Log Name: System
Source: Service Control Manager
Date: 3/19/2013 4:38:39 PM
Event ID: 7000
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: ChrisHammond-PC
Description:
The iPodDrv service failed to start due to the following error:
The system cannot find the file specified.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7000</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2013-03-19T20:38:39.144846800Z" />
<EventRecordID>109588</EventRecordID>
<Correlation />
<Execution ProcessID="672" ThreadID="676" />
<Channel>System</Channel>
<Computer>ChrisHammond-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">iPodDrv</Data>
<Data Name="param2">%%2</Data>
</EventData>
</Event>
Log Name: Security
Source: Microsoft-Windows-Eventlog
Date: 3/19/2013 4:38:38 PM
Event ID: 1101
Task Category: Event processing
Level: Error
Keywords: Audit Success
User: N/A
Computer: ChrisHammond-PC
Description:
Audit events have been dropped by the transport. 0
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Eventlog" Guid="{fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148}" />
<EventID>1101</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>101</Task>
<Opcode>0</Opcode>
<Keywords>0x4020000000000000</Keywords>
<TimeCreated SystemTime="2013-03-19T20:38:38.848446200Z" />
<EventRecordID>32805</EventRecordID>
<Correlation />
<Execution ProcessID="980" ThreadID="1292" />
<Channel>Security</Channel>
<Computer>ChrisHammond-PC</Computer>
<Security />
</System>
<UserData>
<AuditEventsDropped xmlns:auto-ns3="http://schemas.microsoft.com/win/2004/08/events" xmlns="http://manifests.microsoft.com/win/2004/08/windows/eventlog">
<Reason>0</Reason>
</AuditEventsDropped>
</UserData>
</Event>
^ those are all from 3/19/13
most of the ones from 3/16 to 3/18 are exactly the same but a few and they appear often and many.
Log Name: System
Source: Service Control Manager
Date: 3/18/2013 1:31:14 AM
Event ID: 7000
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: ChrisHammond-PC
Description:
The aswFsBlk service failed to start due to the following error:
The system cannot find the file specified.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7000</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2013-03-18T05:31:14.795253200Z" />
<EventRecordID>109530</EventRecordID>
<Correlation />
<Execution ProcessID="680" ThreadID="684" />
<Channel>System</Channel>
<Computer>ChrisHammond-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">aswFsBlk</Data>
<Data Name="param2">%%2</Data>
</EventData>
</Event>
Log Name: System
Source: Service Control Manager
Date: 3/18/2013 1:31:14 AM
Event ID: 7000
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: ChrisHammond-PC
Description:
The aswMonFlt service failed to start due to the following error:
The system cannot find the file specified.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7000</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2013-03-18T05:31:14.764053200Z" />
<EventRecordID>109528</EventRecordID>
<Correlation />
<Execution ProcessID="680" ThreadID="684" />
<Channel>System</Channel>
<Computer>ChrisHammond-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">aswMonFlt</Data>
<Data Name="param2">%%2</Data>
</EventData>
</Event>
Log Name: System
Source: Microsoft-Windows-Kernel-PnP
Date: 3/18/2013 1:31:14 AM
Event ID: 219
Task Category: (212)
Level: Warning
Keywords:
User: SYSTEM
Computer: ChrisHammond-PC
Description:
The driver \Driver\dtsoftbus01 failed to load for the device Root\SYSTEM\0002.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-PnP" Guid="{9C205A39-1250-487D-ABD7-E831C6290539}" />
<EventID>219</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>212</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2013-03-18T05:31:14.654853000Z" />
<EventRecordID>109525</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="44" />
<Channel>System</Channel>
<Computer>ChrisHammond-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="DriverNameLength">16</Data>
<Data Name="DriverName">Root\SYSTEM\0002</Data>
<Data Name="Status">3221226092</Data>
<Data Name="FailureNameLength">19</Data>
<Data Name="FailureName">\Driver\dtsoftbus01</Data>
<Data Name="Version">0</Data>
</EventData>
</Event>
^ twice ina row.
