Windows 7 Event Log Errors

From Indie IT Wiki
Jump to: navigation, search

Errors

Source – Event ID – Task Category

ID - 2 - Kernel-EventTracing

Session "Circular Kernel Context Logger" failed to start with the following error: 0xC0000035

ipconfig /Flushdns
ipconfig /release *Con*

Ensure DCHP is enabled then reboot, on restart the network card is re-registered with DNS.

ID - 3 - Kernel-EventTracing

Session "Microsoft Security Client OOBE" stopped due to the following error: 0xC000000D

This procedure appears to solve the issue.

It MUST be done Exactly by the Steps.

  1. DISABLE the Microsoft Antimalware Service
  2. REBOOT the machine
  3. DELETE the EppOobe.etl (File Reference Path) C:\ProgramData\Microsoft\Microsoft Security Client\Support\EppOobe.etl
  4. REBOOT the machine
  5. ENABLE the Microsoft Antimalware Service
  6. REBOOT the machine
  7. Frequently CHECK the Administrative Events Log under Custom Views to ensure the error does not reappear.

NOTE: Just Deleting the EppOobe.etl file and Rebooting will NOT work.

http://bit.ly/1AMwjXb

ID - 10 -

Copy the following code in to a text editor (or download as a text file Media:Workaround.txt remembering to rename it to .vbs):

strComputer = "."

Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" _
& strComputer & "\root\subscription")
 
Set obj1 = objWMIService.ExecQuery("select * from __eventfilter where name='BVTFilter' and query='SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA ""Win32_Processor"" AND TargetInstance.LoadPercentage > 99'")

For Each obj1elem in obj1

set obj2set = obj1elem.Associators_("__FilterToConsumerBinding")

set obj3set = obj1elem.References_("__FilterToConsumerBinding")

For each obj2 in obj2set

WScript.echo "Deleting the object"

WScript.echo obj2.GetObjectText_

obj2.Delete_

next

For each obj3 in obj3set

Script.echo "Deleting the object"

WScript.echo obj3.GetObjectText_

obj3.Delete_

next

WScript.echo "Deleting the object"

Script.echo obj1elem.GetObjectText_

obj1elem.Delete_

Next

Close and save the file with the extension .vbs not .txt

Open an elevated command prompt (or simple run in the Administrator profile) and run the following command in the folder the .vbs file is saved in:

Command Prompt:

cscript workaround.vbs

http://support.microsoft.com/kb/2545227

ID - 1001 - DHCP

Disable Microsoft Virtual WiFi Miniport adapter

ID - 1008 - Customer Experience Improvement Program

Try this fix:

https://social.technet.microsoft.com/Forums/windows/en-US/482081d7-faa4-4206-b945-6e2e432277d5/fixing-ceip-related-crashes-in-windows-7-beta?forum=w7itproinstall

ID - 1327 - Invalid Drive

Locate the following key in the registry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders

In the right pane if there are any entries which has an F or any other letter that is not C modify data to C:\ This is assuming your Windows installation is on the C:\ drive.

ID - 3011 & 3012 - (Usually seen paired together)

At the command prompt type:

lodctr /r

http://forums.majorgeeks.com/showthread.php?t=118418

ID - 3036 - Search

Log Name : Application

Source : Search

Level : Warning

Task Category : Gatherer

FIX:

1. Click on the Start Button, type "Indexing Options" (without quotation marks) in the Start Search box and press Enter.

2. To edit the "Index these locations" section click the 'Modify' button, remove all the Internet Explorer History and any "Offline Files" items linked to old/removed user profiles as well as user profiles standard users do not have access to, i.e. Administrator.

3. Click the "OK" button.

4. Next click the "Advanced" button.

5. If not selected click on the "Index Settings" tab.

6. Under Troubleshooting section, click the "Rebuild" button, then "OK".

7. When the rebuild has been completed click "Close" and reboot.

ID - 5719 - NETLOGON

Source : NETLOGON

http://support.microsoft.com/kb/938449

http://support.microsoft.com/kb/2459530

ID - 7000 -

  • Source: Service Control Manager
  • Task Category:
  • Message:
   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cdrom
   Name: Start
   Type : REG_DWORD
   Data: 3 or 4

   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\parport
   Name: Start
   Type : REG_DWORD
   Data: 3 or 4

Note 1: If the registry is altered to 4 (Disabled), the related device is not usable because a driver used in the device is not loaded. If you want to use the device the future change the registry to 3 (Manual).

Note 2: Try the parport setting first.

Thanks to Microsoft.

ID - 7011

  • Source: Service Control Manager
  • Task Category: None
  • Message: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
  • Fix: Changed service to Automatic instead of manual.

ID - 7022 -

https://www.alexlomas.com/blog/2012/06/the-following-service-is-taking-more-than-4-minutes-to-start-and-may-have-stopped-responding/

http://support2.microsoft.com/default.aspx?scid=kb;en-us;319127

http://www.techmonkeys.co.uk/Thread-display-driver-problem

http://www.techie7.com/threads/lost-all-printers.48864/

ID - 36888 -

SOURCE: Schannel

  • Regedit
  • HKEY_LOCAL_MACHINE > System > CurrentControlSet > Control > SecurityProviders > SCHANNEL
  • EventLogging - Change from 1 to 0

While this does not cure the issue it stops it being logged. As pointed out on Technet this solution is akin to disconnecting your car's engine warning light.

Thanks to Pete Net Live.