Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Strange event logs

20 Apr 2015   #1
Jackal

WIN 7 HP 64bit
 
 
Strange Events and BSOD

Hi guys
i dont really look into my event logs because usually, i dont have the need too.

i randomly decided to look into my event log (while doing some maintenance on my setup)
and found some strange events.

two distinct event logs which are somewhat related.

Problem 1. I can cause the following event by removing my iPod from my pc via iTunes (remove virtually not physically)

Following events have
Log name: Microsoft-Windows-WMI-Activity/Operational
Event ID: 5858
Level: Error

Event 1:
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = SHADY-PC; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2992; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\wmi : select * from WDMClassesOfDriver where ClassName = "MSStorageDriver_ClassErrorLogEntry"; ResultCode = 0x80041032; PossibleCause = Unknown

Event 2:
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = SHADY-PC; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2992; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\wmi : select * from WDMClassesOfDriver where ClassName = "MSStorageDriver_ClassErrorLog"; ResultCode = 0x80041032; PossibleCause = Unknown

Event 3:
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = SHADY-PC; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2992; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\wmi : select * from WMIBinaryMofResource where Name = "IDE\\DiskOCZ-VERTEX3_____________________________2.22____\\5&2b5975fc&0&0.0.0_0-{05901221-D566-11d1-B2F0-00A0C9062910}"; ResultCode = 0x80041032; PossibleCause = Unknown

Event 4:
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = SHADY-PC; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2992; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\wmi : select * from WMIBinaryMofResource where Name = "IDE\\DiskWDC_WD2002FAEX-007BA0___________________05.01D05\\5&2785c9a&0&1.0.0_0-{05901221-D566-11d1-B2F0-00A0C9062910}"; ResultCode = 0x80041032; PossibleCause = Unknown

Event 5:
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = SHADY-PC; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2992; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\wmi : select * from WDMClassesOfDriver where ClassName = "MSStorageDriver_SenseData"; ResultCode = 0x80041032; PossibleCause = Unknown

Event 6:
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = SHADY-PC; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2992; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\wmi : select * from WDMClassesOfDriver where ClassName = "MSStorageDriver_ScsiRequestBlock"; ResultCode = 0x80041032; PossibleCause = Unknown



Problem 2:
the following errors occur when i insert a USB in my PC

Event 1:
The driver detected a controller error on \Device\Harddisk4\DR5.
*Note Hard disk 4 is the actual USB

Event 2 to 6 are the same as Problem 1: Events 1-6


I ran driver verifier with no apparent problems

uninstalled/reinstalled USB drivers
im stumped as to the cause of this problem.


thanks for any help in advance.


Motherboard is ASUSTeK Computer Inc. -Support- Drivers and Download Maximus IV Extreme

Windows 7 64bit


My System SpecsSystem Spec
.
20 Apr 2015   #2
Jackal

WIN 7 HP 64bit
 
 

anyone?

these errors only occur when removing a USB device.
My System SpecsSystem Spec
20 Apr 2015   #3
Jackal

WIN 7 HP 64bit
 
 

found the process id for the errors
it seems to be pointing at WmiPrvSE.exe
My System SpecsSystem Spec
.

20 Apr 2015   #4
DavidE

Multi-Boot W7_Pro_x64 W8.1_Pro_x64 W10_Pro_x64
 
 

In a web search for 0x80041032 WmiPrvSE i found this
WMI host throwing errors and using high CPU percentage - Microsoft Community

Try the suggested trouble shooter and scanning for malware to see they help.

I would also run a System File Check.
SFC /SCANNOW Command - System File Checker
My System SpecsSystem Spec
20 Apr 2015   #5
carwiz

Windows 7 Pro-x64
 
 

You would have to check the process-ID at about the time the event is logged but I'd guess it's iTunes polling for devices or objects through IWBEM services (Windows Management Instrumentation). The result code 0x80041032 indicates a "WBEM_E_CALL_CANCELLED". This would indicate a driver or program problem. If you can create these events by removing the iPod from iTunes, there's most likely a programming error in iTunes.

In addition to what DavidE suggests, check to see if there's an update for iTunes. They're getting better. It used to cause numerous BSODs so you're lucky.

REF: https://support.microsoft.com/en-us/kb/295821

REF: https://msdn.microsoft.com/en-us/lib...(v=vs.85).aspx

Oh yes, Problem 2 might be a bad USB drive (thumb drive) if that's what you're inserting. They do wear out.
My System SpecsSystem Spec
21 Apr 2015   #6
Jackal

WIN 7 HP 64bit
 
 

Quote   Quote: Originally Posted by carwiz View Post
You would have to check the process-ID at about the time the event is logged but I'd guess it's iTunes polling for devices or objects through IWBEM services (Windows Management Instrumentation). The result code 0x80041032 indicates a "WBEM_E_CALL_CANCELLED". This would indicate a driver or program problem. If you can create these events by removing the iPod from iTunes, there's most likely a programming error in iTunes.
The issue can be recreated by 'safely removing' a USB from the PC too so its not restricted to iTunes.

Also i am checking process ID at the time of event and it always comes back with wmiprvse.exe.




