API tools faq
paste
Advertisement
Guest User

event viewer

a guest
Mar 24th, 2017
467
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 14.84 KB | None | 0 0
raw download clone embed print report
  1. Log Name: System
  2. Source: Microsoft-Windows-Kernel-Power
  3. Date: 24/3/2017 5:32:59 PM
  4. Event ID: 41
  5. Task Category: (63)
  6. Level: Critical
  7. Keywords: (70368744177664),(2)
  8. User: SYSTEM
  9. Computer: DESKTOP-PAT
  10. Description:
  11. The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
  12. Event Xml:
  13. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  14. <System>
  15. <Provider Name="Microsoft-Windows-Kernel-Power" Guid="{331C3B3A-2005-44C2-AC5E-77220C37D6B4}" />
  16. <EventID>41</EventID>
  17. <Version>4</Version>
  18. <Level>1</Level>
  19. <Task>63</Task>
  20. <Opcode>0</Opcode>
  21. <Keywords>0x8000400000000002</Keywords>
  22. <TimeCreated SystemTime="2017-03-24T09:32:59.347101600Z" />
  23. <EventRecordID>7032</EventRecordID>
  24. <Correlation />
  25. <Execution ProcessID="4" ThreadID="8" />
  26. <Channel>System</Channel>
  27. <Computer>DESKTOP-PAT</Computer>
  28. <Security UserID="S-1-5-18" />
  29. </System>
  30. <EventData>
  31. <Data Name="BugcheckCode">0</Data>
  32. <Data Name="BugcheckParameter1">0x0</Data>
  33. <Data Name="BugcheckParameter2">0x0</Data>
  34. <Data Name="BugcheckParameter3">0x0</Data>
  35. <Data Name="BugcheckParameter4">0x0</Data>
  36. <Data Name="SleepInProgress">0</Data>
  37. <Data Name="PowerButtonTimestamp">0</Data>
  38. <Data Name="BootAppStatus">0</Data>
  39. <Data Name="Checkpoint">0</Data>
  40. <Data Name="ConnectedStandbyInProgress">false</Data>
  41. <Data Name="SystemSleepTransitionsToOn">0</Data>
  42. <Data Name="CsEntryScenarioInstanceId">0</Data>
  43. </EventData>
  44. </Event>
  45.  
  46. Log Name: System
  47. Source: EventLog
  48. Date: 24/3/2017 5:33:13 PM
  49. Event ID: 6008
  50. Task Category: None
  51. Level: Error
  52. Keywords: Classic
  53. User: N/A
  54. Computer: DESKTOP-PAT
  55. Description:
  56. The previous system shutdown at 5:13:29 PM on ?24/?3/?2017 was unexpected.
  57. Event Xml:
  58. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  59. <System>
  60. <Provider Name="EventLog" />
  61. <EventID Qualifiers="32768">6008</EventID>
  62. <Level>2</Level>
  63. <Task>0</Task>
  64. <Keywords>0x80000000000000</Keywords>
  65. <TimeCreated SystemTime="2017-03-24T09:33:13.009689100Z" />
  66. <EventRecordID>7022</EventRecordID>
  67. <Channel>System</Channel>
  68. <Computer>DESKTOP-PAT</Computer>
  69. <Security />
  70. </System>
  71. <EventData>
  72. <Data>5:13:29 PM</Data>
  73. <Data>?24/?3/?2017</Data>
  74. <Data>
  75. </Data>
  76. <Data>
  77. </Data>
  78. <Data>30</Data>
  79. <Data>
  80. </Data>
  81. <Data>
  82. </Data>
  83. <Binary>E10703000500180011000D001D002502E10703000500180009000D001D0025023C0000003C000000010000003C00000000000000B00400000100000000000000</Binary>
  84. </EventData>
  85. </Event>
  86.  
