New
#11
I've run Restore several times, and have also checked the disk for errors several times, so the whole history of crashes may not be there, but here it is. Thanks for the help:
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 26/03/2011 12:45:56 AM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 26/03/2011 4:31:17 AM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Program Files (x86)\Acronis\TrueImageHome\BartPE\Files\TrueImage.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis.
Log: 'Application' Date/Time: 26/03/2011 4:30:59 AM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Program Files (x86)\Common Files\Acronis\DiskDirector\WinPE\Files\mmsBundle.dll". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis.
Log: 'Application' Date/Time: 26/03/2011 4:30:56 AM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Program Files (x86)\Common Files\Acronis\DiskDirector\WinPE\Files\ManagementConsole.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis.
Log: 'Application' Date/Time: 26/03/2011 4:30:48 AM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Program Files (x86)\Common Files\Acronis\DiskDirector\WinPE\Files\RecoveryExpert.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis.
Log: 'Application' Date/Time: 26/03/2011 4:30:25 AM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Program Files (x86)\Common Files\Acronis\DiskDirector\WinPE\Files\systeminfo.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis.
Log: 'Application' Date/Time: 26/03/2011 4:06:35 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: mcbuilder.exe, version: 6.1.7601.17514, time stamp: 0x4ce793fe Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c8f9 Exception code: 0xc0000374 Fault offset: 0x00000000000c40f2 Faulting process id: 0xd90 Faulting application start time: 0x01cbeb6b2f098ff7 Faulting application path: C:\Windows\system32\mcbuilder.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 70267ef4-575e-11e0-a38f-485b39c9e9c0
Log: 'Application' Date/Time: 26/03/2011 12:12:31 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: sump.exe, version: 4.2.7.4, time stamp: 0x4918019c Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7ba58 Exception code: 0xc0000005 Fault offset: 0x0002e3fb Faulting process id: 0x1abc Faulting application start time: 0x01cbeb4a3158348a Faulting application path: C:\Program Files (x86)\Uniblue\SpeedUpMyPC\sump.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id: bda9f2ef-573d-11e0-afb5-485b39c9e9c0
Log: 'Application' Date/Time: 26/03/2011 12:12:31 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: driverscanner.exe, version: 2.2.3.7, time stamp: 0x4918019c Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x1e01fd21 Faulting process id: 0x530 Faulting application start time: 0x01cbeb4a7ed4d99e Faulting application path: C:\Program Files (x86)\Uniblue\DriverScanner\driverscanner.exe Faulting module path: unknown Report Id: bda8935a-573d-11e0-afb5-485b39c9e9c0
Log: 'Application' Date/Time: 26/03/2011 12:06:35 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1 Faulting module name: sysmain.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c9db Exception code: 0xc0000005 Fault offset: 0x00000000000032df Faulting process id: 0xf34 Faulting application start time: 0x01cbeb445f8ae5f9 Faulting application path: C:\Windows\system32\svchost.exe Faulting module path: c:\windows\system32\sysmain.dll Report Id: e969a672-573c-11e0-afb5-485b39c9e9c0
Log: 'Application' Date/Time: 25/03/2011 11:42:26 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: svchost.exe_WerSvc, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1 Faulting module name: wer.dll, version: 6.1.7600.16385, time stamp: 0x4a5be081 Exception code: 0xc0000005 Fault offset: 0x000000000005a0e0 Faulting process id: 0x158c Faulting application start time: 0x01cbeb464b7960c4 Faulting application path: C:\Windows\System32\svchost.exe Faulting module path: C:\Windows\System32\wer.dll Report Id: 8997d197-5739-11e0-afb5-485b39c9e9c0
