Over 1 million tech questions and answers.

Windows 8 Pro - Clear All Event Logs Utility

Q: Windows 8 Pro - Clear All Event Logs Utility

Hello all,

This Windows 7 utility actually works on Windows 8 Pro (at least it does on my installation).

Event Viewer One Click Clear - Windows 7 Support Forums

Use at your own risk.

Note: There are some that frown on removing historical event logs and I say "To each their own."

Good luck.

Read other answers
RELEVANCY SCORE 200
Preferred Solution: Windows 8 Pro - Clear All Event Logs Utility

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

RELEVANCY SCORE 79.2

I haven't been able to find a way to clear all event logs without saving. In Win 7 and vista (I only tested this in win 7) I like to occassionaly clear the administrator alerts without having to go in to each event log area to do so. Sometimes I just want
to wipe the all clean do a reboot and see what happens. There doesn't seem an easy way to clear out everything, so I wrote a simple batch file that does this. If there is another way, please let me know. It's a real simple script, just time consuming to write
it. I used a lot of copy/paste and a macro utility to insert the wevtutil command.

For more info on wevtutil, open a cmd prompt and type wevtutil /?
You can edit this script to save each event log too if you need to. Good luck editing each line though...

Otherwise, maybe others will find this useful. Simply copy and paste the text below in to a batch file (text file with extension bat) then right click and run as administrator to clean out all events in all event logs...

REM - Will clear all event logs in Windows 7 Ultimate without prompting or saving.
REM - Created by Leonard Rivera
wevtutil.exe cl Analytic
wevtutil.exe cl Application
wevtutil.exe cl DirectShowFilterGraph
wevtutil.exe cl DirectShowPluginControl
wevtutil.exe cl EndpointMapper
wevtutil.exe cl ForwardedEvents
wevtutil.exe cl HardwareEvents
wevtutil.exe cl Internet Explorer
wevtutil.exe cl Key Management Service
wevtutil.exe cl MF_MediaFoundationDeviceProxy
wevtutil.exe cl "... Read more

Read other answers
RELEVANCY SCORE 79.2

Windows 2003/2008 server event logs automation question.
Okay, I need help! This is my first post, and if I get an answer that resolves it, I swear that I will donate to the site! (okay, I will anyway, but what other motivation could I offer?)
Problem: I need to collect the system,application and security event logs
from multiple servers that I am testing often. Manually saving the logs and
resetting them is a chore for dozens of systems, each time i run a test.
What I would like is a VBS script that I could call from a shortcut on the
desktop, which points to a COLLECT.VBS script located on a mapped drive. This
would be to allow me to use 1 script on all systems. I could log in and run
it quickly or set it up on the scheduler to run daily.
The code below does the capture and clear of the logs, but i have had to edit one per server. I also have to create a different name or location each time to allow multiple captures to exist together and not overwrite each other.
So, here are the features that I would like some help with how to code a solution to my problem:
1. vbs script called from a desktop icon or tripped off by a daily scheduled
job.
2. must copy then clear the system,security and application logs (code below
does do that, btw)
3. Pickup the system name and date stamp so as to write them on the x:
drive in a location that lets you easily see what they came from and where
they are.
Example- when I click on this from SYSTEM A, it creates the 3 logs they look... Read more

Read other answers
RELEVANCY SCORE 66.8

Hi...
Have an issue I've been dealing with for several weeks.  I have a standalone system that certain event IDs such as 4647 and 4634 and others are not populating in the security log.  Success and failures is set in the Local Group Policy,
but they are not being logged.  Performed gpupdate after making changes, and scoured the internet for a solution.  Any ideas?  Was this an issue in the past that an MS patch corrected?  Thanks in advance for any suggestions!!

Read other answers
RELEVANCY SCORE 63.2

Event Log Explorer
A tool to help Manage, Analyze and Report Windows Event Logs
For Windows NT/2000/XP/2003 operating systems​
This is a simple, "starter" guide to help use this tool. (Note this tool will only work on Windows NT/2000/XP/2003. It will not work with Windows Vista.) Download and run Event Log Explorer.

One time initialization

Click Tree->Show Tree
Click File->New Workspace
Click File->Save Workspace As (and save your workspace file anywhere you choose)
Example: To Filter / View / Export Recent Error and Warning Log Events

Open an Event Log
>> (e.g Typically, you only need look at the System Log (for System event records) and the Application Log (for Application related events)
Filter the events you want to see (for this example we filter to only see Non-Information events that occured in the last 7 days)
>> Click View->Filter.
>> Uncheck Information. Towards the bottom of the filter window, look for ?Display event for the last? enter 7 days. Click OK
Click File->Export Log to save a copy of the events for later viewing or sending to others
>> Check: Text file, All events, Event Description
>> Uncheck Export Event Data
>> Check Close dialog when done
Click Export and save as a txt file on your Desktop
Help Troubleshooting an Event

Double click an event to see the "Event Description" (which provides more detail about the event)
Click Event ID Database button for an web page a... Read more

A:"Event Log Explorer" tool helps manage/analyze/report on your Windows Event Logs

I use the subscription to EventID.net. It has been greatly helpful. I don't have this analyser but am a big believer in using the Event Viewer. I'll add a description I have written up which will help in determining the Events: This may be useful in addition to the Event Analyzer.

