Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

7 keeps crashing


  • Please log in to reply
1 reply to this topic

#1 silver34

silver34

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 06 November 2009 - 01:20 PM

Hi all

my computer keeps crashing for no apparant reason not even a blue screen of death can someone please help BELOW IS A LOG FROM BEGINGING OF MONTH

Log Name: Microsoft-Windows-PrintService/Admin
Source: Microsoft-Windows-PrintService
Date: 06/11/2009 17:00:11
Event ID: 315
Task Category: Sharing a printer
Level: Error
Keywords: Classic Spooler Event,Printer
User: SYSTEM
Computer: MomandDad-PC
Description:
The print spooler failed to share printer HP Deskjet F2200 series with shared resource name HP Deskjet F2200 series. Error 2114. The printer cannot be used by others on the network.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-PrintService" Guid="{747EF6FD-E535-4D16-B510-42C90F6873A1}" />
<EventID>315</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>30</Task>
<Opcode>12</Opcode>
<Keywords>0x8000000000000820</Keywords>
<TimeCreated SystemTime="2009-11-06T17:00:11.083200000Z" />
<EventRecordID>23</EventRecordID>
<Correlation />
<Execution ProcessID="1436" ThreadID="1864" />
<Channel>Microsoft-Windows-PrintService/Admin</Channel>
<Computer>MomandDad-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<UserData>
<ShareFailed xmlns:auto-ns3="http://schemas.microsoft.com/win/2004/08/events" xmlns="http://manifests.microsoft.com/win/2005/08/windows/printing/spooler/core/events">
<Param1>2114</Param1>
<Param2>HP Deskjet F2200 series</Param2>
<Param3>HP Deskjet F2200 series</Param3>
</ShareFailed>
</UserData>
</Event>

Log Name: System
Source: Microsoft-Windows-Wininit
Date: 06/11/2009 16:59:58
Event ID: 11
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: MomandDad-PC
Description:
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206F6DEA-D3C5-4D10-BC72-989F03C8B84B}" />
<EventID>11</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2009-11-06T16:59:58.494000000Z" />
<EventRecordID>6087</EventRecordID>
<Correlation />
<Execution ProcessID="484" ThreadID="512" />
<Channel>System</Channel>
<Computer>MomandDad-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="StringCount">2</Data>
<Data Name="String">C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll</Data>
<Data Name="String">C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll</Data>
</EventData>
</Event>

Log Name: Security
Source: Microsoft-Windows-Eventlog
Date: 06/11/2009 16:59:53
Event ID: 1101
Task Category: Event processing
Level: Error
Keywords: Audit Success
User: N/A
Computer: MomandDad-PC
Description:
Audit events have been dropped by the transport. 0
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Eventlog" Guid="{fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148}" />
<EventID>1101</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>101</Task>
<Opcode>0</Opcode>
<Keywords>0x4020000000000000</Keywords>
<TimeCreated SystemTime="2009-11-06T16:59:53.751600000Z" />
<EventRecordID>1599</EventRecordID>
<Correlation />
<Execution ProcessID="864" ThreadID="1060" />
<Channel>Security</Channel>
<Computer>MomandDad-PC</Computer>
<Security />
</System>
<UserData>
<AuditEventsDropped xmlns:auto-ns3="http://schemas.microsoft.com/win/2004/08/events" xmlns="http://manifests.microsoft.com/win/2004/08/windows/eventlog">
<Reason>0</Reason>
</AuditEventsDropped>
</UserData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Power
Date: 06/11/2009 16:59:38
Event ID: 41
Task Category: (63)
Level: Critical
Keywords: (2)
User: SYSTEM
Computer: MomandDad-PC
Description:
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Power" Guid="{331C3B3A-2005-44C2-AC5E-77220C37D6B4}" />
<EventID>41</EventID>
<Version>2</Version>
<Level>1</Level>
<Task>63</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000002</Keywords>
<TimeCreated SystemTime="2009-11-06T16:59:38.838000000Z" />
<EventRecordID>6073</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>MomandDad-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="BugcheckCode">0</Data>
<Data Name="BugcheckParameter1">0x0</Data>
<Data Name="BugcheckParameter2">0x0</Data>
<Data Name="BugcheckParameter3">0x0</Data>
<Data Name="BugcheckParameter4">0x0</Data>
<Data Name="SleepInProgress">false</Data>
<Data Name="PowerButtonTimestamp">0</Data>
</EventData>
</Event>

Log Name: System
Source: EventLog
Date: 06/11/2009 16:59:52
Event ID: 6008
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: MomandDad-PC
Description:
The previous system shutdown at 16:56:23 on ‎06/‎11/‎2009 was unexpected.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="EventLog" />
<EventID Qualifiers="32768">6008</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2009-11-06T16:59:52.000000000Z" />
<EventRecordID>6068</EventRecordID>
<Channel>System</Channel>
<Computer>MomandDad-PC</Computer>
<Security />
</System>
<EventData>
<Data>16:56:23</Data>
<Data>‎06/‎11/‎2009</Data>
<Data>
</Data>
<Data>
</Data>
<Data>34211</Data>
<Data>
</Data>
<Data>
</Data>
<Binary>D9070B00050006001000380017001F03D9070B00050006001000380017001F03080700003C0000000100000008070000000000003C0000000100000000000000</Binary>
</EventData>
</Event>