Log: 'Application' Date/Time: 25/03/2011 11:42:25 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: lxebcoms.exe, version: 9.2.33.0, time stamp: 0x4b200765 Faulting module name: lxebhcp.dll_unloaded, version: 0.0.0.0, time stamp: 0x4b20079e Exception code: 0xc0000005 Fault offset: 0x000000006a04b0d0 Faulting process id: 0x894 Faulting application start time: 0x01cbeb3db94f993c Faulting application path: C:\Windows\system32\lxebcoms.exe Faulting module path: lxebhcp.dll Report Id: 892d0047-5739-11e0-afb5-485b39c9e9c0
Log: 'Application' Date/Time: 25/03/2011 11:27:39 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1 Faulting module name: sysmain.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c9db Exception code: 0xc0000005 Fault offset: 0x00000000000170c2 Faulting process id: 0x1a28 Faulting application start time: 0x01cbeb443993b6e9 Faulting application path: C:\Windows\system32\svchost.exe Faulting module path: c:\windows\system32\sysmain.dll Report Id: 7912f568-5737-11e0-afb5-485b39c9e9c0
Log: 'Application' Date/Time: 25/03/2011 11:26:32 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1 Faulting module name: sysmain.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c9db Exception code: 0xc0000005 Fault offset: 0x00000000000089dc Faulting process id: 0x4c8 Faulting application start time: 0x01cbeb3da64830fb Faulting application path: C:\Windows\System32\svchost.exe Faulting module path: c:\windows\system32\sysmain.dll Report Id: 51335021-5737-11e0-afb5-485b39c9e9c0
Log: 'Application' Date/Time: 25/03/2011 10:05:32 PM
Type: Error Category: 1
Event: 7042 Source: Microsoft-Windows-Search
The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
Context: Windows Application, SystemIndex Catalog
Details:
The content index catalog is corrupt. 0xc0041801 (0xc0041801)
Log: 'Application' Date/Time: 25/03/2011 10:05:32 PM
Type: Error Category: 1
Event: 7040 Source: Microsoft-Windows-Search
The search service has detected corrupted data files in the index {id=4300}. The service will attempt to automatically correct this problem by rebuilding the index.
Context: Windows Application, SystemIndex Catalog
Details:
The content index catalog is corrupt. 0xc0041801 (0xc0041801)
Log: 'Application' Date/Time: 25/03/2011 9:45:00 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: VideoReDo4.exe, version: 4.20.6.610, time stamp: 0x4ce589e3 Faulting module name: mc_mux_mp4.dll, version: 8.7.0.28412, time stamp: 0x4c8169b0 Exception code: 0xc0000005 Fault offset: 0x0004fa1f Faulting process id: 0xfdc Faulting application start time: 0x01cbeb358672a82a Faulting application path: C:\Program Files (x86)\VideoReDoTVSuite4\VideoReDo4.exe Faulting module path: C:\Program Files (x86)\VideoReDoTVSuite4\mc_mux_mp4.dll Report Id: 2210f208-5729-11e0-be23-485b39c9e9c0
Log: 'Application' Date/Time: 25/03/2011 9:04:55 PM
Type: Error Category: 0
Event: 512 Source: Microsoft-Windows-CAPI2
The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.
Details:
Could not query the status of the EventSystem service.
System Error:
A system shutdown is in progress. .
Log: 'Application' Date/Time: 25/03/2011 8:22:31 PM
Type: Error Category: 3
Event: 215 Source: ESENT
WinMail (4224) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.
Log: 'Application' Date/Time: 25/03/2011 8:22:25 PM
Type: Error Category: 3
Event: 215 Source: ESENT
WinMail (5072) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.
Log: 'Application' Date/Time: 25/03/2011 1:47:57 PM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Program Files (x86)\Acronis\TrueImageHome\BartPE\Files\TrueImage.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 26/03/2011 2:52:45 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <csc://{S-1-5-21-1676719344-2982793480-2128229957-1000}/> cannot be accessed.
