New
#1
WHEA-Logger (W7 freezes/crashes) Hardware fault
This crash started out of the blue for no apparent reason. I generally find that leaving one side of my case open helps to keep my PC cooler than when the case is closed and sealed. I have the case closed atm. I did have a noisy PSU which was slightly respositioned but other than this I am sure nothing else could be the cause. The only thing I did with the PSU was to adjust the casing screws so it no longer vibrated. And I do have my doubts about the PSU being at fault here! This error/crash has only showed up months later after adjusting the PSU. If the problem consists and no one here is able to help resolve this then I will go back to Vista Ultimate and see if the problems showup there. Also FYI this PC has never had nor ever will be overclocked!
Copied from Event Viewer:
W7 was installed onto a clean formatted HDD on 16th May to troubleshoot this crash issue. Hence why there are only two mini dumps to analyse. This time I decided to try 64bit installation of W7 Ultimate. I usually find that this crash will occur each day between 1 and 3 times when it is left idle. At first I thought it was due to leaving web browsers open which some users of W7 had experienced but now I do not think so. I have only been present when the PC crashes once and this was while I was web browsing.Script:Log Name: System
Source: Microsoft-Windows-WHEA-Logger
Date: 19/05/2010 15:23:56
Event ID: 18
Task Category: None
Level: Error
Keywords:
User: LOCAL SERVICE
Computer: -office-PC
Description:
A fatal hardware error has occurred.
Reported by component: Processor Core
Error Source: Machine Check Exception
Error Type: Internal Timer Error
Processor ID: 1
The details view of this entry contains further information.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WHEA-Logger" Guid="{C26C4F3C-3F66-4E99-8F8A-39405CFED220}" />
<EventID>18</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2010-05-19T14:23:56.093750000Z" />
<EventRecordID>2091</EventRecordID>
<Correlation ActivityID="{1662FF0F-7E6F-4225-99D0-482F132502AE}" />
<Execution ProcessID="1560" ThreadID="2400" />
<Channel>System</Channel>
<Computer>-office-PC</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
<Data Name="ErrorSource">3</Data>
<Data Name="ApicId">1</Data>
<Data Name="MCABank">0</Data>
<Data Name="MciStat">0xa200000084010400</Data>
<Data Name="MciAddr">0x0</Data>
<Data Name="MciMisc">0x0</Data>
<Data Name="ErrorType">5</Data>
<Data Name="TransactionType">256</Data>
<Data Name="Participation">256</Data>
<Data Name="RequestType">256</Data>
<Data Name="MemorIO">256</Data>
<Data Name="MemHierarchyLvl">256</Data>
<Data Name="Timeout">256</Data>
<Data Name="OperationType">256</Data>
<Data Name="Channel">256</Data>
<Data Name="Length">928</Data>
<Data Name="RawData">435045521002FFFFFFFF03000100000002000000A003000012160E0013050A140000000000000000000000000000000000000000000000000000000000000000BDC407CF89B7184EB3C41F732CB57131FE6FF5E89C91C54CBA8865ABE14913BBA4824C9E5EF7CA0102000000000000000000000000000000000000000000000058010000C00000000102000001000000ADCC7698B447DB4BB65E16F193C4F3DB0000000000000000000000000000000001000000000000000000000000000000000000000000000018020000800000000102000000000000B0A03EDC44A19747B95B53FA242B6E1D0000000000000000000000000000000001000000000000000000000000000000000000000000000098020000080100000102000000000000011D1E8AF94257459C33565E5CC3F7E80000000000000000000000000000000001000000000000000000000000000000000000000000000057010000000000000002080000000000620F00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000007000000000000000100000000000000620F0000000802013DE40000FFFBEBBF0000000000000000000000000000000000000000000000000000000000000000577FAB4834DC6C4FA7D3B0B5B0A74314010000000000000027001D000000000000000000000000000000000000000000000000000000000000000000000000000100000001000000AE15DDAF5EF7CA0101000000000000000000000000000000000000000000000000040184000000A2000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000</Data>
</EventData>
</Event>
Log Name: System
Source: Microsoft-Windows-WHEA-Logger
Date: 19/05/2010 15:23:56
Event ID: 18
Task Category: None
Level: Error
Keywords:
User: LOCAL SERVICE
Computer: -office-PC
Description:
A fatal hardware error has occurred.
Reported by component: Processor Core
Error Source: Machine Check Exception
Error Type: Internal Timer Error
Processor ID: 0
The details view of this entry contains further information.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WHEA-Logger" Guid="{C26C4F3C-3F66-4E99-8F8A-39405CFED220}" />
<EventID>18</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2010-05-19T14:23:56.093750000Z" />
<EventRecordID>2090</EventRecordID>
<Correlation ActivityID="{9AF40872-FC17-4B3C-B34D-D3EE15D170B8}" />
<Execution ProcessID="1560" ThreadID="2400" />
<Channel>System</Channel>
<Computer>-office-PC</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
<Data Name="ErrorSource">3</Data>
<Data Name="ApicId">0</Data>
<Data Name="MCABank">0</Data>
<Data Name="MciStat">0xa200000084010400</Data>
<Data Name="MciAddr">0x0</Data>
<Data Name="MciMisc">0x0</Data>
<Data Name="ErrorType">5</Data>
<Data Name="TransactionType">256</Data>
<Data Name="Participation">256</Data>
<Data Name="RequestType">256</Data>
<Data Name="MemorIO">256</Data>
<Data Name="MemHierarchyLvl">256</Data>
<Data Name="Timeout">256</Data>
<Data Name="OperationType">256</Data>
<Data Name="Channel">256</Data>
<Data Name="Length">928</Data>
<Data Name="RawData">435045521002FFFFFFFF03000100000002000000A003000012160E0013050A140000000000000000000000000000000000000000000000000000000000000000BDC407CF89B7184EB3C41F732CB57131FE6FF5E89C91C54CBA8865ABE14913BBA3824C9E5EF7CA0102000000000000000000000000000000000000000000000058010000C00000000102000001000000ADCC7698B447DB4BB65E16F193C4F3DB0000000000000000000000000000000001000000000000000000000000000000000000000000000018020000800000000102000000000000B0A03EDC44A19747B95B53FA242B6E1D0000000000000000000000000000000001000000000000000000000000000000000000000000000098020000080100000102000000000000011D1E8AF94257459C33565E5CC3F7E80000000000000000000000000000000001000000000000000000000000000000000000000000000057010000000000000002080000000000620F00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000620F0000000802003DE40000FFFBEBBF0000000000000000000000000000000000000000000000000000000000000000577FAB4834DC6C4FA7D3B0B5B0A74314010000000000000027001D000000000000000000000000000000000000000000000000000000000000000000000000000100000001000000AE15DDAF5EF7CA0100000000000000000000000000000000000000000000000000040184000000A2000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000</Data>
</EventData>
</Event>
Log Name: Security
Source: Microsoft-Windows-Eventlog
Date: 19/05/2010 15:23:16
Event ID: 1101
Task Category: Event processing
Level: Error
Keywords: Audit Success
User: N/A
Computer: -office-PC
Description:
Audit events have been dropped by the transport. 0
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Eventlog" Guid="{fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148}" />
<EventID>1101</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>101</Task>
<Opcode>0</Opcode>
<Keywords>0x4020000000000000</Keywords>
<TimeCreated SystemTime="2010-05-19T14:23:16.156250000Z" />
<EventRecordID>727</EventRecordID>
<Correlation />
<Execution ProcessID="956" ThreadID="1204" />
<Channel>Security</Channel>
<Computer>-office-PC</Computer>
<Security />
</System>
<UserData>
<AuditEventsDropped xmlns:auto-ns3="http://schemas.microsoft.com/win/2004/08/events" xmlns="http://manifests.microsoft.com/win/2004/08/windows/eventlog">
<Reason>0</Reason>
</AuditEventsDropped>
</UserData>
</Event>
Log Name: Microsoft-Windows-Kernel-EventTracing/Admin
Source: Microsoft-Windows-Kernel-EventTracing
Date: 19/05/2010 15:22:30
Event ID: 3
Task Category: Session
Level: Error
Keywords: Session
User: SYSTEM
Computer: -office-PC
Description:
Session "Microsoft Security Essentials OOBE" stopped due to the following error: 0xC000000D
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-EventTracing" Guid="{B675EC37-BDB6-4648-BC92-F3FDC74D3CA2}" />
<EventID>3</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>2</Task>
<Opcode>14</Opcode>
<Keywords>0x8000000000000010</Keywords>
<TimeCreated SystemTime="2010-05-19T14:22:30.937500000Z" />
<EventRecordID>3</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="152" />
<Channel>Microsoft-Windows-Kernel-EventTracing/Admin</Channel>
<Computer>-office-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="SessionName">Microsoft Security Essentials OOBE</Data>
<Data Name="FileName">C:\ProgramData\Microsoft\Microsoft Security Essentials\Support\MSSEOOBE.etl</Data>
<Data Name="ErrorCode">3221225485</Data>
<Data Name="LoggingMode">5</Data>
</EventData>
</Event>
Log Name: System
Source: Microsoft-Windows-Kernel-Power
Date: 19/05/2010 15:22:21
Event ID: 41
Task Category: (63)
Level: Critical
Keywords: (2)
User: SYSTEM
Computer: -office-PC
Description:
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Power" Guid="{331C3B3A-2005-44C2-AC5E-77220C37D6B4}" />
<EventID>41</EventID>
<Version>2</Version>
<Level>1</Level>
<Task>63</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000002</Keywords>
<TimeCreated SystemTime="2010-05-19T14:22:21.312500000Z" />
<EventRecordID>2029</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>-office-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="BugcheckCode">0</Data>
<Data Name="BugcheckParameter1">0x0</Data>
<Data Name="BugcheckParameter2">0x0</Data>
<Data Name="BugcheckParameter3">0x0</Data>
<Data Name="BugcheckParameter4">0x0</Data>
<Data Name="SleepInProgress">false</Data>
<Data Name="PowerButtonTimestamp">0</Data>
</EventData>
</Event>
Log Name: System
Source: Microsoft-Windows-WER-SystemErrorReporting
Date: 19/05/2010 15:23:00
Event ID: 1001
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: -OFFICE-PC
Description:
The computer has rebooted from a bugcheck. The bugcheck was: 0x00000124 (0x0000000000000000, 0xfffffa8002bac038, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\Minidump\051910-66781-01.dmp. Report Id: 051910-66781-01.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WER-SystemErrorReporting" Guid="{ABCE23E7-DE45-4366-8631-84FA6C525952}" EventSourceName="BugCheck" />
<EventID Qualifiers="16384">1001</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-19T14:23:00.000000000Z" />
<EventRecordID>2025</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>-OFFICE-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">0x00000124 (0x0000000000000000, 0xfffffa8002bac038, 0x0000000000000000, 0x0000000000000000)</Data>
<Data Name="param2">C:\Windows\Minidump\051910-66781-01.dmp</Data>
<Data Name="param3">051910-66781-01</Data>
</EventData>
</Event>
Log Name: System
Source: EventLog
Date: 19/05/2010 15:22:56
Event ID: 6008
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: -office-PC
Description:
The previous system shutdown at 04:29:47 on ‎19/05/2010 was unexpected.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="EventLog" />
<EventID Qualifiers="32768">6008</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-19T14:22:56.000000000Z" />
<EventRecordID>2021</EventRecordID>
<Channel>System</Channel>
<Computer>-office-PC</Computer>
<Security />
</System>
<EventData>
<Data>04:29:47</Data>
<Data>‎19/05/2010</Data>
<Data>
</Data>
<Data>
</Data>
<Data>2366</Data>
<Data>
</Data>
<Data>
</Data>
<Binary>DA0705000300130004001D002F006503DA0705000300130003001D002F006503600900003C000000010000006009000000000000B00400000100000000000000</Binary>
</EventData>
</Event>
Log Name: Application
Source: Microsoft-Windows-Security-SPP
Date: 19/05/2010 03:54:12
Event ID: 1015
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: -office-PC
Description:
Detailed HRESULT. Returned hr=0xC004F022, Original hr=0x80049E00
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-SPP" Guid="{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}" EventSourceName="Software Protection Platform Service" />
<EventID Qualifiers="32768">1015</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-19T02:54:12.000000000Z" />
<EventRecordID>1423</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>-office-PC</Computer>
<Security />
</System>
<EventData>
<Data>0xC004F022</Data>
<Data>0x80049E00</Data>
</EventData>
</Event>
Log Name: System
Source: Service Control Manager
Date: 19/05/2010 03:48:30
Event ID: 7016
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: -office-PC
Description:
The NVIDIA Display Driver Service service has reported an invalid current state 32.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7016</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2010-05-19T02:48:30.501953100Z" />
<EventRecordID>1895</EventRecordID>
<Correlation />
<Execution ProcessID="556" ThreadID="872" />
<Channel>System</Channel>
<Computer>-office-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">NVIDIA Display Driver Service</Data>
<Data Name="param2">32</Data>
</EventData>
</Event>
Log Name: System
Source: Microsoft-Windows-DNS-Client
Date: 19/05/2010 01:43:38
Event ID: 1014
Task Category: None
Level: Warning
Keywords:
User: NETWORK SERVICE
Computer: -office-PC
Description:
Name resolution for the name csc3-2004-crl.verisign.com timed out after none of the configured DNS servers responded.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DNS-Client" Guid="{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}" />
<EventID>1014</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2010-05-19T00:43:38.246093700Z" />
<EventRecordID>1828</EventRecordID>
<Correlation />
<Execution ProcessID="1564" ThreadID="3352" />
<Channel>System</Channel>
<Computer>-office-PC</Computer>
<Security UserID="S-1-5-20" />
</System>
<EventData>
<Data Name="QueryName">csc3-2004-crl.verisign.com</Data>
<Data Name="AddressLength">16</Data>
<Data Name="Address">02000035C0A801FE0000000000000000</Data>
</EventData>
</Event>
Log Name: System
Source: Microsoft-Windows-DNS-Client
Date: 19/05/2010 01:43:16
Event ID: 1014
Task Category: None
Level: Warning
Keywords:
User: NETWORK SERVICE
Computer: -office-PC
Description:
Name resolution for the name tools.google.com timed out after none of the configured DNS servers responded.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DNS-Client" Guid="{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}" />
<EventID>1014</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2010-05-19T00:43:16.893554600Z" />
<EventRecordID>1825</EventRecordID>
<Correlation />
<Execution ProcessID="1564" ThreadID="2940" />
<Channel>System</Channel>
<Computer>-office-PC</Computer>
<Security UserID="S-1-5-20" />
</System>
<EventData>
<Data Name="QueryName">tools.google.com</Data>
<Data Name="AddressLength">16</Data>
<Data Name="Address">02000035C0A801FE0000000000000000</Data>
</EventData>
</Event>
Log Name: System
Source: Microsoft-Windows-DNS-Client
Date: 19/05/2010 01:42:47
Event ID: 1014
Task Category: None
Level: Warning
Keywords:
User: NETWORK SERVICE
Computer: -office-PC
Description:
Name resolution for the name genesis.1337x.org timed out after none of the configured DNS servers responded.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DNS-Client" Guid="{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}" />
<EventID>1014</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2010-05-19T00:42:47.336914000Z" />
<EventRecordID>1824</EventRecordID>
<Correlation />
<Execution ProcessID="1564" ThreadID="3352" />
<Channel>System</Channel>
<Computer>-office-PC</Computer>
<Security UserID="S-1-5-20" />
</System>
<EventData>
<Data Name="QueryName">genesis.1337x.org</Data>
<Data Name="AddressLength">16</Data>
<Data Name="Address">02000035C0A801FE0000000000000000</Data>
</EventData>
</Event>
Log Name: System
Source: Microsoft-Windows-DNS-Client
Date: 19/05/2010 01:41:52
Event ID: 1014
Task Category: None
Level: Warning
Keywords:
User: NETWORK SERVICE
Computer: -office-PC
Description:
Name resolution for the name www.google-analytics.com timed out after none of the configured DNS servers responded.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DNS-Client" Guid="{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}" />
<EventID>1014</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2010-05-19T00:41:52.374023400Z" />
<EventRecordID>1823</EventRecordID>
<Correlation />
<Execution ProcessID="1564" ThreadID="3948" />
<Channel>System</Channel>
<Computer>-office-PC</Computer>
<Security UserID="S-1-5-20" />
</System>
<EventData>
<Data Name="QueryName">www.google-analytics.com</Data>
<Data Name="AddressLength">16</Data>
<Data Name="Address">02000035C0A801FE0000000000000000</Data>
</EventData>
</Event>
Log Name: System
Source: Microsoft-Windows-DNS-Client
Date: 19/05/2010 01:41:19
Event ID: 1014
Task Category: None
Level: Warning
Keywords:
User: NETWORK SERVICE
Computer: -office-PC
Description:
Name resolution for the name genesis.1337x.org timed out after none of the configured DNS servers responded.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DNS-Client" Guid="{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}" />
<EventID>1014</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2010-05-19T00:41:19.323242100Z" />
<EventRecordID>1822</EventRecordID>
<Correlation />
<Execution ProcessID="1564" ThreadID="3948" />
<Channel>System</Channel>
<Computer>-office-PC</Computer>
<Security UserID="S-1-5-20" />
</System>
<EventData>
<Data Name="QueryName">genesis.1337x.org</Data>
<Data Name="AddressLength">16</Data>
<Data Name="Address">02000035C0A801FE0000000000000000</Data>
</EventData>
</Event>
Log Name: Application
Source: SideBySide
Date: 19/05/2010 00:46:08
Event ID: 59
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: -office-PC
Description:
Activation context generation failed for "c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll".Error in manifest or policy file "c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll" on line 2. Invalid Xml syntax.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="SideBySide" />
<EventID Qualifiers="49409">59</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-18T23:46:08.000000000Z" />
<EventRecordID>1367</EventRecordID>
<Channel>Application</Channel>
<Computer>-office-PC</Computer>
<Security />
</System>
<EventData>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll</Data>
<Data>c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll</Data>
<Data>2</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
</EventData>
</Event>
Log Name: Application
Source: SideBySide
Date: 19/05/2010 00:45:51
Event ID: 35
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: -office-PC
Description:
Activation context generation failed for "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="SideBySide" />
<EventID Qualifiers="49409">35</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-18T23:45:51.000000000Z" />
<EventRecordID>1366</EventRecordID>
<Channel>Application</Channel>
<Computer>-office-PC</Computer>
<Security />
</System>
<EventData>
<Data>WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"</Data>
<Data>WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe</Data>
<Data>c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL</Data>
<Data>8</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
</EventData>
</Event>
Log Name: Application
Source: SideBySide
Date: 19/05/2010 00:45:47
Event ID: 63
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: -office-PC
Description:
Activation context generation failed for "c:\program files (x86)\mozbackup\dll\DelZip179.dll".Error in manifest or policy file "c:\program files (x86)\mozbackup\dll\DelZip179.dll" on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="SideBySide" />
<EventID Qualifiers="49409">63</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-18T23:45:47.000000000Z" />
<EventRecordID>1365</EventRecordID>
<Channel>Application</Channel>
<Computer>-office-PC</Computer>
<Security />
</System>
<EventData>
<Data>assemblyIdentity</Data>
<Data>language</Data>
<Data>*</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>c:\program files (x86)\mozbackup\dll\DelZip179.dll</Data>
<Data>c:\program files (x86)\mozbackup\dll\DelZip179.dll</Data>
<Data>8</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
</EventData>
</Event>
Log Name: Application
Source: Microsoft-Windows-RestartManager
Date: 18/05/2010 18:40:41
Event ID: 10010
Task Category: None
Level: Warning
Keywords:
User: -office-PC\-owner-
Computer: -office-PC
Description:
Application 'C:\Windows\explorer.exe' (pid 2600) cannot be restarted - Application SID does not match Conductor SID..
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-RestartManager" Guid="{0888E5EF-9B98-4695-979D-E92CE4247224}" />
<EventID>10010</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2010-05-18T17:40:41.317382800Z" />
<EventRecordID>1358</EventRecordID>
<Correlation />
<Execution ProcessID="4264" ThreadID="3004" />
<Channel>Application</Channel>
<Computer>-office-PC</Computer>
<Security UserID="S-1-5-21-1997382471-779440347-522504509-1001" />
</System>
<UserData>
<RmUnsupportedRestartEvent xmlns:auto-ns2="http://schemas.microsoft.com/win/2004/08/events" xmlns="http://www.microsoft.com/2005/08/Windows/Reliability/RestartManager/">
<RmSessionId>0</RmSessionId>
<Pid>2600</Pid>
<FullPath>C:\Windows\explorer.exe</FullPath>
<DisplayName>Windows Explorer</DisplayName>
<AppVersion>0</AppVersion>
<AppType>4</AppType>
<TSSessionId>1</TSSessionId>
<Status>67108865</Status>
<Reason>1</Reason>
</RmUnsupportedRestartEvent>
</UserData>
</Event>
Log Name: Application
Source: Microsoft-Windows-RestartManager
Date: 18/05/2010 18:40:41
Event ID: 10010
Task Category: None
Level: Warning
Keywords:
User: -office-PC\-owner-
Computer: -office-PC
Description:
Application 'C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe' (pid 1108) cannot be restarted - Application SID does not match Conductor SID..
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-RestartManager" Guid="{0888E5EF-9B98-4695-979D-E92CE4247224}" />
<EventID>10010</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2010-05-18T17:40:41.223632800Z" />
<EventRecordID>1357</EventRecordID>
<Correlation />
<Execution ProcessID="4264" ThreadID="3004" />
<Channel>Application</Channel>
<Computer>-office-PC</Computer>
<Security UserID="S-1-5-21-1997382471-779440347-522504509-1001" />
</System>
<UserData>
<RmUnsupportedRestartEvent xmlns:auto-ns2="http://schemas.microsoft.com/win/2004/08/events" xmlns="http://www.microsoft.com/2005/08/Windows/Reliability/RestartManager/">
<RmSessionId>0</RmSessionId>
<Pid>1108</Pid>
<FullPath>C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe</FullPath>
<DisplayName>Component to show AutoUpdate's GUI elements.</DisplayName>
<AppVersion>0</AppVersion>
<AppType>0</AppType>
<TSSessionId>1</TSSessionId>
<Status>67108865</Status>
<Reason>1</Reason>
</RmUnsupportedRestartEvent>
</UserData>
</Event>
Log Name: Application
Source: SideBySide
Date: 18/05/2010 16:13:58
Event ID: 59
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: -office-PC
Description:
Activation context generation failed for "c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll".Error in manifest or policy file "c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll" on line 2. Invalid Xml syntax.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="SideBySide" />
<EventID Qualifiers="49409">59</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-18T15:13:58.000000000Z" />
<EventRecordID>577</EventRecordID>
<Channel>Application</Channel>
<Computer>-office-PC</Computer>
<Security />
</System>
<EventData>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll</Data>
<Data>c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll</Data>
<Data>2</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
</EventData>
</Event>
Log Name: Application
Source: SideBySide
Date: 18/05/2010 16:13:27
Event ID: 35
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: -office-PC
Description:
Activation context generation failed for "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="SideBySide" />
<EventID Qualifiers="49409">35</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-18T15:13:27.000000000Z" />
<EventRecordID>576</EventRecordID>
<Channel>Application</Channel>
<Computer>-office-PC</Computer>
<Security />
</System>
<EventData>
<Data>WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"</Data>
<Data>WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe</Data>
<Data>c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL</Data>
<Data>8</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
</EventData>
</Event>
Log Name: Application
Source: SideBySide
Date: 18/05/2010 16:13:10
Event ID: 63
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: -office-PC
Description:
Activation context generation failed for "c:\program files (x86)\mozbackup\dll\DelZip179.dll".Error in manifest or policy file "c:\program files (x86)\mozbackup\dll\DelZip179.dll" on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="SideBySide" />
<EventID Qualifiers="49409">63</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-18T15:13:10.000000000Z" />
<EventRecordID>575</EventRecordID>
<Channel>Application</Channel>
<Computer>-office-PC</Computer>
<Security />
</System>
<EventData>
<Data>assemblyIdentity</Data>
<Data>language</Data>
<Data>*</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>c:\program files (x86)\mozbackup\dll\DelZip179.dll</Data>
<Data>c:\program files (x86)\mozbackup\dll\DelZip179.dll</Data>
<Data>8</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
</EventData>
</Event>
Log Name: Application
Source: Microsoft-Windows-Security-SPP
Date: 18/05/2010 15:12:35
Event ID: 1015
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: -office-PC
Description:
Detailed HRESULT. Returned hr=0xC004F022, Original hr=0x80049E00
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-SPP" Guid="{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}" EventSourceName="Software Protection Platform Service" />
<EventID Qualifiers="32768">1015</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-18T14:12:35.000000000Z" />
<EventRecordID>562</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>-office-PC</Computer>
<Security />
</System>
<EventData>
<Data>0xC004F022</Data>
<Data>0x80049E00</Data>
</EventData>
</Event>
Log Name: System
Source: Microsoft-Windows-WHEA-Logger
Date: 18/05/2010 15:10:26
Event ID: 18
Task Category: None
Level: Error
Keywords:
User: LOCAL SERVICE
Computer: -office-PC
Description:
A fatal hardware error has occurred.
