SEARCH

The How-To Geek Forums Have Migrated to Discourse



Join the Discussion at discuss.howtogeek.com

How-To Geek Forums / Windows 7

Can I delete warnings and events from my event viewer?

(37 posts)
  • Started 1 year ago by lasvegasidiot
  • Latest reply from nefetete1
  • Topic Viewed 2062 times

1 2
lasvegasidiot
Posts: 15

My log summary shows 26 log names disabled.
The service control manager shows 375 events since yesterdays purge. Most are listed as event ID 7036 (about 300 of them) Task none.Again I can't copy/paste any of this.
Bruce

Posted 1 year ago #
Top
 
ispalten
ispalten
Posts: 6259

Yes, you can copy and paste. Open the tasks reports up and you can do it. Right at the bottom on the left is COPY. All you need do is DOUBLE CLICK on one of them in the Event Viewer and it will open.

As for the event 7036. considered normal (https://www.microsoft.com/technet/support/ee/transform.aspx?ProdName=Windows+Operating+System&ProdVer=5.2&EvtID=7036&EvtSrc=Service+Control+Manager&LCID=1033) but there could be other reasons too (http://www.eventid.net/display.....38;phase=1) that might need investigation.

Are ALL these ERRORS or just INFORMATION or WARNINGS?

Post a few of the errors please.

Irv S.

Posted 1 year ago #
Top
 
raphoenix
raphoenix
Posts: 14920

Error WMI 10

Run this Fixit
http://support.microsoft.com/d.....US;2545227

Error HAL 12 (Possible Sleep errors)

Check for vendor Bios Update.
http://social.technet.microsof.....c7f5d38a7d

Warning WLAN AutoConfig 4001

Reset Service
Adminstrative Tools>Services>WLAN Auto Config---> Set to Manual.

Warning User Profile Service 1530

Hive Process leak during Shutdown
Ignore for right now (just a Warning)

Rick P.

Posted 1 year ago #
Top
 
lasvegasidiot
Posts: 15

Log Name: System
Source: Microsoft-Windows-HAL
Date: 5/8/2012 12:02:15 PM
Event ID: 12
Task Category: None
Level: Error
Keywords: (1)
User: N/A
Computer: Bruce-PC
Description:
The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-HAL" Guid="{63D1E632-95CC-4443-9312-AF927761D52A}" />
<EventID>12</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000001</Keywords>
<TimeCreated SystemTime="2012-05-08T19:02:15.962000000Z" />
<EventRecordID>67653</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="832" />
<Channel>System</Channel>
<Computer>Bruce-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="Count">1</Data>
<Data Name="FirstPage">80</Data>
<Data Name="LastPage">80</Data>
</EventData>
</Event>

Posted 1 year ago #
Top
 
lasvegasidiot
Posts: 15

The last two posts are the only error messages, the others are warnings.
Thanks everyone, Bruce

Name: Application
Source: Microsoft-Windows-WMI
Date: 5/8/2012 11:30:39 AM
Event ID: 10
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Bruce-PC
Description:
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WMI" Guid="{1edeee53-0afe-4609-b846-d8c0b2075b1f}" EventSourceName="WinMgmt" />
<EventID Qualifiers="49152">10</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-05-08T18:30:39.000000000Z" />
<EventRecordID>12068</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>Bruce-PC</Computer>
<Security />
</System>
<EventData>
<Data>//./root/CIMV2</Data>
<Data>SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99</Data>
<Data>0x80041003</Data>
</EventData>
</Event>

Posted 1 year ago #
Top
 
raphoenix
raphoenix
Posts: 14920

See My Post Above Your Posting

Fix per instructions

Run Event.bat

Reboot

Check Administrative Log

Post back

Rick P.

