33 PM
Type: Warning Category: 0
Event: 130 Source: Ntfs
The file system structure on volume C: has now been repaired.

Log: 'System' Date/Time: 22/03/2011 4:01:06 PM
Type: Warning Category: 0
Event: 130 Source: Ntfs
The file system structure on volume C: has now been repaired.



My System SpecsSystem Spec
.

26 Mar 2011   #12
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

"The device, \Device\Harddisk0\DR0, has a bad block"

Run PassMark DiskCheckup - SMART hard drive monitoring utility
My System SpecsSystem Spec
26 Mar 2011   #13
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Is this a legit program that you downloaded? VideoReDoTVSuite4
My System SpecsSystem Spec
.


26 Mar 2011   #14

Windows 7 Ultimate x64
 
 

also noteworthy,
Quote:
Log: 'System' Date/Time: 26/03/2011 12:14:05 AM
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume Mid Birtha.
My System SpecsSystem Spec
26 Mar 2011   #15

Windows Vista HP 64-bit, Windows 7 P 64-bit, Leopard 10.5.8, Windows 7 P 32-bit
 
 

Quote   Quote: Originally Posted by Jacee View Post
Is this a legit program that you downloaded? VideoReDoTVSuite4
Yes. Very good video editor, for around $70. Why?
My System SpecsSystem Spec
26 Mar 2011   #16

Windows Vista HP 64-bit, Windows 7 P 64-bit, Leopard 10.5.8, Windows 7 P 32-bit
 
 

Quote   Quote: Originally Posted by Ageeb View Post
also noteworthy,
Quote:
Log: 'System' Date/Time: 26/03/2011 12:14:05 AM
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume Mid Birtha.
I've run chkdsk a total of three times in the last two days. Takes forever. Again, I never noticed a problem with this until I tried to install the SP1. However, it's the only Seagate drive I own. All the rest are Western Digital, so perhaps this is the last one I own. It's actually quite new. Just a few months old.
My System SpecsSystem Spec
26 Mar 2011   #17
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

You have an 'exception' code here 0xc0000005, which some times can mean malware is present.

Also: Error-specific details:
Error: NetLocalGroupGetMemebers(SYSTEM), 0x800708b2, This operation is only allowed on the primary domain controller of the domain

Quote:
What causes 0X800708B2 error?The 0X800708B2 error may be caused by windows registry damage. The corrupted registry entries can be a real threat to the well being of your computer.
There can be many events which may have resulted in the registry errors. An incomplete installation, an incomplete uninstall, improper deletion of applications or hardware. It can also be caused if your computer is recovered from a virus or adware/spyware attack or by an improper shutdown of the computer. All the above actives may result in the deletion or corruption of the entries in the windows registry. This corrupted registry will lead to the missing and wrongly linked information and files needed for the proper working of the application
.

Download Malwarebytes' Anti-Malware to your desktop
|MG| Malwarebytes Anti-Malware 1.50.1 Download
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. Copy and Paste that log into your next reply.
My System SpecsSystem Spec
26 Mar 2011   #18

Vista Home Premium x86 SP2
 
 

Hello!

Unfortunately, I bring bad news.

First, let me translate your error codes:

Code:
C:\Users\Richard>err 80070570
# as an HRESULT: Severity: SUCCESS (0), Facility: 0x4c5, Code 0xc7aa
# as an HRESULT: Severity: FAILURE (1), Facility: 0x7, Code 0x570
# for hex 0x570 / decimal 1392 :
  ERROR_FILE_CORRUPT                                            winerror.h
# The file or directory is corrupted and unreadable.
# 1 matches found for "80070570"

