Crash! Help with Dr. Watson and Event Viewer Log Interpretation

S

Svengali

My laptop recently crashed with the BSOD error:

windowx xp boot sequence
Stop c000021a {Fatal System Error}
The session manager initialization system process terminated unexpectedly
with a status of 0xc0000034 (0x00000000, 0x0000000)

The system has been shut down.


I cannot start the machine in any mode. My only hope is to use the Recovery
Console to perform the necessary repairs as I

don’t have a rescue disk. The problem occurred after I updated some
TrendMicro Internet Security virus pattern file. The

computer took a really abnormally long time to shut down and the problem
started the next day when I started the machine.

It seems from all my research that I might have a corrupt registry, but I am
not sure. I am trying to go about this in a

systematic way. So far I have backed up my data, but I have some
applications that I want to save if I can. I managed to

copy the Dr. Watson log and also the dump file from the laptop. I can’t do
much with the dump file since I can’t debug code.

Although, I imported it in Visual C++ so see if I could get any clues. But,
some scary things happened, so I quickly backed

out. I also downloaded and installed the Windows Debug Tool and used that to
open the dump file. Finally, I imported the

Application, Security, and System Event logs into the Event Viewer on
another machine.

I would like to share the results and solicit some input as to the best way
to solve this problem. To avoid too mush

confusion, I am going to post the results of each tool that I used
separately so that the post does not become too cumbersome

to read.

Below is a portion of the last Dr. Watson log entry. I am of the opinion
that the Internet Explorer error in the Dr. Watson

log is just a red herring, and the real problem can be found in the event
viewer logs. BTW, I get a lot of these IE errors in

the Dr. Watson log any those were the only type of log entries for the past
two days. Therefore I really think that the Dr.

Watson log is a red herring. I think that my suspension about a corrupt
registry is confirmed by the Event Viewer Logs. But I

am not an expert. BTW, I am Running IE 6. on XP Home SP2, and I forgot which
service pack for IE.

I would like any suggestions on other MS groups that I can post this message
to for a better resolution.



Dr. Watson Log, This is rather large file, so I just included a portion of
the final entry.

_______________________________________________________

Application exception occurred:
App: C:\Program Files\Internet Explorer\iexplore.exe (pid=2856)


When: 11/24/2007 @ 05:11:38.500
Exception number: c0000005 (access violation)

*----> System Information <----*
Computer Name: OWNER
User Name: OWNER
Terminal Session Id: 0
Number of Processors: 2
Processor Type: x86 Family 15 Model 2 Stepping 9
Windows Version: 5.1
Current Build: 2600
Service Pack: 2
Current Type: Multiprocessor Free
Registered Organization:
Registered Owner: OWNER

*----> Task List <----*
0 System Process
4 System
900 smss.exe
952 csrss.exe
992 winlogon.exe
1036 services.exe
1048 lsass.exe
1252 svchost.exe
1296 svchost.exe
1348 svchost.exe
1388 svchost.exe
1440 svchost.exe
1536 svchost.exe
1856 spoolsv.exe
1956 CeEPwrSvc.exe
1972 DVDRAMSV.exe
2044 lkcitdl.exe
168 lkads.exe
204 lktsrv.exe
276 matlabserver.exe
444 mdm.exe
548 matlab.exe
556 sqlservr.exe
728 nimxs.exe
748 nidmsrv.exe
768 nisvcloc.exe
780 tagsrv.exe
1428 nvsvc32.exe
1664 PcCtlCom.exe
620 PcScnSrv.exe
1452 SMARTBoardService.exe
1756 svchost.exe
2224 Tmntsrv.exe
2240 TmPfw.exe
2272 tmproxy.exe
2568 CALMAIN.exe
1484 alg.exe
3452 ctfmon.exe
932 Explorer.EXE
2676 PccGuide.exe
3768 Apoint.exe
532 CplBTQ00.EXE
3948 CeEKey.exe
3968 TPTray.exe
3984 CePMTray.exe
608 opware32.exe
3832 qttask.exe
176 AGRSMMSG.exe
688 WatchDog.exe
3952 V0230Mon.exe
792 Apntex.exe
820 jusched.exe
2288 StickyPad.exe
2376 CTLCMgr.exe
2992 AcroTray.exe
3392 RAMASST.exe
2328 wudfhost.exe
3356 ivpsvmgr.exe
4068 iexplore.exe
3652 PCCMAIN.EXE
3440 AcroRd32.exe
3920 iexplore.exe
3800 drwtsn32.exe

