Windows event viewer

Similar Messages

• Illustrator CC crashes on startup(windows event viewer message included)

  Windows event viewer shows like this...
  System
  Provider
  [ Name]
  Application Error
  EventID
  1000
  [ Qualifiers]
  0
  Level
  2
  Task
  100
  Keywords
  0x80000000000000
  TimeCreated
  [ SystemTime]
  2013-12-09T06:35:08.000000000Z
  EventRecordID
  71639
  Channel
  Application
  Computer
  HPNB-dhleeNB
  Security
  EventData
  Illustrator.exe
  17.0.0.260
  52822426
  ntdll.dll
  6.1.7601.18247
  521ea8e7
  c0000374
  000ce753
  a690
  01cef4a8afb2dd09
  C:\Program Files (x86)\Adobe\Adobe Illustrator CC\Support Files\Contents\Windows\Illustrator.exe
  C:\Windows\SysWOW64\ntdll.dll
  0b8a3ab7-609c-11e3-8e0d-005056c00008
  Please help.

  Problem solved.   Refer to below.
  3 posts
  Nov 25, 2013
  2.AlanDrVita, 
  Nov 26, 2013 9:16 AM   in reply to outdoorz
  Report
  I may have been able to resolve my issue. I held shift while opening Illustrator and opened it in a bare bones mode, then closed it and reopened it without getting the error message. Good luck to you.
  Was this helpful? Yes   No 

• Error in starting nidevldu and nipxirmu services (windows event viewer)

  A computer running Windows XP SP1 and a Visual basic (V6.0) application that I've developped had crashed several times. I've seen lots of errors in the Windows event viewer saying that the nidevldu and nipxirmu services were trying to start (exact french message : Le service nidevldu est en attente de démarrage et Le service nipxirmu est en attente de démarrage). These messages are real errors (not warning or informations).
  I use a 6034E PCI card, Visual basic V6.0 and NI-DAQ 7.4.
  The crashes I've seen may be linked with this problem.
  Is there a solution?

  Hi,
  I think that you are not going to be starting and stopping the devldu service in normal circumstances... due to crashes !
  The firsts steps you have to focus on is to optimize your program in order to avoid crashes, which is not a normal way of work I guess. Then you will be able to avoid these messages!
  Regards,
  David D. - Application Engineer - NI

• Labview 2010 randomly restarts computer - windows event viewer points to nap agent

  When running my current VI that I am working on, the computer will ranomly reboot. There is no freeze, or blue screen, just a reboot. When examining the windows event viewer after the reboot, the following warning is listed immediately preceding the reboot:
  Event ID 39
  The Network Access Protection Agent was unable to determine which HRAs to request a health certificate from.
  A network change or if GP is configured, a configuration change will prompt further attempts to acquire a health certificate. Otherwise no further attempts will be made.
  Contact the HRA administrator for more information.
  Previous to getting this warning before a reboot, I was getting the following error:
  Event ID 10016
  The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
  {24FF4FDC-1D9F-4195-8C79-0DA39248FF48}
   to the user NT AUTHORITY\SYSTEM SID (S-1-5-18).  This security permission can be modified using the Component Services administrative tool.
  This is a DCOM service eror and the CLSID is referring to NAPAGENT. So I configured DCOM to allow the NAPAGENT to start and now I get the Event ID 39 warning and still get the reboot.
  I am not sure why labview is even asking for DCOM or NAPAGENT to start at all. My VI is simply reading information from two serial instruments.
  This reboot behavior does not occur when the computer is not running labview.
  I am attaching a copy of the main VI, if it will be helpful I can post the sub VI's as well.
  Thanks in advance for your help.
  -Justin Lee
  Attachments:
  testscan10.8.vi ‏179 KB

