Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What causes these errors and a sluggish computer? details inside


  • Please log in to reply
1 reply to this topic

#1 derpyfingersq

derpyfingersq

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 15 January 2015 - 12:10 AM

Ever since i bought the computer, it has been a little weird.  every once in a while the computer would freeze up for a little bit and then resume running fine after 10 seconds.  As time went on the frequency of these events increased and the length of the lag increased. I recieved a few bsods with "internal power error".  I replaced the 750 watt psu with an 800 watt psu which didnt completely fix my problem, but changed it.  Boot is still slow, but occasionally it goes quite fast (still not as fast as it should) and the computer runs smoother with less freezing but it still happens and it is still a nuisance.  I have tried several clean windows installs.  i got some errors and warnings in the event viewer i will post that text below the system specs.  chkdsk didnt help either, im thinking about doing another one.


Processor     Intel® Core™ i7 CPU 920 @ 2.67GHz (8 CPUs), ~2.7GHz
Hard Drive     1.5 TB
Motherboard     Asus P6T SE
Operating System     Windows 7 Home Premium 64-bit (6.1, Build 7601) Service Pack 1 (7601.win7sp1_gdr.110622-1506)
Video Card     NVIDIA GeForce GTX 260

Installed Physical Memory (RAM)    6.00 GB
Total Physical Memory    5.99 GB
Available Physical Memory    3.64 GB
Total Virtual Memory    12.0 GB
Available Virtual Memory    9.24 GB
Page File Space    5.99 GB
Boot Device    \Device\HarddiskVolume1


Log Name:      Microsoft-Windows-Kernel-EventTracing/Admin
Source:        Microsoft-Windows-Kernel-EventTracing
Date:          1/14/2015 10:00:30 PM
Event ID:      3
Task Category: Session
Level:         Error
Keywords:      Session
User:          SYSTEM
Computer:      Vader-PC
Description:
Session "ReadyBoot" stopped due to the following error: 0xC0000188
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Kernel-EventTracing" Guid="{B675EC37-BDB6-4648-BC92-F3FDC74D3CA2}" />
    <EventID>3</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>2</Task>
    <Opcode>14</Opcode>
    <Keywords>0x8000000000000010</Keywords>
    <TimeCreated SystemTime="2015-01-15T04:00:30.570943900Z" />
    <EventRecordID>6</EventRecordID>
    <Correlation />
    <Execution ProcessID="4" ThreadID="200" />
    <Channel>Microsoft-Windows-Kernel-EventTracing/Admin</Channel>
    <Computer>Vader-PC</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="SessionName">ReadyBoot</Data>
    <Data Name="FileName">C:\Windows\Prefetch\ReadyBoot\ReadyBoot.etl</Data>
    <Data Name="ErrorCode">3221225864</Data>
    <Data Name="LoggingMode">0</Data>
  </EventData>
</Event>

Log Name:      System
Source:        Microsoft-Windows-WindowsUpdateClient
Date:          1/13/2015 9:47:46 AM
Event ID:      20
Task Category: Windows Update Agent
Level:         Error
Keywords:      Failure,Installation
User:          SYSTEM
Computer:      Vader-PC
Description:
Installation Failure: Windows failed to install the following update with error 0x80080005: Windows Update Aux.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-WindowsUpdateClient" Guid="{945A8954-C147-4ACD-923F-40C45405A658}" />
    <EventID>20</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>1</Task>
    <Opcode>13</Opcode>
    <Keywords>0x8000000000000028</Keywords>
    <TimeCreated SystemTime="2015-01-13T15:47:46.299968200Z" />
    <EventRecordID>1200</EventRecordID>
    <Correlation />
    <Execution ProcessID="944" ThreadID="3048" />
    <Channel>System</Channel>
    <Computer>Vader-PC</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="errorCode">0x80080005</Data>
    <Data Name="updateTitle">Windows Update Aux</Data>
    <Data Name="updateGuid">{0011B9ED-9189-4D58-BE25-FA2F13FC3D6C}</Data>
    <Data Name="updateRevisionNumber">1</Data>
  </EventData>
</Event>