Context: Application, SystemIndex Catalog
Details:
(HRESULT : 0x80004005) (0x80004005)
Log: 'Application' Date/Time: 26/03/2011 12:17:59 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-1676719344-2982793480-2128229957-1000_Classes:
Process 3756 (\Device\HarddiskVolume1\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000_CLASSES
Log: 'Application' Date/Time: 26/03/2011 12:17:58 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 14 user registry handles leaked from \Registry\User\S-1-5-21-1676719344-2982793480-2128229957-1000:
Process 3756 (\Device\HarddiskVolume1\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000
Process 3756 (\Device\HarddiskVolume1\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software
Process 3756 (\Device\HarddiskVolume1\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software
Process 5124 (\Device\HarddiskVolume1\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Control Panel\International
Process 3756 (\Device\HarddiskVolume1\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Process 3756 (\Device\HarddiskVolume1\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Process 3756 (\Device\HarddiskVolume1\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows NT\CurrentVersion\Network\Location Awareness
Process 3756 (\Device\HarddiskVolume1\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Internet Explorer\IETld
Process 3756 (\Device\HarddiskVolume1\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 3756 (\Device\HarddiskVolume1\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 3756 (\Device\HarddiskVolume1\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN
Process 3756 (\Device\HarddiskVolume1\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Policies
Process 3756 (\Device\HarddiskVolume1\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Policies
Process 3756 (\Device\HarddiskVolume1\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Log: 'Application' Date/Time: 25/03/2011 11:45:18 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <csc://{S-1-5-21-1676719344-2982793480-2128229957-1002}/> cannot be accessed.
Context: Application, SystemIndex Catalog
Details:
(HRESULT : 0x80004005) (0x80004005)
Log: 'Application' Date/Time: 25/03/2011 11:45:14 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <iehistory://{S-1-5-21-1676719344-2982793480-2128229957-1002}/> cannot be accessed.
Context: Application, SystemIndex Catalog
Details:
(HRESULT : 0x80004005) (0x80004005)
Log: 'Application' Date/Time: 25/03/2011 10:16:45 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <csc://{S-1-5-21-1676719344-2982793480-2128229957-1002}/> cannot be accessed.
Context: Windows Application, SystemIndex Catalog
Details:
(HRESULT : 0x80004005) (0x80004005)
Log: 'Application' Date/Time: 25/03/2011 10:16:45 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <csc://{S-1-5-21-1676719344-2982793480-2128229957-1002}/> cannot be accessed.
Context: Windows Application, SystemIndex Catalog
Details:
(HRESULT : 0x80004005) (0x80004005)
Log: 'Application' Date/Time: 25/03/2011 10:16:36 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <iehistory://{S-1-5-21-1676719344-2982793480-2128229957-1002}/> cannot be accessed.
Context: Windows Application, SystemIndex Catalog
Details:
(HRESULT : 0x80004005) (0x80004005)
Log: 'Application' Date/Time: 25/03/2011 10:16:36 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <iehistory://{S-1-5-21-1676719344-2982793480-2128229957-1002}/> cannot be accessed.
Context: Windows Application, SystemIndex Catalog
Details:
(HRESULT : 0x80004005) (0x80004005)
Log: 'Application' Date/Time: 25/03/2011 10:13:01 PM
Type: Warning Category: 1
Event: 1008 Source: Microsoft-Windows-Search
The Windows Search Service is starting up and attempting to remove the old search index {Reason: Index Corruption}.
