Svchost problem

Similar Messages

• When I do a download and select SAVE instead of RUN, I create a file but it is not a file that I can do an install from.

  I am attempting to download a savable image of FireFox on one computer and then transfer it to another computer on portable medium. I want to have FireFox on the second computer without ever having to go on line with Windows Internet Explorer.
  My problem is that whenever I run Internet Explorer on the second computer (Compaq Presario 2100 with XP), svchost runs amuck gobbling up all RAM and maxing out CPU. Once svchost gets into this state, it won't let go, even when I exit Explorer. I have even reformatted the hard drive and rebuilt Windows. I hope that this won't happen with FireFox. Do you have any insight into the svchost problem? Any suggestion on how to save an installable file?
  Thanks, Richard Rogers

  read basic about svchost:
  [http://support.microsoft.com/kb/314056/en-us A description of Svchost.exe in Windows XP Professional Edition]
  find svchost services:
  [http://webcache.googleusercontent.com/search?q=cache:pa9PdGlHr0sJ:www.bleepingcomputer.com/tutorials/list-services-running-under-svchost.exe-process/+what+is+svchost.exe&cd=12&hl=el&ct=clnk&gl=gr a way how to determine what services are running under a SVCHOST.EXE process]
  One Temporary Solution is to disable the Windows Automatic Update service:
  http://ask-leo.com/how_do_i_fix_this_high_cpu_usage_svchost_virus_or_whatever_it_is.html
  (no '''it is not''' a virus)
  (works for me)
  thank you
  Please mark "Solved" the answer that really solve the problem, to help others with a similar problem.

• How to solve problem related to svchost and Adobe flash player 11.6 r602 failing to work?

  Hi...
  I have been consistently facing a serious problem regarding the firefox I use. It's Firefox 20.0.1. I use Windows 7 and I have 8 gb of Ram.
  The problem is after I launch Firefox two dialogue boxes appear in quick succession one telling that "svchost.exe has stopped working" and another is telling about "Adobe Flash Player 11.6 r602 has stopped working". The firefox immediately stops working and I have to use the task manager to close the program...even resort to restart the computer sometimes.
  Please tell me solution applying which I can get out of this problem.
  Thanks
  Sam

  Try updating to Flash 11.7, then Reset Firefox [[Reset Firefox – easily fix most problems]]

• Having problem with svchost.exe/ntdll.dll errors causing GPSVC (Group Policy Client) to crash preventing users from logging into the server.

  Recently (within the past 2 weeks) I have noticed a few of our servers will have problems with the svchost.exe application causing the GPSVC (Group Policy Client) to crash. The only fix at that point is to reboot the server since the GPSVC service is tied
  to svchost.exe and therefore is protected from being manually restarted.
  I noticed the following errors when this occurs:
  Log Name:      Application
  Source:        Application Error
  Date:          7/23/2013 4:35:26 AM
  Event ID:      1000
  Task Category: (100)
  Level:         Error
  Keywords:      Classic
  User:          N/A
  Computer:      Server1.xxx.xxx.net
  Description:
  Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
  Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e
  Exception code: 0xc0000024
  Fault offset: 0x00000000000cd7d8
  Faulting process id: 0x46c
  Faulting application start time: 0x01ce877f9476ac07
  Faulting application path: C:\Windows\system32\svchost.exe
  Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
  Report Id: d252d26d-f372-11e2-8ad4-005056ac00e8
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Application Error" />
      <EventID Qualifiers="0">1000</EventID>
      <Level>2</Level>
      <Task>100</Task>
      <Keywords>0x80000000000000</Keywords>
      <TimeCreated SystemTime="2013-07-23T08:35:26.000000000Z" />
      <EventRecordID>158950</EventRecordID>
      <Channel>Application</Channel>
      <Computer>AAW19XM2.agency.nwie.net</Computer>
      <Security />
    </System>
    <EventData>
      <Data>svchost.exe</Data>
      <Data>6.1.7600.16385</Data>
      <Data>4a5bc3c1</Data>
      <Data>ntdll.dll</Data>
      <Data>6.1.7601.17725</Data>
      <Data>4ec4aa8e</Data>
      <Data>c0000024</Data>
      <Data>00000000000cd7d8</Data>
      <Data>46c</Data>
      <Data>01ce877f9476ac07</Data>
      <Data>C:\Windows\system32\svchost.exe</Data>
      <Data>C:\Windows\SYSTEM32\ntdll.dll</Data>
      <Data>d252d26d-f372-11e2-8ad4-005056ac00e8</Data>
    </EventData>
  </Event>
  All of our servers are running Server 2008 R2 Enterprise where we use Citrix to deliver desktop sessions to our users, but some are virtual and some are physical. This seemingly impacts our virtual machines more, and our VMs are hosted through VMWare, however,
  about 5 months ago a similar error fired on a non-virtual machine:
  Log Name:      Application
  Source:        Application Error
  Date:          2/27/2013 6:57:58 AM
  Event ID:      1000
  Task Category: (100)
  Level:         Error
  Keywords:      Classic
  User:          N/A
  Computer:      AAW29033
  Description:
  Faulting application name: svchost.exe_gpsvc, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
  Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e
  Exception code: 0xc0000024
  Fault offset: 0x00000000000cd7d8
  Faulting process id: 0x6c0
  Faulting application start time: 0x01ce14e1af313fd9
  Faulting application path: C:\Windows\system32\svchost.exe
  Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
  Report Id: ed3d01c4-80d4-11e2-9128-b499baa9e5e8
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Application Error" />
      <EventID Qualifiers="0">1000</EventID>
      <Level>2</Level>
      <Task>100</Task>
      <Keywords>0x80000000000000</Keywords>
      <TimeCreated SystemTime="2013-02-27T11:57:58.000000000Z" />
      <EventRecordID>286291</EventRecordID>
      <Channel>Application</Channel>
      <Computer>AAW29033</Computer>
      <Security />
    </System>
    <EventData>
      <Data>svchost.exe_gpsvc</Data>
      <Data>6.1.7600.16385</Data>
      <Data>4a5bc3c1</Data>
      <Data>ntdll.dll</Data>
      <Data>6.1.7601.17725</Data>
      <Data>4ec4aa8e</Data>
      <Data>c0000024</Data>
      <Data>00000000000cd7d8</Data>
      <Data>6c0</Data>
      <Data>01ce14e1af313fd9</Data>
      <Data>C:\Windows\system32\svchost.exe</Data>
      <Data>C:\Windows\SYSTEM32\ntdll.dll</Data>
      <Data>ed3d01c4-80d4-11e2-9128-b499baa9e5e8</Data>
    </EventData>
  </Event>
  I've searched and cannot seem to find any information as to what may be causing this, or even really where to start. Would someone be able to help me identify what might be causing this event, specific with the Exception code: 0xc0000024, which causes
  the Group Policy Client service to stop?

  You still out there looking at things? If so I have an update. The issue hasn't stopped, even though it did seemingly die down for awhile, however, it is now back with a vengeance.
  I am able to force it to happen by killing the svchost process that is hosting GPSVC. If I run gpupdate /force, then logout/login it does get GPSVC running again. Furthermore, if I simply start svchost again via the Task Manager GPSVC starts running again.
  When I access the server remotely with KVM it acts just like it does as if I'm logging into it via Citrix/RDP which for Admin IDs gives an error saying "Failed to connect to a windows service. Windows could not connect to the Group Policy Client service...",
  however, normal user accounts just get a message when logging into the server "The Group Policy Client Service Failed the Logon. Access is denied."
  I haven't opened a case with Microsoft yet, but we about ready to because of the increase in these errors.
  If you have any further suggestions that would be great, otherwise I'll provide an update once I get word back from Microsoft.
  **EDIT -- apparently I mistook the the server's SCM's actions as my own. I was able to successfully crash the GPSVC service by killing the hosting svchost process, however, after I crashed it and let it sit crashed for awhile when I attempted
  to restart either by starting a svchost task, or running gpupdate /force it failed. Either that, or there is a timing issue where if we don't restart the svchost process, or run gpupdate /force quickly enough it won't be able to recover without a reboot.

• 'svchost.exe has encountered a problem and needs to close.'

  I keep getting this error message  svhost has encountered a problem and needs to close. I am running Windows XP 3,  Does HP have a solution for XP-3?

  Hi,
  the error "svchost.exe" that you get is not necessarily because of your printer. i advice you to scan your computer for any kind of virus or trojan, or trt the following steps:
   Method 1Leave the svchost.exe - Error dialog box open, and then follow these steps.Step1: Check whether settings for the Automatic Updates service and for the Background Intelligent Transfer Service (BITS) are correctTo do this, follow these steps:
  Click Start, point to Run, type services.msc, and then click OK.
  In the details pane, locate and double-click Automatic Updates.
  Click the Log On tab.
  Make sure that the Local System account option is selected and that the Allow service to interact with desktop check box is cleared.
  Make sure that this service has been enabled in the Hardware Profile list. If this service has not been enabled, click Enable to enable the service.
  Click the General tab, and make sure that the Automatic option is selected in the Startup Type list. Under Service status, click Start to start the service if it is not already running.
  Repeat steps 2 through 6 for Background Intelligent Transfer Service (BITS).
  Step 2: Reregister Windows Update componentsTo do this, follow these steps:
  Click Start, click Run, type REGSVR32 WUAPI.DLL, and then press ENTER.
  When you receive the "DllRegisterServer in WUAPI.DLL succeeded" message, click OK.
  Type the following commands in the Open box, one after the other, and then press ENTER after each command:
  REGSVR32 WUAUENG.DLL
  REGSVR32 WUAUENG1.DLL
  REGSVR32 ATL.DLL
  REGSVR32 WUCLTUI.DLL
  REGSVR32 WUPS.DLL
  REGSVR32 WUPS2.DLL
  REGSVR32 WUWEB.DLL
  Step 3: Rename the Windows Update temporary folderThe temporary folder of Windows Update may be corrupted. In this case, you can rename the temporary folder of Windows Update. To do this, follow these steps:
  Click Start, click Run, type cmd, and then press ENTER.
  At the command prompt, type net stop Wuauserv, and then press ENTER.
  Click Start, click Run, type %windir%, and then press ENTER.
  In the folder that opens, locate and rename the SoftwareDistribution folder to SDold.
  At the command prompt, type net start Wuauserv, and then press ENTER to start the Automatic Updates service.

• Svchost.exe problems

  I am getting svchost.exe error  0x7c919af2 referenced memory at 0x00000010 memory could not be written on windows xp

  Hi,
  About the Windows XP question please post to the Client forum.
  Windows XP support forum
  http://social.technet.microsoft.com/Forums/windows/en-US/home?category=windowsxpitpro&filter=alltypes&sort=lastpostdesc
  Thanks for your understanding and support.
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Adobe Flash Player Installer/Uninstaller 11.5 r502 has encountered a problem and needs to close...

