Opening of anonymous logon Type 3 in Event Viewer Security log

Similar Questions

• Error in the Event Viewer system log

  Separated from this thread.

  Gerry,

  Thank you for your response.  It gives me a better understanding than the data stored on my computer that may be able to help me, and you have introduced me into a player.  I've posted the system log here and it includes hundreds of lines.  However I do not know how to make it visible to you.  I checked it to share and the only file that is serious is one that you brought me to download.  Although I have not found the answer to my problem, I found your advice gave me a better understanding about the tools that are available.  Maybe I'll get to understand how to use them.

  Ed Walsh

  Ed

  Please provide more information for your issue to be diagnosed.

  Restart your computer and wait 20 minutes for the system to operate before you download information. When the review much, not Event Viewer log files all problems show in the period immediately after the computer has booted.

  Please provide a copy of your system information file. Type the system information in the search box above the Start button and press the ENTER key (alternative is select Start, all programs, accessories, System Tools, system information). Select file, Export and give the file a name noting where it is located. Not to place the cursor in the body of the report before exporting the file. The system creates a new information file system each time system information is available. You must allow a minute or two before the file is completely filled before exporting a copy. Please download the file to your OneDrive, to share with everyone and post a link here. If the report is in one language other than English, please indicate the language.

  Please download and share with everyone a new copy of your log System of your event viewer on your disc one and post a link here. It allows to avoid confusion if you delete all previous copies of the log files of your OneDrive.

  To access the system, log, select Start, Control Panel, administrative tools, Event Viewer, in the list on the left of the window, expand Windows logs and select System. Place the cursor on the system, select the Action in the Menu and record all events like (the evtx default file type) and give a name to the file. Do not offer not filtered files. Do not place the cursor in the list of reports before selecting the Action from the menu. Do not clear the logs so that you have a persistent problem.

  For assistance OneDrive see paragraph 9.3:

  http://www.gerryscomputertips.co.UK/MicrosoftCommunity1.htm

  General remarks on the event viewer:

  http://www.gerryscomputertips.co.UK/syserrors5.htm

• Question about consistent errors in the event viewer XP Home Edition

  I ran a program called VEW looking errors up to twenty in the XP Event Viewer.

  Here is the data for the analysis of files:

  V01c Vino event viewer run on Windows XP in English
  Report run at 28/01/2012 23:42:23

  Note: All dates below are in the format dd/mm/yyyy

  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  "System" Log - error Type
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  Journal: "System" Date/time: 01/28/2012 22:48:06
  Type: error category: 0
  Event: 10005 Source: DCOM
  DCOM got error "% 1058" try to start the service NMIndexingService with arguments "" to start the server: {E8933C4B-2C90-4A04-A677-E958D9509F1A}

  Journal: "System" Date/time: 01/28/2012 22:47:40
  Type: error category: 0
  Event: 7023 Source: Service Control Manager
  Windows Driver Foundation - User-mode Driver Framework service terminated with the following error: a device attached to the system is not functioning.

  Journal: "System" Date/time: 01/28/2012 22:35:31
  Type: error category: 0
  Event: 7023 Source: Service Control Manager
  Windows Driver Foundation - User-mode Driver Framework service terminated with the following error: a device attached to the system is not functioning.

  Journal: "System" Date/time: 27/01/2012-22:49:54
  Type: error category: 0
  Event: 10005 Source: DCOM
  DCOM got error "% 1058" try to start the service NMIndexingService with arguments "" to start the server: {E8933C4B-2C90-4A04-A677-E958D9509F1A}

  Journal: "System" Date/time: 27/01/2012-22:37:21
  Type: error category: 0
  Event: 7023 Source: Service Control Manager
  Windows Driver Foundation - User-mode Driver Framework service terminated with the following error: a device attached to the system is not functioning.

  Journal: "System" Date/time: 27/01/2012-14:32:57
  Type: error category: 0
  Event: 7023 Source: Service Control Manager
  Windows Driver Foundation - User-mode Driver Framework service terminated with the following error: a device attached to the system is not functioning.

  Journal: "System" Date/time: 27/01/2012 03:38:23
  Type: error category: 0
  Event: 7023 Source: Service Control Manager
  Windows Driver Foundation - User-mode Driver Framework service terminated with the following error: a device attached to the system is not functioning.

