-
Log Name: Application
Source: Microsoft-Windows-WMI
Date: 14/05/2014 01:57:33
Event ID: 10
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Christine-PC
Description:
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WMI" Guid="{1edeee53-0afe-4609-b846-d8c0b2075b1f}" EventSourceName="WinMgmt" />
<EventID Qualifiers="49152">10</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-05-14T00:57:33.000000000Z" />
<EventRecordID>28452</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>Christine-PC</Computer>
<Security />
</System>
<EventData>
<Data>//./root/CIMV2</Data>
<Data>SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99</Data>
<Data>0x80041003</Data>
</EventData>
</Event>
-
Log Name: Application
Source: Microsoft-Windows-WMI
Date: 14/05/2014 01:52:27
Event ID: 10
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Christine-PC
Description:
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WMI" Guid="{1edeee53-0afe-4609-b846-d8c0b2075b1f}" EventSourceName="WinMgmt" />
<EventID Qualifiers="49152">10</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-05-14T00:52:27.000000000Z" />
<EventRecordID>28428</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>Christine-PC</Computer>
<Security />
</System>
<EventData>
<Data>//./root/CIMV2</Data>
<Data>SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99</Data>
<Data>0x80041003</Data>
</EventData>
</Event>
-
Log Name: Application
Source: VSS
Date: 14/05/2014 00:44:17
Event ID: 8194
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Christine-PC
Description:
Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
. This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {4e8ebb9c-75f9-4533-a8bc-98465aa48187}
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="VSS" />
<EventID Qualifiers="0">8194</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-05-13T23:44:17.000000000Z" />
<EventRecordID>28393</EventRecordID>
<Channel>Application</Channel>
<Computer>Christine-PC</Computer>
<Security />
</System>
<EventData>
<Data>0x80070005, Access is denied.
</Data>
<Data>
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {4e8ebb9c-75f9-4533-a8bc-98465aa48187}</Data>
<Binary>2D20436F64653A20575254575254494330303030313236302D2043616C6C3A20575254575254494330303030313231342D205049443A202030303030313133322D205449443A
202030303030313134342D20434D443A2020433A5C77696E646F77735C73797374656D33325C737663686F73742E657865202D6B204E6574776F726B53657276696365202020202020202D
20557365723A204E616D653A204E5420415554484F524954595C4E4554574F524B20534552564943452C205349443A532D312D352D3230</Binary>
</EventData>
</Event>
-
Log Name: Application
Source: Microsoft-Windows-WMI
Date: 14/05/2014 00:40:09
Event ID: 10
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Christine-PC
Description:
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WMI" Guid="{1edeee53-0afe-4609-b846-d8c0b2075b1f}" EventSourceName="WinMgmt" />
<EventID Qualifiers="49152">10</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-05-13T23:40:09.000000000Z" />
<EventRecordID>28389</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>Christine-PC</Computer>
<Security />
</System>
<EventData>
<Data>//./root/CIMV2</Data>
<Data>SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99</Data>
<Data>0x80041003</Data>
</EventData>
</Event>
-
Log Name: Application
Source: VSS
Date: 14/05/2014 00:00:59
Event ID: 8194
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Christine-PC
Description:
Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
. This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {7c4e5a9d-3b9e-42b3-a2c4-fdb4d69676c0}
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="VSS" />
<EventID Qualifiers="0">8194</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-05-13T23:00:59.000000000Z" />
<EventRecordID>28354</EventRecordID>
<Channel>Application</Channel>
<Computer>Christine-PC</Computer>
<Security />
</System>
<EventData>
<Data>0x80070005, Access is denied.
</Data>
<Data>
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {7c4e5a9d-3b9e-42b3-a2c4-fdb4d69676c0}</Data>
<Binary>2D20436F64653A20575254575254494330303030313236302D2043616C6C3A20575254575254494330303030313231342D205049443A202030303030313130342D205449443A
202030303030333136342D20434D443A2020433A5C77696E646F77735C73797374656D33325C737663686F73742E657865202D6B204E6574776F726B53657276696365202020202020202D
20557365723A204E616D653A204E5420415554484F524954595C4E4554574F524B20534552564943452C205349443A532D312D352D3230</Binary>
</EventData>
</Event>
-
Log Name: Application
Source: Microsoft-Windows-WMI
Date: 13/05/2014 23:55:53
Event ID: 10
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Christine-PC
Description:
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WMI" Guid="{1edeee53-0afe-4609-b846-d8c0b2075b1f}" EventSourceName="WinMgmt" />
<EventID Qualifiers="49152">10</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-05-13T22:55:53.000000000Z" />
<EventRecordID>28350</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>Christine-PC</Computer>
<Security />
</System>
<EventData>
<Data>//./root/CIMV2</Data>
<Data>SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99</Data>
<Data>0x80041003</Data>
</EventData>
</Event>
-
Log Name: Application
Source: Microsoft-Windows-WMI
Date: 13/05/2014 23:50:49
Event ID: 10
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Christine-PC
Description:
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WMI" Guid="{1edeee53-0afe-4609-b846-d8c0b2075b1f}" EventSourceName="WinMgmt" />
<EventID Qualifiers="49152">10</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-05-13T22:50:49.000000000Z" />
<EventRecordID>28325</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>Christine-PC</Computer>
<Security />
</System>
<EventData>
