| Events Summary | All Events | ||||||
| Report generated at: Tue, 15 Nov 11 12:02:04 +0100 | ||||||
|
||||||
| Report Summary | |||||||||||||||
|
|||||||||||||||
| Events Consolidated per Host |
| No. | Count | First Event | Last Event | Process | Type | Event ID | Description |
| 1 | 493 | 2011-10-21 08:09:48 | 2011-10-21 09:09:36 | Service Control Manager | INFO | 7040 | The start type of the Background Intelligent Transfer Service service was changed from demand start to auto start. |
| 2 | 492 | 2011-10-21 08:09:48 | 2011-10-21 09:09:48 | Service Control Manager | INFO | 7040 | The start type of the Background Intelligent Transfer Service service was changed from auto start to demand start. |
| 3 | 20 | 2011-10-21 09:10:07 | 2011-10-21 09:13:26 | Service Control Manager | INFO | 7035 | The .NET Runtime Optimization Service v2.0.50727_X86 service was successfully sent a pause control. |
| 4 | 15 | 2011-10-20 14:47:41 | 2011-10-21 09:13:40 | LoadPerf | INFO | 1000 | Performance counters for the WmiApRpl (WmiApRpl) service were loaded successfully. The Record Data contains the new index values assigned to this service. |
| 5 | 13 | 2011-10-20 14:47:41 | 2011-10-21 09:13:40 | LoadPerf | INFO | 1001 | Performance counters for the WmiApRpl (WmiApRpl) service were removed successfully. The Record Data contains the new values of the system Last Counter and Last Help registry entries. |
| 6 | 10 | 2011-10-20 14:53:53 | 2011-10-21 09:05:23 | Security | NOTICE | 680 | Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon account: Administrator Source Workstation: LOGANALYSER2003 Error Code: 0x0 |
| 7 | 8 | 2011-10-20 14:47:48 | 2011-10-21 08:44:28 | MSDTC | INFO | 4193 | MS DTC started with the following settings (OFF = 0 and ON = 1): Security Configuration: Network Administration of Transactions = 0, Network Clients = 0, Inbound Distributed Transactions using Native MSDTC Protocol = 0, Outbound Distributed Transactions using Native MSDTC Protocol = 0, Transaction Internet Protocol (TIP) = 0, XA Transactions = 0 Filtering Duplicate events = |
| 8 | 8 | 2011-10-20 14:47:53 | 2011-10-21 08:44:32 | COM+ | INFO | 781 | The COM+ sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\COM3\Eventlog. |
| 9 | 8 | 2011-10-20 14:47:49 | 2011-10-21 08:44:28 | EventSystem | INFO | 4625 | The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. |
| 10 | 7 | 2011-10-20 14:57:03 | 2011-10-21 09:20:41 | Service Control Manager | INFO | 7036 | The Windows Installer service entered the stopped state. |
| 11 | 7 | 2011-10-20 14:54:19 | 2011-10-21 09:12:55 | Service Control Manager | INFO | 7035 | The Windows Installer service was successfully sent a start control. |
| 12 | 7 | 2011-10-20 14:54:19 | 2011-10-21 09:12:55 | Service Control Manager | INFO | 7036 | The Windows Installer service entered the running state. |
| 13 | 7 | 2011-10-20 14:52:04 | 2011-10-21 09:20:42 | SECURITY | NOTICE | 513 | Windows is shutting down. All logon sessions will be terminated by this shutdown. |
| 14 | 7 | 2011-10-20 14:46:36 | 2011-10-21 08:44:21 | IPSec | INFO | 4295 | The IPSec Driver is starting in Bypass mode. No IPSec security is being applied while this computer starts up. IPSec policies, if they have been assigned, will be applied to this computer after the IPSec services start. |
| 15 | 6 | 2011-10-20 14:52:30 | 2011-10-21 08:44:27 | Security | NOTICE | 576 | Special privileges assigned to new logon: User Name: LOCAL SERVICE Domain: NT AUTHORITY Logon ID: (0x0,0x3E5) Privileges: SeAuditPrivilege SeAssignPrimaryTokenPrivilege SeImpersonatePrivilege |
| 16 | 6 | 2011-10-20 14:52:30 | 2011-10-21 08:44:27 | Security | NOTICE | 576 | Special privileges assigned to new logon: User Name: NETWORK SERVICE Domain: NT AUTHORITY Logon ID: (0x0,0x3E4) Privileges: SeAuditPrivilege SeAssignPrimaryTokenPrivilege SeImpersonatePrivilege |
| 17 | 6 | 2011-10-20 14:52:04 | 2011-10-21 09:20:42 | EventLog | INFO | 6006 | The Event log service was stopped. |
| 18 | 6 | 2011-10-20 14:52:30 | 2011-10-21 08:44:27 | Security | NOTICE | 528 | Successful Logon: User Name: SYSTEM Domain: NT AUTHORITY Logon ID: (0x0,0x3E7) Logon Type: 0 Logon Process: - Authentication Package: - Workstation Name: - Logon GUID: - Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: 4 Transited Services: - Source Network Address: - Source Port: - |
| 19 | 6 | 2011-10-20 14:56:16 | 2011-10-21 08:44:28 | VMTools | INFO | 105 | The service was started. |
| 20 | 5 | 2011-10-20 14:54:19 | 2011-10-21 08:47:17 | Service Control Manager | INFO | 7035 | The Application Layer Gateway Service service was successfully sent a start control. |
| 21 | 5 | 2011-10-20 14:54:19 | 2011-10-21 08:47:17 | Service Control Manager | INFO | 7036 | The Application Layer Gateway Service service entered the running state. |
| 22 | 5 | 2011-10-20 14:54:19 | 2011-10-21 08:47:17 | Service Control Manager | INFO | 7036 | The Computer Browser service entered the stopped state. |
| 23 | 5 | 2011-10-20 14:56:16 | 2011-10-21 08:47:17 | Service Control Manager | INFO | 7036 | The COM+ System Application service entered the running state. |
| 24 | 5 | 2011-10-20 14:54:19 | 2011-10-21 08:47:17 | Service Control Manager | INFO | 7036 | The Terminal Services service entered the running state. |
| 25 | 5 | 2011-10-21 08:14:47 | 2011-10-21 09:14:37 | Service Control Manager | INFO | 7036 | The .NET Runtime Optimization Service v2.0.50727_X86 service entered the running state. |
| 26 | 5 | 2011-10-20 14:56:16 | 2011-10-21 08:47:17 | Service Control Manager | INFO | 7035 | The COM+ System Application service was successfully sent a start control. |
| 27 | 5 | 2011-10-20 14:52:26 | 2011-10-21 08:44:22 | DCOM | INFO | 10026 | The COM sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\Ole\EventLog. |
| 28 | 5 | 2011-10-20 14:52:25 | 2011-10-21 08:44:22 | EventLog | INFO | 6005 | The Event log service was started. |
| 29 | 5 | 2011-10-20 14:54:19 | 2011-10-21 08:47:17 | Service Control Manager | INFO | 7035 | The Terminal Services service was successfully sent a start control. |
| 30 | 5 | 2011-10-20 14:52:25 | 2011-10-21 08:44:22 | EventLog | INFO | 6009 | Microsoft (R) Windows (R) 5.02. 3790 Service Pack 2 Multiprocessor Free. |
| 31 | 5 | 2011-10-20 14:52:26 | 2011-10-21 08:44:28 | AeLookupSvc | INFO | 3 | The Application Experience Lookup service started successfully. |
| 32 | 5 | 2011-10-20 14:54:19 | 2011-10-21 08:47:17 | Service Control Manager | INFO | 7036 | The Network Location Awareness (NLA) service entered the running state. |
| 33 | 5 | 2011-10-20 14:54:19 | 2011-10-21 08:47:17 | Service Control Manager | INFO | 7035 | The Network Location Awareness (NLA) service was successfully sent a start control. |
| 34 | 5 | 2011-10-20 14:52:26 | 2011-10-21 08:44:28 | IPSec | INFO | 4294 | The IPSec driver has entered Secure mode. IPSec policies, if they have been configured, are now being applied to this computer. |
| 35 | 4 | 2011-10-21 08:14:47 | 2011-10-21 09:14:37 | Service Control Manager | INFO | 7035 | The .NET Runtime Optimization Service v2.0.50727_X86 service was successfully sent a start control. |
