Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: WHEA-Logger (W7 freezes/crashes) Hardware fault

19 May 2010   #1
wsf7

W7 Ultimate x64
 
 
WHEA-Logger (W7 freezes/crashes) Hardware fault

This crash started out of the blue for no apparent reason. I generally find that leaving one side of my case open helps to keep my PC cooler than when the case is closed and sealed. I have the case closed atm. I did have a noisy PSU which was slightly respositioned but other than this I am sure nothing else could be the cause. The only thing I did with the PSU was to adjust the casing screws so it no longer vibrated. And I do have my doubts about the PSU being at fault here! This error/crash has only showed up months later after adjusting the PSU. If the problem consists and no one here is able to help resolve this then I will go back to Vista Ultimate and see if the problems showup there. Also FYI this PC has never had nor ever will be overclocked!

Copied from Event Viewer:
Script:
Log Name:      System
Source
:        Microsoft-Windows-WHEA-Logger
Date
:          19/05/2010 15:23:56
Event ID
:      18
Task Category
None
Level
:         Error
Keywords
:      
User:          LOCAL SERVICE
Computer
:      -office-PC
Description
:
A fatal hardware error has occurred.
Reported by componentProcessor Core
Error Source
Machine Check Exception
Error Type
Internal Timer Error
Processor ID
1
The details view of this entry contains further information
.
Event Xml:
<
Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <
System>
    <
Provider Name="Microsoft-Windows-WHEA-Logger" Guid="{C26C4F3C-3F66-4E99-8F8A-39405CFED220}" />
    <
EventID>18</EventID>
    <
Version>0</Version>
    <
Level>2</Level>
    <
Task>0</Task>
    <
Opcode>0</Opcode>
    <
Keywords>0x8000000000000000</Keywords>
    <
TimeCreated SystemTime="2010-05-19T14:23:56.093750000Z" />
    <
EventRecordID>2091</EventRecordID>
    <
Correlation ActivityID="{1662FF0F-7E6F-4225-99D0-482F132502AE}" />
    <
Execution ProcessID="1560" ThreadID="2400" />
    <
Channel>System</Channel>
    <
Computer>-office-PC</Computer>
    <
Security UserID="S-1-5-19" />
  </
System>
  <
EventData>
    <
Data Name="ErrorSource">3</Data>
    <
Data Name="ApicId">1</Data>
    <
Data Name="MCABank">0</Data>
    <
Data Name="MciStat">0xa200000084010400</Data>
    <
Data Name="MciAddr">0x0</Data>
    <
Data Name="MciMisc">0x0</Data>
    <
Data Name="ErrorType">5</Data>
    <
Data Name="TransactionType">256</Data>
    <
Data Name="Participation">256</Data>
    <
Data Name="RequestType">256</Data>
    <
Data Name="MemorIO">256</Data>
    <
Data Name="MemHierarchyLvl">256</Data>
    <
Data Name="Timeout">256</Data>
    <
Data Name="OperationType">256</Data>
    <
Data Name="Channel">256</Data>
    <
Data Name="Length">928</Data>
    <
Data Name="RawData">435045521002FFFFFFFF03000100000002000000A003000012160E0013050A140000000000000000000000000000000000000000000000000000000000000000BDC407CF89B7184EB3C41F732CB57131FE6FF5E89C91C54CBA8865ABE14913BBA4824C9E5EF7CA0102000000000000000000000000000000000000000000000058010000C00000000102000001000000ADCC7698B447DB4BB65E16F193C4F3DB0000000000000000000000000000000001000000000000000000000000000000000000000000000018020000800000000102000000000000B0A03EDC44A19747B95B53FA242B6E1D0000000000000000000000000000000001000000000000000000000000000000000000000000000098020000080100000102000000000000011D1E8AF94257459C33565E5CC3F7E80000000000000000000000000000000001000000000000000000000000000000000000000000000057010000000000000002080000000000620F00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000007000000000000000100000000000000620F0000000802013DE40000FFFBEBBF0000000000000000000000000000000000000000000000000000000000000000577FAB4834DC6C4FA7D3B0B5B0A74314010000000000000027001D000000000000000000000000000000000000000000000000000000000000000000000000000100000001000000AE15DDAF5EF7CA0101000000000000000000000000000000000000000000000000040184000000A2000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000</Data>
  </
EventData>
</
Event>
Log Name:      System
Source
:        Microsoft-Windows-WHEA-Logger
Date
:          19/05/2010 15:23:56
Event ID
:      18
Task Category
None
Level
:         Error
Keywords
:      
User:          LOCAL SERVICE
Computer
:      -office-PC
Description
:
A fatal hardware error has occurred.
Reported by componentProcessor Core
Error Source
Machine Check Exception
Error Type
Internal Timer Error
Processor ID
0
The details view of this entry contains further information
.
Event Xml:
<
Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <
System>
    <
Provider Name="Microsoft-Windows-WHEA-Logger" Guid="{C26C4F3C-3F66-4E99-8F8A-39405CFED220}" />
    <
EventID>18</EventID>
    <
Version>0</Version>
    <
Level>2</Level>
    <
Task>0</Task>
    <
Opcode>0</Opcode>
    <
Keywords>0x8000000000000000</Keywords>
    <
TimeCreated SystemTime="2010-05-19T14:23:56.093750000Z" />
    <
EventRecordID>2090</EventRecordID>
    <
Correlation ActivityID="{9AF40872-FC17-4B3C-B34D-D3EE15D170B8}" />
    <
Execution ProcessID="1560" ThreadID="2400" />
    <
Channel>System</Channel>
    <
Computer>-office-PC</Computer>
    <
Security UserID="S-1-5-19" />
  </
System>
  <
EventData>
    <
Data Name="ErrorSource">3</Data>
    <
Data Name="ApicId">0</Data>
    <
Data Name="MCABank">0</Data>
    <
Data Name="MciStat">0xa200000084010400</Data>
    <
Data Name="MciAddr">0x0</Data>
    <
Data Name="MciMisc">0x0</Data>
    <
Data Name="ErrorType">5</Data>
    <
Data Name="TransactionType">256</Data>
    <
Data Name="Participation">256</Data>
    <
Data Name="RequestType">256</Data>
    <
Data Name="MemorIO">256</Data>
    <
Data Name="MemHierarchyLvl">256</Data>
    <
Data Name="Timeout">256</Data>
    <
Data Name="OperationType">256</Data>
    <
Data Name="Channel">256</Data>
    <
Data Name="Length">928</Data>
    <
Data Name="RawData">435045521002FFFFFFFF03000100000002000000A003000012160E0013050A140000000000000000000000000000000000000000000000000000000000000000BDC407CF89B7184EB3C41F732CB57131FE6FF5E89C91C54CBA8865ABE14913BBA3824C9E5EF7CA0102000000000000000000000000000000000000000000000058010000C00000000102000001000000ADCC7698B447DB4BB65E16F193C4F3DB0000000000000000000000000000000001000000000000000000000000000000000000000000000018020000800000000102000000000000B0A03EDC44A19747B95B53FA242B6E1D0000000000000000000000000000000001000000000000000000000000000000000000000000000098020000080100000102000000000000011D1E8AF94257459C33565E5CC3F7E80000000000000000000000000000000001000000000000000000000000000000000000000000000057010000000000000002080000000000620F00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000620F0000000802003DE40000FFFBEBBF0000000000000000000000000000000000000000000000000000000000000000577FAB4834DC6C4FA7D3B0B5B0A74314010000000000000027001D000000000000000000000000000000000000000000000000000000000000000000000000000100000001000000AE15DDAF5EF7CA0100000000000000000000000000000000000000000000000000040184000000A2000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000</Data>
  </
EventData>
</
Event>
Log Name:      Security
Source
:        Microsoft-Windows-Eventlog
Date
:          19/05/2010 15:23:16
Event ID
:      1101
Task Category
Event processing
Level
:         Error
Keywords
:      Audit Success
User
:          N/A
Computer
:      -office-PC
Description
:
Audit events have been dropped by the transport.  0
Event Xml
:
<
Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <
System>
    <
Provider Name="Microsoft-Windows-Eventlog" Guid="{fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148}" />
    <
EventID>1101</EventID>
    <
Version>0</Version>
    <
Level>2</Level>
    <
Task>101</Task>
    <
Opcode>0</Opcode>
    <
Keywords>0x4020000000000000</Keywords>
    <
TimeCreated SystemTime="2010-05-19T14:23:16.156250000Z" />
    <
EventRecordID>727</EventRecordID>
    <
Correlation />
    <
Execution ProcessID="956" ThreadID="1204" />
    <
Channel>Security</Channel>
    <
Computer>-office-PC</Computer>
    <
Security />
  </
System>
  <
UserData>
    <
AuditEventsDropped xmlns:auto-ns3="http://schemas.microsoft.com/win/2004/08/events" xmlns="http://manifests.microsoft.com/win/2004/08/windows/eventlog">
      <
Reason>0</Reason>
    </
AuditEventsDropped>
  </
UserData>
</
Event>
Log Name:      Microsoft-Windows-Kernel-EventTracing/Admin
Source
:        Microsoft-Windows-Kernel-EventTracing
Date
:          19/05/2010 15:22:30
Event ID
:      3
Task Category
Session
Level
:         Error
Keywords
:      Session
User
:          SYSTEM
Computer
:      -office-PC
Description
:
Session "Microsoft Security Essentials OOBE" stopped due to the following error0xC000000D
Event Xml
:
<
Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <
System>
    <
Provider Name="Microsoft-Windows-Kernel-EventTracing" Guid="{B675EC37-BDB6-4648-BC92-F3FDC74D3CA2}" />
    <
EventID>3</EventID>
    <
Version>0</Version>
    <
Level>2</Level>
    <
Task>2</Task>
    <
Opcode>14</Opcode>
    <
Keywords>0x8000000000000010</Keywords>
    <
TimeCreated SystemTime="2010-05-19T14:22:30.937500000Z" />
    <
EventRecordID>3</EventRecordID>
    <
Correlation />
    <
Execution ProcessID="4" ThreadID="152" />
    <
Channel>Microsoft-Windows-Kernel-EventTracing/Admin</Channel>
    <
Computer>-office-PC</Computer>
    <
Security UserID="S-1-5-18" />
  </
System>
  <
EventData>
    <
Data Name="SessionName">Microsoft Security Essentials OOBE</Data>
    <
Data Name="FileName">C:\ProgramData\Microsoft\Microsoft Security Essentials\Support\MSSEOOBE.etl</Data>
    <
Data Name="ErrorCode">3221225485</Data>
    <
Data Name="LoggingMode">5</Data>
  </
EventData>
</
Event>
Log Name:      System
Source
:        Microsoft-Windows-Kernel-Power
Date
:          19/05/2010 15:22:21
Event ID
:      41
Task Category
: (63)
Level:         Critical
Keywords
:      (2)
User:          SYSTEM
Computer
:      -office-PC
Description
:
The system has rebooted without cleanly shutting down firstThis error could be caused if the system stopped respondingcrashed, or lost power unexpectedly.
Event Xml:
<
Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <
System>
    <
Provider Name="Microsoft-Windows-Kernel-Power" Guid="{331C3B3A-2005-44C2-AC5E-77220C37D6B4}" />
    <
EventID>41</EventID>
    <
Version>2</Version>
    <
Level>1</Level>
    <
Task>63</Task>
    <
Opcode>0</Opcode>
    <
Keywords>0x8000000000000002</Keywords>
    <
TimeCreated SystemTime="2010-05-19T14:22:21.312500000Z" />
    <
EventRecordID>2029</EventRecordID>
    <
Correlation />
    <
Execution ProcessID="4" ThreadID="8" />
    <
Channel>System</Channel>
    <
Computer>-office-PC</Computer>
    <
Security UserID="S-1-5-18" />
  </
System>
  <
EventData>
    <
Data Name="BugcheckCode">0</Data>
    <
Data Name="BugcheckParameter1">0x0</Data>
    <
Data Name="BugcheckParameter2">0x0</Data>
    <
Data Name="BugcheckParameter3">0x0</Data>
    <
Data Name="BugcheckParameter4">0x0</Data>
    <
Data Name="SleepInProgress">false</Data>
    <
Data Name="PowerButtonTimestamp">0</Data>
  </
EventData>
</
Event>
Log Name:      System
Source
:        Microsoft-Windows-WER-SystemErrorReporting
Date
:          19/05/2010 15:23:00
Event ID
:      1001
Task Category
None
Level
:         Error
Keywords
:      Classic
User
:          N/A
Computer
:      -OFFICE-PC
Description
:
The computer has rebooted from a bugcheck.  The bugcheck was0x00000124 (0x00000000000000000xfffffa8002bac0380x00000000000000000x0000000000000000). A dump was saved inC:\Windows\Minidump\051910-66781-01.dmpReport Id051910-66781-01.
Event Xml
:
<
Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <
System>
    <
Provider Name="Microsoft-Windows-WER-SystemErrorReporting" Guid="{ABCE23E7-DE45-4366-8631-84FA6C525952}" EventSourceName="BugCheck" />
    <
EventID Qualifiers="16384">1001</EventID>
    <
Version>0</Version>
    <
Level>2</Level>
    <
Task>0</Task>
    <
Opcode>0</Opcode>
    <
Keywords>0x80000000000000</Keywords>
    <
TimeCreated SystemTime="2010-05-19T14:23:00.000000000Z" />
    <
EventRecordID>2025</EventRecordID>
    <
Correlation />
    <
Execution ProcessID="0" ThreadID="0" />
    <
Channel>System</Channel>
    <
Computer>-OFFICE-PC</Computer>
    <
Security />
  </
System>
  <
EventData>
    <
Data Name="param1">0x00000124 (0x00000000000000000xfffffa8002bac0380x00000000000000000x0000000000000000)</Data>
    <
Data Name="param2">C:\Windows\Minidump\051910-66781-01.dmp</Data>
    <
Data Name="param3">051910-66781-01</Data>
  </
EventData>
</
Event>
Log Name:      System
Source
:        EventLog
Date
:          19/05/2010 15:22:56
Event ID
:      6008
Task Category
None
Level
:         Error
Keywords
:      Classic
User
:          N/A
Computer
:      -office-PC
Description
:
The previous system shutdown at 04:29:47 on &#8206;19/‎05/‎2010 was unexpected.
Event Xml:
<
Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <
System>
    <
Provider Name="EventLog" />
    <
EventID Qualifiers="32768">6008</EventID>
    <
Level>2</Level>
    <
Task>0</Task>
    <
Keywords>0x80000000000000</Keywords>
    <
TimeCreated SystemTime="2010-05-19T14:22:56.000000000Z" />
    <
EventRecordID>2021</EventRecordID>
    <
Channel>System</Channel>
    <
Computer>-office-PC</Computer>
    <
Security />
  </
System>
  <
EventData>
    <
Data>04:29:47</Data>
    <
Data>&#8206;19/‎05/‎2010</Data>
    