Log Name: Application
Source: SideBySide
Date: 06/11/2009 10:21:43
Event ID: 59
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: MomandDad-PC
Description:
Activation context generation failed for "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll".Error in manifest or policy file "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll" on line 2. Invalid Xml syntax.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="SideBySide" />
<EventID Qualifiers="49409">59</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2009-11-06T10:21:43.000000000Z" />
<EventRecordID>2505</EventRecordID>
<Channel>Application</Channel>
<Computer>MomandDad-PC</Computer>
<Security />
</System>
<EventData>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll</Data>
<Data>c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll</Data>
<Data>2</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 06/11/2009 07:54:20
Event ID: 7001
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: MomandDad-PC
Description:
The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error:
Access is denied.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7001</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2009-11-06T07:54:20.126800000Z" />
<EventRecordID>6046</EventRecordID>
<Correlation />
<Execution ProcessID="548" ThreadID="3820" />
<Channel>System</Channel>
<Computer>MomandDad-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">WebClient</Data>
<Data Name="param2">WebDav Client Redirector Driver</Data>
<Data Name="param3">%%5</Data>
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 06/11/2009 07:54:20
Event ID: 7000
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: MomandDad-PC
Description:
The WebDav Client Redirector Driver service failed to start due to the following error:
Access is denied.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7000</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2009-11-06T07:54:20.126800000Z" />
<EventRecordID>6045</EventRecordID>
<Correlation />
<Execution ProcessID="548" ThreadID="3820" />
<Channel>System</Channel>
<Computer>MomandDad-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">WebDav Client Redirector Driver</Data>
<Data Name="param2">%%5</Data>
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 06/11/2009 07:54:04
Event ID: 7001
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: MomandDad-PC
Description:
The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error:
Access is denied.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7001</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2009-11-06T07:54:04.130800000Z" />
<EventRecordID>6044</EventRecordID>
<Correlation />
<Execution ProcessID="548" ThreadID="3828" />
<Channel>System</Channel>
<Computer>MomandDad-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">WebClient</Data>
<Data Name="param2">WebDav Client Redirector Driver</Data>
<Data Name="param3">%%5</Data>
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 06/11/2009 07:54:04
Event ID: 7000
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: MomandDad-PC
Description:
The WebDav Client Redirector Driver service failed to start due to the following error:
Access is denied.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7000</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2009-11-06T07:54:04.130800000Z" />
<EventRecordID>6043</EventRecordID>
<Correlation />
<Execution ProcessID="548" ThreadID="3828" />
<Channel>System</Channel>
<Computer>MomandDad-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">WebDav Client Redirector Driver</Data>
<Data Name="param2">%%5</Data>
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 06/11/2009 07:53:50
Event ID: 7001
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: MomandDad-PC
Description:
The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error:
Access is denied.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7001</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2009-11-06T07:53:50.132800000Z" />
<EventRecordID>6042</EventRecordID>
<Correlation />
<Execution ProcessID="548" ThreadID="3820" />
<Channel>System</Channel>
<Computer>MomandDad-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">WebClient</Data>
<Data Name="param2">WebDav Client Redirector Driver</Data>
<Data Name="param3">%%5</Data>
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 06/11/2009 07:53:50
Event ID: 7000
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: MomandDad-PC
Description:
The WebDav Client Redirector Driver service failed to start due to the following error:
Access is denied.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7000</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2009-11-06T07:53:50.132800000Z" />
<EventRecordID>6041</EventRecordID>
<Correlation />
<Execution ProcessID="548" ThreadID="3820" />
<Channel>System</Channel>
<Computer>MomandDad-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">WebDav Client Redirector Driver</Data>
<Data Name="param2">%%5</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Wininit
Date: 06/11/2009 07:26:44
Event ID: 11
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: MomandDad-PC
Description:
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206F6DEA-D3C5-4D10-BC72-989F03C8B84B}" />
<EventID>11</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2009-11-06T07:26:44.090000000Z" />
<EventRecordID>5961</EventRecordID>
<Correlation />
<Execution ProcessID="484" ThreadID="516" />
<Channel>System</Channel>
<Computer>MomandDad-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="StringCount">2</Data>
<Data Name="String">C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll</Data>
<Data Name="String">C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll</Data>
</EventData>
</Event>

Log Name: System
Source: EventLog
Date: 06/11/2009 07:26:38
Event ID: 6008
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: MomandDad-PC
Description:
The previous system shutdown at 22:29:43 on ‎05/‎11/‎2009 was unexpected.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="EventLog" />
<EventID Qualifiers="32768">6008</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2009-11-06T07:26:38.000000000Z" />
<EventRecordID>5955</EventRecordID>
<Channel>System</Channel>
<Computer>MomandDad-PC</Computer>
<Security />
</System>
<EventData>
<Data>22:29:43</Data>
<Data>‎05/‎11/‎2009</Data>
<Data>
</Data>
<Data>
</Data>
<Data>22631</Data>
<Data>
</Data>
<Data>
</Data>
<Binary>D9070B000400050016001D002B00E201D9070B000400050016001D002B00E201080700003C0000000100000008070000000000003C0000000100000000000000</Binary>
</EventData>
</Event>

Log Name: Application
Source: Application Hang
Date: 05/11/2009 20:14:50
Event ID: 1002
Task Category: (101)
Level: Error
Keywords: Classic
User: N/A
Computer: MomandDad-PC
Description:
The program WINWORD.EXE version 12.0.6504.5000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: dd8
Start Time: 01ca5e54074da7d0
Termination Time: 15
Application Path: C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
Report Id: d4cb65d1-ca47-11de-91a9-001e8ce6334b

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Application Hang" />
<EventID Qualifiers="0">1002</EventID>
<Level>2</Level>
<Task>101</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2009-11-05T20:14:50.000000000Z" />
<EventRecordID>2479</EventRecordID>
<Channel>Application</Channel>
<Computer>MomandDad-PC</Computer>
<Security />
</System>
<EventData>
<Data>WINWORD.EXE</Data>
<Data>12.0.6504.5000</Data>
<Data>dd8</Data>
<Data>01ca5e54074da7d0</Data>
<Data>15</Data>
<Data>C:\Program Files\Microsoft Office\Office12\WINWORD.EXE</Data>
<Data>d4cb65d1-ca47-11de-91a9-001e8ce6334b</Data>
<Binary>55006E006B006E006F0077006E0000000000</Binary>
</EventData>
</Event>