Log: 'Application' Date/Time: 25/03/2011 9:25:27 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 35 user registry handles leaked from \Registry\User\S-1-5-21-1676719344-2982793480-2128229957-1000:
Process 964 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000
Process 964 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000
Process 1548 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Search Assistant
Process 1548 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce
Process 1548 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows\CurrentVersion\RunServices
Process 1548 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows\ShellNoRoam\MUICache
Process 964 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 1548 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
Process 964 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\SystemCertificates\My
Process 964 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\SystemCertificates\CA
Process 1548 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunServicesOnce
Process 1548 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows
Process 1548 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnceEx
Process 1548 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
Process 1548 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Process 1548 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist
Process 1548 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Process 1548 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Process 7128 (\Device\HarddiskVolume1\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Control Panel\International
Process 1548 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
Process 1548 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce
Process 1548 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows\CurrentVersion\RunServiceOnce
Process 1548 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Internet Explorer
Process 1548 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
Process 1548 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1548 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunServices
Process 1548 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
Process 1548 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows\CurrentVersion\Policies
Process 1548 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
Process 1548 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
Process 1548 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Wow6432Node\Microsoft\Search Assistant
Process 1548 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows\CurrentVersion\RunService
Process 1548 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunService
Process 1548 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunServiceOnce
Process 1548 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows\CurrentVersion\Run
Log: 'Application' Date/Time: 25/03/2011 9:04:55 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 5 user registry handles leaked from \Registry\User\S-1-5-21-1676719344-2982793480-2128229957-1000:
Process 832 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000
Process 832 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000
Process 832 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 832 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\SystemCertificates\My
Process 832 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\SystemCertificates\CA
Log: 'Application' Date/Time: 25/03/2011 9:04:55 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
Log: 'Application' Date/Time: 25/03/2011 9:04:54 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
Log: 'Application' Date/Time: 25/03/2011 8:42:00 PM
Type: Warning Category: 0
Event: 1015 Source: MsiInstaller
Failed to connect to server. Error: 0x8007043C
Log: 'Application' Date/Time: 25/03/2011 8:41:35 PM
Type: Warning Category: 0
Event: 1015 Source: MsiInstaller
Failed to connect to server. Error: 0x8007043C
Log: 'Application' Date/Time: 25/03/2011 8:35:27 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
Log: 'Application' Date/Time: 25/03/2011 8:13:58 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 6 user registry handles leaked from \Registry\User\S-1-5-21-1676719344-2982793480-2128229957-1000:
Process 920 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000
Process 920 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000
Process 920 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 920 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\SystemCertificates\My
Process 920 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\SystemCertificates\CA
Process 1396 (\Device\HarddiskVolume1\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Control Panel\International
Log: 'Application' Date/Time: 25/03/2011 7:40:46 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 30 user registry handles leaked from \Registry\User\S-1-5-21-1676719344-2982793480-2128229957-1000:
Process 4216 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Search Assistant
Process 4216 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce
Process 4216 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows\CurrentVersion\RunServices
Process 4216 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows\ShellNoRoam\MUICache
Process 4216 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
Process 4216 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunServicesOnce
Process 4216 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows
Process 4216 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnceEx
Process 4216 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
Process 4216 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Process 4216 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist
Process 4216 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Process 4216 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Process 4996 (\Device\HarddiskVolume1\Windows\SysWOW64\wbem\WmiPrvSE.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Control Panel\International
Process 4216 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
Process 4216 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce
Process 4216 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows\CurrentVersion\RunServiceOnce
Process 4216 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Internet Explorer
Process 4216 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
Process 4216 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 4216 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunServices
Process 4216 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
Process 4216 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows\CurrentVersion\Policies
Process 4216 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
Process 4216 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
Process 4216 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Wow6432Node\Microsoft\Search Assistant
Process 4216 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows\CurrentVersion\RunService
Process 4216 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunService
Process 4216 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunServiceOnce
Process 4216 (\Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe) has opened key \REGISTRY\USER\S-1-5-21-1676719344-2982793480-2128229957-1000\Software\Microsoft\Windows\CurrentVersion\Run
Log: 'Application' Date/Time: 25/03/2011 6:10:30 PM
Type: Warning Category: 0
Event: 8230 Source: VSS
Volume Shadow Copy Service error: Failed resolving account SYSTEM with status 2226. Check connection to domain controller and VssAccessControl registry key.
Operation:
Initializing Writer
Context:
Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Writer Name: MSSearch Service Writer
Error-specific details:
Error: NetLocalGroupGetMemebers(SYSTEM), 0x800708b2, This operation is only allowed on the primary domain controller of the domain.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 25/03/2011 10:40:16 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 25/03/2011 9:19:09 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 25/03/2011 8:35:00 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 25/03/2011 5:57:10 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 25/03/2011 6:09:45 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 24/03/2011 11:08:49 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 21/03/2011 8:50:14 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 21/03/2011 8:37:51 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 20/03/2011 4:34:58 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 20/03/2011 4:04:51 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 27/01/2011 7:06:14 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 18/10/2010 2:00:02 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 16/10/2010 5:43:42 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 16/10/2010 5:41:10 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 16/10/2010 5:32:54 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 16/10/2010 4:07:38 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 26/09/2010 2:29:35 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 25/09/2010 7:06:40 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 23/09/2010 9:19:34 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 14/09/2010 1:15:12 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 26/03/2011 3:11:53 AM
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\DR0, has a bad block.