*----> Module List <----*
(0000000000400000 - 0000000000419000: C:\Program Files\Internet
Explorer\iexplore.exe
(0000000000c70000 - 0000000000ccb000: C:\Program Files\Common
Files\Microsoft Shared\INK\SKCHUI.DLL
(0000000002470000 - 000000000247e000: C:\Program Files\Adobe\Acrobat
7.0\ActiveX\AcroIEHelper.dll
(0000000002520000 - 00000000025a8000: C:\WINDOWS\system32\shdoclc.dll
(00000000025b0000 - 0000000002875000: C:\WINDOWS\system32\xpsp2res.dll
(0000000002980000 - 000000000298e000: C:\WINDOWS\system32\bmi_lsp.dll
(0000000002990000 - 000000000299e000: C:\WINDOWS\system32\bmzlib.dll
(000000000ffd0000 - 000000000fff8000: C:\WINDOWS\system32\rsaenh.dll
(0000000010000000 - 000000001002b000: C:\Program
Files\ScanSoft\OmniPageSE\ophook32.dll
(0000000020000000 - 0000000020012000: C:\WINDOWS\system32\browselc.dll
(0000000030000000 - 00000000302ef000:
C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx
(0000000032520000 - 0000000032532000: C:\Program Files\Microsoft
Office\Office10\msohev.dll
(00000000506a0000 - 0000000050728000: C:\WINDOWS\system32\wuapi.dll
(000000005ad70000 - 000000005ada8000: C:\WINDOWS\system32\uxtheme.dll
(000000005b860000 - 000000005b8b4000: C:\WINDOWS\system32\NETAPI32.dll
(000000005d090000 - 000000005d12a000: C:\WINDOWS\system32\comctl32.dll
(00000000662b0000 - 0000000066308000: C:\WINDOWS\system32\hnetcfg.dll
(0000000066e50000 - 0000000066e90000: C:\WINDOWS\System32\iepeers.dll
(000000006bdd0000 - 000000006be06000: C:\WINDOWS\System32\dxtrans.dll
(000000006be10000 - 000000006be6a000: C:\WINDOWS\System32\dxtmsft.dll
(000000006d430000 - 000000006d43a000: C:\WINDOWS\System32\ddrawex.dll
(000000006d7c0000 - 000000006d839000: C:\Program
Files\Java\jre1.6.0_03\bin\ssv.dll
(0000000071a50000 - 0000000071a8f000: C:\WINDOWS\system32\mswsock.dll
(0000000071a90000 - 0000000071a98000: C:\WINDOWS\System32\wshtcpip.dll
(0000000071aa0000 - 0000000071aa8000: C:\WINDOWS\system32\WS2HELP.dll
(0000000071ab0000 - 0000000071ac7000: C:\WINDOWS\system32\WS2_32.dll
(0000000071ad0000 - 0000000071ad9000: C:\WINDOWS\system32\wsock32.dll
(00000000722b0000 - 00000000722b5000: C:\WINDOWS\system32\sensapi.dll
(0000000072d10000 - 0000000072d18000: C:\WINDOWS\system32\msacm32.drv
(0000000072d20000 - 0000000072d29000: C:\WINDOWS\system32\wdmaud.drv
(0000000073000000 - 0000000073026000: C:\WINDOWS\System32\WINSPOOL.DRV
(0000000073080000 - 000000007309c000: C:\WINDOWS\system32\rsvpsp.dll
(0000000073760000 - 00000000737a9000: C:\WINDOWS\System32\DDRAW.dll
(0000000073bc0000 - 0000000073bc6000: C:\WINDOWS\System32\DCIMAN32.dll
(00000000746c0000 - 00000000746e7000: C:\WINDOWS\System32\msls31.dll
(00000000746f0000 - 000000007471a000: C:\WINDOWS\System32\msimtf.dll
(0000000074720000 - 000000007476b000: C:\WINDOWS\system32\MSCTF.dll
(0000000075150000 - 0000000075164000: C:\WINDOWS\system32\Cabinet.dll
(00000000754d0000 - 0000000075550000: C:\WINDOWS\system32\CRYPTUI.dll
(00000000755c0000 - 00000000755ee000: C:\WINDOWS\system32\msctfime.ime
(0000000075c50000 - 0000000075cbe000: c:\windows\system32\jscript.dll
(0000000075cf0000 - 0000000075d81000: C:\WINDOWS\system32\mlang.dll
(0000000075e90000 - 0000000075f40000: C:\WINDOWS\system32\SXS.DLL
(0000000075f80000 - 000000007607d000: C:\WINDOWS\system32\BROWSEUI.dll
(0000000076200000 - 0000000076271000: C:\WINDOWS\System32\mshtmled.dll
(0000000076390000 - 00000000763ad000: C:\WINDOWS\system32\IMM32.DLL
(00000000763b0000 - 00000000763f9000: C:\WINDOWS\system32\comdlg32.dll
(0000000076600000 - 000000007661d000: C:\WINDOWS\System32\CSCDLL.dll
(0000000076990000 - 00000000769b5000: C:\WINDOWS\system32\ntshrui.dll
(00000000769c0000 - 0000000076a73000: C:\WINDOWS\system32\USERENV.dll
(0000000076b20000 - 0000000076b31000: C:\WINDOWS\System32\ATL.DLL
(0000000076b40000 - 0000000076b6d000: C:\WINDOWS\system32\WINMM.dll
(0000000076bf0000 - 0000000076bfb000: C:\WINDOWS\System32\PSAPI.DLL
(0000000076c30000 - 0000000076c5e000: C:\WINDOWS\system32\WINTRUST.dll
(0000000076c90000 - 0000000076cb8000: C:\WINDOWS\system32\IMAGEHLP.dll
(0000000076d60000 - 0000000076d79000: C:\WINDOWS\system32\iphlpapi.dll
(0000000076e80000 - 0000000076e8e000: C:\WINDOWS\system32\rtutils.dll
(0000000076e90000 - 0000000076ea2000: C:\WINDOWS\system32\rasman.dll
(0000000076eb0000 - 0000000076edf000: C:\WINDOWS\system32\TAPI32.dll
(0000000076ee0000 - 0000000076f1c000: C:\WINDOWS\system32\RASAPI32.DLL
(0000000076f20000 - 0000000076f47000: C:\WINDOWS\system32\DNSAPI.dll
(0000000076f60000 - 0000000076f8c000: C:\WINDOWS\system32\WLDAP32.dll
(0000000076fb0000 - 0000000076fb8000: C:\WINDOWS\System32\winrnr.dll
(0000000076fc0000 - 0000000076fc6000: C:\WINDOWS\system32\rasadhlp.dll
(0000000076fd0000 - 000000007704f000: C:\WINDOWS\system32\CLBCATQ.DLL
(0000000077050000 - 0000000077115000: C:\WINDOWS\system32\COMRes.dll
(0000000077120000 - 00000000771ab000: C:\WINDOWS\system32\OLEAUT32.dll
(00000000771b0000 - 0000000077256000: C:\WINDOWS\system32\WININET.dll
(00000000773d0000 - 00000000774d3000:

C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
(00000000774e0000 - 000000007761d000: C:\WINDOWS\system32\ole32.dll
(0000000077920000 - 0000000077a13000: C:\WINDOWS\system32\SETUPAPI.dll
(0000000077a20000 - 0000000077a74000: C:\WINDOWS\System32\cscui.dll
(0000000077a80000 - 0000000077b14000: C:\WINDOWS\system32\CRYPT32.dll
(0000000077b20000 - 0000000077b32000: C:\WINDOWS\system32\MSASN1.dll
(0000000077b40000 - 0000000077b62000: C:\WINDOWS\system32\appHelp.dll
(0000000077bd0000 - 0000000077bd7000: C:\WINDOWS\system32\midimap.dll
(0000000077be0000 - 0000000077bf5000: C:\WINDOWS\system32\MSACM32.dll
(0000000077c00000 - 0000000077c08000: C:\WINDOWS\system32\VERSION.dll
(0000000077c10000 - 0000000077c68000: C:\WINDOWS\system32\msvcrt.dll
(0000000077c70000 - 0000000077c93000: C:\WINDOWS\system32\msv1_0.dll
(0000000077dd0000 - 0000000077e6b000: C:\WINDOWS\system32\ADVAPI32.dll
(0000000077e70000 - 0000000077f02000: C:\WINDOWS\system32\RPCRT4.dll
(0000000077f10000 - 0000000077f57000: C:\WINDOWS\system32\GDI32.dll
(0000000077f60000 - 0000000077fd6000: C:\WINDOWS\system32\SHLWAPI.dll
(0000000077fe0000 - 0000000077ff1000: C:\WINDOWS\system32\Secur32.dll
(000000007c340000 - 000000007c396000: C:\WINDOWS\system32\MSVCR71.dll
(000000007c800000 - 000000007c8f5000: C:\WINDOWS\system32\kernel32.dll
(000000007c900000 - 000000007c9b0000: C:\WINDOWS\system32\ntdll.dll
(000000007c9c0000 - 000000007d1d6000: C:\WINDOWS\system32\SHELL32.dll
(000000007d1e0000 - 000000007d49e000: C:\WINDOWS\system32\msi.dll
(000000007dc30000 - 000000007df21000: C:\WINDOWS\System32\mshtml.dll
(000000007e1e0000 - 000000007e280000: C:\WINDOWS\system32\urlmon.dll
(000000007e290000 - 000000007e3ff000: C:\WINDOWS\system32\SHDOCVW.dll
(000000007e410000 - 000000007e4a0000: C:\WINDOWS\system32\USER32.dll