  I'm baaaaaack...
  Woke up this morning to a Flash Player update, performed the update and got this error message for my troubles.  I thought you had this problem fixed.
  Copied from cf48_appcompat.txt:
  <?xml version="1.0" encoding="UTF-16"?>
  <DATABASE>
  <EXE NAME="InstallFlashPlayer.exe" FILTER="GRABMI_FILTER_PRIVACY">
      <MATCHING_FILE NAME="InstallFlashPlayer.exe" SIZE="16363960" CHECKSUM="0x332B4225" BIN_FILE_VERSION="11.5.502.135" BIN_PRODUCT_VERSION="11.5.502.135" PRODUCT_VERSION="11,5,502,135" FILE_DESCRIPTION="Adobe® Flash® Player Installer/Uninstaller 11.5 r502" COMPANY_NAME="Adobe Systems Incorporated" PRODUCT_NAME="Adobe® Flash® Player Installer/Uninstaller" FILE_VERSION="11,5,502,135" ORIGINAL_FILENAME="FlashUtil.exe" INTERNAL_NAME="Adobe® Flash® Player Installer/Uninstaller 11.5" LEGAL_COPYRIGHT="Copyright © 1996 Adobe Systems Incorporated" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xF9F321" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="11.5.502.135" UPTO_BIN_PRODUCT_VERSION="11.5.502.135" LINK_DATE="11/30/2012 05:56:28" UPTO_LINK_DATE="11/30/2012 05:56:28" VER_LANGUAGE="English (United States) [0x409]" />
  </EXE>
  <EXE NAME="SASSEH.DLL" FILTER="GRABMI_FILTER_THISFILEONLY">
      <MATCHING_FILE NAME="SASSEH.DLL" SIZE="113024" CHECKSUM="0xFCD43806" BIN_FILE_VERSION="1.0.0.1014" BIN_PRODUCT_VERSION="1.0.0.1014" PRODUCT_VERSION="1.0.0.1014" FILE_DESCRIPTION="ShellExecuteHook" COMPANY_NAME="SuperAdBlocker.com" PRODUCT_NAME="SuperAntiSpyware" FILE_VERSION="1, 0, 0, 1014" ORIGINAL_FILENAME="SASSEH.DLL" INTERNAL_NAME="SASSEH.DLL" LEGAL_COPYRIGHT="(c) Copyright 2004-2008 SuperAdBlocker.com " VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x1E0CA" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="1.0.0.1014" UPTO_BIN_PRODUCT_VERSION="1.0.0.1014" LINK_DATE="07/18/2011 23:22:05" UPTO_LINK_DATE="07/18/2011 23:22:05" VER_LANGUAGE="English (United States) [0x409]" />
  </EXE>
  <EXE NAME="kernel32.dll" FILTER="GRABMI_FILTER_THISFILEONLY">
      <MATCHING_FILE NAME="kernel32.dll" SIZE="989696" CHECKSUM="0x2D998938" BIN_FILE_VERSION="5.1.2600.5781" BIN_PRODUCT_VERSION="5.1.2600.5781" PRODUCT_VERSION="5.1.2600.5781" FILE_DESCRIPTION="Windows NT BASE API Client DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.5781 (xpsp_sp3_gdr.090321-1317)" ORIGINAL_FILENAME="kernel32" INTERNAL_NAME="kernel32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xFE572" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.5781" UPTO_BIN_PRODUCT_VERSION="5.1.2600.5781" LINK_DATE="03/21/2009 14:06:58" UPTO_LINK_DATE="03/21/2009 14:06:58" VER_LANGUAGE="English (United States) [0x409]" />
  </EXE>
  </DATABASE>
  From Dr. Watson:
  Microsoft (R) DrWtsn32
  Copyright (C) 1985-2001 Microsoft Corp. All rights reserved.
  Application exception occurred:
          App: C:\DOCUME~1\KEITHA~1.DUN\LOCALS~1\Temp\{AB857A0A-32D6-44DB-9A26-2FF8EEEADB17}\InstallFlas hPlayer.exe (pid=2840)
          When: 12/18/2012 @ 07:31:26.125
          Exception number: c000001d (illegal instruction)
  *----> System Information <----*
          Computer Name: KD5
          User Name: Keith A. Duncan
          Terminal Session Id: 0
          Number of Processors: 2
          Processor Type: x86 Family 15 Model 2 Stepping 9
          Windows Version: 5.1
          Current Build: 2600
          Service Pack: 3
          Current Type: Multiprocessor Free
          Registered Organization: Keith's Custom PC
          Registered Owner: Keith A. Duncan
  *----> Task List <----*
     0 System Process
     4 System
  420 smss.exe
  476 csrss.exe
  500 winlogon.exe
  544 services.exe
  556 lsass.exe
  720 svchost.exe
  832 svchost.exe
  872 MsMpEng.exe
  932 svchost.exe
  960 svchost.exe
  1056 AvastSvc.exe
  1192 Explorer.EXE
  1324 spoolsv.exe
  1624 MSASCui.exe
  1636 avastUI.exe
  1728 sgmain.exe
  1760 FlashUtil32_11_5_502_110_Plugin.exe
  108 SASCORE.EXE
  152 svchost.exe
  224 sgbhp.exe
  1720 svchost.exe
  1776 alg.exe
  2840 InstallFlashPlayer.exe
  3044 firefox.exe
  3748 NOTEPAD.EXE
  672 drwtsn32.exe
  *----> Module List <----*
  (0000000000400000 - 000000000139d000: C:\DOCUME~1\KEITHA~1.DUN\LOCALS~1\Temp\{AB857A0A-32D6-44DB-9A26-2FF8EEEADB17}\InstallFlas hPlayer.exe
  (0000000001c60000 - 0000000001c67000: C:\WINDOWS\system32\oleaccrc.dll
  (0000000010000000 - 000000001001f000: C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
  (0000000022200000 - 000000002221f000: C:\Program Files\SpywareGuard\spywareguard.dll
  (000000003dfd0000 - 000000003e1bb000: C:\WINDOWS\system32\iertutil.dll
  (000000003e1c0000 - 000000003ec5c000: C:\WINDOWS\system32\ieframe.dll
  (000000004fdd0000 - 000000004ff76000: C:\WINDOWS\system32\d3d9.dll
  (0000000059a60000 - 0000000059b01000: C:\WINDOWS\system32\dbghelp.dll
  (000000005ad70000 - 000000005ada8000: C:\WINDOWS\system32\uxtheme.dll
  (000000005b860000 - 000000005b8b5000: C:\WINDOWS\system32\netapi32.dll
  (000000005f800000 - 000000005f816000: C:\PROGRA~1\WIFD1F~1\MpShHook.dll
  (0000000061880000 - 00000000618ba000: C:\WINDOWS\system32\OLEACC.dll
  (0000000064d00000 - 0000000064d3c000: C:\Program Files\AVAST Software\Avast\snxhk.dll
  (0000000068000000 - 0000000068036000: C:\WINDOWS\system32\rsaenh.dll
  (000000006d990000 - 000000006d996000: C:\WINDOWS\system32\d3d8thk.dll
  (0000000071bf0000 - 0000000071c03000: C:\WINDOWS\system32\SAMLIB.dll
  (0000000073000000 - 0000000073026000: C:\WINDOWS\system32\WINSPOOL.DRV
  (0000000073420000 - 0000000073573000: C:\WINDOWS\system32\MSVBVM60.DLL
  (0000000073b30000 - 0000000073b45000: C:\WINDOWS\system32\mscms.dll
  (0000000073f10000 - 0000000073f6c000: C:\WINDOWS\system32\dsound.dll
  (0000000074ad0000 - 0000000074ad8000: C:\WINDOWS\system32\powrprof.dll
  (0000000076380000 - 0000000076385000: C:\WINDOWS\system32\Msimg32.dll
  (00000000769c0000 - 0000000076a74000: C:\WINDOWS\system32\userenv.dll
  (0000000076b20000 - 0000000076b31000: C:\WINDOWS\system32\atl.dll
  (0000000076b40000 - 0000000076b6d000: C:\WINDOWS\system32\winmm.dll
  (0000000076bf0000 - 0000000076bfb000: C:\WINDOWS\system32\psapi.dll
  (0000000076f60000 - 0000000076f8c000: C:\WINDOWS\system32\WLDAP32.dll
  (0000000076fd0000 - 000000007704f000: C:\WINDOWS\system32\CLBCATQ.DLL
  (0000000077050000 - 0000000077115000: C:\WINDOWS\system32\COMRes.dll
  (0000000077120000 - 00000000771ab000: C:\WINDOWS\system32\OLEAUT32.dll
  (00000000773d0000 - 00000000774d3000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x- ww_61e65202\comctl32.dll
  (00000000774e0000 - 000000007761e000: C:\WINDOWS\system32\ole32.dll
  (0000000077690000 - 00000000776b1000: C:\WINDOWS\system32\ntmarta.dll
  (0000000077920000 - 0000000077a13000: C:\WINDOWS\system32\SETUPAPI.dll
  (0000000077a80000 - 0000000077b15000: C:\WINDOWS\system32\crypt32.dll
  (0000000077b20000 - 0000000077b32000: C:\WINDOWS\system32\msasn1.dll
  (0000000077b40000 - 0000000077b62000: C:\WINDOWS\system32\Apphelp.dll
  (0000000077c00000 - 0000000077c08000: C:\WINDOWS\system32\version.dll
  (0000000077c10000 - 0000000077c68000: C:\WINDOWS\system32\msvcrt.dll
  (0000000077dd0000 - 0000000077e6b000: C:\WINDOWS\system32\ADVAPI32.dll
  (0000000077e70000 - 0000000077f03000: C:\WINDOWS\system32\RPCRT4.dll
  (0000000077f10000 - 0000000077f59000: C:\WINDOWS\system32\GDI32.dll
  (0000000077f60000 - 0000000077fd6000: C:\WINDOWS\system32\SHLWAPI.dll
  (0000000077fe0000 - 0000000077ff1000: C:\WINDOWS\system32\Secur32.dll
  (0000000078130000 - 00000000781cb000: C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MS VCR80.dll
  (000000007c420000 - 000000007c4a7000: C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MS VCP80.dll
  (000000007c800000 - 000000007c8f6000: C:\WINDOWS\system32\KERNEL32.dll
  (000000007c900000 - 000000007c9b2000: C:\WINDOWS\system32\ntdll.dll
  (000000007c9c0000 - 000000007d1d7000: C:\WINDOWS\system32\SHELL32.dll
  (000000007e410000 - 000000007e4a1000: C:\WINDOWS\system32\USER32.dll
  (000000007e720000 - 000000007e7d0000: C:\WINDOWS\system32\SXS.DLL
  *----> State Dump for Thread Id 0xb1c <----*
  eax=7ffdf000 ebx=00000000 ecx=00000000 edx=fffffe8d esi=100126e3 edi=0012f728
  eip=100126e4 esp=0012f6c4 ebp=0012f6ec iopl=0         nv up ei pl nz na pe nc
  cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00200202
  *** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\Program Files\SUPERAntiSpyware\SASSEH.DLL -
  function: SASSEH
  No prior disassembly possible
          100126e4 feff             ???     bh
          100126e6 ffff             ???
          100126e8 8b45e4           mov     eax,[ebp-0x1c]
          100126eb e85d9cffff       call    SASSEH+0xc34d (1000c34d)
          100126f0 c3               ret
          100126f1 8bff             mov     edi,edi
          100126f3 56               push    esi
          100126f4 57               push    edi
          100126f5 33ff             xor     edi,edi
  FAULT ->100126e4 feff             ???     bh
          100126e6 ffff             ???
          100126e8 8b45e4           mov     eax,[ebp-0x1c]
          100126eb e85d9cffff       call    SASSEH+0xc34d (1000c34d)
          100126f0 c3               ret
          100126f1 8bff             mov     edi,edi
          100126f3 56               push    esi
          100126f4 57               push    edi
          100126f5 33ff             xor     edi,edi
          100126f7 8db7e0a00110     lea     esi,[edi+0x1001a0e0]
          100126fd ff36             push    dword ptr [esi]
  *----> Stack Back Trace <----*
  *** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\WINDOWS\system32\USER32.dll -
  WARNING: Stack unwind information not available. Following frames may be wrong.
  *** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\WINDOWS\system32\MSVBVM60.DLL -
  ChildEBP RetAddr  Args to Child             
  0012f6ec 7e418816 100126e3 000201da 00000113 SASSEH+0x126e4
  0012f754 7e4189cd 00000000 100126e3 000201da USER32!GetDC+0x14f
  0012f7b4 7e4196c7 0012f7dc 00000001 0012f804 USER32!GetWindowLongW+0x127
  0012f7c4 7342a6b0 0012f7dc ffffffff 02223714 USER32!DispatchMessageA+0xf
  0012f804 7342a627 00000002 0222373c 02220000 MSVBVM60!_vbaStrToAnsi+0x2f1
  0012f848 7342a505 0222380c 00000002 00000b18 MSVBVM60!_vbaStrToAnsi+0x268
  7343a3b8 73426c73 7342756a 734e7ee7 734e7f12 MSVBVM60!_vbaStrToAnsi+0x146
  734e6754 0c2474ff ff0c408b 8b0c2474 11ff5008 MSVBVM60!BASIC_CLASS_QueryInterface+0x17
  0424448b 00000000 00000000 00000000 00000000 0xc2474ff
  *----> Raw Stack Dump <----*
  000000000012f6c4  34 87 41 7e da 01 02 00 - 13 01 00 00 00 00 00 00  4.A~............
  000000000012f6d4  00 00 00 00 e3 26 01 10 - cd ab ba dc 00 00 00 00  .....&..........
  000000000012f6e4  28 f7 12 00 e3 26 01 10 - 54 f7 12 00 16 88 41 7e  (....&..T.....A~
  000000000012f6f4  e3 26 01 10 da 01 02 00 - 13 01 00 00 00 00 00 00  .&..............
  000000000012f704  00 00 00 00 e4 f7 12 00 - dc f7 12 00 f8 1b 58 01  ..............X.
  000000000012f714  14 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00  ................
  000000000012f724  10 00 00 00 00 00 00 00 - f8 f7 12 00 00 00 00 00  ................
  000000000012f734  00 00 00 00 00 00 00 00 - 08 f7 12 00 f0 f2 12 00  ................
  000000000012f744  a4 f7 12 00 8f 04 44 7e - 30 88 41 7e 00 00 00 00  ......D~0.A~....
  000000000012f754  b4 f7 12 00 cd 89 41 7e - 00 00 00 00 e3 26 01 10  ......A~.....&..
  000000000012f764  da 01 02 00 13 01 00 00 - 00 00 00 00 00 00 00 00  ................
  000000000012f774  0c 1c 58 01 01 00 00 00 - 40 a3 42 7e 3c 37 22 02  [email protected]~<7".
  000000000012f784  00 00 00 00 b4 f7 12 00 - 3b a4 42 7e dc f7 12 00  ........;.B~....
  000000000012f794  00 00 00 00 00 00 00 00 - 7c f7 12 00 f0 f2 12 00  ........|.......
  000000000012f7a4  ec f8 12 00 8f 04 44 7e - f0 89 41 7e ff ff ff ff  ......D~..A~....
  000000000012f7b4  c4 f7 12 00 c7 96 41 7e - dc f7 12 00 01 00 00 00  ......A~........
  000000000012f7c4  04 f8 12 00 b0 a6 42 73 - dc f7 12 00 ff ff ff ff  ......Bs........
  000000000012f7d4  14 37 22 02 00 00 00 00 - da 01 02 00 13 01 00 00  .7".............
  000000000012f7e4  00 00 00 00 00 00 00 00 - 30 c4 02 00 ad 02 00 00  ........0.......
  000000000012f7f4  85 01 00 00 00 00 22 02 - 00 00 00 00 94 1e 22 02  ......".......".
  Reference:  http://forums.adobe.com/thread/990060?tstart=0        -kd5-