Log Name: OSession
Source: Microsoft Office 12 Sessions
Date: 05/11/2009 20:14:45
Event ID: 7002
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: MomandDad-PC
Description:
ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 252 seconds with 120 seconds of active time. This session ended with a hang.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft Office 12 Sessions" />
<EventID Qualifiers="0">7002</EventID>
<Level>3</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2009-11-05T20:14:45.000000000Z" />
<EventRecordID>25</EventRecordID>
<Channel>OSession</Channel>
<Computer>MomandDad-PC</Computer>
<Security />
</System>
<EventData>
<Data>0</Data>
<Data>Microsoft Office Word</Data>
<Data>12.0.6504.5000</Data>
<Data>12.0.6425.1000</Data>
<Data>252</Data>
<Data>120</Data>
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 05/11/2009 20:14:25
Event ID: 7001
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: MomandDad-PC
Description:
The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error:
Access is denied.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7001</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2009-11-05T20:14:25.129800000Z" />
<EventRecordID>5931</EventRecordID>
<Correlation />
<Execution ProcessID="548" ThreadID="5492" />
<Channel>System</Channel>
<Computer>MomandDad-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">WebClient</Data>
<Data Name="param2">WebDav Client Redirector Driver</Data>
<Data Name="param3">%%5</Data>
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 05/11/2009 20:14:25
Event ID: 7000
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: MomandDad-PC
Description:
The WebDav Client Redirector Driver service failed to start due to the following error:
Access is denied.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7000</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2009-11-05T20:14:25.129800000Z" />
<EventRecordID>5930</EventRecordID>
<Correlation />
<Execution ProcessID="548" ThreadID="5492" />
<Channel>System</Channel>
<Computer>MomandDad-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">WebDav Client Redirector Driver</Data>
<Data Name="param2">%%5</Data>
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 05/11/2009 20:14:09
Event ID: 7001
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: MomandDad-PC
Description:
The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error:
Access is denied.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7001</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2009-11-05T20:14:09.139800000Z" />
<EventRecordID>5929</EventRecordID>
<Correlation />
<Execution ProcessID="548" ThreadID="3464" />
<Channel>System</Channel>
<Computer>MomandDad-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">WebClient</Data>
<Data Name="param2">WebDav Client Redirector Driver</Data>
<Data Name="param3">%%5</Data>
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 05/11/2009 20:14:09
Event ID: 7000
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: MomandDad-PC
Description:
The WebDav Client Redirector Driver service failed to start due to the following error:
Access is denied.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7000</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2009-11-05T20:14:09.139800000Z" />
<EventRecordID>5928</EventRecordID>
<Correlation />
<Execution ProcessID="548" ThreadID="3464" />
<Channel>System</Channel>
<Computer>MomandDad-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">WebDav Client Redirector Driver</Data>
<Data Name="param2">%%5</Data>
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 05/11/2009 20:13:51
Event ID: 7001
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: MomandDad-PC
Description:
The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error:
Access is denied.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7001</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2009-11-05T20:13:51.137400000Z" />
<EventRecordID>5927</EventRecordID>
<Correlation />
<Execution ProcessID="548" ThreadID="5492" />
<Channel>System</Channel>
<Computer>MomandDad-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">WebClient</Data>
<Data Name="param2">WebDav Client Redirector Driver</Data>
<Data Name="param3">%%5</Data>
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 05/11/2009 20:13:51
Event ID: 7000
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: MomandDad-PC
Description:
The WebDav Client Redirector Driver service failed to start due to the following error:
Access is denied.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7000</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2009-11-05T20:13:51.137400000Z" />
<EventRecordID>5926</EventRecordID>
<Correlation />
<Execution ProcessID="548" ThreadID="5492" />
<Channel>System</Channel>
<Computer>MomandDad-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">WebDav Client Redirector Driver</Data>
<Data Name="param2">%%5</Data>
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 05/11/2009 20:11:31
Event ID: 7001
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: MomandDad-PC
Description:
The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error:
Access is denied.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7001</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2009-11-05T20:11:31.127400000Z" />
<EventRecordID>5924</EventRecordID>
<Correlation />
<Execution ProcessID="548" ThreadID="5128" />
<Channel>System</Channel>
<Computer>MomandDad-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">WebClient</Data>
<Data Name="param2">WebDav Client Redirector Driver</Data>
<Data Name="param3">%%5</Data>
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 05/11/2009 20:11:31
Event ID: 7000
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: MomandDad-PC
Description:
The WebDav Client Redirector Driver service failed to start due to the following error:
Access is denied.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7000</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2009-11-05T20:11:31.127400000Z" />
<EventRecordID>5923</EventRecordID>
<Correlation />
<Execution ProcessID="548" ThreadID="5128" />
<Channel>System</Channel>
<Computer>MomandDad-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">WebDav Client Redirector Driver</Data>
<Data Name="param2">%%5</Data>
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 05/11/2009 20:11:15
Event ID: 7001
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: MomandDad-PC
Description:
The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error:
Access is denied.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7001</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2009-11-05T20:11:15.137400000Z" />
<EventRecordID>5922</EventRecordID>
<Correlation />
<Execution ProcessID="548" ThreadID="5128" />
<Channel>System</Channel>
<Computer>MomandDad-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">WebClient</Data>
<Data Name="param2">WebDav Client Redirector Driver</Data>
<Data Name="param3">%%5</Data>
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 05/11/2009 20:11:15
Event ID: 7000
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: MomandDad-PC
Description:
The WebDav Client Redirector Driver service failed to start due to the following error:
Access is denied.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7000</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2009-11-05T20:11:15.137400000Z" />
<EventRecordID>5921</EventRecordID>
<Correlation />
<Execution ProcessID="548" ThreadID="5128" />
<Channel>System</Channel>
<Computer>MomandDad-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">WebDav Client Redirector Driver</Data>
<Data Name="param2">%%5</Data>
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 05/11/2009 20:10:57
Event ID: 7001
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: MomandDad-PC
Description:
The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error:
Access is denied.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7001</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2009-11-05T20:10:57.166200000Z" />
<EventRecordID>5920</EventRecordID>
<Correlation />
<Execution ProcessID="548" ThreadID="3464" />
<Channel>System</Channel>
<Computer>MomandDad-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">WebClient</Data>
<Data Name="param2">WebDav Client Redirector Driver</Data>
<Data Name="param3">%%5</Data>
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 05/11/2009 20:10:57
Event ID: 7000
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: MomandDad-PC
Description:
The WebDav Client Redirector Driver service failed to start due to the following error:
Access is denied.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7000</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2009-11-05T20:10:57.166200000Z" />
<EventRecordID>5919</EventRecordID>
<Correlation />
<Execution ProcessID="548" ThreadID="3464" />
<Channel>System</Channel>
<Computer>MomandDad-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">WebDav Client Redirector Driver</Data>
<Data Name="param2">%%5</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Wininit
Date: 05/11/2009 16:13:02
Event ID: 11
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: MomandDad-PC
Description:
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206F6DEA-D3C5-4D10-BC72-989F03C8B84B}" />
<EventID>11</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2009-11-05T16:13:02.873200000Z" />
<EventRecordID>5809</EventRecordID>
<Correlation />
<Execution ProcessID="484" ThreadID="516" />
<Channel>System</Channel>
<Computer>MomandDad-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="StringCount">2</Data>
<Data Name="String">C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll</Data>
<Data Name="String">C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll</Data>
</EventData>
</Event>

Log Name: System
Source: EventLog
Date: 05/11/2009 16:12:56
Event ID: 6008
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: MomandDad-PC
Description:
The previous system shutdown at 15:57:15 on ‎05/‎11/‎2009 was unexpected.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="EventLog" />
<EventID Qualifiers="32768">6008</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2009-11-05T16:12:56.000000000Z" />
<EventRecordID>5795</EventRecordID>
<Channel>System</Channel>
<Computer>MomandDad-PC</Computer>
<Security />
</System>
<EventData>
<Data>15:57:15</Data>
<Data>‎05/‎11/‎2009</Data>
<Data>
</Data>
<Data>
</Data>
<Data>17470</Data>
<Data>
</Data>
<Data>
</Data>
<Binary>D9070B00040005000F0039000F00DC03D9070B00040005000F0039000F00DC03080700003C0000000100000008070000000000003C0000000100000000000000</Binary>
</EventData>
</Event>

Log Name: Security
Source: Microsoft-Windows-Eventlog
Date: 05/11/2009 16:12:57
Event ID: 1101
Task Category: Event processing
Level: Error
Keywords: Audit Success
User: N/A
Computer: MomandDad-PC
Description:
Audit events have been dropped by the transport. 0
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Eventlog" Guid="{fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148}" />
<EventID>1101</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>101</Task>
<Opcode>0</Opcode>
<Keywords>0x4020000000000000</Keywords>
<TimeCreated SystemTime="2009-11-05T16:12:57.881200000Z" />
<EventRecordID>1532</EventRecordID>
<Correlation />
<Execution ProcessID="884" ThreadID="1072" />
<Channel>Security</Channel>
<Computer>MomandDad-PC</Computer>
<Security />
</System>
<UserData>
<AuditEventsDropped xmlns:auto-ns3="http://schemas.microsoft.com/win/2004/08/events" xmlns="http://manifests.microsoft.com/win/2004/08/windows/eventlog">
<Reason>0</Reason>
</AuditEventsDropped>
</UserData>
</Event>