*----> State Dump for Thread Id 0xb98 <----*

eax=00720070 ebx=036232f0 ecx=001b4398 edx=7ded4de0 esi=036c97f0 edi=03623310
eip=7dd3f491 esp=001361b8 ebp=001361cc iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\System32\mshtml.dll -
function: mshtml!DllGetClassObject
7dd3f469 e8c25b0500 call mshtml!CreateHTMLPropertyPage+0x20250
(7dd95030)
7dd3f46e e966e5f8ff jmp mshtml+0x9d9d9 (7dccd9d9)
7dd3f473 095810 or [eax+0x10],ebx
7dd3f476 8b45fc mov eax,[ebp-0x4]
7dd3f479 e9a9e5f8ff jmp mshtml+0x9da27 (7dccda27)
7dd3f47e 8b4dfc mov ecx,[ebp-0x4]
7dd3f481 e80fb5f8ff call mshtml+0x9a995 (7dcca995)
7dd3f486 85c0 test eax,eax
7dd3f488 0f84ec25f8ff je mshtml+0x91a7a (7dcc1a7a)
7dd3f48e 8b4324 mov eax,[ebx+0x24]
FAULT ->7dd3f491 8b30 mov esi,[eax]
ds:0023:00720070=????????
7dd3f493 6a00 push 0x0
7dd3f495 8bcf mov ecx,edi
7dd3f497 e8b496f6ff call mshtml+0x78b50 (7dca8b50)
7dd3f49c 33c0 xor eax,eax
7dd3f49e 50 push eax
7dd3f49f 50 push eax
7dd3f4a0 50 push eax
7dd3f4a1 8bce mov ecx,esi
7dd3f4a3 e85097f8ff call mshtml+0x98bf8 (7dcc8bf8)
7dd3f4a8 85c0 test eax,eax

*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be
wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\USER32.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\SHLWAPI.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\WININET.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
c:\windows\system32\jscript.dll -
ChildEBP RetAddr Args to Child
 
S

Svengali

Here are the results from the Windows Debugging Tool. All I did was use the
tool to open the Dr. Watson Crash Dump File.