  87. Log Name: Application
  88. Source: Microsoft-Windows-Security-SPP
  89. Date: 24/3/2017 5:18:46 PM
  90. Event ID: 8233
  91. Task Category: None
  92. Level: Warning
  93. Keywords: Classic
  94. User: N/A
  95. Computer: DESKTOP-PAT
  96. Description:
  97. The rules engine reported a failed VL activation attempt.
  98. Reason:0x8007007B
  99. AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = d450596f-894d-49e0-966a-fd39ed4c4c64
  100. Trigger=NetworkAvailable
  101. Event Xml:
  102. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  103. <System>
  104. <Provider Name="Microsoft-Windows-Security-SPP" Guid="{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}" EventSourceName="Software Protection Platform Service" />
  105. <EventID Qualifiers="16384">8233</EventID>
  106. <Version>0</Version>
  107. <Level>3</Level>
  108. <Task>0</Task>
  109. <Opcode>0</Opcode>
  110. <Keywords>0x80000000000000</Keywords>
  111. <TimeCreated SystemTime="2017-03-24T09:18:46.040964900Z" />
  112. <EventRecordID>10232</EventRecordID>
  113. <Correlation />
  114. <Execution ProcessID="0" ThreadID="0" />
  115. <Channel>Application</Channel>
  116. <Computer>DESKTOP-PAT</Computer>
  117. <Security />
  118. </System>
  119. <EventData>
  120. <Data>0x8007007B</Data>
  121. <Data>0ff1ce15-a989-479d-af46-f275c6370663</Data>
  122. <Data>d450596f-894d-49e0-966a-fd39ed4c4c64</Data>
  123. <Data>NetworkAvailable</Data>
  124. </EventData>
  125. </Event>
  126.  
  127. Log Name: Application
  128. Source: SideBySide
  129. Date: 24/3/2017 5:15:43 PM
  130. Event ID: 35
  131. Task Category: None
  132. Level: Error
  133. Keywords: Classic
  134. User: N/A
  135. Computer: DESKTOP-PAT
  136. Description:
  137. Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1. Component identity found in manifest does not match the identity of the component requested. Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0". Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0". Please use sxstrace.exe for detailed diagnosis.
  138. Event Xml:
  139. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  140. <System>
  141. <Provider Name="SideBySide" />
  142. <EventID Qualifiers="49409">35</EventID>
  143. <Level>2</Level>
  144. <Task>0</Task>
  145. <Keywords>0x80000000000000</Keywords>
  146. <TimeCreated SystemTime="2017-03-24T09:15:43.292509200Z" />
  147. <EventRecordID>10223</EventRecordID>
  148. <Channel>Application</Channel>
  149. <Computer>DESKTOP-PAT</Computer>
  150. <Security />
  151. </System>
  152. <EventData>
  153. <Data>UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"</Data>
  154. <Data>UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0"</Data>
  155. <Data>
  156. </Data>
  157. <Data>
  158. </Data>
  159. <Data>
  160. </Data>
  161. <Data>
  162. </Data>
  163. <Data>
  164. </Data>
  165. <Data>
  166. </Data>
  167. <Data>
  168. </Data>
  169. <Data>
  170. </Data>
  171. <Data>C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest</Data>
  172. <Data>C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL</Data>
  173. <Data>1</Data>
  174. <Data>
  175. </Data>
  176. <Data>
  177. </Data>
  178. <Data>
  179. </Data>
  180. <Data>
  181. </Data>
  182. <Data>
  183. </Data>
  184. <Data>
  185. </Data>
  186. <Data>
  187. </Data>
  188. </EventData>
  189. </Event>
  190.  
  191. Log Name: Application
  192. Source: Microsoft-Windows-Security-SPP
  193. Date: 24/3/2017 5:14:24 PM
  194. Event ID: 8233
  195. Task Category: None
  196. Level: Warning
  197. Keywords: Classic
  198. User: N/A
  199. Computer: DESKTOP-PAT
  200. Description:
  201. The rules engine reported a failed VL activation attempt.
  202. Reason:0x8007007B
  203. AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = d450596f-894d-49e0-966a-fd39ed4c4c64
  204. Trigger=UserLogon(1)
  205. Event Xml:
  206. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  207. <System>
  208. <Provider Name="Microsoft-Windows-Security-SPP" Guid="{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}" EventSourceName="Software Protection Platform Service" />
  209. <EventID Qualifiers="16384">8233</EventID>
  210. <Version>0</Version>
  211. <Level>3</Level>
  212. <Task>0</Task>
  213. <Opcode>0</Opcode>
  214. <Keywords>0x80000000000000</Keywords>
  215. <TimeCreated SystemTime="2017-03-24T09:14:24.692927900Z" />
  216. <EventRecordID>10210</EventRecordID>
  217. <Correlation />
  218. <Execution ProcessID="0" ThreadID="0" />
  219. <Channel>Application</Channel>
  220. <Computer>DESKTOP-PAT</Computer>
  221. <Security />
  222. </System>
  223. <EventData>
  224. <Data>0x8007007B</Data>
  225. <Data>0ff1ce15-a989-479d-af46-f275c6370663</Data>
  226. <Data>d450596f-894d-49e0-966a-fd39ed4c4c64</Data>
  227. <Data>UserLogon(1)</Data>
  228. </EventData>
  229. </Event>
  230.  