Log Name: System
Source: Microsoft-Windows-Kernel-Power
Date: 05/11/2009 16:12:43
Event ID: 41
Task Category: (63)
Level: Critical
Keywords: (2)
User: SYSTEM
Computer: MomandDad-PC
Description:
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Power" Guid="{331C3B3A-2005-44C2-AC5E-77220C37D6B4}" />
<EventID>41</EventID>
<Version>2</Version>
<Level>1</Level>
<Task>63</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000002</Keywords>
<TimeCreated SystemTime="2009-11-05T16:12:43.466800000Z" />
<EventRecordID>5791</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>MomandDad-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="BugcheckCode">0</Data>
<Data Name="BugcheckParameter1">0x0</Data>
<Data Name="BugcheckParameter2">0x0</Data>
<Data Name="BugcheckParameter3">0x0</Data>
<Data Name="BugcheckParameter4">0x0</Data>
<Data Name="SleepInProgress">false</Data>
<Data Name="PowerButtonTimestamp">0</Data>
</EventData>
</Event>

Log Name: Microsoft-Windows-PrintService/Admin
Source: Microsoft-Windows-PrintService
Date: 05/11/2009 11:06:54
Event ID: 315
Task Category: Sharing a printer
Level: Error
Keywords: Classic Spooler Event,Printer
User: SYSTEM
Computer: MomandDad-PC
Description:
The print spooler failed to share printer HP Deskjet F2200 series with shared resource name HP Deskjet F2200 series. Error 2114. The printer cannot be used by others on the network.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-PrintService" Guid="{747EF6FD-E535-4D16-B510-42C90F6873A1}" />
<EventID>315</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>30</Task>
<Opcode>12</Opcode>
<Keywords>0x8000000000000820</Keywords>
<TimeCreated SystemTime="2009-11-05T11:06:54.187600000Z" />
<EventRecordID>22</EventRecordID>
<Correlation />
<Execution ProcessID="1436" ThreadID="2316" />
<Channel>Microsoft-Windows-PrintService/Admin</Channel>
<Computer>MomandDad-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<UserData>
<ShareFailed xmlns:auto-ns3="http://schemas.microsoft.com/win/2004/08/events" xmlns="http://manifests.microsoft.com/win/2005/08/windows/printing/spooler/core/events">
<Param1>2114</Param1>
<Param2>HP Deskjet F2200 series</Param2>
<Param3>HP Deskjet F2200 series</Param3>
</ShareFailed>
</UserData>
</Event>

Log Name: System
Source: Microsoft-Windows-Wininit
Date: 05/11/2009 11:06:36
Event ID: 11
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: MomandDad-PC
Description:
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206F6DEA-D3C5-4D10-BC72-989F03C8B84B}" />
<EventID>11</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2009-11-05T11:06:36.122800000Z" />
<EventRecordID>5699</EventRecordID>
<Correlation />
<Execution ProcessID="492" ThreadID="516" />
<Channel>System</Channel>
<Computer>MomandDad-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="StringCount">2</Data>
<Data Name="String">C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll</Data>
<Data Name="String">C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll</Data>
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 05/11/2009 07:53:06
Event ID: 7016
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: MomandDad-PC
Description:
The NVIDIA Display Driver Service service has reported an invalid current state 32.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7016</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2009-11-05T07:53:06.276800000Z" />
<EventRecordID>5650</EventRecordID>
<Correlation />
<Execution ProcessID="544" ThreadID="4048" />
<Channel>System</Channel>
<Computer>MomandDad-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">NVIDIA Display Driver Service</Data>
<Data Name="param2">32</Data>
</EventData>
</Event>

Log Name: Application
Source: Microsoft-Windows-User Profiles Service
Date: 05/11/2009 07:53:01
Event ID: 1530
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: MomandDad-PC
Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-3048134380-1304594601-2582167704-1001_Classes:
Process 1848 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3048134380-1304594601-2582167704-1001_CLASSES

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" />
<EventID>1530</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2009-11-05T07:53:01.425200000Z" />
<EventRecordID>2426</EventRecordID>
<Correlation ActivityID="{00000000-2B28-0000-21E6-2B93E85DCA01}" />
<Execution ProcessID="1020" ThreadID="12" />
<Channel>Application</Channel>
<Computer>MomandDad-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="EVENT_HIVE_LEAK">
<Data Name="Detail">1 user registry handles leaked from \Registry\User\S-1-5-21-3048134380-1304594601-2582167704-1001_Classes:
Process 1848 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3048134380-1304594601-2582167704-1001_CLASSES
</Data>
</EventData>
</Event>

Log Name: Application
Source: Microsoft-Windows-User Profiles Service
Date: 05/11/2009 07:53:01
Event ID: 1530
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: MomandDad-PC
Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
3 user registry handles leaked from \Registry\User\S-1-5-21-3048134380-1304594601-2582167704-1001:
Process 1848 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3048134380-1304594601-2582167704-1001
Process 1848 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3048134380-1304594601-2582167704-1001
Process 1848 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3048134380-1304594601-2582167704-1001\Software\KasperskyLab\protected\AVP9

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" />
<EventID>1530</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2009-11-05T07:53:01.035200000Z" />
<EventRecordID>2425</EventRecordID>
<Correlation ActivityID="{00000000-2B28-0000-21E6-2B93E85DCA01}" />
<Execution ProcessID="1020" ThreadID="12" />
<Channel>Application</Channel>
<Computer>MomandDad-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="EVENT_HIVE_LEAK">
<Data Name="Detail">3 user registry handles leaked from \Registry\User\S-1-5-21-3048134380-1304594601-2582167704-1001:
Process 1848 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3048134380-1304594601-2582167704-1001
Process 1848 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3048134380-1304594601-2582167704-1001
Process 1848 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3048134380-1304594601-2582167704-1001\Software\KasperskyLab\protected\AVP9
</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Wininit
Date: 05/11/2009 07:21:53
Event ID: 11
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: MomandDad-PC
Description:
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206F6DEA-D3C5-4D10-BC72-989F03C8B84B}" />
<EventID>11</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2009-11-05T07:21:53.136800000Z" />
<EventRecordID>5553</EventRecordID>
<Correlation />
<Execution ProcessID="488" ThreadID="612" />
<Channel>System</Channel>
<Computer>MomandDad-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="StringCount">2</Data>
<Data Name="String">C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll</Data>
<Data Name="String">C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll</Data>
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 04/11/2009 21:02:12
Event ID: 7016
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: MomandDad-PC
Description:
The NVIDIA Display Driver Service service has reported an invalid current state 32.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7016</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2009-11-04T21:02:12.953200000Z" />
<EventRecordID>5503</EventRecordID>
<Correlation />
<Execution ProcessID="552" ThreadID="3508" />
<Channel>System</Channel>
<Computer>MomandDad-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">NVIDIA Display Driver Service</Data>
<Data Name="param2">32</Data>
</EventData>
</Event>

