Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 1041 Source: Userenv

Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
I opened the registry and found that this registry entry was empty. I exported the registry as as safety factor, removed all entries of the DllName and the problem was fixed.
Entry: 7B849a69-220F-451E-B3FE-2CB811AF94AE. Windows 2003 R2 32-bit Terminal Server. Release version of IE8 had previously been installed and then uninstalled. After the IE uninstall errors began appearing in the Application event log. From a TechArena forum post (link below), I resolved the problem using the suggested method of searching + deleting registry entries. I had two class numbers that were registering this error message. Both class numbers were located in the registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{respective class number here}

Once these registry entries were deleted errors stopped being recorded in the event log.
The long number in the event description is a GUID and it can be used to identify the program associated with it. Using the Registry Editor (Start, Run, regedit), search for the GUID in the registry. Depending on what program is found to be tied to the GUID, different troubleshooting procedures should be followed. One possible approach is to uninstall and reinstall that program. For example, from posts on various support forums, CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D is associated with Internet Explorer 8. Some users searched these GUIDs in the registry, deleted them and then reinstalled the IE8. GUID 7B849a69-220F-451E-B3FE-2CB811AF94AE seems to point to a Group Policy extension, also related to IE8. If the installation of the program is corrupt and cannot be uninstalled properly, one can use the Windows Installer Cleanup utility, as specified in ME290301.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.