Windows 7 Activated but not Validated

[bgreen51]

Sorry, but I tried to run View.exe as administrator and get this error. I tried viewing my event logs and it said the service wasn't available and to verify it was running. I tried putting Windows Event Log and Windows Event Collector into automatic and rebooting. View.exe will still not run and I am still not able to view my event logs.

 

[Go The Power]

Hmm strange... Please download and run Farbar Service Scanner from here: Farbar Service Scanner Download, place a checkbox in everything and click Scan. Paste that log in your next reply.

 

[bgreen51]

I tried to run View.exe as administrator but received the following message. I also tried to view events in Event Viewer but it said "Event Log is unavailable. Verify the service is running." I looked at services and the Windows Event Log service and Windows Event Collector service were set to manual, so I set them to automatic, rebooted, and verified the services were running. View.exe still failed. Any suggestions?

 

[Go The Power]

Hmm strange... Please download and run Farbar Service Scanner from here: Farbar Service Scanner Download, place a checkbox in everything and click Scan. Paste that log in your next reply.

Can you please run the above tool.

 

[bgreen51]

Here it is:
Farbar Service Scanner Version: 21-07-2014
Ran by bgreen (administrator) on 25-11-2014 at 22:54:03
Running from "C:\Users\bgreen\Downloads"
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Google.com is unreachable
Attempt to access Yahoo.com returned error: Yahoo.com is unreachable

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2014-07-09 23:15] - [2014-05-29 23:36] - 0338944 ____A (Microsoft Corporation) D0B388DA1D111A34366E04EB4A5DD156
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2013-08-13 22:26] - [2013-07-08 21:46] - 0140288 ____A (Microsoft Corporation) 7CA1BECEA5DE2643ADDAD32670E7A4C9
C:\Program Files\Windows Defender\MpSvc.dll
[2013-07-10 12:24] - [2013-05-26 21:57] - 0680960 ____A (Microsoft Corporation) 082CF481F659FAE0DE51AD060881EB47
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

 

[Go The Power]

Alright so we need to try and work out the issue with the service first.

1. Click on the
   
   button. Inside the search box type in CMD
2. Right click on CMD => Choose Run as Administrator
3. Inside the Command Prompt windows copy and paste the following commands
   net start eventlog
4. Do you get a message saying the service has started? if not please continue.
5. Enter in the following commands:
   reg query "HKLM\SYSTEM\CurrentControlSet\Services\eventlog" > 0 & notepad 0
   SC QUERYEX eventlog >res&& sc qc eventlog >>res && notepad res
6. You should now have two text documents, please post them back into this thread.

 

[bgreen51]

Eventlog did not start. It said Access is Denied. Here are the text files:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\wevtsvc.dll
ServiceMain REG_SZ ServiceMain
PlugPlayServiceType REG_DWORD 0x3
ServiceDllUnloadOnStop REG_DWORD 0x1
DisplayName REG_SZ @%SystemRoot%\system32\wevtsvc.dll,-200
Group REG_SZ Event Log
ImagePath REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Description REG_SZ @%SystemRoot%\system32\wevtsvc.dll,-201
ObjectName REG_SZ NT AUTHORITY\LocalService
ErrorControl REG_DWORD 0x1
Start REG_DWORD 0x2
Type REG_DWORD 0x20
ServiceSidType REG_DWORD 0x1
RequiredPrivileges REG_MULTI_SZ SeChangeNotifyPrivilege\0SeImpersonatePrivilege
FailureActionsOnNonCrashFailures REG_DWORD 0x1
FailureActions REG_BINARY 80510100000000000000000003000000140000000100000060EA000001000000C0D401000000000000000000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Application
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\DFS Replication
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\HardwareEvents
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Internet Explorer
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Key Management Service
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Media Center
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\ODiag
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\OSession
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Security
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\Windows PowerShell


SERVICE_NAME: eventlog
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 5 (0x5)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: eventlog
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
LOAD_ORDER_GROUP : Event Log
TAG : 0
DISPLAY_NAME : Windows Event Log
DEPENDENCIES :
SERVICE_START_NAME : NT AUTHORITY\LocalService

 

[Go The Power]

Please also run the following:

REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" /s >2&&notepad 2
SC SDSHOW eventlog >1&&notepad 1

and post the contents of both logs.

Alex

 

[bgreen51]

Here you go:


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
ProfilesDirectory REG_EXPAND_SZ %SystemDrive%\Users
Default REG_EXPAND_SZ %SystemDrive%\Users\Default
Public REG_EXPAND_SZ %SystemDrive%\Users\Public
ProgramData REG_EXPAND_SZ %SystemDrive%\ProgramData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
Flags REG_DWORD 0xc
State REG_DWORD 0x0
RefCount REG_DWORD 0x1
Sid REG_BINARY 010100000000000512000000
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath REG_EXPAND_SZ C:\Windows\ServiceProfiles\LocalService
Flags REG_DWORD 0x0
State REG_DWORD 0x0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath REG_EXPAND_SZ C:\Windows\ServiceProfiles\NetworkService
Flags REG_DWORD 0x0
State REG_DWORD 0x0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1596105258-3852694724-2662578111-1003
ProfileImagePath REG_EXPAND_SZ C:\Users\bgreen
Flags REG_DWORD 0x0
State REG_DWORD 0x0
Sid REG_BINARY 0105000000000005150000002AA2225FC474A3E5BFB7B39EEB030000
Migrated REG_BINARY 7030F18EF5B8CA01
ProfileLoadTimeLow REG_DWORD 0x0
ProfileLoadTimeHigh REG_DWORD 0x0
RefCount REG_DWORD 0x2
RunLogonScriptSync REG_DWORD 0x0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1596105258-3852694724-2662578111-1007
ProfileImagePath REG_EXPAND_SZ C:\Users\UpdatusUser
Flags REG_DWORD 0x0
State REG_DWORD 0x0
Sid REG_BINARY 0105000000000005150000002AA2225FC474A3E5BFB7B39EEF030000
ProfileLoadTimeLow REG_DWORD 0x0
ProfileLoadTimeHigh REG_DWORD 0x0
RefCount REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1596105258-3852694724-2662578111-501
ProfileImagePath REG_EXPAND_SZ C:\Users\Guest
Flags REG_DWORD 0x0
State REG_DWORD 0x80
Sid REG_BINARY 0105000000000005150000002AA2225FC474A3E5BFB7B39EF5010000
ProfileLoadTimeLow REG_DWORD 0x0
ProfileLoadTimeHigh REG_DWORD 0x0
RefCount REG_DWORD 0x0
RunLogonScriptSync REG_DWORD 0x0