  231. Log Name: System
  232. Source: Microsoft-Windows-DistributedCOM
  233. Date: 24/3/2017 5:13:39 PM
  234. Event ID: 10016
  235. Task Category: None
  236. Level: Error
  237. Keywords: Classic
  238. User: SYSTEM
  239. Computer: DESKTOP-PAT
  240. Description:
  241. The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
  242. {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
  243. and APPID
  244. {F72671A9-012C-4725-9D2F-2A4D32D65169}
  245. to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
  246. Event Xml:
  247. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  248. <System>
  249. <Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
  250. <EventID Qualifiers="0">10016</EventID>
  251. <Version>0</Version>
  252. <Level>2</Level>
  253. <Task>0</Task>
  254. <Opcode>0</Opcode>
  255. <Keywords>0x8080000000000000</Keywords>
  256. <TimeCreated SystemTime="2017-03-24T09:13:39.720638700Z" />
  257. <EventRecordID>7011</EventRecordID>
  258. <Correlation />
  259. <Execution ProcessID="1020" ThreadID="3156" />
  260. <Channel>System</Channel>
  261. <Computer>DESKTOP-PAT</Computer>
  262. <Security UserID="S-1-5-18" />
  263. </System>
  264. <EventData>
  265. <Data Name="param1">application-specific</Data>
  266. <Data Name="param2">Local</Data>
  267. <Data Name="param3">Activation</Data>
  268. <Data Name="param4">{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}</Data>
  269. <Data Name="param5">{F72671A9-012C-4725-9D2F-2A4D32D65169}</Data>
  270. <Data Name="param6">NT AUTHORITY</Data>
  271. <Data Name="param7">SYSTEM</Data>
  272. <Data Name="param8">S-1-5-18</Data>
  273. <Data Name="param9">LocalHost (Using LRPC)</Data>
  274. <Data Name="param10">Unavailable</Data>
  275. <Data Name="param11">Unavailable</Data>
  276. </EventData>
  277. </Event>
  278.  
  279. Log Name: Application
  280. Source: Microsoft-Windows-Security-SPP
  281. Date: 24/3/2017 5:13:39 PM
  282. Event ID: 8233
  283. Task Category: None
  284. Level: Warning
  285. Keywords: Classic
  286. User: N/A
  287. Computer: DESKTOP-PAT
  288. Description:
  289. The rules engine reported a failed VL activation attempt.
  290. Reason:0x8007007B
  291. AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = d450596f-894d-49e0-966a-fd39ed4c4c64
  292. Trigger=NetworkAvailable
  293. Event Xml:
  294. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  295. <System>
  296. <Provider Name="Microsoft-Windows-Security-SPP" Guid="{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}" EventSourceName="Software Protection Platform Service" />
  297. <EventID Qualifiers="16384">8233</EventID>
  298. <Version>0</Version>
  299. <Level>3</Level>
  300. <Task>0</Task>
  301. <Opcode>0</Opcode>
  302. <Keywords>0x80000000000000</Keywords>
  303. <TimeCreated SystemTime="2017-03-24T09:13:39.486239500Z" />
  304. <EventRecordID>10201</EventRecordID>
  305. <Correlation />
  306. <Execution ProcessID="0" ThreadID="0" />
  307. <Channel>Application</Channel>
  308. <Computer>DESKTOP-PAT</Computer>
  309. <Security />
  310. </System>
  311. <EventData>
  312. <Data>0x8007007B</Data>
  313. <Data>0ff1ce15-a989-479d-af46-f275c6370663</Data>
  314. <Data>d450596f-894d-49e0-966a-fd39ed4c4c64</Data>
  315. <Data>NetworkAvailable</Data>
  316. </EventData>
  317. </Event>
  318.  