  Contents of FlasInstall.log (remember, 12-18 is the date in question.  I've since updated Flash for Firefox as well - tried updating it via Secunia's online Software Inspector (12-20) but it seemed unsuccessful so I installed it from Adobe):
  =O====== M/11.2.202.235 2012-05-12+11-56-31.281 ========
  0000 [W] 00001113 C:\WINDOWS\system32\Macromed\Flash\\* 3
  0001 [I] 00000010 "C:\Documents and Settings\Keith A. Duncan\Local Settings\Temp\install_flash_player_32bit.exe" -iv 8 -install -au 1
  0002 [W] 00001036 Software\Macromedia\FlashPlayerPlugin/Version 2
  0003 [W] 00001036 Software\Macromedia\FlashPlayerPlugin/PlayerPath 2
  0004 [I] 00000020 C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
  0005 [W] 00001037 SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer/ 2
  0006 [W] 00001037 SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin/ 2
  0007 [W] 00001036 Software\Mozilla\Firefox\extensions/Plugins 2
  0008 [W] 00001036 Software\Mozilla\Mozilla Firefox\extensions/Plugins 2
  0009 [W] 00001036 Software\Opera Software/Last CommandLine 2
  0010 [W] 00001036 Software\Opera Software/Last CommandLine 2
  0011 [W] 00001036 Software\Opera Software/Plugin Path 2
  0012 [W] 00001036 Software\Opera Software/Plugin Path 2
  0013 [I] 00000014 C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
  0014 [I] 00000015 C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe
  0015 [I] 00000017 C:\WINDOWS\system32\Macromed\Flash
  0016 [I] 00000019 C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
  0017 [I] 00000021 C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
  0018 [I] 00000012
  =X====== M/11.2.202.235 2012-05-12+11-56-33.468 ========
  =O====== M/11.2.202.235 2012-05-12+12-02-11.015 ========
  0000 [I] 00000010 "C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe" -refreshIEElevationPolicies
  =X====== M/11.2.202.235 2012-05-12+12-02-11.281 ========
  =O====== M/11.2.202.235 2012-05-12+12-02-11.109 ========
  0000 [I] 00000010 "C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe" -refreshIEElevationPolicies
  =X====== M/11.2.202.235 2012-05-12+12-02-11.359 ========
  =O====== M/11.2.202.235 2012-05-12+12-02-08.984 ========
  0000 [I] 00000010 "C:\Documents and Settings\Keith A. Duncan\Local Settings\Temp\install_flash_player_ax_32bit.exe" -iv 8 -install -au 1
  0001 [W] 00001036 Software\Macromedia\FlashPlayer\SafeVersions/11.0 2
  0002 [W] 00001036 Software\Macromedia\FlashPlayerActiveX/PlayerPath 2
  0003 [W] 00001036 Software\Macromedia\FlashPlayerActiveX/PlayerPath 2
  0004 [I] 00000020 C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
  0005 [W] 00001037 SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX/ 2
  0006 [I] 00000013 C:\WINDOWS\system32\Macromed\Flash\Flash32_11_2_202_235.ocx
  0007 [I] 00000015 C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
  0008 [I] 00000016 C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.dll
  0009 [I] 00000019 C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
  0010 [W] 00001024 C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 183
  0011 [W] 00001024 C:\WINDOWS\system32\FlashPlayerApp.exe 183
  0012 [I] 00000021 C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
  0013 [W] 00001024 C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 183
  0014 [I] 00000012
  =X====== M/11.2.202.235 2012-05-12+12-02-13.453 ========
  =O====== M/11.3.300.257 2012-06-10+11-21-05.640 ========
  0000 [I] 00000010 "C:\DOCUME~1\KEITHA~1.DUN\LOCALS~1\Temp\{AA720A4B-0FCF-45E6-8A21-13C0371E4D79}\InstallFla shPlayer.exe" -iv 4
  0001 [I] 00000020 C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
  0002 [W] 00001015 C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe 5
  0003 [W] 00001037 SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\FlashUtil32_11_2_202_235_ActiveX.exe/ 2
  0004 [I] 00000013 C:\WINDOWS\system32\Macromed\Flash\Flash32_11_3_300_257.ocx
  0005 [I] 00000015 C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
  0006 [I] 00000016 C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.dll
  0007 [I] 00000019 C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
  0008 [W] 00001024 C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 183
  0009 [W] 00001024 C:\WINDOWS\system32\FlashPlayerApp.exe 183
  0010 [I] 00000021 C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
  0011 [W] 00001024 C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 183
  0012 [I] 00000012
  =X====== M/11.3.300.257 2012-06-10+11-21-26.750 ========
  =O====== M/11.2.202.235 2012-06-10+11-16-46.500 ========
  0000 [I] 00000010 "C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe" -update activex
  0001 [I] 00000011 0
  =X====== M/11.2.202.235 2012-06-10+11-24-21.734 ========
  =O====== M/11.3.300.265 2012-07-15+19-56-04.140 ========
  0000 [I] 00000010 "C:\DOCUME~1\KEITHA~1.DUN\LOCALS~1\Temp\{F4A5D500-713F-4F32-B19C-40E0289DC268}\InstallFla shPlayer.exe" -iv 4
  0001 [I] 00000020 C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
  0002 [W] 00001015 C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe 5
  0003 [I] 00000013 C:\WINDOWS\system32\Macromed\Flash\Flash32_11_3_300_265.ocx
  0004 [I] 00000015 C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
  0005 [I] 00000016 C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.dll
  0006 [I] 00000019 C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
  0007 [W] 00001024 C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 183
  0008 [W] 00001024 C:\WINDOWS\system32\FlashPlayerApp.exe 183
  0009 [I] 00000021 C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
  0010 [W] 00001024 C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 183
  0011 [I] 00000012
  =X====== M/11.3.300.265 2012-07-15+19-56-19.843 ========
  =O====== M/11.3.300.257 2012-07-15+19-54-08.421 ========
  0000 [I] 00000010 "C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe" -update activex
  0001 [I] 00000011 0
  =X====== M/11.3.300.257 2012-07-15+19-56-33.312 ========
  =O====== M/11.3.300.268 2012-07-30+11-42-50.859 ========
  0000 [I] 00000010 "C:\DOCUME~1\KEITHA~1.DUN\LOCALS~1\Temp\{C2AD5AD9-D229-405A-8EF0-1F71D320EBBE}\InstallFla shPlayer.exe" -iv 4
  0001 [I] 00000020 C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
  0002 [W] 00001015 C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe 5
  0003 [I] 00000013 C:\WINDOWS\system32\Macromed\Flash\Flash32_11_3_300_268.ocx
  0004 [I] 00000015 C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.exe
  0005 [I] 00000016 C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.dll
  0006 [I] 00000019 C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
  0007 [W] 00001024 C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 183
  0008 [W] 00001024 C:\WINDOWS\system32\FlashPlayerApp.exe 183
  0009 [I] 00000021 C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
  0010 [W] 00001024 C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 183
  0011 [I] 00000012
  =X====== M/11.3.300.268 2012-07-30+11-43-18.812 ========
  =O====== M/11.3.300.265 2012-07-30+11-29-23.343 ========
  0000 [I] 00000010 "C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe" -update activex
  0001 [I] 00000011 0
  =X====== M/11.3.300.265 2012-07-30+11-51-19.500 ========
  =O====== M/11.3.300.271 2012-08-20+10-39-01.578 ========
  0000 [I] 00000010 "C:\DOCUME~1\KEITHA~1.DUN\LOCALS~1\Temp\{EE426B07-2D41-4C79-9728-31FC829A4BE8}\InstallFla shPlayer.exe" -iv 4
  0001 [I] 00000020 C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
  0002 [W] 00001015 C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.exe 5
  0003 [I] 00000013 C:\WINDOWS\system32\Macromed\Flash\Flash32_11_3_300_271.ocx
  0004 [I] 00000015 C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
  0005 [I] 00000016 C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.dll
  0006 [I] 00000019 C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
  0007 [W] 00001024 C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 183
  0008 [W] 00001024 C:\WINDOWS\system32\FlashPlayerApp.exe 183
  0009 [I] 00000021 C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
  0010 [W] 00001024 C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 183
  0011 [I] 00000012
  =X====== M/11.3.300.271 2012-08-20+10-39-20.890 ========
  =O====== M/11.3.300.268 2012-08-20+10-27-44.609 ========
  0000 [I] 00000010 "C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.exe" -update activex
  0001 [I] 00000011 0
  =X====== M/11.3.300.268 2012-08-20+10-52-29.921 ========
  =O====== M/11.3.300.271 2012-08-20+14-28-01.687 ========
  0000 [I] 00000010 C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe -maintain activex
  0001 [W] 00001015 C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe 5
  0002 [I] 00000018
  0003 [W] 00001015 C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe 5
  0004 [W] 00001037 Software\Microsoft\Windows\CurrentVersion\RunOnce/FlashPlayerUpdate 2
  0005 [W] 00001037 Software\Macromedia\FlashPlayerActiveX/ 2
  0006 [W] 00001037 Software\Macromedia\FlashPlayer/FlashPlayerVersion 2
  0007 [W] 00001037 Software\Macromedia\FlashPlayer/SwfInstall 2
  0008 [W] 00001037 Software\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}/ 2
  0009 [W] 00001021
  0010 [W] 00001036 Software\Macromedia\FlashPlayerActiveX/PlayerPath 2
  0011 [W] 00001036 Software\Macromedia\FlashPlayerActiveX/PlayerPath 2
  0012 [W] 00001036 Software\Macromedia\FlashPlayerActiveX/PlayerPath 2
  0013 [W] 00001015 C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe 5
  0014 [I] 00000012
  =X====== M/11.3.300.271 2012-08-20+14-28-13.953 ========
  =O====== M/11.3.300.271 2012-08-20+14-29-49.812 ========
  0000 [I] 00000010 "C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe" -refreshIEElevationPolicies
  =X====== M/11.3.300.271 2012-08-20+14-29-50.125 ========
  =O====== M/11.3.300.271 2012-08-20+14-29-49.828 ========
  0000 [I] 00000010 "C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe" -refreshIEElevationPolicies
  =X====== M/11.3.300.271 2012-08-20+14-29-50.125 ========
  =O====== M/11.3.300.271 2012-08-20+14-29-47.921 ========
  0000 [I] 00000010 "C:\Documents and Settings\All Users\Application Data\Adobe\AIH.7314133f438213f459420d8d13e1f99d9727fa56\install_flash_player_ax.exe" -install -iv 8 -au 1
  0001 [W] 00001036 Software\Macromedia\FlashPlayerActiveX/PlayerPath 2
  0002 [W] 00001036 Software\Macromedia\FlashPlayerActiveX/PlayerPath 2
  0003 [I] 00000020 C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
  0004 [W] 00001037 SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX/ 2
  0005 [W] 00001037 SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\FlashUtil32_11_3_300_271_ActiveX.exe/ 2
  0006 [I] 00000013 C:\WINDOWS\system32\Macromed\Flash\Flash32_11_3_300_271.ocx
  0007 [I] 00000015 C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
  0008 [I] 00000016 C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.dll
  0009 [I] 00000019 C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
  0010 [W] 00001024 C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 183
  0011 [W] 00001024 C:\WINDOWS\system32\FlashPlayerApp.exe 183
  0012 [I] 00000021 C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
  0013 [W] 00001024 C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 183
  0014 [I] 00000012
  =X====== M/11.3.300.271 2012-08-20+14-29-51.296 ========
  =O====== M/11.2.202.235 2012-09-02+15-18-15.343 ========
  0000 [I] 00000010 C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe -maintain plugin
  0001 [W] 00001015 C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe 5
  0002 [W] 00001037 Software\Microsoft\Windows\CurrentVersion\RunOnce/FlashPlayerUpdate 2
  0003 [W] 00001037 Software\Macromedia\FlashPlayerPlugin/ 2
  0004 [W] 00001037 Software\Macromedia\FlashPlayer/FlashPlayerVersion 2
  0005 [W] 00001037 Software\Macromedia\FlashPlayer/SwfInstall 2
  0006 [W] 00001021
  0007 [W] 00001036 Software\Macromedia\FlashPlayerPlugin/PlayerPath 2
  0008 [W] 00001036 Software\Macromedia\FlashPlayerPlugin/PlayerPath 2
  0009 [W] 00001036 Software\Macromedia\FlashPlayerPlugin/PlayerPath 2
  0010 [W] 00001036 Software\Mozilla\Firefox\extensions/Plugins 2
  0011 [W] 00001036 Software\Mozilla\MaintenanceService\extensions/Plugins 2
  0012 [W] 00001036 Software\Mozilla\Mozilla Firefox\extensions/Plugins 2
  0013 [W] 00001036 Software\Opera Software/Last CommandLine 2
  0014 [W] 00001036 Software\Opera Software/Last CommandLine 2
  0015 [W] 00001036 Software\Opera Software/Plugin Path 2
  0016 [W] 00001036 Software\Opera Software/Plugin Path 2
  0017 [W] 00001015 C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe 5
  0018 [I] 00000012
  =X====== M/11.2.202.235 2012-09-02+15-18-21.109 ========
  =O====== M/11.4.402.265 2012-09-02+15-26-49.625 ========
  0000 [I] 00000010 "C:\Documents and Settings\All Users\Application Data\Adobe\AIH.9947af2949bc1e81dd7b96b50528d1baf6bac22b\install_flash_player.exe" -install -iv 8 -au 1
  0001 [W] 00001036 Software\Macromedia\FlashPlayerPlugin/Version 2
  0002 [W] 00001036 Software\Macromedia\FlashPlayerPlugin/PlayerPath 2
  0003 [I] 00000020 C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
  0004 [W] 00001037 SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer/ 2
  0005 [W] 00001037 SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin/ 2
  0006 [W] 00001036 Software\Mozilla\Firefox\extensions/Plugins 2
  0007 [W] 00001036 Software\Mozilla\MaintenanceService\extensions/Plugins 2
  0008 [W] 00001036 Software\Mozilla\Mozilla Firefox\extensions/Plugins 2
  0009 [W] 00001036 Software\Opera Software/Last CommandLine 2
  0010 [W] 00001036 Software\Opera Software/Last CommandLine 2
  0011 [W] 00001036 Software\Opera Software/Plugin Path 2
  0012 [W] 00001036 Software\Opera Software/Plugin Path 2
  0013 [W] 00001037 SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\FlashUtil32_11_2_202_235_Plugin.exe/ 2
  0014 [I] 00000014 C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll
  0015 [I] 00000015 C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_4_402_265_Plugin.exe
  0016 [I] 00000017 C:\WINDOWS\system32\Macromed\Flash
  0017 [I] 00000019 C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
  0018 [W] 00001024 C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 183
  0019 [W] 00001024 C:\WINDOWS\system32\FlashPlayerApp.exe 183
  0020 [I] 00000021 C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
  0021 [W] 00001024 C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 183
  0022 [I] 00000012
  =X====== M/11.4.402.265 2012-09-02+15-26-52.015 ========
  =O====== M/11.4.402.265 2012-09-02+15-28-43.296 ========
  0000 [I] 00000010 "C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe" -refreshIEElevationPolicies
  =X====== M/11.4.402.265 2012-09-02+15-28-43.453 ========
  =O====== M/11.4.402.265 2012-09-02+15-28-40.109 ========
  0000 [I] 00000010 "C:\Documents and Settings\All Users\Application Data\Adobe\AIH.7314133f438213f459420d8d13e1f99d9727fa56\install_flash_player_ax.exe" -install -iv 8 -au 1
  0001 [I] 00000020 C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
  0002 [W] 00001037 SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX/ 2
  0003 [W] 00001015 C:\WINDOWS\system32\Macromed\Flash\Flash32_11_3_300_271.ocx 20
  0004 [I] 00000018
  0005 [W] 00001015 C:\WINDOWS\system32\Macromed\Flash\Flash32_11_3_300_271.ocx 20
  0006 [I] 00000013 C:\WINDOWS\system32\Macromed\Flash\Flash32_11_4_402_265.ocx
  0007 [I] 00000015 C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe
  0008 [I] 00000016 C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.dll
  0009 [I] 00000019 C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
  0010 [W] 00001024 C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 183
  0011 [W] 00001024 C:\WINDOWS\system32\FlashPlayerApp.exe 183
  0012 [I] 00000021 C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
  0013 [W] 00001024 C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 183
  0014 [I] 00000012
  =X====== M/11.4.402.265 2012-09-02+15-28-44.578 ========
  =O====== M/11.4.402.265 2012-09-02+15-34-47.234 ========
  0000 [I] 00000010 "C:\Documents and Settings\Keith A. Duncan\Desktop\uninstall_flash_player.exe" -force 
  0001 [W] 00001037 Software\Microsoft\Windows\CurrentVersion\RunOnce/FlashPlayerUpdate 2
  0002 [W] 00001037 Software\Macromedia\FlashPlayerActiveX/ 2
  0003 [W] 00001037 Software\Macromedia\FlashPlayer/FlashPlayerVersion 2
  0004 [W] 00001037 Software\Macromedia\FlashPlayer/SwfInstall 2
  0005 [W] 00001037 Software\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}/ 2
  0006 [W] 00001021
  0007 [W] 00001036 Software\Macromedia\FlashPlayerActiveX/PlayerPath 2
  0008 [W] 00001036 Software\Macromedia\FlashPlayerActiveX/PlayerPath 2
  0009 [W] 00001036 Software\Macromedia\FlashPlayerActiveX/PlayerPath 2
  0010 [W] 00001037 Software\Microsoft\Windows\CurrentVersion\RunOnce/FlashPlayerUpdate 2
  0011 [W] 00001037 Software\Macromedia\FlashPlayerPlugin/ 2
  0012 [W] 00001037 Software\Macromedia\FlashPlayer/FlashPlayerVersion 2
  0013 [W] 00001037 Software\Macromedia\FlashPlayer/SwfInstall 2
  0014 [W] 00001021
  0015 [W] 00001036 Software\Macromedia\FlashPlayerActiveX/PlayerPath 2
  0016 [W] 00001036 Software\Macromedia\FlashPlayerPlugin/PlayerPath 2
  0017 [W] 00001036 Software\Macromedia\FlashPlayerActiveX/PlayerPath 2
  0018 [W] 00001036 Software\Macromedia\FlashPlayerPlugin/PlayerPath 2
  0019 [W] 00001037 Software\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{2CA4F306-B280-4ab2-B5E1-1DFA3583F046}/C:\WINDOWS\system32\FlashPlayerCPLApp.c pl 2
  0020 [W] 00001036 Software\Macromedia\FlashPlayerActiveX/PlayerPath 2
  0021 [W] 00001036 Software\Macromedia\FlashPlayerPlugin/PlayerPath 2
  0022 [W] 00001036 Software\Mozilla\Firefox\extensions/Plugins 2
  0023 [W] 00001036 Software\Mozilla\MaintenanceService\extensions/Plugins 2
  0024 [W] 00001036 Software\Mozilla\Mozilla Firefox\extensions/Plugins 2
  0025 [W] 00001036 Software\Opera Software/Last CommandLine 2
  0026 [W] 00001036 Software\Opera Software/Last CommandLine 2
  0027 [W] 00001036 Software\Opera Software/Plugin Path 2
  0028 [W] 00001036 Software\Opera Software/Plugin Path 2
  =X====== M/11.4.402.265 2012-09-02+15-34-56.843 ========
  =O====== M/11.4.402.265 2012-09-02+15-35-00.828 ========
  0000 [I] 00000010 "C:\Documents and Settings\Keith A. Duncan\Desktop\uninstall_flash_player.exe" -force 
  0001 [W] 00001036 Software\Macromedia\FlashPlayerPlugin/PlayerPath 2
  0002 [W] 00001036 Software\Macromedia\FlashPlayerActiveX/PlayerPath 2
  0003 [W] 00001036 Software\Macromedia\FlashPlayerActiveX/PlayerPath 2
  0004 [W] 00001018
  0005 [W] 00001037 Software\Macromedia\FlashPlayer\SafeVersions/ 2
  0006 [W] 00001037 SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX/ 2
  0007 [W] 00001019
  0008 [W] 00001020
  0009 [W] 00001037 Software\Microsoft\Windows\CurrentVersion\RunOnce/FlashPlayerUpdate 2
  0010 [W] 00001037 Software\Macromedia\FlashPlayerActiveX/ 2
  0011 [W] 00001037 Software\Macromedia\FlashPlayer/FlashPlayerVersion 2
  0012 [W] 00001037 Software\Macromedia\FlashPlayer/SwfInstall 2
  0013 [W] 00001037 Software\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}/ 2
  0014 [W] 00001021
  0015 [W] 00001036 Software\Macromedia\FlashPlayerActiveX/PlayerPath 2
  0016 [W] 00001036 Software\Macromedia\FlashPlayerPlugin/PlayerPath 2
  0017 [W] 00001037 Software\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{2CA4F306-B280-4ab2-B5E1-1DFA3583F046}/C:\WINDOWS\system32\FlashPlayerCPLApp.c pl 2
  0018 [W] 00001048
  0019 [I] 00000020 C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
  0020 [W] 00001036 Software\Macromedia\FlashPlayerActiveX/PlayerPath 2
  0021 [W] 00001036 Software\Macromedia\FlashPlayerPlugin/PlayerPath 2
  0022 [W] 00001037 SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\FlashPlayerApp.exe/ 2
  0023 [W] 00001037 Software\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{2CA4F306-B280-4ab2-B5E1-1DFA3583F046}/C:\WINDOWS\system32\FlashPlayerCPLApp.c pl 2
  0024 [W] 00001036 Software\Macromedia\FlashPlayerActiveX/PlayerPath 2
  0025 [W] 00001036 Software\Macromedia\FlashPlayerPlugin/PlayerPath 2
  0026 [W] 00001036 Software\Macromedia\FlashPlayerPlugin/PlayerPath 2
  0027 [W] 00001018
  0028 [W] 00001036 SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer/ 2
  0029 [W] 00001037 SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer/ 2
  0030 [W] 00001037 SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin/ 2
  0031 [W] 00001019
  0032 [W] 00001020
  0033 [W] 00001037 Software\Microsoft\Windows\CurrentVersion\RunOnce/FlashPlayerUpdate 2
  0034 [W] 00001037 Software\Macromedia\FlashPlayerPlugin/ 2
  0035 [W] 00001037 Software\Macromedia\FlashPlayer/FlashPlayerVersion 2
  0036 [W] 00001037 Software\Macromedia\FlashPlayer/SwfInstall 2
  0037 [W] 00001021
  0038 [W] 00001036 Software\Macromedia\FlashPlayerActiveX/PlayerPath 2
  0039 [W] 00001036 Software\Macromedia\FlashPlayerPlugin/PlayerPath 2
  0040 [W] 00001037 Software\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{2CA4F306-B280-4ab2-B5E1-1DFA3583F046}/C:\WINDOWS\system32\FlashPlayerCPLApp.c pl 2
  0041 [W] 00001048
  0042 [I] 00000020 C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
  0043 [W] 00001036 Software\Macromedia\FlashPlayerActiveX/PlayerPath 2
  0044 [W] 00001036 Software\Macromedia\FlashPlayerPlugin/PlayerPath 2
  0045 [W] 00001037 SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\FlashPlayerApp.exe/ 2
  0046 [W] 00001037 Software\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{2CA4F306-B280-4ab2-B5E1-1DFA3583F046}/C:\WINDOWS\system32\FlashPlayerCPLApp.c pl 2
  0047 [W] 00001036 Software\Macromedia\FlashPlayerActiveX/PlayerPath 2
  0048 [W] 00001036 Software\Macromedia\FlashPlayerPlugin/PlayerPath 2
  0049 [W] 00001036 Software\Mozilla\Firefox\extensions/Plugins 2
  0050 [W] 00001036 Software\Mozilla\MaintenanceService\extensions/Plugins 2
  0051 [W] 00001036 Software\Mozilla\Mozilla Firefox\extensions/Plugins 2
  0052 [W] 00001036 Software\Opera Software/Last CommandLine 2
  0053 [W] 00001036 Software\Opera Software/Last CommandLine 2
  0054 [W] 00001036 Software\Opera Software/Plugin Path 2
  0055 [W] 00001036 Software\Opera Software/Plugin Path 2
  =X====== M/11.4.402.265 2012-09-02+15-35-06.031 ========
  =O====== M/11.4.402.265 2012-09-02+15-35-09.671 ========
  0000 [I] 00000010 "C:\Documents and Settings\Keith A. Duncan\Desktop\uninstall_flash_player.exe" -force 
  0001 [W] 00001036 Software\Macromedia\FlashPlayerPlugin/PlayerPath 2
  0002 [W] 00001036 Software\Macromedia\FlashPlayerActiveX/PlayerPath 2
  0003 [W] 00001036 Software\Macromedia\FlashPlayerActiveX/PlayerPath 2
  0004 [W] 00001018
  0005 [W] 00001037 Software\Macromedia\FlashPlayer\SafeVersions/ 2
  0006 [W] 00001037 SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX/ 2
  0007 [W] 00001019
  0008 [W] 00001020
  0009 [W] 00001037 Software\Microsoft\Windows\CurrentVersion\RunOnce/FlashPlayerUpdate 2
  0010 [W] 00001037 Software\Macromedia\FlashPlayerActiveX/ 2
  0011 [W] 00001037 Software\Macromedia\FlashPlayer/FlashPlayerVersion 2
  0012 [W] 00001037 Software\Macromedia\FlashPlayer/SwfInstall 2
  0013 [W] 00001037 Software\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}/ 2
  0014 [W] 00001021
  0015 [W] 00001036 Software\Macromedia\FlashPlayerActiveX/PlayerPath 2
  0016 [W] 00001036 Software\Macromedia\FlashPlayerPlugin/PlayerPath 2
  0017 [W] 00001037 Software\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{2CA4F306-B280-4ab2-B5E1-1DFA3583F046}/C:\WINDOWS\system32\FlashPlayerCPLApp.c pl 2
  0018 [W] 00001048
  0019 [I] 00000020 C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
  0020 [W] 00001036 Software\Macromedia\FlashPlayerActiveX/PlayerPath 2
  0021 [W] 00001036 Software\Macromedia\FlashPlayerPlugin/PlayerPath 2