<Data>//./root/CIMV2</Data>
<Data>SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99</Data>
<Data>0x80041003</Data>
</EventData>
</Event>
-
Log Name: Application
Source: Microsoft-Windows-User Profiles Service
Date: 13/05/2014 23:48:25
Event ID: 1530
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: Christine-PC
Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
15 user registry handles leaked from \Registry\User\S-1-5-21-1867582200-139094598-4032816429-1001:
Process 5768 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1867582200-139094598-4032816429-1001
Process 5768 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1867582200-139094598-4032816429-1001
Process 5768 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1867582200-139094598-4032816429-1001
Process 5768 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1867582200-139094598-4032816429-1001
Process 5768 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1867582200-139094598-4032816429-1001\Software\Microsoft\SystemCertificates\My
Process 5768 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1867582200-139094598-4032816429-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 5768 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1867582200-139094598-4032816429-1001\Software\Microsoft\SystemCertificates\CA
Process 5768 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1867582200-139094598-4032816429-1001\Software\Policies\Microsoft\SystemCertificates
Process 5768 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1867582200-139094598-4032816429-1001\Software\Policies\Microsoft\SystemCertificates
Process 5768 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1867582200-139094598-4032816429-1001\Software\Policies\Microsoft\SystemCertificates
Process 5768 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1867582200-139094598-4032816429-1001\Software\Policies\Microsoft\SystemCertificates
Process 5768 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1867582200-139094598-4032816429-1001\Software\Microsoft\SystemCertificates\Root
Process 5768 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1867582200-139094598-4032816429-1001\Software\Microsoft\SystemCertificates\Disallowed
Process 5768 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1867582200-139094598-4032816429-1001\Software\Microsoft\SystemCertificates\TrustedPeople
Process 5768 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1867582200-139094598-4032816429-1001\Software\Microsoft\SystemCertificates\trust
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" />
<EventID>1530</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2014-05-13T22:48:25.906645900Z" />
<EventRecordID>28305</EventRecordID>
<Correlation ActivityID="{038C8C40-F800-0000-6467-04D5FB6ECF01}" />
<Execution ProcessID="372" ThreadID="388" />
<Channel>Application</Channel>
<Computer>Christine-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="EVENT_HIVE_LEAK">
<Data Name="Detail">15 user registry handles leaked from \Registry\User\S-1-5-21-1867582200-139094598-4032816429-1001:
Process 5768 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1867582200-139094598-4032816429-1001
Process 5768 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1867582200-139094598-4032816429-1001
Process 5768 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1867582200-139094598-4032816429-1001
Process 5768 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1867582200-139094598-4032816429-1001
Process 5768 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1867582200-139094598-4032816429-1001\Software\Microsoft\SystemCertificates\My
Process 5768 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1867582200-139094598-4032816429-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 5768 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1867582200-139094598-4032816429-1001\Software\Microsoft\SystemCertificates\CA
Process 5768 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1867582200-139094598-4032816429-1001\Software\Policies\Microsoft\SystemCertificates
Process 5768 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1867582200-139094598-4032816429-1001\Software\Policies\Microsoft\SystemCertificates
Process 5768 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1867582200-139094598-4032816429-1001\Software\Policies\Microsoft\SystemCertificates
Process 5768 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1867582200-139094598-4032816429-1001\Software\Policies\Microsoft\SystemCertificates
Process 5768 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1867582200-139094598-4032816429-1001\Software\Microsoft\SystemCertificates\Root
Process 5768 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1867582200-139094598-4032816429-1001\Software\Microsoft\SystemCertificates\Disallowed
Process 5768 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1867582200-139094598-4032816429-1001\Software\Microsoft\SystemCertificates\TrustedPeople
Process 5768 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-1867582200-139094598-4032816429-1001\Software\Microsoft\SystemCertificates\trust
</Data>
</EventData>
</Event>
-
Log Name: Application
Source: VSS
Date: 13/05/2014 23:44:01
Event ID: 8194
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Christine-PC
Description:
Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
. This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {4c894b73-84bb-4daf-be10-41df406809db}
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="VSS" />
<EventID Qualifiers="0">8194</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-05-13T22:44:01.000000000Z" />
<EventRecordID>28292</EventRecordID>
<Channel>Application</Channel>
<Computer>Christine-PC</Computer>
<Security />
</System>
<EventData>
<Data>0x80070005, Access is denied.