| 36 | 4 | 2011-10-20 14:48:42 | 2011-10-20 14:50:20 | symmpi | ERR | 9 | The device, \Device\Scsi\symmpi1, did not respond within the timeout period. |
| 37 | 4 | 2011-10-20 14:57:22 | 2011-10-21 08:44:27 | Security | NOTICE | 528 | Successful Logon: User Name: LOCAL SERVICE Domain: NT AUTHORITY Logon ID: (0x0,0x3E5) Logon Type: 5 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: Logon GUID: - Caller User Name: LOGANALYSER2003$ Caller Domain: LOGANALYZER Caller Logon ID: (0x0,0x3E7) Caller Process ID: 404 Transited Services: - Source Network Address: - Source Port: - |
| 38 | 4 | 2011-10-21 07:43:01 | 2011-10-21 08:06:17 | Security | NOTICE | 552 | Logon attempt using explicit credentials: Logged on user: User Name: LOGANALYSER2003$ Domain: LOGANALYZER Logon ID: (0x0,0x3E7) Logon GUID: - User whose credentials were used: Target User Name: Administrator Target Domain: LOGANALYSER2003 Target Logon GUID: - Target Server Name: localhost Target Server Info: localhost Caller Process ID: 356 Source Network Address: 127.0.0.1 Source Port: 0 |
| 39 | 4 | 2011-10-21 08:20:23 | 2011-10-21 08:40:52 | Service Control Manager | INFO | 7035 | The Microsoft .NET Framework v1.1.4322 Update service was successfully sent a stop control. |
| 40 | 4 | 2011-10-20 14:57:22 | 2011-10-21 08:44:27 | Security | NOTICE | 528 | Successful Logon: User Name: NETWORK SERVICE Domain: NT AUTHORITY Logon ID: (0x0,0x3E4) Logon Type: 5 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: Logon GUID: - Caller User Name: LOGANALYSER2003$ Caller Domain: LOGANALYZER Caller Logon ID: (0x0,0x3E7) Caller Process ID: 404 Transited Services: - Source Network Address: - Source Port: - |
| 41 | 4 | 2011-10-21 08:20:23 | 2011-10-21 08:40:52 | Service Control Manager | INFO | 7036 | The Microsoft .NET Framework v1.1.4322 Update service entered the stopped state. |
| 42 | 4 | 2011-10-21 08:20:14 | 2011-10-21 08:40:45 | Service Control Manager | INFO | 7036 | The Microsoft .NET Framework v1.1.4322 Update service entered the running state. |
| 43 | 4 | 2011-10-21 08:20:14 | 2011-10-21 08:40:45 | Service Control Manager | INFO | 7035 | The Microsoft .NET Framework v1.1.4322 Update service was successfully sent a start control. |
| 44 | 4 | 2011-10-21 08:17:47 | 2011-10-21 09:19:46 | Service Control Manager | INFO | 7036 | The .NET Runtime Optimization Service v2.0.50727_X86 service entered the stopped state. |
| 45 | 4 | 2011-10-21 08:14:18 | 2011-10-21 09:14:28 | LoadPerf | INFO | 1000 | Performance counters for the aspnet_state (ASP.NET State Service) service were loaded successfully. The Record Data contains the new index values assigned to this service. |
| 46 | 4 | 2011-10-21 08:14:15 | 2011-10-21 09:14:28 | ASP.NET 2.0.50727.0 | INFO | 1017 | Start registering ASP.NET (version 2.0.50727.0) (internal flag: 0x00000406) |
| 47 | 4 | 2011-10-20 14:48:59 | 2011-10-20 14:48:59 | PassportManager | INFO | 5008 | Passport Manager configuration ok. |
| 48 | 4 | 2011-10-21 08:15:13 | 2011-10-21 09:14:46 | LoadPerf | INFO | 1002 | Performance counters for the .NETFramework (.NETFramework) service are already in Performance Registry, no need to re-install again. |
| 49 | 4 | 2011-10-21 08:14:22 | 2011-10-21 09:14:32 | LoadPerf | INFO | 1000 | Performance counters for the ASP.NET_2.0.50727 (ASP.NET_2.0.50727) service were loaded successfully. The Record Data contains the new index values assigned to this service. |
| 50 | 4 | 2011-10-21 08:13:08 | 2011-10-21 08:16:03 | MsiInstaller | INFO | 11707 | Product: Microsoft .NET Framework 2.0 -- Installation completed successfully. |
| 51 | 4 | 2011-10-21 08:14:26 | 2011-10-21 09:14:36 | LoadPerf | INFO | 1000 | Performance counters for the ASP.NET (ASP.NET) service were loaded successfully. The Record Data contains the new index values assigned to this service. |
| 52 | 4 | 2011-10-21 08:15:13 | 2011-10-21 09:14:46 | LoadPerf | INFO | 1002 | Performance counters for the .NET CLR Data (.NET CLR Data) service are already in Performance Registry, no need to re-install again. |
| 53 | 4 | 2011-10-21 08:15:12 | 2011-10-21 09:14:46 | LoadPerf | INFO | 1002 | Performance counters for the .NET CLR Networking (.NET CLR Networking) service are already in Performance Registry, no need to re-install again. |
| 54 | 4 | 2011-10-21 08:14:26 | 2011-10-21 09:14:36 | ASP.NET 2.0.50727.0 | WARNING | 1020 | Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i. |
| 55 | 3 | 2011-10-20 15:00:35 | 2011-10-21 08:48:36 | Service Control Manager | INFO | 7036 | The VMware Snapshot Provider service entered the stopped state. |
| 56 | 3 | 2011-10-20 14:59:13 | 2011-10-21 08:47:17 | Service Control Manager | INFO | 7035 | The Volume Shadow Copy service was successfully sent a start control. |
| 57 | 3 | 2011-10-20 15:00:36 | 2011-10-21 08:48:37 | Service Control Manager | INFO | 7036 | The Volume Shadow Copy service entered the stopped state. |
| 58 | 3 | 2011-10-21 08:16:04 | 2011-10-21 09:12:54 | Service Control Manager | INFO | 7035 | The Windows Installer service was successfully sent a stop control. |
| 59 | 3 | 2011-10-20 14:59:13 | 2011-10-21 08:47:17 | Service Control Manager | INFO | 7036 | The VMware Snapshot Provider service entered the running state. |
| 60 | 3 | 2011-10-21 08:09:47 | 2011-10-21 09:09:36 | Service Control Manager | INFO | 7036 | The Background Intelligent Transfer Service service entered the running state. |
| 61 | 3 | 2011-10-21 08:09:47 | 2011-10-21 09:09:36 | Service Control Manager | INFO | 7035 | The Background Intelligent Transfer Service service was successfully sent a start control. |
| 62 | 3 | 2011-10-20 14:59:13 | 2011-10-21 08:47:17 | Service Control Manager | INFO | 7036 | The Volume Shadow Copy service entered the running state. |
| 63 | 3 | 2011-10-20 14:56:10 | 2011-10-21 09:05:37 | Service Control Manager | INFO | 7036 | The Remote Access Connection Manager service entered the running state. |
| 64 | 3 | 2011-10-20 14:56:10 | 2011-10-21 09:05:37 | Service Control Manager | INFO | 7036 | The Telephony service entered the running state. |
| 65 | 3 | 2011-10-20 14:59:13 | 2011-10-21 08:47:17 | Service Control Manager | INFO | 7035 | The VMware Snapshot Provider service was successfully sent a start control. |
| 66 | 3 | 2011-10-20 14:56:16 | 2011-10-21 09:12:31 | Service Control Manager | INFO | 7035 | The WinHTTP Web Proxy Auto-Discovery Service service was successfully sent a start control. |
| 67 | 3 | 2011-10-20 14:56:10 | 2011-10-21 09:05:37 | Service Control Manager | INFO | 7035 | The Remote Access Connection Manager service was successfully sent a start control. |
| 68 | 3 | 2011-10-20 14:56:16 | 2011-10-21 09:12:31 | Service Control Manager | INFO | 7036 | The WinHTTP Web Proxy Auto-Discovery Service service entered the running state. |
| 69 | 3 | 2011-10-20 14:57:24 | 2011-10-21 08:44:28 | LGTO_Sync | INFO | 1 | The description for Event ID ( 1 ) in Source ( LGTO_Sync ) could not be found. It contains the following insertion string(s): The Driver was loaded successfully |
| 70 | 2 | 2011-10-20 14:49:07 | 2011-10-20 14:49:07 | DSReplicationProvider | INFO | 1 | The DS WMI Replication provider (Replprov) MOF file was successfully compiled into the WMI repository. |