  0022 [W] 00001037 SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\FlashPlayerApp.exe/ 2
  0023 [W] 00001037 Software\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{2CA4F306-B280-4ab2-B5E1-1DFA3583F046}/C:\WINDOWS\system32\FlashPlayerCPLApp.c pl 2
  0024 [W] 00001036 Software\Macromedia\FlashPlayerActiveX/PlayerPath 2
  0025 [W] 00001036 Software\Macromedia\FlashPlayerPlugin/PlayerPath 2
  0026 [W] 00001036 Software\Macromedia\FlashPlayerPlugin/PlayerPath 2
  0027 [W] 00001018
  0028 [W] 00001036 SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer/ 2
  0029 [W] 00001037 SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer/ 2
  0030 [W] 00001037 SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin/ 2
  0031 [W] 00001019
  0032 [W] 00001020
  0033 [W] 00001037 Software\Microsoft\Windows\CurrentVersion\RunOnce/FlashPlayerUpdate 2
  0034 [W] 00001037 Software\Macromedia\FlashPlayerPlugin/ 2
  0035 [W] 00001037 Software\Macromedia\FlashPlayer/FlashPlayerVersion 2
  0036 [W] 00001037 Software\Macromedia\FlashPlayer/SwfInstall 2
  0037 [W] 00001021
  0038 [W] 00001036 Software\Macromedia\FlashPlayerActiveX/PlayerPath 2
  0039 [W] 00001036 Software\Macromedia\FlashPlayerPlugin/PlayerPath 2
  0040 [W] 00001037 Software\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{2CA4F306-B280-4ab2-B5E1-1DFA3583F046}/C:\WINDOWS\system32\FlashPlayerCPLApp.c pl 2
  0041 [W] 00001048
  0042 [I] 00000020 C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
  0043 [W] 00001036 Software\Macromedia\FlashPlayerActiveX/PlayerPath 2
  0044 [W] 00001036 Software\Macromedia\FlashPlayerPlugin/PlayerPath 2
  0045 [W] 00001037 SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\FlashPlayerApp.exe/ 2
  0046 [W] 00001037 Software\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{2CA4F306-B280-4ab2-B5E1-1DFA3583F046}/C:\WINDOWS\system32\FlashPlayerCPLApp.c pl 2
  0047 [W] 00001036 Software\Macromedia\FlashPlayerActiveX/PlayerPath 2
  0048 [W] 00001036 Software\Macromedia\FlashPlayerPlugin/PlayerPath 2
  0049 [W] 00001036 Software\Mozilla\Firefox\extensions/Plugins 2
  0050 [W] 00001036 Software\Mozilla\MaintenanceService\extensions/Plugins 2
  0051 [W] 00001036 Software\Mozilla\Mozilla Firefox\extensions/Plugins 2
  0052 [W] 00001036 Software\Opera Software/Last CommandLine 2
  0053 [W] 00001036 Software\Opera Software/Last CommandLine 2
  0054 [W] 00001036 Software\Opera Software/Plugin Path 2
  0055 [W] 00001036 Software\Opera Software/Plugin Path 2
  =X====== M/11.4.402.265 2012-09-02+15-35-13.875 ========
  =O====== M/11.4.402.265 2012-09-02+15-48-47.031 ========
  0000 [I] 00000010 "C:\Documents and Settings\All Users\Application Data\Adobe\AIH.9947af2949bc1e81dd7b96b50528d1baf6bac22b\install_flash_player.exe" -install -iv 8 -au 1
  0001 [W] 00001036 Software\Macromedia\FlashPlayerPlugin/Version 2
  0002 [W] 00001036 Software\Macromedia\FlashPlayerPlugin/PlayerPath 2
  0003 [I] 00000020 C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
  0004 [W] 00001037 SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer/ 2
  0005 [W] 00001037 SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin/ 2
  0006 [W] 00001036 Software\Mozilla\Firefox\extensions/Plugins 2
  0007 [W] 00001036 Software\Mozilla\MaintenanceService\extensions/Plugins 2
  0008 [W] 00001036 Software\Mozilla\Mozilla Firefox\extensions/Plugins 2
  0009 [W] 00001036 Software\Opera Software/Last CommandLine 2
  0010 [W] 00001036 Software\Opera Software/Last CommandLine 2
  0011 [W] 00001036 Software\Opera Software/Plugin Path 2
  0012 [W] 00001036 Software\Opera Software/Plugin Path 2
  0013 [I] 00000014 C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll
  0014 [I] 00000015 C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_4_402_265_Plugin.exe
  0015 [I] 00000017 C:\WINDOWS\system32\Macromed\Flash
  0016 [I] 00000019 C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
  0017 [I] 00000021 C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
  0018 [I] 00000012
  =X====== M/11.4.402.265 2012-09-02+15-48-49.484 ========
  =O====== M/11.4.402.265 2012-09-02+15-50-57.421 ========
  0000 [I] 00000010 "C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe" -refreshIEElevationPolicies
  =X====== M/11.4.402.265 2012-09-02+15-50-57.531 ========
  =O====== M/11.4.402.265 2012-09-02+15-50-57.515 ========
  0000 [I] 00000010 "C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe" -refreshIEElevationPolicies
  =X====== M/11.4.402.265 2012-09-02+15-50-57.796 ========
  =O====== M/11.4.402.265 2012-09-02+15-50-55.203 ========
  0000 [I] 00000010 "C:\Documents and Settings\All Users\Application Data\Adobe\AIH.7314133f438213f459420d8d13e1f99d9727fa56\install_flash_player_ax.exe" -install -iv 8 -au 1
  0001 [W] 00001036 Software\Macromedia\FlashPlayer\SafeVersions/11.0 2
  0002 [W] 00001036 Software\Macromedia\FlashPlayerActiveX/PlayerPath 2
  0003 [W] 00001036 Software\Macromedia\FlashPlayerActiveX/PlayerPath 2
  0004 [I] 00000020 C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
  0005 [W] 00001037 SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX/ 2
  0006 [I] 00000013 C:\WINDOWS\system32\Macromed\Flash\Flash32_11_4_402_265.ocx
  0007 [I] 00000015 C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe
  0008 [I] 00000016 C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.dll
  0009 [I] 00000019 C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
  0010 [W] 00001024 C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 183
  0011 [W] 00001024 C:\WINDOWS\system32\FlashPlayerApp.exe 183
  0012 [I] 00000021 C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
  0013 [W] 00001024 C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 183
  0014 [I] 00000012
  =X====== M/11.4.402.265 2012-09-02+15-50-58.843 ========
  =O====== M/11.4.402.287 2012-10-15+22-24-25.062 ========
  0000 [I] 00000010 "C:\DOCUME~1\KEITHA~1.DUN\LOCALS~1\Temp\{AD84480A-5129-4AA7-8702-29EA328079A0}\InstallFla shPlayer.exe" -iv 4
  0001 [I] 00000020 C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
  0002 [W] 00001036 Software\Mozilla\Firefox\extensions/Plugins 2
  0003 [W] 00001036 Software\Mozilla\MaintenanceService\extensions/Plugins 2
  0004 [W] 00001036 Software\Mozilla\Mozilla Firefox\extensions/Plugins 2
  0005 [W] 00001036 Software\Opera Software/Last CommandLine 2
  0006 [W] 00001036 Software\Opera Software/Last CommandLine 2
  0007 [W] 00001036 Software\Opera Software/Plugin Path 2
  0008 [W] 00001036 Software\Opera Software/Plugin Path 2
  0009 [W] 00001015 C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_4_402_265_Plugin.exe 5
  0010 [I] 00000014 C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
  0011 [I] 00000015 C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_4_402_287_Plugin.exe
  0012 [I] 00000017 C:\WINDOWS\system32\Macromed\Flash
  0013 [I] 00000019 C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
  0014 [W] 00001024 C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 183
  0015 [W] 00001024 C:\WINDOWS\system32\FlashPlayerApp.exe 183
  0016 [I] 00000021 C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
  0017 [W] 00001024 C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 183
  0018 [I] 00000012
  =X====== M/11.4.402.287 2012-10-15+22-24-37.687 ========
  =O====== M/11.4.402.265 2012-10-15+21-43-09.734 ========
  0000 [I] 00000010 "C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_4_402_265_Plugin.exe" -update plugin
  0001 [I] 00000011 0
  =X====== M/11.4.402.265 2012-10-15+22-24-37.906 ========
  =O====== M/11.4.402.287 2012-11-13+12-04-49.656 ========
  0000 [I] 00000010 "C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_4_402_287_Plugin.exe" -update plugin
  =X====== M/11.4.402.287 2012-11-13+12-10-36.078 ========
  =O====== M/11.5.502.110 2012-11-13+12-12-01.593 ========
  0000 [I] 00000010 "C:\Documents and Settings\All Users\Application Data\Adobe\AIH.455f94260a91b740cbea277a1edb36914a894128\install_flash_player.exe" -install -iv 8 -au 1
  0001 [I] 00000020 C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
  0002 [W] 00001036 Software\Mozilla\Firefox\extensions/Plugins 2
  0003 [W] 00001036 Software\Mozilla\MaintenanceService\extensions/Plugins 2
  0004 [W] 00001036 Software\Mozilla\Mozilla Firefox\extensions/Plugins 2
  0005 [W] 00001036 Software\Opera Software/Last CommandLine 2
  0006 [W] 00001036 Software\Opera Software/Last CommandLine 2
  0007 [W] 00001036 Software\Opera Software/Plugin Path 2
  0008 [W] 00001036 Software\Opera Software/Plugin Path 2
  0009 [I] 00000014 C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll
  0010 [I] 00000015 C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_5_502_110_Plugin.exe
  0011 [I] 00000024 C:\WINDOWS\system32\Macromed\Flash\plugin.vch
  0012 [I] 00000017 C:\WINDOWS\system32\Macromed\Flash
  0013 [I] 00000019 C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
  0014 [W] 00001024 C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 183
  0015 [W] 00001024 C:\WINDOWS\system32\FlashPlayerApp.exe 183
  0016 [I] 00000021 C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
  0017 [W] 00001024 C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 183
  0018 [I] 00000012
  =X====== M/11.5.502.110 2012-11-13+12-12-05.562 ========
  =O====== M/11.5.502.110 2012-11-13+12-22-30.515 ========
  0000 [I] 00000010 "C:\Documents and Settings\All Users\Application Data\Adobe\AIH.7314133f438213f459420d8d13e1f99d9727fa56\install_flash_player_ax.exe" -install -iv 8 -au 1
  0001 [I] 00000020 C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
  0002 [W] 00001015 C:\WINDOWS\system32\Macromed\Flash\Flash32_11_4_402_265.ocx 20
  0003 [I] 00000018
  0004 [W] 00001015 C:\WINDOWS\system32\Macromed\Flash\Flash32_11_4_402_265.ocx 20
  0005 [I] 00000013 C:\WINDOWS\system32\Macromed\Flash\Flash32_11_5_502_110.ocx
  0006 [I] 00000015 C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_5_502_110_ActiveX.exe
  0007 [I] 00000016 C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_5_502_110_ActiveX.dll
  0008 [I] 00000023 C:\WINDOWS\system32\Macromed\Flash\activex.vch
  0009 [I] 00000019 C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
  0010 [W] 00001024 C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 183
  0011 [W] 00001024 C:\WINDOWS\system32\FlashPlayerApp.exe 183
  0012 [I] 00000021 C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
  0013 [W] 00001024 C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 183
  0014 [I] 00000012
  =X====== M/11.5.502.110 2012-11-13+12-22-35.812 ========
  =O====== M/11.4.402.287 2012-11-30+14-43-47.171 ========
  0000 [I] 00000010 "F:\Flash Player Uninstaller.exe" -force 
  0001 [W] 00001037 Software\Microsoft\Windows\CurrentVersion\RunOnce/FlashPlayerUpdate 2
  0002 [W] 00001037 Software\Macromedia\FlashPlayerActiveX/ 2
  0003 [W] 00001037 Software\Macromedia\FlashPlayer/FlashPlayerVersion 2
  0004 [W] 00001037 Software\Macromedia\FlashPlayer/SwfInstall 2
  0005 [W] 00001037 Software\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}/ 2
  0006 [W] 00001021
  0007 [W] 00001036 Software\Macromedia\FlashPlayerActiveX/PlayerPath 2
  0008 [W] 00001036 Software\Macromedia\FlashPlayerActiveX/PlayerPath 2
  0009 [W] 00001036 Software\Macromedia\FlashPlayerActiveX/PlayerPath 2
  0010 [W] 00001037 Software\Microsoft\Windows\CurrentVersion\RunOnce/FlashPlayerUpdate 2
  0011 [W] 00001037 Software\Macromedia\FlashPlayerPlugin/ 2
  0012 [W] 00001037 Software\Macromedia\FlashPlayer/FlashPlayerVersion 2
  0013 [W] 00001037 Software\Macromedia\FlashPlayer/SwfInstall 2
  0014 [W] 00001021
  0015 [W] 00001036 Software\Macromedia\FlashPlayerActiveX/PlayerPath 2
  0016 [W] 00001036 Software\Macromedia\FlashPlayerPlugin/PlayerPath 2
  0017 [W] 00001036 Software\Macromedia\FlashPlayerActiveX/PlayerPath 2
  0018 [W] 00001036 Software\Macromedia\FlashPlayerPlugin/PlayerPath 2
  0019 [W] 00001037 Software\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{2CA4F306-B280-4ab2-B5E1-1DFA3583F046}/C:\WINDOWS\system32\FlashPlayerCPLApp.c pl 2
  0020 [W] 00001036 Software\Macromedia\FlashPlayerActiveX/PlayerPath 2
  0021 [W] 00001036 Software\Macromedia\FlashPlayerPlugin/PlayerPath 2
  0022 [W] 00001036 Software\Mozilla\Firefox\extensions/Plugins 2
  0023 [W] 00001036 Software\Mozilla\MaintenanceService\extensions/Plugins 2
  0024 [W] 00001036 Software\Mozilla\Mozilla Firefox\extensions/Plugins 2
  0025 [W] 00001036 Software\Opera Software/Last CommandLine 2
  0026 [W] 00001036 Software\Opera Software/Last CommandLine 2
  0027 [W] 00001036 Software\Opera Software/Plugin Path 2
  0028 [W] 00001036 Software\Opera Software/Plugin Path 2
  =X====== M/11.4.402.287 2012-11-30+14-43-52.937 ========
  =O====== M/11.4.402.287 2012-11-30+14-43-56.453 ========
  0000 [I] 00000010 "F:\Flash Player Uninstaller.exe" -force 
  0001 [W] 00001036 Software\Macromedia\FlashPlayerPlugin/PlayerPath 2
  0002 [W] 00001036 Software\Macromedia\FlashPlayerActiveX/PlayerPath 2
  0003 [W] 00001036 Software\Macromedia\FlashPlayerActiveX/PlayerPath 2
  0004 [W] 00001018
  0005 [W] 00001037 Software\Macromedia\FlashPlayer\SafeVersions/ 2
  0006 [W] 00001037 SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX/ 2
  0007 [W] 00001019
  0008 [W] 00001020
  0009 [W] 00001037 Software\Microsoft\Windows\CurrentVersion\RunOnce/FlashPlayerUpdate 2
  0010 [W] 00001037 Software\Macromedia\FlashPlayerActiveX/ 2
  0011 [W] 00001037 Software\Macromedia\FlashPlayer/FlashPlayerVersion 2
  0012 [W] 00001037 Software\Macromedia\FlashPlayer/SwfInstall 2
  0013 [W] 00001037 Software\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}/ 2
  0014 [W] 00001021
  0015 [W] 00001036 Software\Macromedia\FlashPlayerActiveX/PlayerPath 2
  0016 [W] 00001036 Software\Macromedia\FlashPlayerPlugin/PlayerPath 2
  0017 [W] 00001037 Software\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{2CA4F306-B280-4ab2-B5E1-1DFA3583F046}/C:\WINDOWS\system32\FlashPlayerCPLApp.c pl 2
  0018 [W] 00001048
  0019 [I] 00000020 C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
  0020 [W] 00001036 Software\Macromedia\FlashPlayerActiveX/PlayerPath 2
  0021 [W] 00001036 Software\Macromedia\FlashPlayerPlugin/PlayerPath 2
  0022 [W] 00001037 SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\FlashPlayerApp.exe/ 2
  0023 [W] 00001037 Software\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{2CA4F306-B280-4ab2-B5E1-1DFA3583F046}/C:\WINDOWS\system32\FlashPlayerCPLApp.c pl 2
  0024 [W] 00001036 Software\Macromedia\FlashPlayerActiveX/PlayerPath 2
  0025 [W] 00001036 Software\Macromedia\FlashPlayerPlugin/PlayerPath 2
  0026 [W] 00001036 Software\Macromedia\FlashPlayerPlugin/PlayerPath 2
  0027 [W] 00001018
  0028 [W] 00001036 SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer/ 2
  0029 [W] 00001037 SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer/ 2
  0030 [W] 00001037 SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin/ 2
  0031 [W] 00001019
  0032 [W] 00001020
  0033 [W] 00001037 Software\Microsoft\Windows\CurrentVersion\RunOnce/FlashPlayerUpdate 2
  0034 [W] 00001037 Software\Macromedia\FlashPlayerPlugin/ 2
  0035 [W] 00001037 Software\Macromedia\FlashPlayer/FlashPlayerVersion 2
  0036 [W] 00001037 Software\Macromedia\FlashPlayer/SwfInstall 2
  0037 [W] 00001021
  0038 [W] 00001036 Software\Macromedia\FlashPlayerActiveX/PlayerPath 2
  0039 [W] 00001036 Software\Macromedia\FlashPlayerPlugin/PlayerPath 2
  0040 [W] 00001037 Software\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{2CA4F306-B280-4ab2-B5E1-1DFA3583F046}/C:\WINDOWS\system32\FlashPlayerCPLApp.c pl 2
  0041 [W] 00001048
  0042 [I] 00000020 C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
  0043 [W] 00001036 Software\Macromedia\FlashPlayerActiveX/PlayerPath 2
  0044 [W] 00001036 Software\Macromedia\FlashPlayerPlugin/PlayerPath 2
  0045 [W] 00001037 SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\FlashPlayerApp.exe/ 2
  0046 [W] 00001037 Software\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{2CA4F306-B280-4ab2-B5E1-1DFA3583F046}/C:\WINDOWS\system32\FlashPlayerCPLApp.c pl 2
  0047 [W] 00001036 Software\Macromedia\FlashPlayerActiveX/PlayerPath 2
  0048 [W] 00001036 Software\Macromedia\FlashPlayerPlugin/PlayerPath 2
  0049 [W] 00001036 Software\Mozilla\Firefox\extensions/Plugins 2
  0050 [W] 00001036 Software\Mozilla\MaintenanceService\extensions/Plugins 2
  0051 [W] 00001036 Software\Mozilla\Mozilla Firefox\extensions/Plugins 2
  0052 [W] 00001036 Software\Opera Software/Last CommandLine 2
  0053 [W] 00001036 Software\Opera Software/Last CommandLine 2
  0054 [W] 00001036 Software\Opera Software/Plugin Path 2
  0055 [W] 00001036 Software\Opera Software/Plugin Path 2
  =X====== M/11.4.402.287 2012-11-30+14-44-01.593 ========
  =O====== M/11.5.502.110 2012-11-30+15-47-26.875 ========
  0000 [I] 00000010 "C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_5_502_110_ActiveX.exe" -refreshIEElevationPolicies
  =X====== M/11.5.502.110 2012-11-30+15-47-27.062 ========
  =O====== M/11.5.502.110 2012-11-30+15-47-22.531 ========
  0000 [I] 00000010 "C:\Documents and Settings\All Users\Application Data\Adobe\AIH.7314133f438213f459420d8d13e1f99d9727fa56\install_flash_player_ax.exe" -install -iv 8 -au 1
  0001 [W] 00001036 Software\Macromedia\FlashPlayer\SafeVersions/11.0 2
  0002 [W] 00001036 Software\Macromedia\FlashPlayerActiveX/PlayerPath 2
  0003 [W] 00001036 Software\Macromedia\FlashPlayerActiveX/PlayerPath 2
  0004 [I] 00000020 C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
  0005 [W] 00001037 SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX/ 2
  0006 [I] 00000013 C:\WINDOWS\system32\Macromed\Flash\Flash32_11_5_502_110.ocx
  0007 [I] 00000015 C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_5_502_110_ActiveX.exe
  0008 [I] 00000016 C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_5_502_110_ActiveX.dll
  0009 [I] 00000023 C:\WINDOWS\system32\Macromed\Flash\activex.vch
  0010 [I] 00000019 C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
  0011 [I] 00000021 C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
  0012 [I] 00000012
  =X====== M/11.5.502.110 2012-11-30+15-47-28.484 ========
  =O====== M/11.5.502.110 2012-11-30+15-49-57.781 ========
  0000 [I] 00000010 "C:\Documents and Settings\All Users\Application Data\Adobe\AIH.9947af2949bc1e81dd7b96b50528d1baf6bac22b\install_flash_player.exe" -install -iv 8 -au 1
  0001 [W] 00001036 Software\Macromedia\FlashPlayerPlugin/Version 2
  0002 [W] 00001036 Software\Macromedia\FlashPlayerPlugin/PlayerPath 2
  0003 [I] 00000020 C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
  0004 [W] 00001037 SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer/ 2
  0005 [W] 00001037 SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin/ 2
  0006 [W] 00001036 Software\Mozilla\Firefox\extensions/Plugins 2
  0007 [W] 00001036 Software\Mozilla\MaintenanceService\extensions/Plugins 2
  0008 [W] 00001036 Software\Mozilla\Mozilla Firefox\extensions/Plugins 2
  0009 [W] 00001036 Software\Opera Software/Last CommandLine 2
  0010 [W] 00001036 Software\Opera Software/Last CommandLine 2
  0011 [W] 00001036 Software\Opera Software/Plugin Path 2
  0012 [W] 00001036 Software\Opera Software/Plugin Path 2
  0013 [I] 00000014 C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll
  0014 [I] 00000015 C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_5_502_110_Plugin.exe
  0015 [I] 00000024 C:\WINDOWS\system32\Macromed\Flash\plugin.vch
  0016 [I] 00000017 C:\WINDOWS\system32\Macromed\Flash
  0017 [I] 00000019 C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
  0018 [W] 00001024 C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 183
  0019 [W] 00001024 C:\WINDOWS\system32\FlashPlayerApp.exe 183
  0020 [I] 00000021 C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
  0021 [W] 00001024 C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 183
  0022 [I] 00000012
  =X====== M/11.5.502.110 2012-11-30+15-50-02.031 ========
  =O====== M/11.5.502.135 2012-12-18+12-08-59.187 ========
  0000 [I] 00000010 "C:\DOCUME~1\KEITHA~1.DUN\LOCALS~1\Temp\{AB857A0A-32D6-44DB-9A26-2FF8EEEADB17}\InstallFla shPlayer.exe" -iv 4
  0001 [I] 00000020 C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
  0002 [W] 00001036 Software\Mozilla\Firefox\extensions/Plugins 2
  0003 [W] 00001036 Software\Mozilla\MaintenanceService\extensions/Plugins 2
  0004 [W] 00001036 Software\Mozilla\Mozilla Firefox\extensions/Plugins 2
  0005 [W] 00001036 Software\Opera Software/Last CommandLine 2
  0006 [W] 00001036 Software\Opera Software/Last CommandLine 2
  0007 [W] 00001036 Software\Opera Software/Plugin Path 2
  0008 [W] 00001036 Software\Opera Software/Plugin Path 2
  0009 [W] 00001015 C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_5_502_110_Plugin.exe 5
  0010 [I] 00000014 C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll
  0011 [I] 00000015 C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_5_502_135_Plugin.exe
  0012 [I] 00000024 C:\WINDOWS\system32\Macromed\Flash\plugin.vch
  0013 [I] 00000017 C:\WINDOWS\system32\Macromed\Flash
  0014 [I] 00000019 C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
  0015 [W] 00001024 C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 183
  0016 [W] 00001024 C:\WINDOWS\system32\FlashPlayerApp.exe 183
  0017 [I] 00000021 C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
  0018 [W] 00001024 C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 183
  0019 [I] 00000012
  =X====== M/11.5.502.135 2012-12-18+12-09-16.328 ========
  =O====== M/11.5.502.110 2012-12-18+12-06-47.359 ========
  0000 [I] 00000010 "C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_5_502_110_Plugin.exe" -update plugin
  0001 [I] 00000011 0
  =X====== M/11.5.502.110 2012-12-18+12-31-26.328 ========
  =O====== M/11.5.502.135 2012-12-20+17-46-14.109 ========
  0000 [I] 00000010 C:\DOCUME~1\KEITHA~1.DUN\LOCALS~1\Temp\60377607-a0fb-49b0-adba-9235c435df33687\install_fl ash_player_11_active_x.exe -install -force
  0001 [I] 00000020 C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
  0002 [I] 00000013 C:\WINDOWS\system32\Macromed\Flash\Flash32_11_5_502_135.ocx
  0003 [I] 00000015 C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe
  0004 [I] 00000016 C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.dll
  0005 [I] 00000023 C:\WINDOWS\system32\Macromed\Flash\activex.vch
  0006 [I] 00000019 C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
  0007 [W] 00001024 C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 183
  0008 [W] 00001024 C:\WINDOWS\system32\FlashPlayerApp.exe 183
  0009 [I] 00000021 C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
  0010 [W] 00001024 C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 183
  =X====== M/11.5.502.135 2012-12-20+17-46-22.359 ========
  2012-12-20+17-47-33.265 [error] 1226 1062
  =O====== M/11.5.502.135 2012-12-20+17-47-27.062 ========
  0000 [I] 00000010 C:\DOCUME~1\KEITHA~1.DUN\LOCALS~1\Temp\60377607-a0fb-49b0-adba-9235c435df33687\install_fl ash_player_11_active_x.exe -install -force
  0001 [I] 00000020 C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
  0002 [I] 00000013 C:\WINDOWS\system32\Macromed\Flash\Flash32_11_5_502_135.ocx
  0003 [I] 00000015 C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe
  0004 [I] 00000016 C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.dll
  0005 [I] 00000023 C:\WINDOWS\system32\Macromed\Flash\activex.vch
  0006 [I] 00000019 C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
  0007 [W] 00001024 C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 183
  0008 [W] 00001024 C:\WINDOWS\system32\FlashPlayerApp.exe 183
  0009 [I] 00000021 C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
  0010 [W] 00001106
  0011 [W] 00001106
  0012 [W] 00001024 C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 183
  =X====== M/11.5.502.135 2012-12-20+17-47-33.296 ========
  -kd5-