Reported by component: Processor Core
Error Source: Machine Check Exception
Error Type: Internal Timer Error
Processor ID: 1
The details view of this entry contains further information.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WHEA-Logger" Guid="{C26C4F3C-3F66-4E99-8F8A-39405CFED220}" />
<EventID>18</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2010-05-18T14:10:26.895507800Z" />
<EventRecordID>1623</EventRecordID>
<Correlation ActivityID="{9EEBCD05-2B56-4847-BF30-16EDE8D50346}" />
<Execution ProcessID="1760" ThreadID="1700" />
<Channel>System</Channel>
<Computer>-office-PC</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
<Data Name="ErrorSource">3</Data>
<Data Name="ApicId">1</Data>
<Data Name="MCABank">0</Data>
<Data Name="MciStat">0xa200000084010400</Data>
<Data Name="MciAddr">0x0</Data>
<Data Name="MciMisc">0x0</Data>
<Data Name="ErrorType">5</Data>
<Data Name="TransactionType">256</Data>
<Data Name="Participation">256</Data>
<Data Name="RequestType">256</Data>
<Data Name="MemorIO">256</Data>
<Data Name="MemHierarchyLvl">256</Data>
<Data Name="Timeout">256</Data>
<Data Name="OperationType">256</Data>
<Data Name="Channel">256</Data>
<Data Name="Length">928</Data>
<Data Name="RawData">435045521002FFFFFFFF03000100000002000000A003000017070E0012050A140000000000000000000000000000000000000000000000000000000000000000BDC407CF89B7184EB3C41F732CB57131FE6FF5E89C91C54CBA8865ABE14913BBBCF0586493F6CA0102000000000000000000000000000000000000000000000058010000C00000000102000001000000ADCC7698B447DB4BB65E16F193C4F3DB0000000000000000000000000000000001000000000000000000000000000000000000000000000018020000800000000102000000000000B0A03EDC44A19747B95B53FA242B6E1D0000000000000000000000000000000001000000000000000000000000000000000000000000000098020000080100000102000000000000011D1E8AF94257459C33565E5CC3F7E80000000000000000000000000000000001000000000000000000000000000000000000000000000057010000000000000002080000000000620F00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000007000000000000000100000000000000620F0000000802013DE40000FFFBEBBF0000000000000000000000000000000000000000000000000000000000000000577FAB4834DC6C4FA7D3B0B5B0A74314010000000000000027001D0000000000000000000000000000000000000000000000000000000000000000000000000001000000010000004A7A0B7093F6CA0101000000000000000000000000000000000000000000000000040184000000A2000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000</Data>
</EventData>
</Event>
Log Name: System
Source: Microsoft-Windows-WHEA-Logger
Date: 18/05/2010 15:10:26
Event ID: 18
Task Category: None
Level: Error
Keywords:
User: LOCAL SERVICE
Computer: -office-PC
Description:
A fatal hardware error has occurred.
Reported by component: Processor Core
Error Source: Machine Check Exception
Error Type: Internal Timer Error
Processor ID: 0
The details view of this entry contains further information.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WHEA-Logger" Guid="{C26C4F3C-3F66-4E99-8F8A-39405CFED220}" />
<EventID>18</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2010-05-18T14:10:26.895507800Z" />
<EventRecordID>1622</EventRecordID>
<Correlation ActivityID="{D755B658-AF89-4BE7-B638-330292E52E4E}" />
<Execution ProcessID="1760" ThreadID="2504" />
<Channel>System</Channel>
<Computer>-office-PC</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
<Data Name="ErrorSource">3</Data>
<Data Name="ApicId">0</Data>
<Data Name="MCABank">0</Data>
<Data Name="MciStat">0xa200000084010400</Data>
<Data Name="MciAddr">0x0</Data>
<Data Name="MciMisc">0x0</Data>
<Data Name="ErrorType">5</Data>
<Data Name="TransactionType">256</Data>
<Data Name="Participation">256</Data>
<Data Name="RequestType">256</Data>
<Data Name="MemorIO">256</Data>
<Data Name="MemHierarchyLvl">256</Data>
<Data Name="Timeout">256</Data>
<Data Name="OperationType">256</Data>
<Data Name="Channel">256</Data>
<Data Name="Length">928</Data>
<Data Name="RawData">435045521002FFFFFFFF03000100000002000000A003000017070E0012050A140000000000000000000000000000000000000000000000000000000000000000BDC407CF89B7184EB3C41F732CB57131FE6FF5E89C91C54CBA8865ABE14913BBBBF0586493F6CA0102000000000000000000000000000000000000000000000058010000C00000000102000001000000ADCC7698B447DB4BB65E16F193C4F3DB0000000000000000000000000000000001000000000000000000000000000000000000000000000018020000800000000102000000000000B0A03EDC44A19747B95B53FA242B6E1D0000000000000000000000000000000001000000000000000000000000000000000000000000000098020000080100000102000000000000011D1E8AF94257459C33565E5CC3F7E80000000000000000000000000000000001000000000000000000000000000000000000000000000057010000000000000002080000000000620F00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000620F0000000802003DE40000FFFBEBBF0000000000000000000000000000000000000000000000000000000000000000577FAB4834DC6C4FA7D3B0B5B0A74314010000000000000027001D0000000000000000000000000000000000000000000000000000000000000000000000000001000000010000004A7A0B7093F6CA0100000000000000000000000000000000000000000000000000040184000000A2000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000</Data>
</EventData>
</Event>
Log Name: Security
Source: Microsoft-Windows-Eventlog
Date: 18/05/2010 15:08:18
Event ID: 1101
Task Category: Event processing
Level: Error
Keywords: Audit Success
User: N/A
Computer: -office-PC
Description:
Audit events have been dropped by the transport. 0
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Eventlog" Guid="{fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148}" />
<EventID>1101</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>101</Task>
<Opcode>0</Opcode>
<Keywords>0x4020000000000000</Keywords>
<TimeCreated SystemTime="2010-05-18T14:08:18.796875000Z" />
<EventRecordID>564</EventRecordID>
<Correlation />
<Execution ProcessID="892" ThreadID="1004" />
<Channel>Security</Channel>
<Computer>-office-PC</Computer>
<Security />
</System>
<UserData>
<AuditEventsDropped xmlns:auto-ns3="http://schemas.microsoft.com/win/2004/08/events" xmlns="http://manifests.microsoft.com/win/2004/08/windows/eventlog">
<Reason>0</Reason>
</AuditEventsDropped>
</UserData>
</Event>
Log Name: System
Source: Microsoft-Windows-Kernel-Power
Date: 18/05/2010 15:07:28
Event ID: 41
Task Category: (63)
Level: Critical
Keywords: (2)
User: SYSTEM
Computer: -office-PC
Description:
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Power" Guid="{331C3B3A-2005-44C2-AC5E-77220C37D6B4}" />
<EventID>41</EventID>
<Version>2</Version>
<Level>1</Level>
<Task>63</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000002</Keywords>
<TimeCreated SystemTime="2010-05-18T14:07:28.000000000Z" />
<EventRecordID>1558</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>-office-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="BugcheckCode">0</Data>
<Data Name="BugcheckParameter1">0x0</Data>
<Data Name="BugcheckParameter2">0x0</Data>
<Data Name="BugcheckParameter3">0x0</Data>
<Data Name="BugcheckParameter4">0x0</Data>
<Data Name="SleepInProgress">false</Data>
<Data Name="PowerButtonTimestamp">0</Data>
</EventData>
</Event>
Log Name: System
Source: Microsoft-Windows-WER-SystemErrorReporting
Date: 18/05/2010 15:08:17
Event ID: 1001
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: -OFFICE-PC
Description:
The computer has rebooted from a bugcheck. The bugcheck was: 0x00000124 (0x0000000000000000, 0xfffffa8002abe828, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\Minidump\051810-70500-01.dmp. Report Id: 051810-70500-01.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WER-SystemErrorReporting" Guid="{ABCE23E7-DE45-4366-8631-84FA6C525952}" EventSourceName="BugCheck" />
<EventID Qualifiers="16384">1001</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-18T14:08:17.000000000Z" />
<EventRecordID>1554</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>-OFFICE-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">0x00000124 (0x0000000000000000, 0xfffffa8002abe828, 0x0000000000000000, 0x0000000000000000)</Data>
<Data Name="param2">C:\Windows\Minidump\051810-70500-01.dmp</Data>
<Data Name="param3">051810-70500-01</Data>
</EventData>
</Event>
Log Name: System
Source: EventLog
Date: 18/05/2010 15:08:16
Event ID: 6008
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: -office-PC
Description:
The previous system shutdown at 05:03:07 on 18/05/2010 was unexpected.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="EventLog" />
<EventID Qualifiers="32768">6008</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-18T14:08:16.000000000Z" />
<EventRecordID>1550</EventRecordID>
<Channel>System</Channel>
<Computer>-office-PC</Computer>
<Security />
</System>
<EventData>
<Data>05:03:07</Data>
<Data>18/05/2010</Data>
<Data>
</Data>
<Data>
</Data>
<Data>92678</Data>
<Data>
</Data>
<Data>
</Data>
<Binary>DA070500020012000500030007007102DA070500020012000400030007007102600900003C000000010000006009000000000000B00400000100000000000000</Binary>
</EventData>
</Event>
Log Name: Application
Source: Application Hang
Date: 17/05/2010 19:46:13
Event ID: 1002
Task Category: (101)
Level: Error
Keywords: Classic
User: N/A
Computer: -office-PC
Description:
The program terminal.exe version 4.0.0.226 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 10a4
Start Time: 01caf5f0ef956e77
Termination Time: 59
Application Path: C:\Program Files (x86)\MetaTrader - Alpari UK\terminal.exe
Report Id: 7618fe2f-61e4-11df-8f36-00196612d0d6
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Application Hang" />
<EventID Qualifiers="0">1002</EventID>
<Level>2</Level>
<Task>101</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-17T18:46:13.000000000Z" />
<EventRecordID>527</EventRecordID>
<Channel>Application</Channel>
<Computer>-office-PC</Computer>
<Security />
</System>
<EventData>
<Data>terminal.exe</Data>
<Data>4.0.0.226</Data>
<Data>10a4</Data>
<Data>01caf5f0ef956e77</Data>
<Data>59</Data>
<Data>C:\Program Files (x86)\MetaTrader - Alpari UK\terminal.exe</Data>
<Data>7618fe2f-61e4-11df-8f36-00196612d0d6</Data>
<Binary>430072006F00730073002D0074006800720065006100640000000000</Binary>
</EventData>
</Event>
Log Name: Application
Source: Application Hang
Date: 17/05/2010 19:44:04
Event ID: 1002