Log Name: System
Source: Microsoft-Windows-DistributedCOM
Date: 3/17/2013 10:02:28 PM
Event ID: 10005
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: ChrisHammond-PC
Description:
DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="49152">10005</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2013-03-18T02:02:28.000000000Z" />
<EventRecordID>109481</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>ChrisHammond-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">1084</Data>
<Data Name="param2">EventSystem</Data>
<Data Name="param3">
</Data>
<Data Name="param4">{1BE1F766-5536-11D1-B726-00C04FB926AF}</Data>
</EventData>
</Event>
Log Name: System
Source: Service Control Manager
Date: 3/17/2013 10:02:12 PM
Event ID: 7001
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: ChrisHammond-PC
Description:
The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:
A device attached to the system is not functioning.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7001</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2013-03-18T02:02:12.498019300Z" />
<EventRecordID>109466</EventRecordID>
<Correlation />
<Execution ProcessID="504" ThreadID="508" />
<Channel>System</Channel>
<Computer>ChrisHammond-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">DNS Client</Data>
<Data Name="param2">NetIO Legacy TDI Support Driver</Data>
<Data Name="param3">%%31</Data>
</EventData>
</Event>
Log Name: System
Source: Service Control Manager
Date: 3/17/2013 6:16:54 PM
Event ID: 7001
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: ChrisHammond-PC
Description:
The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
The dependency service or group failed to start.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7001</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2013-03-17T22:16:54.922485100Z" />
<EventRecordID>109145</EventRecordID>
<Correlation />
<Execution ProcessID="520" ThreadID="1192" />
<Channel>System</Channel>
<Computer>ChrisHammond-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">HomeGroup Provider</Data>
<Data Name="param2">Function Discovery Provider Host</Data>
<Data Name="param3">%%1068</Data>
</EventData>
</Event>
Log Name: System
Source: Service Control Manager
Date: 3/17/2013 12:48:30 PM
Event ID: 7043
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: ChrisHammond-PC
Description:
The Group Policy Client service did not shut down properly after receiving a preshutdown control.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7043</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2013-03-17T16:48:30.743523900Z" />
<EventRecordID>108204</EventRecordID>
<Correlation />
<Execution ProcessID="700" ThreadID="2720" />
<Channel>System</Channel>
<Computer>ChrisHammond-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">Group Policy Client</Data>
</EventData>
</Event>
Log Name: Microsoft-Windows-PrintService/Admin
Source: Microsoft-Windows-PrintService
Date: 3/17/2013 2:29:54 AM
Event ID: 509
Task Category: Routing print spooler command(s)
Level: Error
Keywords: Router,Classic Spooler Event
User: SYSTEM
Computer: ChrisHammond-PC
Description:
The print spooler cannot start because the PrinterBusEnumerator could not start. Error code 0xd. This can occur because of system instability or a lack of system resources.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-PrintService" Guid="{747EF6FD-E535-4D16-B510-42C90F6873A1}" />
<EventID>509</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>39</Task>
<Opcode>12</Opcode>
<Keywords>0x8000000000002800</Keywords>
<TimeCreated SystemTime="2013-03-17T06:29:54.641266000Z" />
<EventRecordID>31</EventRecordID>
<Correlation />
<Execution ProcessID="1420" ThreadID="1464" />
<Channel>Microsoft-Windows-PrintService/Admin</Channel>