DA;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)SAU;SA;DCRPWPDTCRSDWDWO;;;WD)(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

 

[Go The Power]

Hmm the security SDDL is correct.

Please run the following command and post the results

PowersShell ACL

• Click Start -> Inside the search field search for Powershell.exe
• Press Enter
• Inside the PowerShell windows copy the following command
  get-acl "C:\Windows\System32\winevt\Logs" | fl >1
• Press Enter
• Type in notepad 1
• Press Enter

 

[bgreen51]

Here you go;


Path : Microsoft.PowerShell.Core\FileSystem::C:\Windows\System32\winevt\Logs
Owner : BUILTIN\Administrators
Group : BUILTIN\Administrators
Access : NT SERVICE\TrustedInstaller Allow FullControl
NT SERVICE\TrustedInstaller Allow 268435456
NT AUTHORITY\SYSTEM Allow FullControl
NT AUTHORITY\SYSTEM Allow 268435456
BUILTIN\Administrators Allow FullControl
BUILTIN\Administrators Allow 268435456
BUILTIN\Users Allow ReadAndExecute, Synchronize
BUILTIN\Users Allow -1610612736
CREATOR OWNER Allow 268435456
Audit :
Sddl : O:BAG:BAD:AI(A;ID;FA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIOID;GA;;;S-1-5-80-
956008885-3418522649-1831038044-1853292631-2271478464)(A;ID;FA;;;SY)(A;OICIIOID;GA;;;SY)(A;ID;FA;;;BA)(A;OICII
OID;GA;;;BA)(A;ID;0x1200a9;;;BU)(A;OICIIOID;GXGR;;;BU)(A;OICIIOID;GA;;;CO)

 

[Go The Power]

The folder is missing the eventlog user account, which may be the reason why the access denied message is appearing. Before we fix this folder I just want to see if its on the parent folder.

PowersShell ACL

• Click Start -> Inside the search field search for Powershell.exe
• Press Enter
• Inside the PowerShell windows copy the following command
  get-acl "C:\Windows\System32\winevt" | fl >1
• Press Enter
• Type in notepad 1
• Press Enter

Post the contents back into this thread.

 

[bgreen51]

View.exe still gives me a runtime error and won't produce a report:

 

[Go The Power]

That's because we haven't made any changes yet

Please follow the steps here: https://www.sysnative.com/forums/wi...ed-but-not-validated-post87937.html#post87937

 

[bgreen51]

Alex:

Here are the results from the Powershell command in Post #32 which is what I assume you needed:

Path : Microsoft.PowerShell.Core\FileSystem::C:\Windows\System32\winevt
Owner : BUILTIN\Administrators
Group : BUILTIN\Administrators
Access : NT SERVICE\TrustedInstaller Allow FullControl
NT SERVICE\TrustedInstaller Allow 268435456
NT AUTHORITY\SYSTEM Allow FullControl
NT AUTHORITY\SYSTEM Allow 268435456
BUILTIN\Administrators Allow FullControl
BUILTIN\Administrators Allow 268435456
BUILTIN\Users Allow ReadAndExecute, Synchronize
BUILTIN\Users Allow -1610612736
CREATOR OWNER Allow 268435456
Audit :
Sddl : O:BAG:BAD:AI(A;ID;FA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIOID;GA;;;S-1-5-80-
956008885-3418522649-1831038044-1853292631-2271478464)(A;ID;FA;;;SY)(A;OICIIOID;GA;;;SY)(A;ID;FA;;;BA)(A;OICII
OID;GA;;;BA)(A;ID;0x1200a9;;;BU)(A;OICIIOID;GXGR;;;BU)(A;OICIIOID;GA;;;CO)

I have another strategy that I thought might work. This problem happened when replaced both drives of a RAID 0 array because one hard drive failed. I still have the second old hard drive and it is still functional. Seems like I could take the old drive and put it in the computer alone. I could confirm it validates the license OK, allow it to update through Windows Update, and then run a system image of this drive. I could then take one of the two new drives, format it, and restore the system image from the old drive to the new drive. I could then see if the new drive validates OK, and then allow it to rebuild the RAID O array, restore changed files from a backup from the new drives, and I'd be back in business? Think that would work?

 

[Go The Power]

Thank you.

The permissions are also missing from the parent folder, your idea may work but TBH you would be better of trying a repair install. It looks like some of the security permissions are not how they should be.

Lets see f we can repair the permissions on this folder.

Open CMD as admin again and run the following:

icacls "C:\Windows\System32\winevt" /grant "NT SERVICE\EventLog":(OI)(CI)F

Restart your computer, when your computer is up and running again open another CMD as admin and try and run the following command net start eventlog, hopefully it starts this time.