Log Name:      Application
Source:        ESENT
Date:          1/13/2015 9:20:57 PM
Event ID:      215
Task Category: Logging/Recovery
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      Vader-PC
Description:
WinMail (2884) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="ESENT" />
    <EventID Qualifiers="0">215</EventID>
    <Level>2</Level>
    <Task>3</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-01-14T03:20:57.000000000Z" />
    <EventRecordID>578</EventRecordID>
    <Channel>Application</Channel>
    <Computer>Vader-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>WinMail</Data>
    <Data>2884</Data>
    <Data>WindowsMail0: </Data>
  </EventData>
</Event>

Log Name:      Microsoft-Windows-PrintService/Admin
Source:        Microsoft-Windows-PrintService
Date:          1/12/2015 12:45:50 PM
Event ID:      512
Task Category: Initializing a print provider
Level:         Error
Keywords:      Router,Classic Spooler Event
User:          SYSTEM
Computer:      37L4247E29-32
Description:
InitializePrintProvider failed for provider inetpp.dll. This can occur because of system instability or a lack of system resources.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-PrintService" Guid="{747EF6FD-E535-4D16-B510-42C90F6873A1}" />
    <EventID>512</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>1</Task>
    <Opcode>12</Opcode>
    <Keywords>0x8000000000002800</Keywords>
    <TimeCreated SystemTime="2015-01-12T18:45:50.584421700Z" />
    <EventRecordID>1</EventRecordID>
    <Correlation />
    <Execution ProcessID="144" ThreadID="400" />
    <Channel>Microsoft-Windows-PrintService/Admin</Channel>
    <Computer>37L4247E29-32</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <UserData>
    <RouterError xmlns:auto-ns3="http://schemas.microsoft.com/win/2004/08/events" xmlns="http://manifests.microsoft.com/win/2005/08/windows/printing/spooler/core/events">
      <Name>inetpp.dll</Name>
      <Error>0x0</Error>
    </RouterError>
  </UserData>
</Event>


Log Name:      Application
Source:        Microsoft-Windows-CAPI2
Date:          1/14/2015 10:08:03 AM
Event ID:      513
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      Vader-PC
Description:
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary nychvlkv.

System Error:
The system cannot find the file specified.
.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" EventSourceName="Microsoft-Windows-CAPI2" />
    <EventID Qualifiers="0">513</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8080000000000000</Keywords>
    <TimeCreated SystemTime="2015-01-14T16:08:03.781189600Z" />
    <EventRecordID>612</EventRecordID>
    <Correlation />
    <Execution ProcessID="360" ThreadID="1936" />
    <Channel>Application</Channel>
    <Computer>Vader-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>

Details:
AddLegacyDriverFiles: Unable to back up image of binary nychvlkv.

System Error:
The system cannot find the file specified.
</Data>
  </EventData>
</Event>

Log Name:      Microsoft-Windows-Dhcp-Client/Admin
Source:        Microsoft-Windows-Dhcp-Client
Date:          1/14/2015 10:20:53 PM
Event ID:      1001
Task Category: Address Configuration State Event
Level:         Error
Keywords:      
User:          LOCAL SERVICE
Computer:      Vader-PC
Description:
Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0x000C0A650677.  The following error occurred: 0x79. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Dhcp-Client" Guid="{15A7A4F8-0072-4EAB-ABAD-F98A4D666AED}" />
    <EventID>1001</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>3</Task>
    <Opcode>75</Opcode>
    <Keywords>0x4000000000000000</Keywords>
    <TimeCreated SystemTime="2015-01-15T04:20:53.359038600Z" />
    <EventRecordID>17</EventRecordID>
    <Correlation />
    <Execution ProcessID="144" ThreadID="4552" />
    <Channel>Microsoft-Windows-Dhcp-Client/Admin</Channel>
    <Computer>Vader-PC</Computer>
    <Security UserID="S-1-5-19" />
  </System>
  <EventData>
    <Data Name="HWLength">6</Data>
    <Data Name="HWAddress">000C0A650677</Data>
    <Data Name="StatusCode">121</Data>
  </EventData>
</Event>