Log Name: Application
Source: Microsoft-Windows-User Profiles Service
Date: 04/11/2009 21:02:07
Event ID: 1530
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: MomandDad-PC
Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-3048134380-1304594601-2582167704-1001_Classes:
Process 1984 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3048134380-1304594601-2582167704-1001_CLASSES

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" />
<EventID>1530</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2009-11-04T21:02:07.072000000Z" />
<EventRecordID>2396</EventRecordID>
<Correlation />
<Execution ProcessID="1032" ThreadID="5048" />
<Channel>Application</Channel>
<Computer>MomandDad-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="EVENT_HIVE_LEAK">
<Data Name="Detail">1 user registry handles leaked from \Registry\User\S-1-5-21-3048134380-1304594601-2582167704-1001_Classes:
Process 1984 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3048134380-1304594601-2582167704-1001_CLASSES
</Data>
</EventData>
</Event>

Log Name: Application
Source: Microsoft-Windows-User Profiles Service
Date: 04/11/2009 21:02:06
Event ID: 1530
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: MomandDad-PC
Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
3 user registry handles leaked from \Registry\User\S-1-5-21-3048134380-1304594601-2582167704-1001:
Process 1984 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3048134380-1304594601-2582167704-1001
Process 1984 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3048134380-1304594601-2582167704-1001
Process 1984 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3048134380-1304594601-2582167704-1001\Software\KasperskyLab\protected\AVP9

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" />
<EventID>1530</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2009-11-04T21:02:06.151600000Z" />
<EventRecordID>2395</EventRecordID>
<Correlation />
<Execution ProcessID="1032" ThreadID="5048" />
<Channel>Application</Channel>
<Computer>MomandDad-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="EVENT_HIVE_LEAK">
<Data Name="Detail">3 user registry handles leaked from \Registry\User\S-1-5-21-3048134380-1304594601-2582167704-1001:
Process 1984 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3048134380-1304594601-2582167704-1001
Process 1984 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3048134380-1304594601-2582167704-1001
Process 1984 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3048134380-1304594601-2582167704-1001\Software\KasperskyLab\protected\AVP9
</Data>
</EventData>
</Event>

Log Name: Application
Source: SideBySide
Date: 04/11/2009 12:55:05
Event ID: 59
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: MomandDad-PC
Description:
Activation context generation failed for "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll".Error in manifest or policy file "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll" on line 2. Invalid Xml syntax.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="SideBySide" />
<EventID Qualifiers="49409">59</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2009-11-04T12:55:05.000000000Z" />
<EventRecordID>2392</EventRecordID>
<Channel>Application</Channel>
<Computer>MomandDad-PC</Computer>
<Security />
</System>
<EventData>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll</Data>
<Data>c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll</Data>
<Data>2</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Wininit
Date: 04/11/2009 11:43:17
Event ID: 11
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: MomandDad-PC
Description:
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206F6DEA-D3C5-4D10-BC72-989F03C8B84B}" />
<EventID>11</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2009-11-04T11:43:17.963600000Z" />
<EventRecordID>5375</EventRecordID>
<Correlation />
<Execution ProcessID="488" ThreadID="520" />
<Channel>System</Channel>
<Computer>MomandDad-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="StringCount">2</Data>
<Data Name="String">C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll</Data>
<Data Name="String">C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll</Data>
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 04/11/2009 08:27:45
Event ID: 7016
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: MomandDad-PC
Description:
The NVIDIA Display Driver Service service has reported an invalid current state 32.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7016</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2009-11-04T08:27:45.827800000Z" />
<EventRecordID>5328</EventRecordID>
<Correlation />
<Execution ProcessID="544" ThreadID="3576" />
<Channel>System</Channel>
<Computer>MomandDad-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">NVIDIA Display Driver Service</Data>
<Data Name="param2">32</Data>
</EventData>
</Event>

Log Name: Application
Source: Microsoft-Windows-User Profiles Service
Date: 04/11/2009 08:26:47
Event ID: 1530
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: MomandDad-PC
Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-3048134380-1304594601-2582167704-1001_Classes:
Process 1888 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3048134380-1304594601-2582167704-1001_CLASSES

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" />
<EventID>1530</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2009-11-04T08:26:47.998600000Z" />
<EventRecordID>2365</EventRecordID>
<Correlation ActivityID="{00000000-7B28-0000-A1FA-6E5D1F5DCA01}" />
<Execution ProcessID="996" ThreadID="5004" />
<Channel>Application</Channel>
<Computer>MomandDad-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="EVENT_HIVE_LEAK">
<Data Name="Detail">1 user registry handles leaked from \Registry\User\S-1-5-21-3048134380-1304594601-2582167704-1001_Classes:
Process 1888 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3048134380-1304594601-2582167704-1001_CLASSES
</Data>
</EventData>
</Event>

Log Name: Application
Source: Microsoft-Windows-User Profiles Service
Date: 04/11/2009 08:26:47
Event ID: 1530
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: MomandDad-PC
Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
3 user registry handles leaked from \Registry\User\S-1-5-21-3048134380-1304594601-2582167704-1001:
Process 1888 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3048134380-1304594601-2582167704-1001
Process 1888 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3048134380-1304594601-2582167704-1001
Process 1888 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3048134380-1304594601-2582167704-1001\Software\KasperskyLab\protected\AVP9

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" />
<EventID>1530</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2009-11-04T08:26:47.515000000Z" />
<EventRecordID>2364</EventRecordID>
<Correlation ActivityID="{00000000-7B28-0000-A1FA-6E5D1F5DCA01}" />
<Execution ProcessID="996" ThreadID="5004" />
<Channel>Application</Channel>
<Computer>MomandDad-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="EVENT_HIVE_LEAK">
<Data Name="Detail">3 user registry handles leaked from \Registry\User\S-1-5-21-3048134380-1304594601-2582167704-1001:
Process 1888 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3048134380-1304594601-2582167704-1001
Process 1888 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3048134380-1304594601-2582167704-1001
Process 1888 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3048134380-1304594601-2582167704-1001\Software\KasperskyLab\protected\AVP9
</Data>
</EventData>
</Event>

Log Name: System
Source: EventLog
Date: 04/11/2009 07:21:45
Event ID: 6008
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: MomandDad-PC
Description:
The previous system shutdown at 20:46:05 on ‎03/‎11/‎2009 was unexpected.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="EventLog" />
<EventID Qualifiers="32768">6008</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2009-11-04T07:21:45.000000000Z" />
<EventRecordID>5211</EventRecordID>
<Channel>System</Channel>
<Computer>MomandDad-PC</Computer>
<Security />
</System>
<EventData>
<Data>20:46:05</Data>
<Data>‎03/‎11/‎2009</Data>
<Data>
</Data>
<Data>
</Data>
<Data>33549</Data>
<Data>
</Data>
<Data>
</Data>
<Binary>D9070B000200030014002E000500A600D9070B000200030014002E000500A600080700003C0000000100000008070000000000003C0000000100000000000000</Binary>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Wininit
Date: 04/11/2009 07:21:45
Event ID: 11
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: MomandDad-PC
Description:
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206F6DEA-D3C5-4D10-BC72-989F03C8B84B}" />
<EventID>11</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2009-11-04T07:21:45.119200000Z" />
<EventRecordID>5201</EventRecordID>
<Correlation />
<Execution ProcessID="480" ThreadID="552" />
<Channel>System</Channel>
<Computer>MomandDad-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="StringCount">2</Data>
<Data Name="String">C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll</Data>
<Data Name="String">C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll</Data>
</EventData>
</Event>