  Hi Joe,
  Thanks for the reply.
  I am running windows XP pro service pack 3.
  I am running a standard instal of labview 2010 with the latest VISA drivers, no other modules or options installed.
  I am only reading and writing to the serial ports (com) in my code. I don't believe that virus/spyware/malware is to blame for several reasons.
  1. This only occurs when running this VI in labview.
  2. I have replicated this problem on another computer.
  3. I am behind a government (DOE) firewall and virus scans and checks are performed constantly.
  4. If I take out the serial portion of my code via a T/F case structure, it will not crash.
  The code will run fine for sevetral hours sometimes and then crash, other times it will crash after only a few minutes.
  Please let me know what other information you require.
  Thanks!
  Justin Lee

• T410 2516CTO random freezes without anything in Windows Event Viewer! :(

  I used Update Retriever + Thin Installer (virtually System Update 4.0 but a server + client version of it) to download drivers and install Windows 7 Ultimate x64 with SP1 on this machine. A hard power off is required by pressing on the power button for 5+ seconds
  Core i7 620M
  8GB RAM
  320GB 7.2k rpm HDD
  Optimus graphics
  Gobi2000 WWAN
  uPek Fingerprint reader
  The machine freezes without any warning and has done so with both the factory install (more frequent) and with the HDD wiped and using Microsoft's Windows 7 Ultimate SP1 x64 slipstreamed (freezes much less frequently). Are there tools that I can use to help diagnose this problem?
  I have also used a 90W AC adaptor and 65W adaptor on this machine. The random freezes happen on either adaptor as well.
  I read of other people who have the same frustrations over freezes but no other situation described is exactly the same as mine unfortunately -- most other occasions you can find something in Windows Event Viewer!!
  Solved!
  Go to Solution.

  Hi again
  Found out that it was the Intel WiFi 6300 that was locking the machine. Disabled it via h/w switch or BIOS made the freezing disappear altogether.
  So there we go. A once off incident of a failed 6300 WLAN card.

• B570 windows event viewer errors

  I've just noticed these errors in windows 7 event viewer, does anyone know what would be causing the problem and if there's a fix to resolve it?
   http://i.imgur.com/Imljb.png
  thanks.
  link to image image(s) >50k converted to link(s)  

  Hi B570,
  Well, let's see.  Running the AV scan isn't really stressing the CPU and your temps look okay.
  Did running the scan trigger a warning?
  Do you get any warnings just running on battery?
  To find out whether it's the same problem as your links, the CPU will have to be stressed while you're on AC power and the battery is charging.  Check the temp then and whether doing this triggers a warning.  
  It's like I said above, not knowing what the machine is doing during one of those warnings makes it hard to tell what's causing this.
  I would discharge the battery to the point when it will charge. Plug in the AC and  open a browser and watch a youtube movie full screen, play some music in the background, have a couple of browser windows open. That should stress it enough to raise the temp. and "maybe" give you a warning.
  If doing this does give you a warning, then charge the battery up so it doesn't charge and do the same thing as above and see if that gives you a warning. If you get the same warning doing this, then the warning isn't the same as described in those other threads. 
  If none of this gives you a warning, then we'll have to figure something else out.
  Dave
  T430u, x301, x200T, x61T, x61, x32, x41T, x40, U160, ThinkPad Tablet 1838-22R, Z500 touch, Yoga Tab 2 Windows 8.1, Yoga Tablet 3 Pro
  Did someone help you today? Press the star on the left to thank them with a Kudo!
  If you find a post helpful and it answers your question, please mark it as an "Accepted Solution"!
  If someone helped you today, pay it forward. Help Someone Else!
  English Community   Deutsche Community   Comunidad en Español   Русскоязычное Сообщество

• Windows event viewer error related to Bonjour??

  The description for Event ID ( 1 ) in Source ( Bonjour Service ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: mDNSResponder started
  what is this i even installed full version of Bonjour how i fix this error is this related to it not finding Bonjour stuff or just a general error?

  ok i removed bonjour now safari docent like to work right ***? its slow now i don't want to put Bonjour back on till i know if and how to fix that error someone has to know.