C:\Users\Richard>err 80240016
# as an HRESULT: Severity: SUCCESS (0), Facility: 0x4c8, Code 0x5d90
# as an HRESULT: Severity: FAILURE (1), Facility: 0x24, Code 0x16
# for hex 0x16 / decimal 22 :
  BTH_ERROR_LOCAL_HOST_TERMINATED_CONNECTION                    bthdef.h
  CID_HANDLE_CREATION                                           bugcodes.h
  EVENT_MSCEP_FAIL_GET_CERT_INITIAL                             ceplog.mc
# SCEP GetCertInitial (20) failed (%2).  %3  Please find
# support information at
# http://%1/certsrv/mscep/mscephlp.htm.
  MSG_E_PROCESS_REQUEST_FAILED_WITH_INFO                        certlog.mc
# Certificate Services could not process request %1 due to an
# error: %2.  The request was for %3.  Additional
# information: %4
  CR_NOT_SYSTEM_VM                                              cfgmgr32.h
  LOG_MODULE_TIME                                               clusvmsg.h
  LLC_STATUS_BUFFER_SIZE_EXCEEDED                               dlcapi.h
  HIDP_GETCOLDESC_DEFAULT_ID_ERROR                              hidpddi.h
  IAAPI_NOTCOMPATIBLE                                           iaapi.h
# /* Types are not compatible */
  KDC_ERR_SERVICE_NOTYET                                        kerberr.h
# Server not yet valid - try again later
  RSVP_Err_TC_SYS_ERROR                                         lpmapi.h
# /* Traffic control system error */
  POLICY_ERRV_SUBNET_GRP_FLOW_RATE                              lpmapi.h
  MAPI_DIAG_PICTORIAL_SYMBOL_LOST                               mapidefs.h
  MSIDBERROR_MISSINGDATA                                        msiquery.h
# _Validation table missing reference to column
  NRC_INUSE                                                     nb30.h
# /* name in use on remote adapter              */
  NDDE_SHARE_DATA_CORRUPTED                                     nddeapi.h
  NMERR_BUFFERS_ALREADY_EXIST                                   netmon.h
  ODBC_ERROR_OUTPUT_STRING_TRUNCATED                            odbcinst.h
  OLE_ERROR_DATATYPE,                                           ole.h
# Data format is not supported            */
  MSG_DS_REFERRAL                                               pollog.mc
# The requester's Active Directory object is not in the
# current forest.  Cross forest enrollment is not enabled.
# %1  %2
  TLS1_ALERT_RECORD_OVERFLOW                                    schannel.h
# error
  GE_SSC_ERR_UNKNOWN                                            ssc.h
# /* unrecognized error number detected */
  MSG_CLIENT_COMPUTE_SERVER_DIGEST_FAILED                       w32timemsg.mc
# The time provider NtpServer encountered an error while
# digitally signing the
# NTP response for peer %1.  NtpServer cannot provide secure
# (signed) time to the
# client and will ignore the request.
# The error was: %2
  ERROR_BAD_COMMAND                                             winerror.h
# The device does not recognize the command.
# 24 matches found for "80240016"

C:\Users\Richard>err 800736CC
# as an HRESULT: Severity: FAILURE (1), Facility: 0x7, Code 0x36cc
# for hex 0x36cc / decimal 14028 :
  SQL_14028_severity_16                                         sql_err
# Only user tables, materialized views, and stored procedures
# can be published as 'logbased' articles.
  ERROR_SXS_FILE_HASH_MISMATCH                                  winerror.h
# A component's file does not match the verification
# information present in the
# component manifest.
# 2 matches found for "800736CC"

C:\Users\Richard>
Look at the sections which map from winerror.h:

Code:
C:\Users\Richard>err 80070570
# as an HRESULT: Severity: SUCCESS (0), Facility: 0x4c5, Code 0xc7aa
# as an HRESULT: Severity: FAILURE (1), Facility: 0x7, Code 0x570
# for hex 0x570 / decimal 1392 :
  ERROR_FILE_CORRUPT                                            winerror.h
# The file or directory is corrupted and unreadable.
# 1 matches found for "80070570"

C:\Users\Richard>err 80240016
# as an HRESULT: Severity: SUCCESS (0), Facility: 0x4c8, Code 0x5d90
# as an HRESULT: Severity: FAILURE (1), Facility: 0x24, Code 0x16
# for hex 0x16 / decimal 22 :
  ERROR_BAD_COMMAND                                             winerror.h
# The device does not recognize the command.
# 24 matches found for "80240016"

C:\Users\Richard>err 800736CC
# as an HRESULT: Severity: FAILURE (1), Facility: 0x7, Code 0x36cc
# for hex 0x36cc / decimal 14028 :
  ERROR_SXS_FILE_HASH_MISMATCH                                  winerror.h
# A component's file does not match the verification
# information present in the
# component manifest.
# 2 matches found for "800736CC"

C:\Users\Richard>
The first one is definitely a corrupt file. The second one has several causes, usually a corrupt file, and the third one is definitely a corrupt file.