Log Name:      System
Source:        Microsoft-Windows-WER-SystemErrorReporting
Date:          1/13/2015 7:15:58 PM
Event ID:      1001
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      Vader-PC
Description:
The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000a0 (0x0000000000000009, 0xffffffffc0000001, 0x0000000000000001, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 011315-204720-01.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-WER-SystemErrorReporting" Guid="{ABCE23E7-DE45-4366-8631-84FA6C525952}" EventSourceName="BugCheck" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-01-14T01:15:58.000000000Z" />
    <EventRecordID>1600</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>System</Channel>
    <Computer>Vader-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="param1">0x000000a0 (0x0000000000000009, 0xffffffffc0000001, 0x0000000000000001, 0x0000000000000000)</Data>
    <Data Name="param2">C:\Windows\MEMORY.DMP</Data>
    <Data Name="param3">011315-204720-01</Data>
  </EventData>
</Event>

Log Name:      System
Source:        EventLog
Date:          1/14/2015 10:25:39 AM
Event ID:      6008
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      Vader-PC
Description:
The previous system shutdown at 10:12:20 AM on ‎1/‎14/‎2015 was unexpected.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="EventLog" />
    <EventID Qualifiers="32768">6008</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-01-14T16:25:39.000000000Z" />
    <EventRecordID>2441</EventRecordID>
    <Channel>System</Channel>
    <Computer>Vader-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>10:12:20 AM</Data>
    <Data>‎1/‎14/‎2015</Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>3227</Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Binary>DF07010003000E000A000C0014007403DF07010003000E0010000C0014007403600900003C000000010000006009000000000000B00400000100000000000000</Binary>
  </EventData>
</Event>

Log Name:      System
Source:        Service Control Manager
Date:          1/14/2015 10:06:17 AM
Event ID:      7000
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      Vader-PC
Description:
The Steam Client Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
    <EventID Qualifiers="49152">7000</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8080000000000000</Keywords>
    <TimeCreated SystemTime="2015-01-14T16:06:17.574709800Z" />
    <EventRecordID>2400</EventRecordID>
    <Correlation />
    <Execution ProcessID="580" ThreadID="3500" />
    <Channel>System</Channel>
    <Computer>Vader-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="param1">Steam Client Service</Data>
    <Data Name="param2">%%1053</Data>
  </EventData>
</Event>

Log Name:      System
Source:        Service Control Manager
Date:          1/12/2015 4:12:33 PM
Event ID:      7001
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      Vader-PC
Description:
The WLAN AutoConfig service depends on the Extensible Authentication Protocol service which failed to start because of the following error:
After starting, the service hung in a start-pending state.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
    <EventID Qualifiers="49152">7001</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8080000000000000</Keywords>
    <TimeCreated SystemTime="2015-01-12T22:12:33.782769800Z" />
    <EventRecordID>477</EventRecordID>
    <Correlation />
    <Execution ProcessID="556" ThreadID="912" />
    <Channel>System</Channel>
    <Computer>Vader-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="param1">WLAN AutoConfig</Data>
    <Data Name="param2">Extensible Authentication Protocol</Data>
    <Data Name="param3">%%1070</Data>
  </EventData>
</Event>

Log Name:      System
Source:        Service Control Manager
Date:          1/14/2015 10:06:17 AM
Event ID:      7009
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      Vader-PC
Description:
A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
    <EventID Qualifiers="49152">7009</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8080000000000000</Keywords>
    <TimeCreated SystemTime="2015-01-14T16:06:17.574709800Z" />
    <EventRecordID>2399</EventRecordID>
    <Correlation />
    <Execution ProcessID="580" ThreadID="3500" />
    <Channel>System</Channel>
    <Computer>Vader-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="param1">30000</Data>
    <Data Name="param2">Steam Client Service</Data>
  </EventData>
</Event>

Log Name:      System
Source:        Service Control Manager
Date:          1/13/2015 9:56:15 PM
Event ID:      7011
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      Vader-PC
Description:
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
    <EventID Qualifiers="49152">7011</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8080000000000000</Keywords>
    <TimeCreated SystemTime="2015-01-14T03:56:15.707359500Z" />
    <EventRecordID>2236</EventRecordID>
    <Correlation />
    <Execution ProcessID="576" ThreadID="2536" />
    <Channel>System</Channel>
    <Computer>Vader-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="param1">30000</Data>
    <Data Name="param2">Appinfo</Data>
  </EventData>
</Event>