| 71 | 2 | 2011-10-20 14:49:13 | 2011-10-20 14:49:13 | SceCli | INFO | 1500 | Security configuration was backed up to C:\WINDOWS\security\templates\setup security.inf. |
| 72 | 2 | 2011-10-20 14:49:07 | 2011-10-20 14:49:07 | TrustMonitor | INFO | 1 | The TrustMon MOF file was successfully compiled into the WMI repository. |
| 73 | 2 | 2011-10-20 14:48:59 | 2011-10-20 14:48:59 | PassportManager | INFO | 5000 | Passport Manager process started successfully. |
| 74 | 2 | 2011-10-20 14:49:04 | 2011-10-20 14:49:04 | WmdmPmSN | INFO | 100 | The WmdmPmSN service was installed. |
| 75 | 2 | 2011-10-20 14:52:03 | 2011-10-20 14:52:03 | PassportManager | INFO | 5001 | Passport Manager process was stopped. |
| 76 | 2 | 2011-10-20 14:48:59 | 2011-10-20 14:48:59 | PassportManager | INFO | 5011 | A new key has been installed. |
| 77 | 2 | 2011-10-20 14:57:03 | 2011-10-20 14:57:03 | MsiInstaller | INFO | 1005 | The Windows Installer initiated a system restart to complete or continue the configuration of 'VMware Tools'. |
| 78 | 2 | 2011-10-21 08:14:26 | 2011-10-21 08:14:26 | ASP.NET 2.0.50727.0 | INFO | 1019 | Finish registering ASP.NET (version 2.0.50727.0). Detailed registration logs can be found in C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ASPNETSetup_00000.log |
| 79 | 2 | 2011-10-20 14:48:30 | 2011-10-20 14:48:30 | LoadPerf | INFO | 1002 | Performance counters for the IPSec (IPSEC driver) service are already in Performance Registry, no need to re-install again. |
| 80 | 2 | 2011-10-21 08:13:31 | 2011-10-21 08:13:31 | MsiInstaller | INFO | 1025 | Product: Microsoft .NET Framework 2.0. The file C:\WINDOWS\system32\mscoree.dll is being held in use by the following process Name: IEXPLORE , Id 376. |
| 81 | 2 | 2011-10-20 14:57:03 | 2011-10-20 14:57:03 | MsiInstaller | INFO | 11707 | Product: VMware Tools -- Installation operation completed successfully. |
| 82 | 2 | 2011-10-20 14:55:21 | 2011-10-20 14:55:21 | NtServicePack | INFO | 4377 | The description for Event ID ( 4377 ) in Source ( NtServicePack ) could not be found. It contains the following insertion string(s): Windows Server 2003 R2 R2-In-band |
| 83 | 2 | 2011-10-20 14:55:31 | 2011-10-20 14:55:31 | NtServicePack | INFO | 4377 | The description for Event ID ( 4377 ) in Source ( NtServicePack ) could not be found. It contains the following insertion string(s): Windows Server 2003 R2 R2-New-files |
| 84 | 2 | 2011-10-20 14:52:26 | 2011-10-20 14:52:26 | ESENT | INFO | 100 | svchost (840) The database engine 5.02.3790.3959 started. |
| 85 | 2 | 2011-10-20 14:47:41 | 2011-10-20 14:47:41 | LoadPerf | INFO | 1000 | Performance counters for the TermService (Terminal Services) service were loaded successfully. The Record Data contains the new index values assigned to this service. |
| 86 | 2 | 2011-10-20 14:47:48 | 2011-10-20 14:47:48 | MSDTC | INFO | 4104 | The Microsoft Distributed Transaction Coordinator service was successfully installed |
| 87 | 2 | 2011-10-20 14:47:53 | 2011-10-20 14:47:53 | COM+ | INFO | 4156 | String message: First attemp to CoCreateInstance(CLSID_ComSystemAppEventData) failed! |
| 88 | 2 | 2011-10-20 14:47:48 | 2011-10-20 14:47:48 | LoadPerf | INFO | 1002 | Performance counters for the MSDTC (Distributed Transaction Coordinator) service are already in Performance Registry, no need to re-install again. |
| 89 | 2 | 2011-10-20 14:47:48 | 2011-10-20 14:47:48 | LoadPerf | INFO | 1000 | Performance counters for the MSDTC (MSDTC) service were loaded successfully. The Record Data contains the new index values assigned to this service. |
| 90 | 2 | 2011-10-20 14:46:36 | 2011-10-20 14:46:36 | LoadPerf | INFO | 1000 | Performance counters for the IPSec (IPSEC driver) service were loaded successfully. The Record Data contains the new index values assigned to this service. |
| 91 | 2 | 2011-10-20 14:46:38 | 2011-10-20 14:46:38 | LoadPerf | INFO | 1000 | Performance counters for the RemoteAccess (Routing and Remote Access) service were loaded successfully. The Record Data contains the new index values assigned to this service. |
| 92 | 2 | 2011-10-20 14:47:53 | 2011-10-20 14:47:53 | COM+ | INFO | 4156 | String message: Remove old EventClass(CLSID_ComSystemAppEventData) from event system!. |
| 93 | 2 | 2011-10-20 14:47:53 | 2011-10-20 14:47:53 | COM+ | INFO | 4156 | String message: Added EventClass(CLSID_ComSystemAppEventData) to event system!. |
| 94 | 2 | 2011-10-20 14:48:10 | 2011-10-20 14:48:10 | LoadPerf | INFO | 1000 | Performance counters for the ContentIndex (ContentIndex) service were loaded successfully. The Record Data contains the new index values assigned to this service. |
| 95 | 2 | 2011-10-20 14:48:10 | 2011-10-20 14:48:10 | LoadPerf | INFO | 1000 | Performance counters for the ContentFilter (ContentFilter) service were loaded successfully. The Record Data contains the new index values assigned to this service. |
| 96 | 2 | 2011-10-20 14:48:09 | 2011-10-20 14:48:09 | LoadPerf | INFO | 1000 | Performance counters for the .NETFramework (.NETFramework) service were loaded successfully. The Record Data contains the new index values assigned to this service. |
| 97 | 2 | 2011-10-20 14:48:02 | 2011-10-20 14:48:02 | LoadPerf | INFO | 1000 | Performance counters for the .NET CLR Networking (.NET CLR Networking) service were loaded successfully. The Record Data contains the new index values assigned to this service. |
| 98 | 2 | 2011-10-20 14:47:53 | 2011-10-20 14:47:53 | COM+ | INFO | 4156 | String message: RegisterComSystemAppEventData() succeeded! Will re-try CoCreateInstance(CLSID_ComSystemAppEventData) |
| 99 | 2 | 2011-10-20 14:48:02 | 2011-10-20 14:48:02 | LoadPerf | INFO | 1000 | Performance counters for the .NET CLR Data (.NET CLR Data) service were loaded successfully. The Record Data contains the new index values assigned to this service. |
| 100 | 2 | 2011-10-20 14:48:10 | 2011-10-20 14:48:10 | LoadPerf | INFO | 1000 | Performance counters for the ISAPISearch (ISAPISearch) service were loaded successfully. The Record Data contains the new index values assigned to this service. |
| No. | Count | First Event | Last Event | Process | Type | Event ID | Description |
| 1 | 46 | 2011-10-22 07:29:36 | 2011-11-14 10:48:10 | WinHttpAutoProxySvc | INFO | 12503 | The WinHTTP Web Proxy Auto-Discovery Service has been idle for 15 minutes, it will be shut down. |
| 2 | 46 | 2011-10-22 07:29:36 | 2011-11-14 10:48:10 | Service Control Manager | INFO | 7036 | The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state. |
| 3 | 46 | 2011-10-22 07:29:36 | 2011-11-14 10:48:10 | WinHttpAutoProxySvc | INFO | 12517 | The WinHTTP Web Proxy Auto-Discovery Service suspended operation. |
| 4 | 45 | 2011-10-21 09:37:27 | 2011-11-14 10:31:40 | Service Control Manager | INFO | 7036 | The WinHTTP Web Proxy Auto-Discovery Service service entered the running state. |
| 5 | 45 | 2011-10-21 09:37:27 | 2011-11-14 10:31:40 | Service Control Manager | INFO | 7035 | The WinHTTP Web Proxy Auto-Discovery Service service was successfully sent a start control. |
| 6 | 8 | 2011-10-21 09:39:30 | 2011-10-21 10:01:03 | Service Control Manager | INFO | 7036 | The .NET Runtime Optimization Service v2.0.50727_X86 service entered the stopped state. |