Log Name: System
Source: Tcpip
Date: 03/11/2009 16:39:40
Event ID: 4228
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: MomandDad-PC
Description:
TCP/IP has chosen to restrict the scale factor due to a network condition. This could be related to a problem in a network device and will cause degraded throughput.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Tcpip" />
<EventID Qualifiers="32768">4228</EventID>
<Level>3</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2009-11-03T16:39:40.274000000Z" />
<EventRecordID>5165</EventRecordID>
<Channel>System</Channel>
<Computer>MomandDad-PC</Computer>
<Security />
</System>
<EventData>
<Data>
</Data>
<Binary>00000000010000000000000084100080000000000000000000000000000000000000000000000000</Binary>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-DNS-Client
Date: 03/11/2009 15:30:31
Event ID: 1014
Task Category: None
Level: Warning
Keywords:
User: NETWORK SERVICE
Computer: MomandDad-PC
Description:
Name resolution for the name genesis.1337x.org timed out after none of the configured DNS servers responded.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DNS-Client" Guid="{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}" />
<EventID>1014</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2009-11-03T15:30:31.859600000Z" />
<EventRecordID>5157</EventRecordID>
<Correlation />
<Execution ProcessID="1280" ThreadID="1616" />
<Channel>System</Channel>
<Computer>MomandDad-PC</Computer>
<Security UserID="S-1-5-20" />
</System>
<EventData>
<Data Name="QueryName">genesis.1337x.org</Data>
<Data Name="AddressLength">16</Data>
<Data Name="Address">02000035C0A801010000000000000000</Data>
</EventData>
</Event>

Log Name: Application
Source: SideBySide
Date: 03/11/2009 12:32:32
Event ID: 59
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: MomandDad-PC
Description:
Activation context generation failed for "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll".Error in manifest or policy file "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll" on line 2. Invalid Xml syntax.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="SideBySide" />
<EventID Qualifiers="49409">59</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2009-11-03T12:32:32.000000000Z" />
<EventRecordID>2332</EventRecordID>
<Channel>Application</Channel>
<Computer>MomandDad-PC</Computer>
<Security />
</System>
<EventData>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll</Data>
<Data>c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll</Data>
<Data>2</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
</EventData>
</Event>

Log Name: Microsoft-Windows-PrintService/Admin
Source: Microsoft-Windows-PrintService
Date: 03/11/2009 11:27:40
Event ID: 315
Task Category: Sharing a printer
Level: Error
Keywords: Classic Spooler Event,Printer
User: SYSTEM
Computer: MomandDad-PC
Description:
The print spooler failed to share printer HP Deskjet F2200 series with shared resource name HP Deskjet F2200 series. Error 53. The printer cannot be used by others on the network.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-PrintService" Guid="{747EF6FD-E535-4D16-B510-42C90F6873A1}" />
<EventID>315</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>30</Task>
<Opcode>12</Opcode>
<Keywords>0x8000000000000820</Keywords>
<TimeCreated SystemTime="2009-11-03T11:27:40.024000000Z" />
<EventRecordID>21</EventRecordID>
<Correlation />
<Execution ProcessID="1432" ThreadID="2240" />
<Channel>Microsoft-Windows-PrintService/Admin</Channel>
<Computer>MomandDad-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<UserData>
<ShareFailed xmlns:auto-ns3="http://schemas.microsoft.com/win/2004/08/events" xmlns="http://manifests.microsoft.com/win/2005/08/windows/printing/spooler/core/events">
<Param1>53</Param1>
<Param2>HP Deskjet F2200 series</Param2>
<Param3>HP Deskjet F2200 series</Param3>
</ShareFailed>
</UserData>
</Event>

Log Name: System
Source: Microsoft-Windows-Wininit
Date: 03/11/2009 11:27:25
Event ID: 11
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: MomandDad-PC
Description:
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206F6DEA-D3C5-4D10-BC72-989F03C8B84B}" />
<EventID>11</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2009-11-03T11:27:25.249200000Z" />
<EventRecordID>5045</EventRecordID>
<Correlation />
<Execution ProcessID="492" ThreadID="516" />
<Channel>System</Channel>
<Computer>MomandDad-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="StringCount">2</Data>
<Data Name="String">C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll</Data>
<Data Name="String">C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll</Data>
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 02/11/2009 22:05:16
Event ID: 7016
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: MomandDad-PC
Description:
The NVIDIA Display Driver Service service has reported an invalid current state 32.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7016</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2009-11-02T22:05:16.054150000Z" />
<EventRecordID>4986</EventRecordID>
<Correlation />
<Execution ProcessID="548" ThreadID="4760" />
<Channel>System</Channel>
<Computer>MomandDad-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">NVIDIA Display Driver Service</Data>
<Data Name="param2">32</Data>
</EventData>
</Event>

Log Name: Application
Source: Microsoft-Windows-User Profiles Service
Date: 02/11/2009 22:05:06
Event ID: 1530
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: MomandDad-PC
Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-3048134380-1304594601-2582167704-1001_Classes:
Process 1788 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3048134380-1304594601-2582167704-1001_CLASSES

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" />
<EventID>1530</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2009-11-02T22:05:06.070150000Z" />
<EventRecordID>2304</EventRecordID>
<Correlation ActivityID="{00000000-DB28-0000-2108-87D9905BCA01}" />
<Execution ProcessID="1000" ThreadID="5096" />
<Channel>Application</Channel>
<Computer>MomandDad-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="EVENT_HIVE_LEAK">
<Data Name="Detail">1 user registry handles leaked from \Registry\User\S-1-5-21-3048134380-1304594601-2582167704-1001_Classes:
Process 1788 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3048134380-1304594601-2582167704-1001_CLASSES
</Data>
</EventData>
</Event>

Log Name: Application
Source: Microsoft-Windows-User Profiles Service
Date: 02/11/2009 22:05:04
Event ID: 1530
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: MomandDad-PC
Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
4 user registry handles leaked from \Registry\User\S-1-5-21-3048134380-1304594601-2582167704-1001:
Process 1788 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3048134380-1304594601-2582167704-1001
Process 1788 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3048134380-1304594601-2582167704-1001
Process 1788 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3048134380-1304594601-2582167704-1001\Software\Microsoft\Windows NT\CurrentVersion
Process 1788 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3048134380-1304594601-2582167704-1001\Software\KasperskyLab\protected\AVP9