Quote   Quote: Originally Posted by DavidE View Post
In a web search for 0x80041032 WmiPrvSE i found this
WMI host throwing errors and using high CPU percentage - Microsoft Community

i have done SFC scannow, also rebuilt WMI repository still nothing.
My System SpecsSystem Spec
21 Apr 2015   #7
Jackal

WIN 7 HP 64bit
 
 

i inserted my USB and removed it a few times with the errors coming up and i received a BSOD
minidump is attached if anyone can help.


Attached Files
File Type: zip 042115-10717-01.zip (40.2 KB, 3 views)
My System SpecsSystem Spec
21 Apr 2015   #8
Golden
Microsoft MVP

Windows 7 Ult. x64
 
 

Code:
fffff880`0d1514c8  00000000`000007ff
fffff880`0d1514d0  00000000`0000000c
fffff880`0d1514d8  fffff800`02fa0300 nt!ObpQueryNameString
fffff880`0d1514e0  fffff880`02676a22Unable to load image \SystemRoot\system32\DRIVERS\tdrpm251.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for tdrpm251.sys
*** ERROR: Module load completed but symbols could not be loaded for tdrpm251.sys
 tdrpm251+0x53a22
fffff880`0d1514e8  fffff800`02c57000 nt!KiSelectNextThread <PERF> (nt+0x0)
fffff880`0d1514f0  fffff800`02ef02ec nt!BBTBuffer <PERF> (nt+0x2992ec)
fffff880`0d1514f8  fffff800`02c57000 nt!KiSelectNextThread <PERF> (nt+0x0)
fffff880`0d151500  fffff800`02ef0580 nt!BBTBuffer <PERF> (nt+0x299580)
fffff880`0d151508  fffff880`02623000 tdrpm251
fffff880`0d151510  fffff880`027729f8 tdrpm251+0x14f9f8
fffff880`0d151518  fffff880`02623000 tdrpm251
At first glance, the issue appears to be a Acronis driver issue, but I think Norton is screwing you over as evidenced below:
Code:
fffff880`0d151910  00000000`00000000
fffff880`0d151918  00000000`00000004
fffff880`0d151920  fffff880`0457b940Unable to load image \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS, Win32 error 0n2
*** WARNING: Unable to verify timestamp for SYMEVENT64x86.SYS
*** ERROR: Module load completed but symbols could not be loaded for SYMEVENT64x86.SYS
 SYMEVENT64x86+0x22940
fffff880`0d151928  fffff880`04572d33 SYMEVENT64x86+0x19d33
fffff880`0d151930  00000000`00000000
fffff880`0d151938  fffff880`0d1519a0
Code:
fffff880`0d1510e8  00000000`00000000
fffff880`0d1510f0  00000000`019701c0
fffff880`0d1510f8  00000000`77a0e12a
fffff880`0d151100  fffff880`04f73758Unable to load image \??\C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20150408.001\BHDrvx64.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for BHDrvx64.sys
*** ERROR: Module load completed but symbols could not be loaded for BHDrvx64.sys
 BHDrvx64+0x151758
fffff880`0d151108  fffff8a0`047c9458
fffff880`0d151110  00000000`00000000
fffff880`0d151118  00000000`00001f80
fffff880`0d151120  fffffa80`0ca38b30
Recommend replacing Norton with soemthing less instrusive, and checking to see if Acronis can be updated.

Note   Note
For future reference in case you need to post about more BSOD's:
Blue Screen of Death (BSOD) Posting Instructions
My System SpecsSystem Spec
21 Apr 2015   #9
Jackal

WIN 7 HP 64bit
 
 

i will uninstall and report back asap.
My System SpecsSystem Spec
21 Apr 2015   #10
Jackal

WIN 7 HP 64bit
 
 

also @Golden
for future reference debugging
how did you pull those troubled drivers

windbg analyze v only brings up the ntkrnlpl.exe
and third party software shows fastfat.sys as a likely cause
My System SpecsSystem Spec
Reply

 Strange event logs




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Ok To Delete Event Logs of Uninstalled Programs?
Greetings, I just have a question about Event Logs. Is it ok to delete Event Logs or .evtx files of uninstalled programs? The reason I am asking is because as of right now, I am in need of some assistance in trying to solve a problem I've been having in a previous thread that I've posted a few...
Performance & Maintenance
After BSOD Event Viewer Logs Event ID 3012 and 3011 every time I boot
I was running 3DMark06 and got a BSOD code 124. After that every time I boot Event Viewer logs Error Codes ID 3012 and 3011. Attached are screenshots of both. I googled this and found two different threads where someone suggested to rebuild the performance counters. Both responses were...
BSOD Help and Support
PC crash description. With event viewer logs, please help
My computer crashes while watching video or playing games (even css) at least twice a day. It just goes to black or fuzzed screen, light dies from keyboard and makes real hard to describe sound. (not like a loop, I don't think anyway) I have a feeling its my graphics card as its old as compared to...
General Discussion
Event Viewer Logs - Size Adjustments
Hi all: Being compulsive about the efficiency of things, from time to time I Clear the Event Viewer Logs. 1: Left alone, how big will these things get? I see 7000+ entries at times! 2: Does clearing them out make sense? No? 3: Is there a way to set an upper limit on their sizes? TIA,
Performance & Maintenance
Event viewer logs
Hi guys For the last 4 weeks i get the following 4 errors at boot in the event viewer never get anything else just these.Can anyone translate the squiggles for me and tell me if there is anything to be worried about or not Thankyou
Performance & Maintenance


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 16:09.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App