Task Category: (101)
Level: Error
Keywords: Classic
User: N/A
Computer: -office-PC
Description:
The program terminal.exe version 4.0.0.226 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 106c
Start Time: 01caf5efcacef992
Termination Time: 95
Application Path: C:\Program Files (x86)\MetaTrader - Alpari UK\terminal.exe
Report Id: 27dcf02d-61e4-11df-8f36-00196612d0d6
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Application Hang" />
<EventID Qualifiers="0">1002</EventID>
<Level>2</Level>
<Task>101</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-17T18:44:04.000000000Z" />
<EventRecordID>525</EventRecordID>
<Channel>Application</Channel>
<Computer>-office-PC</Computer>
<Security />
</System>
<EventData>
<Data>terminal.exe</Data>
<Data>4.0.0.226</Data>
<Data>106c</Data>
<Data>01caf5efcacef992</Data>
<Data>95</Data>
<Data>C:\Program Files (x86)\MetaTrader - Alpari UK\terminal.exe</Data>
<Data>27dcf02d-61e4-11df-8f36-00196612d0d6</Data>
<Binary>430072006F00730073002D0074006800720065006100640000000000</Binary>
</EventData>
</Event>
Log Name: System
Source: Microsoft-Windows-DNS-Client
Date: 17/05/2010 16:49:39
Event ID: 1014
Task Category: None
Level: Warning
Keywords:
User: NETWORK SERVICE
Computer: -office-PC
Description:
Name resolution for the name isatap.home timed out after none of the configured DNS servers responded.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DNS-Client" Guid="{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}" />
<EventID>1014</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2010-05-17T15:49:39.803710900Z" />
<EventRecordID>1435</EventRecordID>
<Correlation />
<Execution ProcessID="1292" ThreadID="1704" />
<Channel>System</Channel>
<Computer>-office-PC</Computer>
<Security UserID="S-1-5-20" />
</System>
<EventData>
<Data Name="QueryName">isatap.home</Data>
<Data Name="AddressLength">16</Data>
<Data Name="Address">02000035C0A801FE0000000000000000</Data>
</EventData>
</Event>
Log Name: System
Source: Microsoft-Windows-DNS-Client
Date: 17/05/2010 16:49:28
Event ID: 1014
Task Category: None
Level: Warning
Keywords:
User: NETWORK SERVICE
Computer: -office-PC
Description:
Name resolution for the name teredo.ipv6.microsoft.com timed out after none of the configured DNS servers responded.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DNS-Client" Guid="{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}" />
<EventID>1014</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2010-05-17T15:49:28.754882800Z" />
<EventRecordID>1431</EventRecordID>
<Correlation />
<Execution ProcessID="1292" ThreadID="3264" />
<Channel>System</Channel>
<Computer>-office-PC</Computer>
<Security UserID="S-1-5-20" />
</System>
<EventData>
<Data Name="QueryName">teredo.ipv6.microsoft.com</Data>
<Data Name="AddressLength">16</Data>
<Data Name="Address">02000035C0A801FE0000000000000000</Data>
</EventData>
</Event>
Log Name: System
Source: Microsoft-Windows-DNS-Client
Date: 17/05/2010 16:49:22
Event ID: 1014
Task Category: None
Level: Warning
Keywords:
User: NETWORK SERVICE
Computer: -office-PC
Description:
Name resolution for the name isatap.home timed out after none of the configured DNS servers responded.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DNS-Client" Guid="{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}" />
<EventID>1014</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2010-05-17T15:49:22.907226500Z" />
<EventRecordID>1429</EventRecordID>
<Correlation />
<Execution ProcessID="1292" ThreadID="5008" />
<Channel>System</Channel>
<Computer>-office-PC</Computer>
<Security UserID="S-1-5-20" />
</System>
<EventData>
<Data Name="QueryName">isatap.home</Data>
<Data Name="AddressLength">16</Data>
<Data Name="Address">02000035C0A801FE0000000000000000</Data>
</EventData>
</Event>
Log Name: System
Source: Microsoft-Windows-DNS-Client
Date: 17/05/2010 16:49:15
Event ID: 1014
Task Category: None
Level: Warning
Keywords:
User: NETWORK SERVICE
Computer: -office-PC
Description:
Name resolution for the name isatap.home timed out after none of the configured DNS servers responded.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DNS-Client" Guid="{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}" />
<EventID>1014</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2010-05-17T15:49:15.594726500Z" />
<EventRecordID>1426</EventRecordID>
<Correlation />
<Execution ProcessID="1292" ThreadID="5008" />
<Channel>System</Channel>
<Computer>-office-PC</Computer>
<Security UserID="S-1-5-20" />
</System>
<EventData>
<Data Name="QueryName">isatap.home</Data>
<Data Name="AddressLength">16</Data>
<Data Name="Address">02000035C0A801FE0000000000000000</Data>
</EventData>
</Event>
Log Name: System
Source: Disk
Date: 17/05/2010 11:21:59
Event ID: 7
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: -office-PC
Description:
The device, \Device\Harddisk7\DR7, has a bad block.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Disk" />
<EventID Qualifiers="49156">7</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-17T10:21:59.928710900Z" />
<EventRecordID>1401</EventRecordID>
<Channel>System</Channel>
<Computer>-office-PC</Computer>
<Security />
</System>
<EventData>
<Data>\Device\Harddisk7\DR7</Data>
<Binary>030080000100000000000000070004C0000100009C0000C00000000000000000000E400000000000EF541C0000000000FFFFFFFF00000000580000840200000000200A1240032000000000003C000000B024D50500000000B8240A0480FAFFFF000000000000000010300A0480FAFFFFF037F30180FAFFFF072000000000000028000000200700008000000000000000F00003000000000A00000000110000000000000000000000</Binary>
</EventData>
</Event>
Log Name: System
Source: Disk
Date: 17/05/2010 11:21:56
Event ID: 7
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: -office-PC
Description:
The device, \Device\Harddisk7\DR7, has a bad block.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Disk" />
<EventID Qualifiers="49156">7</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-17T10:21:56.647460900Z" />
<EventRecordID>1400</EventRecordID>
<Channel>System</Channel>
<Computer>-office-PC</Computer>
<Security />
</System>
<EventData>
<Data>\Device\Harddisk7\DR7</Data>
<Binary>030080000100000000000000070004C0000100009C0000C00000000000000000000E4000000000001D541C0000000000FFFFFFFF00000000580000840200000000200A1240032000000000003C000000E0F0E00500000000B8240A0480FAFFFF000000000000000010300A0480FAFFFF30D5C20180FAFFFF072000000000000028000000200700008000000000000000F00003000000000A00000000110000000000000000000000</Binary>
</EventData>
</Event>
Log Name: System
Source: Disk
Date: 17/05/2010 11:21:53
Event ID: 7
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: -office-PC
Description:
The device, \Device\Harddisk7\DR7, has a bad block.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Disk" />
<EventID Qualifiers="49156">7</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-17T10:21:53.350585900Z" />
<EventRecordID>1399</EventRecordID>
<Channel>System</Channel>
<Computer>-office-PC</Computer>
<Security />
</System>
<EventData>
<Data>\Device\Harddisk7\DR7</Data>
<Binary>030080000100000000000000070004C0000100009C0000C00000000000000000000E4000000000004A531C0000000000FFFFFFFF00000000580000840200000000200A1240032000000000003C0000008064C50300000000B8240A0480FAFFFF000000000000000010300A0480FAFFFF1010D10180FAFFFF072000000000000028000000200700008000000000000000F00003000000000A00000000110000000000000000000000</Binary>
</EventData>
</Event>
Log Name: System
Source: Disk
Date: 17/05/2010 11:21:42
Event ID: 7
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: -office-PC
Description:
The device, \Device\Harddisk7\DR7, has a bad block.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Disk" />
<EventID Qualifiers="49156">7</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-17T10:21:42.053710900Z" />
<EventRecordID>1398</EventRecordID>
<Channel>System</Channel>
<Computer>-office-PC</Computer>
<Security />
</System>
<EventData>
<Data>\Device\Harddisk7\DR7</Data>
<Binary>030080000100000000000000070004C0000100009C0000C00000000000000000000E40000000000077501C0000000000FFFFFFFF00000000580000840200000000200A1240032000000000003C0000008064C50300000000B8240A0480FAFFFF000000000000000010300A0480FAFFFF0074680280FAFFFF072000000000000028000000200700008000000000000000F00003000000000A00000000110000000000000000000000</Binary>
</EventData>
</Event>
Log Name: System
Source: Disk
Date: 17/05/2010 11:21:38
Event ID: 7
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: -office-PC
Description:
The device, \Device\Harddisk7\DR7, has a bad block.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Disk" />
<EventID Qualifiers="49156">7</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-17T10:21:38.756835900Z" />
<EventRecordID>1397</EventRecordID>
<Channel>System</Channel>
<Computer>-office-PC</Computer>
<Security />
</System>
<EventData>
<Data>\Device\Harddisk7\DR7</Data>
<Binary>030080000100000000000000070004C0000100009C0000C00000000000000000000E400000000000A44F1C0000000000FFFFFFFF00000000580000840200000000200A1240032000000000003C000000B024D50500000000B8240A0480FAFFFF000000000000000010300A0480FAFFFF90D7AA0480FAFFFF072000000000000028000000200700008000000000000000F00003000000000A00000000110000000000000000000000</Binary>
</EventData>
</Event>
Log Name: System
Source: Disk
Date: 17/05/2010 11:21:35
Event ID: 7
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: -office-PC
Description:
The device, \Device\Harddisk7\DR7, has a bad block.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Disk" />
<EventID Qualifiers="49156">7</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-17T10:21:35.506835900Z" />
<EventRecordID>1396</EventRecordID>
<Channel>System</Channel>
<Computer>-office-PC</Computer>
<Security />
</System>
<EventData>
<Data>\Device\Harddisk7\DR7</Data>
<Binary>030080000100000000000000070004C0000100009C0000C00000000000000000000E400000000000D44E1C0000000000FFFFFFFF00000000580000840200000000200A1240032000000000003C000000B024D50500000000B8240A0480FAFFFF000000000000000010300A0480FAFFFF404BCE0180FAFFFF072000000000000028000000200700008000000000000000F00003000000000A00000000110000000000000000000000</Binary>
</EventData>
