Annoying PC restart issue

quonker · 31 Dec 2018 at 09:48

Hi Gang

Hoping someone can help.

I've got a pc I built myself from components sourced from OCUK about 4 years ago now, was quite a good spec and although behind the times it still plays games with graphics set to max.

Issue I have is that I also use it for work and it BSOD's and reboots during periods on inactivity, this could be a few seconds when I am distracted and boom it's restarted.

If I am playing games or watching movies it's 100% reliable but if I minimised the movie and turned my back then a crash could ensue.

The only way to have a reliable system is to continually run a game in the background, which doesn't help with my productivity levels

Can anyone suggest what to try?

I've removed and reseated the GTX980's cards etc, same with the memory but no joy.

ED209 · 31 Dec 2018 at 09:55

Check event viewer and see if there is any warnings in there as to why its shut down.

Post the results here once you have them as this should point to what is causing the problems.

jsmoke · 31 Dec 2018 at 09:59

Update drivers?

quonker · 31 Dec 2018 at 10:06

ED209 said:
Check event viewer and see if there is any warnings in there as to why its shut down.

Post the results here once you have them as this should point to what is causing the problems.

Thanks ED209, I'm looking at the win10 event viewer but seems really complicated, can you point me in the direction of what I should be looking for?

Actually I built my pc in 2014 jsmoke, as far as I can tell most of my updateable drivers have been updated but mobo is not supported now I don't think

quonker · 31 Dec 2018 at 10:13

Is this what is listed under Administrative Events:

Log Name: Microsoft-Windows-Kernel-EventTracing/Admin
Source: Microsoft-Windows-Kernel-EventTracing
Date: 31/12/2018 10:01:24
Event ID: 2
Task Category: Session
Level: Error
Keywords: Session
User: PC\John
Computer: PC
Description:
Session "Cloud Files Diagnostic Event Listener" failed to start with the following error: 0xC0000022
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-EventTracing" Guid="{B675EC37-BDB6-4648-BC92-F3FDC74D3CA2}" />
<EventID>2</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>2</Task>
<Opcode>12</Opcode>
<Keywords>0x8000000000000010</Keywords>
<TimeCreated SystemTime="2018-12-31T10:01:24.298003300Z" />
<EventRecordID>218</EventRecordID>
<Correlation />
<Execution ProcessID="2908" ThreadID="10696" />
<Channel>Microsoft-Windows-Kernel-EventTracing/Admin</Channel>
<Computer>PC</Computer>
<Security UserID="S-1-5-21-3505374363-3708904325-3304681996-1001" />
</System>
<EventData>
<Data Name="SessionName">Cloud Files Diagnostic Event Listener</Data>
<Data Name="FileName">
</Data>
<Data Name="ErrorCode">3221225506</Data>
<Data Name="LoggingMode">4194560</Data>
</EventData>
</Event>
Log Name: Microsoft-Windows-User Device Registration/Admin
Source: Microsoft-Windows-User Device Registration
Date: 31/12/2018 10:01:02
Event ID: 360
Task Category: None
Level: Warning
Keywords:
User: PC\John
Computer: PC
Description:
Windows Hello for Business provisioning will not be launched.
Device is AAD joined ( AADJ or DJ++ ): Not Tested
User has logged on with AAD credentials: No
Windows Hello for Business policy is enabled: Not Tested
Windows Hello for Business post-logon provisioning is enabled: Not Tested
Local computer meets Windows hello for business hardware requirements: Not Tested
User is not connected to the machine via Remote Desktop: Yes
User certificate for on premise auth policy is enabled: Not Tested
Machine is governed by none policy.
See https://go.microsoft.com/fwlink/?linkid=832647 for more details.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-User Device Registration" Guid="{23B8D46B-67DD-40A3-B636-D43E50552C6D}" />
<EventID>360</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2018-12-31T10:01:02.598751500Z" />
<EventRecordID>564</EventRecordID>
<Correlation />
<Execution ProcessID="2400" ThreadID="6164" />
<Channel>Microsoft-Windows-User Device Registration/Admin</Channel>
<Computer>PC</Computer>
<Security UserID="S-1-5-21-3505374363-3708904325-3304681996-1001" />
</System>
<EventData>
<Data Name="Message">Windows Hello for Business provisioning will not be launched.</Data>
<Data Name="DeviceIsJoined">Not Tested</Data>
<Data Name="AADPrt">No</Data>
<Data Name="NgcPolicyEnabled">Not Tested</Data>
<Data Name="NgcPostLogonProvisioningEnabled">Not Tested</Data>
<Data Name="NgcHardwarePolicyMet">Not Tested</Data>
<Data Name="UserIsRemote">Yes</Data>
<Data Name="LogonCertRequired">Not Tested</Data>
<Data Name="MachinePolicySource">none</Data>
</EventData>
</Event>
Log Name: System
Source: Microsoft-Windows-DistributedCOM
Date: 31/12/2018 09:55:41
Event ID: 10016
Task Category: None
Level: Error
Keywords: Classic
User: SYSTEM
Computer: PC
Description:
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscDataProtection
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="0">10016</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2018-12-31T09:55:41.942875400Z" />
<EventRecordID>27163</EventRecordID>
<Correlation />
<Execution ProcessID="548" ThreadID="636" />
<Channel>System</Channel>
<Computer>PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="param1">application-specific</Data>
<Data Name="param2">Local</Data>
<Data Name="param3">Launch</Data>
<Data Name="param4">Windows.SecurityCenter.WscDataProtection</Data>
<Data Name="param5">Unavailable</Data>
<Data Name="param6">NT AUTHORITY</Data>
<Data Name="param7">SYSTEM</Data>
<Data Name="param8">S-1-5-18</Data>
<Data Name="param9">LocalHost (Using LRPC)</Data>
<Data Name="param10">Unavailable</Data>
<Data Name="param11">Unavailable</Data>
</EventData>
</Event>
Log Name: System
Source: Microsoft-Windows-WER-SystemErrorReporting
Date: 31/12/2018 09:53:41
Event ID: 1001
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: PC