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" />
<EventID>1530</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2009-11-02T22:05:04.962550000Z" />
<EventRecordID>2303</EventRecordID>
<Correlation ActivityID="{00000000-DB28-0000-2108-87D9905BCA01}" />
<Execution ProcessID="1000" ThreadID="5096" />
<Channel>Application</Channel>
<Computer>MomandDad-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="EVENT_HIVE_LEAK">
<Data Name="Detail">4 user registry handles leaked from \Registry\User\S-1-5-21-3048134380-1304594601-2582167704-1001:
Process 1788 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3048134380-1304594601-2582167704-1001
Process 1788 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3048134380-1304594601-2582167704-1001
Process 1788 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3048134380-1304594601-2582167704-1001\Software\Microsoft\Windows NT\CurrentVersion
Process 1788 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3048134380-1304594601-2582167704-1001\Software\KasperskyLab\protected\AVP9
</Data>
</EventData>
</Event>

Log Name: System
Source: VDS Basic Provider
Date: 02/11/2009 20:47:32
Event ID: 1
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: MomandDad-PC
Description:
Unexpected failure. Error code: 490@01010004
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="VDS Basic Provider" />
<EventID Qualifiers="49664">1</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2009-11-02T20:47:32.000000000Z" />
<EventRecordID>4963</EventRecordID>
<Channel>System</Channel>
<Computer>MomandDad-PC</Computer>
<Security />
</System>
<EventData>
<Data>490@01010004</Data>
</EventData>
</Event>

Log Name: System
Source: VDS Basic Provider
Date: 02/11/2009 20:15:39
Event ID: 1
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: MomandDad-PC
Description:
Unexpected failure. Error code: 490@01010004
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="VDS Basic Provider" />
<EventID Qualifiers="49664">1</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2009-11-02T20:15:39.000000000Z" />
<EventRecordID>4943</EventRecordID>
<Channel>System</Channel>
<Computer>MomandDad-PC</Computer>
<Security />
</System>
<EventData>
<Data>490@01010004</Data>
</EventData>
</Event>

Log Name: Application
Source: SideBySide
Date: 02/11/2009 10:45:12
Event ID: 59
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: MomandDad-PC
Description:
Activation context generation failed for "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll".Error in manifest or policy file "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll" on line 2. Invalid Xml syntax.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="SideBySide" />
<EventID Qualifiers="49409">59</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2009-11-02T10:45:12.000000000Z" />
<EventRecordID>2266</EventRecordID>
<Channel>Application</Channel>
<Computer>MomandDad-PC</Computer>
<Security />
</System>
<EventData>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll</Data>
<Data>c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll</Data>
<Data>2</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
</EventData>
</Event>

Log Name: Microsoft-Windows-PrintService/Admin
Source: Microsoft-Windows-PrintService
Date: 02/11/2009 07:49:08
Event ID: 315
Task Category: Sharing a printer
Level: Error
Keywords: Classic Spooler Event,Printer
User: SYSTEM
Computer: MomandDad-PC
Description:
The print spooler failed to share printer HP Deskjet F2200 series with shared resource name HP Deskjet F2200 series. Error 2114. The printer cannot be used by others on the network.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-PrintService" Guid="{747EF6FD-E535-4D16-B510-42C90F6873A1}" />
<EventID>315</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>30</Task>
<Opcode>12</Opcode>
<Keywords>0x8000000000000820</Keywords>
<TimeCreated SystemTime="2009-11-02T07:49:08.939600000Z" />
<EventRecordID>20</EventRecordID>
<Correlation />
<Execution ProcessID="1448" ThreadID="2524" />
<Channel>Microsoft-Windows-PrintService/Admin</Channel>
<Computer>MomandDad-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<UserData>
<ShareFailed xmlns:auto-ns3="http://schemas.microsoft.com/win/2004/08/events" xmlns="http://manifests.microsoft.com/win/2005/08/windows/printing/spooler/core/events">
<Param1>2114</Param1>
<Param2>HP Deskjet F2200 series</Param2>
<Param3>HP Deskjet F2200 series</Param3>
</ShareFailed>
</UserData>
</Event>

Log Name: System
Source: Microsoft-Windows-Wininit
Date: 02/11/2009 07:48:53
Event ID: 11
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: MomandDad-PC
Description:
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206F6DEA-D3C5-4D10-BC72-989F03C8B84B}" />
<EventID>11</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2009-11-02T07:48:53.760800000Z" />
<EventRecordID>4826</EventRecordID>
<Correlation />
<Execution ProcessID="492" ThreadID="516" />
<Channel>System</Channel>
<Computer>MomandDad-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="StringCount">2</Data>
<Data Name="String">C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll</Data>
<Data Name="String">C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll</Data>
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 01/11/2009 21:52:12
Event ID: 7016
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: MomandDad-PC
Description:
The NVIDIA Display Driver Service service has reported an invalid current state 32.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7016</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2009-11-01T21:52:12.073000000Z" />
<EventRecordID>4766</EventRecordID>
<Correlation />
<Execution ProcessID="548" ThreadID="2664" />
<Channel>System</Channel>
<Computer>MomandDad-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">NVIDIA Display Driver Service</Data>
<Data Name="param2">32</Data>
</EventData>
</Event>

Log Name: Application
Source: Microsoft-Windows-User Profiles Service
Date: 01/11/2009 21:52:07
Event ID: 1530
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: MomandDad-PC
Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-3048134380-1304594601-2582167704-1001_Classes:
Process 2576 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3048134380-1304594601-2582167704-1001_CLASSES

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" />
<EventID>1530</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2009-11-01T21:52:07.315000000Z" />
<EventRecordID>2241</EventRecordID>
<Correlation />
<Execution ProcessID="980" ThreadID="3368" />
<Channel>Application</Channel>
<Computer>MomandDad-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="EVENT_HIVE_LEAK">
<Data Name="Detail">1 user registry handles leaked from \Registry\User\S-1-5-21-3048134380-1304594601-2582167704-1001_Classes:
Process 2576 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3048134380-1304594601-2582167704-1001_CLASSES
</Data>
</EventData>
</Event>

Log Name: Application
Source: Microsoft-Windows-User Profiles Service
Date: 01/11/2009 21:52:06
Event ID: 1530
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: MomandDad-PC
Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
3 user registry handles leaked from \Registry\User\S-1-5-21-3048134380-1304594601-2582167704-1001:
Process 2576 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3048134380-1304594601-2582167704-1001
Process 2576 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3048134380-1304594601-2582167704-1001
Process 2576 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3048134380-1304594601-2582167704-1001\Software\KasperskyLab\protected\AVP9

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" />
<EventID>1530</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2009-11-01T21:52:06.862600000Z" />
<EventRecordID>2240</EventRecordID>
<Correlation />
<Execution ProcessID="980" ThreadID="3368" />
<Channel>Application</Channel>
<Computer>MomandDad-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="EVENT_HIVE_LEAK">
<Data Name="Detail">3 user registry handles leaked from \Registry\User\S-1-5-21-3048134380-1304594601-2582167704-1001:
Process 2576 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3048134380-1304594601-2582167704-1001
Process 2576 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3048134380-1304594601-2582167704-1001
Process 2576 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3048134380-1304594601-2582167704-1001\Software\KasperskyLab\protected\AVP9
</Data>
</EventData>
</Event>

