Strange event logs

Page 1 of 2 12 LastLast

  1. Jackal
    Posts : 46
    WIN 7 HP 64bit
       New #1

    Strange Events and BSOD


    Hi guys
    i dont really look into my event logs because usually, i dont have the need too.

    i randomly decided to look into my event log (while doing some maintenance on my setup)
    and found some strange events.

    two distinct event logs which are somewhat related.

    Problem 1. I can cause the following event by removing my iPod from my pc via iTunes (remove virtually not physically)

    Following events have
    Log name: Microsoft-Windows-WMI-Activity/Operational
    Event ID: 5858
    Level: Error

    Event 1:
    Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = SHADY-PC; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2992; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\wmi : select * from WDMClassesOfDriver where ClassName = "MSStorageDriver_ClassErrorLogEntry"; ResultCode = 0x80041032; PossibleCause = Unknown

    Event 2:
    Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = SHADY-PC; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2992; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\wmi : select * from WDMClassesOfDriver where ClassName = "MSStorageDriver_ClassErrorLog"; ResultCode = 0x80041032; PossibleCause = Unknown

    Event 3:
    Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = SHADY-PC; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2992; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\wmi : select * from WMIBinaryMofResource where Name = "IDE\\DiskOCZ-VERTEX3_____________________________2.22____\\5&2b5975fc&0&0.0.0_0-{05901221-D566-11d1-B2F0-00A0C9062910}"; ResultCode = 0x80041032; PossibleCause = Unknown

    Event 4:
    Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = SHADY-PC; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2992; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\wmi : select * from WMIBinaryMofResource where Name = "IDE\\DiskWDC_WD2002FAEX-007BA0___________________05.01D05\\5&2785c9a&0&1.0.0_0-{05901221-D566-11d1-B2F0-00A0C9062910}"; ResultCode = 0x80041032; PossibleCause = Unknown

    Event 5:
    Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = SHADY-PC; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2992; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\wmi : select * from WDMClassesOfDriver where ClassName = "MSStorageDriver_SenseData"; ResultCode = 0x80041032; PossibleCause = Unknown

    Event 6:
    Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = SHADY-PC; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2992; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\wmi : select * from WDMClassesOfDriver where ClassName = "MSStorageDriver_ScsiRequestBlock"; ResultCode = 0x80041032; PossibleCause = Unknown



    Problem 2:
    the following errors occur when i insert a USB in my PC

    Event 1:
    The driver detected a controller error on \Device\Harddisk4\DR5.
    *Note Hard disk 4 is the actual USB

    Event 2 to 6 are the same as Problem 1: Events 1-6


    I ran driver verifier with no apparent problems

    uninstalled/reinstalled USB drivers
    im stumped as to the cause of this problem.


    thanks for any help in advance.


    Motherboard is ASUSTeK Computer Inc. -Support- Drivers and Download Maximus IV Extreme

    Windows 7 64bit
    Last edited by Jackal; 21 Apr 2015 at 05:28.
      My Computer
    Quote Quote

  3. Jackal
    Posts : 46
    WIN 7 HP 64bit
    Thread Starter
       New #2

    anyone?

    these errors only occur when removing a USB device.
      My Computer
    Quote Quote

  4. Jackal
    Posts : 46
    WIN 7 HP 64bit
    Thread Starter
       New #3

    found the process id for the errors
    it seems to be pointing at WmiPrvSE.exe
      My Computer
    Quote Quote

  6. DavidE
    Posts : 6,330
    Multi-Boot W7_Pro_x64 W8.1_Pro_x64 W10_Pro_x64 +Linux_VMs +Chromium_VM
       New #4

    In a web search for 0x80041032 WmiPrvSE i found this
    WMI host throwing errors and using high CPU percentage - Microsoft Community

    Try the suggested trouble shooter and scanning for malware to see they help.

    I would also run a System File Check.
    SFC /SCANNOW Command - System File Checker
      My Computer
    Quote Quote

  7. carwiz
    Posts : 4,161
    Windows 7 Pro-x64
       New #5

    You would have to check the process-ID at about the time the event is logged but I'd guess it's iTunes polling for devices or objects through IWBEM services (Windows Management Instrumentation). The result code 0x80041032 indicates a "WBEM_E_CALL_CANCELLED". This would indicate a driver or program problem. If you can create these events by removing the iPod from iTunes, there's most likely a programming error in iTunes.

    In addition to what DavidE suggests, check to see if there's an update for iTunes. They're getting better. It used to cause numerous BSODs so you're lucky.

    REF: https://support.microsoft.com/en-us/kb/295821

    REF: https://msdn.microsoft.com/en-us/lib...(v=vs.85).aspx

    Oh yes, Problem 2 might be a bad USB drive (thumb drive) if that's what you're inserting. They do wear out.
    Last edited by carwiz; 21 Apr 2015 at 00:03. Reason: Addition
      My Computer
    Quote Quote

  8. Jackal
    Posts : 46
    WIN 7 HP 64bit
    Thread Starter
       New #6

    carwiz said:
    You would have to check the process-ID at about the time the event is logged but I'd guess it's iTunes polling for devices or objects through IWBEM services (Windows Management Instrumentation). The result code 0x80041032 indicates a "WBEM_E_CALL_CANCELLED". This would indicate a driver or program problem. If you can create these events by removing the iPod from iTunes, there's most likely a programming error in iTunes.
    The issue can be recreated by 'safely removing' a USB from the PC too so its not restricted to iTunes.