Now, I shall move onto your Event Log:

Code:
Activation context generation failed for "C:\Program Files  (x86)\Acronis\TrueImageHome\BartPE\Files\TrueImage.exe". Dependent  Assembly  Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"  could not be found. Please use sxstrace.exe for detailed diagnosis.
^^ This basically means that your computer does not have enough Visual C++ Runtimes installed. This is easily fixable.

Code:
Log: 'Application' Date/Time: 26/03/2011 4:06:35 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: mcbuilder.exe, version: 6.1.7601.17514, time  stamp: 0x4ce793fe Faulting module name: ntdll.dll, version:  6.1.7601.17514, time stamp: 0x4ce7c8f9 Exception code: 0xc0000374 Fault  offset: 0x00000000000c40f2 Faulting process id: 0xd90 Faulting  application start time: 0x01cbeb6b2f098ff7 Faulting application path:  C:\Windows\system32\mcbuilder.exe Faulting module path:  C:\Windows\SYSTEM32\ntdll.dll Report Id:  70267ef4-575e-11e0-a38f-485b39c9e9c0
^^ You also have a lot of crashing applications. A possible sign of a corrupt file.

Code:
Log: 'Application' Date/Time: 25/03/2011 9:04:55 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
 
Log: 'Application' Date/Time: 25/03/2011 9:04:54 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
 
Log: 'Application' Date/Time: 25/03/2011 8:42:00 PM
Type: Warning Category: 0
Event: 1015 Source: MsiInstaller
Failed to connect to server. Error: 0x8007043C
 
Log: 'Application' Date/Time: 25/03/2011 8:41:35 PM
Type: Warning Category: 0
Event: 1015 Source: MsiInstaller
Failed to connect to server. Error: 0x8007043C
 
Log: 'Application' Date/Time: 25/03/2011 8:35:27 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
^^ Corrupt file or corrupt registry key.

Code:
Log: 'Application' Date/Time: 25/03/2011 10:13:01 PM
Type: Warning Category: 1
Event: 1008 Source: Microsoft-Windows-Search
The Windows Search Service is starting up and attempting to remove the old search index {Reason: Index Corruption}.
^^ Corrupt file.

Code:
Log: 'Application' Date/Time: 25/03/2011 6:10:30 PM
Type: Warning Category: 0
Event: 8230 Source: VSS
Volume Shadow Copy Service error: Failed resolving account SYSTEM with  status 2226. Check connection to domain controller and VssAccessControl  registry key. 
 
Operation:
   Initializing Writer
 
Context:
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
 
Error-specific details:
   Error: NetLocalGroupGetMemebers(SYSTEM), 0x800708b2, This operation  is only allowed on the primary domain controller of the domain.
^^ Corrupt file or corrupt registry key

Code:
Log: 'System' Date/Time: 25/03/2011 10:40:16 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error  could be caused if the system stopped responding, crashed, or lost power  unexpectedly.
^^ times by many. Something is causing your computer to uncleanly shutdown every time by the looks of things. Too many causes to guess at.

Code:
Log: 'System' Date/Time: 26/03/2011 3:11:53 AM
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 22/03/2011 4:01:06 PM
Type: Warning Category: 0
Event: 130 Source: Ntfs
The file system structure on volume C: has now been repaired.

Log: 'System' Date/Time: 26/03/2011 12:14:05 AM
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume Mid Birtha.
^^ Dying hard disk

You then have a massive number of service errors. Too many causes to guess at:

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 26/03/2011 2:52:12 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The regi service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 26/03/2011 2:52:10 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The lxebCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 26/03/2011 2:52:10 AM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the lxebCATSCustConnectService service to connect.