• Memory leaks- high memory usage svchost.exe

  hello!
  im having a kind of a similar problem. Im using a Q6600 with 4Gb of RAM running on Windows 7 x64. My physical memory usage history is 1.75GB idle but my CPU usage looks good ~ 0%.
  In Windows Task Manager when i arranged the memory column, the process with the highest memory usge is svchost.exe with 116,572K. And i have 14 svchost.exe in my computer! I opened process exporer and check the legitimate of all those svchost.exe
  and they are all legit. When i look at the properties of the highest svchost.exe in process explorer, the services which is running under it is as follows
  AudioEndPointBuilder c:\Windows\System32\Audiosrv.dll
  CscService c:\Windows\System32\cscsvc.dll
  hidserv c:\Windows\System32\hidserv.dll
  Netman c:\Windows\System32\netman.dll
  PcaSvc c:\Windows\System32\pcasvc.dll
  SysMain c:\Windows\System32\sysmail.dll
  TrkWks c:\Windows\System32\trkwks.dll
  UxSms c:\Windows\System32\uxsms.dll
  wudfsvc c:\Windows\System32\WUDFSvc.dll
  All are legit DLLS.
  Is it normal to have 14 svchost.exe running at the same time(system, local service, network service in Task Manager)
  and how can i reduce the memory usage of the svchost.exe?

  Hi,
  There can be multiple instances of Svchost.exe running at the same time. Each Svchost.exe session can contain a grouping of services, so that separate services can
  be run depending on how and where Svchost.exe is started.
  If you would like to reduce the usage of this service, I could share the following article with you:
  Getting Started with SVCHOST.EXE Troubleshooting
  PRF: High CPU (SVCHOST.EXE)
  Hope it helps.
  Alex Zhao
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Sccm 2012 R2 Software update problem

  Hi,
  I have 3 ADR's ADRWin7-1, ADRWin7-2 and ADRWin7-3
  All three Run on Second tuesday of the month and has common Package. All three ADR's create a new group every time they run.
  Schedule :
  ADRWin7-1 Deployes patches to Phase1 collection on 2nd Tuesday
  ADRWin7-2 Deployes Patches to Phase2 collection after 7 days of 2nd Tuesday
  ADRWin7-3 Deployes Patches to Phase3 collection after 14 days of 2nd Tuesday.
  Problem :
  ADRWin7-1 works fine. PC's in Phase1 gets the patches without any problem. But Phase2 and Phase3 PC's are not getting the patches. I have moved PC from Phase1 to Phase2 collection, same problem. When in Phase1 collection it gets the patches and when moved
  to Phase2, it does not.
  Not much info from logs : (Sample logs)
  WUAHangler.log :
  Successfully completed scan. WUAHandler 8/15/2014 5:02:43 PM 1336 (0x0538)
  Scan results will include superseded updates only when they are superseded by service packs and definition updates. WUAHandler 8/15/2014 5:02:43 PM 4488 (0x1188)
  Search Criteria is ((DeploymentAction=* AND Type='Software' AND CategoryIDs contains 'BFE5B177-A086-47A0-B102-097E4FA1F807')) WUAHandler 8/15/2014 5:02:43 PM 4488 (0x1188)
  Async searching of updates using WUAgent started. WUAHandler 8/15/2014 5:02:43 PM 4488 (0x1188)
  Async searching completed. WUAHandler 8/15/2014 5:02:55 PM 3708 (0x0E7C)
  Successfully completed scan. WUAHandler 8/15/2014 5:02:56 PM 1336 (0x0538)
  Scan results will include superseded updates only when they are superseded by service packs and definition updates. WUAHandler 8/15/2014 5:02:57 PM 4548 (0x11C4)
  Search Criteria is ((DeploymentAction=* AND Type='Software' AND CategoryIDs contains 'BFE5B177-A086-47A0-B102-097E4FA1F807')) WUAHandler 8/15/2014 5:02:57 PM 4548 (0x11C4)
  Async searching of updates using WUAgent started. WUAHandler 8/15/2014 5:02:57 PM 4548 (0x11C4)
  Async searching completed. WUAHandler 8/15/2014 5:03:04 PM 2608 (0x0A30)
  Successfully completed scan. WUAHandler 8/15/2014 5:03:05 PM 968 (0x03C8)
  CWuaHandler::SetCategoriesForStateReportingExclusion called with E0789628-CE08-4437-BE74-2495B842F43B;E0789628-CE08-4437-BE74-2495B842F43B,A38C835C-2950-4E87-86CC-6911A52C34A3; for leaves and E0789628-CE08-4437-BE74-2495B842F43B,A38C835C-2950-4E87-86CC-6911A52C34A3;
  for bundles WUAHandler 8/15/2014 5:18:35 PM 4256 (0x10A0)
  UpdatesHandler.log
  Initiating updates scan for checking applicability. UpdatesHandler 8/15/2014 5:02:22 PM 1336 (0x0538)
  Initiating updates scan for checking applicability. UpdatesHandler 8/15/2014 5:02:22 PM 3388 (0x0D3C)
  Successfully initiated scan. UpdatesHandler 8/15/2014 5:02:22 PM 1336 (0x0538)
  Successfully initiated scan. UpdatesHandler 8/15/2014 5:02:22 PM 3388 (0x0D3C)
  Initiating updates scan for checking applicability. UpdatesHandler 8/15/2014 5:02:22 PM 1336 (0x0538)
  Successfully initiated scan. UpdatesHandler 8/15/2014 5:02:22 PM 1336 (0x0538)
  Initiating updates scan for checking applicability. UpdatesHandler 8/15/2014 5:02:22 PM 1336 (0x0538)
  Successfully initiated scan. UpdatesHandler 8/15/2014 5:02:22 PM 1336 (0x0538)
  Updates scan completion received, result = 0x0. UpdatesHandler 8/15/2014 5:02:41 PM 3388 (0x0D3C)
  Updates scan completion received, result = 0x0. UpdatesHandler 8/15/2014 5:02:42 PM 4488 (0x1188)
  Updates scan completion received, result = 0x0. UpdatesHandler 8/15/2014 5:02:43 PM 968 (0x03C8)
  Updates scan completion received, result = 0x0. UpdatesHandler 8/15/2014 5:02:57 PM 3388 (0x0D3C)
  Updates scan completion received, result = 0x0. UpdatesHandler 8/15/2014 5:03:06 PM 1336 (0x0538)
  UpdatesStore.log
  Update status from update (f61b102e-ce91-4086-94d0-fb199d7ce5ee) already exists, will modify existing instance. UpdatesStore 8/15/2014 5:03:06 PM 968 (0x03C8)
  Update status from update (f6a9dfd6-91f2-449f-aef9-0d7f5f801d03) already exists, will modify existing instance. UpdatesStore 8/15/2014 5:03:06 PM 968 (0x03C8)
  Update status from update (f7583494-fffa-4e41-99bc-1e4958f752f9) already exists, will modify existing instance. UpdatesStore 8/15/2014 5:03:06 PM 968 (0x03C8)
  Update status from update (f76f5a9c-8325-4256-a632-654f153704b4) already exists, will modify existing instance. UpdatesStore 8/15/2014 5:03:06 PM 968 (0x03C8)
  Update status from update (f802bfe3-9553-4542-bd1d-bdca38ff645c) already exists, will modify existing instance. UpdatesStore 8/15/2014 5:03:06 PM 968 (0x03C8)
  Update status from update (f90253be-d178-4681-8ca9-71ac186b31f6) already exists, will modify existing instance. UpdatesStore 8/15/2014 5:03:06 PM 968 (0x03C8)
  Update status from update (f92c8766-da08-4e0d-841d-1f36d3270cd3) already exists, will modify existing instance. UpdatesStore 8/15/2014 5:03:06 PM 968 (0x03C8)
  Update status from update (f9ff6d98-1a01-437e-8728-f29cb8c71b13) already exists, will modify existing instance. UpdatesStore 8/15/2014 5:03:06 PM 968 (0x03C8)
  Update status from update (fa090999-3b89-4dd1-82b2-6e16b0841e24) already exists, will modify existing instance. UpdatesStore 8/15/2014 5:03:06 PM 968 (0x03C8)
  Update status from update (fbc9a192-a1d6-4008-8ea6-cd497b8b8668) already exists, will modify existing instance. UpdatesStore 8/15/2014 5:03:06 PM 968 (0x03C8)
  Update status from update (fc7e731b-f4c9-44af-aaa8-952a614b4a64) already exists, will modify existing instance. UpdatesStore 8/15/2014 5:03:06 PM 968 (0x03C8)
  Update status from update (fca3e05e-3bc0-4291-a675-9769042c9594) already exists, will modify existing instance. UpdatesStore 8/15/2014 5:03:06 PM 968 (0x03C8)
  Update status from update (fda58512-32f3-4a5d-a5c4-05a193e037d4) already exists, will modify existing instance. UpdatesStore 8/15/2014 5:03:06 PM 968 (0x03C8)
  Update status from update (fe2139b2-00f2-4eb3-8b28-d439e762967c) already exists, will modify existing instance. UpdatesStore 8/15/2014 5:03:06 PM 968 (0x03C8)
  Update status from update (ff6cd189-1c49-4438-ac4e-34d988330e5f) already exists, will modify existing instance. UpdatesStore 8/15/2014 5:03:06 PM 968 (0x03C8)
  Update status from update (ffbb4e7e-0edc-47fe-8c02-65211d2586fb) already exists, will modify existing instance. UpdatesStore 8/15/2014 5:03:06 PM 968 (0x03C8)
  Successfully done with SetStatus() operation. UpdatesStore 8/15/2014 5:03:06 PM 968 (0x03C8)
  Querying update status of 10 updates. UpdatesStore 8/15/2014 5:03:06 PM 1336 (0x0538)
  Querying update status completed successfully. UpdatesStore 8/15/2014 5:03:06 PM 1336 (0x0538)
  Querying update status of 14 updates. UpdatesStore 8/15/2014 5:03:06 PM 4548 (0x11C4)
  Querying update status completed successfully. UpdatesStore 8/15/2014 5:03:06 PM 4548 (0x11C4)
  Querying update status of 22 updates. UpdatesStore 8/15/2014 5:03:06 PM 2372 (0x0944)
  Querying update status completed successfully. UpdatesStore 8/15/2014 5:03:06 PM 2372 (0x0944)
  Querying update status of 12 updates. UpdatesStore 8/15/2014 5:03:06 PM 4488 (0x1188)
  Querying update status completed successfully. UpdatesStore 8/15/2014 5:03:06 PM 4488 (0x1188)
  Querying update status of 26 updates. UpdatesStore 8/15/2014 5:03:06 PM 4516 (0x11A4)
  Querying update status completed successfully. UpdatesStore 8/15/2014 5:03:06 PM 4516 (0x11A4)
  Querying update status of 10 updates. UpdatesStore 8/15/2014 5:03:06 PM 4368 (0x1110)
  Querying update status completed successfully. UpdatesStore 8/15/2014 5:03:06 PM 4368 (0x1110)
  Querying update status of 12 updates. UpdatesStore 8/15/2014 5:03:06 PM 1984 (0x07C0)
  Querying update status completed successfully. UpdatesStore 8/15/2014 5:03:06 PM 1984 (0x07C0)
  Querying update status of 1 updates. UpdatesStore 8/15/2014 5:03:06 PM 4296 (0x10C8)
  Querying update status completed successfully. UpdatesStore 8/15/2014 5:03:06 PM 4296 (0x10C8)
  Querying update status of 10 updates. UpdatesStore 8/15/2014 5:03:07 PM 4516 (0x11A4)
  Querying update status completed successfully. UpdatesStore 8/15/2014 5:03:07 PM 4516 (0x11A4)
  Windowsupdate.log
  2014-08-15 17:03:03:963  924 1024 Agent   * Added update {801E75EC-F4EF-483C-B606-AB930EBF46B3}.202 to search result
  2014-08-15 17:03:03:963  924 1024 Agent   * Added update {61BFE3EC-A1DC-4EAB-9481-0D8FD7319AE8}.100 to search result
  2014-08-15 17:03:03:963  924 1024 Agent   * Added update {07D8D1ED-1E2A-4696-A20F-9EE6D983B0E6}.100 to search result
  2014-08-15 17:03:03:963  924 1024 Agent   * Added update {B0CD9CEE-4C6B-4E2D-B4DA-1F83C4657C18}.104 to search result
  2014-08-15 17:03:03:963  924 1024 Agent   * Added update {006666EF-3638-4ADC-8DA0-65F08E31A4C2}.102 to search result
  2014-08-15 17:03:03:963  924 1024 Agent   * Added update {0CFB8DEF-9B7E-478C-A746-8F9F91311DB5}.103 to search result
  2014-08-15 17:03:03:963  924 1024 Agent   * Added update {2EE7B9F1-22B7-4618-84B1-8F0804A2ED02}.101 to search result
  2014-08-15 17:03:03:963  924 1024 Agent   * Added update {99EB2EF3-7266-4488-9A80-A49418A4D1D4}.201 to search result
  2014-08-15 17:03:03:963  924 1024 Agent   * Added update {B34E43F5-2F06-4D9D-B147-EE76B076E9C0}.100 to search result
  2014-08-15 17:03:03:963  924 1024 Agent   * Added update {AD752FF8-DF05-4532-84B2-FEFF2D98F689}.101 to search result
  2014-08-15 17:03:03:963  924 1024 Agent   * Added update {5357F0F8-DC7C-467C-8D8D-EA4D6345260C}.200 to search result
  2014-08-15 17:03:03:963  924 1024 Agent   * Added update {77507BF9-6899-47DF-96D0-2FFA53A90470}.101 to search result
  2014-08-15 17:03:03:963  924 1024 Agent   * Added update {EFA1E1FA-3CAD-4098-94E7-571D00F5B3BA}.202 to search result
  2014-08-15 17:03:03:963  924 1024 Agent   * Added update {ACCDC8FE-BC27-4473-9F35-BD9D0880B4D2}.101 to search result
  2014-08-15 17:03:03:966  924 1024 Agent   * Found 192 updates and 8 categories in search; evaluated appl. rules of 313 out of 697 deployed entities
  2014-08-15 17:03:03:972  924 1024 Agent *********
  2014-08-15 17:03:03:972  924 1024 Agent **  END  **  Agent: Finding updates [CallerId = CcmExec]
  2014-08-15 17:03:03:972  924 1024 Agent *************
  2014-08-15 17:03:03:990 3536 3c8 COMAPI >>--  RESUMED  -- COMAPI: Search [ClientId = CcmExec]
  2014-08-15 17:03:04:340 3536 3c8 COMAPI   - Updates found = 192
  2014-08-15 17:03:04:340 3536 3c8 COMAPI ---------
  2014-08-15 17:03:04:340 3536 3c8 COMAPI --  END  --  COMAPI: Search [ClientId = CcmExec]
  2014-08-15 17:03:04:340 3536 3c8 COMAPI -------------
  2014-08-15 17:15:14:576  924 a98 Shutdwn user declined update at shutdown
  2014-08-15 17:15:14:576  924 a98 AU Successfully wrote event for AU health state:0
  2014-08-15 17:15:14:576  924 a98 AU AU initiates service shutdown
  2014-08-15 17:15:14:576  924 a98 AU ###########  AU: Uninitializing Automatic Updates  ###########
  2014-08-15 17:15:14:701  924 a98 Report CWERReporter finishing event handling. (00000000)
  2014-08-15 17:15:14:717  924 a98 Service *********
  2014-08-15 17:15:14:717  924 a98 Service **  END  **  Service: Service exit [Exit code = 0x240001]
  2014-08-15 17:15:14:717  924 a98 Service *************
  2014-08-15 17:18:22:445  904 230 Misc ===========  Logging initialized (build: 7.6.7600.256, tz: +0100)  ===========
  2014-08-15 17:18:22:445  904 230 Misc   = Process: C:\Windows\system32\svchost.exe
  2014-08-15 17:18:22:445  904 230 Misc   = Module: c:\windows\system32\wuaueng.dll
  2014-08-15 17:18:22:445  904 230 Service *************
  2014-08-15 17:18:22:445  904 230 Service ** START **  Service: Service startup
  2014-08-15 17:18:22:461  904 230 Service *********
  2014-08-15 17:18:23:256  904 230 Agent   * WU client version 7.6.7600.256
  2014-08-15 17:18:23:287  904 230 Agent   * Base directory: C:\Windows\SoftwareDistribution
  2014-08-15 17:18:23:428  904 230 Agent   * Access type: No proxy
  2014-08-15 17:18:23:521  904 230 Agent   * Network state: Connected
  2014-08-15 17:18:36:498  904 e54 Report CWERReporter::Init succeeded
  2014-08-15 17:18:36:514  904 e54 Agent ***********  Agent: Initializing Windows Update Agent  ***********
  2014-08-15 17:18:36:514  904 e54 Agent ***********  Agent: Initializing global settings cache  ***********
  2014-08-15 17:18:36:514  904 e54 Agent   * WSUS server:
  http://SCCMserver.com:8530
  2014-08-15 17:18:36:514  904 e54 Agent   * WSUS status server:
  http://SCCMserver.com:8530
  2014-08-15 17:18:36:514  904 e54 Agent   * Target group: (Unassigned Computers)
  2014-08-15 17:18:36:514  904 e54 Agent   * Windows Update access disabled: No
  2014-08-15 17:18:36:514  904 e54 DnldMgr Download manager restoring 0 downloads
  2014-08-15 17:18:37:886  904 230 Report ***********  Report: Initializing static reporting data  ***********
  2014-08-15 17:18:37:886  904 230 Report   * OS Version = 6.1.7600.0.0.65792
  2014-08-15 17:18:37:886  904 230 Report   * OS Product Type = 0x00000004
  2014-08-15 17:18:37:886  904 230 Report   * Computer Brand = VMware, Inc.
  2014-08-15 17:18:37:886  904 230 Report   * Computer Model = VMware Virtual Platform
  2014-08-15 17:18:37:886  904 230 Report   * Bios Revision = 6.00
  2014-08-15 17:18:37:886  904 230 Report   * Bios Name = PhoenixBIOS 4.0 Release 6.0    
  2014-08-15 17:18:37:886  904 230 Report   * Bios Release Date = 2012-07-02T00:00:00
  2014-08-15 17:18:37:886  904 230 Report   * Locale ID = 1033
  2014-08-15 17:18:43:049  904 10f4 Report CWERReporter finishing event handling. (00000000)
  2014-08-15 17:19:22:199  904 230 AU ###########  AU: Initializing Automatic Updates  ###########
  2014-08-15 17:19:22:199  904 230 AU   # WSUS server:
  http://SCCMserver.com:8530
  2014-08-15 17:19:22:199  904 230 AU   # Detection frequency: 10
  2014-08-15 17:19:22:199  904 230 AU   # Approval type: Pre-install notify (Policy)
  2014-08-15 17:19:22:199  904 230 AU   # Auto-install minor updates: Yes (Policy)
  2014-08-15 17:19:22:199  904 230 AU Successfully wrote event for AU health state:0
  2014-08-15 17:19:22:199  904 230 AU Initializing featured updates
  2014-08-15 17:19:22:199  904 230 AU Found 0 cached featured updates
  2014-08-15 17:19:22:199  904 230 AU Successfully wrote event for AU health state:0
  2014-08-15 17:19:22:199  904 230 AU Successfully wrote event for AU health state:0
  2014-08-15 17:19:22:199  904 230 AU AU finished delayed initialization
  2014-08-15 17:19:22:199  904 230 AU #############
  2014-08-15 17:19:22:199  904 230 AU ## START ##  AU: Search for updates
  2014-08-15 17:19:22:199  904 230 AU #########
  2014-08-15 17:19:22:199  904 230 AU <<## SUBMITTED ## AU: Search for updates [CallId = {081DAF36-6F30-4383-9B4F-3439B1869B38}]
  2014-08-15 17:19:22:199  904 10f4 Agent *************
  2014-08-15 17:19:22:199  904 10f4 Agent ** START **  Agent: Finding updates [CallerId = AutomaticUpdates]
  2014-08-15 17:19:22:199  904 10f4 Agent *********
  2014-08-15 17:19:22:199  904 10f4 Agent   * Online = No; Ignore download priority = No
  2014-08-15 17:19:22:199  904 10f4 Agent   * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1
  or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
  2014-08-15 17:19:22:199  904 10f4 Agent   * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed
  2014-08-15 17:19:22:199  904 10f4 Agent   * Search Scope = {Machine}
  2014-08-15 17:19:29:982  904 10f4 Agent   * Found 0 updates and 171 categories in search; evaluated appl. rules of 337 out of 2240 deployed entities
  2014-08-15 17:19:29:982  904 10f4 Agent *********
  2014-08-15 17:19:29:982  904 10f4 Agent **  END  **  Agent: Finding updates [CallerId = AutomaticUpdates]
  2014-08-15 17:19:29:982  904 10f4 Agent *************
  2014-08-15 17:19:29:998  904 10f4 Report REPORT EVENT: {CD4756C6-2116-4B99-B2AD-C970D24DE94F} 2014-08-15 17:19:22:199+0100 1 202 102 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Content
  Install Reboot completed.
  2014-08-15 17:19:29:998  904 1108 AU >>##  RESUMED  ## AU: Search for updates [CallId = {081DAF36-6F30-4383-9B4F-3439B1869B38}]
  2014-08-15 17:19:29:998  904 1108 AU   # 0 updates detected
  2014-08-15 17:19:30:013  904 1108 AU #########
  2014-08-15 17:19:30:013  904 1108 AU ##  END  ##  AU: Search for updates [CallId = {081DAF36-6F30-4383-9B4F-3439B1869B38}]
  2014-08-15 17:19:30:013  904 1108 AU #############
  2014-08-15 17:19:30:013  904 1108 AU Featured notifications is disabled.
  2014-08-15 17:19:30:013  904 1108 AU Successfully wrote event for AU health state:0
  2014-08-15 17:19:30:013  904 1108 AU Successfully wrote event for AU health state:0
  2014-08-15 17:19:30:029  904 10f4 Report CWERReporter finishing event handling. (00000000)
  2014-08-15 17:19:35:020  904 10f4 Report CWERReporter finishing event handling. (00000000)
  2014-08-15 17:22:35:006  904 10f4 Report Uploading 1 events using cached cookie, reporting URL =
  http://SCCMserver.com:8530/ReportingWebService/ReportingWebService.asmx
  2014-08-15 17:22:35:255  904 10f4 Report Reporter successfully uploaded 1 events.
  Not sure whats going wrong??????????
  When I checked the Deployment Monitoring Tool for the perticular test PC, the contents for the Patch deployments are blank (Have attached the image)
  Thanks.