<Data>
    </
Data>
    <
Data>
    </
Data>
    <
Data>2366</Data>
    <
Data>
    </
Data>
    <
Data>
    </
Data>
    <
Binary>DA0705000300130004001D002F006503DA0705000300130003001D002F006503600900003C000000010000006009000000000000B00400000100000000000000</Binary>
  </
EventData>
</
Event>
Log Name:      Application
Source
:        Microsoft-Windows-Security-SPP
Date
:          19/05/2010 03:54:12
Event ID
:      1015
Task Category
None
Level
:         Warning
Keywords
:      Classic
User
:          N/A
Computer
:      -office-PC
Description
:
Detailed HRESULTReturned hr=0xC004F022Original hr=0x80049E00
Event Xml
:
<
Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <
System>
    <
Provider Name="Microsoft-Windows-Security-SPP" Guid="{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}" EventSourceName="Software Protection Platform Service" />
    <
EventID Qualifiers="32768">1015</EventID>
    <
Version>0</Version>
    <
Level>3</Level>
    <
Task>0</Task>
    <
Opcode>0</Opcode>
    <
Keywords>0x80000000000000</Keywords>
    <
TimeCreated SystemTime="2010-05-19T02:54:12.000000000Z" />
    <
EventRecordID>1423</EventRecordID>
    <
Correlation />
    <
Execution ProcessID="0" ThreadID="0" />
    <
Channel>Application</Channel>
    <
Computer>-office-PC</Computer>
    <
Security />
  </
System>
  <
EventData>
    <
Data>0xC004F022</Data>
    <
Data>0x80049E00</Data>
  </
EventData>
</
Event>
Log Name:      System
Source
:        Service Control Manager
Date
:          19/05/2010 03:48:30
Event ID
:      7016
Task Category
None
Level
:         Error
Keywords
:      Classic
User
:          N/A
Computer
:      -office-PC
Description
:
The NVIDIA Display Driver Service service has reported an invalid current state 32.
Event Xml
:
<
Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <
System>
    <
Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
    <
EventID Qualifiers="49152">7016</EventID>
    <
Version>0</Version>
    <
Level>2</Level>
    <
Task>0</Task>
    <
Opcode>0</Opcode>
    <
Keywords>0x8080000000000000</Keywords>
    <
TimeCreated SystemTime="2010-05-19T02:48:30.501953100Z" />
    <
EventRecordID>1895</EventRecordID>
    <
Correlation />
    <
Execution ProcessID="556" ThreadID="872" />
    <
Channel>System</Channel>
    <
Computer>-office-PC</Computer>
    <
Security />
  </
System>
  <
EventData>
    <
Data Name="param1">NVIDIA Display Driver Service</Data>
    <
Data Name="param2">32</Data>
  </
EventData>
</
Event>
Log Name:      System
Source
:        Microsoft-Windows-DNS-Client
Date
:          19/05/2010 01:43:38
Event ID
:      1014
Task Category
None
Level
:         Warning
Keywords
:      
User:          NETWORK SERVICE
Computer
:      -office-PC
Description
:
Name resolution for the name csc3-2004-crl.verisign.com timed out after none of the configured DNS servers responded.
Event Xml:
<
Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <
System>
    <
Provider Name="Microsoft-Windows-DNS-Client" Guid="{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}" />
    <
EventID>1014</EventID>
    <
Version>0</Version>
    <
Level>3</Level>
    <
Task>0</Task>
    <
Opcode>0</Opcode>
    <
Keywords>0x4000000000000000</Keywords>
    <
TimeCreated SystemTime="2010-05-19T00:43:38.246093700Z" />
    <
EventRecordID>1828</EventRecordID>
    <
Correlation />
    <
Execution ProcessID="1564" ThreadID="3352" />
    <
Channel>System</Channel>
    <
Computer>-office-PC</Computer>
    <
Security UserID="S-1-5-20" />
  </
System>
  <
EventData>
    <
Data Name="QueryName">csc3-2004-crl.verisign.com</Data>
    <
Data Name="AddressLength">16</Data>
    <
Data Name="Address">02000035C0A801FE0000000000000000</Data>
  </
EventData>
</
Event>
Log Name:      System
Source
:        Microsoft-Windows-DNS-Client
Date
:          19/05/2010 01:43:16
Event ID
:      1014
Task Category
None
Level
:         Warning
Keywords
:      
User:          NETWORK SERVICE
Computer
:      -office-PC
Description
:
Name resolution for the name tools.google.com timed out after none of the configured DNS servers responded.
Event Xml:
<
Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <
System>
    <
Provider Name="Microsoft-Windows-DNS-Client" Guid="{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}" />
    <
EventID>1014</EventID>
    <
Version>0</Version>
    <
Level>3</Level>
    <
Task>0</Task>
    <
Opcode>0</Opcode>
    <
Keywords>0x4000000000000000</Keywords>
    <
TimeCreated SystemTime="2010-05-19T00:43:16.893554600Z" />
    <
EventRecordID>1825</EventRecordID>
    <
Correlation />
    <
Execution ProcessID="1564" ThreadID="2940" />
    <
Channel>System</Channel>
    <
Computer>-office-PC</Computer>
    <
Security UserID="S-1-5-20" />
  </
System>
  <
EventData>
    <
Data Name="QueryName">tools.google.com</Data>
    <
Data Name="AddressLength">16</Data>
    <
Data Name="Address">02000035C0A801FE0000000000000000</Data>
  </
EventData>
</
Event>
Log Name:      System
Source
:        Microsoft-Windows-DNS-Client
Date
:          19/05/2010 01:42:47
Event ID
:      1014
Task Category
None
Level
:         Warning
Keywords
:      
User:          NETWORK SERVICE
Computer
:      -office-PC
Description
:
Name resolution for the name genesis.1337x.org timed out after none of the configured DNS servers responded.
Event Xml:
<
Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <
System>
    <
Provider Name="Microsoft-Windows-DNS-Client" Guid="{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}" />
    <
EventID>1014</EventID>
    <
Version>0</Version>
    <
Level>3</Level>
    <
Task>0</Task>
    <
Opcode>0</Opcode>
    <
Keywords>0x4000000000000000</Keywords>
    <
TimeCreated SystemTime="2010-05-19T00:42:47.336914000Z" />
    <
EventRecordID>1824</EventRecordID>
    <
Correlation />
    <
Execution ProcessID="1564" ThreadID="3352" />
    <
Channel>System</Channel>
    <
Computer>-office-PC</Computer>
    <
Security UserID="S-1-5-20" />
  </
System>
  <
EventData>
    <
Data Name="QueryName">genesis.1337x.org</Data>
    <
Data Name="AddressLength">16</Data>
    <
Data Name="Address">02000035C0A801FE0000000000000000</Data>
  </
EventData>
</
Event>
Log Name:      System
Source
:        Microsoft-Windows-DNS-Client
Date
:          19/05/2010 01:41:52
Event ID
:      1014
Task Category
None
Level
:         Warning
Keywords
:      
User:          NETWORK SERVICE
Computer
:      -office-PC
Description
:
Name resolution for the name www.google-analytics.com timed out after none of the configured DNS servers responded.
Event Xml:
<
Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <
System>
    <
Provider Name="Microsoft-Windows-DNS-Client" Guid="{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}" />
    <
EventID>1014</EventID>
    <
Version>0</Version>
    <
Level>3</Level>
    <
Task>0</Task>
    <
Opcode>0</Opcode>
    <
Keywords>0x4000000000000000</Keywords>
    <
TimeCreated SystemTime="2010-05-19T00:41:52.374023400Z" />
    <
EventRecordID>1823</EventRecordID>
    <
Correlation />
    <
Execution ProcessID="1564" ThreadID="3948" />
    <
Channel>System</Channel>
    <
Computer>-office-PC</Computer>
    <
Security UserID="S-1-5-20" />
  </
System>
  <
EventData>
    <
Data Name="QueryName">www.google-analytics.com</Data>
    <
Data Name="AddressLength">16</Data>
    <
Data Name="Address">02000035C0A801FE0000000000000000</Data>
  </
EventData>
</
Event>
Log Name:      System
Source
:        Microsoft-Windows-DNS-Client
Date
:          19/05/2010 01:41:19
Event ID
:      1014
Task Category
None
Level
:         Warning
Keywords
:      
User:          NETWORK SERVICE
Computer
:      -office-PC
Description
:
Name resolution for the name genesis.1337x.org timed out after none of the configured DNS servers responded.
Event Xml:
<
Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <
System>
    <
Provider Name="Microsoft-Windows-DNS-Client" Guid="{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}" />
    <
EventID>1014</EventID>
    <
Version>0</Version>
    <
Level>3</Level>
    <
Task>0</Task>
    <
Opcode>0</Opcode>
    <
Keywords>0x4000000000000000</Keywords>
    <
TimeCreated SystemTime="2010-05-19T00:41:19.323242100Z" />
    <
EventRecordID>1822</EventRecordID>
    <
Correlation />
    <
Execution ProcessID="1564" ThreadID="3948" />
    <
Channel>System</Channel>
    <
Computer>-office-PC</Computer>
    <
Security UserID="S-1-5-20" />
  </
System>
  <
EventData>
    <
Data Name="QueryName">genesis.1337x.org</Data>
    <
Data Name="AddressLength">16</Data>
    <
Data Name="Address">02000035C0A801FE0000000000000000</Data>
  </
EventData>
</
Event>
Log Name:      Application
Source
:        SideBySide
Date
:          19/05/2010 00:46:08
Event ID
:      59
Task Category
None
Level
:         Error
Keywords
:      Classic
User
:          N/A
Computer
:      -office-PC
Description
:
Activation context generation failed for "c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll".Error in manifest or policy file "c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll" on line 2. Invalid Xml syntax.
Event Xml:
<
Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <
System>
    <
Provider Name="SideBySide" />
    <
EventID Qualifiers="49409">59</EventID>
    <
Level>2</Level>
    <
Task>0</Task>
    <
Keywords>0x80000000000000</Keywords>
    <
TimeCreated SystemTime="2010-05-18T23:46:08.000000000Z" />
    <
EventRecordID>1367</EventRecordID>
    <
Channel>Application</Channel>
    <
Computer>-office-PC</Computer>
    <
Security />
  </
System>
  <
EventData>
    <
Data>
    </
Data>
    <
Data>
    </
Data>
    <
Data>
    </
Data>
    <
Data>
    </
Data>
    <
Data>
    </
Data>
    <
Data>
    </
Data>
    <
Data>
    </
Data>
    <
Data>
    </
Data>
    <
Data>
    </
Data>
    <
Data>
    </
Data>
    <
Data>c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll</Data>
    <
Data>c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll</Data>
    <
Data>2</Data>
    <
Data>
    </
Data>
    <
Data>
    </
Data>
    <
Data>
    </
Data>
    <
Data>
    </
Data>
    <
Data>
    </
Data>
    <
Data>
    </
Data>
    <
Data>
    </
Data>
  </
EventData>
</
Event>
Log Name:      Application
Source
:        SideBySide
Date
:          19/05/2010 00:45:51
Event ID
:      35
Task Category
None
Level
:         Error
Keywords
:      Classic
User
:          N/A
Computer
:      -office-PC
Description
:
Activation context generation failed for "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity found in manifest does not match the identity of the component requestedReference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"Please use sxstrace.exe for detailed diagnosis.
Event Xml:
<
Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <
System>
    <
Provider Name="SideBySide" />
    <
EventID Qualifiers="49409">35</EventID>
    <
Level>2</Level>
    <
Task>0</Task>
    <
Keywords>0x80000000000000</Keywords>
    <
TimeCreated SystemTime="2010-05-18T23:45:51.000000000Z" />
    <
EventRecordID>1366</EventRecordID>
    <
Channel>Application</Channel>
    <
Computer>-office-PC</Computer>
    <
Security />
  </
System>
  <
EventData>
    <
Data>WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"</Data>
    <
Data>WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"</Data>
    <
Data>
    </
Data>
    <
Data>
    </
Data>
    <
Data>
    </
Data>
    <
Data>
    </
Data>
    <
Data>
    </
Data>
    <
Data>
    </
Data>
    <
Data>
    </
Data>
    <
Data>
    </
Data>
    <
Data>c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe</Data>
    <
Data>c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL</Data>
    <
Data>8</Data>
    <
Data>
    </
Data>
    <
Data>
    </
Data>
    <
Data>
    </
Data>
    <
Data>
    </
Data>
    <
Data>
    </
Data>
    <
Data>
    </
Data>
    <
Data>
    </
Data>
  </
EventData>
</
Event>
Log Name:      Application
Source
:        SideBySide
Date
:          19/05/2010 00:45:47
Event ID
:      63
Task Category
None
Level
:         Error
Keywords
:      Classic
User
:          N/A
Computer
:      -office-PC
Description
:
Activation context generation failed for "c:\program files (x86)\mozbackup\dll\DelZip179.dll".Error in manifest or policy file "c:\program files (x86)\mozbackup\dll\DelZip179.dll" on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
Event Xml:
<
Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <
System>
    <
Provider Name="SideBySide" />
    <
EventID Qualifiers="49409">63</EventID>
    <
Level>2</Level>
    <
Task>0</Task>
    <
Keywords>0x80000000000000</Keywords>
    <
TimeCreated SystemTime="2010-05-18T23:45:47.000000000Z" />
    <
EventRecordID>1365</EventRecordID>
    <
Channel>Application</Channel>
    <
Computer>-office-PC</Computer>
    <
Security />
  </
System>
  <
EventData>
    <
Data>assemblyIdentity</Data>
    <
Data>language</Data>
    <
Data>*</Data>
    <
Data>
    </
Data>
    <
Data>
    </
Data>
    <
Data>
    </
Data>
    <
Data>
    </
Data>
    <
Data>
    </
Data>
    <
Data>
    </
Data>
    <
Data>
    </
Data>
    <
Data>c:\program files (x86)\mozbackup\dll\DelZip179.dll</Data>
    <
Data>c:\program files (x86)\mozbackup\dll\DelZip179.dll</Data>
    <
Data>8</Data>
    <
Data>
    </
Data>
    <
Data>
    </
Data>
    <
Data>
    </
Data>
    <
Data>
    </
Data>
    <
Data>
    </
Data>
    <
Data>
    </
Data>
    <
Data>
    </
Data>
  </
EventData>
</
Event>
Log Name:      Application
Source
:        Microsoft-Windows-RestartManager
Date
:          18/05/2010 18:40:41
Event ID
:      10010
Task Category
None
Level
:         Warning
Keywords
:      
User:          -office-PC\-owner-
Computer:      -office-PC
Description
:
Application 'C:\Windows\explorer.exe' (pid 2600cannot be restarted Application SID does not match Conductor SID..
Event Xml:
<
Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <
System>
    <
Provider Name="Microsoft-Windows-RestartManager" Guid="{0888E5EF-9B98-4695-979D-E92CE4247224}" />
    <
EventID>10010</EventID>
    <
Version>0</Version>
    <
Level>3</Level>
    <
Task>0</Task>
    <
Opcode>0</Opcode>
    <
Keywords>0x8000000000000000</Keywords>
    <
TimeCreated SystemTime="2010-05-18T17:40:41.317382800Z" />
    <
EventRecordID>1358</EventRecordID>
    <
Correlation />
    <
Execution ProcessID="4264" ThreadID="3004" />
    <
Channel>Application</Channel>
    <
Computer>-office-PC</Computer>
    <
Security UserID="S-1-5-21-1997382471-779440347-522504509-1001" />
  </
System>
  <
UserData>
    <
RmUnsupportedRestartEvent xmlns:auto-ns2="http://schemas.microsoft.com/win/2004/08/events" xmlns="http://www.microsoft.com/2005/08/Windows/Reliability/RestartManager/">
      <
RmSessionId>0</RmSessionId>
      <
Pid>2600</Pid>
      <
FullPath>C:\Windows\explorer.exe</FullPath>
      <
DisplayName>Windows Explorer</DisplayName>
      <
AppVersion>0</AppVersion>
      <
AppType>4</AppType>
      <
TSSessionId>1</TSSessionId>
      <
Status>67108865</Status>
      <
Reason>1</Reason>
    </
RmUnsupportedRestartEvent>
  </
UserData>
</
Event>
Log Name:      Application
Source
:        Microsoft-Windows-RestartManager
Date
:          18/05/2010 18:40:41
Event ID
:      10010
Task Category
None
Level
:         Warning
Keywords
:      
User:          -office-PC\-owner-
Computer:      -office-PC
Description
:
Application 'C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe' (pid 1108cannot be restarted Application SID does not match Conductor SID..
Event Xml:
<
Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <
System>
    <
Provider Name="Microsoft-Windows-RestartManager" Guid="{0888E5EF-9B98-4695-979D-E92CE4247224}" />
    <
EventID>10010</EventID>
    <
Version>0</Version>
    <
Level>3</Level>
    <
Task>0</Task>
    <
Opcode>0</Opcode>
    <
Keywords>0x8000000000000000</Keywords>
    <
TimeCreated SystemTime="2010-05-18T17:40:41.223632800Z" />
    <
EventRecordID>1357</EventRecordID>
    <
Correlation />
    <
Execution ProcessID="4264" ThreadID="3004" />
    <
Channel>Application</Channel>
    <
Computer>-office-PC</Computer>
    <
Security UserID="S-1-5-21-1997382471-779440347-522504509-1001" />
  </
System>
  <
UserData>
    <
RmUnsupportedRestartEvent xmlns:auto-ns2="http://schemas.microsoft.com/win/2004/08/events" xmlns="http://www.microsoft.com/2005/08/Windows/Reliability/RestartManager/">
      <
RmSessionId>0</RmSessionId>
      <
Pid>1108</Pid>
      <
FullPath>C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe</FullPath>
      <
DisplayName>Component to show AutoUpdate's GUI elements.</DisplayName>
      <AppVersion>0</AppVersion>
      <AppType>0</AppType>
      <TSSessionId>1</TSSessionId>
      <Status>67108865</Status>
      <Reason>1</Reason>
    </RmUnsupportedRestartEvent>
  </UserData>
</Event>
Log Name:      Application
Source:        SideBySide
Date:          18/05/2010 16:13:58
Event ID:      59
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      -office-PC
Description:
Activation context generation failed for "c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll".Error in manifest or policy file "c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll" on line 2. Invalid Xml syntax.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="SideBySide" />
    <EventID Qualifiers="49409">59</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-18T15:13:58.000000000Z" />
    <EventRecordID>577</EventRecordID>
    <Channel>Application</Channel>
    <Computer>-office-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll</Data>
    <Data>c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll</Data>
    <Data>2</Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
  </EventData>
</Event>
Log Name:      Application
Source:        SideBySide
Date:          18/05/2010 16:13:27
Event ID:      35
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      -office-PC
Description:
Activation context generation failed for "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="SideBySide" />
    <EventID Qualifiers="49409">35</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-18T15:13:27.000000000Z" />
    <EventRecordID>576</EventRecordID>
    <Channel>Application</Channel>
    <Computer>-office-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"</Data>
    <Data>WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"</Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe</Data>
    <Data>c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL</Data>
    <Data>8</Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
  </EventData>
</Event>
Log Name:      Application
Source:        SideBySide
Date:          18/05/2010 16:13:10
Event ID:      63
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      -office-PC
Description:
Activation context generation failed for "c:\program files (x86)\mozbackup\dll\DelZip179.dll".Error in manifest or policy file "c:\program files (x86)\mozbackup\dll\DelZip179.dll" on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="SideBySide" />
    <EventID Qualifiers="49409">63</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-18T15:13:10.000000000Z" />
    <EventRecordID>575</EventRecordID>
    <Channel>Application</Channel>
    <Computer>-office-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>assemblyIdentity</Data>
    <Data>language</Data>
    <Data>*</Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>c:\program files (x86)\mozbackup\dll\DelZip179.dll</Data>
    <Data>c:\program files (x86)\mozbackup\dll\DelZip179.dll</Data>
    <Data>8</Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
  </EventData>
</Event>
Log Name:      Application
Source:        Microsoft-Windows-Security-SPP
Date:          18/05/2010 15:12:35
Event ID:      1015
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      -office-PC
Description:
Detailed HRESULT. Returned hr=0xC004F022, Original hr=0x80049E00
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Security-SPP" Guid="{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}" EventSourceName="Software Protection Platform Service" />
    <EventID Qualifiers="32768">1015</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-18T14:12:35.000000000Z" />
    <EventRecordID>562</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>-office-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>0xC004F022</Data>
    <Data>0x80049E00</Data>
  </EventData>
</Event>
Log Name:      System
Source:        Microsoft-Windows-WHEA-Logger
Date:          18/05/2010 15:10:26
Event ID:      18
Task Category: None
Level:         Error
Keywords:      
User:          LOCAL SERVICE
Computer:      -office-PC
Description:
A fatal hardware error has occurred.
Reported by component: Processor Core
Error Source: Machine Check Exception
Error Type: Internal Timer Error
Processor ID: 1
The details view of this entry contains further information.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-WHEA-Logger" Guid="{C26C4F3C-3F66-4E99-8F8A-39405CFED220}" />
    <EventID>18</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-18T14:10:26.895507800Z" />
    <EventRecordID>1623</EventRecordID>
    <Correlation ActivityID="{9EEBCD05-2B56-4847-BF30-16EDE8D50346}" />
    <Execution ProcessID="1760" ThreadID="1700" />
    <Channel>System</Channel>
    <Computer>-office-PC</Computer>
    <Security UserID="S-1-5-19" />
  </System>
  <EventData>
    <Data Name="ErrorSource">3</Data>
    <Data Name="ApicId">1</Data>
    <Data Name="MCABank">0</Data>
    <Data Name="MciStat">0xa200000084010400</Data>
    <Data Name="MciAddr">0x0</Data>
    <Data Name="MciMisc">0x0</Data>
    <Data Name="ErrorType">5</Data>
    <Data Name="TransactionType">256</Data>
    <Data Name="Participation">256</Data>
    <Data Name="RequestType">256</Data>
    <Data Name="MemorIO">256</Data>
    <Data Name="MemHierarchyLvl">256</Data>
    <Data Name="Timeout">256</Data>
    <Data Name="OperationType">256</Data>
    <Data Name="Channel">256</Data>
    <Data Name="Length">928</Data>
    <Data Name="RawData">435045521002FFFFFFFF03000100000002000000A003000017070E0012050A140000000000000000000000000000000000000000000000000000000000000000BDC407CF89B7184EB3C41F732CB57131FE6FF5E89C91C54CBA8865ABE14913BBBCF0586493F6CA0102000000000000000000000000000000000000000000000058010000C00000000102000001000000ADCC7698B447DB4BB65E16F193C4F3DB0000000000000000000000000000000001000000000000000000000000000000000000000000000018020000800000000102000000000000B0A03EDC44A19747B95B53FA242B6E1D0000000000000000000000000000000001000000000000000000000000000000000000000000000098020000080100000102000000000000011D1E8AF94257459C33565E5CC3F7E80000000000000000000000000000000001000000000000000000000000000000000000000000000057010000000000000002080000000000620F00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000007000000000000000100000000000000620F0000000802013DE40000FFFBEBBF0000000000000000000000000000000000000000000000000000000000000000577FAB4834DC6C4FA7D3B0B5B0A74314010000000000000027001D0000000000000000000000000000000000000000000000000000000000000000000000000001000000010000004A7A0B7093F6CA0101000000000000000000000000000000000000000000000000040184000000A2000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000</Data>
