IC-WIN7

Printable View

Show 40 post(s) from this thread on one page

May 15th, 2014, 06:09 PM
fred scuttle

Log Name: Application
Source: Application Hang
Date: 15/05/2014 20:50:17
Event ID: 1002
Task Category: (101)
Level: Error
Keywords: Classic
User: N/A
Computer: Christine-PC
Description:
The program iexplore.exe version 11.0.9600.17041 stopped interacting with Windows and was closed.
To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: f50
Start Time: 01cf7076368fa705
Termination Time: 16
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
Report Id: dcd03ecf-dc69-11e3-8789-90a4dea5529a

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Application Hang" />
<EventID Qualifiers="0">1002</EventID>
<Level>2</Level>
<Task>101</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-05-15T19:50:17.000000000Z" />
<EventRecordID>28699</EventRecordID>
<Channel>Application</Channel>
<Computer>Christine-PC</Computer>
<Security />
</System>
<EventData>
<Data>iexplore.exe</Data>
<Data>11.0.9600.17041</Data>
<Data>f50</Data>
<Data>01cf7076368fa705</Data>
<Data>16</Data>
<Data>C:\Program Files\Internet Explorer\iexplore.exe</Data>
<Data>dcd03ecf-dc69-11e3-8789-90a4dea5529a</Data>
<Binary>430072006F00730073002D00700072006F00630065007300730000000000</Binary>
</EventData>
</Event>
May 15th, 2014, 06:09 PM
fred scuttle

Log Name: Application
Source: VSS
Date: 15/05/2014 20:50:16
Event ID: 8194
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Christine-PC
Description:
Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
. This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {b54191e4-6ee0-4dce-8c7a-80736a3fe72e}
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="VSS" />
<EventID Qualifiers="0">8194</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-05-15T19:50:16.000000000Z" />
<EventRecordID>28696</EventRecordID>
<Channel>Application</Channel>
<Computer>Christine-PC</Computer>
<Security />
</System>
<EventData>
<Data>0x80070005, Access is denied.
</Data>
<Data>

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {b54191e4-6ee0-4dce-8c7a-80736a3fe72e}</Data>
<Binary>2D20436F64653A20575254575254494330303030313236302D2043616C6C3A20575254575254494330303030313231342D205049443A202030303030313134382D205449
443A202030303030323232382D20434D443A2020433A5C77696E646F77735C73797374656D33325C737663686F73742E657865202D6B204E6574776F726B5365727669636520202
0202020202D20557365723A204E616D653A204E5420415554484F524954595C4E4554574F524B20534552564943452C205349443A532D312D352D3230</Binary>
</EventData>
</Event>
May 15th, 2014, 06:10 PM
fred scuttle

Log Name: Application
Source: Microsoft-Windows-WMI
Date: 15/05/2014 20:46:35
Event ID: 10
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Christine-PC
Description:
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WMI" Guid="{1edeee53-0afe-4609-b846-d8c0b2075b1f}" EventSourceName="WinMgmt" />
<EventID Qualifiers="49152">10</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-05-15T19:46:35.000000000Z" />
<EventRecordID>28692</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>Christine-PC</Computer>
<Security />
</System>
<EventData>
<Data>//./root/CIMV2</Data>
<Data>SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99</Data>
<Data>0x80041003</Data>
</EventData>
</Event>
May 15th, 2014, 06:11 PM
fred scuttle

Log Name: Application
Source: VSS
Date: 15/05/2014 20:18:01
Event ID: 8194
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Christine-PC
Description:
Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
. This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {08f53dbc-dad4-483f-ad2a-145e3a18f82d}
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="VSS" />
<EventID Qualifiers="0">8194</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-05-15T19:18:01.000000000Z" />
<EventRecordID>28657</EventRecordID>
<Channel>Application</Channel>
<Computer>Christine-PC</Computer>
<Security />
</System>
<EventData>
<Data>0x80070005, Access is denied.
</Data>
<Data>

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {08f53dbc-dad4-483f-ad2a-145e3a18f82d}</Data>
<Binary>2D20436F64653A20575254575254494330303030313236302D2043616C6C3A20575254575254494330303030313231342D205049443A202030303030313132342D205449443A
202030303030353631322D20434D443A2020433A5C77696E646F77735C73797374656D33325C737663686F73742E657865202D6B204E6574776F726B53657276696365202020202020202D
20557365723A204E616D653A204E5420415554484F524954595C4E4554574F524B20534552564943452C205349443A532D312D352D3230</Binary>
</EventData>
</Event>
May 15th, 2014, 06:12 PM
fred scuttle