Log: 'System' Date/Time: 26/03/2011 3:11:49 AM
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\DR0, has a bad block.
Log: 'System' Date/Time: 26/03/2011 2:52:12 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The regi service failed to start due to the following error: The system cannot find the file specified.
Log: 'System' Date/Time: 26/03/2011 2:52:10 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The lxebCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
Log: 'System' Date/Time: 26/03/2011 2:52:10 AM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the lxebCATSCustConnectService service to connect.
Log: 'System' Date/Time: 26/03/2011 2:52:08 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The AMPingService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
Log: 'System' Date/Time: 26/03/2011 2:52:08 AM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the AMPingService service to connect.
Log: 'System' Date/Time: 26/03/2011 12:14:05 AM
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume Mid Birtha.
Log: 'System' Date/Time: 26/03/2011 12:06:36 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Superfetch service terminated unexpectedly. It has done this 3 time(s).
Log: 'System' Date/Time: 25/03/2011 11:44:26 PM
Type: Error Category: 0
Event: 7032 Source: Service Control Manager
The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Error Reporting Service service, but this action failed with the following error: An instance of the service is already running.
Log: 'System' Date/Time: 25/03/2011 11:42:26 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Windows Error Reporting Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
Log: 'System' Date/Time: 25/03/2011 11:42:26 PM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The lxeb_device service terminated unexpectedly. It has done this 1 time(s).
Log: 'System' Date/Time: 25/03/2011 11:28:36 PM
Type: Error Category: 0
Event: 7032 Source: Service Control Manager
The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Human Interface Device Access service, but this action failed with the following error: An instance of the service is already running.
Log: 'System' Date/Time: 25/03/2011 11:27:40 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Superfetch service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Log: 'System' Date/Time: 25/03/2011 11:26:36 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
Log: 'System' Date/Time: 25/03/2011 11:26:36 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
Log: 'System' Date/Time: 25/03/2011 11:26:36 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
Log: 'System' Date/Time: 25/03/2011 11:26:36 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Remote Desktop Services UserMode Port Redirector service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Log: 'System' Date/Time: 25/03/2011 11:26:36 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Log: 'System' Date/Time: 25/03/2011 11:26:36 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 25/03/2011 10:06:05 PM
Type: Warning Category: 0
Event: 8021 Source: BROWSER
The browser service was unable to retrieve a list of servers from the browser master \\SCOTTGATEWAY on the network \Device\NetBT_Tcpip_{F5FAF3FE-19AB-419A-94F9-C3F7D17910A0}. Browser master: \\SCOTTGATEWAY Network: \Device\NetBT_Tcpip_{F5FAF3FE-19AB-419A-94F9-C3F7D17910A0} This event may be caused by a temporary loss of network connectivity. If this message appears again, verify that the server is still connected to the network. The return code is in the Data text box.
Log: 'System' Date/Time: 25/03/2011 9:04:56 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.
Log: 'System' Date/Time: 25/03/2011 7:40:11 PM
Type: Warning Category: 223
Event: 225 Source: Microsoft-Windows-Kernel-PnP
The application \Device\HarddiskVolume1\Program Files\Trend Micro\Internet Security\SfCtlCom.exe with process id 4216 stopped the removal or ejection for the device USB\VID_0634&PID_3400\302AC2070835351.
Log: 'System' Date/Time: 25/03/2011 5:58:32 PM
Type: Warning Category: 0
Event: 1 Source: Microsoft-Windows-Kernel-Tm
The Transaction (UOW={4A68E040-5709-11E0-8DC7-485B39C9E9C0}, Description='') was unable to be committed, and instead rolled back; this was due to an error message returned by CLFS while attempting to write a Prepare or Commit record for the Transaction. The CLFS error returned was: 0xc0190052.