Description:
The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0x0000000000000000, 0x0000000000000008, 0x0000000000000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: b38e9f44-a9a4-4132-8524-c492ecee5d4c.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WER-SystemErrorReporting" Guid="{ABCE23E7-DE45-4366-8631-84FA6C525952}" EventSourceName="BugCheck" />
<EventID Qualifiers="16384">1001</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2018-12-31T09:53:41.385984200Z" />
<EventRecordID>27162</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>PC</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">0x0000001e (0xffffffffc0000005, 0x0000000000000000, 0x0000000000000008, 0x0000000000000000)</Data>
<Data Name="param2">C:\WINDOWS\MEMORY.DMP</Data>
<Data Name="param3">b38e9f44-a9a4-4132-8524-c492ecee5d4c</Data>
</EventData>
</Event>
Log Name: System
Source: Microsoft-Windows-Kernel-PnP
Date: 31/12/2018 09:53:32
Event ID: 219
Task Category: (212)
Level: Warning
Keywords:
User: SYSTEM
Computer: PC
Description:
The driver \Driver\WUDFRd failed to load for the device ACPI\PNP0A0A\2&daba3ff&0.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-PnP" Guid="{9C205A39-1250-487D-ABD7-E831C6290539}" />
<EventID>219</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>212</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2018-12-31T09:53:32.678700400Z" />
<EventRecordID>27128</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="224" />
<Channel>System</Channel>
<Computer>PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="DriverNameLength">24</Data>
<Data Name="DriverName">ACPI\PNP0A0A\2&daba3ff&0</Data>
<Data Name="Status">3221226341</Data>
<Data Name="FailureNameLength">14</Data>
<Data Name="FailureName">\Driver\WUDFRd</Data>
<Data Name="Version">0</Data>
</EventData>
</Event>
Log Name: Security
Source: Microsoft-Windows-Eventlog
Date: 31/12/2018 09:53:37
Event ID: 1101
Task Category: Event processing
Level: Error
Keywords: Audit Success
User: N/A
Computer: PC
Description:
Audit events have been dropped by the transport. 0
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Eventlog" Guid="{fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148}" />
<EventID>1101</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>101</Task>
<Opcode>0</Opcode>
<Keywords>0x4020000000000000</Keywords>
<TimeCreated SystemTime="2018-12-31T09:53:37.924879400Z" />
<EventRecordID>207188</EventRecordID>
<Correlation />
<Execution ProcessID="1540" ThreadID="2568" />
<Channel>Security</Channel>
<Computer>PC</Computer>
<Security />
</System>
<UserData>
<AuditEventsDropped xmlns="http://manifests.microsoft.com/win/2004/08/windows/eventlog">
<Reason>0</Reason>
</AuditEventsDropped>
</UserData>
</Event>
Log Name: System
Source: Microsoft-Windows-Kernel-Power
Date: 31/12/2018 09:53:32
Event ID: 41
Task Category: (63)
Level: Critical
Keywords: (70368744177664),(2)
User: SYSTEM
Computer: PC
Description:
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Power" Guid="{331C3B3A-2005-44C2-AC5E-77220C37D6B4}" />
<EventID>41</EventID>
<Version>6</Version>
<Level>1</Level>
<Task>63</Task>
<Opcode>0</Opcode>
<Keywords>0x8000400000000002</Keywords>
<TimeCreated SystemTime="2018-12-31T09:53:32.517133200Z" />
<EventRecordID>27124</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="BugcheckCode">30</Data>
<Data Name="BugcheckParameter1">0xffffffffc0000005</Data>
<Data Name="BugcheckParameter2">0x0</Data>
<Data Name="BugcheckParameter3">0x8</Data>
<Data Name="BugcheckParameter4">0x0</Data>
<Data Name="SleepInProgress">0</Data>
<Data Name="PowerButtonTimestamp">0</Data>
<Data Name="BootAppStatus">0</Data>
<Data Name="Checkpoint">0</Data>
<Data Name="ConnectedStandbyInProgress">false</Data>
<Data Name="SystemSleepTransitionsToOn">0</Data>
<Data Name="CsEntryScenarioInstanceId">0</Data>
<Data Name="BugcheckInfoFromEFI">false</Data>
<Data Name="CheckpointStatus">0</Data>
</EventData>
</Event>
Log Name: System
Source: EventLog
Date: 31/12/2018 09:53:37
Event ID: 6008
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: PC
Description:
The previous system shutdown at 09:33:52 on ‎31/‎12/‎2018 was unexpected.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="EventLog" />
<EventID Qualifiers="32768">6008</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2018-12-31T09:53:37.636931000Z" />
<EventRecordID>27111</EventRecordID>
<Channel>System</Channel>
<Computer>PC</Computer>
<Security />
</System>
<EventData>
<Data>09:33:52</Data>
<Data>‎31/‎12/‎2018</Data>
<Data>
</Data>
<Data>
</Data>
<Data>11</Data>
<Data>
</Data>
<Data>
</Data>
<Binary>E2070C0001001F00090021003400A002E2070C0001001F00090021003400A0023C0000003C000000000000000000000000000000000000000100000000000000</Binary>
</EventData>
</Event>
Log Name: System
Source: Microsoft-Windows-DistributedCOM
Date: 31/12/2018 09:49:18
Event ID: 10016
Task Category: None
Level: Error
Keywords: Classic
User: PC\John
Computer: PC
Description:
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
and APPID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
to the user PC\John SID (S-1-5-21-3505374363-3708904325-3304681996-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="0">10016</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2018-12-31T09:49:18.897208600Z" />
<EventRecordID>27101</EventRecordID>
<Correlation />
<Execution ProcessID="532" ThreadID="1372" />
<Channel>System</Channel>
<Computer>PC</Computer>
<Security UserID="S-1-5-21-3505374363-3708904325-3304681996-1001" />
</System>
<EventData>
<Data Name="param1">machine-default</Data>
<Data Name="param2">Local</Data>
<Data Name="param3">Activation</Data>
<Data Name="param4">{9BA05972-F6A8-11CF-A442-00A0C90A8F39}</Data>
<Data Name="param5">{9BA05972-F6A8-11CF-A442-00A0C90A8F39}</Data>
<Data Name="param6">PC</Data>
<Data Name="param7">John</Data>
<Data Name="param8">S-1-5-21-3505374363-3708904325-3304681996-1001</Data>
<Data Name="param9">LocalHost (Using LRPC)</Data>
<Data Name="param10">Unavailable</Data>
<Data Name="param11">Unavailable</Data>
</EventData>
</Event>
Log Name: Microsoft-Windows-Kernel-EventTracing/Admin
Source: Microsoft-Windows-Kernel-EventTracing
Date: 31/12/2018 09:40:53
Event ID: 2
Task Category: Session
Level: Error
Keywords: Session
User: PC\John
Computer: PC
Description:
Session "Cloud Files Diagnostic Event Listener" failed to start with the following error: 0xC0000022
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-EventTracing" Guid="{B675EC37-BDB6-4648-BC92-F3FDC74D3CA2}" />
<EventID>2</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>2</Task>
<Opcode>12</Opcode>
<Keywords>0x8000000000000010</Keywords>
<TimeCreated SystemTime="2018-12-31T09:40:53.502776200Z" />
<EventRecordID>217</EventRecordID>
<Correlation />
<Execution ProcessID="10360" ThreadID="10696" />
<Channel>Microsoft-Windows-Kernel-EventTracing/Admin</Channel>
<Computer>PC</Computer>
<Security UserID="S-1-5-21-3505374363-3708904325-3304681996-1001" />
</System>
<EventData>
<Data Name="SessionName">Cloud Files Diagnostic Event Listener</Data>
<Data Name="FileName">
</Data>
<Data Name="ErrorCode">3221225506</Data>
<Data Name="LoggingMode">4194560</Data>
</EventData>
</Event>
Log Name: Microsoft-Windows-User Device Registration/Admin
Source: Microsoft-Windows-User Device Registration
Date: 31/12/2018 09:40:31
Event ID: 360
Task Category: None
Level: Warning
Keywords:
User: PC\John
Computer: PC
Description:
Windows Hello for Business provisioning will not be launched.
Device is AAD joined ( AADJ or DJ++ ): Not Tested
User has logged on with AAD credentials: No
Windows Hello for Business policy is enabled: Not Tested
Windows Hello for Business post-logon provisioning is enabled: Not Tested
Local computer meets Windows hello for business hardware requirements: Not Tested
User is not connected to the machine via Remote Desktop: Yes
User certificate for on premise auth policy is enabled: Not Tested
Machine is governed by none policy.
See https://go.microsoft.com/fwlink/?linkid=832647 for more details.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-User Device Registration" Guid="{23B8D46B-67DD-40A3-B636-D43E50552C6D}" />
<EventID>360</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2018-12-31T09:40:31.519320500Z" />
<EventRecordID>562</EventRecordID>
<Correlation />