| 7 | 8 | 2011-10-21 09:38:45 | 2011-10-21 09:46:45 | Service Control Manager | INFO | 7036 | The .NET Runtime Optimization Service v2.0.50727_X86 service entered the running state. |
| 8 | 8 | 2011-10-21 09:38:45 | 2011-10-21 09:46:45 | Service Control Manager | INFO | 7035 | The .NET Runtime Optimization Service v2.0.50727_X86 service was successfully sent a start control. |
| 9 | 7 | 2011-10-21 09:37:43 | 2011-11-09 15:22:47 | Service Control Manager | INFO | 7040 | The start type of the Background Intelligent Transfer Service service was changed from auto start to demand start. |
| 10 | 7 | 2011-10-21 09:39:30 | 2011-10-21 09:46:12 | Service Control Manager | INFO | 7035 | The .NET Runtime Optimization Service v2.0.50727_X86 service was successfully sent a stop control. |
| 11 | 7 | 2011-10-21 09:37:43 | 2011-11-09 15:22:47 | Service Control Manager | INFO | 7040 | The start type of the Background Intelligent Transfer Service service was changed from demand start to auto start. |
| 12 | 5 | 2011-10-21 09:41:59 | 2011-10-21 09:46:46 | MsiInstaller | INFO | 11728 | Product: Microsoft .NET Framework 2.0 Service Pack 2 -- Configuration completed successfully. |
| 13 | 5 | 2011-10-22 09:51:39 | 2011-11-11 15:09:52 | W32Time | WARNING | 36 | The time service has not synchronized the system time for 86400 seconds because none of the time service providers provided a usable time stamp. The time service is no longer synchronized and cannot provide the time to other clients or update the system clock. Monitor the system events displayed in the Event Viewer to make sure that a more serious problem does not exist. |
| 14 | 5 | 2011-10-21 09:41:59 | 2011-10-21 09:46:46 | LoadPerf | INFO | 1002 | Performance counters for the .NETFramework (.NETFramework) service are already in Performance Registry, no need to re-install again. |
| 15 | 5 | 2011-10-21 09:38:22 | 2011-10-21 09:38:44 | Windows Update Agent | INFO | 18 | Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on Saturday, October 22, 2011 at 3:00 AM: - Update for Windows Server 2003 (KB970430) - Security Update for Internet Explorer 8 for Windows Server 2003 (KB2544521) - Microsoft .NET Framework 3.5 SP1 and .NET Framework 2.0 SP2 Security Update for Windows 2000, Windows Server 2003, and Windows XP x86 (KB979909) - Microsoft .NET Framework 3.5 SP1 Update for Windows Server 2003 and Windows XP x86 (KB982168) - Update for Windows Server 2003 (KB2345886) - Security Update for Microsoft .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2418241) - Security Update for Windows Server 2003 (KB2510531) - Update to .NET Framework 3.5 Service Pack 1 for the .NET Framework Assistant 1.0 x86 (KB963707) - Microsoft .NET Framework 3.5 SP1 and .NET Framework 2.0 SP2 Update for Windows Server 2003 and Windows XP x86 (KB982524) - Security Update for Microsoft .NET Framework 3.5 SP1 on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 x86 (KB2416473) - Security Update for Microsoft XML Core Services |
| 16 | 5 | 2011-10-21 09:41:59 | 2011-10-21 09:46:45 | LoadPerf | INFO | 1002 | Performance counters for the .NET Data Provider for Oracle (.NET Data Provider for Oracle) service are already in Performance Registry, no need to re-install again. |
| 17 | 5 | 2011-10-21 09:41:59 | 2011-10-21 09:46:45 | LoadPerf | INFO | 1002 | Performance counters for the .NET CLR Data (.NET CLR Data) service are already in Performance Registry, no need to re-install again. |
| 18 | 5 | 2011-10-21 09:41:59 | 2011-10-21 09:46:45 | LoadPerf | INFO | 1002 | Performance counters for the .NET Data Provider for SqlServer (.NET Data Provider for SqlServer) service are already in Performance Registry, no need to re-install again. |
| 19 | 5 | 2011-10-21 09:41:59 | 2011-10-21 09:46:45 | LoadPerf | INFO | 1002 | Performance counters for the .NET CLR Networking (.NET CLR Networking) service are already in Performance Registry, no need to re-install again. |
| 20 | 4 | 2011-10-21 09:22:48 | 2011-10-24 07:46:13 | Service Control Manager | INFO | 7036 | The Volume Shadow Copy service entered the running state. |
| 21 | 4 | 2011-10-21 09:22:48 | 2011-10-24 07:46:13 | Service Control Manager | INFO | 7035 | The Terminal Services service was successfully sent a start control. |
| 22 | 4 | 2011-10-21 09:22:48 | 2011-10-24 07:46:13 | Service Control Manager | INFO | 7035 | The Volume Shadow Copy service was successfully sent a start control. |
| 23 | 4 | 2011-10-21 09:22:48 | 2011-10-24 07:46:13 | Service Control Manager | INFO | 7035 | The Application Layer Gateway Service service was successfully sent a start control. |
| 24 | 4 | 2011-10-21 09:22:48 | 2011-10-24 07:46:13 | Service Control Manager | INFO | 7035 | The COM+ System Application service was successfully sent a start control. |
| 25 | 4 | 2011-10-21 09:22:48 | 2011-10-24 07:46:13 | Service Control Manager | INFO | 7036 | The COM+ System Application service entered the running state. |
| 26 | 4 | 2011-10-21 09:22:48 | 2011-10-24 07:46:13 | Service Control Manager | INFO | 7036 | The Terminal Services service entered the running state. |
| 27 | 4 | 2011-10-21 09:22:48 | 2011-10-24 07:46:13 | Service Control Manager | INFO | 7036 | The Application Layer Gateway Service service entered the running state. |
| 28 | 4 | 2011-10-21 09:42:55 | 2011-10-21 09:46:35 | LoadPerf | INFO | 1001 | Performance counters for the ASP.NET_2.0.50727 (ASP.NET_2.0.50727) service were removed successfully. The Record Data contains the new values of the system Last Counter and Last Help registry entries. |
| 29 | 4 | 2011-10-21 09:43:04 | 2011-10-21 09:46:43 | LoadPerf | INFO | 1000 | Performance counters for the ASP.NET (ASP.NET) service were loaded successfully. The Record Data contains the new index values assigned to this service. |
| 30 | 4 | 2011-10-21 09:43:04 | 2011-10-21 09:46:43 | ASP.NET 2.0.50727.0 | WARNING | 1020 | Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i. |
| 31 | 4 | 2011-10-21 09:22:48 | 2011-10-24 07:46:13 | Service Control Manager | INFO | 7036 | The VMware Snapshot Provider service entered the running state. |
| 32 | 4 | 2011-10-21 09:43:00 | 2011-10-21 09:46:39 | LoadPerf | INFO | 1001 | Performance counters for the ASP.NET (ASP.NET) service were removed successfully. The Record Data contains the new values of the system Last Counter and Last Help registry entries. |
| 33 | 4 | 2011-10-21 09:43:00 | 2011-10-21 09:46:39 | LoadPerf | INFO | 1000 | Performance counters for the ASP.NET_2.0.50727 (ASP.NET_2.0.50727) service were loaded successfully. The Record Data contains the new index values assigned to this service. |
| 34 | 4 | 2011-10-21 09:42:55 | 2011-10-21 09:46:35 | ASP.NET 2.0.50727.0 | INFO | 1017 | Start registering ASP.NET (version 2.0.50727.0) (internal flag: 0x00000406) |
| 35 | 4 | 2011-10-21 09:42:56 | 2011-10-21 09:46:35 | LoadPerf | INFO | 1000 | Performance counters for the aspnet_state (ASP.NET State Service) service were loaded successfully. The Record Data contains the new index values assigned to this service. |
| 36 | 4 | 2011-10-21 09:22:48 | 2011-10-24 07:46:13 | Service Control Manager | INFO | 7036 | The Computer Browser service entered the stopped state. |