Log: 'System' Date/Time: 26/03/2011 2:52:08 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The AMPingService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 26/03/2011 2:52:08 AM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the AMPingService service to connect.

Log: 'System' Date/Time: 26/03/2011 12:06:36 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Superfetch service terminated unexpectedly. It has done this 3 time(s).

Log: 'System' Date/Time: 25/03/2011 11:44:26 PM
Type: Error Category: 0
Event: 7032 Source: Service Control Manager
The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Error Reporting Service service, but this action failed with the following error: An instance of the service is already running.

Log: 'System' Date/Time: 25/03/2011 11:42:26 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Windows Error Reporting Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Log: 'System' Date/Time: 25/03/2011 11:42:26 PM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The lxeb_device service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 25/03/2011 11:28:36 PM
Type: Error Category: 0
Event: 7032 Source: Service Control Manager
The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Human Interface Device Access service, but this action failed with the following error: An instance of the service is already running.

Log: 'System' Date/Time: 25/03/2011 11:27:40 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Superfetch service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Log: 'System' Date/Time: 25/03/2011 11:26:36 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Log: 'System' Date/Time: 25/03/2011 11:26:36 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Log: 'System' Date/Time: 25/03/2011 11:26:36 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Log: 'System' Date/Time: 25/03/2011 11:26:36 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Remote Desktop Services UserMode Port Redirector service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Log: 'System' Date/Time: 25/03/2011 11:26:36 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Log: 'System' Date/Time: 25/03/2011 11:26:36 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Code:
Log: 'System' Date/Time: 25/03/2011 6:29:02 AM
Type: Warning Category: 2
Event: 57 Source: Ntfs
The system failed to flush data to the transaction log. Corruption may occur.
^^ Several causes. Hard disk error likely.

Code:
Problem signature:
  Problem Event Name:    BlueScreen
  OS Version:    6.1.7601.2.1.0.256.48
  Locale ID:    1033
 
Additional information about the problem:
  BCCode:    1a
  BCP1:    0000000000041790
  BCP2:    FFFFFA8000E17980
  BCP3:    000000000000FFFF
  BCP4:    0000000000000000
  OS Version:    6_1_7601
  Service Pack:    1_0
  Product:    256_1
 
Files that help describe the problem:
  C:\Windows\Minidump\032511-28158-01.dmp
  C:\Users\My Name\AppData\Local\Temp\WER-48344-0.sysdata.xml
 
Read our privacy statement online:
 Windows 7 Privacy Statement - Microsoft Windows
 
If the online privacy statement is not available, please read our privacy statement offline:
  C:\Windows\system32\en-US\erofflps.txt
^^ Too many causes to guess at. Could be caused by hardware or software. What might cause a software problem? A corrupt file is one cause. What might cause a hardware problem? A dying hard disk is one cause.

I think that you can see where this is going.

Dead hard disk looks to be the cause I am afraid.

How old is this computer?

Please download the free SeaTools for Windows here: SeaTools

Run a SMART check if available, a Short Self Check, a Long Self Check (self check is also known as DST) and report back to me on which ones pass, and which ones fail.

If you have multiple hard disks, please run it on your C:\

Thanks!

Richard

EDIT: Sorry, I didn't make this very clear. This Operating System install is beyond repair. However, before you format, for there is no getting around that, I am afraid to say, you need to check your hard disk. I have posted about checking your hard disk with SeaTools above.
My System SpecsSystem Spec
26 Mar 2011   #19

Windows Vista HP 64-bit, Windows 7 P 64-bit, Leopard 10.5.8, Windows 7 P 32-bit
 
 

Quote   Quote: Originally Posted by niemiro View Post

EDIT: Sorry, I didn't make this very clear. This Operating System install is beyond repair. However, before you format, for there is no getting around that, I am afraid to say, you need to check your hard disk. I have posted about checking your hard disk with SeaTools above.
I'll run the disk diagnostic, but note that nearly all of the errors listed above are directly related to the SP1 update. At one point I got quite angry at the fact that it wouldn't install and just kept clicking the install button. Also the crashes all occurred after the attempted SP1 update. I uninstalled and then reinstalled the two programs that crashed were running at the times of the crashes (Mozilla Thunderbird and Video Redo TVSuite 4). I was having some problems muxing with the latter, but had exactly the same problem on another computer and when I updated to a later version the problems went away.