Log Name:      System
Source:        Service Control Manager
Date:          1/13/2015 8:13:07 PM
Event ID:      7022
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      Vader-PC
Description:
The Security Center service hung on starting.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
    <EventID Qualifiers="49152">7022</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8080000000000000</Keywords>
    <TimeCreated SystemTime="2015-01-14T02:13:07.223720400Z" />
    <EventRecordID>1922</EventRecordID>
    <Correlation />
    <Execution ProcessID="520" ThreadID="3064" />
    <Channel>System</Channel>
    <Computer>Vader-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="param1">Security Center</Data>
  </EventData>
</Event>

Log Name:      System
Source:        Service Control Manager
Date:          1/13/2015 3:28:46 PM
Event ID:      7023
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      Vader-PC
Description:
The Windows Modules Installer service terminated with the following error:
%%16405
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
    <EventID Qualifiers="49152">7023</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8080000000000000</Keywords>
    <TimeCreated SystemTime="2015-01-13T21:28:46.784898800Z" />
    <EventRecordID>1361</EventRecordID>
    <Correlation />
    <Execution ProcessID="532" ThreadID="660" />
    <Channel>System</Channel>
    <Computer>Vader-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="param1">Windows Modules Installer</Data>
    <Data Name="param2">%%16405</Data>
  </EventData>
</Event>

Log Name:      System
Source:        Service Control Manager
Date:          1/13/2015 5:34:24 PM
Event ID:      7043
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      Vader-PC
Description:
The Windows Update service did not shut down properly after receiving a preshutdown control.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
    <EventID Qualifiers="49152">7043</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8080000000000000</Keywords>
    <TimeCreated SystemTime="2015-01-13T23:34:24.040659200Z" />
    <EventRecordID>1439</EventRecordID>
    <Correlation />
    <Execution ProcessID="532" ThreadID="2860" />
    <Channel>System</Channel>
    <Computer>Vader-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="param1">Windows Update</Data>
  </EventData>
</Event>

Log Name:      Microsoft-Windows-Kernel-EventTracing/Admin
Source:        Microsoft-Windows-Kernel-EventTracing
Date:          1/14/2015 10:00:30 PM
Event ID:      4
Task Category: Logging
Level:         Warning
Keywords:      Session
User:          SYSTEM
Computer:      Vader-PC
Description:
The maximum file size for session "ReadyBoot" has been reached. As a result, events might be lost (not logged) to file "C:\Windows\Prefetch\ReadyBoot\ReadyBoot.etl". The maximum files size is currently set to 20971520 bytes.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Kernel-EventTracing" Guid="{B675EC37-BDB6-4648-BC92-F3FDC74D3CA2}" />
    <EventID>4</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>1</Task>
    <Opcode>10</Opcode>
    <Keywords>0x8000000000000010</Keywords>
    <TimeCreated SystemTime="2015-01-15T04:00:30.570943900Z" />
    <EventRecordID>5</EventRecordID>
    <Correlation />
    <Execution ProcessID="4" ThreadID="200" />
    <Channel>Microsoft-Windows-Kernel-EventTracing/Admin</Channel>
    <Computer>Vader-PC</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="SessionName">ReadyBoot</Data>
    <Data Name="FileName">C:\Windows\Prefetch\ReadyBoot\ReadyBoot.etl</Data>
    <Data Name="ErrorCode">3221225864</Data>
    <Data Name="LoggingMode">0</Data>
    <Data Name="MaxFileSize">20971520</Data>
  </EventData>
</Event>

Log Name:      Application
Source:        Microsoft-Windows-Search
Date:          1/12/2015 12:48:11 PM
Event ID:      1008
Task Category: Search service
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      37L4247E29-32
Description:
The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Search" Guid="{CA4E628D-8567-4896-AB6B-835B221F373F}" EventSourceName="Windows Search Service" />
    <EventID Qualifiers="32768">1008</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>1</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-01-12T18:48:11.000000000Z" />
    <EventRecordID>106</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>37L4247E29-32</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="ExtraInfo">
    </Data>
    <Data Name="Reason">Full Index Reset</Data>
  </EventData>
</Event>

Log Name:      Application
Source:        Microsoft-Windows-User Profiles Service
Date:          1/13/2015 9:55:47 PM
Event ID:      1530
Task Category: None
Level:         Warning
Keywords:      
User:          SYSTEM
Computer:      Vader-PC
Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.  