___________________________________________

Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Documents and Settings\Me\Desktop\Laptop Dr
Watson\Working File\Working_user.dmp]
User Mini Dump File: Only registers, stack and portions of memory are
available

Comment: 'Dr. Watson generated MiniDump'
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
Windows XP Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: SingleUserTS Personal
Debug session time: Sat Nov 24 05:11:39.000 2007 (GMT-6)
System Uptime: not available
Process Uptime: 0 days 0:03:22.00
...............................................................................................
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(f50.b98): Access violation - code c0000005 (first/second chance not
available)
eax=00720070 ebx=036232f0 ecx=001b4398 edx=7ded4de0 esi=036c97f0 edi=03623310
eip=7dd3f491 esp=001361b8 ebp=001361cc iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
Unable to load image C:\WINDOWS\system32\mshtml.dll, Win32 error 0n2
*** WARNING: Unable to verify timestamp for mshtml.dll
*** ERROR: Module load completed but symbols could not be loaded for
mshtml.dll
mshtml+0x10f491:
7dd3f491 8b30 mov esi,dword ptr [eax]
ds:0023:00720070=????????
 
S

Svengali

These are the results of the SysEvent Logs. I have shown only one of the six
Internet Explorer Events to save space since they were all the same but with
different fault address.
__________________________________________________

Event Type: Information
Event Source: MSSQL$SQLEXPRESS
Event Category: (2)
Event ID: 17147
Date: 11/24/2007
Time: 5:32:14 AM
User: N/A
Computer: Laptop
Description:
SQL Server is terminating because of a system shutdown. This is an
informational message only. No user action is required.

Data:
0000: fb 42 00 00 0a 00 00 00 ûB......
0008: 14 00 00 00 52 00 41 00 ....R.A.
0010: 53 00 54 00 41 00 4d 00 S.T.A.M.
0018: 41 00 4e 00 5c 00 53 00 A.N.\.S.
0020: 51 00 4c 00 45 00 58 00 Q.L.E.X.
0028: 50 00 52 00 45 00 53 00 P.R.E.S.
0030: 53 00 00 00 00 00 00 00 S.......

Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date: 11/24/2007
Time: 5:32:09 AM
User: NT AUTHORITY\SYSTEM
Computer: Laptop
Description:

Windows saved user Laptop\Owner registry while an application or service was
still using the registry during log off. The

memory used by the user's registry has not been freed. The registry will be
unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring
the services to run in either the LocalService

or NetworkService account.


Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1524
Date: 11/24/2007
Time: 5:31:37 AM
User: S-1-5-21-850560721
Computer: Laptop
Description:

Windows cannot unload your classes registry file - it is still in use by
other applications or services. The file will be

unloaded when it is no longer in use.


Event Type: Information
Event Source: MsiInstaller
Event Category: None
Event ID: 11729
Date: 11/24/2007
Time: 5:30:01 AM
User: S-1-5-21-8505607215
Computer: Laptop
Description:
Software: Trend Micro PC-cillin Internet Security 2007 -- Configuration
failed.