  Journal: "System" Date/time: 25/01/2012-13:53:36
  Type: error category: 0
  Event: 10005 Source: DCOM
  DCOM got error "% 1058" try to start the service NMIndexingService with arguments "" to start the server: {E8933C4B-2C90-4A04-A677-E958D9509F1A}

  Journal: "System" Date/time: 25/01/2012-13:32:34
  Type: error category: 0
  Event: 7023 Source: Service Control Manager
  Windows Driver Foundation - User-mode Driver Framework service terminated with the following error: a device attached to the system is not functioning.

  Journal: "System" Date/time: 24/01/2012 23:35:59
  Type: error category: 0
  Event: 10005 Source: DCOM
  DCOM got error "% 1058" try to start the service NMIndexingService with arguments "" to start the server: {E8933C4B-2C90-4A04-A677-E958D9509F1A}

  Journal: "System" Date/time: 24/01/2012 23:21:10
  Type: error category: 0
  Event: 29 Source: W32Time
  The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible.  No attempt to contact a source will be for 14 minutes. NtpClient has no source of accurate time.

  Journal: "System" Date/time: 24/01/2012 23:21:10
  Type: error category: 0
  Event: 17 Source: W32Time
  Time provider NtpClient: an error has occurred during the DNS lookup of the manually configured peer 'time.nist.gov, 0x1 '. NtpClient will try the DNS lookup in 15 minutes. The error was: a socket operation was attempted to an unreachable host. (0 x 80072751)

  Journal: "System" Date/time: 24/01/2012 23:18:36
  Type: error category: 0
  Event: 7023 Source: Service Control Manager
  Windows Driver Foundation - User-mode Driver Framework service terminated with the following error: a device attached to the system is not functioning.

  Journal: "System" Date/time: 24/01/2012 02:15:46
  Type: error category: 0
  Event: 7023 Source: Service Control Manager
  Windows Driver Foundation - User-mode Driver Framework service terminated with the following error: a device attached to the system is not functioning.

  Journal: "System" Date/time: 24/01/2012-12:58:29 AM
  Type: error category: 0
  Event: 10005 Source: DCOM
  DCOM got error "% 1058" try to start the service NMIndexingService with arguments "" to start the server: {E8933C4B-2C90-4A04-A677-E958D9509F1A}

  Journal: "System" Date/time: 24/01/2012 00 h delighteth
  Type: error category: 0
  Event: 7023 Source: Service Control Manager
  Windows Driver Foundation - User-mode Driver Framework service terminated with the following error: a device attached to the system is not functioning.

  Journal: 'System' time: 23/01/2012 23:26:32
  Type: error category: 0
  Event: 7023 Source: Service Control Manager
  Windows Driver Foundation - User-mode Driver Framework service terminated with the following error: a device attached to the system is not functioning.

  Journal: 'System' time: 23/01/2012 23:26:19
  Type: error category: 0
  Event: 10005 Source: DCOM
  DCOM got error "% 1058" try to start the service NMIndexingService with arguments "" to start the server: {E8933C4B-2C90-4A04-A677-E958D9509F1A}

  Journal: 'System' time: 23/01/2012 23:02:41
  Type: error category: 0
  Event: 10005 Source: DCOM
  DCOM got error "% 1058" try to start the service NMIndexingService with arguments "" to start the server: {E8933C4B-2C90-4A04-A677-E958D9509F1A}

  Journal: 'System' time: 23/01/2012 18:28:49
  Type: error category: 0
  Event: 7023 Source: Service Control Manager
  Windows Driver Foundation - User-mode Driver Framework service terminated with the following error: a device attached to the system is not functioning.

  Journal: "System" Date/time: 24/01/2012 23:35:59

  Parameters of scanning has been:

  • System
  • Errors
  • 1-20 errors, valued at twenty.

  What are these errors and they are nothing to worry about?

  I have Nero 8 on this system and have an updated hosts file the running here: http://winhelp2002.mvps.org/hosts.htm

  Not sure, but I may have changed a network setting to activate the new hosts file work properly.

  Seen these errors for a while. system works well and smoothly.  No symptoms of malware or infection seen or found.  I would call these software errors as they seem does not affect the operation of the system.

  XP Home Edition SP3 P4 2.8 2 GB RAM

  Joe

  Oh yes :)

  I have never used the program VEW and don't think I will check it - I just look at the Event Viewer logs the old-fashioned way (manually) if I think that there is a problem, but that might just be the old me.