  Let's start with that I think it's a very tricky method of deploying software updates. There is always a possibility that between phase 1 and 3 some updates are revised or even some complete new updates are available. That could cause differences (in for
  example behavior) between your test clients and your other clients.
  Back to your issue, it's hard to judge based on the log snippets. It looks like a function client and at the end I see something about 0 updates available.. Make sure that the software update group contains updates, the deployment is targeted to the right
  collection and the content is all downloaded and available.
  My Blog: http://www.petervanderwoude.nl/
  Follow me on twitter: pvanderwoude

• Svchost.exe with "Dhcp, eventlog, lmhosts" services is generating thousands of page faults and I/O reads per second?

  On one of our Windows 2008 R2 Enterprise (SP1) servers, we're noticing a strange phenomenon.....that the svchost.exe that hosts "Dhcp, eventlog, lmhosts" is constantly generating page faults....a few thousand per second, accumulating to billions of total
  page faults.  I/O reads and I/O other are also rising every second.  Cpu is consistently 2%, and memory is constant. (~40M). 
  I'm guessing that it's the eventlog service because our HP openview log reader (opcle.exe) is also working hard to keep up.  I've searched for others posting a similar problem but am coming up empty handed. 
  This is a MS Analysis Services 2008 server, but we haven't noticed any problems coming from SSAS.  We have other file sharing-related jobs that interact with this server, that sometimes take 30 min and sometimes 6 hours, for the same workload....and
  we're thinking that the 6 hour runs are somehow related to this process's unusual page faults.
  Anyone else seen this eventlog strange behavior?
  Thanks
  -Mark

  Hi,
  The best thing would be downloading the Process Explorer and analyzing the problem.
  Process Explorer
  http://technet.microsoft.com/en-us/sysinternals/bb896653
  For how to use Process Explorer to troubleshoot the performance issue, please refer to the following Microsoft TechNet blogs:
  HIGH CPU – SVCHOST.EXE
  http://blogs.technet.com/b/askperf/archive/2009/04/10/prf-high-cpu-svchost-exe.aspx
  Getting Started with SVCHOST.EXE Troubleshooting
  http://blogs.technet.com/b/askperf/archive/2008/01/11/getting-started-with-svchost-exe-troubleshooting.aspx
  If you find the cause is Automatic update, please also refer to the following Microsoft TechNet blog:
  Automatic Update causes SVCHOST.exe high CPU
  http://blogs.technet.com/b/asiasupp/archive/2007/05/29/automatic-update-causes-svchost-exe-high-cpu.aspx
  Regards,
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Problems with patch 10.2.0.3 installation

  Hi all,
  I´m trying to apply the patch set 10.2.0.3. I've stoped all services, but during the installation,
  a file msvcr71.dll may be in use.
  What file is this? What other service can I stop to continue?
  thanks!!!

  Is this XP? There's a known problem with locked DLLs (by generic Windows process svchost.exe) during patch installation. Unfortunately other locked files could follow. Therefore try the following workaround:
  1) Rename $ORACLE_HOME\bin to something else
  2) Reboot the machine
  3) Rename the directory back
  4) Install the patchset again
  Windows

• Windows 7 Wireless Logon - Problems with 802.1X Machine & User Authentication

  Hello All,
  We’ve had difficulty with our Windows 7 clients authenticating to our wireless network. I’m hoping someone out there has experienced the same thing and can offer some help.
  Some info about our environment:
  Single Windows 2008 R2 domain with 6 DCs
  MS Radius server
  Aruba wireless controllers
  The Problem:
  The client computer boots,
  Auths as machine (802.1X successful)
  User enters creds
  User auth (802.1X successful)
  To this point, everything is working normally. Next is where it gets weird.
  During the logon process, there is another machine auth
  2-5 minutes later another User auth
  OS is up and usable (connected to wireless network); however, no homefolder is mapped and GPP didn’t apply properly.
  From what I understand, after the user has logged in, Windows never attempts another machine authentication. When the user logs out, Windows can attempt it.
  Can anyone offer some insight to what is causing this? I have logs available if anyone is interested.
  Thanks in advance for any help you can offer!
  Brett
  -- Brett

  I did a network trace to gain more insight. I don’t understand why after 802.1X auth is successful on port 1, it then initiates 802.1X auth on port 2.
  Can you offer any insight?
  10487    3:50:19 PM 8/23/2012    63.0340126                                                         
  ONEX_MicrosoftWindowsOneX                ONEX_MicrosoftWindowsOneX:Port(1 (0x1)): Authentication Starting   {ONEX_MicrosoftWindowsOneX:126, NetEvent:5}
  10867    3:50:19 PM 8/23/2012    63.3403904                                                         
  ONEX_MicrosoftWindowsOneX                ONEX_MicrosoftWindowsOneX:Port(1 (0x1)): Time taken for this authentication = 281 (0x119) ms               
  {ONEX_MicrosoftWindowsOneX:126, NetEvent:5}
  Then >>>
  11718    3:50:35 PM 8/23/2012    79.3196653                                                         
  ONEX_MicrosoftWindowsOneX                ONEX_MicrosoftWindowsOneX:OneXDestroySupplicantPort     {ONEX_MicrosoftWindowsOneX:126, NetEvent:5}
  11938    3:50:36 PM 8/23/2012    80.0530315                                                         
  ONEX_MicrosoftWindowsOneX                ONEX_MicrosoftWindowsOneX:Finished initializing a new port with id=2 (0x2) and friendly name=Dell Wireless 1504 802.11b/g/n (2.4GHz)         
  {ONEX_MicrosoftWindowsOneX:126, NetEvent:5}
  11959    3:50:36 PM 8/23/2012    80.0556734                                                         
  ONEX_MicrosoftWindowsOneX                ONEX_MicrosoftWindowsOneX:OneXStartAuthentication           {ONEX_MicrosoftWindowsOneX:126,
  NetEvent:5}
  11964 3:50:36 PM 8/23/2012
  80.0557074 svchost.exe (1036)
  ONEX_MicrosoftWindowsOneX ONEX_MicrosoftWindowsOneX:Port(2 (0x2)): Starting a new 802.1X authentication (MSM initiated)
  11965 3:50:36 PM 8/23/2012
  80.0557333 svchost.exe (1036)
  ONEX_MicrosoftWindowsOneX ONEX_MicrosoftWindowsOneX:Port(2 (0x2)): Authentication Starting
  -- Brett