</Event>
Log Name: System
Source: Disk
Date: 17/05/2010 11:21:32
Event ID: 7
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: -office-PC
Description:
The device, \Device\Harddisk7\DR7, has a bad block.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Disk" />
<EventID Qualifiers="49156">7</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-17T10:21:32.194335900Z" />
<EventRecordID>1395</EventRecordID>
<Channel>System</Channel>
<Computer>-office-PC</Computer>
<Security />
</System>
<EventData>
<Data>\Device\Harddisk7\DR7</Data>
<Binary>030080000100000000000000070004C0000100009C0000C00000000000000000000E400000000000004E1C0000000000FFFFFFFF00000000580000840200000000200A1240032000000000003C0000008064C50300000000B8240A0480FAFFFF000000000000000010300A0480FAFFFF40FB840280FAFFFF072000000000000028000000200700008000000000000000F00003000000000A00000000110000000000000000000000</Binary>
</EventData>
</Event>
Log Name: System
Source: Disk
Date: 17/05/2010 11:21:28
Event ID: 7
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: -office-PC
Description:
The device, \Device\Harddisk7\DR7, has a bad block.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Disk" />
<EventID Qualifiers="49156">7</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-17T10:21:28.897460900Z" />
<EventRecordID>1394</EventRecordID>
<Channel>System</Channel>
<Computer>-office-PC</Computer>
<Security />
</System>
<EventData>
<Data>\Device\Harddisk7\DR7</Data>
<Binary>030080000100000000000000070004C0000100009C0000C00000000000000000000E4000000000002D4D1C0000000000FFFFFFFF00000000580000840200000000200A1240032000000000003C000000B024D50500000000B8240A0480FAFFFF000000000000000010300A0480FAFFFF404BCE0180FAFFFF072000000000000028000000200700008000000000000000F00003000000000A00000000110000000000000000000000</Binary>
</EventData>
</Event>
Log Name: System
Source: Disk
Date: 17/05/2010 11:21:25
Event ID: 7
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: -office-PC
Description:
The device, \Device\Harddisk7\DR7, has a bad block.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Disk" />
<EventID Qualifiers="49156">7</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-17T10:21:25.631835900Z" />
<EventRecordID>1393</EventRecordID>
<Channel>System</Channel>
<Computer>-office-PC</Computer>
<Security />
</System>
<EventData>
<Data>\Device\Harddisk7\DR7</Data>
<Binary>030080000100000000000000070004C0000100009C0000C00000000000000000000E4000000000005C4C1C0000000000FFFFFFFF00000000580000840200000000200A1240032000000000003C000000B024D50500000000B8240A0480FAFFFF000000000000000010300A0480FAFFFF0074680280FAFFFF072000000000000028000000200700008000000000000000F00003000000000A00000000110000000000000000000000</Binary>
</EventData>
</Event>
Log Name: System
Source: Disk
Date: 17/05/2010 11:21:17
Event ID: 7
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: -office-PC
Description:
The device, \Device\Harddisk7\DR7, has a bad block.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Disk" />
<EventID Qualifiers="49156">7</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-17T10:21:17.038085900Z" />
<EventRecordID>1392</EventRecordID>
<Channel>System</Channel>
<Computer>-office-PC</Computer>
<Security />
</System>
<EventData>
<Data>\Device\Harddisk7\DR7</Data>
<Binary>030080000100000000000000070004C0000100009C0000C00000000000000000000E400000000000364A1C0000000000FFFFFFFF00000000580000840200000000200A1240032000000000003C0000008064C50300000000B8240A0480FAFFFF000000000000000010300A0480FAFFFF306AC80180FAFFFF072000000000000028000000200700008000000000000000F00003000000000A00000000110000000000000000000000</Binary>
</EventData>
</Event>
Log Name: System
Source: volsnap
Date: 17/05/2010 09:41:27
Event ID: 36
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: -office-PC
Description:
The shadow copies of volume E: were aborted because the shadow copy storage could not grow due to a user imposed limit.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="volsnap" />
<EventID Qualifiers="49158">36</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-17T08:41:27.024414000Z" />
<EventRecordID>1385</EventRecordID>
<Channel>System</Channel>
<Computer>-office-PC</Computer>
<Security />
</System>
<EventData>
<Data>\Device\HarddiskVolumeShadowCopy72</Data>
<Data>E:</Data>
<Binary>000000000200300000000000240006C0020000000000000045000000000000000000000000000000</Binary>
</EventData>
</Event>
Log Name: Application
Source: SideBySide
Date: 17/05/2010 04:05:28
Event ID: 59
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: -office-PC
Description:
Activation context generation failed for "c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file "c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll" on line 2. Invalid Xml syntax.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="SideBySide" />
<EventID Qualifiers="49409">59</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-17T03:05:28.000000000Z" />
<EventRecordID>519</EventRecordID>
<Channel>Application</Channel>
<Computer>-office-PC</Computer>
<Security />
</System>
<EventData>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll</Data>
<Data>c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll</Data>
<Data>2</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
</EventData>
</Event>
Log Name: Application
Source: SideBySide
Date: 17/05/2010 04:04:02
Event ID: 35
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: -office-PC
Description:
Activation context generation failed for "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="SideBySide" />
<EventID Qualifiers="49409">35</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-17T03:04:02.000000000Z" />
<EventRecordID>518</EventRecordID>
<Channel>Application</Channel>
<Computer>-office-PC</Computer>
<Security />
</System>
<EventData>
<Data>WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"</Data>
<Data>WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe</Data>
<Data>c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL</Data>
<Data>8</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
</EventData>
</Event>
Log Name: Application
Source: SideBySide
Date: 17/05/2010 04:02:47
Event ID: 63
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: -office-PC
Description:
Activation context generation failed for "c:\program files (x86)\mozbackup\dll\DelZip179.dll".Error in manifest or policy file "c:\program files (x86)\mozbackup\dll\DelZip179.dll" on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="SideBySide" />
<EventID Qualifiers="49409">63</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-17T03:02:47.000000000Z" />
<EventRecordID>517</EventRecordID>
<Channel>Application</Channel>
<Computer>-office-PC</Computer>
<Security />
</System>
<EventData>
<Data>assemblyIdentity</Data>
<Data>language</Data>
<Data>*</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>c:\program files (x86)\mozbackup\dll\DelZip179.dll</Data>
<Data>c:\program files (x86)\mozbackup\dll\DelZip179.dll</Data>
<Data>8</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
</EventData>
</Event>
Log Name: Application
Source: Microsoft-Windows-Security-SPP
Date: 17/05/2010 03:21:30
Event ID: 1015
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: -office-PC
Description:
Detailed HRESULT. Returned hr=0xC004F022, Original hr=0x80049E00
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-SPP" Guid="{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}" EventSourceName="Software Protection Platform Service" />
<EventID Qualifiers="32768">1015</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-17T02:21:30.000000000Z" />
<EventRecordID>477</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>-office-PC</Computer>
<Security />
</System>
<EventData>
<Data>0xC004F022</Data>
<Data>0x80049E00</Data>
</EventData>
</Event>
Log Name: System
Source: Service Control Manager
Date: 17/05/2010 03:16:57
Event ID: 7016
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: -office-PC
Description:
The NVIDIA Display Driver Service service has reported an invalid current state 32.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7016</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2010-05-17T02:16:57.954109400Z" />
<EventRecordID>1121</EventRecordID>
<Correlation />
<Execution ProcessID="552" ThreadID="4724" />
<Channel>System</Channel>
<Computer>-office-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">NVIDIA Display Driver Service</Data>
<Data Name="param2">32</Data>
</EventData>
</Event>
Log Name: System
Source: Microsoft-Windows-WindowsUpdateClient
Date: 17/05/2010 03:02:17
Event ID: 20
Task Category: Windows Update Agent
Level: Error
Keywords: Failure,Installation
User: SYSTEM
Computer: -office-PC
Description:
Installation Failure: Windows failed to install the following update with error 0x80070005: Update for Microsoft XML Core Services 4.0 Service Pack 2 for x64-based Systems (KB973688).
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WindowsUpdateClient" Guid="{945A8954-C147-4ACD-923F-40C45405A658}" />
<EventID>20</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>1</Task>
<Opcode>13</Opcode>
<Keywords>0x8000000000000028</Keywords>
<TimeCreated SystemTime="2010-05-17T02:02:17.050789100Z" />
<EventRecordID>1080</EventRecordID>
<Correlation />
<Execution ProcessID="908" ThreadID="3088" />
<Channel>System</Channel>
<Computer>-office-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="errorCode">0x80070005</Data>
<Data Name="updateTitle">Update for Microsoft XML Core Services 4.0 Service Pack 2 for x64-based Systems (KB973688)</Data>
<Data Name="updateGuid">{9BD35FB2-8618-4F00-B75D-DFD8D7E93278}</Data>
<Data Name="updateRevisionNumber">101</Data>
</EventData>
</Event>
Log Name: System
Source: Microsoft-Windows-WindowsUpdateClient
Date: 17/05/2010 03:02:17
Event ID: 20
Task Category: Windows Update Agent
Level: Error
Keywords: Failure,Installation
User: SYSTEM
Computer: -office-PC
Description:
Installation Failure: Windows failed to install the following update with error 0x80070005: Security Update for Microsoft XML Core Services 4.0 Service Pack 2 for x64-based Systems (KB954430).