So, I'll run the malware detection program and the disk diagnostic, but I still think this was caused by the failed SP1 update. The computer, and the drives, are only a couple of months old. (One drive is a little older than that, but not the one with the OS.)
My System SpecsSystem Spec
26 Mar 2011   #20

Windows Vista HP 64-bit, Windows 7 P 64-bit, Leopard 10.5.8, Windows 7 P 32-bit
 
 

Quote   Quote: Originally Posted by niemiro View Post
I think that you can see where this is going.

Dead hard disk looks to be the cause I am afraid.

How old is this computer?

Please download the free SeaTools for Windows here: SeaTools

Run a SMART check if available, a Short Self Check, a Long Self Check (self check is also known as DST) and report back to me on which ones pass, and which ones fail.

If you have multiple hard disks, please run it on your C:\

Thanks!

Richard

EDIT: Sorry, I didn't make this very clear. This Operating System install is beyond repair. However, before you format, for there is no getting around that, I am afraid to say, you need to check your hard disk. I have posted about checking your hard disk with SeaTools above.
Ran the S.M.A.R.T. Test, the Short DST, and a Long Generic Test. It passed the S.M.A.R.T. test but failed both the long and short tests. Here's the log:

Quote:
3/27/2011 12:16:40 AM
Model: ST3750528AS
Serial Number: 5VP355Z5
Firmware Revision: CC38
SMART - Pass 3/27/2011 12:16:40 AM
SMART - Pass 3/27/2011 12:16:40 AM
Short DST - Started 3/27/2011 12:17:30 AM
Short DST - Started 3/27/2011 12:17:43 AM
Short DST - FAIL 3/27/2011 12:17:47 AM
SeaTools Test Code: 6AF0A5E4
Short DST - FAIL 3/27/2011 12:17:59 AM
SeaTools Test Code: 6AF0A5E4
Long Generic - Started 3/27/2011 12:24:01 AM
Long Generic - Started 3/27/2011 12:24:15 AM
Long Generic - FAIL 3/27/2011 12:24:41 AM
SeaTools Test Code: 6AF0A5D4
Long Generic - FAIL 3/27/2011 12:24:58 AM
SeaTools Test Code: 6AF0A5D4
I think the drive is still under warranty, so I might as well get it replaced, but will probably reinstall the OS on a Western Digital. I have an Acronis backup that was done long before these problems cropped up, but I might just save all my data files, use the migration tool (or whatever it's called) and reinstall the software after a clean install. If I do that I think I'll probably avoid the need to re-register all of the software. I don't think I'll use Seagate for anything critical again.

I'm still suspicious that the SP1 update somehow damaged the drive.
My System SpecsSystem Spec
Reply

 Can't install Win7 SP1 for x64 (KB976932)




Thread Tools



Similar help and support threads for2: Can't install Win7 SP1 for x64 (KB976932)
Thread Forum
Solved Error 800B0100 trying to install KB2604114, KB2676562 & KB976932 (SP1) Windows Updates & Activation
Is the kb976932 update really that important? Windows Updates & Activation
Solved Windows 7 SP1 for x64-based Systems (KB976932) will not install Windows Updates & Activation
Solved Win7 Ultimate x64 SP1 Updates Fail - KB2619339 - KB2729094 - KB976932 Windows Updates & Activation
Unable to install updates in windows 7 error 800B0100 update KB976932 Windows Updates & Activation
Win 7 SP1 update (KB976932) won't install Error 0x800f0826 Windows Updates & Activation
Win7 x64 SP1 (KB976932) Update Code 80010108 Windows Updates & Activation

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 09:38 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33