One thing I have not been able to do is keep the filters set with the software in the OS.

Find the Error(s)in the Event Viewer that correspond to the crash/freeze/error message/blue screen, etc.:

Description of the Event Viewer:




Unfortunately, many Windows XP users aren't aware of the Event Viewer, what it is, where it is, how it can help with a problem:
The Event Viewer has logs for everything that happens on the computer. There are three sets of logs: System, Applications and Security. By opening the first two to display the Events, you can look for Errors that correspond to the time of the problem- in your case, the crash.

There are three types of Events in the System and Apps logs:
1. Information (white circle w/blue i): this is just basic documentation of the normal working of the System or Apps.
2. Warnings (yellow triangle w/black exclamation mark) noting some problem at that moment. Warnings usually resolve on their own. If they do not, they become>>>
3. Errors (red circle w/white X- they document something that didn't work or isn't happening as it should. Each Errors has three parts: an ID#, a Source and a Description. By doing a right clic... Read more

Read other 1 answers
RELEVANCY SCORE 60.4

I received a notice through HP Assistant that I need to install HP System Event Utility.  After clicking install, the program begins to download and then freezes at the point where it is downloading and then nothing happens. I have tried to installl this program several times and have even waited an hour for download to happen. I recently downloaded Windows 10. Please help.

Read other answers
RELEVANCY SCORE 60

I was running 3DMark06 and got a BSOD code 124. After that every time I boot Event Viewer logs Error Codes ID 3012 and 3011. Attached are screenshots of both.

I googled this and found two different threads where someone suggested to rebuild the performance counters. Both responses were basically the same, below is one. Neither of the OP's came back and said if this worked for them.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Re: LoadPerf 3011, 3012
Hi-
I had the same problem with LoadPerf and here is what I found out:
All performance counter names and explain text are maintained in string tables managed by the performance counter subsystem (Perflib).

The current contents of the performance counter string tables are corrupted and cannot be displayed. To correct the problem, rebuild the string tables.

User Action
To rebuild the string tables, on the computer that displayed the message, at the command prompt, type Lodctr /r
The contents of the string tables are automatically rebuilt.

I hope this helps
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Since this was from 2008 (XP?) and the other response was for Vista I wanted to see if the guru's at SevenForums thought that this was okay before I did this.

Here are the screenshoots of my two errors.

A:After BSOD Event Viewer Logs Event ID 3012 and 3011 every time I boot

Rebuilding the string tables as outlined in my first post fixed the problem.

Read other 1 answers
RELEVANCY SCORE 59.6

Is it possible to examine the event logs (*.evt) of Win NT/2000 on a windows 95/98 pc? If so, how?
 

Read other answers
RELEVANCY SCORE 59.6

After too many unexplained problems, I decided to reinstall Windows 8.1 Pro x64, and migrate off of SBS 2011 Standard. In addition to the primary workstation that can't read any event logs, I built five Server 2012 R2 servers (Hyper-V host, Active Directory
VM, Exchange 2013 VM, SQL Server 2014 VM, and WSUS VM).

I was diagnosing why my workstation's Outlook cannot reach the local Exchange Server.   I tried to look at the event logs, and found the
Event Viewer cannot open the event log or custom view.  Verify that Event Log service is running (it is) or the query is too long (whatever that indicates).  The request is not supported (50)
Looking at the directory of the event logs folder.  It appears that most logs are empty, which is understandable since it's a rebuilt installation.  I found a small number of Applications and Services Logs and it appears nothing was logged since
six days ago on 4/4/2016.   On support forums, I found many have this exact problem on Win 7, Win 8, and Win 10.  Of the solutions posted none of them would even execute on my Win 8.1 Pro x64 machine.  I tried clearing the event logs (WEVTUTIL
CL logfilename) and am told Failed to clear log .... The request is not supported. 
It's very difficult to diagnose why Outlook 2013 cannot reach Exchange 2013, even if Outlook is installed on the Exchange server machine (just as a test).  The web-based Outlook owa, ecp, ... all work fine. ... Read more

Read other answers
RELEVANCY SCORE 58.8

-- HP Compaq Presario CQ57 Refurbished -- Windows 7 Home Premium 64bit -- i2330 2.2GHz -- 16GB RAM --

Almost each time I play a game or use game modding software, after between minutes to 2 hours, suddenly the screen becomes black. The only thing I then can do, is to reboot my laptop.