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WindowsUpdateClient" Guid="{945A8954-C147-4ACD-923F-40C45405A658}" />
<EventID>20</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>1</Task>
<Opcode>13</Opcode>
<Keywords>0x8000000000000028</Keywords>
<TimeCreated SystemTime="2010-05-17T02:02:17.050789100Z" />
<EventRecordID>1079</EventRecordID>
<Correlation />
<Execution ProcessID="908" ThreadID="3088" />
<Channel>System</Channel>
<Computer>-office-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="errorCode">0x80070005</Data>
<Data Name="updateTitle">Security Update for Microsoft XML Core Services 4.0 Service Pack 2 for x64-based Systems (KB954430)</Data>
<Data Name="updateGuid">{AD99D2A2-9483-4A22-BE93-B2F422024BA0}</Data>
<Data Name="updateRevisionNumber">106</Data>
</EventData>
</Event>
Log Name: Application
Source: Sophos Anti-Virus
Date: 17/05/2010 02:02:00
Event ID: 51
Task Category: (11)
Level: Warning
Keywords: Classic
User: LOCAL SERVICE
Computer: -office-PC
Description:
The description for Event ID 51 from source Sophos Anti-Virus cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
Sus/ComPack
C:\Program Files (x86)\MetaTrader - Alpari UK\MetaLang.exe
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Sophos Anti-Virus" />
<EventID Qualifiers="8229">51</EventID>
<Level>3</Level>
<Task>11</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-17T01:02:00.000000000Z" />
<EventRecordID>330</EventRecordID>
<Channel>Application</Channel>
<Computer>-office-PC</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
<Data>Sus/ComPack</Data>
<Data>C:\Program Files (x86)\MetaTrader - Alpari UK\MetaLang.exe</Data>
</EventData>
</Event>
Log Name: Application
Source: Sophos Anti-Virus
Date: 17/05/2010 02:01:47
Event ID: 51
Task Category: (11)
Level: Warning
Keywords: Classic
User: LOCAL SERVICE
Computer: -office-PC
Description:
The description for Event ID 51 from source Sophos Anti-Virus cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
Sus/ComPack
C:\Program Files (x86)\MetaTrader - Alpari UK\MetaLang.exe
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Sophos Anti-Virus" />
<EventID Qualifiers="8229">51</EventID>
<Level>3</Level>
<Task>11</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-17T01:01:47.000000000Z" />
<EventRecordID>329</EventRecordID>
<Channel>Application</Channel>
<Computer>-office-PC</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
<Data>Sus/ComPack</Data>
<Data>C:\Program Files (x86)\MetaTrader - Alpari UK\MetaLang.exe</Data>
</EventData>
</Event>
Log Name: Application
Source: Microsoft-Windows-Security-SPP
Date: 17/05/2010 01:47:04
Event ID: 1015
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: -office-PC
Description:
Detailed HRESULT. Returned hr=0xC004F022, Original hr=0x80049E00
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-SPP" Guid="{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}" EventSourceName="Software Protection Platform Service" />
<EventID Qualifiers="32768">1015</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-17T00:47:04.000000000Z" />
<EventRecordID>311</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>-office-PC</Computer>
<Security />
</System>
<EventData>
<Data>0xC004F022</Data>
<Data>0x80049E00</Data>
</EventData>
</Event>
Log Name: System
Source: Service Control Manager
Date: 17/05/2010 01:45:13
Event ID: 7022
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: -office-PC
Description:
The Windows Update service hung on starting.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7022</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2010-05-17T00:45:13.679695300Z" />
<EventRecordID>945</EventRecordID>
<Correlation />
<Execution ProcessID="552" ThreadID="1100" />
<Channel>System</Channel>
<Computer>-office-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">Windows Update</Data>
</EventData>
</Event>
Log Name: Application
Source: Microsoft-Windows-User Profiles Service
Date: 17/05/2010 01:36:09
Event ID: 1530
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: -office-PC
Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-1997382471-779440347-522504509-1001:
Process 500 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1997382471-779440347-522504509-1001
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" />
<EventID>1530</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2010-05-17T00:36:09.392578100Z" />
<EventRecordID>291</EventRecordID>
<Correlation />
<Execution ProcessID="112" ThreadID="3700" />
<Channel>Application</Channel>
<Computer>-office-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="EVENT_HIVE_LEAK">
<Data Name="Detail">1 user registry handles leaked from \Registry\User\S-1-5-21-1997382471-779440347-522504509-1001:
Process 500 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1997382471-779440347-522504509-1001
</Data>
</EventData>
</Event>
Log Name: Application
Source: Sophos Anti-Virus
Date: 17/05/2010 01:35:09
Event ID: 51
Task Category: (11)
Level: Warning
Keywords: Classic
User: LOCAL SERVICE
Computer: -office-PC
Description:
The description for Event ID 51 from source Sophos Anti-Virus cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
Sus/ComPack-C
C:\Program Files (x86)\TweakRAM\TweakRAM.exe
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Sophos Anti-Virus" />
<EventID Qualifiers="8229">51</EventID>
<Level>3</Level>
<Task>11</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-17T00:35:09.000000000Z" />
<EventRecordID>288</EventRecordID>
<Channel>Application</Channel>
<Computer>-office-PC</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
<Data>Sus/ComPack-C</Data>
<Data>C:\Program Files (x86)\TweakRAM\TweakRAM.exe</Data>
</EventData>
</Event>
Log Name: Application
Source: Sophos Anti-Virus
Date: 17/05/2010 01:35:07
Event ID: 51
Task Category: (11)
Level: Warning
Keywords: Classic
User: LOCAL SERVICE
Computer: -office-PC
Description:
The description for Event ID 51 from source Sophos Anti-Virus cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
Sus/ComPack-C
C:\Program Files (x86)\TweakRAM\TweakRAM.exe
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Sophos Anti-Virus" />
<EventID Qualifiers="8229">51</EventID>
<Level>3</Level>
<Task>11</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-17T00:35:07.000000000Z" />
<EventRecordID>287</EventRecordID>
<Channel>Application</Channel>
<Computer>-office-PC</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
<Data>Sus/ComPack-C</Data>
<Data>C:\Program Files (x86)\TweakRAM\TweakRAM.exe</Data>
</EventData>
</Event>
Log Name: Application
Source: Sophos Anti-Virus
Date: 17/05/2010 01:35:00
Event ID: 51
Task Category: (11)
Level: Warning
Keywords: Classic
User: LOCAL SERVICE
Computer: -office-PC
Description:
The description for Event ID 51 from source Sophos Anti-Virus cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
Sus/ComPack-C
C:\Program Files (x86)\TweakRAM\TweakRAM.exe
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Sophos Anti-Virus" />
<EventID Qualifiers="8229">51</EventID>
<Level>3</Level>
<Task>11</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-17T00:35:00.000000000Z" />
<EventRecordID>286</EventRecordID>
<Channel>Application</Channel>
<Computer>-office-PC</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
<Data>Sus/ComPack-C</Data>
<Data>C:\Program Files (x86)\TweakRAM\TweakRAM.exe</Data>
</EventData>
</Event>
Log Name: Application
Source: Sophos Anti-Virus
Date: 17/05/2010 01:34:32
Event ID: 51
Task Category: (11)
Level: Warning
Keywords: Classic
User: LOCAL SERVICE
Computer: -office-PC
Description:
The description for Event ID 51 from source Sophos Anti-Virus cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
Sus/ComPack-C
C:\Program Files (x86)\TweakRAM\Wizard.exe
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Sophos Anti-Virus" />
<EventID Qualifiers="8229">51</EventID>
<Level>3</Level>
<Task>11</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-17T00:34:32.000000000Z" />
<EventRecordID>285</EventRecordID>
<Channel>Application</Channel>
<Computer>-office-PC</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
<Data>Sus/ComPack-C</Data>
<Data>C:\Program Files (x86)\TweakRAM\Wizard.exe</Data>
</EventData>
</Event>
Log Name: Application
Source: Sophos Anti-Virus
Date: 17/05/2010 01:34:31
Event ID: 51
Task Category: (11)
Level: Warning
Keywords: Classic
User: LOCAL SERVICE
Computer: -office-PC
Description:
The description for Event ID 51 from source Sophos Anti-Virus cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
Sus/ComPack-C
C:\Program Files (x86)\TweakRAM\TweakRAM.exe
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Sophos Anti-Virus" />
<EventID Qualifiers="8229">51</EventID>
<Level>3</Level>
<Task>11</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-17T00:34:31.000000000Z" />
<EventRecordID>284</EventRecordID>
<Channel>Application</Channel>
<Computer>-office-PC</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
<Data>Sus/ComPack-C</Data>
<Data>C:\Program Files (x86)\TweakRAM\TweakRAM.exe</Data>
</EventData>
</Event>
Log Name: Application
Source: Sophos Anti-Virus
Date: 17/05/2010 01:34:30
Event ID: 51
Task Category: (11)
Level: Warning
Keywords: Classic
User: LOCAL SERVICE
Computer: -office-PC
Description:
The description for Event ID 51 from source Sophos Anti-Virus cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
Sus/ComPack-C
C:\Program Files (x86)\TweakRAM\Wizard.exe
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Sophos Anti-Virus" />
<EventID Qualifiers="8229">51</EventID>
<Level>3</Level>
<Task>11</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-17T00:34:30.000000000Z" />
<EventRecordID>283</EventRecordID>
<Channel>Application</Channel>
<Computer>-office-PC</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
<Data>Sus/ComPack-C</Data>
<Data>C:\Program Files (x86)\TweakRAM\Wizard.exe</Data>
</EventData>
</Event>
Log Name: Application
Source: Sophos Anti-Virus
Date: 17/05/2010 01:34:29
Event ID: 51
Task Category: (11)
Level: Warning
Keywords: Classic
User: LOCAL SERVICE
Computer: -office-PC
Description:
The description for Event ID 51 from source Sophos Anti-Virus cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
Sus/ComPack-C
C:\Program Files (x86)\TweakRAM\TweakRAM.exe
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Sophos Anti-Virus" />
<EventID Qualifiers="8229">51</EventID>
<Level>3</Level>
<Task>11</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-17T00:34:29.000000000Z" />
<EventRecordID>282</EventRecordID>
<Channel>Application</Channel>
<Computer>-office-PC</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
<Data>Sus/ComPack-C</Data>
<Data>C:\Program Files (x86)\TweakRAM\TweakRAM.exe</Data>
</EventData>
</Event>
Log Name: Application
Source: Sophos Anti-Virus
Date: 17/05/2010 01:34:28
Event ID: 51
Task Category: (11)
Level: Warning
Keywords: Classic
User: LOCAL SERVICE
Computer: -office-PC
Description:
The description for Event ID 51 from source Sophos Anti-Virus cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
Sus/ComPack-C
C:\Program Files (x86)\TweakRAM\Wizard.exe
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Sophos Anti-Virus" />
<EventID Qualifiers="8229">51</EventID>
<Level>3</Level>
<Task>11</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-17T00:34:28.000000000Z" />
<EventRecordID>281</EventRecordID>
<Channel>Application</Channel>
<Computer>-office-PC</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
<Data>Sus/ComPack-C</Data>
<Data>C:\Program Files (x86)\TweakRAM\Wizard.exe</Data>
</EventData>
</Event>
Log Name: Application
Source: Sophos Anti-Virus
Date: 17/05/2010 01:29:51
Event ID: 51
Task Category: (11)
Level: Warning
Keywords: Classic
User: LOCAL SERVICE
Computer: -office-PC
Description:
The description for Event ID 51 from source Sophos Anti-Virus cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
Sus/ComPack-C
C:\Program Files (x86)\TweakRAM\TweakRAM.exe
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Sophos Anti-Virus" />
<EventID Qualifiers="8229">51</EventID>
<Level>3</Level>
<Task>11</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-17T00:29:51.000000000Z" />
<EventRecordID>280</EventRecordID>
<Channel>Application</Channel>
<Computer>-office-PC</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
<Data>Sus/ComPack-C</Data>
<Data>C:\Program Files (x86)\TweakRAM\TweakRAM.exe</Data>
</EventData>
</Event>
Log Name: Application
Source: Sophos Anti-Virus
Date: 17/05/2010 01:29:43
Event ID: 51
Task Category: (11)
Level: Warning
Keywords: Classic
User: LOCAL SERVICE
Computer: -office-PC
Description:
The description for Event ID 51 from source Sophos Anti-Virus cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
Sus/ComPack-C
C:\Program Files (x86)\TweakRAM\TweakRAM.exe
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Sophos Anti-Virus" />
<EventID Qualifiers="8229">51</EventID>
<Level>3</Level>
<Task>11</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-17T00:29:43.000000000Z" />
<EventRecordID>279</EventRecordID>
<Channel>Application</Channel>
<Computer>-office-PC</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
<Data>Sus/ComPack-C</Data>
<Data>C:\Program Files (x86)\TweakRAM\TweakRAM.exe</Data>
</EventData>
</Event>
Log Name: Application
Source: Sophos Anti-Virus
Date: 17/05/2010 01:27:33
Event ID: 51
Task Category: (11)
Level: Warning
Keywords: Classic
User: LOCAL SERVICE
Computer: -office-PC
Description:
The description for Event ID 51 from source Sophos Anti-Virus cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
Sus/ComPack-C
C:\Program Files (x86)\TweakRAM\Wizard.exe
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Sophos Anti-Virus" />
<EventID Qualifiers="8229">51</EventID>
<Level>3</Level>
<Task>11</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-17T00:27:33.000000000Z" />
<EventRecordID>277</EventRecordID>
<Channel>Application</Channel>
<Computer>-office-PC</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
<Data>Sus/ComPack-C</Data>
<Data>C:\Program Files (x86)\TweakRAM\Wizard.exe</Data>
</EventData>
</Event>
Log Name: Application
Source: Sophos Anti-Virus
Date: 17/05/2010 01:27:32
Event ID: 51
Task Category: (11)
Level: Warning
Keywords: Classic
User: LOCAL SERVICE
Computer: -office-PC
Description:
The description for Event ID 51 from source Sophos Anti-Virus cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
Sus/ComPack-C
C:\Program Files (x86)\TweakRAM\TweakRAM.exe
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Sophos Anti-Virus" />
<EventID Qualifiers="8229">51</EventID>
<Level>3</Level>
<Task>11</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-17T00:27:32.000000000Z" />
<EventRecordID>276</EventRecordID>
<Channel>Application</Channel>
<Computer>-office-PC</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
<Data>Sus/ComPack-C</Data>
<Data>C:\Program Files (x86)\TweakRAM\TweakRAM.exe</Data>
</EventData>
</Event>
Log Name: Application
Source: Sophos Anti-Virus
Date: 17/05/2010 01:27:31
Event ID: 51
Task Category: (11)
Level: Warning
Keywords: Classic
User: LOCAL SERVICE
Computer: -office-PC
Description:
The description for Event ID 51 from source Sophos Anti-Virus cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
Sus/ComPack-C
C:\Program Files (x86)\TweakRAM\Wizard.exe
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Sophos Anti-Virus" />
<EventID Qualifiers="8229">51</EventID>
<Level>3</Level>
<Task>11</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-17T00:27:31.000000000Z" />
<EventRecordID>275</EventRecordID>
<Channel>Application</Channel>
<Computer>-office-PC</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
<Data>Sus/ComPack-C</Data>
<Data>C:\Program Files (x86)\TweakRAM\Wizard.exe</Data>
</EventData>
</Event>
Log Name: Application
Source: Sophos Anti-Virus
Date: 17/05/2010 01:27:30
Event ID: 51
Task Category: (11)
Level: Warning
Keywords: Classic
User: LOCAL SERVICE
Computer: -office-PC
Description:
The description for Event ID 51 from source Sophos Anti-Virus cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
Sus/ComPack-C
C:\Program Files (x86)\TweakRAM\TweakRAM.exe
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Sophos Anti-Virus" />
<EventID Qualifiers="8229">51</EventID>
<Level>3</Level>
<Task>11</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-17T00:27:30.000000000Z" />
<EventRecordID>274</EventRecordID>
<Channel>Application</Channel>
<Computer>-office-PC</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
<Data>Sus/ComPack-C</Data>
<Data>C:\Program Files (x86)\TweakRAM\TweakRAM.exe</Data>
</EventData>
</Event>
Log Name: Application
Source: Sophos Anti-Virus
Date: 17/05/2010 01:27:30
Event ID: 51
Task Category: (11)
Level: Warning
Keywords: Classic
User: LOCAL SERVICE
Computer: -office-PC
Description:
The description for Event ID 51 from source Sophos Anti-Virus cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
Sus/ComPack-C
C:\Program Files (x86)\TweakRAM\Wizard.exe
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Sophos Anti-Virus" />
<EventID Qualifiers="8229">51</EventID>
<Level>3</Level>
<Task>11</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-17T00:27:30.000000000Z" />
<EventRecordID>273</EventRecordID>
<Channel>Application</Channel>
<Computer>-office-PC</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
<Data>Sus/ComPack-C</Data>
<Data>C:\Program Files (x86)\TweakRAM\Wizard.exe</Data>
</EventData>
</Event>
Log Name: System
Source: Service Control Manager
Date: 17/05/2010 01:25:54
Event ID: 7030
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: -office-PC
Description:
The Sophos AutoUpdate Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7030</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2010-05-17T00:25:54.961914000Z" />
<EventRecordID>804</EventRecordID>
<Correlation />
<Execution ProcessID="548" ThreadID="2224" />
<Channel>System</Channel>
<Computer>-office-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">Sophos AutoUpdate Service</Data>
</EventData>
</Event>
Log Name: Application
Source: Microsoft-Windows-EventSystem
Date: 17/05/2010 00:05:54
Event ID: 4621
Task Category: Event System
Level: Error
Keywords: Classic
User: N/A
Computer: -office-PC
Description:
The COM+ Event System could not remove the EventSystem.EventSubscription object {E1B6FCDB-883C-4832-BB79-21701C6AB0C8}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}.