<Computer>ChrisHammond-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<UserData>
<RouterError xmlns:auto-ns3="http://schemas.microsoft.com/win/2004/08/events" xmlns="http://manifests.microsoft.com/win/2005/08/windows/printing/spooler/core/events">
<Name>-</Name>
<Error>0xd</Error>
</RouterError>
</UserData>
</Event>
Log Name: Microsoft-Windows-Kernel-EventTracing/Admin
Source: Microsoft-Windows-Kernel-EventTracing
Date: 3/17/2013 1:40:25 AM
Event ID: 3
Task Category: Session
Level: Error
Keywords: Session
User: SYSTEM
Computer: ChrisHammond-PC
Description:
Session "ReadyBoot" stopped due to the following error: 0xC0000188
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-EventTracing" Guid="{B675EC37-BDB6-4648-BC92-F3FDC74D3CA2}" />
<EventID>3</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>2</Task>
<Opcode>14</Opcode>
<Keywords>0x8000000000000010</Keywords>
<TimeCreated SystemTime="2013-03-17T05:40:25.706770800Z" />
<EventRecordID>97</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="196" />
<Channel>Microsoft-Windows-Kernel-EventTracing/Admin</Channel>
<Computer>ChrisHammond-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="SessionName">ReadyBoot</Data>
<Data Name="FileName">C:\Windows\system32\Logfiles\WMI\ReadyBoot.etl</Data>
<Data Name="ErrorCode">3221225864</Data>
<Data Name="LoggingMode">0</Data>
</EventData>
</Event>
Log Name: System
Source: Microsoft-Windows-DNS-Client
Date: 3/17/2013 12:45:19 AM
Event ID: 1014
Task Category: None
Level: Warning
Keywords:
User: NETWORK SERVICE
Computer: ChrisHammond-PC
Description:
Name resolution for the name inferno.demonoid.me timed out after none of the configured DNS servers responded.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DNS-Client" Guid="{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}" />
<EventID>1014</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2013-03-17T04:45:19.730534800Z" />
<EventRecordID>107447</EventRecordID>
<Correlation />
<Execution ProcessID="988" ThreadID="1844" />
<Channel>System</Channel>
<Computer>ChrisHammond-PC</Computer>
<Security UserID="S-1-5-20" />
</System>
<EventData>
<Data Name="QueryName">inferno.demonoid.me</Data>
<Data Name="AddressLength">16</Data>
<Data Name="Address">02000035C0A802010000000000000000</Data>
</EventData>
</Event>
Log Name: System
Source: Service Control Manager
Date: 3/16/2013 10:58:23 PM
Event ID: 7000
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: ChrisHammond-PC
Description:
The Google Update Service (gupdate) service failed to start due to the following error:
The system cannot find the path specified.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7000</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2013-03-17T02:58:23.729501400Z" />
<EventRecordID>106689</EventRecordID>
<Correlation />
<Execution ProcessID="732" ThreadID="876" />
<Channel>System</Channel>
<Computer>ChrisHammond-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">Google Update Service (gupdate)</Data>
<Data Name="param2">%%3</Data>
</EventData>
</Event>
Log Name: Application
Source: Application Virtualization Client
Date: 3/16/2013 10:57:03 PM
Event ID: 3211
Task Category: (11)
Level: Warning
Keywords: Classic
User: N/A
Computer: CHRISHAMMOND-PC
Description:
{tid=71C}
Attempting Transport Connection URL:
http://c2r.microsoft.com/ConsumerC2R/en-us/14.0.4763.1000/ConsumerC2R.en-us_14.0.6131.5001.sft Error: 12B0310A-00000124
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Application Virtualization Client" />
<EventID Qualifiers="16384">3211</EventID>
<Level>3</Level>
<Task>11</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2013-03-17T02:57:03.000000000Z" />
<EventRecordID>21604</EventRecordID>
<Channel>Application</Channel>
<Computer>CHRISHAMMOND-PC</Computer>
<Security />
</System>
<EventData>