Data:
0000: 7b 42 42 34 42 36 33 35 {BB4B635
0008: 35 2d 44 33 38 41 2d 34 5-D38A-4
0010: 39 32 43 2d 38 37 33 42 92C-873B
0018: 2d 41 31 42 32 43 46 36 -A1B2CF6
0020: 43 33 38 33 32 7d 2c 20 C3832},
0028: 31 36 30 32 1602


Event Type: Warning
Event Source: MsiInstaller
Event Category: None
Event ID: 1001
Date: 11/24/2007
Time: 5:29:46 AM
User: S-1-5-21-850560721
Computer: Laptop
Description:
Detection of product '{BB4B6355-D38A-492C-873B-A1B2CF6C3832}', feature
'Files' failed during request for component

'{ADECBE82-4097-11D4-A110-00500405613A}'

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Event Type: Warning
Event Source: MsiInstaller
Event Category: None
Event ID: 1004
Date: 11/24/2007
Time: 5:29:46 AM
User: S-1-5-21-850560721
Computer: Laptop
Description:
Detection of product '{BB4B6355-D38A-492C-873B-A1B2CF6C3832}', feature
'Files', component

'{5359409B-CA93-447E-B6EA-9EB1360DCD03}' failed. The resource
'C:\WINDOWS\system32\drivers\tmcomm.sys' does not exist.

Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 11/24/2007
Time: 5:11:34 AM
User: N/A
Computer: Laptop
Description: Faulting application iexplore.exe, version 6.0.2900.2180,
faulting module mshtml.dll, version 6.0.2900.3199,

fault address 0x0010f491.

Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 69 65 78 ure iex
0018: 70 6c 6f 72 65 2e 65 78 plore.ex
0020: 65 20 36 2e 30 2e 32 39 e 6.0.29
0028: 30 30 2e 32 31 38 30 20 00.2180
0030: 69 6e 20 6d 73 68 74 6d in mshtm
0038: 6c 2e 64 6c 6c 20 36 2e l.dll 6.
0040: 30 2e 32 39 30 30 2e 33 0.2900.3
0048: 31 39 39 20 61 74 20 6f 199 at o
0050: 66 66 73 65 74 20 30 30 ffset 00
0058: 31 30 66 34 39 31 0d 0a 10f491..
 
S

Svengali

Here is what the System Event Log looks like for that day. It looks like a
reinstall was initiated by whatever I did in TrendMicro. I have just included
a list of the significant events along with the descriptions to save time.
Most of the events were like the fifth one down, where an attempt was made to
replace various system files and drivers, but they were restored. There were
lot of these so I didn't include them. Hopefully this shed some insight as to
the best way to restore the system. Thanks.

Type Date Time Source Category Event User Computer

Information 11/24/2007 5:32:24 AM eventlog None 6006 N/A Laptop
Information 11/24/2007 5:31:27 AM Service Control Manager None 7036 N/A Laptop
Information 11/24/2007 5:29:52 AM Service Control Manager None 7036 N/A Laptop
Information 11/24/2007 5:29:51 AM Service Control
Manager None 7035 SYSTEM Laptop
Information 11/24/2007 5:28:27 AM Windows File
Protection None 64002 N/A Laptop
Information 11/24/2007 5:28:27 AM Windows File
Protection None 64002 N/A Laptop
Information 11/24/2007 5:28:27 AM Windows File
Protection None 64002 N/A Laptop
.. . . . . . . .
.. . . . . . . .
.. . . . . . . .
.. . . . . . . .
.. . . . . . . .

Information 11/24/2007 5:26:28 AM Application Popup None 26 N/A Laptop
Error 11/24/2007 5:26:19 AM sr None 1 N/A Laptop
Information 11/24/2007 5:26:19 AM Windows File
Protection None 64002 N/A Laptop
.. . . . . . . .
.. . . . . . . .
.. . . . . . . .

Information 11/24/2007 5:26:01 AM Windows File
Protection None 64002 N/A Laptop
Information 11/24/2007 4:56:35 AM Tcpip None 4201 N/A Laptop
Information 11/24/2007 4:40:35 AM Tcpip None 4201 N/A Laptop
Information 11/24/2007 3:39:35 AM Tcpip None 4201 N/A Laptop
Information 11/24/2007 1:16:49 AM WPDMTPDriver (16) 14000 N/A Laptop

---------------------------------------------------------------------
Event Type: Information
Event Source: EventLog
Event Category: None
Event ID: 6006
Date: 11/24/2007
Time: 5:32:24 AM
User: N/A
Computer: Laptop
Description:
The Event log service was stopped.