 

[bgreen51]

Vino's Even Viewer worked this time:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 29/11/2014 8:28:41 PM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 30/11/2014 3:28:30 AM
Type: Error Category: 0
Event: 257 Source: Microsoft-Windows-CAPI2
The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.
Log: 'Application' Date/Time: 30/11/2014 3:28:30 AM
Type: Error Category: 0
Event: 257 Source: Microsoft-Windows-CAPI2
The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.
Log: 'Application' Date/Time: 30/11/2014 3:28:12 AM
Type: Error Category: 1
Event: 1006 Source: Microsoft-Windows-Search
The Windows Search Service has failed to create the new search index. Internal error <4, 0x8004117f, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.

Log: 'Application' Date/Time: 30/11/2014 3:28:12 AM
Type: Error Category: 3
Event: 9000 Source: Microsoft-Windows-Search
The event description cannot be found.
Log: 'Application' Date/Time: 30/11/2014 3:27:56 AM
Type: Error Category: 1
Event: 1006 Source: Microsoft-Windows-Search
The Windows Search Service has failed to create the new search index. Internal error <4, 0x8004117f, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.

Log: 'Application' Date/Time: 30/11/2014 3:27:56 AM
Type: Error Category: 3
Event: 9000 Source: Microsoft-Windows-Search
The event description cannot be found.
Log: 'Application' Date/Time: 30/11/2014 3:27:51 AM
Type: Error Category: 1
Event: 1006 Source: Microsoft-Windows-Search
The Windows Search Service has failed to create the new search index. Internal error <4, 0x8004117f, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.

Log: 'Application' Date/Time: 30/11/2014 3:27:51 AM
Type: Error Category: 3
Event: 9000 Source: Microsoft-Windows-Search
The event description cannot be found.
Log: 'Application' Date/Time: 30/11/2014 3:27:28 AM
Type: Error Category: 0
Event: 257 Source: Microsoft-Windows-CAPI2
The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.
Log: 'Application' Date/Time: 30/11/2014 3:27:28 AM
Type: Error Category: 0
Event: 257 Source: Microsoft-Windows-CAPI2
The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.
Log: 'Application' Date/Time: 30/11/2014 3:27:25 AM
Type: Error Category: 0
Event: 257 Source: Microsoft-Windows-CAPI2
The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.
Log: 'Application' Date/Time: 30/11/2014 3:27:25 AM
Type: Error Category: 0
Event: 257 Source: Microsoft-Windows-CAPI2
The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.
Log: 'Application' Date/Time: 30/11/2014 3:27:24 AM
Type: Error Category: 1
Event: 1006 Source: Microsoft-Windows-Search
The Windows Search Service has failed to create the new search index. Internal error <4, 0x8004117f, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.

Log: 'Application' Date/Time: 30/11/2014 3:27:24 AM
Type: Error Category: 3
Event: 9000 Source: Microsoft-Windows-Search
The event description cannot be found.
Log: 'Application' Date/Time: 30/11/2014 3:27:19 AM
Type: Error Category: 0
Event: 257 Source: Microsoft-Windows-CAPI2
The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.
Log: 'Application' Date/Time: 30/11/2014 3:27:19 AM
Type: Error Category: 0
Event: 257 Source: Microsoft-Windows-CAPI2
The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.
Log: 'Application' Date/Time: 30/11/2014 3:27:19 AM
Type: Error Category: 0
Event: 257 Source: Microsoft-Windows-CAPI2
The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.
Log: 'Application' Date/Time: 30/11/2014 3:27:19 AM
Type: Error Category: 0
Event: 257 Source: Microsoft-Windows-CAPI2
The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.
Log: 'Application' Date/Time: 30/11/2014 3:27:19 AM
Type: Error Category: 0
Event: 257 Source: Microsoft-Windows-CAPI2
The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.
Log: 'Application' Date/Time: 30/11/2014 3:27:19 AM
Type: Error Category: 0
Event: 257 Source: Microsoft-Windows-CAPI2
The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Information Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 30/11/2014 3:29:00 AM
Type: Information Category: 1
Event: 101 Source: SkypeUpdate
Service stopped.
Log: 'Application' Date/Time: 30/11/2014 3:28:59 AM
Type: Information Category: 1
Event: 103 Source: SkypeUpdate
SkypeUpdate service is shutting down due to idle timeout.
Log: 'Application' Date/Time: 30/11/2014 3:28:13 AM
Type: Information Category: 1
Event: 1013 Source: Microsoft-Windows-Search
Windows Search Service stopped normally.

Log: 'Application' Date/Time: 30/11/2014 3:28:10 AM
Type: Information Category: 1
Event: 1004 Source: Microsoft-Windows-Search
The Windows Search service is creating the new search index {Reason: Full Index Reset}.

Log: 'Application' Date/Time: 30/11/2014 3:28:10 AM
Type: Information Category: 1
Event: 1010 Source: Microsoft-Windows-Search
The Windows Search Service has successfully removed the old search index.

Log: 'Application' Date/Time: 30/11/2014 3:28:08 AM
Type: Information Category: 0
Event: 100 Source: AirPrint
The event description cannot be found.
Log: 'Application' Date/Time: 30/11/2014 3:27:56 AM
Type: Information Category: 1
Event: 1013 Source: Microsoft-Windows-Search
Windows Search Service stopped normally.

Log: 'Application' Date/Time: 30/11/2014 3:27:54 AM
Type: Information Category: 1
Event: 1004 Source: Microsoft-Windows-Search
The Windows Search service is creating the new search index {Reason: Full Index Reset}.