• Cluster Disk failover problem

  Hi Everyone
  I have built a Windows 2008 R2 Failover Cluster. It is scheduled to be a HyperV cluster, but I have removed HyperV from the equation as I am having problems.
  Its a 2 node cluster connecting to a PS4000 via iscsi.
  Network config is
  Nic 1 - Host and Cluster Management - 10.160.19.x/24
  Nic 2 & 3 - icsci 10.160.46..x/24, MPIO,
  Nic 4 - CSV - 10.160.47/24
  Nic 5 - LiveMigration - 10.160.49.x/24
  Nic6 - VMSwitch - HyperV Virtual Machine "External" nic.
  The cluster ip is on 10.160.19.x.
  The Cluster validation passes sucessfully and so does creating the cluster and performing post creating validations. When I simulate failures of the Quorum disk, it fails over to the second node after requisites retrys on the first node...all good.
  However when I simulate failures on the second cluster disk, it just fails on the primary node. I can bring it online on same node or if I stop the cluster service on that node, everything successfully fails over to the second node. But automatic/simulating
  failover isn't working.
  When I dump out the cluster log(below)this is all the entries pertaining to the failover attempt. Sorry for the log dump.
  My analysis of the log, leads me in two directions, Is my nic assignment and config correct? Can I confirm the Cluster disk guids are identical between nodes?
  I appreciate any assistance. Apologies on the large log.
  Thanks
  [NM] Received request from client address 10.160.19.22.
  00000b18.00000f50::2011/01/13-16:10:32.005 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQ returned 21.'
  00000730.00000d3c::2011/01/13-16:10:32.005 WARN  [RCM] Failed to load restype 'MSMQ': error 21.
  00000730.00000d3c::2011/01/13-16:10:32.005 WARN  [RCM] rcm::RcmApi::ResTypeControl: ResType MSMQ's DLL is not present on this node.  Attempting to find a good node...
  00000b18.00000f50::2011/01/13-16:10:32.005 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQ returned 21.'
  00000730.00000d40::2011/01/13-16:10:32.005 WARN  [RCM] Failed to load restype 'MSMQ': error 21.
  00000b18.00000f50::2011/01/13-16:10:32.317 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQTriggers returned 21.'
  00000730.00000d3c::2011/01/13-16:10:32.317 WARN  [RCM] Failed to load restype 'MSMQTriggers': error 21.
  00000730.00000d3c::2011/01/13-16:10:32.317 WARN  [RCM] rcm::RcmApi::ResTypeControl: ResType MSMQTriggers's DLL is not present on this node.  Attempting to find a good node...
  00000b18.00000f50::2011/01/13-16:10:32.317 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQTriggers returned 21.'
  00000730.000005e0::2011/01/13-16:10:32.317 WARN  [RCM] Failed to load restype 'MSMQTriggers': error 21.
  00000b18.00000f50::2011/01/13-16:10:32.317 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQ returned 21.'
  00000730.000005e0::2011/01/13-16:10:32.317 WARN  [RCM] Failed to load restype 'MSMQ': error 21.
  00000730.000005e0::2011/01/13-16:10:32.317 WARN  [RCM] rcm::RcmApi::ResTypeControl: ResType MSMQ's DLL is not present on this node.  Attempting to find a good node...
  00000b18.00000c1c::2011/01/13-16:10:32.317 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQ returned 21.'
  00000730.00000d3c::2011/01/13-16:10:32.317 WARN  [RCM] Failed to load restype 'MSMQ': error 21.
  00000b18.00000c1c::2011/01/13-16:10:32.332 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQTriggers returned 21.'
  00000730.00000d3c::2011/01/13-16:10:32.332 WARN  [RCM] Failed to load restype 'MSMQTriggers': error 21.
  00000730.00000d3c::2011/01/13-16:10:32.332 WARN  [RCM] rcm::RcmApi::ResTypeControl: ResType MSMQTriggers's DLL is not present on this node.  Attempting to find a good node...
  00000b18.00000c1c::2011/01/13-16:10:32.332 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQTriggers returned 21.'
  00000730.00000d40::2011/01/13-16:10:32.332 WARN  [RCM] Failed to load restype 'MSMQTriggers': error 21.
  00000b18.00000c1c::2011/01/13-16:10:32.332 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQ returned 21.'
  00000730.000005e0::2011/01/13-16:10:32.332 WARN  [RCM] Failed to load restype 'MSMQ': error 21.
  00000730.000005e0::2011/01/13-16:10:32.332 WARN  [RCM] rcm::RcmApi::ResTypeControl: ResType MSMQ's DLL is not present on this node.  Attempting to find a good node...
  00000b18.00000c1c::2011/01/13-16:10:32.332 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQ returned 21.'
  00000730.00000d40::2011/01/13-16:10:32.332 WARN  [RCM] Failed to load restype 'MSMQ': error 21.
  00000b18.00000c1c::2011/01/13-16:10:32.332 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQTriggers returned 21.'
  00000730.00000d3c::2011/01/13-16:10:32.332 WARN  [RCM] Failed to load restype 'MSMQTriggers': error 21.
  00000730.00000d3c::2011/01/13-16:10:32.332 WARN  [RCM] rcm::RcmApi::ResTypeControl: ResType MSMQTriggers's DLL is not present on this node.  Attempting to find a good node...
  00000b18.00000c1c::2011/01/13-16:10:32.332 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQTriggers returned 21.'
  00000730.000005e0::2011/01/13-16:10:32.332 WARN  [RCM] Failed to load restype 'MSMQTriggers': error 21.
  00000730.00000d3c::2011/01/13-16:10:35.296 INFO  [RCM] rcm::RcmApi::FailResource: (VM1)
  00000730.00000d40::2011/01/13-16:10:35.296 INFO  [RCM] HandleMonitorReply: FAILURENOTIFICATION for 'VM1', gen(1) result 0.
  00000730.00000d40::2011/01/13-16:10:35.296 INFO  [RCM] TransitionToState(VM1) Online-->ProcessingFailure.
  00000730.00000d40::2011/01/13-16:10:35.296 INFO  [RCM] rcm::RcmGroup::UpdateStateIfChanged: (Available Storage, Online --> Failed)
  00000730.00000d40::2011/01/13-16:10:35.296 ERR   [RCM] rcm::RcmResource::HandleFailure: (VM1)
  00000730.00000d40::2011/01/13-16:10:35.296 INFO  [RCM] resource VM1: failure count: 1, restartAction: 2.
  00000730.00000d40::2011/01/13-16:10:35.296 INFO  [RCM] Will restart resource in 500 milliseconds.
  00000730.00000d40::2011/01/13-16:10:35.296 INFO  [RCM] TransitionToState(VM1) ProcessingFailure-->[WaitingToTerminate to DelayRestartingResource].
  00000730.00000d40::2011/01/13-16:10:35.296 INFO  [RCM] rcm::RcmGroup::UpdateStateIfChanged: (Available Storage, Failed --> Pending)
  00000730.00000d40::2011/01/13-16:10:35.296 INFO  [RCM] TransitionToState(VM1) [WaitingToTerminate to DelayRestartingResource]-->[Terminating to DelayRestartingResource].
  00000bd4.00000eb0::2011/01/13-16:10:35.296 INFO  [RES] Physical Disk <VM1>: Terminate request.
  00000bd4.00000eb0::2011/01/13-16:10:35.327 WARN  [RES] Physical Disk <VM1>: Terminate: Failed to offline volume \Device\Harddisk3\Partition1, Error 5
  00000b18.00000c1c::2011/01/13-16:10:35.343 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQ returned 21.'
  00000730.00000d3c::2011/01/13-16:10:35.343 WARN  [RCM] Failed to load restype 'MSMQ': error 21.
  00000730.00000d3c::2011/01/13-16:10:35.343 WARN  [RCM] rcm::RcmApi::ResTypeControl: ResType MSMQ's DLL is not present on this node.  Attempting to find a good node...
  00000b18.00000c1c::2011/01/13-16:10:35.343 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQ returned 21.'
  00000730.00000d30::2011/01/13-16:10:35.343 WARN  [RCM] Failed to load restype 'MSMQ': error 21.
  00000bd4.00000eb0::2011/01/13-16:10:35.343 INFO  [RES] Physical Disk <VM1>: HardDiskpCloseSVIHandles: Exit
  00000b18.00000c1c::2011/01/13-16:10:35.343 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQTriggers returned 21.'
  00000730.00000d3c::2011/01/13-16:10:35.343 WARN  [RCM] Failed to load restype 'MSMQTriggers': error 21.
  00000730.00000d3c::2011/01/13-16:10:35.343 WARN  [RCM] rcm::RcmApi::ResTypeControl: ResType MSMQTriggers's DLL is not present on this node.  Attempting to find a good node...
  00000b18.00000c1c::2011/01/13-16:10:35.343 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQTriggers returned 21.'
  00000730.00000d30::2011/01/13-16:10:35.343 WARN  [RCM] Failed to load restype 'MSMQTriggers': error 21.
  00000b18.00000c1c::2011/01/13-16:10:35.359 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQ returned 21.'
  00000730.00000d3c::2011/01/13-16:10:35.359 WARN  [RCM] Failed to load restype 'MSMQ': error 21.
  00000730.00000d3c::2011/01/13-16:10:35.359 WARN  [RCM] rcm::RcmApi::ResTypeControl: ResType MSMQ's DLL is not present on this node.  Attempting to find a good node...
  00000b18.00000c1c::2011/01/13-16:10:35.359 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQ returned 21.'
  00000730.00000d30::2011/01/13-16:10:35.359 WARN  [RCM] Failed to load restype 'MSMQ': error 21.
  00000b18.00000c1c::2011/01/13-16:10:35.359 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQTriggers returned 21.'
  00000730.00000d3c::2011/01/13-16:10:35.359 WARN  [RCM] Failed to load restype 'MSMQTriggers': error 21.
  00000730.00000d3c::2011/01/13-16:10:35.359 WARN  [RCM] rcm::RcmApi::ResTypeControl: ResType MSMQTriggers's DLL is not present on this node.  Attempting to find a good node...
  00000b18.00000c1c::2011/01/13-16:10:35.359 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQTriggers returned 21.'
  00000730.00000d30::2011/01/13-16:10:35.359 WARN  [RCM] Failed to load restype 'MSMQTriggers': error 21.
  00000b18.00000c1c::2011/01/13-16:10:35.437 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQ returned 21.'
  00000730.00000d3c::2011/01/13-16:10:35.437 WARN  [RCM] Failed to load restype 'MSMQ': error 21.
  00000730.00000d3c::2011/01/13-16:10:35.437 WARN  [RCM] rcm::RcmApi::ResTypeControl: ResType MSMQ's DLL is not present on this node.  Attempting to find a good node...
  00000b18.00000c1c::2011/01/13-16:10:35.437 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQ returned 21.'
  00000730.00000d30::2011/01/13-16:10:35.437 WARN  [RCM] Failed to load restype 'MSMQ': error 21.
  00000b18.00000c1c::2011/01/13-16:10:35.452 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQTriggers returned 21.'
  00000730.00000d3c::2011/01/13-16:10:35.452 WARN  [RCM] Failed to load restype 'MSMQTriggers': error 21.
  00000730.00000d3c::2011/01/13-16:10:35.452 WARN  [RCM] rcm::RcmApi::ResTypeControl: ResType MSMQTriggers's DLL is not present on this node.  Attempting to find a good node...
  00000b18.00000c1c::2011/01/13-16:10:35.452 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQTriggers returned 21.'
  00000730.00000d30::2011/01/13-16:10:35.452 WARN  [RCM] Failed to load restype 'MSMQTriggers': error 21.
  00000b18.00000c1c::2011/01/13-16:10:35.452 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQ returned 21.'
  00000730.00000d3c::2011/01/13-16:10:35.452 WARN  [RCM] Failed to load restype 'MSMQ': error 21.
  00000730.00000d3c::2011/01/13-16:10:35.452 WARN  [RCM] rcm::RcmApi::ResTypeControl: ResType MSMQ's DLL is not present on this node.  Attempting to find a good node...
  00000b18.00000c1c::2011/01/13-16:10:35.452 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQ returned 21.'
  00000730.00000d30::2011/01/13-16:10:35.452 WARN  [RCM] Failed to load restype 'MSMQ': error 21.
  00000b18.00000c1c::2011/01/13-16:10:35.452 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQTriggers returned 21.'
  00000730.00000d3c::2011/01/13-16:10:35.452 WARN  [RCM] Failed to load restype 'MSMQTriggers': error 21.
  00000730.00000d3c::2011/01/13-16:10:35.452 WARN  [RCM] rcm::RcmApi::ResTypeControl: ResType MSMQTriggers's DLL is not present on this node.  Attempting to find a good node...
  00000b18.00000c1c::2011/01/13-16:10:35.452 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQTriggers returned 21.'
  00000730.00000d30::2011/01/13-16:10:35.452 WARN  [RCM] Failed to load restype 'MSMQTriggers': error 21.
  00000bd4.00000eb0::2011/01/13-16:10:36.263 INFO  [RES] Physical Disk: ReleaseDisk: stop reserve succeeded on device 3 (sig 44423655)
  00000730.00000d30::2011/01/13-16:10:36.279 INFO  [RCM] HandleMonitorReply: TERMINATERESOURCE for 'VM1', gen(2) result 0.
  00000730.00000d30::2011/01/13-16:10:36.279 INFO  [RCM] TransitionToState(VM1) [Terminating to DelayRestartingResource]-->DelayRestartingResource.
  00000730.00000d3c::2011/01/13-16:10:36.794 INFO  [RCM] Delay-restarting VM1 and any waiting dependents.
  00000730.00000d3c::2011/01/13-16:10:36.794 INFO  [RCM] TransitionToState(VM1) DelayRestartingResource-->OnlineCallIssued.
  00000bd4.00000eb0::2011/01/13-16:10:36.794 INFO  [RES] Physical Disk <VM1>: Online request.
  00000730.00000298::2011/01/13-16:10:36.794 INFO  [RCM] HandleMonitorReply: ONLINERESOURCE for 'VM1', gen(2) result 997.
  00000730.00000298::2011/01/13-16:10:36.794 INFO  [RCM] TransitionToState(VM1) OnlineCallIssued-->OnlinePending.
  00000bd4.00000c04::2011/01/13-16:10:36.794 INFO  [RES] Physical Disk <VM1>: Arbitrate request: FastPath 0
  00000bd4.00000c04::2011/01/13-16:10:36.794 INFO  [RES] Physical Disk: Enter EnumerateDevices: EnumDevice 0
  00000bd4.00000c04::2011/01/13-16:10:36.809 INFO  [RES] Physical Disk: Exit EnumerateDevices: status 0
  00000bd4.00000c04::2011/01/13-16:10:36.841 INFO  [RES] Physical Disk: Successful reserve, disk is unowned, key 4daf7466734d
  00000bd4.00000c04::2011/01/13-16:10:36.841 INFO  [RES] Physical Disk: Update disk props returns 0
  00000bd4.00000c04::2011/01/13-16:10:36.841 INFO  [RES] Physical Disk <VM1>: Disk is offline
  00000730.00000298::2011/01/13-16:10:36.841 INFO  [GUM] Node 1: Processing RequestLock 1:42
  00000730.00000314::2011/01/13-16:10:36.841 INFO  [GUM] Node 1: Processing GrantLock to 1 (sent by 2 gumid: 566)
  00000bd4.00000c04::2011/01/13-16:10:36.841 WARN  [RES] Physical Disk <VM1>: OnlineThread: Failed to get volume guid for device
  \\?\GLOBALROOT\Device\Harddisk3\Partition1\. Error 3
  00000b18.00000c1c::2011/01/13-16:10:36.856 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQ returned 21.'
  00000730.00000d3c::2011/01/13-16:10:36.856 WARN  [RCM] Failed to load restype 'MSMQ': error 21.
  00000730.00000d3c::2011/01/13-16:10:36.856 WARN  [RCM] rcm::RcmApi::ResTypeControl: ResType MSMQ's DLL is not present on this node.  Attempting to find a good node...
  00000bd4.00000bf8::2011/01/13-16:10:36.856 INFO  [RES] Physical Disk: PNP: Adding volume
  \\?\STORAGE#Volume#{73432ff7-18ee-11e0-aded-0026b93b46a0}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
  00000bd4.00000f30::2011/01/13-16:10:36.856 INFO  [RES] Physical Disk <VM1>: Completed HardDiskpUpdateRegistryWorker (start time 16:10:36.841)
  00000bd4.00000bf8::2011/01/13-16:10:36.856 INFO  [RES] Physical Disk: PNP: Add Volume exit, status 0
  00000b18.00000c1c::2011/01/13-16:10:36.856 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQ returned 21.'
  00000730.00000d40::2011/01/13-16:10:36.856 WARN  [RCM] Failed to load restype 'MSMQ': error 21.
  00000b18.00000c1c::2011/01/13-16:10:36.856 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQTriggers returned 21.'
  00000730.00000d3c::2011/01/13-16:10:36.856 WARN  [RCM] Failed to load restype 'MSMQTriggers': error 21.
  00000730.00000d3c::2011/01/13-16:10:36.856 WARN  [RCM] rcm::RcmApi::ResTypeControl: ResType MSMQTriggers's DLL is not present on this node.  Attempting to find a good node...
  00000b18.00000c1c::2011/01/13-16:10:36.856 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQTriggers returned 21.'
  00000730.00000d40::2011/01/13-16:10:36.856 WARN  [RCM] Failed to load restype 'MSMQTriggers': error 21.
  00000b18.00000c1c::2011/01/13-16:10:36.872 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQ returned 21.'
  00000730.00000d3c::2011/01/13-16:10:36.872 WARN  [RCM] Failed to load restype 'MSMQ': error 21.
  00000730.00000d3c::2011/01/13-16:10:36.872 WARN  [RCM] rcm::RcmApi::ResTypeControl: ResType MSMQ's DLL is not present on this node.  Attempting to find a good node...
  00000b18.00000c1c::2011/01/13-16:10:36.872 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQ returned 21.'
  00000730.00000d40::2011/01/13-16:10:36.872 WARN  [RCM] Failed to load restype 'MSMQ': error 21.
  00000b18.00000c1c::2011/01/13-16:10:36.872 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQTriggers returned 21.'
  00000730.00000d3c::2011/01/13-16:10:36.872 WARN  [RCM] Failed to load restype 'MSMQTriggers': error 21.
  00000730.00000d3c::2011/01/13-16:10:36.872 WARN  [RCM] rcm::RcmApi::ResTypeControl: ResType MSMQTriggers's DLL is not present on this node.  Attempting to find a good node...
  00000b18.00000c1c::2011/01/13-16:10:36.872 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQTriggers returned 21.'
  00000730.00000298::2011/01/13-16:10:36.872 WARN  [RCM] Failed to load restype 'MSMQTriggers': error 21.
  00000bd4.00000c04::2011/01/13-16:10:40.850 WARN  [RES] Physical Disk <VM1>: OnlineThread: Failed to set volguid \??\Volume{7343300a-18ee-11e0-aded-0026b93b46a0}. Error: 183.
  00000bd4.00000c04::2011/01/13-16:10:40.850 INFO  [RES] Physical Disk <VM1>: Found 2 mount points for device \Device\Harddisk3\Partition1
  00000bd4.00000c04::2011/01/13-16:10:40.850 INFO  [RES] Physical Disk <VM1>: VolumeIsNtfs: Volume
  \\?\GLOBALROOT\Device\Harddisk3\Partition1\ has FS type NTFS
  00000bd4.00000c04::2011/01/13-16:10:40.850 INFO  [RES] Physical Disk: Volume
  \\?\GLOBALROOT\Device\Harddisk3\Partition1\ has FS type NTFS
  00000bd4.00000c04::2011/01/13-16:10:40.850 INFO  [RES] Physical Disk: MountPoint V:\ points to volume
  \\?\Volume{7343300a-18ee-11e0-aded-0026b93b46a0}\
  00000bd4.00000c04::2011/01/13-16:10:40.850 DBG   [ClRtl] CaptureShareInfo: Share 0000000000000050, Server 0000000000000000, Path 0000000000000056 SD 0000000000000000 size 242
  00000bd4.00000c04::2011/01/13-16:10:40.850 WARN  [ClRtl] SsCoreShareAdd(): status = 2118 share = V$ server = (null)
  00000bd4.00000c04::2011/01/13-16:10:40.850 DBG   [ClRtl] CaptureShareInfo: Share 0000000000000050, Server 0000000000000000, Path 0000000000000056 SD 0000000000000000 size 242
  00000bd4.00000c04::2011/01/13-16:10:40.850 INFO  [RHS] Resource VM1 has come online. RHS is about to report status change to RCM
  00000730.00000d3c::2011/01/13-16:10:40.850 INFO  [RCM] HandleMonitorReply: ONLINERESOURCE for 'VM1', gen(2) result 0.
  00000730.00000d3c::2011/01/13-16:10:40.850 INFO  [RCM] TransitionToState(VM1) OnlinePending-->Online.
  00000730.00000d3c::2011/01/13-16:10:40.850 INFO  [RCM] rcm::RcmGroup::UpdateStateIfChanged: (Available Storage, Pending --> Online)
  00000bd4.00000c04::2011/01/13-16:10:40.850 INFO  [RES] Physical Disk: DriveLetter mask: 0x200000
  00000b18.00000c1c::2011/01/13-16:10:40.896 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQ returned 21.'
  00000730.00000d30::2011/01/13-16:10:40.896 WARN  [RCM] Failed to load restype 'MSMQ': error 21.
  00000730.00000d30::2011/01/13-16:10:40.896 WARN  [RCM] rcm::RcmApi::ResTypeControl: ResType MSMQ's DLL is not present on this node.  Attempting to find a good node...
  00000b18.00000c1c::2011/01/13-16:10:40.896 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQ returned 21.'
  00000730.000006d8::2011/01/13-16:10:40.896 WARN  [RCM] Failed to load restype 'MSMQ': error 21.
  00000b18.00000c1c::2011/01/13-16:10:40.912 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQTriggers returned 21.'
  00000730.00000d30::2011/01/13-16:10:40.912 WARN  [RCM] Failed to load restype 'MSMQTriggers': error 21.
  00000730.00000d30::2011/01/13-16:10:40.912 WARN  [RCM] rcm::RcmApi::ResTypeControl: ResType MSMQTriggers's DLL is not present on this node.  Attempting to find a good node...
  00000b18.00000c1c::2011/01/13-16:10:40.912 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQTriggers returned 21.'
  00000730.000006d8::2011/01/13-16:10:40.912 WARN  [RCM] Failed to load restype 'MSMQTriggers': error 21.
  00000b18.00000c1c::2011/01/13-16:10:40.912 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQ returned 21.'
  00000730.00000d30::2011/01/13-16:10:40.912 WARN  [RCM] Failed to load restype 'MSMQ': error 21.
  00000730.00000d30::2011/01/13-16:10:40.912 WARN  [RCM] rcm::RcmApi::ResTypeControl: ResType MSMQ's DLL is not present on this node.  Attempting to find a good node...
  00000b18.00000c1c::2011/01/13-16:10:40.912 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQ returned 21.'
  00000730.000006d8::2011/01/13-16:10:40.912 WARN  [RCM] Failed to load restype 'MSMQ': error 21.
  00000b18.00000c1c::2011/01/13-16:10:40.912 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQTriggers returned 21.'
  00000730.00000d30::2011/01/13-16:10:40.912 WARN  [RCM] Failed to load restype 'MSMQTriggers': error 21.
  00000730.00000d30::2011/01/13-16:10:40.912 WARN  [RCM] rcm::RcmApi::ResTypeControl: ResType MSMQTriggers's DLL is not present on this node.  Attempting to find a good node...
  00000b18.00000c1c::2011/01/13-16:10:40.912 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQTriggers returned 21.'
  00000730.000006d8::2011/01/13-16:10:40.912 WARN  [RCM] Failed to load restype 'MSMQTriggers': error 21.
  00000b18.00000c1c::2011/01/13-16:10:40.928 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQ returned 21.'
  00000730.00000d30::2011/01/13-16:10:40.928 WARN  [RCM] Failed to load restype 'MSMQ': error 21.
  00000730.00000d30::2011/01/13-16:10:40.928 WARN  [RCM] rcm::RcmApi::ResTypeControl: ResType MSMQ's DLL is not present on this node.  Attempting to find a good node...
  00000b18.00000c1c::2011/01/13-16:10:40.928 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQ returned 21.'
  00000730.000006d8::2011/01/13-16:10:40.928 WARN  [RCM] Failed to load restype 'MSMQ': error 21.
  00000b18.00000c1c::2011/01/13-16:10:40.928 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQTriggers returned 21.'
  00000730.00000d30::2011/01/13-16:10:40.928 WARN  [RCM] Failed to load restype 'MSMQTriggers': error 21.
  00000730.00000d30::2011/01/13-16:10:40.928 WARN  [RCM] rcm::RcmApi::ResTypeControl: ResType MSMQTriggers's DLL is not present on this node.  Attempting to find a good node...
  00000b18.00000c1c::2011/01/13-16:10:40.928 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQTriggers returned 21.'
  00000730.000006d8::2011/01/13-16:10:40.928 WARN  [RCM] Failed to load restype 'MSMQTriggers': error 21.
  00000b18.00000c1c::2011/01/13-16:10:40.943 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQ returned 21.'
  00000730.00000d30::2011/01/13-16:10:40.943 WARN  [RCM] Failed to load restype 'MSMQ': error 21.
  00000730.00000d30::2011/01/13-16:10:40.943 WARN  [RCM] rcm::RcmApi::ResTypeControl: ResType MSMQ's DLL is not present on this node.  Attempting to find a good node...
  00000b18.00000c1c::2011/01/13-16:10:40.943 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQ returned 21.'
  00000730.000006d8::2011/01/13-16:10:40.943 WARN  [RCM] Failed to load restype 'MSMQ': error 21.
  00000b18.00000c1c::2011/01/13-16:10:40.943 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQTriggers returned 21.'
  00000730.00000d30::2011/01/13-16:10:40.943 WARN  [RCM] Failed to load restype 'MSMQTriggers': error 21.
  00000730.00000d30::2011/01/13-16:10:40.943 WARN  [RCM] rcm::RcmApi::ResTypeControl: ResType MSMQTriggers's DLL is not present on this node.  Attempting to find a good node...
  00000b18.00000c1c::2011/01/13-16:10:40.943 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQTriggers returned 21.'
  00000730.000006d8::2011/01/13-16:10:40.943 WARN  [RCM] Failed to load restype 'MSMQTriggers': error 21.
  00000730.00000d30::2011/01/13-16:10:47.354 INFO  [RCM] rcm::RcmApi::FailResource: (VM1)
  00000730.00000d40::2011/01/13-16:10:47.354 INFO  [RCM] HandleMonitorReply: FAILURENOTIFICATION for 'VM1', gen(3) result 0.
  00000730.00000d40::2011/01/13-16:10:47.354 INFO  [RCM] TransitionToState(VM1) Online-->ProcessingFailure.
  00000730.00000d40::2011/01/13-16:10:47.354 INFO  [RCM] rcm::RcmGroup::UpdateStateIfChanged: (Available Storage, Online --> Failed)
  00000730.00000d40::2011/01/13-16:10:47.354 ERR   [RCM] rcm::RcmResource::HandleFailure: (VM1)
  00000730.00000d40::2011/01/13-16:10:47.354 INFO  [RCM] resource VM1: failure count: 2, restartAction: 2.
  00000730.00000d40::2011/01/13-16:10:47.354 INFO  [RCM] TransitionToState(VM1) ProcessingFailure-->[WaitingToTerminate to Failed].
  00000730.00000d40::2011/01/13-16:10:47.354 INFO  [RCM] rcm::RcmGroup::UpdateStateIfChanged: (Available Storage, Failed --> Pending)
  00000730.00000d40::2011/01/13-16:10:47.354 INFO  [RCM] TransitionToState(VM1) [WaitingToTerminate to Failed]-->[Terminating to Failed].
  00000bd4.00000eb0::2011/01/13-16:10:47.354 INFO  [RES] Physical Disk <VM1>: Terminate request.
  00000730.00000d40::2011/01/13-16:10:47.354 INFO  [RCM] Resource VM1 is causing group Available Storage to failover.  Posting worker thread.
  00000730.00000d40::2011/01/13-16:10:47.354 INFO  [RCM] rcm::RcmGroup::Failover: (Available Storage)
  00000bd4.00000eb0::2011/01/13-16:10:47.417 WARN  [RES] Physical Disk <VM1>: Terminate: Failed to offline volume \Device\Harddisk3\Partition1, Error 5
  00000b18.00000c1c::2011/01/13-16:10:47.432 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQ returned 21.'
  00000730.0000076c::2011/01/13-16:10:47.432 WARN  [RCM] Failed to load restype 'MSMQ': error 21.
  00000730.0000076c::2011/01/13-16:10:47.432 WARN  [RCM] rcm::RcmApi::ResTypeControl: ResType MSMQ's DLL is not present on this node.  Attempting to find a good node...
  00000b18.00000c1c::2011/01/13-16:10:47.432 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQ returned 21.'
  00000730.00000d30::2011/01/13-16:10:47.432 WARN  [RCM] Failed to load restype 'MSMQ': error 21.
  00000b18.00000c1c::2011/01/13-16:10:47.432 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQTriggers returned 21.'
  00000730.0000076c::2011/01/13-16:10:47.432 WARN  [RCM] Failed to load restype 'MSMQTriggers': error 21.
  00000730.0000076c::2011/01/13-16:10:47.432 WARN  [RCM] rcm::RcmApi::ResTypeControl: ResType MSMQTriggers's DLL is not present on this node.  Attempting to find a good node...
  00000b18.00000c1c::2011/01/13-16:10:47.432 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQTriggers returned 21.'
  00000730.00000d30::2011/01/13-16:10:47.432 WARN  [RCM] Failed to load restype 'MSMQTriggers': error 21.
  00000b18.00000c1c::2011/01/13-16:10:47.432 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQ returned 21.'
  00000730.0000076c::2011/01/13-16:10:47.432 WARN  [RCM] Failed to load restype 'MSMQ': error 21.
  00000730.0000076c::2011/01/13-16:10:47.432 WARN  [RCM] rcm::RcmApi::ResTypeControl: ResType MSMQ's DLL is not present on this node.  Attempting to find a good node...
  00000b18.00000c1c::2011/01/13-16:10:47.448 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQ returned 21.'
  00000730.00000d30::2011/01/13-16:10:47.448 WARN  [RCM] Failed to load restype 'MSMQ': error 21.
  00000b18.00000c1c::2011/01/13-16:10:47.448 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQTriggers returned 21.'
  00000730.0000076c::2011/01/13-16:10:47.448 WARN  [RCM] Failed to load restype 'MSMQTriggers': error 21.
  00000730.0000076c::2011/01/13-16:10:47.448 WARN  [RCM] rcm::RcmApi::ResTypeControl: ResType MSMQTriggers's DLL is not present on this node.  Attempting to find a good node...
  00000b18.00000c1c::2011/01/13-16:10:47.448 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQTriggers returned 21.'
  00000730.00000d30::2011/01/13-16:10:47.448 WARN  [RCM] Failed to load restype 'MSMQTriggers': error 21.
  00000bd4.00000eb0::2011/01/13-16:10:47.666 INFO  [RES] Physical Disk <VM1>: HardDiskpCloseSVIHandles: Exit
  00000bd4.00000eb0::2011/01/13-16:10:48.259 INFO  [RES] Physical Disk: ReleaseDisk: stop reserve succeeded on device 3 (sig 44423655)
  00000730.0000076c::2011/01/13-16:10:48.368 INFO  [RCM] HandleMonitorReply: TERMINATERESOURCE for 'VM1', gen(4) result 0.
  00000730.0000076c::2011/01/13-16:10:48.368 INFO  [RCM] TransitionToState(VM1) [Terminating to Failed]-->Failed.
  00000730.0000076c::2011/01/13-16:10:48.368 INFO  [RCM] rcm::RcmGroup::UpdateStateIfChanged: (Available Storage, Pending --> Failed)
  00000730.00000d40::2011/01/13-16:10:48.384 WARN  [RCM] Not failing over group Available Storage, failoverCount 1, failover threshold 0, nodeAvailCount 0.
  00000730.00000d40::2011/01/13-16:10:48.384 INFO  [RCM] Will retry online of VM1 in 3600000 milliseconds.
  00000b18.00000c1c::2011/01/13-16:10:48.384 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQ returned 21.'
  00000730.00000d40::2011/01/13-16:10:48.384 WARN  [RCM] Failed to load restype 'MSMQ': error 21.
  00000730.00000d40::2011/01/13-16:10:48.384 WARN  [RCM] rcm::RcmApi::ResTypeControl: ResType MSMQ's DLL is not present on this node.  Attempting to find a good node...
  00000b18.00000c1c::2011/01/13-16:10:48.384 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQ returned 21.'
  00000730.0000076c::2011/01/13-16:10:48.384 WARN  [RCM] Failed to load restype 'MSMQ': error 21.
  00000b18.00000c1c::2011/01/13-16:10:48.400 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQTriggers returned 21.'
  00000730.00000d40::2011/01/13-16:10:48.400 WARN  [RCM] Failed to load restype 'MSMQTriggers': error 21.
  00000730.00000d40::2011/01/13-16:10:48.400 WARN  [RCM] rcm::RcmApi::ResTypeControl: ResType MSMQTriggers's DLL is not present on this node.  Attempting to find a good node...
  00000b18.00000c1c::2011/01/13-16:10:48.400 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQTriggers returned 21.'
  00000730.0000076c::2011/01/13-16:10:48.400 WARN  [RCM] Failed to load restype 'MSMQTriggers': error 21.
  00000b18.00000c1c::2011/01/13-16:10:48.400 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQ returned 21.'
  00000730.00000d40::2011/01/13-16:10:48.400 WARN  [RCM] Failed to load restype 'MSMQ': error 21.
  00000730.00000d40::2011/01/13-16:10:48.400 WARN  [RCM] rcm::RcmApi::ResTypeControl: ResType MSMQ's DLL is not present on this node.  Attempting to find a good node...
  00000b18.00000c1c::2011/01/13-16:10:48.400 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQ returned 21.'
  00000730.0000076c::2011/01/13-16:10:48.400 WARN  [RCM] Failed to load restype 'MSMQ': error 21.
  00000b18.00000c1c::2011/01/13-16:10:48.400 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQTriggers returned 21.'
  00000730.00000d40::2011/01/13-16:10:48.400 WARN  [RCM] Failed to load restype 'MSMQTriggers': error 21.
  00000730.00000d40::2011/01/13-16:10:48.400 WARN  [RCM] rcm::RcmApi::ResTypeControl: ResType MSMQTriggers's DLL is not present on this node.  Attempting to find a good node...
  00000b18.00000c1c::2011/01/13-16:10:48.400 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQTriggers returned 21.'
  00000730.0000076c::2011/01/13-16:10:48.400 WARN  [RCM] Failed to load restype 'MSMQTriggers': error 21.