Object name: SLSVC_LOGON
Object description:
The HRESULT was 80070005.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-EventSystem" Guid="{899daace-4868-4295-afcd-9eb8fb497561}" EventSourceName="EventSystem" />
<EventID Qualifiers="49152">4621</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>16</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-16T23:05:54.000000000Z" />
<EventRecordID>235</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>-office-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">80070005</Data>
<Data Name="param2">EventSystem.EventSubscription</Data>
<Data Name="param3">{E1B6FCDB-883C-4832-BB79-21701C6AB0C8}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}</Data>
<Data Name="param4">SLSVC_LOGON</Data>
<Data Name="param5">
</Data>
</EventData>
</Event>
Log Name: Application
Source: Microsoft-Windows-Security-SPP
Date: 16/05/2010 23:52:59
Event ID: 1015
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: -office-PC
Description:
Detailed HRESULT. Returned hr=0xC004F022, Original hr=0x80049E00
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-SPP" Guid="{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}" EventSourceName="Software Protection Platform Service" />
<EventID Qualifiers="32768">1015</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-16T22:52:59.000000000Z" />
<EventRecordID>230</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>-office-PC</Computer>
<Security />
</System>
<EventData>
<Data>0xC004F022</Data>
<Data>0x80049E00</Data>
</EventData>
</Event>
Log Name: Application
Source: Microsoft-Windows-Security-SPP
Date: 16/05/2010 23:52:59
Event ID: 1015
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: -office-PC
Description:
Detailed HRESULT. Returned hr=0xC004F022, Original hr=0x80049E00
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-SPP" Guid="{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}" EventSourceName="Software Protection Platform Service" />
<EventID Qualifiers="32768">1015</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-16T22:52:59.000000000Z" />
<EventRecordID>229</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>-office-PC</Computer>
<Security />
</System>
<EventData>
<Data>0xC004F022</Data>
<Data>0x80049E00</Data>
</EventData>
</Event>
Log Name: Application
Source: Microsoft-Windows-Security-SPP
Date: 16/05/2010 23:52:58
Event ID: 1015
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: -office-PC
Description:
Detailed HRESULT. Returned hr=0xC004F022, Original hr=0x80049E00
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-SPP" Guid="{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}" EventSourceName="Software Protection Platform Service" />
<EventID Qualifiers="32768">1015</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-16T22:52:58.000000000Z" />
<EventRecordID>226</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>-office-PC</Computer>
<Security />
</System>
<EventData>
<Data>0xC004F022</Data>
<Data>0x80049E00</Data>
</EventData>
</Event>
Log Name: Application
Source: Microsoft-Windows-Security-SPP
Date: 16/05/2010 23:51:27
Event ID: 1015
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: -office-PC
Description:
Detailed HRESULT. Returned hr=0xC004F022, Original hr=0x80049E00
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-SPP" Guid="{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}" EventSourceName="Software Protection Platform Service" />
<EventID Qualifiers="32768">1015</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-16T22:51:27.000000000Z" />
<EventRecordID>221</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>-office-PC</Computer>
<Security />
</System>
<EventData>
<Data>0xC004F022</Data>
<Data>0x80049E00</Data>
</EventData>
</Event>
Log Name: Application
Source: Microsoft-Windows-Security-SPP
Date: 16/05/2010 23:51:27
Event ID: 1015
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: -office-PC
Description:
Detailed HRESULT. Returned hr=0xC004F022, Original hr=0x80049E00
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-SPP" Guid="{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}" EventSourceName="Software Protection Platform Service" />
<EventID Qualifiers="32768">1015</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-16T22:51:27.000000000Z" />
<EventRecordID>220</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>-office-PC</Computer>
<Security />
</System>
<EventData>
<Data>0xC004F022</Data>
<Data>0x80049E00</Data>
</EventData>
</Event>
Log Name: Application
Source: Microsoft-Windows-Security-SPP
Date: 16/05/2010 23:51:27
Event ID: 1015
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: -office-PC
Description:
Detailed HRESULT. Returned hr=0xC004F022, Original hr=0x80049E00
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-SPP" Guid="{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}" EventSourceName="Software Protection Platform Service" />
<EventID Qualifiers="32768">1015</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-16T22:51:27.000000000Z" />
<EventRecordID>219</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>-office-PC</Computer>
<Security />
</System>
<EventData>
<Data>0xC004F022</Data>
<Data>0x80049E00</Data>
</EventData>
</Event>
Log Name: System
Source: Disk
Date: 16/05/2010 23:33:42
Event ID: 11
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: -office-PC
Description:
The driver detected a controller error on \Device\Harddisk1\DR1.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Disk" />
<EventID Qualifiers="49156">11</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-16T22:33:42.453125000Z" />
<EventRecordID>739</EventRecordID>
<Channel>System</Channel>
<Computer>-office-PC</Computer>
<Security />
</System>
<EventData>
<Data>\Device\Harddisk1\DR1</Data>
<Binary>0E00800001000000000000000B0004C003010000000000000000000000082D000000000000000000F9E40E0000000000FFFFFFFF0600000058000000000000000000061208000010000000003C00000000000000000000008073D80280FAFFFF000000000000000060F87D0280FAFFFF0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000</Binary>
</EventData>
</Event>
Log Name: System
Source: Microsoft-Windows-DNS-Client
Date: 16/05/2010 23:33:41
Event ID: 1014
Task Category: None
Level: Warning
Keywords:
User: NETWORK SERVICE
Computer: -office-PC
Description:
Name resolution for the name isatap.home timed out after none of the configured DNS servers responded.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DNS-Client" Guid="{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}" />
<EventID>1014</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2010-05-16T22:33:41.593750000Z" />
<EventRecordID>737</EventRecordID>
<Correlation />
<Execution ProcessID="376" ThreadID="876" />
<Channel>System</Channel>
<Computer>-office-PC</Computer>
<Security UserID="S-1-5-20" />
</System>
<EventData>
<Data Name="QueryName">isatap.home</Data>
<Data Name="AddressLength">16</Data>
<Data Name="Address">02000035C0A801FE0000000000000000</Data>
</EventData>
</Event>
Log Name: System
Source: Disk
Date: 16/05/2010 21:07:06
Event ID: 7
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: -office-PC
Description:
The device, \Device\Harddisk7\DR7, has a bad block.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Disk" />
<EventID Qualifiers="49156">7</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-16T20:07:06.588906300Z" />
<EventRecordID>730</EventRecordID>
<Channel>System</Channel>
<Computer>-office-PC</Computer>
<Security />
</System>
<EventData>
<Data>\Device\Harddisk7\DR7</Data>
<Binary>030080000100000000000000070004C0000100009C0000C00000000000000000005E400000000000024E060000000000FFFFFFFF01000000580000840200000000200A1240032040000000003C0000000000000000000000B84BC20380FAFFFF00000000000000001050C20380FAFFFFD000A30480FAFFFF2F2000000000000028000000202F00000800000000000000F00003000000000A00000000110000000000000000000000</Binary>
</EventData>
</Event>
Log Name: Microsoft-Windows-Kernel-EventTracing/Admin
Source: Microsoft-Windows-Kernel-EventTracing
Date: 16/05/2010 20:10:04
Event ID: 3
Task Category: Session
Level: Error
Keywords: Session
User: SYSTEM
Computer: -office-PC
Description:
Session "ReadyBoot" stopped due to the following error: 0xC0000188
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-EventTracing" Guid="{B675EC37-BDB6-4648-BC92-F3FDC74D3CA2}" />
<EventID>3</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>2</Task>
<Opcode>14</Opcode>
<Keywords>0x8000000000000010</Keywords>
<TimeCreated SystemTime="2010-05-16T19:10:04.143593800Z" />
<EventRecordID>2</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="156" />
<Channel>Microsoft-Windows-Kernel-EventTracing/Admin</Channel>
<Computer>-office-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="SessionName">ReadyBoot</Data>
<Data Name="FileName">C:\Windows\Prefetch\ReadyBoot\ReadyBoot.etl</Data>
<Data Name="ErrorCode">3221225864</Data>
<Data Name="LoggingMode">0</Data>
</EventData>
</Event>
Log Name: Microsoft-Windows-Kernel-EventTracing/Admin
Source: Microsoft-Windows-Kernel-EventTracing
Date: 16/05/2010 20:10:04
Event ID: 4
Task Category: Logging
Level: Warning
Keywords: Session
User: SYSTEM
Computer: -office-PC
Description:
The maximum file size for session "ReadyBoot" has been reached. As a result, events might be lost (not logged) to file "C:\Windows\Prefetch\ReadyBoot\ReadyBoot.etl". The maximum files size is currently set to 20971520 bytes.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-EventTracing" Guid="{B675EC37-BDB6-4648-BC92-F3FDC74D3CA2}" />
<EventID>4</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>1</Task>
<Opcode>10</Opcode>
<Keywords>0x8000000000000010</Keywords>
<TimeCreated SystemTime="2010-05-16T19:10:04.143593800Z" />
<EventRecordID>1</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="156" />
<Channel>Microsoft-Windows-Kernel-EventTracing/Admin</Channel>
<Computer>-office-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="SessionName">ReadyBoot</Data>
<Data Name="FileName">C:\Windows\Prefetch\ReadyBoot\ReadyBoot.etl</Data>
<Data Name="ErrorCode">3221225864</Data>
<Data Name="LoggingMode">0</Data>
<Data Name="MaxFileSize">20971520</Data>
</EventData>
</Event>
Log Name: Application
Source: Microsoft-Windows-RPC-Events
Date: 16/05/2010 19:51:34
Event ID: 11
Task Category: None
Level: Warning
Keywords:
User: LOCAL SERVICE
Computer: -office-PC