• Hi, my photoshop elements 12.0 had been working fine for severeal months on my PC (Win8.1 64-Bit). Since a few days it crashes right after the start. In the Windows event viewer I found following messages:

  Name der fehlerhaften Anwendung: PhotoshopElementsOrganizer.exe, Version: 12.0.0.0, Zeitstempel: 0x5314d4d4
  Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.30319.1, Zeitstempel: 0x4ba1dbbe
  Ausnahmecode: 0xc0000005
  Fehleroffset: 0x00002357
  ID des fehlerhaften Prozesses: 0x1a30
  Startzeit der fehlerhaften Anwendung: 0x01d06594ad77b481
  Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsOrganizer.exe
  Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Adobe\Elements 12 Organizer\MSVCR100.dll
  Berichtskennung: f21b3990-d187-11e4-82f5-448a5b82d1a6
  Vollständiger Name des fehlerhaften Pakets:
  Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
  Any hints how to solve this issue are welcome!

  Ah, I was able to delete it that time.  You're right, it was just a matter of timing.
  Sadly, the problem persists-- after deleting the preferences file, I opened up a picture and tried to add text with the text tool, and Photoshop crashed again.
  Edit: Okay, I tried to reset the text tool, but Photoshop crashes before I can reset it (basically, right after I click).  I tried resetting all the tools, but that didn't work.  I also held shift to start without third-party tools, but there was no change.  Pretty sure I don't have any third-party tools installed, unless they were bundled with Photoshop.

• Windows is Scanning and repairing drive... (- Errors in Event Viewer)

  Long post, please be patient... :)
  I have a fairly new (purchased 8/2013) Lenovo ThinkPad T431s with Windows 8.1 Pro 64-bit (updated from 8.0 -> 8.1). It has a very tricky error coming basically 8 / 10 boots:
  Windows is Scanning and repairing drive...
  Error details from Windows Event Viewer (a new similar error appears on every boot to event viewer):
  A corruption was discovered in the file system structure on volume \?\Volume{f62db2cf-efe4-4b55-a3f7-0e7db991a984}.
  A file on the volume is no longer reachable from its parent directory. The parent file reference number is 0x2000000000002. The name of the parent directory is "". The parent index attribute is ":$I30:$INDEX_ALLOCATION". The file reference
  number of the file that needs to be reconnected is 0x400000003db80. There may be additional files on the volume that also need to be reconnected to this parent directory.
  What has been done 1st trying to fix that:
  SSD disk has been changed (image from previous SSD copied back) ->
  no solution, error remains
  chkdsk /F /R -> no solution, error remains
  SFC /scannow -> no solution, error remains
  dism /online /cleanup-image /restorehealth -> no solution, error remains after a few boots
  TRIED using Windows 8.1 "Update & Recovery -> Refresh Your PC without affecting your files" -> Inserted the Lenovo "Operating System Recovery Disk Windows 8 Pro (OEM Activation 3.0 Required)" BUT Windows did not accept
  that DVD claiming "The media inserted is not valid"... ???
  Ended up calling Lenovo Support and they instructed me to order the Recovery DVD from
  Lenovorecovery.com -> Unfortunatelly Windows does not recognice the DVD(s)...
  mountvol returns:
  \\?\Volume{4d337687-0033-42f7-8a8e-b6968b533cb3}\
  (This is my C:\ drive where Windows installation resides)
  \\?\Volume{e010cf9d-c04d-4c82-b517-3cda1b647fe7}\
  *** NO MOUNT POINTS ***
  \\?\Volume{f62db2cf-efe4-4b55-a3f7-0e7db991a984}\
  *** NO MOUNT POINTS ***
  \\?\Volume{33f0062f-0aff-4fd2-8402-1c7911d86897}\
  *** NO MOUNT POINTS ***
  Then running fsutil dirty query on each returns:
  Volume - \\?\Volume{4d337687-0033-42f7-8a8e-b6968b533cb3} is NOT Dirty
  Volume - \\?\Volume{e010cf9d-c04d-4c82-b517-3cda1b647fe7} is NOT Dirty
  Volume - \\?\Volume{f62db2cf-efe4-4b55-a3f7-0e7db991a984} is Dirty
  Volume - \\?\Volume{33f0062f-0aff-4fd2-8402-1c7911d86897} is NOT Dirty
  The chkdsk on the dirty volume
  \\?\Volume{f62db2cf-efe4-4b55-a3f7-0e7db991a984}\ returned:
  The type of the file system is NTFS.
  Insufficient storage available to create either the shadow copy storage file or
  other shadow copy data.
  A snapshot error occured while scanning this drive. Run an offline scan and fix.
  Diskpart output on the same volume:
  DISKPART> lis par
  Partition ### Type Size Offset
  Partition 1 Reserved 128 MB 17 KB
  Partition 2 Recovery 1000 MB 129 MB
  Partition 3 System 260 MB 1129 MB
  Partition 4 Primary 146 GB 1389 MB
  Partition 5 Recovery 350 MB 147 GB
  Partition 6 Recovery 19 GB 148 GB
  Questions:
  1) Are my Partitions OK, haven't "touched" anything?
  2) Excluded the dirty volume from boot checking with chkntfs /x
  -> still the Error appears in Event viewer log (but Scanning is skipped/not shown anymore during the boot).
  What is causing the error?
  3) Why do I have three (3) recovery partitions?