| 37 | 4 | 2011-10-21 09:42:56 | 2011-10-21 09:46:35 | LoadPerf | INFO | 1001 | Performance counters for the aspnet_state (ASP.NET State Service) service were removed successfully. The Record Data contains the new values of the system Last Counter and Last Help registry entries. |
| 38 | 4 | 2011-10-21 09:20:58 | 2011-10-24 07:45:23 | Security | NOTICE | 576 | Special privileges assigned to new logon: User Name: LOCAL SERVICE Domain: NT AUTHORITY Logon ID: (0x0,0x3E5) Privileges: SeAuditPrivilege SeAssignPrimaryTokenPrivilege SeImpersonatePrivilege |
| 39 | 4 | 2011-10-21 09:20:53 | 2011-10-24 07:45:18 | EventLog | INFO | 6009 | Microsoft (R) Windows (R) 5.02. 3790 Service Pack 2 Multiprocessor Free. |
| 40 | 4 | 2011-10-21 09:20:53 | 2011-10-24 07:45:18 | EventLog | INFO | 6005 | The Event log service was started. |
| 41 | 4 | 2011-10-21 09:20:58 | 2011-10-24 07:45:23 | Security | NOTICE | 528 | Successful Logon: User Name: SYSTEM Domain: NT AUTHORITY Logon ID: (0x0,0x3E7) Logon Type: 0 Logon Process: - Authentication Package: - Workstation Name: - Logon GUID: - Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: 4 Transited Services: - Source Network Address: - Source Port: - |
| 42 | 4 | 2011-10-21 09:21:00 | 2011-10-24 07:45:25 | VMTools | INFO | 105 | The service was started. |
| 43 | 4 | 2011-10-21 09:22:48 | 2011-10-24 07:46:13 | Service Control Manager | INFO | 7036 | The Network Location Awareness (NLA) service entered the running state. |
| 44 | 4 | 2011-10-21 09:21:00 | 2011-10-24 07:45:25 | MSDTC | INFO | 4193 | MS DTC started with the following settings (OFF = 0 and ON = 1): Security Configuration: Network Administration of Transactions = 0, Network Clients = 0, Inbound Distributed Transactions using Native MSDTC Protocol = 0, Outbound Distributed Transactions using Native MSDTC Protocol = 0, Transaction Internet Protocol (TIP) = 0, XA Transactions = 0 Filtering Duplicate events = |
| 45 | 4 | 2011-10-21 09:21:00 | 2011-10-24 07:45:25 | EventSystem | INFO | 4625 | The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. |
| 46 | 4 | 2011-10-21 09:20:53 | 2011-10-24 07:45:18 | DCOM | INFO | 10026 | The COM sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\Ole\EventLog. |
| 47 | 4 | 2011-10-21 09:20:58 | 2011-10-24 07:45:23 | Security | NOTICE | 576 | Special privileges assigned to new logon: User Name: NETWORK SERVICE Domain: NT AUTHORITY Logon ID: (0x0,0x3E4) Privileges: SeAuditPrivilege SeAssignPrimaryTokenPrivilege SeImpersonatePrivilege |
| 48 | 4 | 2011-10-21 09:21:00 | 2011-10-24 07:45:25 | IPSec | INFO | 4294 | The IPSec driver has entered Secure mode. IPSec policies, if they have been configured, are now being applied to this computer. |
| 49 | 4 | 2011-10-21 09:22:48 | 2011-10-24 07:46:13 | Service Control Manager | INFO | 7035 | The VMware Snapshot Provider service was successfully sent a start control. |
| 50 | 4 | 2011-10-21 09:21:00 | 2011-10-24 07:45:25 | AeLookupSvc | INFO | 3 | The Application Experience Lookup service started successfully. |
| 51 | 4 | 2011-10-21 09:20:53 | 2011-10-24 07:45:13 | IPSec | INFO | 4295 | The IPSec Driver is starting in Bypass mode. No IPSec security is being applied while this computer starts up. IPSec policies, if they have been assigned, will be applied to this computer after the IPSec services start. |
| 52 | 4 | 2011-10-21 09:21:00 | 2011-10-24 07:45:24 | LGTO_Sync | INFO | 1 | The description for Event ID ( 1 ) in Source ( LGTO_Sync ) could not be found. It contains the following insertion string(s): The Driver was loaded successfully |
| 53 | 4 | 2011-10-21 09:21:03 | 2011-10-24 07:45:29 | COM+ | INFO | 781 | The COM+ sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\COM3\Eventlog. |
| 54 | 4 | 2011-10-21 09:24:00 | 2011-11-15 10:53:15 | Security | NOTICE | 680 | Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon account: Administrator Source Workstation: LOGANALYZER2003 Error Code: 0x0 |
| 55 | 4 | 2011-10-21 09:22:48 | 2011-10-24 07:46:13 | Service Control Manager | INFO | 7035 | The Network Location Awareness (NLA) service was successfully sent a start control. |
| 56 | 3 | 2011-10-21 09:24:04 | 2011-10-24 07:48:32 | Service Control Manager | INFO | 7036 | The VMware Snapshot Provider service entered the stopped state. |
| 57 | 3 | 2011-10-21 09:24:05 | 2011-10-24 07:48:34 | Service Control Manager | INFO | 7036 | The Volume Shadow Copy service entered the stopped state. |
| 58 | 3 | 2011-10-21 09:25:00 | 2011-10-24 07:49:27 | LoadPerf | INFO | 1000 | Performance counters for the WmiApRpl (WmiApRpl) service were loaded successfully. The Record Data contains the new index values assigned to this service. |
| 59 | 3 | 2011-10-21 09:20:58 | 2011-10-21 09:51:37 | Security | NOTICE | 528 | Successful Logon: User Name: NETWORK SERVICE Domain: NT AUTHORITY Logon ID: (0x0,0x3E4) Logon Type: 5 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: Logon GUID: - Caller User Name: LOGANALYZER2003$ Caller Domain: LOGANALYZER Caller Logon ID: (0x0,0x3E7) Caller Process ID: 404 Transited Services: - Source Network Address: - Source Port: - |
| 60 | 3 | 2011-10-21 09:25:00 | 2011-10-24 07:49:27 | LoadPerf | INFO | 1001 | Performance counters for the WmiApRpl (WmiApRpl) service were removed successfully. The Record Data contains the new values of the system Last Counter and Last Help registry entries. |
| 61 | 3 | 2011-10-21 09:20:58 | 2011-10-21 09:51:37 | Security | NOTICE | 528 | Successful Logon: User Name: LOCAL SERVICE Domain: NT AUTHORITY Logon ID: (0x0,0x3E5) Logon Type: 5 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: Logon GUID: - Caller User Name: LOGANALYZER2003$ Caller Domain: LOGANALYZER Caller Logon ID: (0x0,0x3E7) Caller Process ID: 404 Transited Services: - Source Network Address: - Source Port: - |
| 62 | 2 | 2011-10-21 09:40:08 | 2011-10-21 09:42:05 | HTTP | INFO | 15007 | Reservation for namespace identified by URL prefix http://+:80/Temporary_Listen_Addresses/ was successfully added. |
| 63 | 2 | 2011-10-21 09:47:48 | 2011-10-21 09:51:04 | SECURITY | NOTICE | 513 | Windows is shutting down. All logon sessions will be terminated by this shutdown. |
| 64 | 2 | 2011-10-31 07:00:02 | 2011-11-14 03:03:46 | Windows Update Agent | ERR | 16 | Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection. |
| 65 | 2 | 2011-10-21 09:40:08 | 2011-10-21 09:42:05 | HTTP | INFO | 15008 | Reservation for namespace identified by URL prefix http://+:80/Temporary_Listen_Addresses/ was successfully deleted. |
| 66 | 2 | 2011-10-21 09:47:48 | 2011-10-21 09:51:04 | EventLog | INFO | 6006 | The Event log service was stopped. |
| 67 | 2 | 2011-10-21 09:37:43 | 2011-11-09 15:22:04 | Service Control Manager | INFO | 7036 | The Background Intelligent Transfer Service service entered the running state. |
| 68 | 2 | 2011-10-21 09:41:59 | 2011-10-21 09:45:39 | MsiInstaller | INFO | 1005 | The Windows Installer initiated a system restart to complete or continue the configuration of 'Microsoft .NET Framework 2.0 Service Pack 2'. |
| 69 | 2 | 2011-10-21 09:38:45 | 2011-10-21 09:43:10 | MsiInstaller | INFO | 11728 | Product: Microsoft .NET Framework 3.5 SP1 -- Configuration completed successfully. |
