Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 4097 Source: DrWatson

The application, <application name>, generated an application error The error occurred on <date and time> The exception generated was <error code> at address <memory address> (<function name>)
Data: 0000: 0d 0a 0d 0a 41 70 70 6c
This error is not specific to a particular problem. It is generated by DrWatson everytime an application tries to access parts of the memory that it is not allowed to. Check the link for the automatic search at Microsoft for a list of several Q articles about these type of events.

Application: "spoolsv.exe" - From a newsgroup post: "Remove all files inside the %windir%\SYSTEM32\Spool\PRINTERS folder. If there is anything in here, it
is most likely what is causing Spoolsv to crash with errors." ME199915 indicates a situation when Spoolss.exe generates Dr. Watson messages.

Application: "exe/inetinfo.dbg" - See ME196016.

Various error codes reported:
- c0000005 (Error code 0xC0000005) = A memory access violation occurred.

Functions reported:
- DllGetClassObject - Part of Microsoft COM SDK, it retrieves the class object from a DLL object handler or object application.
- wcscpy - Function used to copy a string. wcscpy is the wide-character version of strcpy.
- RtlDeleteCriticalSection - Part of Windows DDK (device driver kit)
Application: Acrobat.exe, error: c0000005 - I was unable to run a repair on the app (Adobe Acrobat Professional 7.0.7) but the problem did not recur after a reboot.
- Application: nissvc.exe, error: c0000005 - See ME945166 for a hotfix applicable to Microsoft Windows Server 2003
- Application: tecadwins001.exe, error: c0000005 - See "IBM Support Reference #IY67231.
- Application: tecadwins.exe, error: c0000005 - See "IBM Support Reference #21200995".
- Application: exe\SetupBO.dbg, error: c0000005 - See ME250457.
- Application: exe\keyring.dbg, error: c0000005 - See ME159001.
- Application: snaadmin.DBG, error: c0000005 - See ME150241.
- Application: exe\srvinfo.dbg, error: c0000005 - See ME175307.
- Application: exe\snaudb.dbg, error: c0000005 - See ME242876.
- Application: exe\mqsvc.dbg, error: c0000005 - See ME311896 for a hotfix applicable to Microsoft Message Queuing 2.0.
- Application: exe\swsvc.dbg, error: c0000005 - See ME214460.
- Application: exe\store.dbg, error: c0000005 - See ME278407.
- Application: Wmplayer, error: C00000FD - See ME296500.
- Application: exe\SNABASE.DBG, error: C0000005 - See ME147712 and ME173618.

As per Microsoft: "This event may occur when you try to view an appointment in the Microsoft Outlook calendar". See ME896105 for a hotfix applicable to Microsoft Exchange 2000 Server.