<Data>{tid=71C}
</Data>
<Data>http://c2r.microsoft.com/ConsumerC2R/en-us/14.0.4763.1000/ConsumerC2R.en-us_14.0.6131.5001.sft</Data>
<Data>12B0310A-00000124</Data>
</EventData>
</Event>
Log Name: Application
Source: CVHSVC
Date: 3/16/2013 10:57:03 PM
Event ID: 100
Task Category: Client Virtualization Handler
Level: Warning
Keywords: Classic
User: N/A
Computer: ChrisHammond-PC
Description:
Information only. Error: failed to launch Type: 96::SoftGridApplicationFailure. Stopping task (Stream product id=0x0066) because of fatal error.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="CVHSVC" />
<EventID Qualifiers="16384">100</EventID>
<Level>3</Level>
<Task>1</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2013-03-17T02:57:03.000000000Z" />
<EventRecordID>21606</EventRecordID>
<Channel>Application</Channel>
<Computer>ChrisHammond-PC</Computer>
<Security />
</System>
<EventData>
<Data>Error: failed to launch Type: 96::SoftGridApplicationFailure. Stopping task (Stream product id=0x0066) because of fatal error.</Data>
</EventData>
</Event>
Log Name: System
Source: Service Control Manager
Date: 3/16/2013 10:56:33 PM
Event ID: 7024
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: ChrisHammond-PC
Description:
The Windows Search service terminated with service-specific error %%-2147218173.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7024</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2013-03-17T02:56:33.550511500Z" />
<EventRecordID>106677</EventRecordID>
<Correlation />
<Execution ProcessID="732" ThreadID="2080" />
<Channel>System</Channel>
<Computer>ChrisHammond-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">Windows Search</Data>
<Data Name="param2">%%-2147218173</Data>
</EventData>
</Event>
Log Name: System
Source: Service Control Manager
Date: 3/16/2013 10:56:33 PM
Event ID: 7031
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: ChrisHammond-PC
Description:
The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7031</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2013-03-17T02:56:33.550511500Z" />
<EventRecordID>106678</EventRecordID>
<Correlation />
<Execution ProcessID="732" ThreadID="4424" />
<Channel>System</Channel>
<Computer>ChrisHammond-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">Windows Search</Data>
<Data Name="param2">1</Data>
<Data Name="param3">30000</Data>
<Data Name="param4">1</Data>
<Data Name="param5">Restart the service</Data>
</EventData>
</Event>
Log Name: Application
Source: Microsoft-Windows-Search
Date: 3/16/2013 10:56:33 PM
Event ID: 7010
Task Category: Gatherer
Level: Error
Keywords: Classic
User: N/A
Computer: ChrisHammond-PC
Description:
The index cannot be initialized.
Details:
The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index. (HRESULT : 0x80040d03) (0x80040d03)
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Search" Guid="{CA4E628D-8567-4896-AB6B-835B221F373F}" EventSourceName="Windows Search Service" />
<EventID Qualifiers="49152">7010</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>3</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2013-03-17T02:56:33.000000000Z" />
<EventRecordID>21600</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>ChrisHammond-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="ExtraInfo">
Details:
The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index. (HRESULT : 0x80040d03) (0x80040d03)
</Data>
</EventData>
</Event>
Log Name: Application
Source: Microsoft-Windows-Search
Date: 3/16/2013 10:56:30 PM
Event ID: 7040
Task Category: Gatherer
Level: Error
Keywords: Classic
User: N/A
Computer: ChrisHammond-PC
Description:
The search service has detected corrupted data files in the index {id=431}. The service will attempt to automatically correct this problem by rebuilding the index.