  </EventData>
</Event>
Log Name:      System
Source:        Microsoft-Windows-WHEA-Logger
Date:          18/05/2010 15:10:26
Event ID:      18
Task Category: None
Level:         Error
Keywords:      
User:          LOCAL SERVICE
Computer:      -office-PC
Description:
A fatal hardware error has occurred.
Reported by component: Processor Core
Error Source: Machine Check Exception
Error Type: Internal Timer Error
Processor ID: 0
The details view of this entry contains further information.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-WHEA-Logger" Guid="{C26C4F3C-3F66-4E99-8F8A-39405CFED220}" />
    <EventID>18</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-18T14:10:26.895507800Z" />
    <EventRecordID>1622</EventRecordID>
    <Correlation ActivityID="{D755B658-AF89-4BE7-B638-330292E52E4E}" />
    <Execution ProcessID="1760" ThreadID="2504" />
    <Channel>System</Channel>
    <Computer>-office-PC</Computer>
    <Security UserID="S-1-5-19" />
  </System>
  <EventData>
    <Data Name="ErrorSource">3</Data>
    <Data Name="ApicId">0</Data>
    <Data Name="MCABank">0</Data>
    <Data Name="MciStat">0xa200000084010400</Data>
    <Data Name="MciAddr">0x0</Data>
    <Data Name="MciMisc">0x0</Data>
    <Data Name="ErrorType">5</Data>
    <Data Name="TransactionType">256</Data>
    <Data Name="Participation">256</Data>
    <Data Name="RequestType">256</Data>
    <Data Name="MemorIO">256</Data>
    <Data Name="MemHierarchyLvl">256</Data>
    <Data Name="Timeout">256</Data>
    <Data Name="OperationType">256</Data>
    <Data Name="Channel">256</Data>
    <Data Name="Length">928</Data>
    <Data Name="RawData">435045521002FFFFFFFF03000100000002000000A003000017070E0012050A140000000000000000000000000000000000000000000000000000000000000000BDC407CF89B7184EB3C41F732CB57131FE6FF5E89C91C54CBA8865ABE14913BBBBF0586493F6CA0102000000000000000000000000000000000000000000000058010000C00000000102000001000000ADCC7698B447DB4BB65E16F193C4F3DB0000000000000000000000000000000001000000000000000000000000000000000000000000000018020000800000000102000000000000B0A03EDC44A19747B95B53FA242B6E1D0000000000000000000000000000000001000000000000000000000000000000000000000000000098020000080100000102000000000000011D1E8AF94257459C33565E5CC3F7E80000000000000000000000000000000001000000000000000000000000000000000000000000000057010000000000000002080000000000620F00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000620F0000000802003DE40000FFFBEBBF0000000000000000000000000000000000000000000000000000000000000000577FAB4834DC6C4FA7D3B0B5B0A74314010000000000000027001D0000000000000000000000000000000000000000000000000000000000000000000000000001000000010000004A7A0B7093F6CA0100000000000000000000000000000000000000000000000000040184000000A2000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000</Data>
  </EventData>
</Event>
Log Name:      Security
Source:        Microsoft-Windows-Eventlog
Date:          18/05/2010 15:08:18
Event ID:      1101
Task Category: Event processing
Level:         Error
Keywords:      Audit Success
User:          N/A
Computer:      -office-PC
Description:
Audit events have been dropped by the transport.  0
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Eventlog" Guid="{fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148}" />
    <EventID>1101</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>101</Task>
    <Opcode>0</Opcode>
    <Keywords>0x4020000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-18T14:08:18.796875000Z" />
    <EventRecordID>564</EventRecordID>
    <Correlation />
    <Execution ProcessID="892" ThreadID="1004" />
    <Channel>Security</Channel>
    <Computer>-office-PC</Computer>
    <Security />
  </System>
  <UserData>
    <AuditEventsDropped xmlns:auto-ns3="http://schemas.microsoft.com/win/2004/08/events" xmlns="http://manifests.microsoft.com/win/2004/08/windows/eventlog">
      <Reason>0</Reason>
    </AuditEventsDropped>
  </UserData>
</Event>
Log Name:      System
Source:        Microsoft-Windows-Kernel-Power
Date:          18/05/2010 15:07:28
Event ID:      41
Task Category: (63)
Level:         Critical
Keywords:      (2)
User:          SYSTEM
Computer:      -office-PC
Description:
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Kernel-Power" Guid="{331C3B3A-2005-44C2-AC5E-77220C37D6B4}" />
    <EventID>41</EventID>
    <Version>2</Version>
    <Level>1</Level>
    <Task>63</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000002</Keywords>
    <TimeCreated SystemTime="2010-05-18T14:07:28.000000000Z" />
    <EventRecordID>1558</EventRecordID>
    <Correlation />
    <Execution ProcessID="4" ThreadID="8" />
    <Channel>System</Channel>
    <Computer>-office-PC</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="BugcheckCode">0</Data>
    <Data Name="BugcheckParameter1">0x0</Data>
    <Data Name="BugcheckParameter2">0x0</Data>
    <Data Name="BugcheckParameter3">0x0</Data>
    <Data Name="BugcheckParameter4">0x0</Data>
    <Data Name="SleepInProgress">false</Data>
    <Data Name="PowerButtonTimestamp">0</Data>
  </EventData>
</Event>
Log Name:      System
Source:        Microsoft-Windows-WER-SystemErrorReporting
Date:          18/05/2010 15:08:17
Event ID:      1001
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      -OFFICE-PC
Description:
The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000124 (0x0000000000000000, 0xfffffa8002abe828, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\Minidump\051810-70500-01.dmp. Report Id: 051810-70500-01.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-WER-SystemErrorReporting" Guid="{ABCE23E7-DE45-4366-8631-84FA6C525952}" EventSourceName="BugCheck" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-18T14:08:17.000000000Z" />
    <EventRecordID>1554</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>System</Channel>
    <Computer>-OFFICE-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="param1">0x00000124 (0x0000000000000000, 0xfffffa8002abe828, 0x0000000000000000, 0x0000000000000000)</Data>
    <Data Name="param2">C:\Windows\Minidump\051810-70500-01.dmp</Data>
    <Data Name="param3">051810-70500-01</Data>
  </EventData>
</Event>
Log Name:      System
Source:        EventLog
Date:          18/05/2010 15:08:16
Event ID:      6008
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      -office-PC
Description:
The previous system shutdown at 05:03:07 on ‎18/‎05/‎2010 was unexpected.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="EventLog" />
    <EventID Qualifiers="32768">6008</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-18T14:08:16.000000000Z" />
    <EventRecordID>1550</EventRecordID>
    <Channel>System</Channel>
    <Computer>-office-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>05:03:07</Data>
    <Data>‎18/‎05/‎2010</Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>92678</Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Binary>DA070500020012000500030007007102DA070500020012000400030007007102600900003C000000010000006009000000000000B00400000100000000000000</Binary>
  </EventData>
</Event>
Log Name:      Application
Source:        Application Hang
Date:          17/05/2010 19:46:13
Event ID:      1002
Task Category: (101)
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      -office-PC
Description:
The program terminal.exe version 4.0.0.226 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 Process ID: 10a4
 Start Time: 01caf5f0ef956e77
 Termination Time: 59
 Application Path: C:\Program Files (x86)\MetaTrader - Alpari UK\terminal.exe
 Report Id: 7618fe2f-61e4-11df-8f36-00196612d0d6
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Application Hang" />
    <EventID Qualifiers="0">1002</EventID>
    <Level>2</Level>
    <Task>101</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-17T18:46:13.000000000Z" />
    <EventRecordID>527</EventRecordID>
    <Channel>Application</Channel>
    <Computer>-office-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>terminal.exe</Data>
    <Data>4.0.0.226</Data>
    <Data>10a4</Data>
    <Data>01caf5f0ef956e77</Data>
    <Data>59</Data>
    <Data>C:\Program Files (x86)\MetaTrader - Alpari UK\terminal.exe</Data>
    <Data>7618fe2f-61e4-11df-8f36-00196612d0d6</Data>
    <Binary>430072006F00730073002D0074006800720065006100640000000000</Binary>
  </EventData>
</Event>
Log Name:      Application
Source:        Application Hang
Date:          17/05/2010 19:44:04
Event ID:      1002
Task Category: (101)
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      -office-PC
Description:
The program terminal.exe version 4.0.0.226 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 Process ID: 106c
 Start Time: 01caf5efcacef992
 Termination Time: 95
 Application Path: C:\Program Files (x86)\MetaTrader - Alpari UK\terminal.exe
 Report Id: 27dcf02d-61e4-11df-8f36-00196612d0d6
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Application Hang" />
    <EventID Qualifiers="0">1002</EventID>
    <Level>2</Level>
    <Task>101</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-17T18:44:04.000000000Z" />
    <EventRecordID>525</EventRecordID>
    <Channel>Application</Channel>
    <Computer>-office-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>terminal.exe</Data>
    <Data>4.0.0.226</Data>
    <Data>106c</Data>
    <Data>01caf5efcacef992</Data>
    <Data>95</Data>
    <Data>C:\Program Files (x86)\MetaTrader - Alpari UK\terminal.exe</Data>
    <Data>27dcf02d-61e4-11df-8f36-00196612d0d6</Data>
    <Binary>430072006F00730073002D0074006800720065006100640000000000</Binary>
  </EventData>
</Event>
Log Name:      System
Source:        Microsoft-Windows-DNS-Client
Date:          17/05/2010 16:49:39
Event ID:      1014
Task Category: None
Level:         Warning
Keywords:      
User:          NETWORK SERVICE
Computer:      -office-PC
Description:
Name resolution for the name isatap.home timed out after none of the configured DNS servers responded.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-DNS-Client" Guid="{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}" />
    <EventID>1014</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x4000000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-17T15:49:39.803710900Z" />
    <EventRecordID>1435</EventRecordID>
    <Correlation />
    <Execution ProcessID="1292" ThreadID="1704" />
    <Channel>System</Channel>
    <Computer>-office-PC</Computer>
    <Security UserID="S-1-5-20" />
  </System>
  <EventData>
    <Data Name="QueryName">isatap.home</Data>
    <Data Name="AddressLength">16</Data>
    <Data Name="Address">02000035C0A801FE0000000000000000</Data>
  </EventData>
</Event>
Log Name:      System
Source:        Microsoft-Windows-DNS-Client
Date:          17/05/2010 16:49:28
Event ID:      1014
Task Category: None
Level:         Warning
Keywords:      
User:          NETWORK SERVICE
Computer:      -office-PC
Description:
Name resolution for the name teredo.ipv6.microsoft.com timed out after none of the configured DNS servers responded.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-DNS-Client" Guid="{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}" />
    <EventID>1014</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x4000000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-17T15:49:28.754882800Z" />
    <EventRecordID>1431</EventRecordID>
    <Correlation />
    <Execution ProcessID="1292" ThreadID="3264" />
    <Channel>System</Channel>
    <Computer>-office-PC</Computer>
    <Security UserID="S-1-5-20" />
  </System>
  <EventData>
    <Data Name="QueryName">teredo.ipv6.microsoft.com</Data>
    <Data Name="AddressLength">16</Data>
    <Data Name="Address">02000035C0A801FE0000000000000000</Data>
  </EventData>
</Event>
Log Name:      System
Source:        Microsoft-Windows-DNS-Client
Date:          17/05/2010 16:49:22
Event ID:      1014
Task Category: None
Level:         Warning
Keywords:      
User:          NETWORK SERVICE
Computer:      -office-PC
Description:
Name resolution for the name isatap.home timed out after none of the configured DNS servers responded.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-DNS-Client" Guid="{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}" />
    <EventID>1014</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x4000000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-17T15:49:22.907226500Z" />
    <EventRecordID>1429</EventRecordID>
    <Correlation />
    <Execution ProcessID="1292" ThreadID="5008" />
    <Channel>System</Channel>
    <Computer>-office-PC</Computer>
    <Security UserID="S-1-5-20" />
  </System>
  <EventData>
    <Data Name="QueryName">isatap.home</Data>
    <Data Name="AddressLength">16</Data>
    <Data Name="Address">02000035C0A801FE0000000000000000</Data>
  </EventData>
</Event>
Log Name:      System
Source:        Microsoft-Windows-DNS-Client
Date:          17/05/2010 16:49:15
Event ID:      1014
Task Category: None
Level:         Warning
Keywords:      
User:          NETWORK SERVICE
Computer:      -office-PC
Description:
Name resolution for the name isatap.home timed out after none of the configured DNS servers responded.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-DNS-Client" Guid="{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}" />
    <EventID>1014</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x4000000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-17T15:49:15.594726500Z" />
    <EventRecordID>1426</EventRecordID>
    <Correlation />
    <Execution ProcessID="1292" ThreadID="5008" />
    <Channel>System</Channel>
    <Computer>-office-PC</Computer>
    <Security UserID="S-1-5-20" />
  </System>
  <EventData>
    <Data Name="QueryName">isatap.home</Data>
    <Data Name="AddressLength">16</Data>
    <Data Name="Address">02000035C0A801FE0000000000000000</Data>
  </EventData>
</Event>
Log Name:      System
Source:        Disk
Date:          17/05/2010 11:21:59
Event ID:      7
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      -office-PC
Description:
The device, \Device\Harddisk7\DR7, has a bad block.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Disk" />
    <EventID Qualifiers="49156">7</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-17T10:21:59.928710900Z" />
    <EventRecordID>1401</EventRecordID>
    <Channel>System</Channel>
    <Computer>-office-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>\Device\Harddisk7\DR7</Data>
    <Binary>030080000100000000000000070004C0000100009C0000C00000000000000000000E400000000000EF541C0000000000FFFFFFFF00000000580000840200000000200A1240032000000000003C000000B024D50500000000B8240A0480FAFFFF000000000000000010300A0480FAFFFFF037F30180FAFFFF072000000000000028000000200700008000000000000000F00003000000000A00000000110000000000000000000000</Binary>
  </EventData>
</Event>
Log Name:      System
Source:        Disk
Date:          17/05/2010 11:21:56
Event ID:      7
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      -office-PC
Description:
The device, \Device\Harddisk7\DR7, has a bad block.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Disk" />
    <EventID Qualifiers="49156">7</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-17T10:21:56.647460900Z" />
    <EventRecordID>1400</EventRecordID>
    <Channel>System</Channel>
    <Computer>-office-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>\Device\Harddisk7\DR7</Data>
    <Binary>030080000100000000000000070004C0000100009C0000C00000000000000000000E4000000000001D541C0000000000FFFFFFFF00000000580000840200000000200A1240032000000000003C000000E0F0E00500000000B8240A0480FAFFFF000000000000000010300A0480FAFFFF30D5C20180FAFFFF072000000000000028000000200700008000000000000000F00003000000000A00000000110000000000000000000000</Binary>
  </EventData>
</Event>
Log Name:      System
Source:        Disk
Date:          17/05/2010 11:21:53
Event ID:      7
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      -office-PC
Description:
The device, \Device\Harddisk7\DR7, has a bad block.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Disk" />
    <EventID Qualifiers="49156">7</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-17T10:21:53.350585900Z" />
    <EventRecordID>1399</EventRecordID>
    <Channel>System</Channel>
    <Computer>-office-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>\Device\Harddisk7\DR7</Data>
    <Binary>030080000100000000000000070004C0000100009C0000C00000000000000000000E4000000000004A531C0000000000FFFFFFFF00000000580000840200000000200A1240032000000000003C0000008064C50300000000B8240A0480FAFFFF000000000000000010300A0480FAFFFF1010D10180FAFFFF072000000000000028000000200700008000000000000000F00003000000000A00000000110000000000000000000000</Binary>
  </EventData>
</Event>
Log Name:      System
Source:        Disk
Date:          17/05/2010 11:21:42
Event ID:      7
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      -office-PC
Description:
The device, \Device\Harddisk7\DR7, has a bad block.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Disk" />
    <EventID Qualifiers="49156">7</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-17T10:21:42.053710900Z" />
    <EventRecordID>1398</EventRecordID>
    <Channel>System</Channel>
    <Computer>-office-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>\Device\Harddisk7\DR7</Data>
    <Binary>030080000100000000000000070004C0000100009C0000C00000000000000000000E40000000000077501C0000000000FFFFFFFF00000000580000840200000000200A1240032000000000003C0000008064C50300000000B8240A0480FAFFFF000000000000000010300A0480FAFFFF0074680280FAFFFF072000000000000028000000200700008000000000000000F00003000000000A00000000110000000000000000000000</Binary>
  </EventData>
</Event>
Log Name:      System
Source:        Disk
Date:          17/05/2010 11:21:38
Event ID:      7
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      -office-PC
Description:
The device, \Device\Harddisk7\DR7, has a bad block.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Disk" />
    <EventID Qualifiers="49156">7</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-17T10:21:38.756835900Z" />
    <EventRecordID>1397</EventRecordID>
    <Channel>System</Channel>
    <Computer>-office-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>\Device\Harddisk7\DR7</Data>
    <Binary>030080000100000000000000070004C0000100009C0000C00000000000000000000E400000000000A44F1C0000000000FFFFFFFF00000000580000840200000000200A1240032000000000003C000000B024D50500000000B8240A0480FAFFFF000000000000000010300A0480FAFFFF90D7AA0480FAFFFF072000000000000028000000200700008000000000000000F00003000000000A00000000110000000000000000000000</Binary>
  </EventData>
</Event>
Log Name:      System
Source:        Disk
Date:          17/05/2010 11:21:35
Event ID:      7
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      -office-PC
Description:
The device, \Device\Harddisk7\DR7, has a bad block.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Disk" />
    <EventID Qualifiers="49156">7</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-17T10:21:35.506835900Z" />
    <EventRecordID>1396</EventRecordID>
    <Channel>System</Channel>
    <Computer>-office-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>\Device\Harddisk7\DR7</Data>
    <Binary>030080000100000000000000070004C0000100009C0000C00000000000000000000E400000000000D44E1C0000000000FFFFFFFF00000000580000840200000000200A1240032000000000003C000000B024D50500000000B8240A0480FAFFFF000000000000000010300A0480FAFFFF404BCE0180FAFFFF072000000000000028000000200700008000000000000000F00003000000000A00000000110000000000000000000000</Binary>
  </EventData>
</Event>
Log Name:      System
Source:        Disk
Date:          17/05/2010 11:21:32
Event ID:      7
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      -office-PC
Description:
The device, \Device\Harddisk7\DR7, has a bad block.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Disk" />
    <EventID Qualifiers="49156">7</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-17T10:21:32.194335900Z" />
    <EventRecordID>1395</EventRecordID>
    <Channel>System</Channel>
    <Computer>-office-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>\Device\Harddisk7\DR7</Data>
    <Binary>030080000100000000000000070004C0000100009C0000C00000000000000000000E400000000000004E1C0000000000FFFFFFFF00000000580000840200000000200A1240032000000000003C0000008064C50300000000B8240A0480FAFFFF000000000000000010300A0480FAFFFF40FB840280FAFFFF072000000000000028000000200700008000000000000000F00003000000000A00000000110000000000000000000000</Binary>
  </EventData>
</Event>
Log Name:      System
Source:        Disk
Date:          17/05/2010 11:21:28
Event ID:      7
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      -office-PC
Description:
The device, \Device\Harddisk7\DR7, has a bad block.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Disk" />
    <EventID Qualifiers="49156">7</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-17T10:21:28.897460900Z" />
    <EventRecordID>1394</EventRecordID>
    <Channel>System</Channel>
    <Computer>-office-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>\Device\Harddisk7\DR7</Data>
    <Binary>030080000100000000000000070004C0000100009C0000C00000000000000000000E4000000000002D4D1C0000000000FFFFFFFF00000000580000840200000000200A1240032000000000003C000000B024D50500000000B8240A0480FAFFFF000000000000000010300A0480FAFFFF404BCE0180FAFFFF072000000000000028000000200700008000000000000000F00003000000000A00000000110000000000000000000000</Binary>
  </EventData>
</Event>
Log Name:      System
Source:        Disk
Date:          17/05/2010 11:21:25
Event ID:      7
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      -office-PC
Description:
The device, \Device\Harddisk7\DR7, has a bad block.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Disk" />
    <EventID Qualifiers="49156">7</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-17T10:21:25.631835900Z" />
    <EventRecordID>1393</EventRecordID>
    <Channel>System</Channel>
    <Computer>-office-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>\Device\Harddisk7\DR7</Data>
    <Binary>030080000100000000000000070004C0000100009C0000C00000000000000000000E4000000000005C4C1C0000000000FFFFFFFF00000000580000840200000000200A1240032000000000003C000000B024D50500000000B8240A0480FAFFFF000000000000000010300A0480FAFFFF0074680280FAFFFF072000000000000028000000200700008000000000000000F00003000000000A00000000110000000000000000000000</Binary>
  </EventData>
</Event>
Log Name:      System
Source:        Disk
Date:          17/05/2010 11:21:17
Event ID:      7
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      -office-PC
Description:
The device, \Device\Harddisk7\DR7, has a bad block.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Disk" />