  It is true that XP Home doesn't have Group Policy Editor, but all policy settings are always available via the registry.

  Some malware will change your GP settings and cause problems.

  I have a little import registry will correct all the ones I know, so if someone has these symptoms, any flavor of XP, they are running, I'll just send the script because sometimes you will be not able to solve the problem, even if you have not the GP Editor.

  The registry always import work - and work well for XP Home or XP Pro.  If you have the symptoms and XP Home, what would you?   Start the import operation of the registry.

  If you're curious, off on my SkyDrive it is a spreadsheet Excel (Group Policy settings) who has all the parameters of GP and where they are in the registry.  I do not recommend start searching, but it is useful to know where things are if there is a problem.

  I would not allow the connection of a security XP stuff unless you think you're being attacked.  More and verbose logging slows things down.  My Event Viewer Security log is empty.

  Find the links to the Microsoft Support Engineer for the most part useless to actually solve a problem (because it help you with your problem), if someone has a question or point of Event Viewer, I usually just send them this:

  To view the logs in Event Viewer, click Start, settings, Control Panel, administrative tools, event viewer.

  A shortcut to the event viewer is to click on start, run and enter in the box:

  %SystemRoot%\system32\eventvwr.msc

  Click OK to launch the event viewer.

  The most interesting newspapers are usually the system and Application logs.

  Some newspapers such as security and Internet Explorer may be completely empty or have just a few items.  The default settings for XP wants do not connect all this activity, unless you need to solve a problem in these areas.  If you enable logging for them the papers fill up quickly and could adversely affect the performance of your system with all the extras (often unnecessary) activity.

  If you have Microsoft Office installed, it has its own newspapers, and they can be empty or occasional boring activity very little or, if there is no problem with your desktop applications.  It's normal.

  Not every event is a problem, some are informational messages that things work very well, and some are warnings.

  However, no event should defy reasonable explanation.

  Each event is sorted by Date and time.  Errors will be red Xs, warnings will have yellow! s.
  Informational messages have white is.  Not every error or warning event means that there is a serious question.

  Some are excusable at boot time when Windows starts.  Try to find only the events to the date and time around your problem.

  If you double-click on an event, it will open a window of properties with more information.  On the right are black up and down arrow keys to scroll through the open events. The third button that looks like two overlapping pages is used to copy the details of the event in your Windows Clipboard.

  When you find an interesting event that occurred at the time of your question, click on the third button at the top and arrows to copy the details and then you can paste the details (right click, paste or CTRL-V) the text in detail here for analysis.  Remove all personal information from your information after you paste If you are forced to do so.

  If you paste an event, it will look something like this annoying system startup event:

  Event type: Information
  Event source: Service Control Manager
  Event category: no
  Event ID: 7035
  Date: 14/07/2010
  Time: 17:54:18
  User: Jose
  Computer: computer

  Description:
  The Remote Access Connection Manager service was sent successfully a starting control.

  To get a fresh start on any log of the event viewer, you can choose to clear the log (the log backup is available), and then reproduce your problem, then just look at the events around your show and troubleshoot events that are happening when you have your question.

  You can search for events on the World Wide Web and get ideas.  It's where people events they see and then to the top of their questions, ideas and solutions:

  http://www.EventID.NET/

  If you find your event in the discussion, the first idea or discussion does not necessarily mean it is the "answer" to your situation, so read through all the ideas to find the one that sounds more like your situation.

• NT AUTHORITY\ANONYMOUS LOGON what does this mean?

  Event type: Success Audit
  Event source: security
  Event category: opening/closing session
  Event ID: 540
  Date: 31/05/2012
  Time: 09:22:52
  User: NT AUTHORITY\ANONYMOUS LOGON
  Computer: The-F20B3C162B1
  Description:
  Network logon successful:
  User name:
  Domain:
  Logon ID: (0x0, 0xC193)
  Logon type: 3
  Logon process: NtLmSsp
  Authentication package: NTLM
  Name of the workstation:
  Logon GUID: -.
  .

  Hello JMT50,

  Look at the thread in TechNet with a good explanation.

  http://social.technet.Microsoft.com/forums/en-AU/winservergen/thread/1543fa72-B268-4506-B490-60c306c7a96d

  Thank you

• Warnings from Event Viewer: connection rejected by the server. Reason: [AccessManager.Reject]

  Looking through our windows event viewer application logs, I noticed a large number of these warning listed. What would cause that they messages generated? Nothing to worry?