Log: 'Application' Date/Time: 30/11/2014 3:27:54 AM
Type: Information Category: 1
Event: 1010 Source: Microsoft-Windows-Search
The Windows Search Service has successfully removed the old search index.

Log: 'Application' Date/Time: 30/11/2014 3:27:52 AM
Type: Information Category: 1
Event: 1013 Source: Microsoft-Windows-Search
Windows Search Service stopped normally.

Log: 'Application' Date/Time: 30/11/2014 3:27:50 AM
Type: Information Category: 1
Event: 1004 Source: Microsoft-Windows-Search
The Windows Search service is creating the new search index {Reason: Full Index Reset}.

Log: 'Application' Date/Time: 30/11/2014 3:27:50 AM
Type: Information Category: 1
Event: 1010 Source: Microsoft-Windows-Search
The Windows Search Service has successfully removed the old search index.

Log: 'Application' Date/Time: 30/11/2014 3:27:35 AM
Type: Information Category: 0
Event: 100 Source: AirPrint
The event description cannot be found.
Log: 'Application' Date/Time: 30/11/2014 3:27:24 AM
Type: Information Category: 1
Event: 1013 Source: Microsoft-Windows-Search
Windows Search Service stopped normally.

Log: 'Application' Date/Time: 30/11/2014 3:27:21 AM
Type: Information Category: 1
Event: 1004 Source: Microsoft-Windows-Search
The Windows Search service is creating the new search index {Reason: Full Index Reset}.

Log: 'Application' Date/Time: 30/11/2014 3:27:21 AM
Type: Information Category: 1
Event: 1010 Source: Microsoft-Windows-Search
The Windows Search Service has successfully removed the old search index.

Log: 'Application' Date/Time: 30/11/2014 3:27:20 AM
Type: Information Category: 1
Event: 1013 Source: Microsoft-Windows-Search
Windows Search Service stopped normally.

Log: 'Application' Date/Time: 30/11/2014 3:27:17 AM
Type: Information Category: 1
Event: 1004 Source: Microsoft-Windows-Search
The Windows Search service is creating the new search index {Reason: Full Index Reset}.

Log: 'Application' Date/Time: 30/11/2014 3:27:17 AM
Type: Information Category: 1
Event: 1010 Source: Microsoft-Windows-Search
The Windows Search Service has successfully removed the old search index.

Log: 'Application' Date/Time: 30/11/2014 3:27:14 AM
Type: Information Category: 0
Event: 0 Source: iPod Service
The event description cannot be found.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 30/11/2014 3:28:10 AM
Type: Warning Category: 1
Event: 1008 Source: Microsoft-Windows-Search
The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.

Log: 'Application' Date/Time: 30/11/2014 3:27:54 AM
Type: Warning Category: 1
Event: 1008 Source: Microsoft-Windows-Search
The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.

Log: 'Application' Date/Time: 30/11/2014 3:27:50 AM
Type: Warning Category: 1
Event: 1008 Source: Microsoft-Windows-Search
The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.

Log: 'Application' Date/Time: 30/11/2014 3:27:21 AM
Type: Warning Category: 1
Event: 1008 Source: Microsoft-Windows-Search
The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.

Log: 'Application' Date/Time: 30/11/2014 3:27:19 AM
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint 19 7a 4a eb db 25 f0 17 00 79 bb 8c 73 cb 2d 65 5e 00 18 a4 is about to expire or already expired.
Log: 'Application' Date/Time: 30/11/2014 3:27:19 AM
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint 4e 7c 54 42 2a 43 1a db de 20 36 77 0e b2 fa 58 fb 58 cd 44 is about to expire or already expired.
Log: 'Application' Date/Time: 30/11/2014 3:27:17 AM
Type: Warning Category: 1
Event: 1008 Source: Microsoft-Windows-Search
The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.

Log: 'Application' Date/Time: 30/11/2014 3:27:00 AM
Type: Warning Category: 0
Event: 3 Source: SQLBrowser
The configuration of the AdminConnection\TCP protocol in the SQL instance MSSMLBIZ is not valid.
Log: 'Application' Date/Time: 27/11/2014 1:02:54 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-1596105258-3852694724-2662578111-1003:
Process 1156 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003

Log: 'Application' Date/Time: 26/11/2014 11:43:29 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-1596105258-3852694724-2662578111-1003_Classes:
Process 2628 (\Device\HarddiskVolume1\Program Files\Norton Internet Security\Engine\21.6.0.32\nis.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003_CLASSES
Process 2628 (\Device\HarddiskVolume1\Program Files\Norton Internet Security\Engine\21.6.0.32\nis.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003_CLASSES

Log: 'Application' Date/Time: 26/11/2014 11:43:29 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 9 user registry handles leaked from \Registry\User\S-1-5-21-1596105258-3852694724-2662578111-1003:
Process 2628 (\Device\HarddiskVolume1\Program Files\Norton Internet Security\Engine\21.6.0.32\nis.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003
Process 2628 (\Device\HarddiskVolume1\Program Files\Norton Internet Security\Engine\21.6.0.32\nis.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall
Process 2628 (\Device\HarddiskVolume1\Program Files\Norton Internet Security\Engine\21.6.0.32\nis.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Microsoft\Office\Outlook\Addins\MsouPlug.OutlookPlug
Process 2628 (\Device\HarddiskVolume1\Program Files\Norton Internet Security\Engine\21.6.0.32\nis.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Microsoft\Direct3D
Process 2628 (\Device\HarddiskVolume1\Program Files\Norton Internet Security\Engine\21.6.0.32\nis.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Microsoft\Windows NT\CurrentVersion
Process 2628 (\Device\HarddiskVolume1\Program Files\Norton Internet Security\Engine\21.6.0.32\nis.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 2628 (\Device\HarddiskVolume1\Program Files\Norton Internet Security\Engine\21.6.0.32\nis.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\iexplore
Process 2628 (\Device\HarddiskVolume1\Program Files\Norton Internet Security\Engine\21.6.0.32\nis.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\iexplore
Process 2628 (\Device\HarddiskVolume1\Program Files\Norton Internet Security\Engine\21.6.0.32\nis.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts

Log: 'Application' Date/Time: 25/11/2014 12:22:41 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-1596105258-3852694724-2662578111-1003:
Process 1180 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003

Log: 'Application' Date/Time: 25/11/2014 11:47:05 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 17 user registry handles leaked from \Registry\User\S-1-5-21-1596105258-3852694724-2662578111-1003_Classes:
Process 5276 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003_CLASSES
Process 5276 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003_CLASSES
Process 5276 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\181\Shell
Process 5276 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\181\Shell
Process 5276 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\106\Shell
Process 5276 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\106\Shell
Process 5276 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell
Process 5276 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell
Process 5276 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell
Process 5276 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell
Process 5276 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell
Process 5276 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003_CLASSES\Local Settings\Software\Microsoft\Windows\Shell
Process 5276 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\106\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Process 5276 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\106\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Process 5276 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Process 5276 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\181\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Process 5276 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\181\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}

Log: 'Application' Date/Time: 25/11/2014 11:47:04 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 23 user registry handles leaked from \Registry\User\S-1-5-21-1596105258-3852694724-2662578111-1003:
Process 5276 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003
Process 5276 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003
Process 5276 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Process 5276 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Microsoft\Windows\Shell\Bags\1\Desktop
Process 5276 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 5276 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Policies
Process 5276 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Microsoft\Internet Explorer\Main
Process 5276 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Microsoft\Internet Explorer\Main\FeatureControl
Process 5276 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Microsoft\Windows NT\CurrentVersion
Process 5276 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 5276 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 5276 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count
Process 5276 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 5276 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 5276 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
Process 5276 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software
Process 5276 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Microsoft\Windows\Shell
Process 5276 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Process 5276 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
Process 5276 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Process 5276 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
Process 5276 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Motive\Rainier\Logger
Process 5276 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts

Log: 'Application' Date/Time: 24/11/2014 1:12:35 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 36 user registry handles leaked from \Registry\User\S-1-5-21-1596105258-3852694724-2662578111-1003:
Process 2312 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003
Process 2312 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003
Process 2312 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003
Process 2312 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003
Process 2312 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003
Process 2312 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003
Process 2312 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Process 2312 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Microsoft\Windows\Shell\Bags\1\Desktop
Process 2312 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 2312 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Policies
Process 2312 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Policies
Process 2312 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Microsoft\Internet Explorer\Main
Process 2312 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Microsoft\Internet Explorer\Main\FeatureControl
Process 2312 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Microsoft\SystemCertificates\TrustedPeople
Process 2312 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Microsoft\Windows NT\CurrentVersion
Process 2312 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Policies\Microsoft\SystemCertificates
Process 2312 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 2312 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 2312 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count
Process 2312 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 2312 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 2312 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
Process 2312 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software
Process 2312 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software
Process 2312 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Microsoft\Windows\Shell
Process 2312 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Microsoft\SystemCertificates\My
Process 2312 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Process 2312 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
Process 2312 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Process 2312 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
Process 2312 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Microsoft\SystemCertificates\Disallowed
Process 2312 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Microsoft\SystemCertificates\CA
Process 2312 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2312 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
Process 2312 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Microsoft\SystemCertificates\trust
Process 2312 (\Device\HarddiskVolume1\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Microsoft\SystemCertificates\Root

Log: 'Application' Date/Time: 17/11/2014 2:32:41 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-1596105258-3852694724-2662578111-1003:
Process 3152 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003
Process 3152 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003
Process 3152 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003
Process 3152 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003
Process 3152 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Microsoft\SystemCertificates\TrustedPeople
Process 3152 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Policies\Microsoft\SystemCertificates
Process 3152 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Policies\Microsoft\SystemCertificates
Process 3152 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Policies\Microsoft\SystemCertificates
Process 3152 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Policies\Microsoft\SystemCertificates
Process 3152 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Microsoft\SystemCertificates\My
Process 3152 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Microsoft\SystemCertificates\Disallowed
Process 3152 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Microsoft\SystemCertificates\CA
Process 3152 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 3152 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Microsoft\SystemCertificates\trust
Process 3152 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003\Software\Microsoft\SystemCertificates\Root

Log: 'Application' Date/Time: 17/11/2014 12:09:00 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-1596105258-3852694724-2662578111-1003_Classes:
Process 8108 (\Device\HarddiskVolume1\Program Files\Google\Update\GoogleUpdate.exe) has opened key \REGISTRY\USER\S-1-5-21-1596105258-3852694724-2662578111-1003_CLASSES