    <EventID Qualifiers="49156">7</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-17T10:21:17.038085900Z" />
    <EventRecordID>1392</EventRecordID>
    <Channel>System</Channel>
    <Computer>-office-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>\Device\Harddisk7\DR7</Data>
    <Binary>030080000100000000000000070004C0000100009C0000C00000000000000000000E400000000000364A1C0000000000FFFFFFFF00000000580000840200000000200A1240032000000000003C0000008064C50300000000B8240A0480FAFFFF000000000000000010300A0480FAFFFF306AC80180FAFFFF072000000000000028000000200700008000000000000000F00003000000000A00000000110000000000000000000000</Binary>
  </EventData>
</Event>
Log Name:      System
Source:        volsnap
Date:          17/05/2010 09:41:27
Event ID:      36
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      -office-PC
Description:
The shadow copies of volume E: were aborted because the shadow copy storage could not grow due to a user imposed limit.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="volsnap" />
    <EventID Qualifiers="49158">36</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-17T08:41:27.024414000Z" />
    <EventRecordID>1385</EventRecordID>
    <Channel>System</Channel>
    <Computer>-office-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>\Device\HarddiskVolumeShadowCopy72</Data>
    <Data>E:</Data>
    <Binary>000000000200300000000000240006C0020000000000000045000000000000000000000000000000</Binary>
  </EventData>
</Event>
Log Name:      Application
Source:        SideBySide
Date:          17/05/2010 04:05:28
Event ID:      59
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      -office-PC
Description:
Activation context generation failed for "c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file "c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll" on line 2. Invalid Xml syntax.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="SideBySide" />
    <EventID Qualifiers="49409">59</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-17T03:05:28.000000000Z" />
    <EventRecordID>519</EventRecordID>
    <Channel>Application</Channel>
    <Computer>-office-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll</Data>
    <Data>c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll</Data>
    <Data>2</Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
  </EventData>
</Event>
Log Name:      Application
Source:        SideBySide
Date:          17/05/2010 04:04:02
Event ID:      35
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      -office-PC
Description:
Activation context generation failed for "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="SideBySide" />
    <EventID Qualifiers="49409">35</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-17T03:04:02.000000000Z" />
    <EventRecordID>518</EventRecordID>
    <Channel>Application</Channel>
    <Computer>-office-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"</Data>
    <Data>WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"</Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe</Data>
    <Data>c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL</Data>
    <Data>8</Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
  </EventData>
</Event>
Log Name:      Application
Source:        SideBySide
Date:          17/05/2010 04:02:47
Event ID:      63
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      -office-PC
Description:
Activation context generation failed for "c:\program files (x86)\mozbackup\dll\DelZip179.dll".Error in manifest or policy file "c:\program files (x86)\mozbackup\dll\DelZip179.dll" on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="SideBySide" />
    <EventID Qualifiers="49409">63</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-17T03:02:47.000000000Z" />
    <EventRecordID>517</EventRecordID>
    <Channel>Application</Channel>
    <Computer>-office-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>assemblyIdentity</Data>
    <Data>language</Data>
    <Data>*</Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>c:\program files (x86)\mozbackup\dll\DelZip179.dll</Data>
    <Data>c:\program files (x86)\mozbackup\dll\DelZip179.dll</Data>
    <Data>8</Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
  </EventData>
</Event>
Log Name:      Application
Source:        Microsoft-Windows-Security-SPP
Date:          17/05/2010 03:21:30
Event ID:      1015
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      -office-PC
Description:
Detailed HRESULT. Returned hr=0xC004F022, Original hr=0x80049E00
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Security-SPP" Guid="{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}" EventSourceName="Software Protection Platform Service" />
    <EventID Qualifiers="32768">1015</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-17T02:21:30.000000000Z" />
    <EventRecordID>477</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>-office-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>0xC004F022</Data>
    <Data>0x80049E00</Data>
  </EventData>
</Event>
Log Name:      System
Source:        Service Control Manager
Date:          17/05/2010 03:16:57
Event ID:      7016
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      -office-PC
Description:
The NVIDIA Display Driver Service service has reported an invalid current state 32.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
    <EventID Qualifiers="49152">7016</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8080000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-17T02:16:57.954109400Z" />
    <EventRecordID>1121</EventRecordID>
    <Correlation />
    <Execution ProcessID="552" ThreadID="4724" />
    <Channel>System</Channel>
    <Computer>-office-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="param1">NVIDIA Display Driver Service</Data>
    <Data Name="param2">32</Data>
  </EventData>
</Event>
Log Name:      System
Source:        Microsoft-Windows-WindowsUpdateClient
Date:          17/05/2010 03:02:17
Event ID:      20
Task Category: Windows Update Agent
Level:         Error
Keywords:      Failure,Installation
User:          SYSTEM
Computer:      -office-PC
Description:
Installation Failure: Windows failed to install the following update with error 0x80070005: Update for Microsoft XML Core Services 4.0 Service Pack 2 for x64-based Systems (KB973688).
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-WindowsUpdateClient" Guid="{945A8954-C147-4ACD-923F-40C45405A658}" />
    <EventID>20</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>1</Task>
    <Opcode>13</Opcode>
    <Keywords>0x8000000000000028</Keywords>
    <TimeCreated SystemTime="2010-05-17T02:02:17.050789100Z" />
    <EventRecordID>1080</EventRecordID>
    <Correlation />
    <Execution ProcessID="908" ThreadID="3088" />
    <Channel>System</Channel>
    <Computer>-office-PC</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="errorCode">0x80070005</Data>
    <Data Name="updateTitle">Update for Microsoft XML Core Services 4.0 Service Pack 2 for x64-based Systems (KB973688)</Data>
    <Data Name="updateGuid">{9BD35FB2-8618-4F00-B75D-DFD8D7E93278}</Data>
    <Data Name="updateRevisionNumber">101</Data>
  </EventData>
</Event>
Log Name:      System
Source:        Microsoft-Windows-WindowsUpdateClient
Date:          17/05/2010 03:02:17
Event ID:      20
Task Category: Windows Update Agent
Level:         Error
Keywords:      Failure,Installation
User:          SYSTEM
Computer:      -office-PC
Description:
Installation Failure: Windows failed to install the following update with error 0x80070005: Security Update for Microsoft XML Core Services 4.0 Service Pack 2 for x64-based Systems (KB954430).
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-WindowsUpdateClient" Guid="{945A8954-C147-4ACD-923F-40C45405A658}" />
    <EventID>20</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>1</Task>
    <Opcode>13</Opcode>
    <Keywords>0x8000000000000028</Keywords>
    <TimeCreated SystemTime="2010-05-17T02:02:17.050789100Z" />
    <EventRecordID>1079</EventRecordID>
    <Correlation />
    <Execution ProcessID="908" ThreadID="3088" />
    <Channel>System</Channel>
    <Computer>-office-PC</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="errorCode">0x80070005</Data>
    <Data Name="updateTitle">Security Update for Microsoft XML Core Services 4.0 Service Pack 2 for x64-based Systems (KB954430)</Data>
    <Data Name="updateGuid">{AD99D2A2-9483-4A22-BE93-B2F422024BA0}</Data>
    <Data Name="updateRevisionNumber">106</Data>
  </EventData>
</Event>
Log Name:      Application
Source:        Sophos Anti-Virus
Date:          17/05/2010 02:02:00
Event ID:      51
Task Category: (11)
Level:         Warning
Keywords:      Classic
User:          LOCAL SERVICE
Computer:      -office-PC
Description:
The description for Event ID 51 from source Sophos Anti-Virus cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event: 
Sus/ComPack
C:\Program Files (x86)\MetaTrader - Alpari UK\MetaLang.exe
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Sophos Anti-Virus" />
    <EventID Qualifiers="8229">51</EventID>
    <Level>3</Level>
    <Task>11</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-17T01:02:00.000000000Z" />
    <EventRecordID>330</EventRecordID>
    <Channel>Application</Channel>
    <Computer>-office-PC</Computer>
    <Security UserID="S-1-5-19" />
  </System>
  <EventData>
    <Data>Sus/ComPack</Data>
    <Data>C:\Program Files (x86)\MetaTrader - Alpari UK\MetaLang.exe</Data>
  </EventData>
</Event>
Log Name:      Application
Source:        Sophos Anti-Virus
Date:          17/05/2010 02:01:47
Event ID:      51
Task Category: (11)
Level:         Warning
Keywords:      Classic
User:          LOCAL SERVICE
Computer:      -office-PC
Description:
The description for Event ID 51 from source Sophos Anti-Virus cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event: 
Sus/ComPack
C:\Program Files (x86)\MetaTrader - Alpari UK\MetaLang.exe
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Sophos Anti-Virus" />
    <EventID Qualifiers="8229">51</EventID>
    <Level>3</Level>
    <Task>11</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-17T01:01:47.000000000Z" />
    <EventRecordID>329</EventRecordID>
    <Channel>Application</Channel>
    <Computer>-office-PC</Computer>
    <Security UserID="S-1-5-19" />
  </System>
  <EventData>
    <Data>Sus/ComPack</Data>
    <Data>C:\Program Files (x86)\MetaTrader - Alpari UK\MetaLang.exe</Data>
  </EventData>
</Event>
Log Name:      Application
Source:        Microsoft-Windows-Security-SPP
Date:          17/05/2010 01:47:04
Event ID:      1015
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      -office-PC
Description:
Detailed HRESULT. Returned hr=0xC004F022, Original hr=0x80049E00
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Security-SPP" Guid="{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}" EventSourceName="Software Protection Platform Service" />
    <EventID Qualifiers="32768">1015</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-17T00:47:04.000000000Z" />
    <EventRecordID>311</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>-office-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>0xC004F022</Data>
    <Data>0x80049E00</Data>
  </EventData>
</Event>
Log Name:      System
Source:        Service Control Manager
Date:          17/05/2010 01:45:13
Event ID:      7022
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      -office-PC
Description:
The Windows Update service hung on starting.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
    <EventID Qualifiers="49152">7022</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8080000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-17T00:45:13.679695300Z" />
    <EventRecordID>945</EventRecordID>
    <Correlation />
    <Execution ProcessID="552" ThreadID="1100" />
    <Channel>System</Channel>
    <Computer>-office-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="param1">Windows Update</Data>
  </EventData>
</Event>
Log Name:      Application
Source:        Microsoft-Windows-User Profiles Service
Date:          17/05/2010 01:36:09
Event ID:      1530
Task Category: None
Level:         Warning
Keywords:      
User:          SYSTEM
Computer:      -office-PC
Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.  
 DETAIL - 
 1 user registry handles leaked from \Registry\User\S-1-5-21-1997382471-779440347-522504509-1001:
Process 500 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1997382471-779440347-522504509-1001
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" />
    <EventID>1530</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-17T00:36:09.392578100Z" />
    <EventRecordID>291</EventRecordID>
    <Correlation />
    <Execution ProcessID="112" ThreadID="3700" />
    <Channel>Application</Channel>
    <Computer>-office-PC</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData Name="EVENT_HIVE_LEAK">
    <Data Name="Detail">1 user registry handles leaked from \Registry\User\S-1-5-21-1997382471-779440347-522504509-1001:
Process 500 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1997382471-779440347-522504509-1001
</Data>
  </EventData>
</Event>
Log Name:      Application
Source:        Sophos Anti-Virus
Date:          17/05/2010 01:35:09
Event ID:      51
Task Category: (11)
Level:         Warning
Keywords:      Classic
User:          LOCAL SERVICE
Computer:      -office-PC
Description:
The description for Event ID 51 from source Sophos Anti-Virus cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event: 
Sus/ComPack-C
C:\Program Files (x86)\TweakRAM\TweakRAM.exe
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Sophos Anti-Virus" />
    <EventID Qualifiers="8229">51</EventID>
    <Level>3</Level>
    <Task>11</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-17T00:35:09.000000000Z" />
    <EventRecordID>288</EventRecordID>
    <Channel>Application</Channel>
    <Computer>-office-PC</Computer>
    <Security UserID="S-1-5-19" />
  </System>
  <EventData>
    <Data>Sus/ComPack-C</Data>
    <Data>C:\Program Files (x86)\TweakRAM\TweakRAM.exe</Data>
  </EventData>
</Event>
Log Name:      Application
Source:        Sophos Anti-Virus
Date:          17/05/2010 01:35:07
Event ID:      51
Task Category: (11)
Level:         Warning
Keywords:      Classic
User:          LOCAL SERVICE
Computer:      -office-PC
Description:
The description for Event ID 51 from source Sophos Anti-Virus cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event: 
Sus/ComPack-C
C:\Program Files (x86)\TweakRAM\TweakRAM.exe
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Sophos Anti-Virus" />
    <EventID Qualifiers="8229">51</EventID>
    <Level>3</Level>
    <Task>11</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-17T00:35:07.000000000Z" />
    <EventRecordID>287</EventRecordID>
    <Channel>Application</Channel>
    <Computer>-office-PC</Computer>
    <Security UserID="S-1-5-19" />
  </System>
  <EventData>
    <Data>Sus/ComPack-C</Data>
    <Data>C:\Program Files (x86)\TweakRAM\TweakRAM.exe</Data>
  </EventData>
</Event>
Log Name:      Application
Source:        Sophos Anti-Virus
Date:          17/05/2010 01:35:00
Event ID:      51
Task Category: (11)
Level:         Warning
Keywords:      Classic
User:          LOCAL SERVICE
Computer:      -office-PC
Description:
The description for Event ID 51 from source Sophos Anti-Virus cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event: 
Sus/ComPack-C
C:\Program Files (x86)\TweakRAM\TweakRAM.exe
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Sophos Anti-Virus" />
    <EventID Qualifiers="8229">51</EventID>
    <Level>3</Level>
    <Task>11</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-17T00:35:00.000000000Z" />
    <EventRecordID>286</EventRecordID>
    <Channel>Application</Channel>
    <Computer>-office-PC</Computer>
    <Security UserID="S-1-5-19" />
  </System>
  <EventData>
    <Data>Sus/ComPack-C</Data>
    <Data>C:\Program Files (x86)\TweakRAM\TweakRAM.exe</Data>
  </EventData>
</Event>
Log Name:      Application
Source:        Sophos Anti-Virus
Date:          17/05/2010 01:34:32
Event ID:      51
Task Category: (11)
Level:         Warning
Keywords:      Classic
User:          LOCAL SERVICE
Computer:      -office-PC
Description:
The description for Event ID 51 from source Sophos Anti-Virus cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event: 
Sus/ComPack-C
C:\Program Files (x86)\TweakRAM\Wizard.exe
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Sophos Anti-Virus" />
    <EventID Qualifiers="8229">51</EventID>
    <Level>3</Level>
    <Task>11</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-17T00:34:32.000000000Z" />
    <EventRecordID>285</EventRecordID>
    <Channel>Application</Channel>
    <Computer>-office-PC</Computer>
    <Security UserID="S-1-5-19" />
  </System>
  <EventData>
    <Data>Sus/ComPack-C</Data>
    <Data>C:\Program Files (x86)\TweakRAM\Wizard.exe</Data>
  </EventData>
</Event>
Log Name:      Application
Source:        Sophos Anti-Virus
Date:          17/05/2010 01:34:31
Event ID:      51
Task Category: (11)
Level:         Warning
Keywords:      Classic
User:          LOCAL SERVICE
Computer:      -office-PC
Description:
The description for Event ID 51 from source Sophos Anti-Virus cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event: 
Sus/ComPack-C
C:\Program Files (x86)\TweakRAM\TweakRAM.exe
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Sophos Anti-Virus" />
    <EventID Qualifiers="8229">51</EventID>
    <Level>3</Level>
    <Task>11</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-17T00:34:31.000000000Z" />
    <EventRecordID>284</EventRecordID>
    <Channel>Application</Channel>
    <Computer>-office-PC</Computer>
    <Security UserID="S-1-5-19" />
  </System>
  <EventData>
    <Data>Sus/ComPack-C</Data>
    <Data>C:\Program Files (x86)\TweakRAM\TweakRAM.exe</Data>
  </EventData>
</Event>
Log Name:      Application
Source:        Sophos Anti-Virus
Date:          17/05/2010 01:34:30
Event ID:      51
Task Category: (11)
Level:         Warning
Keywords:      Classic
User:          LOCAL SERVICE
Computer:      -office-PC
Description:
The description for Event ID 51 from source Sophos Anti-Virus cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event: 
Sus/ComPack-C
C:\Program Files (x86)\TweakRAM\Wizard.exe
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Sophos Anti-Virus" />
    <EventID Qualifiers="8229">51</EventID>
    <Level>3</Level>
    <Task>11</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-17T00:34:30.000000000Z" />
    <EventRecordID>283</EventRecordID>
    <Channel>Application</Channel>
    <Computer>-office-PC</Computer>
    <Security UserID="S-1-5-19" />
  </System>
  <EventData>
    <Data>Sus/ComPack-C</Data>
    <Data>C:\Program Files (x86)\TweakRAM\Wizard.exe</Data>
  </EventData>
</Event>
Log Name:      Application
Source:        Sophos Anti-Virus
Date:          17/05/2010 01:34:29
Event ID:      51
Task Category: (11)
Level:         Warning
Keywords:      Classic
User:          LOCAL SERVICE
Computer:      -office-PC
Description:
The description for Event ID 51 from source Sophos Anti-Virus cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event: 
Sus/ComPack-C
C:\Program Files (x86)\TweakRAM\TweakRAM.exe
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Sophos Anti-Virus" />
    <EventID Qualifiers="8229">51</EventID>
    <Level>3</Level>
    <Task>11</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-17T00:34:29.000000000Z" />
    <EventRecordID>282</EventRecordID>
    <Channel>Application</Channel>
    <Computer>-office-PC</Computer>
    <Security UserID="S-1-5-19" />
  </System>
  <EventData>
    <Data>Sus/ComPack-C</Data>
    <Data>C:\Program Files (x86)\TweakRAM\TweakRAM.exe</Data>
  </EventData>
</Event>
Log Name:      Application
Source:        Sophos Anti-Virus
Date:          17/05/2010 01:34:28
Event ID:      51
Task Category: (11)
Level:         Warning
Keywords:      Classic
User:          LOCAL SERVICE
Computer:      -office-PC
Description:
The description for Event ID 51 from source Sophos Anti-Virus cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event: 
Sus/ComPack-C
C:\Program Files (x86)\TweakRAM\Wizard.exe
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Sophos Anti-Virus" />
    <EventID Qualifiers="8229">51</EventID>
    <Level>3</Level>
    <Task>11</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-17T00:34:28.000000000Z" />
    <EventRecordID>281</EventRecordID>
    <Channel>Application</Channel>
    <Computer>-office-PC</Computer>
    <Security UserID="S-1-5-19" />
  </System>
  <EventData>
    <Data>Sus/ComPack-C</Data>
    <Data>C:\Program Files (x86)\TweakRAM\Wizard.exe</Data>
  </EventData>
</Event>
Log Name:      Application
Source:        Sophos Anti-Virus
Date:          17/05/2010 01:29:51
Event ID:      51
Task Category: (11)
Level:         Warning
Keywords:      Classic
User:          LOCAL SERVICE
Computer:      -office-PC
Description:
The description for Event ID 51 from source Sophos Anti-Virus cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event: 
Sus/ComPack-C
C:\Program Files (x86)\TweakRAM\TweakRAM.exe
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Sophos Anti-Virus" />
    <EventID Qualifiers="8229">51</EventID>
    <Level>3</Level>
    <Task>11</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-17T00:29:51.000000000Z" />
    <EventRecordID>280</EventRecordID>
    <Channel>Application</Channel>
    <Computer>-office-PC</Computer>
    <Security UserID="S-1-5-19" />
  </System>
  <EventData>
    <Data>Sus/ComPack-C</Data>
    <Data>C:\Program Files (x86)\TweakRAM\TweakRAM.exe</Data>
  </EventData>
</Event>
Log Name:      Application
Source:        Sophos Anti-Virus
Date:          17/05/2010 01:29:43
Event ID:      51
Task Category: (11)
Level:         Warning
Keywords:      Classic
User:          LOCAL SERVICE
Computer:      -office-PC
Description:
The description for Event ID 51 from source Sophos Anti-Virus cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event: 
Sus/ComPack-C
C:\Program Files (x86)\TweakRAM\TweakRAM.exe
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Sophos Anti-Virus" />
    <EventID Qualifiers="8229">51</EventID>
    <Level>3</Level>
    <Task>11</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-17T00:29:43.000000000Z" />
    <EventRecordID>279</EventRecordID>
    <Channel>Application</Channel>
    <Computer>-office-PC</Computer>
    <Security UserID="S-1-5-19" />
  </System>
  <EventData>
    <Data>Sus/ComPack-C</Data>
    <Data>C:\Program Files (x86)\TweakRAM\TweakRAM.exe</Data>
  </EventData>
</Event>
Log Name:      Application
Source:        Sophos Anti-Virus
Date:          17/05/2010 01:27:33
Event ID:      51
Task Category: (11)
Level:         Warning