<Execution ProcessID="3336" ThreadID="6264" />
<Channel>Microsoft-Windows-User Device Registration/Admin</Channel>
<Computer>PC</Computer>
<Security UserID="S-1-5-21-3505374363-3708904325-3304681996-1001" />
</System>
<EventData>
<Data Name="Message">Windows Hello for Business provisioning will not be launched.</Data>
<Data Name="DeviceIsJoined">Not Tested</Data>
<Data Name="AADPrt">No</Data>
<Data Name="NgcPolicyEnabled">Not Tested</Data>
<Data Name="NgcPostLogonProvisioningEnabled">Not Tested</Data>
<Data Name="NgcHardwarePolicyMet">Not Tested</Data>
<Data Name="UserIsRemote">Yes</Data>
<Data Name="LogonCertRequired">Not Tested</Data>
<Data Name="MachinePolicySource">none</Data>
</EventData>
</Event>
Log Name: System
Source: Microsoft-Windows-DistributedCOM
Date: 31/12/2018 09:35:56
Event ID: 10016
Task Category: None
Level: Error
Keywords: Classic
User: SYSTEM
Computer: PC
Description:
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscDataProtection
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="0">10016</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2018-12-31T09:35:56.796917000Z" />
<EventRecordID>27090</EventRecordID>
<Correlation />
<Execution ProcessID="532" ThreadID="552" />
<Channel>System</Channel>
<Computer>PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="param1">application-specific</Data>
<Data Name="param2">Local</Data>
<Data Name="param3">Launch</Data>
<Data Name="param4">Windows.SecurityCenter.WscDataProtection</Data>
<Data Name="param5">Unavailable</Data>
<Data Name="param6">NT AUTHORITY</Data>
<Data Name="param7">SYSTEM</Data>
<Data Name="param8">S-1-5-18</Data>
<Data Name="param9">LocalHost (Using LRPC)</Data>
<Data Name="param10">Unavailable</Data>
<Data Name="param11">Unavailable</Data>
</EventData>
</Event>
Log Name: System
Source: Microsoft-Windows-WER-SystemErrorReporting
Date: 31/12/2018 09:33:57
Event ID: 1001
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: PC
Description:
The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0x0000000000000000, 0x0000000000000008, 0x0000000000000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 7f7f69d5-43fd-4f2a-b469-f75fdba75495.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WER-SystemErrorReporting" Guid="{ABCE23E7-DE45-4366-8631-84FA6C525952}" EventSourceName="BugCheck" />
<EventID Qualifiers="16384">1001</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2018-12-31T09:33:57.227463300Z" />
<EventRecordID>27089</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>PC</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">0x0000001e (0xffffffffc0000005, 0x0000000000000000, 0x0000000000000008, 0x0000000000000000)</Data>
<Data Name="param2">C:\WINDOWS\MEMORY.DMP</Data>
<Data Name="param3">7f7f69d5-43fd-4f2a-b469-f75fdba75495</Data>
</EventData>
</Event>
Log Name: System
Source: Microsoft-Windows-Kernel-PnP
Date: 31/12/2018 09:33:47
Event ID: 219
Task Category: (212)
Level: Warning
Keywords:
User: SYSTEM
Computer: PC
Description:
The driver \Driver\WUDFRd failed to load for the device ACPI\PNP0A0A\2&daba3ff&0.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-PnP" Guid="{9C205A39-1250-487D-ABD7-E831C6290539}" />
<EventID>219</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>212</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2018-12-31T09:33:47.720003900Z" />
<EventRecordID>27055</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="224" />
<Channel>System</Channel>
<Computer>PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="DriverNameLength">24</Data>
<Data Name="DriverName">ACPI\PNP0A0A\2&daba3ff&0</Data>
<Data Name="Status">3221226341</Data>
<Data Name="FailureNameLength">14</Data>
<Data Name="FailureName">\Driver\WUDFRd</Data>
<Data Name="Version">0</Data>
</EventData>
</Event>
Log Name: Security
Source: Microsoft-Windows-Eventlog
Date: 31/12/2018 09:33:52
Event ID: 1101
Task Category: Event processing
Level: Error
Keywords: Audit Success
User: N/A
Computer: PC
Description:
Audit events have been dropped by the transport. 0
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Eventlog" Guid="{fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148}" />