Log: 'Application' Date/Time: 16/11/2014 10:26:47 PM
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint 19 7a 4a eb db 25 f0 17 00 79 bb 8c 73 cb 2d 65 5e 00 18 a4 is about to expire or already expired.
Log: 'Application' Date/Time: 16/11/2014 10:26:47 PM
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint 4e 7c 54 42 2a 43 1a db de 20 36 77 0e b2 fa 58 fb 58 cd 44 is about to expire or already expired.
Log: 'Application' Date/Time: 16/11/2014 10:01:41 PM
Type: Warning Category: 1
Event: 1008 Source: Microsoft-Windows-Search
The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 15/11/2014 5:56:06 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 11/09/2014 6:56:29 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 10/09/2014 3:54:47 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 10/09/2014 2:36:04 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 10/09/2014 2:23:44 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 10/09/2014 2:12:45 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 10/09/2014 1:21:08 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 10/09/2014 1:01:53 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 10/09/2014 12:51:17 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 09/09/2014 10:30:43 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 09/09/2014 4:31:20 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 08/09/2014 10:35:28 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 08/09/2014 11:26:24 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 14/08/2014 2:21:37 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 29/07/2014 2:04:34 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 08/07/2014 6:37:24 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 24/11/2014 1:35:10 PM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Windows Search service terminated unexpectedly. It has done this 9 time(s).
Log: 'System' Date/Time: 24/11/2014 1:35:10 PM
Type: Error Category: 0
Event: 7024 Source: Service Control Manager
The Windows Search service terminated with service-specific error %%-2147217025.
Log: 'System' Date/Time: 24/11/2014 1:23:29 PM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Windows Search service terminated unexpectedly. It has done this 8 time(s).
Log: 'System' Date/Time: 24/11/2014 1:23:29 PM
Type: Error Category: 0
Event: 7024 Source: Service Control Manager
The Windows Search service terminated with service-specific error %%-2147217025.
Log: 'System' Date/Time: 24/11/2014 1:23:17 PM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Windows Search service terminated unexpectedly. It has done this 7 time(s).
Log: 'System' Date/Time: 24/11/2014 1:23:17 PM
Type: Error Category: 0
Event: 7024 Source: Service Control Manager
The Windows Search service terminated with service-specific error %%-2147217025.
Log: 'System' Date/Time: 24/11/2014 1:23:12 PM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Windows Search service terminated unexpectedly. It has done this 6 time(s).
Log: 'System' Date/Time: 24/11/2014 1:23:12 PM
Type: Error Category: 0
Event: 7024 Source: Service Control Manager
The Windows Search service terminated with service-specific error %%-2147217025.
Log: 'System' Date/Time: 24/11/2014 1:22:55 PM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Windows Search service terminated unexpectedly. It has done this 5 time(s).
Log: 'System' Date/Time: 24/11/2014 1:22:55 PM
Type: Error Category: 0
Event: 7024 Source: Service Control Manager
The Windows Search service terminated with service-specific error %%-2147217025.
Log: 'System' Date/Time: 24/11/2014 1:20:54 PM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Windows Search service terminated unexpectedly. It has done this 4 time(s).
Log: 'System' Date/Time: 24/11/2014 1:20:54 PM
Type: Error Category: 0
Event: 7024 Source: Service Control Manager
The Windows Search service terminated with service-specific error %%-2147217025.
Log: 'System' Date/Time: 24/11/2014 1:19:41 PM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Windows Search service terminated unexpectedly. It has done this 3 time(s).
Log: 'System' Date/Time: 24/11/2014 1:19:41 PM
Type: Error Category: 0
Event: 7024 Source: Service Control Manager
The Windows Search service terminated with service-specific error %%-2147217025.
Log: 'System' Date/Time: 24/11/2014 1:19:15 PM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Windows Event Log service terminated unexpectedly. It has done this 3 time(s).
Log: 'System' Date/Time: 24/11/2014 1:19:15 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Windows Event Log service terminated with the following error: Access is denied.
Log: 'System' Date/Time: 24/11/2014 1:19:15 PM
Type: Error Category: 100
Event: 23 Source: Microsoft-Windows-Eventlog
The event logging service encountered an error (res=5) while initializing logging resources for channel System.
Log: 'System' Date/Time: 24/11/2014 1:19:15 PM
Type: Error Category: 100
Event: 23 Source: Microsoft-Windows-Eventlog
The event logging service encountered an error (res=5) while initializing logging resources for channel System.
Log: 'System' Date/Time: 24/11/2014 1:18:56 PM
Type: Error Category: 0
Event: 7032 Source: Service Control Manager
The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
Log: 'System' Date/Time: 24/11/2014 1:18:26 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Information Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 24/11/2014 6:18:00 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Adobe Flash Player Update Service service entered the stopped state.
Log: 'System' Date/Time: 24/11/2014 6:18:00 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Adobe Flash Player Update Service service entered the running state.
Log: 'System' Date/Time: 24/11/2014 5:18:00 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Adobe Flash Player Update Service service entered the stopped state.
Log: 'System' Date/Time: 24/11/2014 5:18:00 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Adobe Flash Player Update Service service entered the running state.
Log: 'System' Date/Time: 24/11/2014 4:18:00 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Adobe Flash Player Update Service service entered the stopped state.
Log: 'System' Date/Time: 24/11/2014 4:18:00 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Adobe Flash Player Update Service service entered the running state.
Log: 'System' Date/Time: 24/11/2014 4:16:53 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Microsoft Software Shadow Copy Provider service entered the stopped state.
Log: 'System' Date/Time: 24/11/2014 4:13:53 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Volume Shadow Copy service entered the stopped state.