Keywords:      Classic
User:          LOCAL SERVICE
Computer:      -office-PC
Description:
The description for Event ID 51 from source Sophos Anti-Virus cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event: 
Sus/ComPack-C
C:\Program Files (x86)\TweakRAM\Wizard.exe
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Sophos Anti-Virus" />
    <EventID Qualifiers="8229">51</EventID>
    <Level>3</Level>
    <Task>11</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-17T00:27:33.000000000Z" />
    <EventRecordID>277</EventRecordID>
    <Channel>Application</Channel>
    <Computer>-office-PC</Computer>
    <Security UserID="S-1-5-19" />
  </System>
  <EventData>
    <Data>Sus/ComPack-C</Data>
    <Data>C:\Program Files (x86)\TweakRAM\Wizard.exe</Data>
  </EventData>
</Event>
Log Name:      Application
Source:        Sophos Anti-Virus
Date:          17/05/2010 01:27:32
Event ID:      51
Task Category: (11)
Level:         Warning
Keywords:      Classic
User:          LOCAL SERVICE
Computer:      -office-PC
Description:
The description for Event ID 51 from source Sophos Anti-Virus cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event: 
Sus/ComPack-C
C:\Program Files (x86)\TweakRAM\TweakRAM.exe
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Sophos Anti-Virus" />
    <EventID Qualifiers="8229">51</EventID>
    <Level>3</Level>
    <Task>11</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-17T00:27:32.000000000Z" />
    <EventRecordID>276</EventRecordID>
    <Channel>Application</Channel>
    <Computer>-office-PC</Computer>
    <Security UserID="S-1-5-19" />
  </System>
  <EventData>
    <Data>Sus/ComPack-C</Data>
    <Data>C:\Program Files (x86)\TweakRAM\TweakRAM.exe</Data>
  </EventData>
</Event>
Log Name:      Application
Source:        Sophos Anti-Virus
Date:          17/05/2010 01:27:31
Event ID:      51
Task Category: (11)
Level:         Warning
Keywords:      Classic
User:          LOCAL SERVICE
Computer:      -office-PC
Description:
The description for Event ID 51 from source Sophos Anti-Virus cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event: 
Sus/ComPack-C
C:\Program Files (x86)\TweakRAM\Wizard.exe
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Sophos Anti-Virus" />
    <EventID Qualifiers="8229">51</EventID>
    <Level>3</Level>
    <Task>11</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-17T00:27:31.000000000Z" />
    <EventRecordID>275</EventRecordID>
    <Channel>Application</Channel>
    <Computer>-office-PC</Computer>
    <Security UserID="S-1-5-19" />
  </System>
  <EventData>
    <Data>Sus/ComPack-C</Data>
    <Data>C:\Program Files (x86)\TweakRAM\Wizard.exe</Data>
  </EventData>
</Event>
Log Name:      Application
Source:        Sophos Anti-Virus
Date:          17/05/2010 01:27:30
Event ID:      51
Task Category: (11)
Level:         Warning
Keywords:      Classic
User:          LOCAL SERVICE
Computer:      -office-PC
Description:
The description for Event ID 51 from source Sophos Anti-Virus cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event: 
Sus/ComPack-C
C:\Program Files (x86)\TweakRAM\TweakRAM.exe
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Sophos Anti-Virus" />
    <EventID Qualifiers="8229">51</EventID>
    <Level>3</Level>
    <Task>11</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-17T00:27:30.000000000Z" />
    <EventRecordID>274</EventRecordID>
    <Channel>Application</Channel>
    <Computer>-office-PC</Computer>
    <Security UserID="S-1-5-19" />
  </System>
  <EventData>
    <Data>Sus/ComPack-C</Data>
    <Data>C:\Program Files (x86)\TweakRAM\TweakRAM.exe</Data>
  </EventData>
</Event>
Log Name:      Application
Source:        Sophos Anti-Virus
Date:          17/05/2010 01:27:30
Event ID:      51
Task Category: (11)
Level:         Warning
Keywords:      Classic
User:          LOCAL SERVICE
Computer:      -office-PC
Description:
The description for Event ID 51 from source Sophos Anti-Virus cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event: 
Sus/ComPack-C
C:\Program Files (x86)\TweakRAM\Wizard.exe
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Sophos Anti-Virus" />
    <EventID Qualifiers="8229">51</EventID>
    <Level>3</Level>
    <Task>11</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-17T00:27:30.000000000Z" />
    <EventRecordID>273</EventRecordID>
    <Channel>Application</Channel>
    <Computer>-office-PC</Computer>
    <Security UserID="S-1-5-19" />
  </System>
  <EventData>
    <Data>Sus/ComPack-C</Data>
    <Data>C:\Program Files (x86)\TweakRAM\Wizard.exe</Data>
  </EventData>
</Event>
Log Name:      System
Source:        Service Control Manager
Date:          17/05/2010 01:25:54
Event ID:      7030
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      -office-PC
Description:
The Sophos AutoUpdate Service service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
    <EventID Qualifiers="49152">7030</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8080000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-17T00:25:54.961914000Z" />
    <EventRecordID>804</EventRecordID>
    <Correlation />
    <Execution ProcessID="548" ThreadID="2224" />
    <Channel>System</Channel>
    <Computer>-office-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="param1">Sophos AutoUpdate Service</Data>
  </EventData>
</Event>
Log Name:      Application
Source:        Microsoft-Windows-EventSystem
Date:          17/05/2010 00:05:54
Event ID:      4621
Task Category: Event System
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      -office-PC
Description:
The COM+ Event System could not remove the EventSystem.EventSubscription object {E1B6FCDB-883C-4832-BB79-21701C6AB0C8}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}.
Object name: SLSVC_LOGON
Object description: 
The HRESULT was 80070005.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-EventSystem" Guid="{899daace-4868-4295-afcd-9eb8fb497561}" EventSourceName="EventSystem" />
    <EventID Qualifiers="49152">4621</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>16</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-16T23:05:54.000000000Z" />
    <EventRecordID>235</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>-office-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="param1">80070005</Data>
    <Data Name="param2">EventSystem.EventSubscription</Data>
    <Data Name="param3">{E1B6FCDB-883C-4832-BB79-21701C6AB0C8}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}</Data>
    <Data Name="param4">SLSVC_LOGON</Data>
    <Data Name="param5">
    </Data>
  </EventData>
</Event>
Log Name:      Application
Source:        Microsoft-Windows-Security-SPP
Date:          16/05/2010 23:52:59
Event ID:      1015
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      -office-PC
Description:
Detailed HRESULT. Returned hr=0xC004F022, Original hr=0x80049E00
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Security-SPP" Guid="{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}" EventSourceName="Software Protection Platform Service" />
    <EventID Qualifiers="32768">1015</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-16T22:52:59.000000000Z" />
    <EventRecordID>230</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>-office-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>0xC004F022</Data>
    <Data>0x80049E00</Data>
  </EventData>
</Event>
Log Name:      Application
Source:        Microsoft-Windows-Security-SPP
Date:          16/05/2010 23:52:59
Event ID:      1015
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      -office-PC
Description:
Detailed HRESULT. Returned hr=0xC004F022, Original hr=0x80049E00
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Security-SPP" Guid="{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}" EventSourceName="Software Protection Platform Service" />
    <EventID Qualifiers="32768">1015</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-16T22:52:59.000000000Z" />
    <EventRecordID>229</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>-office-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>0xC004F022</Data>
    <Data>0x80049E00</Data>
  </EventData>
</Event>
Log Name:      Application
Source:        Microsoft-Windows-Security-SPP
Date:          16/05/2010 23:52:58
Event ID:      1015
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      -office-PC
Description:
Detailed HRESULT. Returned hr=0xC004F022, Original hr=0x80049E00
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Security-SPP" Guid="{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}" EventSourceName="Software Protection Platform Service" />
    <EventID Qualifiers="32768">1015</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-16T22:52:58.000000000Z" />
    <EventRecordID>226</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>-office-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>0xC004F022</Data>
    <Data>0x80049E00</Data>
  </EventData>
</Event>
Log Name:      Application
Source:        Microsoft-Windows-Security-SPP
Date:          16/05/2010 23:51:27
Event ID:      1015
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      -office-PC
Description:
Detailed HRESULT. Returned hr=0xC004F022, Original hr=0x80049E00
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Security-SPP" Guid="{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}" EventSourceName="Software Protection Platform Service" />
    <EventID Qualifiers="32768">1015</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-16T22:51:27.000000000Z" />
    <EventRecordID>221</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>-office-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>0xC004F022</Data>
    <Data>0x80049E00</Data>
  </EventData>
</Event>
Log Name:      Application
Source:        Microsoft-Windows-Security-SPP
Date:          16/05/2010 23:51:27
Event ID:      1015
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      -office-PC
Description:
Detailed HRESULT. Returned hr=0xC004F022, Original hr=0x80049E00
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Security-SPP" Guid="{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}" EventSourceName="Software Protection Platform Service" />
    <EventID Qualifiers="32768">1015</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-16T22:51:27.000000000Z" />
    <EventRecordID>220</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>-office-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>0xC004F022</Data>
    <Data>0x80049E00</Data>
  </EventData>
</Event>
Log Name:      Application
Source:        Microsoft-Windows-Security-SPP
Date:          16/05/2010 23:51:27
Event ID:      1015
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      -office-PC
Description:
Detailed HRESULT. Returned hr=0xC004F022, Original hr=0x80049E00
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Security-SPP" Guid="{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}" EventSourceName="Software Protection Platform Service" />
    <EventID Qualifiers="32768">1015</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-16T22:51:27.000000000Z" />
    <EventRecordID>219</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>-office-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>0xC004F022</Data>
    <Data>0x80049E00</Data>
  </EventData>
</Event>
Log Name:      System
Source:        Disk
Date:          16/05/2010 23:33:42
Event ID:      11
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      -office-PC
Description:
The driver detected a controller error on \Device\Harddisk1\DR1.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Disk" />
    <EventID Qualifiers="49156">11</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-16T22:33:42.453125000Z" />
    <EventRecordID>739</EventRecordID>
    <Channel>System</Channel>
    <Computer>-office-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>\Device\Harddisk1\DR1</Data>
    <Binary>0E00800001000000000000000B0004C003010000000000000000000000082D000000000000000000F9E40E0000000000FFFFFFFF0600000058000000000000000000061208000010000000003C00000000000000000000008073D80280FAFFFF000000000000000060F87D0280FAFFFF0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000</Binary>
  </EventData>
</Event>
Log Name:      System
Source:        Microsoft-Windows-DNS-Client
Date:          16/05/2010 23:33:41
Event ID:      1014
Task Category: None
Level:         Warning
Keywords:      
User:          NETWORK SERVICE
Computer:      -office-PC
Description:
Name resolution for the name isatap.home timed out after none of the configured DNS servers responded.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-DNS-Client" Guid="{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}" />
    <EventID>1014</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x4000000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-16T22:33:41.593750000Z" />
    <EventRecordID>737</EventRecordID>
    <Correlation />
    <Execution ProcessID="376" ThreadID="876" />
    <Channel>System</Channel>
    <Computer>-office-PC</Computer>
    <Security UserID="S-1-5-20" />
  </System>
  <EventData>
    <Data Name="QueryName">isatap.home</Data>
    <Data Name="AddressLength">16</Data>
    <Data Name="Address">02000035C0A801FE0000000000000000</Data>
  </EventData>
</Event>
Log Name:      System
Source:        Disk
Date:          16/05/2010 21:07:06
Event ID:      7
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      -office-PC
Description:
The device, \Device\Harddisk7\DR7, has a bad block.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Disk" />
    <EventID Qualifiers="49156">7</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-16T20:07:06.588906300Z" />
    <EventRecordID>730</EventRecordID>
    <Channel>System</Channel>
    <Computer>-office-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>\Device\Harddisk7\DR7</Data>
    <Binary>030080000100000000000000070004C0000100009C0000C00000000000000000005E400000000000024E060000000000FFFFFFFF01000000580000840200000000200A1240032040000000003C0000000000000000000000B84BC20380FAFFFF00000000000000001050C20380FAFFFFD000A30480FAFFFF2F2000000000000028000000202F00000800000000000000F00003000000000A00000000110000000000000000000000</Binary>
  </EventData>
</Event>
Log Name:      Microsoft-Windows-Kernel-EventTracing/Admin
Source:        Microsoft-Windows-Kernel-EventTracing
Date:          16/05/2010 20:10:04
Event ID:      3
Task Category: Session
Level:         Error
Keywords:      Session
User:          SYSTEM
Computer:      -office-PC
Description:
Session "ReadyBoot" stopped due to the following error: 0xC0000188
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Kernel-EventTracing" Guid="{B675EC37-BDB6-4648-BC92-F3FDC74D3CA2}" />
    <EventID>3</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>2</Task>
    <Opcode>14</Opcode>
    <Keywords>0x8000000000000010</Keywords>
    <TimeCreated SystemTime="2010-05-16T19:10:04.143593800Z" />
    <EventRecordID>2</EventRecordID>
    <Correlation />
    <Execution ProcessID="4" ThreadID="156" />
    <Channel>Microsoft-Windows-Kernel-EventTracing/Admin</Channel>
    <Computer>-office-PC</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="SessionName">ReadyBoot</Data>
    <Data Name="FileName">C:\Windows\Prefetch\ReadyBoot\ReadyBoot.etl</Data>
    <Data Name="ErrorCode">3221225864</Data>
    <Data Name="LoggingMode">0</Data>
  </EventData>
</Event>
Log Name:      Microsoft-Windows-Kernel-EventTracing/Admin
Source:        Microsoft-Windows-Kernel-EventTracing
Date:          16/05/2010 20:10:04
Event ID:      4
Task Category: Logging
Level:         Warning
Keywords:      Session
User:          SYSTEM
Computer:      -office-PC
Description:
The maximum file size for session "ReadyBoot" has been reached. As a result, events might be lost (not logged) to file "C:\Windows\Prefetch\ReadyBoot\ReadyBoot.etl". The maximum files size is currently set to 20971520 bytes.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Kernel-EventTracing" Guid="{B675EC37-BDB6-4648-BC92-F3FDC74D3CA2}" />
    <EventID>4</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>1</Task>
    <Opcode>10</Opcode>
    <Keywords>0x8000000000000010</Keywords>
    <TimeCreated SystemTime="2010-05-16T19:10:04.143593800Z" />
    <EventRecordID>1</EventRecordID>
    <Correlation />
    <Execution ProcessID="4" ThreadID="156" />
    <Channel>Microsoft-Windows-Kernel-EventTracing/Admin</Channel>
    <Computer>-office-PC</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="SessionName">ReadyBoot</Data>
    <Data Name="FileName">C:\Windows\Prefetch\ReadyBoot\ReadyBoot.etl</Data>
    <Data Name="ErrorCode">3221225864</Data>
    <Data Name="LoggingMode">0</Data>
    <Data Name="MaxFileSize">20971520</Data>
  </EventData>
</Event>
Log Name:      Application
Source:        Microsoft-Windows-RPC-Events
Date:          16/05/2010 19:51:34
Event ID:      11
Task Category: None
Level:         Warning
Keywords:      
User:          LOCAL SERVICE
Computer:      -office-PC
Description:
Possible Memory Leak.  Application (C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted) (PID: 368) has passed a non-NULL pointer to RPC for an [out] parameter marked [allocate(all_nodes)].  [allocate(all_nodes)] parameters are always reallocated; if the original pointer contained the address of valid memory, that memory will be leaked.  The call originated on the interface with UUID ({3F31C91E-2545-4B7B-9311-9529E8BFFEF6}), Method number (20).  User Action: Contact your application vendor for an updated version of the application.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-RPC-Events" Guid="{F4AED7C7-A898-4627-B053-44A7CAA12FCD}" />
    <EventID>11</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-16T18:51:34.155875000Z" />
    <EventRecordID>128</EventRecordID>
    <Correlation />
    <Execution ProcessID="368" ThreadID="296" />
    <Channel>Application</Channel>
    <Computer>-office-PC</Computer>
    <Security UserID="S-1-5-19" />
  </System>
  <EventData>
    <Data Name="ApplicationName">C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted</Data>
    <Data Name="ProcessId">368</Data>
    <Data Name="InterfaceId">{3F31C91E-2545-4B7B-9311-9529E8BFFEF6}</Data>
    <Data Name="Method">20</Data>
  </EventData>
</Event>
Log Name:      Application
Source:        Microsoft-Windows-Search
Date:          16/05/2010 19:18:06
Event ID:      1008
Task Category: Search service
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      37L4247E29-32
Description:
The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}. 
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Search" Guid="{CA4E628D-8567-4896-AB6B-835B221F373F}" EventSourceName="Windows Search Service" />
    <EventID Qualifiers="32768">1008</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>1</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-16T18:18:06.000000000Z" />
    <EventRecordID>117</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>37L4247E29-32</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="ExtraInfo">
    </Data>
    <Data Name="Reason">Full Index Reset</Data>
  </EventData>
</Event>
Log Name:      System
Source:        Service Control Manager
Date:          16/05/2010 19:09:12
Event ID:      7023
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      37L4247E29-32
Description:
The Windows Time service terminated with the following error: 
The system cannot find the file specified.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
    <EventID Qualifiers="49152">7023</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8080000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-16T18:09:12.890000000Z" />
    <EventRecordID>394</EventRecordID>
    <Correlation />
    <Execution ProcessID="512" ThreadID="596" />
    <Channel>System</Channel>
    <Computer>37L4247E29-32</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="param1">Windows Time</Data>
    <Data Name="param2">%%2</Data>
  </EventData>
</Event>
Log Name:      System
Source:        Microsoft-Windows-Kernel-PnP
Date:          16/05/2010 19:05:56
Event ID:      219
Task Category: (212)
Level:         Warning
Keywords:      
User:          SYSTEM
Computer:      37L4247E29-32
Description:
The driver \Driver\tunnel failed to load for the device ROOT\*ISATAP\0000.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Kernel-PnP" Guid="{9C205A39-1250-487D-ABD7-E831C6290539}" />
    <EventID>219</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>212</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2010-05-16T18:05:56.843750000Z" />
    <EventRecordID>344</EventRecordID>
    <Correlation />
    <Execution ProcessID="4" ThreadID="64" />
    <Channel>System</Channel>
    <Computer>37L4247E29-32</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="DriverNameLength">17</Data>
    <Data Name="DriverName">ROOT\*ISATAP\0000</Data>
    <Data Name="Status">3221226078</Data>
    <Data Name="FailureNameLength">14</Data>
    <Data Name="FailureName">\Driver\tunnel</Data>
    <Data Name="Version">0</Data>
  </EventData>
</Event>
Log Name:      Microsoft-Windows-PrintService/Admin
Source:        Microsoft-Windows-PrintService
Date:          16/05/2010 19:02:58
Event ID:      512
Task Category: Initializing a print provider
Level:         Error
Keywords:      Router,Classic Spooler Event
User:          SYSTEM
Computer:      37L4247E29-32
Description:
InitializePrintProvider failed for provider inetpp.dll. This can occur because of system instability or a lack of system resources.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-PrintService" Guid="{747EF6FD-E535-4D16-B510-42C90F6873A1}" />
    <EventID>512</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>1</Task>
    <Opcode>12</Opcode>
    <Keywords>0x8000000000002800</Keywords>
    <TimeCreated SystemTime="2010-05-16T18:02:58.718750000Z" />
    <EventRecordID>1</EventRecordID>
    <Correlation />
    <Execution ProcessID="1084" ThreadID="1108" />
    <Channel>Microsoft-Windows-PrintService/Admin</Channel>
    <Computer>37L4247E29-32</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <UserData>
    <RouterError xmlns:auto-ns3="http://schemas.microsoft.com/win/2004/08/events" xmlns="http://manifests.microsoft.com/win/2005/08/windows/printing/spooler/core/events">
      <Name>inetpp.dll</Name>
      <Error>0x0</Error>
    </RouterError>
  </UserData>
</Event> 
W7 was installed onto a clean formatted HDD on 16th May to troubleshoot this crash issue. Hence why there are only two mini dumps to analyse. This time I decided to try 64bit installation of W7 Ultimate. I usually find that this crash will occur each day between 1 and 3 times when it is left idle. At first I thought it was due to leaving web browsers open which some users of W7 had experienced but now I do not think so. I have only been present when the PC crashes once and this was while I was web browsing.