  What has happened in the past days:
  A) Lenovo on-site-Support changed the motherboard -> had no impact on the error (which I expected).
  B) I found
  instructions how to manually create USB Flash stick with a booting Custom (OEM) Recovery Image.
  C) Booted with USB and performed "Refresh your PC without affecting your files."
  D) Windows was refreshed but...
  -->>
  Still the error remains (Windows scanning and repairing drive \?\Volume{f62db2cf-efe4-4b55-a3f7-0e7db991a984} on each and every boot.
  1) Related Error in Event viewer (NTFS):
  A corruption was discovered in the file system structure on volume \?\Volume{f62db2cf-efe4-4b55-a3f7-0e7db991a984}.
  A file on the volume is no longer reachable from its parent directory. The parent file reference number is 0x2000000000002. The name of the parent directory is "". The parent index attribute is ":$I30:$INDEX_ALLOCATION". The file reference number of the
  file that needs to be reconnected is 0x400000003db80. There may be additional files on the volume that also need to be reconnected to this parent directory.
  2) Related Error in Event viewer (NTFS - Microsoft Windows NTFS):
  Volume \\?\Volume{f62db2cf-efe4-4b55-a3f7-0e7db991a984} (\Device\HarddiskVolume5) needs to be taken offline to perform a Full Chkdsk.  Please run "CHKDSK /F" locally via the command line, or run "REPAIR-VOLUME <drive:>" locally or remotely via
  PowerShell.
  -->>
  Now Lenovo support is proposing a full re-install (to be performed by myself) of Windows as this is SW issue.
  Summary:
  - Refreshing my T431s with OEM Image does not help
  - The error remains on \?\Volume{f62db2cf-efe4-4b55-a3f7-0e7db991a984} (\Device\HarddiskVolume5; Lenovo Recovery partition) OR at least Windows thinks so...

• Essential event viewer bugs with "Forwarded Events" log in Windows Server 2008 R2 and Windows 7