Posted 1 year ago #
Top
 
lasvegasidiot
Posts: 15

I've done as you suggested. Only these two warnings show up now.
Bruce

Log Name: System
Source: Microsoft-Windows-WLAN-AutoConfig
Date: 5/9/2012 4:38:49 PM
Event ID: 4001
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: Bruce-PC
Description:
WLAN AutoConfig service has successfully stopped.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WLAN-AutoConfig" Guid="{9580D7DD-0379-4658-9870-D5BE7D52D6DE}" />
<EventID>4001</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>2</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2012-05-09T23:38:49.447500000Z" />
<EventRecordID>68030</EventRecordID>
<Correlation />
<Execution ProcessID="964" ThreadID="988" />
<Channel>System</Channel>
<Computer>Bruce-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
</EventData>
</Event>

Log Name: Application
Source: Microsoft-Windows-User Profiles Service
Date: 5/9/2012 4:38:23 PM
Event ID: 1530
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: Bruce-PC
Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-3164753274-1595191286-1399480476-1000_Classes:
Process 1608 (\Device\HarddiskVolume1\Program Files\Trend Micro\AMSP\coreServiceShell.exe) has opened key \REGISTRY\USER\S-1-5-21-3164753274-1595191286-1399480476-1000_CLASSES

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" />
<EventID>1530</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2012-05-09T23:38:23.239500000Z" />
<EventRecordID>12129</EventRecordID>
<Correlation />
<Execution ProcessID="1004" ThreadID="4596" />
<Channel>Application</Channel>
<Computer>Bruce-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="EVENT_HIVE_LEAK">
<Data Name="Detail">1 user registry handles leaked from \Registry\User\S-1-5-21-3164753274-1595191286-1399480476-1000_Classes:
Process 1608 (\Device\HarddiskVolume1\Program Files\Trend Micro\AMSP\coreServiceShell.exe) has opened key \REGISTRY\USER\S-1-5-21-3164753274-1595191286-1399480476-1000_CLASSES
</Data>
</EventData>
</Event>

Posted 1 year ago #
Top
 
raphoenix
raphoenix
Posts: 14920

Set WLAN-AutoConfig Service to DISABLE

Do Event.bat

Reboot

Do Event.bat

Reboot

Check Administrative Log

Post Back

Rick P.

Posted 1 year ago #
Top
 
lasvegasidiot
Posts: 15

Rick, Purged twice. It only shows the 4001, and 1530 events (within the last two hours).
Bruce

Posted 1 year ago #
Top
 
raphoenix
raphoenix
Posts: 14920

Set WLAN-AutoConfig Service to (DISABLE)
This used to be called WZC (Wireless Zero Configuration) in old XP.

Do Event.bat

Reboot

Do Event.bat

Reboot

Check Administrative Log

The 1530 Process Leak is most probably caused by Trend Micro AV not shutting down quickly.
We could fix this by may be ??? increasing Shut Down time BUT it is only a warning and not an error.

Post Back

Rick P.

Posted 1 year ago #
Top
 
lasvegasidiot
Posts: 15

Rick, Critical 0, Error 0, Warning 3036 gatherer as well as the same two (4001 and 1530) within the last two hours.
Thanks again, Bruce

Posted 1 year ago #
Top
 
raphoenix
raphoenix
Posts: 14920

Gatherer Error Event ID 3036 is most probably due to a corrupt Index file in Windows Search.

If you want that off, DISABLE Indexing AND Windows Search Service.

Also Indexing should be UN-checked on the HDD.

There are several (Tasks) which use Gathering Function that should be DISABLED also if running an SSD.

Rick P.

Posted 1 year ago #
Top
 
lasvegasidiot
Posts: 15

Should I do that permanently? Thanks again for all of your help. I'll check the event viewer again tomorrow. I am of to work.
Bruce

Posted 1 year ago #
Top
 
raphoenix
raphoenix
Posts: 14920

Bruce,

We will look at it again tomorrow.

Have a Good Shift. :)

Rick P.

Posted 1 year ago #
Top
 
fannyyahoocom
Posts: 1

Is it alright to disable all of even viewer and logs?

Posted 10 months ago #
Top
 
warlock
warlock
Posts: 4100

@fannyyahoocom, This is a 2 month old thread. Please start a new topic and post with your question.

Posted 10 months ago #
Top
 
nefetete1
Posts: 1

You are my Hero! I had over 6,000 errors on my event viewer. The .Bat worked like a charm. I was taking my T mobile stick out of the USB Port with out safty removing it from the eject option Icon.

Thank You, Thank you,
Angela

Posted 4 months ago #
Top
 

1 2


Topic Closed

This topic has been closed to new replies. Please create a new topic instead.


Create New Topic Return to Forum