Taken from windows debugger mini dump file analysis:

Script:
Microsoft (RWindows Debugger Version 6.12.0002.633 AMD64
Copyright 
(cMicrosoft CorporationAll rights reserved.
 
Loading Dump File [C:\Windows\Minidump\051810-70500-01.dmp]
Mini Kernel Dump FileOnly registers and stack trace are available
WARNING
Whitespace at end of path element
Symbol search path is
SRV*d:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is
Windows 7 Kernel Version 7600 MP (2 procsFree x64
Product
WinNtsuiteTerminalServer SingleUserTS
Built by
7600.16539.amd64fre.win7_gdr.100226-1909
Machine Name
:
Kernel base 0xfffff800`02a09000 PsLoadedModuleList = 0xfffff800`02c46e50
Debug session time
Tue May 18 15:07:23.390 2010 (UTC 1:00)
System Uptime0 days 0:00:21.203
Loading Kernel Symbols
.................................................
Loading User Symbols
Mini Kernel Dump does not contain unloaded driver 
list
*******************************************************************************
*                                                                             *
*                        
Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************
Use !
analyze -v to get detailed debugging information.
BugCheck 124, {0fffffa8002abe82800}
Probably caused by hardware
Followup
MachineOwner
---------
1kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        
Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************
WHEA_UNCORRECTABLE_ERROR (124)
A fatal hardware error has occurredParameter 1 identifies the type of error
source that reported the error
Parameter 2 holds the address of the
WHEA_ERROR_RECORD structure that describes the error conditon
.
Arguments:
Arg10000000000000000Machine Check Exception
Arg2
fffffa8002abe828Address of the WHEA_ERROR_RECORD structure.
Arg30000000000000000High order 32-bits of the MCi_STATUS value.
Arg40000000000000000Low order 32-bits of the MCi_STATUS value.
Debugging Details:
------------------
 