Description:
Possible Memory Leak. Application (C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted) (PID: 368) has passed a non-NULL pointer to RPC for an [out] parameter marked [allocate(all_nodes)]. [allocate(all_nodes)] parameters are always reallocated; if the original pointer contained the address of valid memory, that memory will be leaked. The call originated on the interface with UUID ({3F31C91E-2545-4B7B-9311-9529E8BFFEF6}), Method number (20). User Action: Contact your application vendor for an updated version of the application.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-RPC-Events" Guid="{F4AED7C7-A898-4627-B053-44A7CAA12FCD}" />
<EventID>11</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2010-05-16T18:51:34.155875000Z" />
<EventRecordID>128</EventRecordID>
<Correlation />
<Execution ProcessID="368" ThreadID="296" />
<Channel>Application</Channel>
<Computer>-office-PC</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
<Data Name="ApplicationName">C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted</Data>
<Data Name="ProcessId">368</Data>
<Data Name="InterfaceId">{3F31C91E-2545-4B7B-9311-9529E8BFFEF6}</Data>
<Data Name="Method">20</Data>
</EventData>
</Event>
Log Name: Application
Source: Microsoft-Windows-Search
Date: 16/05/2010 19:18:06
Event ID: 1008
Task Category: Search service
Level: Warning
Keywords: Classic
User: N/A
Computer: 37L4247E29-32
Description:
The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Search" Guid="{CA4E628D-8567-4896-AB6B-835B221F373F}" EventSourceName="Windows Search Service" />
<EventID Qualifiers="32768">1008</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>1</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-16T18:18:06.000000000Z" />
<EventRecordID>117</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>37L4247E29-32</Computer>
<Security />
</System>
<EventData>
<Data Name="ExtraInfo">
</Data>
<Data Name="Reason">Full Index Reset</Data>
</EventData>
</Event>
Log Name: System
Source: Service Control Manager
Date: 16/05/2010 19:09:12
Event ID: 7023
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: 37L4247E29-32
Description:
The Windows Time service terminated with the following error:
The system cannot find the file specified.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7023</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2010-05-16T18:09:12.890000000Z" />
<EventRecordID>394</EventRecordID>
<Correlation />
<Execution ProcessID="512" ThreadID="596" />
<Channel>System</Channel>
<Computer>37L4247E29-32</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">Windows Time</Data>
<Data Name="param2">%%2</Data>
</EventData>
</Event>
Log Name: System
Source: Microsoft-Windows-Kernel-PnP
Date: 16/05/2010 19:05:56
Event ID: 219
Task Category: (212)
Level: Warning
Keywords:
User: SYSTEM
Computer: 37L4247E29-32
Description:
The driver \Driver\tunnel failed to load for the device ROOT\*ISATAP\0000.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-PnP" Guid="{9C205A39-1250-487D-ABD7-E831C6290539}" />
<EventID>219</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>212</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2010-05-16T18:05:56.843750000Z" />
<EventRecordID>344</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="64" />
<Channel>System</Channel>
<Computer>37L4247E29-32</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="DriverNameLength">17</Data>
<Data Name="DriverName">ROOT\*ISATAP\0000</Data>
<Data Name="Status">3221226078</Data>
<Data Name="FailureNameLength">14</Data>
<Data Name="FailureName">\Driver\tunnel</Data>
<Data Name="Version">0</Data>
</EventData>
</Event>
Log Name: Microsoft-Windows-PrintService/Admin
Source: Microsoft-Windows-PrintService
Date: 16/05/2010 19:02:58
Event ID: 512
Task Category: Initializing a print provider
Level: Error
Keywords: Router,Classic Spooler Event
User: SYSTEM
Computer: 37L4247E29-32
Description:
InitializePrintProvider failed for provider inetpp.dll. This can occur because of system instability or a lack of system resources.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-PrintService" Guid="{747EF6FD-E535-4D16-B510-42C90F6873A1}" />
<EventID>512</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>1</Task>
<Opcode>12</Opcode>
<Keywords>0x8000000000002800</Keywords>
<TimeCreated SystemTime="2010-05-16T18:02:58.718750000Z" />
<EventRecordID>1</EventRecordID>
<Correlation />
<Execution ProcessID="1084" ThreadID="1108" />
<Channel>Microsoft-Windows-PrintService/Admin</Channel>
<Computer>37L4247E29-32</Computer>
<Security UserID="S-1-5-18" />
</System>
<UserData>
<RouterError xmlns:auto-ns3="http://schemas.microsoft.com/win/2004/08/events" xmlns="http://manifests.microsoft.com/win/2005/08/windows/printing/spooler/core/events">
<Name>inetpp.dll</Name>
<Error>0x0</Error>
</RouterError>
</UserData>
</Event>
Taken from windows debugger mini dump file analysis:
2nd dump file dated 19th May:Script:Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\051810-70500-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
WARNING: Whitespace at end of path element
Symbol search path is: SRV*d:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Machine Name:
Kernel base = 0xfffff800`02a09000 PsLoadedModuleList = 0xfffff800`02c46e50
Debug session time: Tue May 18 15:07:23.390 2010 (UTC + 1:00)
System Uptime: 0 days 0:00:21.203
Loading Kernel Symbols
.................................................
Loading User Symbols
Mini Kernel Dump does not contain unloaded driver list
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 124, {0, fffffa8002abe828, 0, 0}
Probably caused by : hardware
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
WHEA_UNCORRECTABLE_ERROR (124)
A fatal hardware error has occurred. Parameter 1 identifies the type of error
source that reported the error. Parameter 2 holds the address of the
WHEA_ERROR_RECORD structure that describes the error conditon.
Arguments:
Arg1: 0000000000000000, Machine Check Exception
Arg2: fffffa8002abe828, Address of the WHEA_ERROR_RECORD structure.
Arg3: 0000000000000000, High order 32-bits of the MCi_STATUS value.
Arg4: 0000000000000000, Low order 32-bits of the MCi_STATUS value.
Debugging Details:
------------------
BUGCHECK_STR: 0x124_GenuineIntel
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
STACK_TEXT:
fffff880`02fc06f0 fffff800`02cc3a79 : fffffa80`02abe800 fffffa80`018da040 00000000`00000010 00000000`00000001 : nt!WheapCreateLiveTriageDump+0x6c
fffff880`02fc0c10 fffff800`02ba55a7 : fffffa80`02abe800 fffff800`02c1e5f8 fffffa80`018da040 00000002`00000005 : nt!WheapCreateTriageDumpFromPreviousSession+0x49
fffff880`02fc0c40 fffff800`02b0db85 : fffff800`02c80360 fffffa80`02aba858 fffffa80`02aba850 fffffa80`018da040 : nt!WheapProcessWorkQueueItem+0x57
fffff880`02fc0c80 fffff800`02a86861 : fffff880`010d9e00 fffff800`02b0db60 fffffa80`018da040 00000000`00000000 : nt!WheapWorkQueueWorkerRoutine+0x25
fffff880`02fc0cb0 fffff800`02d1ea86 : 00000001`40080001 fffffa80`018da040 00000000`00000080 fffffa80`0184a9e0 : nt!ExpWorkerThread+0x111
fffff880`02fc0d40 fffff800`02a57b06 : fffff880`009e6180 fffffa80`018da040 fffff880`009f0f40 04042540`0403cea8 : nt!PspSystemThreadStartup+0x5a
fffff880`02fc0d80 00000000`00000000 : fffff880`02fc1000 fffff880`02fbb000 fffff880`02fc0480 00000000`00000000 : nt!KxStartSystemThread+0x16
STACK_COMMAND: kb
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: hardware
IMAGE_NAME: hardware
DEBUG_FLR_IMAGE_TIMESTAMP: 0
FAILURE_BUCKET_ID: X64_0x124_GenuineIntel_PROCESSOR_MAE_PRV
BUCKET_ID: X64_0x124_GenuineIntel_PROCESSOR_MAE_PRV
Followup: MachineOwner
---------
Any help is greatly appreciated, thank you.Script:Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\051910-66781-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
WARNING: Whitespace at end of path element
Symbol search path is: SRV*d:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Machine Name:
Kernel base = 0xfffff800`02a0d000 PsLoadedModuleList = 0xfffff800`02c4ae50
Debug session time: Wed May 19 15:22:18.296 2010 (UTC + 1:00)
System Uptime: 0 days 0:00:31.109
Loading Kernel Symbols
....................................................
Loading User Symbols
Mini Kernel Dump does not contain unloaded driver list
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 124, {0, fffffa8002bac038, 0, 0}
Probably caused by : hardware
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
WHEA_UNCORRECTABLE_ERROR (124)
A fatal hardware error has occurred. Parameter 1 identifies the type of error
source that reported the error. Parameter 2 holds the address of the
WHEA_ERROR_RECORD structure that describes the error conditon.
Arguments:
Arg1: 0000000000000000, Machine Check Exception
Arg2: fffffa8002bac038, Address of the WHEA_ERROR_RECORD structure.
Arg3: 0000000000000000, High order 32-bits of the MCi_STATUS value.
Arg4: 0000000000000000, Low order 32-bits of the MCi_STATUS value.
Debugging Details:
------------------
BUGCHECK_STR: 0x124_GenuineIntel
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
STACK_TEXT:
fffff880`02fc76f0 fffff800`02cc7a79 : fffffa80`02bac010 fffffa80`018d6040 00000000`00000007 00000000`00000001 : nt!WheapCreateLiveTriageDump+0x6c
fffff880`02fc7c10 fffff800`02ba95a7 : fffffa80`02bac010 fffff800`02c225f8 fffffa80`018d6040 00000003`00000005 : nt!WheapCreateTriageDumpFromPreviousSession+0x49
fffff880`02fc7c40 fffff800`02b11b85 : fffff800`02c84360 fffffa80`02a623b8 fffffa80`02a623b0 fffffa80`018d6040 : nt!WheapProcessWorkQueueItem+0x57
fffff880`02fc7c80 fffff800`02a8a861 : fffff880`01030e00 fffff800`02b11b60 fffffa80`018d6040 000007fe`f4543cee : nt!WheapWorkQueueWorkerRoutine+0x25
fffff880`02fc7cb0 fffff800`02d22a86 : 00000000`00000000 fffffa80`018d6040 00000000`00000080 fffffa80`018c5040 : nt!ExpWorkerThread+0x111
fffff880`02fc7d40 fffff800`02a5bb06 : fffff880`009e6180 fffffa80`018d6040 fffff880`009f0f40 00000000`00cc9f20 : nt!PspSystemThreadStartup+0x5a
fffff880`02fc7d80 00000000`00000000 : fffff880`02fc8000 fffff880`02fc2000 fffff880`02fc70a0 00000000`00000000 : nt!KxStartSystemThread+0x16
STACK_COMMAND: kb
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: hardware
IMAGE_NAME: hardware
DEBUG_FLR_IMAGE_TIMESTAMP: 0
FAILURE_BUCKET_ID: X64_0x124_GenuineIntel_PROCESSOR_MAE_PRV
BUCKET_ID: X64_0x124_GenuineIntel_PROCESSOR_MAE_PRV
Followup: MachineOwner
---------
Quote