Log: 'System' Date/Time: 24/11/2014 4:10:50 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Microsoft Software Shadow Copy Provider service entered the running state.
Log: 'System' Date/Time: 24/11/2014 4:10:50 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Volume Shadow Copy service entered the running state.
Log: 'System' Date/Time: 24/11/2014 4:07:57 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Google Update Service (gupdate) service entered the stopped state.
Log: 'System' Date/Time: 24/11/2014 4:07:54 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Google Update Service (gupdate) service entered the running state.
Log: 'System' Date/Time: 24/11/2014 3:27:22 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Multimedia Class Scheduler service entered the stopped state.
Log: 'System' Date/Time: 24/11/2014 3:18:00 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Adobe Flash Player Update Service service entered the stopped state.
Log: 'System' Date/Time: 24/11/2014 3:18:00 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Adobe Flash Player Update Service service entered the running state.
Log: 'System' Date/Time: 24/11/2014 3:15:43 PM
Type: Information Category: 0
Event: 7040 Source: Service Control Manager
The start type of the Background Intelligent Transfer Service service was changed from auto start to demand start.
Log: 'System' Date/Time: 24/11/2014 3:12:29 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Windows Activation Technologies Service service entered the stopped state.
Log: 'System' Date/Time: 24/11/2014 3:11:29 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Windows Activation Technologies Service service entered the running state.
Log: 'System' Date/Time: 24/11/2014 2:43:59 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Multimedia Class Scheduler service entered the running state.
Log: 'System' Date/Time: 24/11/2014 2:30:38 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Windows Error Reporting Service service entered the stopped state.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 24/11/2014 1:19:15 PM
Type: Warning Category: 100
Event: 27 Source: Microsoft-Windows-Eventlog
The event logging service encountered an error (res=5) while opening log file for channel System. Trying again using default log file path %SystemRoot%\System32\Winevt\Logs\System.evtx.
Log: 'System' Date/Time: 24/11/2014 1:17:14 PM
Type: Warning Category: 100
Event: 27 Source: Microsoft-Windows-Eventlog
The event logging service encountered an error (res=5) while opening log file for channel System. Trying again using default log file path %SystemRoot%\System32\Winevt\Logs\System.evtx.
Log: 'System' Date/Time: 24/11/2014 1:16:14 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_FLASH_DISK&REV_8.07#6D2785CE&0#.
Log: 'System' Date/Time: 24/11/2014 1:15:21 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\tib_mounter failed to load for the device Root\ACRONISDEVICES\0001.
Log: 'System' Date/Time: 24/11/2014 1:15:21 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\vididr failed to load for the device Root\ACRONISDEVICES\0000.
Log: 'System' Date/Time: 24/11/2014 1:15:20 PM
Type: Warning Category: 100
Event: 27 Source: Microsoft-Windows-Eventlog
The event logging service encountered an error (res=5) while opening log file for channel System. Trying again using default log file path %SystemRoot%\System32\Winevt\Logs\System.evtx.
Log: 'System' Date/Time: 24/11/2014 1:15:04 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\tib_mounter failed to load for the device Root\ACRONISDEVICES\0001.
Log: 'System' Date/Time: 24/11/2014 1:15:04 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\vididr failed to load for the device Root\ACRONISDEVICES\0000.
Log: 'System' Date/Time: 24/11/2014 5:20:39 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name contacts.msn.com timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 24/11/2014 2:21:18 AM
Type: Warning Category: 100
Event: 27 Source: Microsoft-Windows-Eventlog
The event logging service encountered an error (res=5) while opening log file for channel System. Trying again using default log file path %SystemRoot%\System32\Winevt\Logs\System.evtx.
Log: 'System' Date/Time: 24/11/2014 2:19:18 AM
Type: Warning Category: 100
Event: 27 Source: Microsoft-Windows-Eventlog
The event logging service encountered an error (res=5) while opening log file for channel System. Trying again using default log file path %SystemRoot%\System32\Winevt\Logs\System.evtx.
Log: 'System' Date/Time: 24/11/2014 2:18:19 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_FLASH_DISK&REV_8.07#6D2785CE&0#.
Log: 'System' Date/Time: 24/11/2014 2:18:10 AM
Type: Warning Category: 0
Event: 7039 Source: Service Control Manager
A service process other than the one launched by the Service Control Manager connected when starting the Garmin Core Update Service service. The Service Control Manager launched process 2408 and process 1960 connected instead. Note that if this service is configured to start under a debugger, this behavior is expected.
Log: 'System' Date/Time: 24/11/2014 2:18:00 AM
Type: Warning Category: 0
Event: 7039 Source: Service Control Manager
A service process other than the one launched by the Service Control Manager connected when starting the DYMO PnP Service service. The Service Control Manager launched process 1960 and process 2292 connected instead. Note that if this service is configured to start under a debugger, this behavior is expected.
Log: 'System' Date/Time: 24/11/2014 2:17:40 AM
Type: Warning Category: 100
Event: 27 Source: Microsoft-Windows-Eventlog
The event logging service encountered an error (res=5) while opening log file for channel System. Trying again using default log file path %SystemRoot%\System32\Winevt\Logs\System.evtx.
Log: 'System' Date/Time: 24/11/2014 2:17:38 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\tib_mounter failed to load for the device Root\ACRONISDEVICES\0001.
Log: 'System' Date/Time: 24/11/2014 2:17:38 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\vididr failed to load for the device Root\ACRONISDEVICES\0000.
Log: 'System' Date/Time: 24/11/2014 2:17:15 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\tib_mounter failed to load for the device Root\ACRONISDEVICES\0001.
Log: 'System' Date/Time: 24/11/2014 2:17:15 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\vididr failed to load for the device Root\ACRONISDEVICES\0000.
Log: 'System' Date/Time: 24/11/2014 2:14:32 AM
Type: Warning Category: 100
Event: 27 Source: Microsoft-Windows-Eventlog
The event logging service encountered an error (res=5) while opening log file for channel System. Trying again using default log file path %SystemRoot%\System32\Winevt\Logs\System.evtx.