  To my general experience, Windows event viewer is one of the most problematic, faulty management tools in the case of extensive use of its more sophisticated capabilities. The sole description as well as reproduction of some entangled failures would require
  remarkable effort.
  With the "Forwarded Events" log however, the situation becomes particularly worse in that even simple functionality fails and workarounds are difficult to find. That’s what I’ll describe here in order to share my experience with interested users.
  For precision: I’ve extensively used event viewer on a German Windows Server 2008 R2 SP1 (Windows SBS 2011 Standard SP1). The bugs I found on that system, I could reproduce on a German Windows 7 Professional 64-Bit SP1, too.
  Problem 1: Failure of even simple event filtering
  To reproduce this problem, execute these steps on a test machine with any of the two OS mentioned above:
  (i) To prepare log contents, do either of the following:
  (a) populate some events to your local "Forwarded Events" log (most simply by subscribing events from other logs of the same machine; stop subscription if you have collected some events)
  Or
  (b) copy a non-empty log file "ForwardedEvents.evtx" from another machine (with any of the two OS mentioned above) to your test machine and open the file in event viewer.
  (ii) Navigate to your "Forwarded Events" test log and open the filtering dialog. In the "Includes/Excludes Event IDs" field, type: 1-9000. Click OK.
  (iii) Look at the results pane: Surprise, 0 Events! Do you really have no event IDs between 1 and 9000 in your test log?
  (iv) Another example, if you have forwarded security events in your test log: Clear filter, if any previous filter is in place. Open the filtering dialog. In "Keywords" sub-dialog, choose "Audit Success". Click OK.
  (v) Look at the results pane: Surprise, 0 Events! Do you really have no successful security monitoring events in your test log?
  I’ll finish here. If you have a rich variety of events in your test log available, let your imagination run wild to test around. Finally include some simple manually created or modified XPath filters on the XML tab of the filtering dialog. I promise, you’ll
  find a lot of additional strange results.
  Problem 2: Cannot save manually selected events to .evtx file
  Navigate to your "Forwarded Events" test log. In the results pane, select one or more events by highlighting them by mouse clicks. In context menu, choose "Save selected events". In the "save as" dialog, choose file type *.evtx
  and save your file. Open the newly created file in event viewer. Result: Surprise, no events inside the new file!
  Have more fun with forwarded events
  Helmut

  Did you mean that right click Forwarded Event and select "Filter Current Log..."? Since I can filter correct event vai the "Filter Current Log..." in my Lab environment.
  Hi Justin,
  yes, I mean "Filter Current Log ... " (in my German systems: "Aktuelles Protokoll filtern ... ").
  What do you mean with "my Lab environment" exactly?
  In the meantime, I performed additional tests. I copied the "ForwardedEvents.evtx" test file from Server 2008 R2 resp. Windows 7 to
  (i) German Windows 8 Pro 64-Bit RTM
  (ii) German Windows 8.1 Pro 64-Bit, up-to-date
  in order to view and filter the file there.
  Results: Same event viewer problem on Windows 8 RTM, but correct behavior on Windows 8.1!
  Best regards, Helmut