I found the logs of the Windows 7 Event Log Manager, but I don't know how to interpret them I would like to know, what's happening to my laptop. Can anyone here help?

Interestingly, I just upgraded my system. Only since then I have these problems. Before it was just a Celeron B800 1.5GHz and 8GB RAM, and I could use those programs, that bring now blackouts, without problems...
 

A:Mysterious Windows 7 Blackouts - Event Logs

Read other 11 answers
RELEVANCY SCORE 58.8

Which event logs can one check to identify hardware errors or general hardware health for the disk (SSD), battery, or memory? Are there additional health checks that can be collected through PowerShell/WMI? I know Win32_battery has for example an attribute
for ExpectedBatteryLife although  I don't see it populated. Also the below blog shows how to query disk health through WMI.
http://blogs.msdn.com/b/san/archive/2011/08/11/have-you-ever-wanted-to-know-if-your-disk-is-going-to-fail-before-it-does.aspx

Read other answers
RELEVANCY SCORE 58.4

Apologies if the question has been asked before, but I've tried a search for this sort of event, without success. I've made it a practice to clear the Event Logs prior to shutting down (somewhat anal, I know!), so that - if anything goes pear-shaped during a session - I might have a chance of tracking it down, as I've only got that day's logs to view. In Vista Ultimate, you can filter the Windows Logs for that viewing, but I can see a way of getting the filter ("Warning" only) to stick permanently. Saving the filters as a custom view only seems to last for that session too. Is there a way, please?TIA! Ray.

A:Controlling The Appearance Of Windows Logs In Event Viewer

Hello Ray, yes you can filter logs, but about Warning-only permamently you cannot...For a little solution try press on "Type" ...

Read other 1 answers
RELEVANCY SCORE 58.4

The is another attempt at getting this answered.
Previous replies noted that the Administrative Events under the Custom view was just a compilation of all the other logs.
I do not belive this is entirely correct as all the events in this log concern the operating system and do NOT appear in the other logs such as Application, Security, etc.
Below is an example of what is showing up on my system after all the individual logs shown under Event Viewer are cleared:




Level


Date and Time


Source


Event ID


Task Category




Warning



8/27/2015 13:59


Microsoft-Windows-DNS-Client



1014


None




Error



8/27/2015 12:56


Microsoft-Windows-Kernel-EventTracing



2


Session




Error



8/27/2015 12:56


Microsoft-Windows-Dhcp-Client



1001


Address Configuration State Event




Error



8/27/2015 12:54


Microsoft-Windows-PrintService



315


Sharing a printer




Error



8/24/2015 9:15


Microsoft-Windows-Dhcp-Client



1001


Address Configuration State Event




Error



8/24/2015 9:13


Microsoft-Windows-PrintService



315


Sharing a printer




Error



8/20/2015 3:19


Microsoft-Windows-Dhcp-Client



1001


Address Configuration State Event




Error



8/20/2015 3:17


Microsoft-Windows-PrintService



315


Sharing a printer




Error



8/17/2015 10:24


Microsoft-Windows-... Read more

Read other answers
RELEVANCY SCORE 58.4

Howdy folks,
I did a fresh reinstall of WinXP a couple days ago, then I set the computer to defrag last night at midnight and went to bed. Now, I have literally /hundreds/ of messages in my Event Log (System) generated by the Windows File Protection - the file names are all different (and run in alphabetical order), but they all have identical messages:

Event Type: Information
Event Source: Windows File Protection
Event Category: None
Event ID: 64004
Date: 5/24/2003
Time: 8:27:26 AM
User: N/A
Computer: GRIMJACK
Description:
The protected system file XXX.XXX [all different -Mook] could not be
restored to its original, valid version. The file version of the bad
file is 5.1.2600.1106 The specific error code is 0x800b0100 [No
signature was present in the subject.
].

This is continuing to occur, even after I've rebooted the machine - anyone know what this means?

Mook
 

A:Hundreds of Windows File Protection Event Logs?

Read other 8 answers
RELEVANCY SCORE 57.6

Hello Forum,

I'm getting a error in the Windows Logs - Application that appears to be related to the Win 10 free upgrade push. Without removing all the Win 10 updates to my Win 7 Pro x64 system, I'm looking for a way to resolve the error.

This is a Win 7 clean install return from Win 10.

Does anyone have a solution?