 

[Go The Power]

That looks to have fixed the issue with the event log.

Can you try and activated Windows again? Follow the instructions here to activate online: Activate Windows on this computer - Windows Help

Then restart the machine, then run MGADiag again and post the contents.

 

[bgreen51]

Windows still shows that it has been activated, but will not validate at the Microsoft validation site. I still get the following:


When I click Validate I still get the following:


Here are the results of MGADiag:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0x8004FE21
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-4P8JK-GDBGY-3GJJ3
Windows Product Key Hash: KTQaEJY0tkRzXMCFzOZdRxcpYWk=
Windows Product ID: 00426-074-3110513-85900
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7601.2.00010100.1.0.001
ID: {54F651EE-4C48-4A38-832C-DBE7849E2A97}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.7.59.1
Signed By: Microsoft
Product Name: Windows 7 Ultimate
Architecture: 0x00000000
Build lab: 7601.win7sp1_gdr.140303-2144
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: 2.0.48.0
OGAExec.exe Signed By: Microsoft
OGAAddin.dll Signed By: Microsoft
OGA Data-->
Office Status: 100 Genuine
2007 Microsoft Office system - 100 Genuine
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-b01a_E2AD56EA-766-0_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
File Mismatch: C:\Windows\system32\sppobjs.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppc.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppwinob.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\slc.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\slcext.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppuinotify.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\slui.exe[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcomapi.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppcommdlg.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\sppsvc.exe[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\drivers\spsys.sys[6.1.7127.0], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7601.17514], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\user32.dll[6.1.7601.17514], Hr = 0x800b0100
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{54F651EE-4C48-4A38-832C-DBE7849E2A97}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-3GJJ3</PKey><PID>00426-074-3110513-85900</PID><PIDType>5</PIDType><SID>S-1-5-21-1596105258-3852694724-2662578111</SID><SYSTEM><Manufacturer>HP-Pavilion</Manufacturer><Model>GG062AV-ABA m8010y</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version> 5.07</Version><SMBIOSVersion major="2" minor="4"/><Date>20070524000000.000000+000</Date></BIOS><HWID>A7E43907018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Mountain Standard Time(GMT-07:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-CPC</OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-0031-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>2007 Microsoft Office system</Name><Ver>12</Ver><Val>54C7C399DB0FDAE</Val><Hash>b8cI4DJUrGTV2TGDJ3dD3tnSY/o=</Hash><Pid>89451-OEM-6672786-36084</Pid><PidType>4</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
Software licensing service version: 6.1.7601.17514
Name: Windows(R) 7, Ultimate edition
Description: Windows Operating System - Windows(R) 7, RETAIL channel
Activation ID: ac96e1a8-6cc4-4310-a4ff-332ce77fb5b8
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00426-00170-074-311051-01-1033-7601.0000-3222014
Installation ID: 015376386774548930762952030845693481425342187773212652
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 3GJJ3
License Status: Licensed
Remaining Windows rearm count: 4
Trusted time: 29/11/2014 11:44:09 PM

Name: Windows(R) 7, OCUR add-on for Ultimate,HomePremium,Enterprise,Professional,ServerHomePremium,Embedded
Description: Windows Operating System - Windows(R) 7, RETAIL channel
Activation ID: afd5f68f-b70f-4000-a21d-28dbc8be8b07
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 55041-00142-446-536312-00-1033-7601.0000-3222014
Installation ID: 013913068470454796205605629534798326057003892540429153
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: PK6VH
License Status: Licensed
Remaining Windows rearm count: 4
Trusted time: 29/11/2014 11:44:09 PM
Windows Activation Technologies-->
HrOffline: 0x8004FE21
HrOnline: N/A
HealthStatus: 0x000000000001EFF0
Event Time Stamp: 11:29:2014 23:37
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
Tampered File: %systemroot%\system32\sppobjs.dll
Tampered File: %systemroot%\system32\sppc.dll|sppc.dll.mui
Tampered File: %systemroot%\system32\sppcext.dll|sppcext.dll.mui
Tampered File: %systemroot%\system32\sppwinob.dll
Tampered File: %systemroot%\system32\slc.dll|slc.dll.mui
Tampered File: %systemroot%\system32\slcext.dll|slcext.dll.mui
Tampered File: %systemroot%\system32\sppuinotify.dll|sppuinotify.dll.mui
Tampered File: %systemroot%\system32\slui.exe|slui.exe.mui|COM Registration
Tampered File: %systemroot%\system32\sppcomapi.dll|sppcomapi.dll.mui
Tampered File: %systemroot%\system32\sppcommdlg.dll|sppcommdlg.dll.mui
Tampered File: %systemroot%\system32\sppsvc.exe|sppsvc.exe.mui
Tampered File: %systemroot%\system32\drivers\spsys.sys

HWID Data-->
HWID Hash Current: MgAAAAIAAAABAAEAAQACAAAAAwABAAEA6GEm5DbvpKtghtqtvK3+D0dVivq0crVyzDE=
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x0
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC HPQOEM SLIC-CPC
FACP HPQOEM SLIC-CPC
HPET HPQOEM SLIC-CPC
MCFG HPQOEM SLIC-CPC
OSFR HPQOEM SLIC-CPC
SLIC HPQOEM SLIC-CPC
SSDT HPQOEM SLIC-CPC

 

[Go The Power]

Can you please try SURT again:

Please follow the instructions Here to run the System Update Readiness Tool. When the SURT finishes installing, copy (Ctrl + C) and paste (Ctrl + V) the contents of the SURT log into your next post please:
C:\Windows\Logs\CBS\CheckSUR.log
C:\Windows\Logs\CBS\CheckSUR.persist.log