• How to write to windows event logs from determinations-server under IIS

  This is just an FYI technical bit of information I wish someone had shared with me before I started trying to write OPA errors to the windows event log... Most problems writing to the windows event log from log4net occur because of permissions. Some problems are because determinations-server does not have permissions to create some registry entries. Some problems cannot be resolved unless specific registry entry permissions are actually changed. We had very little consistency with the needed changes across our servers, but some combination of the following would always get the logging to the windows event log working.
  To see log4net errors as log4net attempts to utilize the windows event log, temporarily add the following to the web.config:
  <appSettings>
  <!-- uncomment the following line to send diagnostic messages about the log configuration file to the debug trace.
  Debug trace can be seen when attached to IIS in a debugger, or it can be redirected to a file, see
  http://logging.apache.org/log4net/release/faq.html in the section "How do I enable log4net internal debugging?" -->
  <add key="log4net.Internal.Debug" value="true"/>
  </appSettings>
  <system.diagnostics>
  <trace autoflush="true">
  <listeners>
  <add
  name="textWriterTraceListener"
  type="System.Diagnostics.TextWriterTraceListener"
  initializeData="logs/InfoDSLog.txt" />
  </listeners>
  </trace>
  </system.diagnostics>
  To add an appender for the windows event viewer, try the following in the log4net.xml:
  <appender name="EventLogAppender" type="log4net.Appender.EventLogAppender" >
  <param name="ApplicationName" value="OPA" />
  <param name="LogName" value="OPA" />
  <param name="Threshold" value="all" />
  <layout type="log4net.Layout.PatternLayout">
  <conversionPattern value="%date [%thread] %-5level %logger [%property{NDC}] - %message%newline" />
  </layout>
  <filter type="log4net.Filter.LevelRangeFilter">
  <levelMin value="WARN" />
  <levelMax value="FATAL" />
  </filter>
  </appender>
  <root>
  <level value="warn"/>
  <appender-ref ref="EventLogAppender"/>
  </root>
  To put the OPA logs under the Application Event Log group, try this:
  Create an event source under the Application event log in Registry Editor. To do this, follow these steps:
  1.     Click Start, and then click Run.
  2.     In the Open text box, type regedit.
  3.     Locate the following registry subkey:
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application
  4.     Right-click the Application subkey, point to New, and then click Key.
  5.     Type OPA for the key name.
  6.     Close Registry Editor.
  To put the OPA logs under a custom OPA Event Log group (as in the demo appender above), try this:
  Create an event log in Registry Editor. To do this, follow these steps:
  1.     Click Start, and then click Run.
  2.     In the Open text box, type regedit.
  3.     Locate the following registry subkey:
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog
  4.     Right-click the eventlog subkey, point to New, and then click Key.
  5.     Type OPA for the key name.
  6.     Right-click the new OPA key and add a new DWORD called "MaxSize" and set it to "1400000" which is about 20 Meg in order to keep the log file from getting too large.
  7.     The next steps either help or sometimes cause an error, but you can try these next few steps... If you get an error about a source already existing, then you can delete the key.
  8.     Right-click the OPA subkey, point to New, and then click Key.
  9.     Type OPA for the key name.
  10.     Close Registry Editor.
  You might need to change permissions so OPA can write to the event log in Registry Editor.  If you get permission errors, try following these steps:
  1.     Click Start, and then click Run.
  2.     In the Open text box, type regedit.
  3.     Locate the following registry subkey:
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog
  4.     Right-click the EventLog key, select Permissions.
  5.     In the dialog that pops up, click Add...
  6.     Click Advanced...
  7.     Click Locations... and select the current machine by name.
  8.     Click Find Now
  9.     Select both the Network user and IIS_IUSERS user and click OK and OK again. (We never did figure out which of those two users was the one that fixed our permission problem.)
  10.     Change the Network user to have Full Control
  11.     Click Apply and OK
  To verify OPA Logging to the windows event logs from Determinations-Server:
  Go to the IIS determinations-server application within Server Manager.
  Under Manage Application -> Browse Application click the http link to pull up the local "Available Services" web page that show the wsdl endpoints.
  Select the /determinations-server/server/soap.asmx?wsdl link
  Go to the URL and remove the "?wsdl" from the end of the url and refresh. This will throw the following error into the logs:
  ERROR Oracle.Determinations.Server.DSServlet [(null)] - Invalid get request: /determinations-server/server/soap.asmx
  That error should show up in the windows event log, OR you can get a message explaining why security stopped you in "logs/InfoDSLog.txt" if you used the web.config settings from above.
  http://msdn.microsoft.com/en-us/library/windows/desktop/aa363648(v=vs.85).aspx
  Edited by: Paul Fowler on Feb 21, 2013 9:45 AM

  Thanks for sharing this information Paul.

• Urgent help needed on writing errors in to windows events application logs

  Hi all,
  we have web based application. Whenever there is critical errors encounters in our application we need to write that errors in to windows
  event viewer, application logs. Please help me on how to do this.
  do we have any specific API for this ?
  thanks in advance
  Shivakumar

  You should use WinAPI to do so. Asking in JNI forum (or specialized WinAPI forum) for more details is good idea I think.

• "Internal Job Server error" in Event Viewer

  Hi
  We are running Crystal Reports Server XI R2 SP2 (11.5.8.826).  We have numerous jobs scheduled to run during the day.  Each time one of these jobs is scheduled, the Windows Event Viewer returns the error message:
  "Internal Job Server error."
  The error is now being produced over 100 times per day, and has caused the disk to run out of space - and stopped the system working all together.
  We currently have the "-trace" command set on the startup script of the Crystal Reports Job Server - this was recommended by BO to find the cause of an earlier error.
  Has anyone experienced this error before?  Should we have the "-trace" command set on the server, or is this producing unneccessary error messages?
  Thanks all
  James

  Hello,
  If you already have the "-trace" command enabled  on the CrystalReport Job server  then I would recommend that you go to the logging directory under the folder that you installed Business Objects.   
  In the logging folder you should see some JobserverChild log files.  Start reviewing those files for information as to any failed scheduled reports.  Try and isolate the time in which the problem occurs to the time associated to the log files.  I would recommend if your system is going down and you are having difficulties  reviewing the log files then you may want to create a case in Service Market Place and attach the log files to the case.  I hope that helps.   
  Jorge

• Message From Win Event Viewer - do I have a problem?