  319. Log Name: System
  320. Source: Service Control Manager
  321. Date: 24/3/2017 5:13:30 PM
  322. Event ID: 7000
  323. Task Category: None
  324. Level: Error
  325. Keywords: Classic
  326. User: N/A
  327. Computer: DESKTOP-PAT
  328. Description:
  329. The InstallerService service failed to start due to the following error:
  330. The system cannot find the file specified.
  331. Event Xml:
  332. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  333. <System>
  334. <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
  335. <EventID Qualifiers="49152">7000</EventID>
  336. <Version>0</Version>
  337. <Level>2</Level>
  338. <Task>0</Task>
  339. <Opcode>0</Opcode>
  340. <Keywords>0x8080000000000000</Keywords>
  341. <TimeCreated SystemTime="2017-03-24T09:13:30.143646400Z" />
  342. <EventRecordID>7008</EventRecordID>
  343. <Correlation />
  344. <Execution ProcessID="788" ThreadID="2232" />
  345. <Channel>System</Channel>
  346. <Computer>DESKTOP-PAT</Computer>
  347. <Security />
  348. </System>
  349. <EventData>
  350. <Data Name="param1">InstallerService</Data>
  351. <Data Name="param2">%%2</Data>
  352. <Binary>49006E007300740061006C006C006500720053006500720076006900630065000000</Binary>
  353. </EventData>
  354. </Event>
  355.  
  356. Log Name: Security
  357. Source: Microsoft-Windows-Eventlog
  358. Date: 24/3/2017 5:13:30 PM
  359. Event ID: 1101
  360. Task Category: Event processing
  361. Level: Error
  362. Keywords: Audit Success
  363. User: N/A
  364. Computer: DESKTOP-PAT
  365. Description:
  366. Audit events have been dropped by the transport. 0
  367. Event Xml:
  368. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  369. <System>
  370. <Provider Name="Microsoft-Windows-Eventlog" Guid="{fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148}" />
  371. <EventID>1101</EventID>
  372. <Version>0</Version>
  373. <Level>2</Level>
  374. <Task>101</Task>
  375. <Opcode>0</Opcode>
  376. <Keywords>0x4020000000000000</Keywords>
  377. <TimeCreated SystemTime="2017-03-24T09:13:30.018639900Z" />
  378. <EventRecordID>98361</EventRecordID>
  379. <Correlation />
  380. <Execution ProcessID="1412" ThreadID="1996" />
  381. <Channel>Security</Channel>
  382. <Computer>DESKTOP-PAT</Computer>
  383. <Security />
  384. </System>
  385. <UserData>
  386. <AuditEventsDropped xmlns="http://manifests.microsoft.com/win/2004/08/windows/eventlog">
  387. <Reason>0</Reason>
  388. </AuditEventsDropped>
  389. </UserData>
  390. </Event>
  391.  
  392. Log Name: System
  393. Source: Microsoft-Windows-Kernel-Power
  394. Date: 24/3/2017 5:13:15 PM
  395. Event ID: 41
  396. Task Category: (63)
  397. Level: Critical
  398. Keywords: (70368744177664),(2)
  399. User: SYSTEM
  400. Computer: DESKTOP-PAT
  401. Description:
  402. The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
  403. Event Xml:
  404. <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  405. <System>
  406. <Provider Name="Microsoft-Windows-Kernel-Power" Guid="{331C3B3A-2005-44C2-AC5E-77220C37D6B4}" />
  407. <EventID>41</EventID>
  408. <Version>4</Version>
  409. <Level>1</Level>
  410. <Task>63</Task>
  411. <Opcode>0</Opcode>
  412. <Keywords>0x8000400000000002</Keywords>
  413. <TimeCreated SystemTime="2017-03-24T09:13:15.355498200Z" />
  414. <EventRecordID>6987</EventRecordID>
  415. <Correlation />
  416. <Execution ProcessID="4" ThreadID="8" />
  417. <Channel>System</Channel>
  418. <Computer>DESKTOP-PAT</Computer>
  419. <Security UserID="S-1-5-18" />
  420. </System>
  421. <EventData>
  422. <Data Name="BugcheckCode">0</Data>
  423. <Data Name="BugcheckParameter1">0x0</Data>
  424. <Data Name="BugcheckParameter2">0x0</Data>
  425. <Data Name="BugcheckParameter3">0x0</Data>
  426. <Data Name="BugcheckParameter4">0x0</Data>
  427. <Data Name="SleepInProgress">0</Data>
  428. <Data Name="PowerButtonTimestamp">0</Data>
  429. <Data Name="BootAppStatus">0</Data>
  430. <Data Name="Checkpoint">0</Data>
  431. <Data Name="ConnectedStandbyInProgress">false</Data>
  432. <Data Name="SystemSleepTransitionsToOn">0</Data>
  433. <Data Name="CsEntryScenarioInstanceId">0</Data>
  434. </EventData>
  435. </Event>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!