 DETAIL -
 14 user registry handles leaked from \Registry\User\S-1-5-21-3629499605-2103255855-3117248903-1000:
Process 2404 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-3629499605-2103255855-3117248903-1000
Process 2404 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-3629499605-2103255855-3117248903-1000\Software\Microsoft\Windows\Shell
Process 2404 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-3629499605-2103255855-3117248903-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count
Process 2404 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-3629499605-2103255855-3117248903-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 2404 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-3629499605-2103255855-3117248903-1000\Software\Policies
Process 2404 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-3629499605-2103255855-3117248903-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 2404 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-3629499605-2103255855-3117248903-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
Process 2404 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-3629499605-2103255855-3117248903-1000\Software\Microsoft\Windows\Shell\Bags\1\Desktop
Process 2404 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-3629499605-2103255855-3117248903-1000\Software\Microsoft\Windows\Shell\Bags\1\Desktop
Process 2404 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-3629499605-2103255855-3117248903-1000\Software
Process 2404 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-3629499605-2103255855-3117248903-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
Process 2404 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-3629499605-2103255855-3117248903-1000\Software\Microsoft\Windows NT\CurrentVersion
Process 2404 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-3629499605-2103255855-3117248903-1000\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 2404 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-3629499605-2103255855-3117248903-1000\Software\Microsoft\Windows\CurrentVersion\Explorer

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" />
    <EventID>1530</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2015-01-14T03:55:47.486909900Z" />
    <EventRecordID>584</EventRecordID>
    <Correlation />
    <Execution ProcessID="944" ThreadID="152" />
    <Channel>Application</Channel>
    <Computer>Vader-PC</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData Name="EVENT_HIVE_LEAK">
    <Data Name="Detail">14 user registry handles leaked from \Registry\User\S-1-5-21-3629499605-2103255855-3117248903-1000:
Process 2404 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-3629499605-2103255855-3117248903-1000
Process 2404 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-3629499605-2103255855-3117248903-1000\Software\Microsoft\Windows\Shell
Process 2404 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-3629499605-2103255855-3117248903-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count
Process 2404 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-3629499605-2103255855-3117248903-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 2404 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-3629499605-2103255855-3117248903-1000\Software\Policies
Process 2404 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-3629499605-2103255855-3117248903-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 2404 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-3629499605-2103255855-3117248903-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
Process 2404 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-3629499605-2103255855-3117248903-1000\Software\Microsoft\Windows\Shell\Bags\1\Desktop
Process 2404 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-3629499605-2103255855-3117248903-1000\Software\Microsoft\Windows\Shell\Bags\1\Desktop
Process 2404 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-3629499605-2103255855-3117248903-1000\Software
Process 2404 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-3629499605-2103255855-3117248903-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
Process 2404 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-3629499605-2103255855-3117248903-1000\Software\Microsoft\Windows NT\CurrentVersion
Process 2404 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-3629499605-2103255855-3117248903-1000\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 2404 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-3629499605-2103255855-3117248903-1000\Software\Microsoft\Windows\CurrentVersion\Explorer
</Data>
  </EventData>
</Event>


Log Name:      System
Source:        Microsoft-Windows-WLAN-AutoConfig
Date:          1/14/2015 10:33:12 AM
Event ID:      4001
Task Category: None
Level:         Warning
Keywords:      
User:          SYSTEM
Computer:      Vader-PC
Description:
WLAN AutoConfig service has successfully stopped.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-WLAN-AutoConfig" Guid="{9580D7DD-0379-4658-9870-D5BE7D52D6DE}" />
    <EventID>4001</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>2</Opcode>
    <Keywords>0x4000000000000000</Keywords>
    <TimeCreated SystemTime="2015-01-14T16:33:12.583216300Z" />
    <EventRecordID>2584</EventRecordID>
    <Correlation />
    <Execution ProcessID="148" ThreadID="292" />
    <Channel>System</Channel>
    <Computer>Vader-PC</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
  </EventData>
</Event>