<EventID>1101</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>101</Task>
<Opcode>0</Opcode>
<Keywords>0x4020000000000000</Keywords>
<TimeCreated SystemTime="2018-12-31T09:33:52.953154400Z" />
<EventRecordID>206990</EventRecordID>
<Correlation />
<Execution ProcessID="1548" ThreadID="2488" />
<Channel>Security</Channel>
<Computer>PC</Computer>
<Security />
</System>
<UserData>
<AuditEventsDropped xmlns="http://manifests.microsoft.com/win/2004/08/windows/eventlog">
<Reason>0</Reason>
</AuditEventsDropped>
</UserData>
</Event>
Log Name: System
Source: Microsoft-Windows-Kernel-Power
Date: 31/12/2018 09:33:47
Event ID: 41
Task Category: (63)
Level: Critical
Keywords: (70368744177664),(2)
User: SYSTEM
Computer: PC
Description:
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Power" Guid="{331C3B3A-2005-44C2-AC5E-77220C37D6B4}" />
<EventID>41</EventID>
<Version>6</Version>
<Level>1</Level>
<Task>63</Task>
<Opcode>0</Opcode>
<Keywords>0x8000400000000002</Keywords>
<TimeCreated SystemTime="2018-12-31T09:33:47.558995500Z" />
<EventRecordID>27051</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="BugcheckCode">30</Data>
<Data Name="BugcheckParameter1">0xffffffffc0000005</Data>
<Data Name="BugcheckParameter2">0x0</Data>
<Data Name="BugcheckParameter3">0x8</Data>
<Data Name="BugcheckParameter4">0x0</Data>
<Data Name="SleepInProgress">0</Data>
<Data Name="PowerButtonTimestamp">0</Data>
<Data Name="BootAppStatus">0</Data>
<Data Name="Checkpoint">0</Data>
<Data Name="ConnectedStandbyInProgress">false</Data>
<Data Name="SystemSleepTransitionsToOn">2</Data>
<Data Name="CsEntryScenarioInstanceId">0</Data>
<Data Name="BugcheckInfoFromEFI">false</Data>
<Data Name="CheckpointStatus">0</Data>
</EventData>
</Event>
Log Name: System
Source: EventLog
Date: 31/12/2018 09:33:52
Event ID: 6008
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: PC
Description:
The previous system shutdown at 20:57:05 on ‎30/‎12/‎2018 was unexpected.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="EventLog" />
<EventID Qualifiers="32768">6008</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2018-12-31T09:33:52.668093300Z" />
<EventRecordID>27038</EventRecordID>
<Channel>System</Channel>
<Computer>PC</Computer>
<Security />
</System>
<EventData>
<Data>20:57:05</Data>
<Data>‎30/‎12/‎2018</Data>
<Data>
</Data>
<Data>
</Data>
<Data>41751</Data>
<Data>
</Data>
<Data>
</Data>
<Binary>E2070C0000001E00140039000500A200E2070C0000001E00140039000500A200600900003C000000010000006009000001000000B00400000100000000000000</Binary>
</EventData>
</Event>
Log Name: System
Source: Microsoft-Windows-DistributedCOM
Date: 31/12/2018 09:29:34
Event ID: 10016
Task Category: None
Level: Error
Keywords: Classic
User: PC\John
Computer: PC
Description:
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
and APPID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
to the user PC\John SID (S-1-5-21-3505374363-3708904325-3304681996-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="0">10016</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2018-12-31T09:29:34.129161400Z" />
<EventRecordID>27029</EventRecordID>
<Correlation />
<Execution ProcessID="444" ThreadID="3020" />
<Channel>System</Channel>
<Computer>PC</Computer>
<Security UserID="S-1-5-21-3505374363-3708904325-3304681996-1001" />
</System>
<EventData>
<Data Name="param1">machine-default</Data>
<Data Name="param2">Local</Data>
<Data Name="param3">Activation</Data>
<Data Name="param4">{9BA05972-F6A8-11CF-A442-00A0C90A8F39}</Data>
<Data Name="param5">{9BA05972-F6A8-11CF-A442-00A0C90A8F39}</Data>
<Data Name="param6">PC</Data>
<Data Name="param7">John</Data>
<Data Name="param8">S-1-5-21-3505374363-3708904325-3304681996-1001</Data>
<Data Name="param9">LocalHost (Using LRPC)</Data>
<Data Name="param10">Unavailable</Data>
<Data Name="param11">Unavailable</Data>
</EventData>
</Event>
Log Name: Application
Source: Office 2016 Licensing Service
Date: 31/12/2018 09:13:28
Event ID: 0
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: PC
Description:
The description for Event ID 0 from source Office 2016 Licensing Service cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
Subscription licensing service failed: -1073422333