  It seems that they are all created between the creeks of the live event - after a stream stopped live published and before the next live event stream begins, about a 20-minute break.

  Type of event:	Warning
  Event source:	FMS (Edge)
  Event category:	(264)
  Event ID:	1213
  Date:		31/12/2011
  Time:		19:22:37
  User:		N/A
  Computer:	FMS

  Description:

  Connection refused by the server. Reason: [AccessManager.Reject]: [code = 403 required auth; authmod = adobe]:

  Type of event:	Warning
  Event source:	FMS (Edge)
  Event category:	(264)
  Event ID:	1213
  Date:		31/12/2011
  Time:		19:24:02
  User:		N/A
  Computer:	FMS

  Description:

  Connection refused by the server. Reason: [AccessManager.Reject]: [authmod = adobe]:? reason = needauth & user = testusr & KnMAAA = salt is & challenge = lHIAAA is & opaque = lHIAAA ==

  Thank you

  Dave

  Yes - OUT Authentication plugin is a kind of plugin access to the message you get is valid - because I assume that somebody was trying to publish to your FMS without going through the correct credentials. It is therefore the reason why this message is generated. I hope that now things are clearer to you.

• Error in the Application log viewer window logs event ID 10 WMI

  I am running windows 7 Home premium on my dell computer xps laptop.

  My event viewer application logs: error ID 10, source WMI

  the event data:

  ./root/CIMV2

  SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA 'Win32_Processor' AND TargetInstance.LoadPercentage > 99

  0 x 80041003

  I also get a warning just a fraction of a second before: event ID 3, source SQL Browser

  the event data: AdminConnection

  SQLEXPRESS

  How can I fix it?

  Thank you

  Hello plzhelpwin7

  See the article below and run the fix it tool. Let me know if it helps. Thank you.
  http://support.Microsoft.com/default.aspx?scid=kb;en-us;2545227

• Anonymous logon suspicious in Event Viewer

  I see a couple of these safety Event Viewer logs in my computer connected to the domain:

  Log name: security
  Source: Microsoft-Windows-security-auditing
  Date: 08/11/2014 06:54:52
  Event ID: 4624
  Task category: logon
  Level: Information
  Keywords: Audit success
  User: n/a
  Computer: 1K7RGX1
  Description:
  An account has been connected successfully.

  Object:
  Security ID: NULL SID
  Account name: -.
  Account domain: -.
  Logon ID: 0x0

  Logon type: 3

  New logon:
  Security ID: ANONYMOUS logon
  Account name: ANONYMOUS logon
  Account domain: NT AUTHORITY
  Login ID: 0x2f261
  Logon GUID: {00000000-0000-0000-0000-000000000000}

  Process information:
  Process ID: 0 x 0
  Process name: -.

  Network information:
  Name of the workstation:
  Source network address: -.
  Source port: -.

  Detailed authentication information:
  Logon process: NtLmSsp
  Authentication package: NTLM
  Transited Services: -.
  Package Name (NTLM only): NTLM V1
  Key length: 0

  This event is generated when a session is created. It is generated on the computer that was consulted.

  The fields of the object indicate the account on the local system that requested the opening of session. It is more often a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

  The logon type field indicates the type of logon that occurred. The most common types are 2 (interactive) and 3 (network).

  The new session fields indicate the account for which the new logon was created, which is the account that was logged.

  The network fields indicate where source opening of remote session request. Workstation name is not always available and may be left blank in some cases.

  The authentication information fields provide detailed information on this specific logon request.
  -Connection GUID is a unique identifier that can be used to correlate this event with a KDC event.
  -Transit services indicate which intermediate services participated in this logon request.
  -Name of the package indicates what auxiliary Protocol was used among the NTLM protocols.
  -Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

  Some of them bear the name of the listed computer, some of them do not. I did not except the default administrative shares, shared folders. I don't share printers and 'file and printer sharing' are disabled in my Advanced settings network. Where do I get these? They are really suspect.

  Hey Kevin,

  Thanks for posting your query in Microsoft Community.

  The description of the question, I understand you are facing a problem with Windows 7 security and your computer is connected to the domain.