Log Name:      Application
Source:        Microsoft-Windows-Winlogon
Date:          1/13/2015 9:14:35 PM
Event ID:      6004
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      Vader-PC
Description:
The winlogon notification subscriber <TrustedInstaller> failed a critical notification event.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Winlogon" Guid="{DBE9B383-7CF3-4331-91CC-A3CB16A3B538}" EventSourceName="Wlclntfy" />
    <EventID Qualifiers="32768">6004</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-01-14T03:14:35.000000000Z" />
    <EventRecordID>495</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>Vader-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>TrustedInstaller</Data>
    <Binary>69060000</Binary>
  </EventData>
</Event>

Log Name:      Application
Source:        Microsoft-Windows-Winlogon
Date:          1/13/2015 9:10:59 PM
Event ID:      6005
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      Vader-PC
Description:
The winlogon notification subscriber <TrustedInstaller> is taking long time to handle the notification event (CreateSession).
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Winlogon" Guid="{DBE9B383-7CF3-4331-91CC-A3CB16A3B538}" EventSourceName="Wlclntfy" />
    <EventID Qualifiers="32768">6005</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-01-14T03:10:59.000000000Z" />
    <EventRecordID>488</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>Vader-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>TrustedInstaller</Data>
    <Data>CreateSession</Data>
    <Binary>00000000</Binary>
  </EventData>
</Event>

Log Name:      Application
Source:        Microsoft-Windows-Winlogon
Date:          1/13/2015 9:13:42 PM
Event ID:      6006
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      Vader-PC
Description:
The winlogon notification subscriber <TrustedInstaller> took 223 second(s) to handle the notification event (CreateSession).
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Winlogon" Guid="{DBE9B383-7CF3-4331-91CC-A3CB16A3B538}" EventSourceName="Wlclntfy" />
    <EventID Qualifiers="32768">6006</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-01-14T03:13:42.000000000Z" />
    <EventRecordID>494</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>Vader-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>TrustedInstaller</Data>
    <Data>223</Data>
    <Data>CreateSession</Data>
    <Binary>04000000</Binary>
  </EventData>
</Event>

Log Name:      Application
Source:        Microsoft-Windows-RestartManager
Date:          1/13/2015 4:14:15 PM
Event ID:      10010
Task Category: None
Level:         Warning
Keywords:      
User:          Vader-PC\Vader
Computer:      Vader-PC
Description:
Application 'C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe' (pid 2208) cannot be restarted - Application SID does not match Conductor SID..
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-RestartManager" Guid="{0888E5EF-9B98-4695-979D-E92CE4247224}" />
    <EventID>10010</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2015-01-13T22:14:15.924156400Z" />
    <EventRecordID>374</EventRecordID>
    <Correlation />
    <Execution ProcessID="2176" ThreadID="1028" />
    <Channel>Application</Channel>
    <Computer>Vader-PC</Computer>
    <Security UserID="S-1-5-21-3629499605-2103255855-3117248903-1000" />
  </System>
  <UserData>
    <RmUnsupportedRestartEvent xmlns:auto-ns2="http://schemas.microsoft.com/win/2004/08/events" xmlns="http://www.microsoft.com/2005/08/Windows/Reliability/RestartManager/">
      <RmSessionId>



BC AdBot (Login to Remove)

 


#2 synergy513

synergy513

  • BC Advisor
  • 1,058 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:38 AM

Posted 15 January 2015 - 04:52 AM

Hello and Welcome to BleepingComputer!!!

 

 

a failing hard drive exhibits such behaviors. if you care to post up your speccy results, that would at least get some hard drive details under the scope.

 

Please Publish a Snapshot using Speccy - http://www.bleepingcomputer.com/forums/topic323892.html/page__p__1797792#entry1797792 , taking care to post the link of the snapshot in your next post.


Edited by hamluis, 16 January 2015 - 08:56 AM.

Moore's Law : 4d Graph in Progress





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users