  I have just got myself a new PC and it keeps crashing.  Mooching about in Windows Event Viewer (not that I know what I am doing) I noticed this error:
  Date:          15/07/2009 17:47:50
  Event ID:      78
  Task Category: None
  Level:         Error
  Keywords:      Classic
  User:          N/A
  Computer:      Martin-PC
  Description:
  Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0. 6001.18000_none_152e7382f3bd50c6.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.60 01.18000_none_5cdbaa5a083979cc.manifest.
  Does that mean anything to anyone?  Have I got a problem with my install?
  My PC is based on AMD Phenom x4 CPU with 8GB RAM.  and Vista 64 Bit OS
  Thanks
  Martin
  I have CS4

  I have the same problem and so do at least a few others from the looks of a few similar posts dotted around the forums. It seems to be caused by an error on 64bit Windows trying to address 32bit DLLs, causing a conflict.
  I have found a workaround on one of the Microsoft forums:
  http://social.technet.microsoft.com/Forums/en-US/itprovistaapps/thread/a4c36078-6419-4424- 8a43-ff3832786b59
  however, installing 3rd party software to hack the code of the Form Designer exe is the kind of thing that makes me nervous. And besides, this is something that Adobe should fix in an update...
  For reference: I'm running an Intel Core i7 3GB RAM Vista Ultimate 64Bit OS. Microsoft SQL 2008 is not installed.

• Windows event data format

  snare agent is pushing event logs to MARS - certain event (e.g. generic application events) show up with log data in binary format - in the windows event viewer the data is also displayed as text so the details of the event are clear (e.g "application failure w3wp.exe...." or similar. On MARS we see this:
  0000: 41 70 70 6c 69 63 61 74 0008: 69 6f 6e 20 46 61 69 6c 0010: 75 72 65 20 20 77 33 77 0018: 70 2e 65 78 65 20 36 2e 0020: 30 2e 33 37 39 30 2e 33 0028: 39 35 39 20 69 6e 20 75 0030: 6e 6b 6e 6f 77 6e 20 30 0038: 2e 30 2e 30 2e 30 20 61 0040: 74 20 6f 66 66 73 .... etc.
  Is there something we can do to convert this to text as part of the event parsing / processing function? or am i dreaming....?
  Some of the wintel admins would like to leverage MARS for specific alerts but if the event description is lost in the syslog process then they're probably going to look for another tool for the job - would like to help them if i can.
  thanks

  snare agent is pushing event logs to MARS - certain event (e.g. generic application events) show up with log data in binary format - in the windows event viewer the data is also displayed as text so the details of the event are clear (e.g "application failure w3wp.exe...." or similar. On MARS we see this:
  0000: 41 70 70 6c 69 63 61 74 0008: 69 6f 6e 20 46 61 69 6c 0010: 75 72 65 20 20 77 33 77 0018: 70 2e 65 78 65 20 36 2e 0020: 30 2e 33 37 39 30 2e 33 0028: 39 35 39 20 69 6e 20 75 0030: 6e 6b 6e 6f 77 6e 20 30 0038: 2e 30 2e 30 2e 30 20 61 0040: 74 20 6f 66 66 73 .... etc.
  Is there something we can do to convert this to text as part of the event parsing / processing function? or am i dreaming....?
  Some of the wintel admins would like to leverage MARS for specific alerts but if the event description is lost in the syslog process then they're probably going to look for another tool for the job - would like to help them if i can.
  thanks