| 70 | 2 | 2011-10-21 09:37:42 | 2011-11-09 15:22:04 | Service Control Manager | INFO | 7035 | The Background Intelligent Transfer Service service was successfully sent a start control. |
| 71 | 1 | 2011-10-21 09:42:07 | 2011-10-21 09:42:07 | LoadPerf | INFO | 1002 | Performance counters for the ServiceModelEndpoint 3.0.0.0 (ServiceModelEndpoint 3.0.0.0) service are already in Performance Registry, no need to re-install again. |
| 72 | 1 | 2011-10-21 09:42:07 | 2011-10-21 09:42:07 | LoadPerf | INFO | 1002 | Performance counters for the ServiceModelOperation 3.0.0.0 (ServiceModelOperation 3.0.0.0) service are already in Performance Registry, no need to re-install again. |
| 73 | 1 | 2011-10-21 09:42:05 | 2011-10-21 09:42:05 | System.ServiceModel.Install 3.0.0.0 | INFO | 0 | The ServiceModelReg tool has completed successfully. |
| 74 | 1 | 2011-10-21 09:42:05 | 2011-10-21 09:42:05 | System.ServiceModel.Install 3.0.0.0 | WARNING | 0 | Configuration section system.serviceModel.activation already exists in c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config. |
| 75 | 1 | 2011-10-21 09:42:05 | 2011-10-21 09:42:05 | System.ServiceModel.Install 3.0.0.0 | WARNING | 0 | Configuration section system.runtime.serialization already exists in c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config. |
| 76 | 1 | 2011-10-21 09:42:07 | 2011-10-21 09:42:07 | LoadPerf | INFO | 1002 | Performance counters for the ServiceModelService 3.0.0.0 (ServiceModelService 3.0.0.0) service are already in Performance Registry, no need to re-install again. |
| 77 | 1 | 2011-10-21 09:42:05 | 2011-10-21 09:42:05 | System.ServiceModel.Install 3.0.0.0 | INFO | 0 | ASPNET local user account does not exist, skipped setting WMI permissions for ASP.NET |
| 78 | 1 | 2011-10-21 09:42:07 | 2011-10-21 09:42:07 | LoadPerf | INFO | 1002 | Performance counters for the MSDTC Bridge 3.0.0.0 (MSDTC Bridge 3.0.0.0) service are already in Performance Registry, no need to re-install again. |
| 79 | 1 | 2011-10-21 09:43:06 | 2011-10-21 09:43:06 | MsiInstaller | INFO | 1022 | Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update 'KB2418241' installed successfully. |
| 80 | 1 | 2011-10-21 09:43:10 | 2011-10-21 09:43:10 | MsiInstaller | INFO | 1022 | Product: Microsoft .NET Framework 3.5 SP1 - Update 'KB2416473' installed successfully. |
| 81 | 1 | 2011-10-21 09:43:04 | 2011-10-21 09:43:04 | ASP.NET 2.0.50727.0 | INFO | 1019 | Finish registering ASP.NET (version 2.0.50727.0). Detailed registration logs can be found in C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ASPNETSetup_00006.log |
| 82 | 1 | 2011-10-21 09:42:07 | 2011-10-21 09:42:07 | MsiInstaller | INFO | 11728 | Product: Microsoft .NET Framework 3.0 Service Pack 2 -- Configuration completed successfully. |
| 83 | 1 | 2011-10-21 09:42:05 | 2011-10-21 09:42:05 | System.ServiceModel.Install 3.0.0.0 | WARNING | 0 | Configuration section system.serviceModel already exists in c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config. |
| 84 | 1 | 2011-10-21 09:42:07 | 2011-10-21 09:42:07 | MsiInstaller | INFO | 1022 | Product: Microsoft .NET Framework 3.0 Service Pack 2 - Update 'KB977354' installed successfully. |
| 85 | 1 | 2011-10-21 09:42:07 | 2011-10-21 09:42:07 | LoadPerf | INFO | 1002 | Performance counters for the SMSvcHost 3.0.0.0 (SMSvcHost 3.0.0.0) service are already in Performance Registry, no need to re-install again. |
| 86 | 1 | 2011-10-21 09:41:59 | 2011-10-21 09:41:59 | MsiInstaller | INFO | 1022 | Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update 'KB976576' installed successfully. |
| 87 | 1 | 2011-10-21 09:24:00 | 2011-10-21 09:24:00 | Security | NOTICE | 528 | Successful Logon: User Name: Administrator Domain: LOGANALYZER2003 Logon ID: (0x0,0x2A0B7) Logon Type: 10 Logon Process: User32 Authentication Package: Negotiate Workstation Name: LOGANALYZER2003 Logon GUID: - Caller User Name: LOGANALYZER2003$ Caller Domain: LOGANALYZER Caller Logon ID: (0x0,0x3E7) Caller Process ID: 1300 Transited Services: - Source Network Address: 172.17.0.162 Source Port: 57497 |
| 88 | 1 | 2011-10-21 09:24:00 | 2011-10-21 09:24:00 | Security | NOTICE | 576 | Special privileges assigned to new logon: User Name: Domain: Logon ID: (0x0,0x2A0B7) Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege |
| 89 | 1 | 2011-10-21 09:24:00 | 2011-10-21 09:24:00 | Security | NOTICE | 552 | Logon attempt using explicit credentials: Logged on user: User Name: LOGANALYZER2003$ Domain: LOGANALYZER Logon ID: (0x0,0x3E7) Logon GUID: - User whose credentials were used: Target User Name: Administrator Target Domain: LOGANALYZER2003 Target Logon GUID: - Target Server Name: localhost Target Server Info: localhost Caller Process ID: 1300 Source Network Address: 172.17.0.162 Source Port: 57497 |
| 90 | 1 | 2011-10-21 09:21:03 | 2011-10-21 09:21:03 | COM+ | WARNING | 4440 | The CRM log file was originally created on a computer with a different name. It has been updated with the name of the current computer. If this warning appears when the computer name has been changed then no further action is required. LOGANALYSER2003 Server Application ID: {02D4B3F1-FD88-11D1-960D-00805FC79235} Server Application Instance ID: {DF9CFF68-58FC-48B8-BF87-CEDACF906A2D} Server Application Name: System Application Comsvcs.dll file version: ENU 2001.12.4720.3959 sh |
| 91 | 1 | 2011-10-21 09:21:00 | 2011-10-21 09:21:00 | Security | NOTICE | 540 | Successful Network Logon: User Name: Domain: Logon ID: (0x0,0x10DEA) Logon Type: 3 Logon Process: NtLmSsp Authentication Package: NTLM Workstation Name: Logon GUID: - Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: - Source Port: - |
| 92 | 1 | 2011-10-21 09:20:53 | 2011-10-21 09:20:53 | EventLog | INFO | 6011 | The NetBIOS name and DNS host name of this machine have been changed from LOGANALYSER2003 to LOGANALYZER2003. |
| 93 | 1 | 2011-10-21 09:31:14 | 2011-10-21 09:31:14 | Security | NOTICE | 683 | Session disconnected from winstation: User Name: Administrator Domain: LOGANALYZER2003 Logon ID: (0x0,0x2A0B7) Session Name: RDP-Tcp#1 Client Name: WIN7AL Client Address: 172.17.0.162 |
| 94 | 1 | 2011-10-21 09:31:14 | 2011-10-21 09:31:14 | Security | NOTICE | 682 | Session reconnected to winstation: User Name: Administrator Domain: LOGANALYZER2003 Logon ID: (0x0,0x2A0B7) Session Name: RDP-Tcp#2 Client Name: WIN7AL Client Address: 172.18.0.151 |
| 95 | 1 | 2011-10-21 09:41:57 | 2011-10-21 09:41:57 | ASP.NET 2.0.50727.0 | INFO | 1019 | Finish registering ASP.NET (version 2.0.50727.0). Detailed registration logs can be found in C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ASPNETSetup_00005.log |
| 96 | 1 | 2011-10-21 09:42:05 | 2011-10-21 09:42:05 | System.ServiceModel.Install 3.0.0.0 | WARNING | 0 | Could not detect IIS installation or IIS is disabled, skipping the Web Host Script Mappings component since it depends upon IIS to function properly. If you believe this message is an error, check your IIS installation to make sure it is installed properly. |
| 97 | 1 | 2011-10-21 09:38:48 | 2011-10-21 09:38:48 | MsiInstaller | INFO | 11707 | Product: MSXML 6 Service Pack 2 (KB973686) -- Installation completed successfully. |