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Office 2016 Licensing Service" />
<EventID Qualifiers="0">0</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2018-12-31T09:13:28.185379800Z" />
<EventRecordID>28008</EventRecordID>
<Channel>Application</Channel>
<Computer>PC</Computer>
<Security />
</System>
<EventData>
<Data>Subscription licensing service failed: -1073422333</Data>
</EventData>
</Event>
Log Name: System
Source: Microsoft-Windows-DistributedCOM
Date: 31/12/2018 09:11:17
Event ID: 10016
Task Category: None
Level: Error
Keywords: Classic
User: PC\John
Computer: PC
Description:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user PC\John SID (S-1-5-21-3505374363-3708904325-3304681996-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="0">10016</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2018-12-31T09:11:17.632351900Z" />
<EventRecordID>27028</EventRecordID>
<Correlation />
<Execution ProcessID="444" ThreadID="12732" />
<Channel>System</Channel>
<Computer>PC</Computer>
<Security UserID="S-1-5-21-3505374363-3708904325-3304681996-1001" />
</System>
<EventData>
<Data Name="param1">application-specific</Data>
<Data Name="param2">Local</Data>
<Data Name="param3">Activation</Data>
<Data Name="param4">{D63B10C5-BB46-4990-A94F-E40B9D520160}</Data>
<Data Name="param5">{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}</Data>
<Data Name="param6">PC</Data>
<Data Name="param7">John</Data>
<Data Name="param8">S-1-5-21-3505374363-3708904325-3304681996-1001</Data>
<Data Name="param9">LocalHost (Using LRPC)</Data>
<Data Name="param10">Unavailable</Data>
<Data Name="param11">Unavailable</Data>
</EventData>
</Event>
Log Name: Microsoft-Windows-Kernel-EventTracing/Admin
Source: Microsoft-Windows-Kernel-EventTracing
Date: 31/12/2018 09:10:53
Event ID: 2
Task Category: Session
Level: Error
Keywords: Session
User: PC\John
Computer: PC
Description:
Session "Cloud Files Diagnostic Event Listener" failed to start with the following error: 0xC0000022
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-EventTracing" Guid="{B675EC37-BDB6-4648-BC92-F3FDC74D3CA2}" />
<EventID>2</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>2</Task>
<Opcode>12</Opcode>
<Keywords>0x8000000000000010</Keywords>
<TimeCreated SystemTime="2018-12-31T09:10:53.262178900Z" />
<EventRecordID>216</EventRecordID>
<Correlation />
<Execution ProcessID="2148" ThreadID="5208" />
<Channel>Microsoft-Windows-Kernel-EventTracing/Admin</Channel>
<Computer>PC</Computer>
<Security UserID="S-1-5-21-3505374363-3708904325-3304681996-1001" />
</System>
<EventData>
<Data Name="SessionName">Cloud Files Diagnostic Event Listener</Data>
<Data Name="FileName">
</Data>
<Data Name="ErrorCode">3221225506</Data>
<Data Name="LoggingMode">4194560</Data>
</EventData>
</Event>
Log Name: System
Source: Microsoft-Windows-DistributedCOM
Date: 31/12/2018 09:10:50
Event ID: 10010
Task Category: None
Level: Error
Keywords: Classic
User: PC\John
Computer: PC
Description:
The server {D63B10C5-BB46-4990-A94F-E40B9D520160} did not register with DCOM within the required timeout.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="0">10010</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2018-12-31T09:10:50.462563800Z" />
<EventRecordID>27026</EventRecordID>
<Correlation />
<Execution ProcessID="444" ThreadID="7840" />
<Channel>System</Channel>
<Computer>PC</Computer>
<Security UserID="S-1-5-21-3505374363-3708904325-3304681996-1001" />
</System>
<EventData>
<Data Name="param1">{D63B10C5-BB46-4990-A94F-E40B9D520160}</Data>
</EventData>
</Event>

ED209 · 31 Dec 2018 at 10:25

When looking under event viewer there should be a folder on the left saying Windows Logs. under here you should see System.

If you look at the list under here it should give you errors, see my example below, this is for Windows 7 and should be roughly the same for Windows 10

jsmoke · 31 Dec 2018 at 10:25

Do they same for system events, look for a red exclamation mark next to the events, or acres cross etc.

There should also be an option in Windows to not restart after a bsod, set this option and write down error on bsod screen next time it happens.