Quote:
Faulting application name: GWXUX.exe, version: 6.3.9600.18064, time stamp:
0x56042d8f

Faulting module name: ntdll.dll, version: 6.1.7601.19045, time stamp:
0x56259295

Exception code: 0xc0000005

Fault offset: 0x000000000004ac04

Faulting process id: 0x1ddc

Faulting application start time: 0x01d134a2492ae39f

Faulting application path: C:\Windows\System32\GWX\GWXUX.exe

Faulting module path: C:\Windows\SYSTEM32\ntdll.dll

Report Id: 87823f99-a095-11e5-8cbe-386077b56e17

A:Application Error - Windows Logs - Event ID: 1000 (Win 10 related)

  
Quote: Originally Posted by tjg79


Without removing all the Win 10 updates to my Win 7 Pro x64 system, I'm looking for a way to resolve the error...

...Does anyone have a solution?


I would try to correct the error by running sfc /scannow, if that doesn't fix the problem you may have other file corruption/manifest issues; check the log located in C:\Windows\Logs\CBS\CBS.log. Another possibility would be to uninstall/reinstall KB3035583. Disabling the GWX associated tasks in Task Scheduler is a bit of a problem, see this post for the gory details.

Me? I'd just uninstall KB's 2952664 & 3035583, hide them & be done with the Win 10 upgrade nuisance.

Read other 9 answers
RELEVANCY SCORE 57.6

hi does anyone have a tutorial or ebook i could read for reading windows event logs? id like to learn more about them and i think i have the right section so pleas correct me if im wrong

A:Tutorials for reading windows event logs in schedule tasks

Good basic guide : Use Windows 7 Event Viewer to track down issues that cause slower boot times - TechRepublic

THE database of log events : Troubleshooting Microsoft Windows Event Logs

And of course don't forget google.

Read other 3 answers
RELEVANCY SCORE 57.2

How to do following in Windows 7  :

1] Turn off User account control
2] Obtain Windows event viewer logs in Windows7

Read other answers
RELEVANCY SCORE 57.2

I'm consistently getting four Audit Failure events, Event ID 5061, indicated in the Windows Logs - Security immediately after start. Task Category: System Integrity. Screen shot are indicated below. Is this a serious indication of a problem? How do
I troubleshoot and repair?
This is a clean install and I moved the Users Folder and ProgramData Folder to D: with the AIK.
SFC reports no integrity violations.

I've searched the registry for the key, but it doesn't appear.

Read other answers
RELEVANCY SCORE 57.2

Hi all, and thanks in advance.
 
I have a new Windows 8.1 Dell laptop (one week old).  Windows is fully updated, as is Firefox (with NoScript and Web of Trust), Avast! free, and Malwarebytes.  I have not used Windows 8 before so I am not sure what is normal.  The computer runs fine, but I need to use my computer for sensitive financial information on occasion, so I need to be sure.
 
One odd event yesterday had me digging in the event viewer.  I found 2 types of events that unsettled me.
 
1)  I was playing a game when the screen flashed black, twice.  I have only integrated graphics, but this is not a graphically intensive game (Dungeon Crawl, if you know it). I checked my graphics drivers and they are up to date.  A look at the event viewer revealed three items in the security log: a blank password query followed by a logon and then a special logon.
 
I have copied and pasted them, separated by "---".  There was a lot of code after each event that I haven't posted to save space; also, I've "XXXXX"ed out the name of the computer and the account.
 
 
Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          8/10/2014 1:14:13 PM
Event ID:      4797
Task Category: User Account Management
Level:         Informat... Read more

A:Odd Entries in Security Logs of Event Viewer - Infection or Windows 8 Oddity?

See the post here http://social.technet.microsoft.com/Forums/windows/en-US/e6db8fba-c2c8-47be-a992-96e383e34693/windows-8-event-id-4797-in-security-logThe last post states its not malware.You may want to ask in Win8 if they have more info.

Read other 7 answers
RELEVANCY SCORE 57.2

I ordered this computer from CyberPower. I've listed the relevant specs below. I've read a lot of other people having similar issues, but there doesn't seem to be any concrete answers. My computer randomly freezes and locks up requiring a hard reset to continue. The everything except the mouse freezes, and then eventually the mouse will too. The HDD light is inactive. Event Viewer shows nothing except "The previous system shutdown at 3:44:01 PM on ‎1/‎19/‎2012 was unexpected." This seems to happen at completely random intervals. It usually happens when I'm browsing the web or watching a streaming video (netflix), but it has also happened while loading a program or not doing anything at all. There have been only a couple consistencies. It has never done this while playing a game (I play Starcraft II and Battlefield 3). While trying to reinstall BF3 it has locked up the past 5 times I've tried to install the game.I have reinstalled Windows. Installed current drivers. Run Memtest with no fails. Run Intel?s diagnosis software on the SSD with not issues. I?m assuming this is a hardware problem. What further troubleshooting can I do to narrow down the suspects? Thanks for the help!While writing this post the computer crashed, but this was different as I received the BSOD. The following event log occurred at boot ?The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x000000003efb5004, 0x000000000000000d, 0x000... Read more