</Data>
<Data>
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {4c894b73-84bb-4daf-be10-41df406809db}</Data>
<Binary>2D20436F64653A20575254575254494330303030313236302D2043616C6C3A20575254575254494330303030313231342D205049443A202030303030313133362D205449443A
202030303030313631322D20434D443A2020433A5C77696E646F77735C73797374656D33325C737663686F73742E657865202D6B204E6574776F726B53657276696365202020202020202D
20557365723A204E616D653A204E5420415554484F524954595C4E4554574F524B20534552564943452C205349443A532D312D352D3230</Binary>
</EventData>
</Event>
-
Log Name: Application
Source: Microsoft-Windows-WMI
Date: 13/05/2014 23:38:53
Event ID: 10
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Christine-PC
Description:
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WMI" Guid="{1edeee53-0afe-4609-b846-d8c0b2075b1f}" EventSourceName="WinMgmt" />
<EventID Qualifiers="49152">10</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-05-13T22:38:53.000000000Z" />
<EventRecordID>28287</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>Christine-PC</Computer>
<Security />
</System>
<EventData>
<Data>//./root/CIMV2</Data>
<Data>SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99</Data>
<Data>0x80041003</Data>
</EventData>
</Event>
-
Log Name: Application
Source: VSS
Date: 13/05/2014 23:29:41
Event ID: 8194
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Christine-PC
Description:
Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
. This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {9d5718a5-cd2d-41d9-978e-ec0c2b3b6a88}
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="VSS" />
<EventID Qualifiers="0">8194</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-05-13T22:29:41.000000000Z" />
<EventRecordID>28254</EventRecordID>
<Channel>Application</Channel>
<Computer>Christine-PC</Computer>
<Security />
</System>
<EventData>
<Data>0x80070005, Access is denied.
</Data>
<Data>
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {9d5718a5-cd2d-41d9-978e-ec0c2b3b6a88}</Data>
<Binary>2D20436F64653A20575254575254494330303030313236302D2043616C6C3A20575254575254494330303030313231342D205049443A202030303030313136342D205449443A
202030303030343036342D20434D443A2020433A5C77696E646F77735C73797374656D33325C737663686F73742E657865202D6B204E6574776F726B53657276696365202020202020202D
20557365723A204E616D653A204E5420415554484F524954595C4E4554574F524B20534552564943452C205349443A532D312D352D3230</Binary>
</EventData>
</Event>
-
Log Name: Application
Source: Microsoft-Windows-WMI
Date: 13/05/2014 23:23:55
Event ID: 10
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Christine-PC
Description:
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WMI" Guid="{1edeee53-0afe-4609-b846-d8c0b2075b1f}" EventSourceName="WinMgmt" />
<EventID Qualifiers="49152">10</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-05-13T22:23:55.000000000Z" />
<EventRecordID>28250</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>Christine-PC</Computer>
<Security />
</System>
<EventData>
<Data>//./root/CIMV2</Data>
<Data>SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99</Data>
<Data>0x80041003</Data>
</EventData>
</Event>
-
Log Name: Application
Source: Microsoft-Windows-User Profiles Service
Date: 13/05/2014 23:21:30
Event ID: 1530
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: Christine-PC
Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
0 user registry handles leaked from \Registry\User\S-1-5-21-1867582200-139094598-4032816429-1001:
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" />
<EventID>1530</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2014-05-13T22:21:30.852781100Z" />
<EventRecordID>28229</EventRecordID>
<Correlation ActivityID="{038BEC58-F800-0003-64AF-1D5BF66ECF01}" />
<Execution ProcessID="588" ThreadID="5684" />
<Channel>Application</Channel>
<Computer>Christine-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="EVENT_HIVE_LEAK">
<Data Name="Detail">0 user registry handles leaked from \Registry\User\S-1-5-21-1867582200-139094598-4032816429-1001:
</Data>
</EventData>
</Event>
-
Log Name: Application
Source: VSS
Date: 13/05/2014 23:05:09
Event ID: 8194
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Christine-PC
Description:
Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
. This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {2cf1d5c4-4cec-49a8-83a1-3a8b45abdbee}
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="VSS" />
<EventID Qualifiers="0">8194</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-05-13T22:05:09.000000000Z" />
<EventRecordID>28212</EventRecordID>
<Channel>Application</Channel>
<Computer>Christine-PC</Computer>
<Security />
</System>
<EventData>
<Data>0x80070005, Access is denied.
</Data>
<Data>
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {2cf1d5c4-4cec-49a8-83a1-3a8b45abdbee}</Data>
<Binary>2D20436F64653A20575254575254494330303030313236302D2043616C6C3A20575254575254494330303030313231342D205049443A202030303030313136342D205449443
A202030303030333431362D20434D443A2020433A5C77696E646F77735C73797374656D33325C737663686F73742E657865202D6B204E6574776F726B5365727669636520202020202020
2D20557365723A204E616D653A204E5420415554484F524954595C4E4554574F524B20534552564943452C205349443A532D312D352D3230</Binary>
</EventData>
</Event>
-
Log Name: Application
Source: Microsoft-Windows-WMI
Date: 13/05/2014 22:59:38
Event ID: 10
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Christine-PC
Description:
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WMI" Guid="{1edeee53-0afe-4609-b846-d8c0b2075b1f}" EventSourceName="WinMgmt" />
<EventID Qualifiers="49152">10</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-05-13T21:59:38.000000000Z" />
<EventRecordID>28208</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>Christine-PC</Computer>
<Security />
</System>
<EventData>
<Data>//./root/CIMV2</Data>
<Data>SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99</Data>
<Data>0x80041003</Data>
</EventData>
</Event>