Log Name: Microsoft-Windows-PrintService/Admin
Source: Microsoft-Windows-PrintService
Date: 01/11/2009 19:09:49
Event ID: 315
Task Category: Sharing a printer
Level: Error
Keywords: Classic Spooler Event,Printer
User: SYSTEM
Computer: MomandDad-PC
Description:
The print spooler failed to share printer HP Deskjet F2200 series with shared resource name HP Deskjet F2200 series. Error 2114. The printer cannot be used by others on the network.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-PrintService" Guid="{747EF6FD-E535-4D16-B510-42C90F6873A1}" />
<EventID>315</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>30</Task>
<Opcode>12</Opcode>
<Keywords>0x8000000000000820</Keywords>
<TimeCreated SystemTime="2009-11-01T19:09:49.362800000Z" />
<EventRecordID>19</EventRecordID>
<Correlation />
<Execution ProcessID="1384" ThreadID="1836" />
<Channel>Microsoft-Windows-PrintService/Admin</Channel>
<Computer>MomandDad-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<UserData>
<ShareFailed xmlns:auto-ns3="http://schemas.microsoft.com/win/2004/08/events" xmlns="http://manifests.microsoft.com/win/2005/08/windows/printing/spooler/core/events">
<Param1>2114</Param1>
<Param2>HP Deskjet F2200 series</Param2>
<Param3>HP Deskjet F2200 series</Param3>
</ShareFailed>
</UserData>
</Event>

Log Name: System
Source: Microsoft-Windows-Wininit
Date: 01/11/2009 19:09:42
Event ID: 11
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: MomandDad-PC
Description:
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206F6DEA-D3C5-4D10-BC72-989F03C8B84B}" />
<EventID>11</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2009-11-01T19:09:42.810800000Z" />
<EventRecordID>4681</EventRecordID>
<Correlation />
<Execution ProcessID="480" ThreadID="516" />
<Channel>System</Channel>
<Computer>MomandDad-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="StringCount">2</Data>
<Data Name="String">C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll</Data>
<Data Name="String">C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll</Data>
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 01/11/2009 15:39:05
Event ID: 7016
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: MomandDad-PC
Description:
The NVIDIA Display Driver Service service has reported an invalid current state 32.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7016</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2009-11-01T15:39:05.471200000Z" />
<EventRecordID>4618</EventRecordID>
<Correlation />
<Execution ProcessID="556" ThreadID="208" />
<Channel>System</Channel>
<Computer>MomandDad-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">NVIDIA Display Driver Service</Data>
<Data Name="param2">32</Data>
</EventData>
</Event>

Log Name: Application
Source: Microsoft-Windows-User Profiles Service
Date: 01/11/2009 15:39:00
Event ID: 1530
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: MomandDad-PC
Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-3048134380-1304594601-2582167704-1001_Classes:
Process 2236 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3048134380-1304594601-2582167704-1001_CLASSES

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" />
<EventID>1530</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2009-11-01T15:39:00.682000000Z" />
<EventRecordID>2208</EventRecordID>
<Correlation ActivityID="{84369B9C-19D7-0001-A16E-1231D25ACA01}" />
<Execution ProcessID="1012" ThreadID="1136" />
<Channel>Application</Channel>
<Computer>MomandDad-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="EVENT_HIVE_LEAK">
<Data Name="Detail">1 user registry handles leaked from \Registry\User\S-1-5-21-3048134380-1304594601-2582167704-1001_Classes:
Process 2236 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3048134380-1304594601-2582167704-1001_CLASSES
</Data>
</EventData>
</Event>

Log Name: Application
Source: Microsoft-Windows-User Profiles Service
Date: 01/11/2009 15:38:59
Event ID: 1530
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: MomandDad-PC
Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
3 user registry handles leaked from \Registry\User\S-1-5-21-3048134380-1304594601-2582167704-1001:
Process 2236 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3048134380-1304594601-2582167704-1001
Process 2236 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3048134380-1304594601-2582167704-1001
Process 2236 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3048134380-1304594601-2582167704-1001\Software\KasperskyLab\protected\AVP9

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" />
<EventID>1530</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2009-11-01T15:38:59.824000000Z" />
<EventRecordID>2207</EventRecordID>
<Correlation ActivityID="{84369B9C-19D7-0001-A16E-1231D25ACA01}" />
<Execution ProcessID="1012" ThreadID="1136" />
<Channel>Application</Channel>
<Computer>MomandDad-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="EVENT_HIVE_LEAK">
<Data Name="Detail">3 user registry handles leaked from \Registry\User\S-1-5-21-3048134380-1304594601-2582167704-1001:
Process 2236 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3048134380-1304594601-2582167704-1001
Process 2236 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3048134380-1304594601-2582167704-1001
Process 2236 (\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3048134380-1304594601-2582167704-1001\Software\KasperskyLab\protected\AVP9
</Data>
</EventData>
</Event>

Log Name: Application
Source: SideBySide
Date: 01/11/2009 11:30:16
Event ID: 59
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: MomandDad-PC
Description:
Activation context generation failed for "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll".Error in manifest or policy file "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll" on line 2. Invalid Xml syntax.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="SideBySide" />
<EventID Qualifiers="49409">59</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2009-11-01T11:30:16.000000000Z" />
<EventRecordID>2204</EventRecordID>
<Channel>Application</Channel>
<Computer>MomandDad-PC</Computer>
<Security />
</System>
<EventData>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll</Data>
<Data>c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll</Data>
<Data>2</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-Wininit
Date: 01/11/2009 09:04:06
Event ID: 11
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: MomandDad-PC
Description:
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206F6DEA-D3C5-4D10-BC72-989F03C8B84B}" />
<EventID>11</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2009-11-01T09:04:06.339600000Z" />
<EventRecordID>4508</EventRecordID>
<Correlation />
<Execution ProcessID="492" ThreadID="520" />
<Channel>System</Channel>
<Computer>MomandDad-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="StringCount">2</Data>
<Data Name="String">C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll</Data>
<Data Name="String">C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll</Data>
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 01/11/2009 00:14:57
Event ID: 7016
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: MomandDad-PC
Description:
The NVIDIA Display Driver Service service has reported an invalid current state 32.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7016</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2009-11-01T00:14:57.740800000Z" />
<EventRecordID>4446</EventRecordID>
<Correlation />
<Execution ProcessID="552" ThreadID="3488" />
<Channel>System</Channel>
<Computer>MomandDad-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">NVIDIA Display Driver Service</Data>
<Data Name="param2">32</Data>
</EventData>
</Event>

BC AdBot (Login to Remove)

 


#2 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:09:52 AM

Posted 07 November 2009 - 12:31 PM

Instead of attaching a log, it would be better if you told us things like which version of Windows 7 you were running, the system it is running on, what you are doing when it crashes, etc. There are quite a few access errors in the log which could indicate a hard drive problem, but there are also display driver errors, so it is a bit hard to say.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users