Another one

[Trotter]

Seems like the thread on my wife's bugcode_usb_driver isn't doing too good. Hopefully this one won't be such a stumper.

It's on my mother-in-law's computer this time. She leaves it running and just turns off the monitor like we all do. When she turns the monitor back on it takes a loooong time to come up. I swapped out the monitor already and it still does it on a known good monitor. It's very weird.

I have gone through the event logs and fixed a few things thus far, like RealPlayer causing problems (adios, muchacho) and MSE OOBE stopping due to an error. Still remaining is a couple that are puzzling me.

Here's one:

Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
5 user registry handles leaked from \Registry\User\S-1-5-21-830426223-4204607699-393647609-500:
Process 496 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-830426223-4204607699-393647609-500
Process 496 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-830426223-4204607699-393647609-500
Process 496 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-830426223-4204607699-393647609-500\Software\Microsoft\SystemCertificates\Disallowed
Process 496 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-830426223-4204607699-393647609-500\Software\Microsoft\SystemCertificates\My
Process 496 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-830426223-4204607699-393647609-500\Software\Microsoft\SystemCertificates\CA

Here's another:

Certificate for local system with Thumbprint 4e 7c 54 42 2a 43 1a db de 20 36 77 0e b2 fa 58 fb 58 cd 44 is about to expire or already expired.

And the last:

Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.

The second one irritates me as it does just name the system and I am unsure as to what certificate it is referring to. The last one is puzzling as I don't know what power management features it is talking about. And the first one just boggles me mind altogether.

I would appreciate some help if anyone knows what is going on with these, and maybe some on the other thread if you get a chance.

 

[KSoD]

I will look over this tomorrow. Had a bad day overall and not in Windows to take a look at the posted minidumps right now.

 

[Trotter]

Thanks, mate.

 

[KSoD]

Sorry for the delay. These are very interesting. The first one sounds like an infection is trying to take over the lsass.exe file but Windows is preventing it. Cause if you search, you will see that the file in question is known for being subject to infections. So that could be the source.

The next one is definitely odd. The only thing i can think of is that whatever is plaguing the system with that lsass issue is causing this problem. It sounds like it might be traveling via your network. There are infections that can do that. I would isolate each machine and run scans.