Data:
0000: ff 00 00 00 ÿ...


Event Type: Information
Event Source: Service Control Manager
Event Category: None
Event ID: 7036
Date: 11/24/2007
Time: 5:31:27 AM
User: N/A
Computer: Laptop
Description:
The Windows Installer service entered the stopped state.


Event Type: Information
Event Source: Service Control Manager
Event Category: None
Event ID: 7036
Date: 11/24/2007
Time: 5:29:52 AM
User: N/A
Computer: Laptop
Description:
The Windows Installer service entered the running state.


Event Type: Information
Event Source: Service Control Manager
Event Category: None
Event ID: 7035
Date: 11/24/2007
Time: 5:29:51 AM
User: NT AUTHORITY\SYSTEM
Computer: Laptop
Description:
The Windows Installer service was successfully sent a start control.

Event Type: Information
Event Source: Windows File Protection
Event Category: None
Event ID: 64002
Date: 11/24/2007
Time: 5:28:27 AM
User: N/A
Computer: Laptop
Description:
File replacement was attempted on the protected system file wstcodec.sys.
This file was restored to the original version to maintain system stability.
The file version of the system file is 5.3.0.900.

..
..
..
..
..

Event Type: Information
Event Source: Application Popup
Event Category: None
Event ID: 26
Date: 11/24/2007
Time: 5:26:28 AM
User: N/A
Computer: Laptop
Description:
Application popup: Windows File Protection : Possible reasons for this
problem:
• You have inserted the wrong CD. (i.e., a

different Windows product CD than the version installed)
• The CD-ROM drive in your system is not functioning.

For more

information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: sr
Event Category: None
Event ID: 1
Date: 11/24/2007
Time: 5:26:19 AM
User: N/A
Computer: Laptop
Description:
The System Restore filter encountered the unexpected error '0xC0000056'
while processing the file 'gm.dls.new' on the volume

'HarddiskVolume1'. It has stopped monitoring the volume.

Data:
0000: 04 00 00 00 04 00 4e 00 ......N.
0008: 00 00 00 00 01 00 00 c0 .......À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Information
Event Source: Windows File Protection
Event Category: None
Event ID: 64002
Date: 11/24/2007
Time: 5:26:19 AM
User: N/A
Computer: Laptop
Description:
File replacement was attempted on the protected system file
c:\windows\system32\drivers\ntfs.sys. This file was restored to the original
version to maintain system stability. The file version of the system file is
5.1.2600.3081.
..
..
..
..
Event Type: Information
Event Source: Tcpip
Event Category: None
Event ID: 4201
Date: 11/24/2007
Time: 4:56:35 AM
User: N/A
Computer: Laptop
Description:
The system detected that network adapter
\DEVICE\TCPIP_{A2ED5440-DDCB-4A96-A9A0-51EAB0C91BA1} was connected to the
network,

and has initiated normal operation over the network adapter.

Data:
0000: 00 00 00 00 02 00 50 00 ......P.
0008: 00 00 00 00 69 10 00 40 ....i..@
0010: 02 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
..
..
..

Event Type: Information
Event Source: WPDMTPDriver
Event Category: (16)
Event ID: 14000
Date: 11/24/2007
Time: 1:16:49 AM
User: N/A
Computer: Laptop
Description:
The description for Event ID ( 14000 ) in Source ( WPDMTPDriver ) cannot be
found. The local computer may not have the necessary registry information or
message DLL files to display messages from a remote computer. You may be able
to use the /AUXSOURCE= flag to retrieve this description; see Help and
Support for details. The following information is part of the event: MTP WPD
Driver.
 
S

Svengali

I made an error in my third post. That was the Application Event Log and not
the System Event Log.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top