  I suggest you post your query in the TechNet forums to get help.

  Follow the link below for the TechNet forums.

  https://social.technet.Microsoft.com/forums/Windows/en-us/home

  If you need more help, please do not hesitate to contact us.

• Could not find ' Logon Type: 2 ' has no field PC logon event

  We have hundred pieces of domain logon and on the domain controller audit policy has been activated as below.  But the windows event log, I can't find an interactive logon failure (ID = 4625 and logon type = 2).

  Audit account logon events - success/failure
  Account - success/failure of the audit management
  Component directory service access - check failed
  Audit logon events - success/failure
  Audit access to the - success/failure
  Audit policy change - success/failure
  Use of the privilege--failure to audit
  Audit system events - success/failure
  Treatment follow-up - no verification audit

  When I try to check the logon failed myself in the local event viewer, I found that it is n/a in respect of the security.

  

  Any idea on this?  Is my journal of bad criteria for filtering or any changes to the system requirements?

  Hello

  Thank you for visiting Microsoft Community and we provide a detailed description of the issue.

  I suggest you to report your query in the TechNet forums to get appropriate response of experts familiar with this topic.

  Please visit the link below to send your query in the TechNet forums:

  https://social.technet.Microsoft.com/forums/en-us/home?category=w7itpro

  Hope this information is useful. Please come back to write to us if you need more help, we will be happy to help you.

• Termination of IPSEC Services and anonymous logon

  Ending IPSEC Services

  , I receive the following event in the log to start. I also have a message of success for a logon by ANONYMOUS. I realize that this account peut be an issue of access network system using the (intentionally by MS?) Scary ID of ANONYMOUS but I am concerned about the fact that it could be something nasty.

  Details

  Product: Windows Operating System

  ID: 7023

  Source: Service Control Manager

  Version: 5.2

  Symbolic name: EVENT_SERVICE_EXIT_FAILED

  Message: The %1 service is stopped with the following error:

  %2

      

  Explanation

  The specified service has stopped unexpectedly with the error specified in the message. The service closed safely.

   

      

  User action

  To fix the error:

  Check the error information displayed in the message.

  To view error WIN32_EXIT_CODE SCM met, at the command prompt, type

  SC query service name

  The displayed information can help you troubleshoot the possible causes of the error.
  I tried every combo of syntax, that I can think of, but I can't this query to run.
  I got up and down from behind firewall router firewall protection more live Superantispyware more live Winpatrol and regularly scan with Malwarebytes and Microsoft Security Essentials. Secunia PSI keep an eye on the status of my programs. In this case, I ran additional full scans with all that I have more than 3 online scanners known.  All say CLEAN but I still get these messages. BTW account 'Guest' is disabled.
  
  
  Any help please?
  
  

  Hello

  Have you made changes on the computer before this problem?

  The following articles could be useful.
  IPSec tools and settings
  http://TechNet.Microsoft.com/en-us/library/cc738298%28WS.10%29.aspx
  IPSec troubleshooting tools
  http://TechNet.Microsoft.com/en-us/library/cc784300%28WS.10%29.aspx

• Since the download of Firefox 4, I have problems of archiving of conversations from my gmail Inbox view. Also, when I go to enter a new event in google calendar, I have to now click the cursor in the box type of the event (it used to let me just start typ

  Since the download of Firefox 4, I have problems of archiving gmail conversations since my Inbox view (one or more conversations) as it says 'No. Conversations selected' when I selected one or more. Also, when I go to enter a new event in google calendar, I have to click the cursor in the field type of the event (it used to let me just start typing) or else he bends and begins to jump to the day view or another month. Does anyone know how to fix one of these?

  I had this problem; But while trying to solve another problem, I reset my preferences for Firefox and it fixed this problem as well. To reset the preferences, follow this link: http://support.mozilla.com/en-US/kb/Resetting%20preferences

• Is it possible to open a control of type-def as string programmaticly combobox control, change it and then close by nodes invoke/property?

  This may sound crazy; but I was looking through methods and solution properties do the following:

  1. Open a cluster of type strict-def.
  
  
  2. Add an element in a chain of the Combobox control.
  
  
  3. Register the control.
  
  
  4. Close the type-def.

  LabVIEW provides the tools to do this within its broad range of pallets?

  Second step is easy, as long as the control or parent cluster is not a strict type def.