  Thanks Ramzan and Elden for your reply. :) :)
  Issue Faced:
  we have 3 cluster server(2008 enterprise R2). The cluster server gets rebooted and failover happens frequently.As a workaround,we use to unistall Network threat component(symantec) when the issue happens.
  The Cluster validation passes sucessfully for both storage and network.
  I dont find any logs apart from the below.
  00000d38.00000698::2011/04/15-20:04:38.452 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQ returned 21.'
  00000984.00000d88::2011/04/15-20:04:38.452 WARN  [RCM] Failed to load restype 'MSMQ': error 21.
  00000d38.00000698::2011/04/15-20:04:38.467 ERR   [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQTriggers returned 21.'
  00000984.000012f0::2011/04/15-20:04:38.467 WARN  [RCM] Failed to load restype 'MSMQTriggers': error 21.
  00000984.000012f0::2011/04/15-20:04:38.467 WARN  [RCM] rcm::RcmApi::ResTypeControl: ResType MSMQTriggers's DLL is not present on this node. 
  Attempting to find a good node...
  We collected the bugcheck analysis report after the reboot. The report as follows
  MM_INTERNAL_CODE:  0
  DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
  BUGCHECK_STR:  0x50
  PROCESS_NAME:  svchost.exe
  CURRENT_IRQL:  0
  STACK_COMMAND:  kb
  FOLLOWUP_IP:
  srvnet!FillSessionInfoBuffer+a2
  fffff880`05472ed2 448b9c2480000000 mov     r11d,dword ptr [rsp+80h]
  SYMBOL_STACK_INDEX:  4
  SYMBOL_NAME:  srvnet!FillSessionInfoBuffer+a2
  FOLLOWUP_NAME:  MachineOwner
  MODULE_NAME: srvnet
  IMAGE_NAME:  srvnet.sys
  DEBUG_FLR_IMAGE_TIMESTAMP:  4c7732f4
  FAILURE_BUCKET_ID:  X64_0x50_srvnet!FillSessionInfoBuffer+a2
  BUCKET_ID:  X64_0x50_srvnet!FillSessionInfoBuffer+a2
  Followup: MachineOwner
  As per microsoft technet, we are planning to deploy the hotfix provided in the article
  http://support.microsoft.com/kb/980135
  Please let us know if another troubleshooting steps needs to be performed. Any solutions please let us know
  Thanks
  Dinesh

• SVCHost NetSVCS On Windows Server 2008 Standard memory leak with windows update

  I have a particular situation that has surfaced lately.  I have a series of Windows Server 2008 Standard.  I have applications that use WMI to do application interfacing.  For years this has been running fine until recenly in the last month
  I have seen memory being swallowed by the process SVCHost Netsvcs.  I have done significant research into this.  The problem appears almost like clock work on a daily basis.  I have traced this to windows update which seems to kick off, it is
  also using WMI, it starts and seems to get lost then netsvcs starts running off until all memory is consumed and the svchost process eventually fails.  At that point I can get back into the system to view it. If I catch it in time I can simply stop windows
  update but sometimes I have to take the drastic and unsafe measure to kill that particular svchost process. 
  There are a lot of threads regarding SVCHost and nothing comes remotely close to this issue as far as I can see.
  I have allready ensured that windows update is up to date. 
  At present I am forced to ensure that windows update is disabled. I then have to manually shut down the other services that are using WMI to do an update.  This means down time for my applications realtime updates.

  Hi,
  does this issue occur on a single server or multiple servers? And is it server 2008 or 2008 R2?  (if 2008R2 there is a
  hotfix
  available which would seem a good fit for your current issue).
  If you find the answer of assistance please "Vote as Helpful"and/or "Mark as Answer" where applicable. This helps others to find solutions for there issues, and recognises contributions made to the community :)

• Svchost.exe errors after installing iTunes 7.0.1.8

  I have two computers that starting throwing svchost.exe errors immediately after installing iTunes 7. First it happened on my desktop. In preparation to reinstall Windows XP on my desktop, I prepared my laptop to use while my desktop was out of commision. I installed iTunes 7 and immediately I started getting svchost.exe errors. I don't have the blaster worm on either machine (already checked). My desktop is behind three firewals, runs Norton, and I already did a full virus scan on both.
  This is causing significant problems as my computer can't see the network, outlook can wig out, and in general my machine is unpredicatable. I hate to think that installing iTunes 7.0 leads to the need to reinstall Windows. If anyone has any ideas I would appreciate any help.

  I changed my "Startup Type" for "Terminal Services" from "Disabled" to "Manual". Resolved issue.
  http://docs.info.apple.com/article.html?artnum=304434
    Windows XP Pro