Log Name: Application
Source: Microsoft-Windows-WMI
Date: 15/05/2014 20:14:37
Event ID: 10
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Christine-PC
Description:
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WMI" Guid="{1edeee53-0afe-4609-b846-d8c0b2075b1f}" EventSourceName="WinMgmt" />
<EventID Qualifiers="49152">10</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-05-15T19:14:37.000000000Z" />
<EventRecordID>28653</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>Christine-PC</Computer>
<Security />
</System>
<EventData>
<Data>//./root/CIMV2</Data>
<Data>SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99</Data>
<Data>0x80041003</Data>
</EventData>
</Event>
May 15th, 2014, 06:13 PM
fred scuttle

Log Name: Application
Source: VSS
Date: 15/05/2014 12:07:52
Event ID: 8194
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Christine-PC
Description:
Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
. This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {36c2efb1-2915-4809-b976-d2878a930e72}
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="VSS" />
<EventID Qualifiers="0">8194</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-05-15T11:07:52.000000000Z" />
<EventRecordID>28618</EventRecordID>
<Channel>Application</Channel>
<Computer>Christine-PC</Computer>
<Security />
</System>
<EventData>
<Data>0x80070005, Access is denied.
</Data>
<Data>

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {36c2efb1-2915-4809-b976-d2878a930e72}</Data>
<Binary>2D20436F64653A20575254575254494330303030313236302D2043616C6C3A20575254575254494330303030313231342D205049443A202030303030313138342D205449443A
202030303030323534302D20434D443A2020433A5C77696E646F77735C73797374656D33325C737663686F73742E657865202D6B204E6574776F726B53657276696365202020202020202D
20557365723A204E616D653A204E5420415554484F524954595C4E4554574F524B20534552564943452C205349443A532D312D352D3230</Binary>
</EventData>
</Event>
May 15th, 2014, 06:14 PM
fred scuttle

Log Name: Application
Source: Microsoft-Windows-WMI
Date: 15/05/2014 12:04:26
Event ID: 10
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Christine-PC
Description:
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WMI" Guid="{1edeee53-0afe-4609-b846-d8c0b2075b1f}" EventSourceName="WinMgmt" />
<EventID Qualifiers="49152">10</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-05-15T11:04:26.000000000Z" />
<EventRecordID>28614</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>Christine-PC</Computer>
<Security />
</System>
<EventData>
<Data>//./root/CIMV2</Data>
<Data>SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99</Data>
<Data>0x80041003</Data>
</EventData>
</Event>
May 15th, 2014, 06:19 PM
fred scuttle

Log Name: Application
Source: VSS
Date: 14/05/2014 13:34:48
Event ID: 8194
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Christine-PC
Description:
Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
. This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {014fb881-db3d-4f95-bb80-ff4cbe046e16}
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="VSS" />
<EventID Qualifiers="0">8194</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-05-14T12:34:48.000000000Z" />
<EventRecordID>28571</EventRecordID>
<Channel>Application</Channel>
<Computer>Christine-PC</Computer>
<Security />
</System>
<EventData>
<Data>0x80070005, Access is denied.
</Data>
<Data>

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {014fb881-db3d-4f95-bb80-ff4cbe046e16}</Data>
<Binary>2D20436F64653A20575254575254494330303030313236302D2043616C6C3A20575254575254494330303030313231342D205049443A202030303030313133322D205449443A
202030303030333436302D20434D443A2020433A5C77696E646F77735C73797374656D33325C737663686F73742E657865202D6B204E6574776F726B53657276696365202020202020202D
20557365723A204E616D653A204E5420415554484F524954595C4E4554574F524B20534552564943452C205349443A532D312D352D3230</Binary>
</EventData>
</Event>
May 15th, 2014, 06:20 PM
fred scuttle

Log Name: Application
Source: Microsoft-Windows-WMI
Date: 14/05/2014 13:31:19
Event ID: 10
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Christine-PC
Description:
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WMI" Guid="{1edeee53-0afe-4609-b846-d8c0b2075b1f}" EventSourceName="WinMgmt" />
<EventID Qualifiers="49152">10</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-05-14T12:31:19.000000000Z" />
<EventRecordID>28567</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>Christine-PC</Computer>
<Security />
</System>
<EventData>
<Data>//./root/CIMV2</Data>
<Data>SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99</Data>
<Data>0x80041003</Data>
</EventData>
</Event>
May 15th, 2014, 06:20 PM
fred scuttle