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Search" Guid="{CA4E628D-8567-4896-AB6B-835B221F373F}" EventSourceName="Windows Search Service" />
<EventID Qualifiers="49152">7040</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>3</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2013-03-17T02:56:30.000000000Z" />
<EventRecordID>21592</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>ChrisHammond-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="ExtraInfo">
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
</Data>
<Data Name="CorruptionId">431</Data>
</EventData>
</Event>
Log Name: Application
Source: LMS
Date: 3/16/2013 10:56:17 PM
Event ID: 1
Task Category: None
Level: Warning
Keywords: Classic
User: SYSTEM
Computer: CHRISHAMMOND-PC
Description:
LMS Service cannot connect to Intel(R) MEI driver
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="LMS" />
<EventID Qualifiers="32768">1</EventID>
<Level>3</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2013-03-17T02:56:17.000000000Z" />
<EventRecordID>21577</EventRecordID>
<Channel>Application</Channel>
<Computer>CHRISHAMMOND-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data>LMS Service cannot connect to Intel(R) MEI driver</Data>
</EventData>
</Event>
Log Name: System
Source: Microsoft-Windows-Kernel-PnP
Date: 3/16/2013 7:46:08 PM
Event ID: 219
Task Category: (212)
Level: Warning
Keywords:
User: SYSTEM
Computer: ChrisHammond-PC
Description:
The driver \Driver\sxuptp failed to load for the device Root\SYSTEM\0001.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-PnP" Guid="{9C205A39-1250-487D-ABD7-E831C6290539}" />
<EventID>219</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>212</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2013-03-16T23:46:08.955214900Z" />
<EventRecordID>106005</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="52" />
<Channel>System</Channel>
<Computer>ChrisHammond-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="DriverNameLength">16</Data>
<Data Name="DriverName">Root\SYSTEM\0001</Data>
<Data Name="Status">3221226341</Data>
<Data Name="FailureNameLength">14</Data>
<Data Name="FailureName">\Driver\sxuptp</Data>
<Data Name="Version">0</Data>
</EventData>
</Event>
Log Name: System
Source: Service Control Manager
Date: 3/16/2013 7:44:59 PM
Event ID: 7024
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: ChrisHammond-PC
Description:
The Background Intelligent Transfer Service service terminated with service-specific error %%-2147023781.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7024</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2013-03-16T23:44:59.656087000Z" />
<EventRecordID>105992</EventRecordID>
<Correlation />
<Execution ProcessID="736" ThreadID="840" />
<Channel>System</Channel>
<Computer>ChrisHammond-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">Background Intelligent Transfer Service</Data>
<Data Name="param2">%%-2147023781</Data>
</EventData>
</Event>
Log Name: System
Source: Service Control Manager
Date: 3/16/2013 7:44:59 PM
Event ID: 7038
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: ChrisHammond-PC
Description:
The SSDPSRV service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:
The request is not supported.
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7038</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2013-03-16T23:44:59.640487000Z" />
<EventRecordID>105987</EventRecordID>
<Correlation />
<Execution ProcessID="736" ThreadID="840" />
<Channel>System</Channel>
<Computer>ChrisHammond-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">SSDPSRV</Data>
<Data Name="param2">NT AUTHORITY\LocalService</Data>
<Data Name="param3">%%50</Data>
</EventData>
</Event>
Log Name: Application
Source: VSS
Date: 3/16/2013 7:44:59 PM
Event ID: 8230
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: ChrisHammond-PC
Description:
Volume Shadow Copy Service error: Failed resolving account SYSTEM with status 2226. Check connection to domain controller and VssAccessControl registry key.
Operation:
Initializing Writer
Context:
Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Writer Name: WMI Writer
Error-specific details:
Error: NetLocalGroupGetMemebers(SYSTEM), 0x800708b2, This operation is only allowed on the primary domain controller of the domain.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="VSS" />
<EventID Qualifiers="0">8230</EventID>
<Level>3</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2013-03-16T23:44:59.000000000Z" />
<EventRecordID>21438</EventRecordID>
<Channel>Application</Channel>
<Computer>ChrisHammond-PC</Computer>
<Security />
</System>
<EventData>
<Data>SYSTEM</Data>
<Data>2226</Data>
<Data>
Operation:
Initializing Writer
Context:
Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Writer Name: WMI Writer
Error-specific details:
Error: NetLocalGroupGetMemebers(SYSTEM), 0x800708b2, This operation is only allowed on the primary domain controller of the domain.
