New
#1
Event 3 on boot: NT Kernel Log full, error 0xC000000D
Every time I boot my PC I get this error; an etl file reaches its size limit of 100 MB. I did a little research and it seems that the Kernel Logger is a diagnostic tool which is best started manually. The kernel generates a lot of data fast so the etl file fills up within seconds. How can I figure out how the logger is being started and how to prevent it from starting? Does this sound like a reasonable strategy? Thanks.
Log Name: Microsoft-Windows-Kernel-EventTracing/Admin
Source: Microsoft-Windows-Kernel-EventTracing
Date: 22/6/17 07:28:29
Event ID: 3
Task Category: Session
Level: Error
Keywords: Session
User: SYSTEM
Computer: CoolerMaster-PC
Description:
Session "NT Kernel Logger" stopped due to the following error: 0xC000000D
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-EventTracing" Guid="{B675EC37-BDB6-4648-BC92-F3FDC74D3CA2}" />
<EventID>3</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>2</Task>
<Opcode>14</Opcode>
<Keywords>0x8000000000000010</Keywords>
<TimeCreated SystemTime="2017-06-22T00:28:29.313070700Z" />
<EventRecordID>29596</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="148" />
<Channel>Microsoft-Windows-Kernel-EventTracing/Admin</Channel>
<Computer>CoolerMaster-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="SessionName">NT Kernel Logger</Data>
<Data Name="FileName">C:\Windows\system32\Logfiles\WMI\NT Kernel Logger.etl</Data>
<Data Name="ErrorCode">3221225485</Data>
<Data Name="LoggingMode">5</Data>
</EventData>
</Event>