Log Name: Application
Source: Microsoft-Windows-User Profiles Service
Date: 14/05/2014 03:33:42
Event ID: 1530
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: Christine-PC
Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
15 user registry handles leaked from \Registry\User\S-1-5-21-1867582200-139094598-4032816429-1001:
Process 6076 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1867582200-139094598-4032816429-1001
Process 6076 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1867582200-139094598-4032816429-1001
Process 6076 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1867582200-139094598-4032816429-1001
Process 6076 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1867582200-139094598-4032816429-1001
Process 6076 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1867582200-139094598-4032816429-1001\Software\Microsoft\SystemCertificates\My
Process 6076 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1867582200-139094598-4032816429-1001\Software\Microsoft\SystemCertificates\CA
Process 6076 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1867582200-139094598-4032816429-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 6076 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1867582200-139094598-4032816429-1001\Software\Policies\Microsoft\SystemCertificates
Process 6076 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1867582200-139094598-4032816429-1001\Software\Policies\Microsoft\SystemCertificates
Process 6076 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1867582200-139094598-4032816429-1001\Software\Policies\Microsoft\SystemCertificates
Process 6076 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1867582200-139094598-4032816429-1001\Software\Policies\Microsoft\SystemCertificates
Process 6076 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1867582200-139094598-4032816429-1001\Software\Microsoft\SystemCertificates\Root
Process 6076 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1867582200-139094598-4032816429-1001\Software\Microsoft\SystemCertificates\Disallowed
Process 6076 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1867582200-139094598-4032816429-1001\Software\Microsoft\SystemCertificates\TrustedPeople
Process 6076 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1867582200-139094598-4032816429-1001\Software\Microsoft\SystemCertificates\trust

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" />
<EventID>1530</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2014-05-14T02:33:42.964806100Z" />
<EventRecordID>28546</EventRecordID>
<Correlation ActivityID="{03912C58-F800-0003-E4DA-E35A1B6FCF01}" />
<Execution ProcessID="596" ThreadID="4740" />
<Channel>Application</Channel>
<Computer>Christine-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="EVENT_HIVE_LEAK">
<Data Name="Detail">15 user registry handles leaked from \Registry\User\S-1-5-21-1867582200-139094598-4032816429-1001:
Process 6076 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1867582200-139094598-4032816429-1001
Process 6076 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1867582200-139094598-4032816429-1001
Process 6076 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1867582200-139094598-4032816429-1001
Process 6076 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1867582200-139094598-4032816429-1001
Process 6076 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1867582200-139094598-4032816429-1001\Software\Microsoft\SystemCertificates\My
Process 6076 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1867582200-139094598-4032816429-1001\Software\Microsoft\SystemCertificates\CA
Process 6076 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1867582200-139094598-4032816429-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 6076 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1867582200-139094598-4032816429-1001\Software\Policies\Microsoft\SystemCertificates
Process 6076 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1867582200-139094598-4032816429-1001\Software\Policies\Microsoft\SystemCertificates
Process 6076 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1867582200-139094598-4032816429-1001\Software\Policies\Microsoft\SystemCertificates
Process 6076 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1867582200-139094598-4032816429-1001\Software\Policies\Microsoft\SystemCertificates
Process 6076 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1867582200-139094598-4032816429-1001\Software\Microsoft\SystemCertificates\Root
Process 6076 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1867582200-139094598-4032816429-1001\Software\Microsoft\SystemCertificates\Disallowed
Process 6076 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1867582200-139094598-4032816429-1001\Software\Microsoft\SystemCertificates\TrustedPeople
Process 6076 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1867582200-139094598-4032816429-1001\Software\Microsoft\SystemCertificates\trust
</Data>
</EventData>
</Event>
May 15th, 2014, 06:21 PM
fred scuttle

Log Name: Application
Source: VSS
Date: 14/05/2014 03:27:42
Event ID: 8194
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Christine-PC
Description:
Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
. This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {ee9e4dda-78f5-48a4-b089-996622ce4a61}
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="VSS" />
<EventID Qualifiers="0">8194</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-05-14T02:27:42.000000000Z" />
<EventRecordID>28533</EventRecordID>
<Channel>Application</Channel>
<Computer>Christine-PC</Computer>
<Security />
</System>
<EventData>
<Data>0x80070005, Access is denied.
</Data>
<Data>