</Data>
<Binary>2D20436F64653A20534543534543524330303030313937322D2043616C6C3A20534543534543524330303030313735362D205049443A202030303030313034382D205449443A202030303030313037362D20434D443A2020433A5C57696E646F77735C73797374656D33325C737663686F73742E657865202D6B206E6574737663732020202020202D20557365723A204E616D653A204E5420415554484F524954595C53595354454D2C205349443A532D312D352D313820</Binary>
</EventData>
</Event>
Log Name: System
Source: Microsoft-Windows-Kernel-PnP
Date: 3/16/2013 2:00:36 PM
Event ID: 219
Task Category: (212)
Level: Warning
Keywords:
User: SYSTEM
Computer: ChrisHammond-PC
Description:
The driver \Driver\sxuptp failed to load for the device Root\SYSTEM\0001.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-PnP" Guid="{9C205A39-1250-487D-ABD7-E831C6290539}" />
<EventID>219</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>212</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2013-03-16T18:00:36.228024100Z" />
<EventRecordID>105729</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="60" />
<Channel>System</Channel>
<Computer>ChrisHammond-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="DriverNameLength">16</Data>
<Data Name="DriverName">Root\SYSTEM\0001</Data>
<Data Name="Status">3221226341</Data>
<Data Name="FailureNameLength">14</Data>
<Data Name="FailureName">\Driver\sxuptp</Data>
<Data Name="Version">0</Data>
</EventData>
</Event>
Log Name: System
Source: Microsoft-Windows-WER-SystemErrorReporting
Date: 3/16/2013 1:32:27 AM
Event ID: 1001
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: CHRISHAMMOND-PC
Description:
The computer has rebooted from a bugcheck. The bugcheck was: 0x000000fe (0x0000000000000008, 0x0000000000000006, 0x0000000000000005, 0xfffffa800f463b20). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031613-26582-01.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WER-SystemErrorReporting" Guid="{ABCE23E7-DE45-4366-8631-84FA6C525952}" EventSourceName="BugCheck" />
<EventID Qualifiers="16384">1001</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2013-03-16T05:32:27.000000000Z" />
<EventRecordID>105383</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>CHRISHAMMOND-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">0x000000fe (0x0000000000000008, 0x0000000000000006, 0x0000000000000005, 0xfffffa800f463b20)</Data>
<Data Name="param2">C:\Windows\MEMORY.DMP</Data>
<Data Name="param3">031613-26582-01</Data>
</EventData>
</Event>
^the initial BSOD
Log Name: Application
Source: VSS
Date: 3/16/2013 12:00:00 AM
Event ID: 12348
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: ChrisHammond-PC
Description:
Volume Shadow Copy Service warning: VSS was denied access to the root of volume \\?\Volume{fed03ff7-6284-11e0-b02d-74f06dbbf5bb}\. Denying administrators from accessing volume roots can cause many unexpected failures, and will prevent VSS from functioning properly. Check security on the volume, and try the operation again.
Operation:
Removing auto-release shadow copies
Loading provider
Context:
Execution Context: System Provider
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="VSS" />
<EventID Qualifiers="0">12348</EventID>
<Level>3</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2013-03-16T04:00:00.000000000Z" />
<EventRecordID>21314</EventRecordID>
<Channel>Application</Channel>
<Computer>ChrisHammond-PC</Computer>
<Security />
</System>
<EventData>
<Data>\\?\Volume{fed03ff7-6284-11e0-b02d-74f06dbbf5bb}\</Data>
<Data>
Operation:
Removing auto-release shadow copies
Loading provider
Context:
Execution Context: System Provider</Data>
<Binary>2D20436F64653A2053505250524F564330303030323333312D2043616C6C3A2053505250524F564330303030323237332D205049443A202030303030323536382D205449443A202030303030373032382D20434D443A2020433A5C57696E646F77735C53797374656D33325C737663686F73742E657865202D6B2073777072762D20557365723A204E616D653A204E5420415554484F524954595C53595354454D2C205349443A532D312D352D313820</Binary>
</EventData>
</Event>
^the night of as well.
Log Name: System
Source: ACPI
Date: 3/7/2013 12:53:31 AM
Event ID: 10
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: ChrisHammond-PC
Description:
ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x4), Please contact your system vendor for technical assistance.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="ACPI" />
<EventID Qualifiers="49157">10</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2013-03-07T05:53:31.510000000Z" />
<EventRecordID>104636</EventRecordID>
<Channel>System</Channel>
<Computer>ChrisHammond-PC</Computer>
<Security />
</System>
<EventData>
<Data>
</Data>
<Data>ACPI</Data>
<Data>0x4</Data>
<Binary>0000000003003000000000000A0005C0000000000000000000000000000000000000000000000000</Binary>
</EventData>
</Event>