A:Windows 7 Freezes & Locks, Requires Reboot, No Event Logs, No BSOD

How many passes did you allow Memtest to complete?I see that you've provided your setup, but please provide a Speccy snapshot for additional needed information.Use Speccy to provide details of your computer's configuration.Download, install, and run.After Speccy has finished gathering information, click File > Publish Snapshot.In the Publish Snapshot dialog box, click Yes to enable Speccy to proceed.A web address will be displayed. Click Copy to Clipboard and paste it in your next post. Include your computer's manufacturer and model number, as well.=========================================

Read other 11 answers
RELEVANCY SCORE 56

hi,
how can i clear a particular event in the windows 2000 system event log?
thanks
 

A:clear event from sys log

Maybe this will help you?
good luck
 

Read other 1 answers
RELEVANCY SCORE 55.2

In the Event Viewer help, it says that in order to clear events, go to the Action menu and click 'Clear'. I have already saved everything in an external file but in the Action menu there is no option to clear. What am I missing?

Richard Rein

A:How do I clear Event Viewer

Let me Google that for you...

Read other 4 answers
RELEVANCY SCORE 55.2

When exactly is it a good time to clear the event viewer logs in Windows XP? My computer is having problems recently you see. If I take it a repair shop would I be doing a disservice to myself by clearing the event viewer? Is it something that would at all help the repairman diagnose what's wrong with my computer? Any help would be greatly appreciated.

A:Help. When to clear the event viewer.

Event Viewer can be very useful because it can provide more detailed information on error messages that appear during Windows operations. It can also log events that you don't see elsewhere.

I would say that a good time to clear event logs is when you are not having any issues. That's not to say a repair tech would necessarily even use Event Viewer to help diagnose and solve your problem, because it depends on the problem. Why do you want to clear it?

Read other 6 answers
RELEVANCY SCORE 54.8

Hi,

For a particular usecase, I need to swallow the event resulting from the 'x' (clear icon) rendered for input = text fields;
The click on clear icon should not clear the field and the event should be swallowed.
In my code, event anywhere on the page is swallowed except the 'x' icon click which causes the field to be emptied.

Please indicate how to identify and swallow the event.

Thanks!

Read other answers
RELEVANCY SCORE 54.8

Hi Everyone,

Been using this code for a while to clear out event logs

@echo off
FOR /F "tokens=1,2*" %%V IN ('bcdedit') DO SET adminTest=%%V
IF (%adminTest%)==(Access) goto noAdmin
for /F "tokens=*" %%G in ('wevtutil.exe el') DO (call :do_clear "%%G")
echo.
echo goto theEnd
:do_clear
echo clearing %1
wevtutil.exe cl %1
goto :eof
:noAdmin
exit

Since I'm not a coder I would appreciate someone to take a look at this. What happens is I run this .bat file as an admin and the box opens then closes. Normally I get a scrolling list of everything that it clears, but thats no longer the case.

Help is appreciated.
 

A:Solved: Clear Event Viewer.bat

Read other 16 answers
RELEVANCY SCORE 54

Hi:

Does anyone know how to clear the Administrative Events log listed under Custom Views in the Event Viewer?

All the logs listed under the Windows logs have options to clear, but the above does not.

Thanks,

ColTom2

A:How To Clear Administrative Events Log - Event Viewer

Thats just a filter. I dont know of any way to clear it other than clearing all events that appear in it under: System, Security and Application event logs.

Read other 9 answers
RELEVANCY SCORE 54

I had the google redirect virus and want to make sure I am clean of everything.
All removal programs come up clean except Hijack and DDS which show the .exe files in my temp folder. I ran autorun and unchecked them, which removed them from Hijacks log but not DDS, I am wondering if this is a problem and if there are still traces of the infection somewhere.

I have OTL/DDS/etc,etc logs if needed.