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {ee9e4dda-78f5-48a4-b089-996622ce4a61}</Data>
<Binary>2D20436F64653A20575254575254494330303030313236302D2043616C6C3A20575254575254494330303030313231342D205049443A202030303030313132382D205449443A
202030303030323233322D20434D443A2020433A5C77696E646F77735C73797374656D33325C737663686F73742E657865202D6B204E6574776F726B53657276696365202020202020202D
20557365723A204E616D653A204E5420415554484F524954595C4E4554574F524B20534552564943452C205349443A532D312D352D3230</Binary>
</EventData>
</Event>
May 15th, 2014, 06:22 PM
fred scuttle

Log Name: Application
Source: Microsoft-Windows-WMI
Date: 14/05/2014 03:24:29
Event ID: 10
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Christine-PC
Description:
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WMI" Guid="{1edeee53-0afe-4609-b846-d8c0b2075b1f}" EventSourceName="WinMgmt" />
<EventID Qualifiers="49152">10</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-05-14T02:24:29.000000000Z" />
<EventRecordID>28529</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>Christine-PC</Computer>
<Security />
</System>
<EventData>
<Data>//./root/CIMV2</Data>
<Data>SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99</Data>
<Data>0x80041003</Data>
</EventData>
</Event>
May 15th, 2014, 06:23 PM
fred scuttle

Log Name: Application
Source: VSS
Date: 14/05/2014 02:53:57
Event ID: 8194
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Christine-PC
Description:
Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
. This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {dca656ca-2126-4d1d-8e72-b490fe4c02df}
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="VSS" />
<EventID Qualifiers="0">8194</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-05-14T01:53:57.000000000Z" />
<EventRecordID>28492</EventRecordID>
<Channel>Application</Channel>
<Computer>Christine-PC</Computer>
<Security />
</System>
<EventData>
<Data>0x80070005, Access is denied.
</Data>
<Data>

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {dca656ca-2126-4d1d-8e72-b490fe4c02df}</Data>
<Binary>2D20436F64653A20575254575254494330303030313236302D2043616C6C3A20575254575254494330303030313231342D205049443A202030303030313135322D205449443A
202030303030323234342D20434D443A2020433A5C77696E646F77735C73797374656D33325C737663686F73742E657865202D6B204E6574776F726B53657276696365202020202020202D
20557365723A204E616D653A204E5420415554484F524954595C4E4554574F524B20534552564943452C205349443A532D312D352D3230</Binary>
</EventData>
</Event>
May 15th, 2014, 06:28 PM
fred scuttle

Log Name: Application
Source: Microsoft-Windows-WMI
Date: 14/05/2014 02:50:13
Event ID: 10
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Christine-PC
Description:
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WMI" Guid="{1edeee53-0afe-4609-b846-d8c0b2075b1f}" EventSourceName="WinMgmt" />
<EventID Qualifiers="49152">10</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-05-14T01:50:13.000000000Z" />
<EventRecordID>28488</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>Christine-PC</Computer>
<Security />
</System>
<EventData>
<Data>//./root/CIMV2</Data>
<Data>SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99</Data>
<Data>0x80041003</Data>
</EventData>
</Event>
May 15th, 2014, 06:29 PM
fred scuttle

Log Name: Application
Source: VSS
Date: 14/05/2014 02:00:58
Event ID: 8194
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Christine-PC
Description:
Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
. This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {317ee5d7-635d-4b98-a433-7a7ec07312ed}
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="VSS" />
<EventID Qualifiers="0">8194</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-05-14T01:00:58.000000000Z" />
<EventRecordID>28456</EventRecordID>
<Channel>Application</Channel>
<Computer>Christine-PC</Computer>
<Security />
</System>
<EventData>
<Data>0x80070005, Access is denied.
</Data>
<Data>

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {317ee5d7-635d-4b98-a433-7a7ec07312ed}</Data>
<Binary>2D20436F64653A20575254575254494330303030313236302D2043616C6C3A20575254575254494330303030313231342D205049443A202030303030313132342D
205449443A202030303030313134342D20434D443A2020433A5C77696E646F77735C73797374656D33325C737663686F73742E657865202D6B204E6574776F726B536572766
96365202020202020202D20557365723A204E616D653A204E5420415554484F524954595C4E4554574F524B20534552564943452C205349443A532D312D352D3230</Binary>
</EventData>
</Event>

Show 40 post(s) from this thread on one page