| 98 | 1 | 2011-10-21 09:38:45 | 2011-10-21 09:38:45 | MsiInstaller | INFO | 1022 | Product: Microsoft .NET Framework 3.5 SP1 - Update 'KB963707' installed successfully. |
| 99 | 1 | 2011-10-21 09:38:35 | 2011-10-21 09:38:35 | MsiInstaller | INFO | 11707 | Product: MSXML 6 Service Pack 2 (KB954459) -- Installation completed successfully. |
| 100 | 1 | 2011-10-21 09:42:05 | 2011-10-21 09:42:05 | System.ServiceModel.Install 3.0.0.0 | INFO | 0 | The ServiceModelReg tool will take the following actions: Reinstalling configuration section system.serviceModel to c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config. Reinstalling configuration section system.runtime.serialization to c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config. Reinstalling configuration section system.serviceModel.activation to c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config. Adding configuration entry for BuildProvider: System.ServiceModel.Activation.ServiceBuildProvider, System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 Reinstalling compilation assembly node to System.Web section group: System.Runtime.Serialization, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=MSIL Reinstalling compilation assembly node to System.Web section group: System.IdentityModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=MSIL Reinstalling compilation assembly node to System.Web section group: System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 Reinstalling HttpHandlers node to System.Web section group: *.svc Reinstalling HttpModules node to System.Web section group: ServiceModel Reinstalling WMI classes. Reinstalling Windows CardSpace (idsvc). Reinstalling Net.Tcp Port Sharing Service (NetTcpPortSharing). Reinstalling HTTP namespace reservations. |
| No. | Count | First Event | Last Event | Process | Type | Event ID | Description |
| 1 | 4 | 2011-10-20 14:48:57 | 2011-10-20 14:48:57 | WinMgmt | WARNING | 5603 | A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality. |
| 2 | 4 | 2011-10-20 14:47:46 | 2011-10-20 14:47:46 | WinMgmt | WARNING | 63 | A provider, CmdTriggerConsumer, has been registered in the WMI namespace, Root\cimv2, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. |
| 3 | 2 | 2011-10-20 16:43:05 | 2011-10-20 16:43:05 | PlugPlayManager | INFO | 271 | The Plug and Play operation cannot be completed because a device driver is preventing the device from stopping. The name of the device driver is listed as the vetoing service name below. Vetoed device: ACPI\PNP0A03\2&DABA3FF&0 Vetoing device: SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S&Rev_1.0\4&1588251b&0&000000 Vetoing service name: Driver\Disk Veto type 6: PNP_VetoDevice When Windows attempts to install, upgrade, remove, or reconfigure a device, it queries the driver responsible for that device to confirm that the operation can be performed. If any of these drivers denies permission (query-removal veto), then the computer must be restarted in order to complete the operation. User Action Restart your computer. |
| 4 | 2 | 2011-10-20 16:43:08 | 2011-10-20 16:43:08 | PlugPlayManager | INFO | 271 | The Plug and Play operation cannot be completed because a device driver is preventing the device from stopping. The name of the device driver is listed as the vetoing service name below. Vetoed device: PCI\VEN_1000&DEV_0030&SUBSYS_197615AD&REV_01\3&61AAA01&0&80 Vetoing device: SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S&Rev_1.0\4&1588251b&0&000000 Vetoing service name: Driver\Disk Veto type 6: PNP_VetoDevice When Windows attempts to install, upgrade, remove, or reconfigure a device, it queries the driver responsible for that device to confirm that the operation can be performed. If any of these drivers denies permission (query-removal veto), then the computer must be restarted in order to complete the operation. User Action Restart your computer. |
| 5 | 2 | 2011-10-20 16:43:04 | 2011-10-20 16:43:04 | PlugPlayManager | INFO | 271 | The Plug and Play operation cannot be completed because a device driver is preventing the device from stopping. The name of the device driver is listed as the vetoing service name below. Vetoed device: ACPI\FIXEDBUTTON\2&DABA3FF&0 Vetoing device: ACPI\FixedButton\2&daba3ff&0 Vetoing service name: Driver\ACPI Veto type 6: PNP_VetoDevice When Windows attempts to install, upgrade, remove, or reconfigure a device, it queries the driver responsible for that device to confirm that the operation can be performed. If any of these drivers denies permission (query-removal veto), then the computer must be restarted in order to complete the operation. User Action Restart your computer. |
| 6 | 2 | 2011-10-20 16:43:04 | 2011-10-20 16:43:04 | PlugPlayManager | INFO | 271 | The Plug and Play operation cannot be completed because a device driver is preventing the device from stopping. The name of the device driver is listed as the vetoing service name below. Vetoed device: ACPI\PNP0C0E\2&DABA3FF&0 Vetoing device: ACPI\PNP0C0E\2&daba3ff&0 Vetoing service name: Driver\ACPI Veto type 6: PNP_VetoDevice When Windows attempts to install, upgrade, remove, or reconfigure a device, it queries the driver responsible for that device to confirm that the operation can be performed. If any of these drivers denies permission (query-removal veto), then the computer must be restarted in order to complete the operation. User Action Restart your computer. |
| 7 | 2 | 2011-10-20 16:43:21 | 2011-10-20 16:43:21 | PlugPlayManager | INFO | 271 | The Plug and Play operation cannot be completed because a device driver is preventing the device from stopping. The name of the device driver is listed as the vetoing service name below. Vetoed device: PCI\VEN_8086&DEV_7110&SUBSYS_00000000&REV_08\3&61AAA01&0&38 Vetoing device: ACPI\PNP0F13\4&5289e18&0 Vetoing service name: Driver\i8042prt Veto type 6: PNP_VetoDevice When Windows attempts to install, upgrade, remove, or reconfigure a device, it queries the driver responsible for that device to confirm that the operation can be performed. If any of these drivers denies permission (query-removal veto), then the computer must be restarted in order to complete the operation. User Action Restart your computer. |
| 8 | 2 | 2011-10-20 16:43:04 | 2011-10-20 16:43:04 | PlugPlayManager | INFO | 271 | The Plug and Play operation cannot be completed because a device driver is preventing the device from stopping. The name of the device driver is listed as the vetoing service name below. Vetoed device: STORAGE\VOLUME\1&30A96598&0&SIGNATUREEA54EA54OFFSET7E00LENGTHFFF2E4400 Vetoing device: STORAGE\Volume\1&30a96598&0&SignatureEA54EA54Offset7E00LengthFFF2E4400 Vetoing service name: FileSystem\Ntfs Veto type 6: PNP_VetoDevice When Windows attempts to install, upgrade, remove, or reconfigure a device, it queries the driver responsible for that device to confirm that the operation can be performed. If any of these drivers denies permission (query-removal veto), then the computer must be restarted in order to complete the operation. User Action Restart your computer. |