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_25
Run by Caitlynn at 17:23:09 on 2011-06-06
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3061.1734 [GMT -4:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc... Read more

A:Cleaned, but clear? DDS logs showing trojan .exe's in services

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator&#... Read more

Read other 3 answers
RELEVANCY SCORE 53.6

I was recently infected with vitrumonde. Did most of the cleaning manually using hjt logs and combofix.
Please let me know if this system appears clean.
Thank you!
DDS (Ver_09-02-01.01) - NTFSx86
Run by xxxx at 18:07:33.39 on 2009-02-17
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1362 [GMT -5:00]

AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\program files\cscmarimba\tuner\Tuner.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Ent... Read more

A:vitrumonde free? symptoms clear; request check of logs

Hello Alimo20 and welcome to Bleeping Computer,1. Please download GooredFix and save it to your Desktop.Select "2. Fix Goored" by typing 2 and pressing Enter. Make sure all instances of Firefox are closed at this point. Type y at the prompt and press Enter again. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.2. Please read this tutorial carefully to download ComboFix from one of the locations specified, and save it to your Desktop.Double click the ComboFix icon to run it.If ComboFix askes you to install the Recovery Console, please do so..The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.Once the Recovery Console is installed, continue with the malware scan.Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. If you have any questions along the way, STOP and ask them before proceeding !!Greetings,Thunder

Read other 1 answers
RELEVANCY SCORE 53.6

Sorry for re-posting, not sure how I doubled up in my earlier post, but when I re-read it it looked backwards and I though people may not realize the most recent data was way down in the second half of the post.

Been trying to get some help on this trojan/spyware I've been dealing with. I went ahead and followed the posts by cybertech in some other threads. Below is the SDFix report from after I ran SDFix, and a new Hijackthis log. Again, many thanks for any help!!

SDFix: Version 1.205
Run by Rob on Wed 07/16/2008 at 11:51 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Restoring Default Desktop Wallpaper

Rebooting
Checking Files :

Trojan Files Found:

C:\WINDOWS\SYSTEM32\PPHCGO~1.EXE - Deleted
C:\WINDOWS\SYSTEM32\PHCGOL~1.BMP - Deleted
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk - Deleted
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk - Deleted
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk - Deleted
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk - Deleted
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk - Deleted
C:\Documents and Settings\Rob\Application Data\Microsoft\Internet Explorer\Quick Launch... Read more

A:Please check these SDFix and Hijackthis logs trying to clear out trojan/spyware

Please do not create multiple threads for the same problem! Read >>Posting help read first<< if you feel you are not getting help.

Continue here: http://forums.techguy.org/malware-removal-hijackthis-logs/731058-ran-sdfix-please-take-look.html
 

Read other 1 answers
RELEVANCY SCORE 53.2

What is the HP System Event Utility and how do I use it? http://h10025.www1.hp.com/ewfrf/wc/softwareDownloadIndex?softwareitem=ob-133065-1&cc=uk&dlc=en&lc=en... 











Solved!
View Solution.

A:HP System Event Utility

Hi Cyclelegs, Thank you for your inquiry, I will do my best to assist you! The HP System Event Utility  enables special function keys on the system to be programmed. I believe it adds the extra features to the buttons. such as Wireless on and off. When I tried to install it on a lab computer here it just told me it was already installed.  When I put it in the search bar it just brings up the download. You are not able to access or use it to alter or change anything. I hope this has addressed your concerns.

Read other 10 answers
RELEVANCY SCORE 53.2

This just started happening a few days ago when I booted up my computer and it said "ATI External Event Utility EXE Modulehas encountered an error and needs to close". Does anyone know anything about this? Is it going to cause me any problems? Thanks

A:Ati External Event Utility

As seen here:http://www.answersthatwork.com/Tasklist_pages/tasklist_a.htmATI External Event Utility EXE Module. Another background task which gets installed when you install ATI display drivers. Under Windows NT4/2000/XP/2003 the service registers as the ?ATI Hotkey Poller? and further investigation shows that it is related to the handling of various ATI Hotkeys which bring up specific ATI utilities. Not only is this facility useless to 99.99% of users, but there is also no documentation anywhere on those ATI hotkeys !! Additionally some of our more inquisitive users have been able to prove that ATI2EVXX can sometimes be an incredible resource hog using up to 85% of CPU utilization !! Older versions of this background task show up as ATIPOLAB in the Task List.

Read other 1 answers
RELEVANCY SCORE 52.8

Hi,

Having issues with the Windows Event Log. It won't show. Even tried to clear it with this error. Even if I try to clear it using PowerShell I always end up in "Failed to clear log xxx. The request is not supported.".

Already tried sfc /scannow, of course restarting...

Help?

Running Windows 8.1 x64

Read other answers
RELEVANCY SCORE 52.8

Windows Logs and Applications and Services Logs have a "clear log" option; however, I am puzzled how to edit/delete Administrative Events?Eighter from Decatur, county seat of Wise (of course it's in Texas)

A:How does one clear Custom Views (Administrative Events) in the Event Viewer?

Ronnie Vernon said: Hi p010neThe Custom View / Administrative Events is a compilation of all the other event logs in the Event Viewer. Entries in this log will be removed when the log where the event originated from is cleared.Hope this helps.

