Windows Vista Event Log Error? RRS feed

  • Question

  • I am currently having a few issues with Windows Vista performance.
    A lot of things have started to have slow responsiveness and some even stop responding completely (this is the applications).

    I opened the event log in the performance section and there is an error that shows the following data:

    - System
    - Provider
    [ Name ] Microsoft-Windows-Diagnostics-Performance
    [ Guid ] {cfc18ec0-96b1-4eba-961b-622caee05b0a}
    EventID 400
    Version 1
    Level 2
    Task 4005
    Opcode 37
    Keywords 0x8000000000010000
    - TimeCreated
    [ SystemTime ] 2009-05-04T22:21:23.041Z
    EventRecordID 3238
    - Correlation
    [ ActivityID ] {00000000-46C8-0000-B7D2-7BECECCBC901}
    - Execution
    [ ProcessID ] 1940
    [ ThreadID ] 7436
    Channel Microsoft-Windows-Diagnostics-Performance/Operational

    - EventData
    ShellScenarioStartTime 2009-05-04T22:26:40.278Z
    ShellScenarioEndTime 2009-05-04T22:26:45.278Z
    ShellSubScenario 1
    ShellScenarioDuration 5000
    ShellRootCauseBits 2
    ShellAnalysisResult 0
    ShellDegradationType 1
    ShellTsVersion 1
    ShellMachineUpTimeHours 0
    ShellMachineSleepPattern 0

    Other details from the error are:

    EventID: 400
    Level: Error
    Opcode: Shell Information

    This event is in the log more than once - it is recording it every few days as the same thing.

    I am running Windows Vista Home Premium with service pack 1.

    Can anybody help me with this? I will try and provide as much information as possible if needed.

    Monday, May 4, 2009 11:44 PM

All replies

  • Hi robaston,

    Unfortunately, I'm not able to gather much detail from the provided information.  It's possible the WPT can help with this, but first I have a few questions.  If you check the Control Panel  -> Performance Information and Tools -> Advanced Tools, are any items listed as issues?  Did the behavior start after adding or removing any hardware or software?  How long have you been experiencing this behavior?
    Wednesday, May 6, 2009 12:37 PM
  • Hi,
    I haven't added any new software recently within the last 2 months at least. The problem started about a week ago. I opened the advanced tools and there were 2 problems listed. They were to do with windows entering sleep mode and resuming from it. I have supplied 2 images with details of the problems at the following location:


    Hope this helps :)


    Wednesday, May 6, 2009 10:57 PM
  • Perhaps it would be useful to try capturing an xperf trace.  Download and install the Windows Performance Toolkit .  Then, from a CMD prompt execute:
     xperf -on DiagEasy+PROFILE

    Then, just after reproducing the problem, run:
     xperf –d merged.etl

    Then, ZIP merged.etl and password protect it.  Upload the ZIP file somewhere, and share the location either publicly or privately.  Share the password privately with those you would have analyze the log.
    Thursday, May 7, 2009 1:36 AM
  • I have done what you have asked above. Would you be able to look at it? Or should it be looked at by someone from Microsoft?

    Many Thanks
    Thursday, May 7, 2009 12:22 PM
  • I am certainly willing to look at the xperf trace and provide my opinions. :-)  Depending on their interest level, and the situation, I imagine that someone from Microsoft may also be interested in checking out the trace.

    Kind of walking a line between "confidentiality" / "security" and "availability" - the reason for password protecting the ZIP file and privately sharing the password, etc. is that the trace may contain file paths, etc. that contain e.g. user names.  Yet the act of protecting the ZIP file makes the trace more difficult for someone to just grab and look at - they'd somehow need to obtain the password, etc...

    If you're interested in having me take a look at the trace and wish to privately provide the details for how to obtain it, I can be reached at my username here (above the medals), with a hotmail.com trailer...
    Thursday, May 7, 2009 12:58 PM
  • Ok, Thanks.
    I have sent you an email with the file contained.
    Thursday, May 7, 2009 2:27 PM
  • I see regular (every second) CPU spikes up to 40% in the SYSTEM process, attributable to yk60x86.sys, the Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller driver.  Try upgrading or downgrading the driver for the referenced NIC, or disabling the NIC, to see if that makes any difference.
    Friday, May 8, 2009 10:56 AM
  • The driver for the network controller is already the most up to date version and is on, which for some reason seems to be a higher version than the one on their website.
    Saturday, May 9, 2009 12:34 PM
  • Any change in behavior if you try one or more previous versions of the driver?  Or if you disable the NIC?
    Monday, May 11, 2009 12:55 PM