Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 7036 Source: ServiceControlManager

The <service name> service entered the <running/stopped> state.
This event is recorded for several services when the computer is powered on. The reason for this is that various services may perform certain tasks at startup and once done they will stop by themselves. In this case, the 7036 event is accompanied by the corresponding 7035 (recorded when the service enter the "running state").

- Service: WinHTTP Web Proxy Auto-Discovery - This message is recorded approx. every hour on Windows 2003 Servers (post SP1) and it is a "normal" message. The proxy discovery service is started every hour in order to detect if any changes have occured in the proxy configuration for that server (and apply them if necessary). If there is no proxy installed or if the system is configured manually this service can be stopped. If the Bonjour service (used by iTunes) is restarted it will also cause this service to start.

- Service: Windows Installer - See ME974524.
Service: Browser - In a support forum, a user running Windows 7 reported hundreds of events id 7036 being recorded in short intervals, affecting the computer performance. Disabling the Windows Firewall stopped the repetitive restart of the Browser Service.
From a Microsoft support forum: This issue may occur if third party program or device driver affects the network connection. To troubleshoot this issue, please perform the following steps:

First, please download the network card driver from manufactuer's website.

Reinstall driver
1. Click the Start Button, type "devmgmt.msc" (without quotation marks) in the Start Search box and press Enter.
2. Double click to expand "Network adaptors".
3. Right click your network card and click Uninstall.
4. Check "Delete driver software for this device" check box, click OK.
5. Restart the computer

If Windows 7 will not install built-in drivers, please install the downloaded one.
- Service: Virtual Disk Service - See ME947306.
- Service: IPSEC Services - See ME870910.
- Service: Server - See ME910666.
- Service: Citrix Licensing WMI - See "Citrix Support Document ID: CTX108390".
- Service: "Print Spooler" - See ME888191 to resolve the problem.
- Service: "Windows Firewall/Internet Connection Sharing (ICS)" - See ME892199.
- Service: "IMAPI CD-Burning COM Service" - From a newsgroup post: "In my case, there was a HDD plugged into the same IDE cable as the CDROM, but without having a power cable connected to it. The HDD died a while back and I just removed the power from it. I disconnected my old HDD form the IDE cable and the problem was resolved".

As per Microsoft: "The specified service changed to the state indicated in the message. This message is logged for informational purposes only. No user action is required". See MSW2KDB for additional information on this issue.

I noticed this error message appearing every three seconds, after I installed Lotus Notes 6.0.2 on Windows XP SP1. My system log had already been filled completely. The service that generated the message was the "Multi-User Cleanup Service" which seems to be responsible for certain roaming Notes-installations. This service seems to poll for a special file in the user profile which is not there (which sometimes causes the user's profile not to be updated properly, and which prevents a notebook from entering a power-saving mode). I disabled the "Multi-User Cleanup Service", and the messages stopped. Currently, I cannot tell whether the service is crucial or not. Lotus Notes just seems to run.
Service name: "IMAPI CD-Burning com Service" - This is the automatic CD burn feature from Windows XP bugging you. If you are using a different program for burning CD's you can disable it: To do so, go to services.msc and change the startup type from manual in disabled.
Service name: "QoS RSVP" - The Quality of Service Resource ResSerVation Protocol Service has been stopped.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.