Log: 'System' Date/Time: 25/03/2011 6:29:03 AM
Type: Warning Category: 2
Event: 57 Source: Ntfs
The system failed to flush data to the transaction log. Corruption may occur.
Log: 'System' Date/Time: 25/03/2011 6:29:03 AM
Type: Warning Category: 2
Event: 57 Source: Ntfs
The system failed to flush data to the transaction log. Corruption may occur.
Log: 'System' Date/Time: 25/03/2011 6:29:03 AM
Type: Warning Category: 2
Event: 57 Source: Ntfs
The system failed to flush data to the transaction log. Corruption may occur.
Log: 'System' Date/Time: 25/03/2011 6:29:02 AM
Type: Warning Category: 2
Event: 57 Source: Ntfs
The system failed to flush data to the transaction log. Corruption may occur.
Log: 'System' Date/Time: 25/03/2011 6:29:02 AM
Type: Warning Category: 2
Event: 57 Source: Ntfs
The system failed to flush data to the transaction log. Corruption may occur.
Log: 'System' Date/Time: 25/03/2011 6:23:16 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name dns.msftncsi.com timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 25/03/2011 2:32:23 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name dns.msftncsi.com timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 25/03/2011 1:47:47 AM
Type: Warning Category: 0
Event: 8021 Source: BROWSER
The browser service was unable to retrieve a list of servers from the browser master \\SCOTTGATEWAY on the network \Device\NetBT_Tcpip_{F5FAF3FE-19AB-419A-94F9-C3F7D17910A0}. Browser master: \\SCOTTGATEWAY Network: \Device\NetBT_Tcpip_{F5FAF3FE-19AB-419A-94F9-C3F7D17910A0} This event may be caused by a temporary loss of network connectivity. If this message appears again, verify that the server is still connected to the network. The return code is in the Data text box.
Log: 'System' Date/Time: 25/03/2011 1:39:56 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.
Log: 'System' Date/Time: 25/03/2011 1:38:36 AM
Type: Warning Category: 0
Event: 8021 Source: BROWSER
The browser service was unable to retrieve a list of servers from the browser master \\SCOTTGATEWAY on the network \Device\NetBT_Tcpip_{F5FAF3FE-19AB-419A-94F9-C3F7D17910A0}. Browser master: \\SCOTTGATEWAY Network: \Device\NetBT_Tcpip_{F5FAF3FE-19AB-419A-94F9-C3F7D17910A0} This event may be caused by a temporary loss of network connectivity. If this message appears again, verify that the server is still connected to the network. The return code is in the Data text box.
Log: 'System' Date/Time: 25/03/2011 12:59:08 AM
Type: Warning Category: 0
Event: 8021 Source: BROWSER
The browser service was unable to retrieve a list of servers from the browser master \\SCOTTGATEWAY on the network \Device\NetBT_Tcpip_{F5FAF3FE-19AB-419A-94F9-C3F7D17910A0}. Browser master: \\SCOTTGATEWAY Network: \Device\NetBT_Tcpip_{F5FAF3FE-19AB-419A-94F9-C3F7D17910A0} This event may be caused by a temporary loss of network connectivity. If this message appears again, verify that the server is still connected to the network. The return code is in the Data text box.
Log: 'System' Date/Time: 23/03/2011 9:10:49 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name www.cjuasaebl.co.cc timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 23/03/2011 3:39:31 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name biscotti.lsops.net timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 23/03/2011 10:30:16 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name dns.msftncsi.com timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 22/03/2011 4:26:33 PM
Type: Warning Category: 0
Event: 130 Source: Ntfs
The file system structure on volume C: has now been repaired.
Log: 'System' Date/Time: 22/03/2011 4:01:06 PM
Type: Warning Category: 0
Event: 130 Source: Ntfs
The file system structure on volume C: has now been repaired.