BUGCHECK_STR:  0x124_GenuineIntel
CUSTOMER_CRASH_COUNT
:  1
DEFAULT_BUCKET_ID
:  VISTA_DRIVER_FAULT
PROCESS_NAME
:  System
CURRENT_IRQL
:  0
STACK_TEXT
:  
fffff880`02fc06f0 fffff800`02cc3a79 fffffa80`02abe800 fffffa80`018da040 00000000`00000010 00000000`00000001 nt!WheapCreateLiveTriageDump+0x6c
fffff880
`02fc0c10 fffff800`02ba55a7 fffffa80`02abe800 fffff800`02c1e5f8 fffffa80`018da040 00000002`00000005 nt!WheapCreateTriageDumpFromPreviousSession+0x49
fffff880
`02fc0c40 fffff800`02b0db85 fffff800`02c80360 fffffa80`02aba858 fffffa80`02aba850 fffffa80`018da040 nt!WheapProcessWorkQueueItem+0x57
fffff880
`02fc0c80 fffff800`02a86861 fffff880`010d9e00 fffff800`02b0db60 fffffa80`018da040 00000000`00000000 nt!WheapWorkQueueWorkerRoutine+0x25
fffff880
`02fc0cb0 fffff800`02d1ea86 00000001`40080001 fffffa80`018da040 00000000`00000080 fffffa80`0184a9e0 nt!ExpWorkerThread+0x111
fffff880
`02fc0d40 fffff800`02a57b06 fffff880`009e6180 fffffa80`018da040 fffff880`009f0f40 04042540`0403cea8 nt!PspSystemThreadStartup+0x5a
fffff880
`02fc0d80 00000000`00000000 fffff880`02fc1000 fffff880`02fbb000 fffff880`02fc0480 00000000`00000000 nt!KxStartSystemThread+0x16
 