Ronnie Vernon MVPI thought that was the case; however, I cleared all the other logs! This is an example of an entry in this log: Log Name:      Microsoft-Windows-Dhcpv6-Client/AdminSource:        Microsoft-Windows-DHCPv6-ClientDate:          1/17/2009 7:52:33 AMEvent ID:      1001Task Category: Address Configuration State EventLevel:         ErrorKeywords:      User:          LOCAL SERVICEComputer:      Windows7Description:Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0x000129F558C5.  The following error occurred: 0x79. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">  <System>    <Provider Name="Microsoft-Windows-DHCPv6-Client" Guid="{6A1F2B00-6A90-4C38-95A5-5CAB3B056778}" />    <EventID>1001</EventID>    <Version>0</Version>    <Level>2</Level>    <Task>3</Task>    <Opcode>74</Opcode>    <Keywords>0x8000000000000000</Keywords>    <TimeCreated S... Read more

Read other 9 answers
RELEVANCY SCORE 52.8

when I install "hp system event" I get this message 

Read other answers
RELEVANCY SCORE 52

This error message pops up occasionally that tells me a problem was caused by ATI External Event Utility and that the program ended. It only pops up when I eject my iPod from iTunes. I clicked the bubble on the bottom right-hand corner of my screen for more info and all I got was "ATI Technologies, Inc. does not currently have a solution for the problem that you reported."

I have no idea what ATI External Event Utility is - I googled it but I didn't really find out anything.

1. What is this program and what does it do?
2. Do I actually need it on my computer?
3. Why does this error message only come up when I eject my iPod?

I have Vista, by the way.
 

A:Problem caused by ATI External Event Utility?

go here and read about this utility
http://www.answersthatwork.com/Tasklist_pages/tasklist_a.htm
 

Read other 1 answers
RELEVANCY SCORE 52

Hey guys, I have been using memotome for a while now which worked fine but recently have stopped working, I need something which I can customize to remind me of appointments, anything you can recommend for this please?

A:Any good free event reminder utility?

Unless you have a major aversion to Google. Google calendar should work nicely for you. it will even send you notifications on an Android device if you have one. If you have an Android device there are other options as well.How to Create Google Calendar Event Reminders

Read other 2 answers
RELEVANCY SCORE 52

I'm downloading the AWS VPC flow logs as documented here: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/flow-logs.html#flow-log-records
I wrote a PowerShell script which download the flow log events to a text file. Here are a couple of example events:

2015-09-22T04:00:25 2 533820197211 eni-44014f6f 10.0.0.198 10.0.1.11 55361 53 17 1 71 1442894425 1442894485 ACCEPT OK                                        
                                                              
2015-09-22T04:00:25 2 533820197211 eni-44014f6f 10.0.1.11 10.0.0.198 3389 42027 6 2 112 1442894425 1442894485 ACCEPT OK                                        
                                                            

I created a custom OPN following the "OPN Configuration Guide for Text Log Adapter v2" guide. My .config looks like this:

///////////////////////////////////////////////////////////////////////////
// LogEntry - This is the Message Definition that is c... Read more

Read other answers
RELEVANCY SCORE 51.6

Hi
Attached is two event log files, one is the system events "EVENT LOG.csv, the other is application events "APPLICATION LOG.csv.
Can you please tell me what happend, or what could have happend to this pc on the 7 October 2008 at 7 in the morning. The time and date reset after that, or it was changed by someone and i need to find out if it was the pc or someone.
thank you
 

Read other answers
RELEVANCY SCORE 51.6

Been snooping through event logs because my pc randomly freezes.I have the asus striker II extreme moboIntel Core2 Quad Q9400 Well Im getting stupid kernel errors. I want them fixed. Running windows 7 Ultimate with all updates.Log Name: SystemSource: Microsoft-Windows-Kernel-Processor-PowerDate: 9/23/2010 10:50:48 PMEvent ID: 35Task Category: (2)Level: ErrorKeywords: User: SYSTEMComputer: Vaine-PCDescription:Performance power management features on processor 0 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Kernel-Processor-Power" Guid="{0F67E49F-FE51-4E9F-B490-6F2948CC6027}" /> <EventID>35</EventID> <Version>0</Version> <Level>2</Level> <Task>2</Task> <Opcode>0</Opcode> <Keywords>0x8000000000000000</Keywords> <TimeCreated SystemTime="2010-09-24T02:50:48.657200000Z" /> <EventRecordID>38790</EventRecordID> <Correlation /> <Execution ProcessID="4" ThreadID="60" /> <Channel>System</Channel> <Computer>Vaine-PC</Computer> <Security UserID="S-1-5-18" /> </System> <EventData> ... Read more

A:Event Logs

Disable Speedstep, and see if the issues go away. If it does, then you need to update your chipset drivers or keep speedstep disabled.