See ME161568, ME319704, ME811484 and ME930044 for additional information on this event.
- Application: C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe - In my case this was caused by an incorrect license file being used within FLEXlm licence manager. A typo within the MAC address caused the licence file to become invalid. Can also be caused by the licence expiring. Resolved by fixing the typo.
- Application: exe\MSEXCIMC.dbg, error: c0000005 - See ME214407.
- Application: exe\store.dbg, error: c0000005 - See ME152937, ME169223, ME181931 and ME829418.
- Application: exe\store.dbg, error: 000000ba - See ME166596.
- Application: ccmc.dbg, error: c0000005 - See ME168556.
- Application: mailmig.exe, error: c0000005 - See ME268496.
- Application: exe\cpqmgmt.DBG, error: c0000005 - See ME287264.
- Application: MQSVC.EXE, error: c0000005 - See ME301596.
- Application: exe\poledit.dbg, error: c0000005 - See ME227864.
- Application: Dns.exe, error: c0000008 (Error code 0xC0000008) = STATUS_INVALID_PARAMETER - See ME258073.
- Application: dns.exe, error: 80000003 - See ME837088.
- Application: Svchost.exe, error: c0000005 - See ME298061.
- Application: emsmta.DBG, error: e0020002 - See ME157701.
- Application: exe\emsmta.dbg, error: c00000005 - See ME812993.
- Application: C:\WINDOWS\regedit.exe, error: c0000005 - See ME817448.
- Application: exe\snaservr.DBG, error: c0000005 - See ME162489 and ME163071.
- Application: exe\snaprint.DBG, error: c0000005 - See ME169132 and ME173617.
- Application: admin.dbg, error: c000001d (Error code 0xC000001D) - See ME168737.
- Application: dsamain.DBG, error: 000006d9 - See ME173303.
- Application: exe\inetinfo.dbg, error: c0000005 - See ME242341.
- Application: exe\tn5250.dbg, error: 80000003 - See ME252837.
- Application: vmimb.exe, error: c0000005 - See ME327672.
- Application: exe\snanmvt.dbg, error: c0000005 - See ME181977.
- Application: cidaemon.exe, error: c0000005 - See ME839054 for a hotfix applicable to Microsoft Windows 2000.
- Application: Poledit.exe, error: 0xc000005 - See ME179553.
- Application: C:\Program Files\Network Associates\TVD\WebShield
SMTP\FrontEnd.exe - See "Network Associates Support Solution ID: nai25159".
- Application: MSEXCIMC.exe, error: c0000005 - See ME884874 for a hotfix applicable to Microsoft Exchange Server 5.5.
- Application: ntbackup.exe - See ME871169.
- Application: iexplore.exe - See ME889389 for a hotfix applicable to Microsoft Windows XP SP2.
- Application: explorer.exe - See ME872764 for a hotfix applicable to Microsoft Windows 2000.
- Application: javaw.exe - See the link to "Veritas Support Document ID: 245517".
- Application: mmc.exe - See "BlackBerry Support Article Number: KB-04848".
- Application: dnslint.exe - To resolve this issue, install the latest version of the DNSLint tool. See ME867463 for details on this issue.

See "Network Associates Support Solution ID: NAI29545" if you are running McAfee GroupShield 5.2 for Domino.

See ME328936 for a hotfix applicable to Microsoft Windows 2000.
See ME890744 for a hotfix applicable to Microsoft Windows XP.

Also check ME290644, ME298511, ME311517, ME822360, "Citrix Support Document ID: CTX106713", and MSW2KDB for additional information.

- Application: mshta.exe - I was not able to access Add\Remove Programs either by the Control Panel or directly by entering appwiz.cpl in the Run bar. I tried the SFC procedure detailed in ME285195 with no joy, and without wanting to do a full repair, I tried re-installing IE6, which (after a reboot) resolved the issue.
- Application: C:\Program Files\VMware\VMware GSX Server\bin\vmware-vmx.exe, error: 80000007 - Decrease the reserved memory in the Vmware host machine.
- Application: explorer.exe, error: c0000005 - In one case, this Event ID appeared on Windows 2003 SP1 with Microsoft Office 2000 installed, together with a third-party product. When Excel or Word was opened, Windows Task Manger showed the processor at 100% and this Event ID was logged. This problem was resolved by removing Microsoft Office 2000. Install Microsoft Office 2003 if possible, as it does not suffer from the same problem.
Application: "spoolsv.exe" - When trying to print document from Word 2000, event id 4097 appears and Word closes. I removed the computer from the domain and than rejoined. Problem solved.
In my case, this error occurred when I installed Adobe Acrobat Reader 6.0 to a Windows NT 4.0 workstation. Reapplying Service Pack 6a has solved the problem.
I was getting event 4097 whenever a user opened Microsoft Word on a Win2k pro computer. To fix this, I added his account to the local administrators group.
Error code: c0000005 (Error code 0xC0000005) - In my case, the problem is that the date was set one hundred years into the  future. The BIOS time was set improperly. On boot, Windows NT4.0 SP6a digested and accepted the year 2102. But an application, Maya 4.0 made by Alias/Wavefront dies at startup with a Dr. Watson message. From the dump it looks like the "strftime" function is crashing when called to format the year.
Application: mailmig.exe, error: c0000005 (Error code 0xC0000005) - See ME268496 - this is a problem with the GroupWise 5.5.4 client. Once older client is installed the Exchange Email Migration worked.
Application: mshta.exe - You can not install or remove applications over the control panel/software. You must run SFC.EXE.After that problem should be fixed. See Microsoft Support KB ME285195.

Application: "spoolsv.exe" - From a newsgroup: "Exception code c0000005 (Error code 0xC0000005) means "access violation". Check if LocalSystem account ("System") has full access to the root directory where the operating system is stored."

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.