    Also i am checking process ID at the time of event and it always comes back with wmiprvse.exe.




    DavidE said:
    In a web search for 0x80041032 WmiPrvSE i found this
    WMI host throwing errors and using high CPU percentage - Microsoft Community

    i have done SFC scannow, also rebuilt WMI repository still nothing.
      My Computer
    Quote Quote

  10. Jackal
    Posts : 46
    WIN 7 HP 64bit
    Thread Starter
       New #7

    i inserted my USB and removed it a few times with the errors coming up and i received a BSOD
    minidump is attached if anyone can help.
    Strange event logs Attached Files
      My Computer
    Quote Quote

  11. Golden
    Posts : 19,383
    Windows 10 Pro x64 ; Xubuntu x64
       New #8

    Code:
    fffff880`0d1514c8  00000000`000007ff
fffff880`0d1514d0  00000000`0000000c
fffff880`0d1514d8  fffff800`02fa0300 nt!ObpQueryNameString
fffff880`0d1514e0  fffff880`02676a22Unable to load image \SystemRoot\system32\DRIVERS\tdrpm251.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for tdrpm251.sys
*** ERROR: Module load completed but symbols could not be loaded for tdrpm251.sys
 tdrpm251+0x53a22
fffff880`0d1514e8  fffff800`02c57000 nt!KiSelectNextThread <PERF> (nt+0x0)
fffff880`0d1514f0  fffff800`02ef02ec nt!BBTBuffer <PERF> (nt+0x2992ec)
fffff880`0d1514f8  fffff800`02c57000 nt!KiSelectNextThread <PERF> (nt+0x0)
fffff880`0d151500  fffff800`02ef0580 nt!BBTBuffer <PERF> (nt+0x299580)
fffff880`0d151508  fffff880`02623000 tdrpm251
fffff880`0d151510  fffff880`027729f8 tdrpm251+0x14f9f8
fffff880`0d151518  fffff880`02623000 tdrpm251
    At first glance, the issue appears to be a Acronis driver issue, but I think Norton is screwing you over as evidenced below:
    Code:
    fffff880`0d151910  00000000`00000000
fffff880`0d151918  00000000`00000004
fffff880`0d151920  fffff880`0457b940Unable to load image \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS, Win32 error 0n2
*** WARNING: Unable to verify timestamp for SYMEVENT64x86.SYS
*** ERROR: Module load completed but symbols could not be loaded for SYMEVENT64x86.SYS
 SYMEVENT64x86+0x22940
fffff880`0d151928  fffff880`04572d33 SYMEVENT64x86+0x19d33
fffff880`0d151930  00000000`00000000
fffff880`0d151938  fffff880`0d1519a0
    Code:
    fffff880`0d1510e8  00000000`00000000
fffff880`0d1510f0  00000000`019701c0
fffff880`0d1510f8  00000000`77a0e12a
fffff880`0d151100  fffff880`04f73758Unable to load image \??\C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20150408.001\BHDrvx64.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for BHDrvx64.sys
*** ERROR: Module load completed but symbols could not be loaded for BHDrvx64.sys
 BHDrvx64+0x151758
fffff880`0d151108  fffff8a0`047c9458
fffff880`0d151110  00000000`00000000
fffff880`0d151118  00000000`00001f80
fffff880`0d151120  fffffa80`0ca38b30
    Recommend replacing Norton with soemthing less instrusive, and checking to see if Acronis can be updated.

       Note
    For future reference in case you need to post about more BSOD's:
    Blue Screen of Death (BSOD) Posting Instructions
      My Computer
    Quote Quote

  12. Jackal
    Posts : 46
    WIN 7 HP 64bit
    Thread Starter
       New #9

    i will uninstall and report back asap.
      My Computer
    Quote Quote

  13. Jackal
    Posts : 46
    WIN 7 HP 64bit
    Thread Starter
       New #10

    also @Golden
    for future reference debugging
    how did you pull those troubled drivers

    windbg analyze v only brings up the ntkrnlpl.exe
    and third party software shows fastfat.sys as a likely cause
      My Computer
    Quote Quote

 
Page 1 of 2 12 LastLast

  Related Discussions
Join Event logs
in Performance & Maintenance

Is any way to join several event logs in one?
Greetings, I just have a question about Event Logs. Is it ok to delete Event Logs or .evtx files of uninstalled programs? The reason I am asking is because as of right now, I am in need of some assistance in trying to solve a problem I've been having in a previous thread that I've posted a few...
I was running 3DMark06 and got a BSOD code 124. After that every time I boot Event Viewer logs Error Codes ID 3012 and 3011. Attached are screenshots of both. I googled this and found two different threads where someone suggested to rebuild the performance counters. Both responses were...
Event Viewer Logs - Size Adjustments
in Performance & Maintenance

Hi all: Being compulsive about the efficiency of things, from time to time I Clear the Event Viewer Logs. 1: Left alone, how big will these things get? I see 7000+ entries at times! 2: Does clearing them out make sense? No? 3: Is there a way to set an upper limit on their sizes? TIA,
Event viewer logs
in Performance & Maintenance

Hi guys For the last 4 weeks i get the following 4 errors at boot in the event viewer never get anything else just these.Can anyone translate the squiggles for me and tell me if there is anything to be worried about or not Thankyou
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 23:15.
Find Us