Read other 13 answers
RELEVANCY SCORE 51.6

Is there any way to clear all windows 8 event logs..

A:Event logs

Event Viewer One Click Clear - Windows 7 Forums
This was for windows 7 but is still working for windows 8.I'm using it.Just run it as administrator

Read other 2 answers
RELEVANCY SCORE 51.6

hi
I have 2 problems which I think are related
1/ "Ati External Event Utility EXE Module stopped working" appears every now and then
2/ When I use Ulead VS 10 + to capture my video off my Sony Handycam I get the message "failed to biuld a preview graph" and doesn't capture DV footage off the Cam
I am running Vista Business and I have downloaded patches & updates galore for the Video Card, ULead VS 10 and AMD
I am out of ideas help!!
thanks
Tracker
 

A:ati External Event Utility EXE Module stopped working

Hiya and welcome

For the first part, see if this helps:

http://forums.techguy.org/windows-vista/558862-annoying-pop-up-message-windows.html

As for Ulead VS 10 on Vista, it appears that version 11 is mainly for Vista only.

VideoStudio 11

Ulead VideoStudio 10
However, reading here, you may be able to use it in compatability mode:

Installation: VISTA compatibility for old versions

Regards

eddie
 

Read other 1 answers
RELEVANCY SCORE 51.2

hi all,
i need to print out security logs of windows 2000 servers on a daily basis.
does anyone knows how to automate this?

Thanks
 

A:printing event logs

Why not create a batch file using the Print command
then include the batch file as a scheduled task

Print [/D:device] [[drive:][path]filename[...]]

/D:device specifies the print device
 

Read other 2 answers
RELEVANCY SCORE 51.2

Hi, I have a huge problem with my power supply and video cards. I have tried to include the event log files. I just started having trouble last week, but I can see by the logs that are in the Thousands. I have Reformatted my Hard Drive, Once already. I dont know where to start, or if I should Reformat it again. I am not the best with computers, and I am sure that I have Downloaded some Crap and I am Paying for it now. I have just tried to upload my Event Logs, but it says the file is Too Large. Any Help is Greatly Appreciated. Thx

A:Event Logs in the Thousands

Firstly welcome.
Now, a description of the fault/s and any error code that may have been displayed would be a good place to start.

Read other 3 answers
RELEVANCY SCORE 51.2

Is any way to join several event logs in one?

A:Join Event logs

If you are talking about Windows Logs, actually there is a way. When you open Event Viewer, you will see a 'Custom Views' group in the left sidebar. By right clicking on it you get a menu from which you can select 'Create Custom View'. That opens a new window, where you have to check the first radio button that says "by log" (it is checked by default but make sure), and on its right side there is a dropdown menu from which you can pick logs that you want. After clicking OK and naming your custom view, you will have a list of all the events from all the logs you selected.

Read other 1 answers
RELEVANCY SCORE 51.2

I have events from Anonymous log ons. What are those? In the security log!

For example: NT AUTHORITY\ANONYMOUS LOGON
Successful Network Logon:
User Name:
Domain:
Logon ID: (0x0,0x10FF3)
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name:
Logon GUID: -
This is the only on in almost a month!

Thank you lots!!

A:Event Viewer logs

Probably nothing to be concerned about, those are typical entries on my system.Comments from http://www.dslreports.com/forum/remark,655...ty,1~mode=flat:"A successful user logon is always listed as an event ID 528 and then you'll see a type which can be anything from 2 to 7. If it's not 528, then it's not an actual user and it's not necessarily successful.Event ID 538 is a successful logoff and not necessarily by an actual user.Event ID 540 is a successful "network" logon as in mapping a network drive. Your computer keeps checking for Network connections or shared folders, etc... on a regular basis to make sure you are connected."LouisWhat Is Anonymous Logon?

Read other 1 answers
RELEVANCY SCORE 51.2

http://www.microsoft.com/technet/scr....mspx?mfr=true

Microsoft Corporation

You can list the contents of an event log, sort by source, group by message type and more. To get the a whole log use the following command: get-eventlog [log name] get-eventlog Application

If you wish to sort the records by source use this command: get-eventlog Application | sort Source You can also group the records by Source, it can take a while depending on the number of records, but it is handy! Just run:
get-eventlog Application | group Message

Now event logs can get quite large and hold thousands and thousands of records. You can use the -Newest ### switch to retrieve a set number of the latest events recorded And, of course, these can all be combined to get exactly what you are looking for.
get-eventlog Application -newest 100 | sort source

Read other answers