  G.R.

  It's tedious, but simple using the VI server / scripting.  First of all, make sure that the elements of additional scripts are enabled in the VI server options.  Now open the typedef as you would a VI.  In the scripts, a typedef is like a VI with no block diagram, only a front panel and control.  You can get a reference to the control that you need to change in one of the following two ways:

  1. Open its containers from top to bottom, using the reference container as the entrance to the owner for the opening of the new control.
  
  
  2. Use of the crosses in the script palette VI

  In all cases, after change it, save using recording method tools and you should be good to go.  The most difficult part is to get the reference to the control.  If you are having problems, let us know.

• Event Viewer: the initializer for type for 'advancedsetttings' threw an exception

  I get an error "the initializer for type for 'advancedsetttings' threw an exception" when trying to view the subscriptions in the event viewer.  The machine is a windows 2008 server.  It worked before but just stoped working.  I tried loging in as a local administrator on the machine account and has not worked.  Also, it does work with an account that is a domain administrator.  That everyone knows, or knows how to solve this problem?

  Thank you.  With the help of the question please repost the question in Forum Windows Server

  http://social.technet.Microsoft.com/forums/WindowsServer/en-us/home

• When I click Start it has not run icon / box to enter. There is also no administrative tools to open the event viewer. How can I see what CHKDSK found?

  I received a message that my drive (c :) was corrupt. A ran CHKDSK, now what? Time to restart ATi appeared on my control panel. What is c?

  Use the search box of start instead of run.

  Start > in the search box, type event viewer > Enter >
  the column on the left, click on the pointer before Windows logs
  Select (left-click) Applications
  Click with the right button on Applications
  Select search
  in the search box, type chkdsk
  Click next
  leave the search window
  the middle column, the top, you will see listed Wininit 1001
  right column, under the event 1001, Wininit, click Properties of the event
  A new window with the diskcheck newspaper.
  You can use the slider to display, or click the button copy and then paste it to the one that you want to use.

• Impossible to start and open the event viewer.

  I have Windows Vista (SP1) currently and am having some problems with the event viewer.

  Whenever I try to run the observer of events, either through the program or the elevated command prompt, MMC pushes me to get approval to open.

  Once opened, an error message appears indicating "MMC cannot initialize the snap-in" with the only option to hit being 'Okay '.
  I love the event viewer in order to keep track of my system and wonder if there is any means possible to get this corrected and resolved.
  Any help is appreciated!

  Hello

  You did changes to the computer before the show?

  Check if the problem persists with the different user account.

  I suggest you to proceed to the next method.

  Method 1: Run System File Checker (SFC) scan on your computer to fix this.

  SFC analyzes and verifies the versions of all protected system files after you restart your computer.

  Check the link for more information to do the same below:

  How to use the System File Checker tool to fix the system files missing or corrupted on Windows Vista or Windows 7

  http://support.Microsoft.com/kb/929833

  Restart the computer and check.

  Method 2: If the problem persists, I suggest you to open in safe mode with networkevent viewer.

  See the link below to start your computer in safe mode

  http://Windows.Microsoft.com/en-us/Windows7/start-your-computer-in-safe-mode

  Method 3: If the problem resolves itself into safe mode with network, perform the clean boot. Clean boot helps eliminate any driver or software conflicts. This is because as the usual startup programs as well as non-Microsoft services are not started in a clean boot configuration.

  How to troubleshoot a problem by performing a clean boot in Windows Vista or in Windows 7

  http://support.Microsoft.com/kb/929135

  After you perform a clean boot, restart your computer and check.

  Note: After you perform a clean boot, perform step 7: reset the computer to start as usual of the above article.

• I have an error in my event viewer: the fault bucket + 45216 0xD1_athr, type the name of the event 0: BlueScreen. Can someone please explain to me how to solve this problem.

  I have an error in my event viewer: the fault bucket + 45216 0xD1_athr, type the name of the event 0: BlueScreen

  Can someone please explain to me how to solve this problem. My computer shuts down whenever I get on the internet. I need some answers please.

  You have a problem with a driver Atheros.

  It could be the network card is bad or the driver is damaged.

  If it is a wireless card, try to connect to the router with an ethernet cable. See if you can get an updated driver from the computer manufacturer's website.

  http://msdn.Microsoft.com/en-us/library/ff560244 (v = VS. 85) .aspx