Let’s get rid of blue screens, frequent PC crashes, and annoying error messages once and for all. This week’s blog post will dive deep into Windows Event Viewer and help you diagnose and solve PC problems just like the pros.

Event Viewer – The perfect troubleshooter, built right in!

Windows and its ecosystem isn’t perfect. Every user has experienced their fair share of application, driver or operating system errors. In more serious cases, a Blue Screen of Death (BSoD) is displayed which is mostly caused by hardware/driver-related problems but can also be invoked once critical system files are either missing or damaged (boot files, for example). The good news is, in many cases, you don’t have to guess what’s wrong with your PC when these crashes happen. With Event Viewer, Windows keeps a good record of what’s going on behind the scenes of your system.

Event Viewer is an excellent source for clues into why your system fails or behaves a certain way. It’s usually run by administrators who can decipher these error codes, but thanks to this guide, you’ll walk away with at least a basic understanding of what’s been bugging (pardon the pun) your computer and where to find solutions.

You can start Event Viewer by clicking on the Start orb and just typing in “Event Viewer” into the start menu search.

Click on “Event Viewer”. Alternatively, this tool can be found under “Control Panel\System and Security\Administrative Tools”. Let’s take a quick look at what you see here.

“Administrative Events” primarily shows error messages and should be the first place to go when something goes wrong. Its entries represent more serious problems with Windows, Windows features, networking, hard disks, and third-party applications. What’s interesting is that even the best-kept system will have hundreds (and in the case of my test beds: THOUSANDS) of event entries. Don’t worry though, these Administrative Events go all the way back to when you first turned on or installed your PC. For example, over 6000 events have occurred since I installed one of my test beds on August 17, 2011.

Another interesting category to look at is “Windows Logs”. It contains “Application” warnings due to errors with third-party services, applications (e.g. Outlook, Google Earth) and some Windows features. However, you’ll also find many “Information” entries which show status updates of programs that don’t necessarily represent problems.

Under “Windows Logs”, “Security” largely contains failed or successful log-in attempts. It’s a nice source of information if you suspect that someone is trying to log onto your PC when you’re not on it. It also contains information about creating, opening, deleting files as well as digital rights information. “Installation” should be your starting point if you have trouble installing either third-party software or Windows Update. It contains essential error codes and information to help you cure set-up trouble. “System” shows errors and information on critical Windows services, drivers, and your network connection.

The third category, “Applications and Services Logs” may contain categories created by third-party software, such as Microsoft Office or TuneUp Utilities. This is rare but still worth a look.

How to diagnose problems in Event Viewer

First of all, if you’re just browsing and want to see what’s going on behind the scenes of your PC, just double-click on an entry to get detailed information. If you’re trying to solve a specific problem, go through the log categories mentioned above and look at the “Date and Time” column. Say, for example, your PC froze at 9:59 a.m. Simply scroll down the list until you find the exact time and look at what Windows recorded.

There are several levels of events, such as “Errors”, “Warnings”, or “Information”. It’s always wise to watch “Errors” first since these are usually the more serious problems.

Did you find any problems? Then double-click on the entry and look at what the window (see the screenshot above) tells you. The description should give you a clue as to what’s going on.

For instance, in the screenshot above, something’s wrong with either the hard disk or the hard disk controller. A hardware error like this, should tell you to immediately back up your data and bring your PC to the shop for maintenance. In many cases, descriptions can be extremely technical and rather cryptic even for advanced users (see below).

In that case, a search engine can better help you determine the problem and necessary solution. Don’t try to copy the entire description, but rather take the most critical information and combine it with the search term “Event Viewer”. For example, in the case above you will likely be lucky if you search for “Event Viewer MSESysprep.dll error manifest policy” since this is the essential message of this description. There’s apparently something wrong with the file MSESysprep.dll. Below you can see Google’s search results including some forum threads in which Microsoft Support employees offer help in resolving the issue.

In this example, I was easily able to find out that Microsoft Security Essentials caused these error messages and what they actually mean.

If these descriptions don’t help, take a look at what’s listed under “Log Name”, “Source”, and “Event ID”. To get even more information on the error, go to the “Details” tab, expand the “System” category, and write down the “GuID” and the exact “Name” of the error.

Of course, now that you have this important information, you can just go ahead and use Google again, and browse through the various websites and forums that cover the error in question. However, there’s an even better way to get details on the bug. Go to www.eventid.net and enter either the “Event ID” or the “Event Source”.

As soon as I hit search, I get an immediate result. Click on “Comments and links for event ID…” to get not only a detailed description, but also read comments and experiences from dozens of other users. In some cases, Microsoft support staff answers can be found on the EventID website, such as this one.

Event Viewer is a critical tool for users who want to get rid of many PC issues. This basic overview should help you get started on diagnosing problems and finding solutions. In a future blog post, we’ll give you more detailed information on some of the most common Event Viewer entries. Any questions on specific computer problems? Let us know!