STACK_COMMAND
:  kb
FOLLOWUP_NAME
:  MachineOwner
MODULE_NAME
hardware
IMAGE_NAME
:  hardware
DEBUG_FLR_IMAGE_TIMESTAMP
:  0
FAILURE_BUCKET_ID
:  X64_0x124_GenuineIntel_PROCESSOR_MAE_PRV
BUCKET_ID
:  X64_0x124_GenuineIntel_PROCESSOR_MAE_PRV
Followup
MachineOwner
--------- 
2nd dump file dated 19th May:

Script:
Microsoft (RWindows Debugger Version 6.12.0002.633 AMD64
Copyright 
(cMicrosoft CorporationAll rights reserved.
 
Loading Dump File [C:\Windows\Minidump\051910-66781-01.dmp]
Mini Kernel Dump FileOnly registers and stack trace are available
WARNING
Whitespace at end of path element
Symbol search path is
SRV*d:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is
Windows 7 Kernel Version 7600 MP (2 procsFree x64
Product
WinNtsuiteTerminalServer SingleUserTS
Built by
7600.16539.amd64fre.win7_gdr.100226-1909
Machine Name
:
Kernel base 0xfffff800`02a0d000 PsLoadedModuleList = 0xfffff800`02c4ae50
Debug session time
Wed May 19 15:22:18.296 2010 (UTC 1:00)
System Uptime0 days 0:00:31.109
Loading Kernel Symbols
....................................................
Loading User Symbols
Mini Kernel Dump does not contain unloaded driver 
list
*******************************************************************************
*                                                                             *
*                        
Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************
Use !
analyze -v to get detailed debugging information.
BugCheck 124, {0fffffa8002bac03800}
Probably caused by hardware
Followup
MachineOwner
---------
1kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        
Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************
WHEA_UNCORRECTABLE_ERROR (124)
A fatal hardware error has occurredParameter 1 identifies the type of error
source that reported the error
Parameter 2 holds the address of the
WHEA_ERROR_RECORD structure that describes the error conditon
.
Arguments:
Arg10000000000000000Machine Check Exception
Arg2
fffffa8002bac038Address of the WHEA_ERROR_RECORD structure.
Arg30000000000000000High order 32-bits of the MCi_STATUS value.
Arg40000000000000000Low order 32-bits of the MCi_STATUS value.
Debugging Details:
------------------
 
BUGCHECK_STR:  0x124_GenuineIntel
CUSTOMER_CRASH_COUNT
:  1
DEFAULT_BUCKET_ID
:  VISTA_DRIVER_FAULT
PROCESS_NAME
:  System
CURRENT_IRQL
:  0
STACK_TEXT
:  
fffff880`02fc76f0 fffff800`02cc7a79 fffffa80`02bac010 fffffa80`018d6040 00000000`00000007 00000000`00000001 nt!WheapCreateLiveTriageDump+0x6c
fffff880
`02fc7c10 fffff800`02ba95a7 fffffa80`02bac010 fffff800`02c225f8 fffffa80`018d6040 00000003`00000005 nt!WheapCreateTriageDumpFromPreviousSession+0x49
fffff880
`02fc7c40 fffff800`02b11b85 fffff800`02c84360 fffffa80`02a623b8 fffffa80`02a623b0 fffffa80`018d6040 nt!WheapProcessWorkQueueItem+0x57
fffff880
`02fc7c80 fffff800`02a8a861 fffff880`01030e00 fffff800`02b11b60 fffffa80`018d6040 000007fe`f4543cee nt!WheapWorkQueueWorkerRoutine+0x25
fffff880
`02fc7cb0 fffff800`02d22a86 00000000`00000000 fffffa80`018d6040 00000000`00000080 fffffa80`018c5040 nt!ExpWorkerThread+0x111
fffff880
`02fc7d40 fffff800`02a5bb06 fffff880`009e6180 fffffa80`018d6040 fffff880`009f0f40 00000000`00cc9f20 nt!PspSystemThreadStartup+0x5a
fffff880
`02fc7d80 00000000`00000000 fffff880`02fc8000 fffff880`02fc2000 fffff880`02fc70a0 00000000`00000000 nt!KxStartSystemThread+0x16
 
STACK_COMMAND
:  kb
FOLLOWUP_NAME
:  MachineOwner
MODULE_NAME
hardware
IMAGE_NAME
:  hardware
DEBUG_FLR_IMAGE_TIMESTAMP
:  0
FAILURE_BUCKET_ID
:  X64_0x124_GenuineIntel_PROCESSOR_MAE_PRV
BUCKET_ID
:  X64_0x124_GenuineIntel_PROCESSOR_MAE_PRV
Followup
MachineOwner
--------- 
Any help is greatly appreciated, thank you.


My System SpecsSystem Spec
.
19 May 2010   #2
Jonathan_King

Windows 7 Professional x64
 
 

Please read this article: https://www.sevenforums.com/crash-loc...-what-try.html

In particular, test your RAM, Video card, and make sure your temps are okay using Speedfan.
My System SpecsSystem Spec
20 May 2010   #3
wsf7

W7 Ultimate x64
 
 

Thank you for the forum link and web links. I have run memtest and chkdsk which all resulted fine.

The speedfan shows temps tp be acceptable all but for one sensor.

winbond w83697hf

is at 51c at times but usually 48c
Not sure what this sensor is showing temps for. Is it to do with a sound card or graphics card?
My System SpecsSystem Spec
.

20 May 2010   #4
Bill2

Windows 7 x64 pro/ Windows 7 x86 Pro/ XP SP3 x86
 
 

Also try updating all your hardware drivers. Update your bios also, if an update is available.
My System SpecsSystem Spec
20 May 2010   #5
Jonathan_King

Windows 7 Professional x64
 
 

Quote   Quote: Originally Posted by wsf7 View Post
Thank you for the forum link and web links. I have run memtest and chkdsk which all resulted fine.

The speedfan shows temps tp be acceptable all but for one sensor.

winbond w83697hf

is at 51c at times but usually 48c
Not sure what this sensor is showing temps for. Is it to do with a sound card or graphics card?
It might, I don't know. 51 is nothing to be concerned about though.
My System SpecsSystem Spec
20 May 2010   #6
wsf7

W7 Ultimate x64
 
 

Do most of you update drivers manually? I don't suppose the software programs that search for drivers are better?

I will look for bios updates as I've never done one before. Graphics card drivers are updated through windows updates these days.

I took a screenshot - attached showing the temps as being hot with a pic of a flame. I know these temps are normal for hard drives and CPU must be about 96c or more. But what about graphics card? I imagine that gets quite hot too.

My HDD seems healthy and the event viewer showing one of my drives has a bad block is from an external HDD in case one of you wondered.

Thanks for your help guys.
My System SpecsSystem Spec
20 May 2010   #7
Jonathan_King

Windows 7 Professional x64
 
 

The flame just means Speedfan is set to cool the GPU more than that. Since it's not actually controlling the fans, just ignore the icons.

Try this free video stress test: FurMark: Graphics Card Stability and Stress Test, OpenGL Benchmark and GPU Temperature | oZone3D.Net
Quote:
FurMark Setup:
- If you have more than one GPU, select Multi-GPU during setup
- In the Run mode box, select "Stability Test" and "Log GPU Temperature"
Click "Go" to start the test
- Run the test until the GPU temperature maxes out - or until you start having problems (whichever comes first).
- Click "Quit" to exit
Try this free stress test: Free Software - GIMPS
Quote:
Prime95 Setup:
- extract the contents of the zip file to a location of your choice
- double click on the executable file
- select "Just stress testing"
- select the "Blend" test. If you've already run MemTest overnight you may want to run the "Small FFTs" test instead.
- "Number of torture test threads to run" should equal the number of CPU's times 2 (if you're using hyperthreading).
The easiest way to figure this out is to go to Task Manager...Performance tab - and see the number of boxes under CPU Usage History
Then run the test for 6 to 24 hours - or until you get errors (whichever comes first).
The Test selection box and the stress.txt file describes what components that the program stresses.
My System SpecsSystem Spec
21 May 2010   #8
tezlewis

Windows 7 Ultimate 64-Bit
 
 

FAILURE_BUCKET_ID: X64_0x124_GenuineIntel_PROCESSOR_MAE_PRV

Normally refered to an overclocked CPU. If overclocking, stop and test after this.
My System SpecsSystem Spec
26 May 2010   #9
wsf7

W7 Ultimate x64
 
 

I have not updated this thread until now due to being out of town for a few days. I have left my system up for 48 plus hours now since the bios was updated and no system crash. Seems it has done the trick. Will update again by this weekend after some more final tests.
My System SpecsSystem Spec
01 Jun 2010   #10
wsf7

W7 Ultimate x64
 
 

No more crashes, problem solved. Bios update worked.
My System SpecsSystem Spec
Reply

 WHEA-Logger (W7 freezes/crashes) Hardware fault




Thread Tools




Similar help and support threads
Thread Forum
WHEA-Logger Event ID: 19 "A corrected hardware error has occurred"
I've just noticed frequent "A corrected hardware error has occurred" warnings in my event viewer dating back to October 16th of this year. As of now I haven't come across any performance issues or anything like that though. I'm getting 2 different errors, with different processor IDs (0 and 1)...
General Discussion
How do I investigate WHEA-Logger?
Found this just after turning on PC this morning. I tried searching on my own but was way over my head & a good share of results talked of BSOD but I've not had them. I'm wondering what, if any, special scan might reveal something? Thank you.
General Discussion
Help~ whea-logger event id 17
Hi guys, i am constantly having this warning almost every second in event viewer... (15700+ warning and counting) it started since 9/12 and i don't know what i did.. I never had any problem until i played need for speed: shift today for the first time and it just hard froze on me. so i checked...
BSOD Help and Support
whea-logger event 18
Yesterday I started to get freeze on my computer mainly while playing video game or doing things related to video hardware. I'm suspecting a graphic card failures here, however, I can still play some games and it will work well under severe conditions and sometimes the computer just freeze up,...
BSOD Help and Support
WHEA-Logger 20 and Bugcheck 1001
When I game (WoW, BF BC2, CoD MW2, L4D2, etc), my computer crashes. It could take 10min into it, or an hour. It doesn't give a BSOD, which is weird (because I have the setting set to not restart on system failure), but it goes black, or a screen with white lines horizontally. I watch my temps,...
BSOD Help and Support
WHEA-Logger and other stuff
Computer freeze... after freezing i need to restard with reset.
BSOD Help and Support


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 23:14.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App