| 9 | 2 | 2011-10-20 16:43:22 | 2011-10-20 16:43:22 | PlugPlayManager | INFO | 271 | The Plug and Play operation cannot be completed because a device driver is preventing the device from stopping. The name of the device driver is listed as the vetoing service name below. Vetoed device: ACPI\PNP0B00\4&5289E18&0 Vetoing device: ACPI\PNP0B00\4&5289e18&0 Vetoing service name: Driver\ACPI Veto type 6: PNP_VetoDevice When Windows attempts to install, upgrade, remove, or reconfigure a device, it queries the driver responsible for that device to confirm that the operation can be performed. If any of these drivers denies permission (query-removal veto), then the computer must be restarted in order to complete the operation. User Action Restart your computer. |
| 10 | 2 | 2011-10-20 16:43:30 | 2011-10-20 16:43:30 | PlugPlayManager | INFO | 271 | The Plug and Play operation cannot be completed because a device driver is preventing the device from stopping. The name of the device driver is listed as the vetoing service name below. Vetoed device: ACPI\PNP0303\4&5289E18&0 Vetoing device: ACPI\PNP0303\4&5289e18&0 Vetoing service name: Driver\i8042prt Veto type 6: PNP_VetoDevice When Windows attempts to install, upgrade, remove, or reconfigure a device, it queries the driver responsible for that device to confirm that the operation can be performed. If any of these drivers denies permission (query-removal veto), then the computer must be restarted in order to complete the operation. User Action Restart your computer. |
| 11 | 2 | 2011-10-20 14:47:32 | 2011-10-20 14:47:32 | Workstation | INFO | 3261 | This computer has been successfully joined to workgroup 'LOGANALYZER'. |
| 12 | 2 | 2011-10-20 16:43:24 | 2011-10-20 16:43:24 | PCnet | ERR | 5001 | AMD PCNET Family PCI Ethernet Adapter : Could not allocate the resources necessary for operation. |
| 13 | 2 | 2011-10-20 16:43:22 | 2011-10-20 16:43:22 | PlugPlayManager | INFO | 271 | The Plug and Play operation cannot be completed because a device driver is preventing the device from stopping. The name of the device driver is listed as the vetoing service name below. Vetoed device: SCSI\DISK&VEN_VMWARE_&PROD_VMWARE_VIRTUAL_S&REV_1.0\4&1588251B&0&000000 Vetoing device: SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S&Rev_1.0\4&1588251b&0&000000 Vetoing service name: Driver\Disk Veto type 6: PNP_VetoDevice When Windows attempts to install, upgrade, remove, or reconfigure a device, it queries the driver responsible for that device to confirm that the operation can be performed. If any of these drivers denies permission (query-removal veto), then the computer must be restarted in order to complete the operation. User Action Restart your computer. |
| 14 | 2 | 2011-10-20 16:43:22 | 2011-10-20 16:43:22 | PlugPlayManager | INFO | 271 | The Plug and Play operation cannot be completed because a device driver is preventing the device from stopping. The name of the device driver is listed as the vetoing service name below. Vetoed device: ACPI\PNP0F13\4&5289E18&0 Vetoing device: ACPI\PNP0F13\4&5289e18&0 Vetoing service name: Driver\i8042prt Veto type 6: PNP_VetoDevice When Windows attempts to install, upgrade, remove, or reconfigure a device, it queries the driver responsible for that device to confirm that the operation can be performed. If any of these drivers denies permission (query-removal veto), then the computer must be restarted in order to complete the operation. User Action Restart your computer. |
| 15 | 2 | 2011-10-20 16:43:03 | 2011-10-20 16:43:03 | PlugPlayManager | INFO | 271 | The Plug and Play operation cannot be completed because a device driver is preventing the device from stopping. The name of the device driver is listed as the vetoing service name below. Vetoed device: ROOT\DMIO\0000 Vetoing device: Root\dmio\0000 Vetoing service name: Driver\dmio Veto type 6: PNP_VetoDevice When Windows attempts to install, upgrade, remove, or reconfigure a device, it queries the driver responsible for that device to confirm that the operation can be performed. If any of these drivers denies permission (query-removal veto), then the computer must be restarted in order to complete the operation. User Action Restart your computer. |
| 16 | 2 | 2011-10-20 16:42:16 | 2011-10-20 16:42:16 | Serial | INFO | 2 | While validating that \Device\Serial0 was really a serial port, a fifo was detected. The fifo will be used. |
| 17 | 2 | 2011-10-20 16:42:45 | 2011-10-20 16:42:45 | Security | NOTICE | 612 | Audit Policy Change: New Policy: Success Failure + - Logon/Logoff - - Object Access - - Privilege Use - - Account Management - - Policy Change - - System - - Detailed Tracking - - Directory Service Access + - Account Logon Changed By: User Name: MACHINENAME$ Domain Name: Logon ID: (0x0,0x3E7) |
| 18 | 2 | 2011-10-20 14:46:36 | 2011-10-20 14:46:36 | Security | NOTICE | 528 | Successful Logon: User Name: LOCAL SERVICE Domain: NT AUTHORITY Logon ID: (0x0,0x3E5) Logon Type: 5 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: Logon GUID: - Caller User Name: MACHINENAME$ Caller Domain: Caller Logon ID: (0x0,0x3E7) Caller Process ID: 284 Transited Services: - Source Network Address: - Source Port: - |
| 19 | 2 | 2011-10-20 14:47:53 | 2011-10-20 14:47:53 | EventSystem | INFO | 4625 | The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog. |
| 20 | 2 | 2011-10-20 14:47:44 | 2011-10-20 14:47:44 | WinMgmt | WARNING | 63 | A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. |
| 21 | 2 | 2011-10-20 16:42:24 | 2011-10-20 16:42:24 | ESENT | INFO | 100 | svchost (640) The database engine 5.02.3790.3959 started. |
| 22 | 2 | 2011-10-20 14:46:36 | 2011-10-20 14:46:36 | Security | NOTICE | 576 | Special privileges assigned to new logon: User Name: Domain: Logon ID: (0x0,0x3E5) Privileges: SeAuditPrivilege SeAssignPrimaryTokenPrivilege SeImpersonatePrivilege |
| 23 | 2 | 2011-10-20 14:46:36 | 2011-10-20 14:46:36 | Security | NOTICE | 528 | Successful Logon: User Name: NETWORK SERVICE Domain: NT AUTHORITY Logon ID: (0x0,0x3E4) Logon Type: 5 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: Logon GUID: - Caller User Name: MACHINENAME$ Caller Domain: Caller Logon ID: (0x0,0x3E7) Caller Process ID: 284 Transited Services: - Source Network Address: - Source Port: - |
| 24 | 2 | 2011-10-20 16:42:17 | 2011-10-20 16:42:17 | DCOM | INFO | 10026 | The COM sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\Ole\EventLog. |
| 25 | 2 | 2011-10-20 16:42:17 | 2011-10-20 16:42:17 | EventLog | INFO | 6005 | The Event log service was started. |
| 26 | 2 | 2011-10-20 16:42:17 | 2011-10-20 16:42:17 | EventLog | INFO | 6009 | Microsoft (R) Windows (R) 5.02. 3790 Service Pack 2 Multiprocessor Free. |
| 27 | 2 | 2011-10-20 14:46:36 | 2011-10-20 14:46:36 | Security | NOTICE | 576 | Special privileges assigned to new logon: User Name: Domain: Logon ID: (0x0,0x3E4) Privileges: SeAuditPrivilege SeAssignPrimaryTokenPrivilege SeImpersonatePrivilege |
| 28 | 2 | 2011-10-20 16:42:16 | 2011-10-20 16:42:16 | Serial | INFO | 2 | While validating that \Device\Serial1 was really a serial port, a fifo was detected. The fifo will be used. |
| Made by Adiscon GmbH (2009-2011) | Report Version 1 | Partners: | Rsyslog | WinSyslog | Report rendered in: 0.02s, 0.03s, 0.03s 0.03s 0.07s 0.07s 0.08s 0.08s 0.08s | DB queries: 9 |