Over 1 million tech questions and answers.

Is there another way to clear all events in the event logs with or without saving?

Q: Is there another way to clear all events in the event logs with or without saving?

I haven't been able to find a way to clear all event logs without saving. In Win 7 and vista (I only tested this in win 7) I like to occassionaly clear the administrator alerts without having to go in to each event log area to do so. Sometimes I just want
to wipe the all clean do a reboot and see what happens. There doesn't seem an easy way to clear out everything, so I wrote a simple batch file that does this. If there is another way, please let me know. It's a real simple script, just time consuming to write
it. I used a lot of copy/paste and a macro utility to insert the wevtutil command.

For more info on wevtutil, open a cmd prompt and type wevtutil /?
You can edit this script to save each event log too if you need to. Good luck editing each line though...

Otherwise, maybe others will find this useful. Simply copy and paste the text below in to a batch file (text file with extension bat) then right click and run as administrator to clean out all events in all event logs...

REM - Will clear all event logs in Windows 7 Ultimate without prompting or saving.
REM - Created by Leonard Rivera
wevtutil.exe cl Analytic
wevtutil.exe cl Application
wevtutil.exe cl DirectShowFilterGraph
wevtutil.exe cl DirectShowPluginControl
wevtutil.exe cl EndpointMapper
wevtutil.exe cl ForwardedEvents
wevtutil.exe cl HardwareEvents
wevtutil.exe cl Internet Explorer
wevtutil.exe cl Key Management Service
wevtutil.exe cl MF_MediaFoundationDeviceProxy
wevtutil.exe cl "Media Center"
wevtutil.exe cl MediaFoundationDeviceProxy
wevtutil.exe cl MediaFoundationPerformance
wevtutil.exe cl MediaFoundationPipeline
wevtutil.exe cl MediaFoundationPlatform
wevtutil.exe cl Microsoft-IE/Diagnostic
wevtutil.exe cl Microsoft-IEFRAME/Diagnostic
wevtutil.exe cl Microsoft-PerfTrack-IEFRAME/Diagnostic
wevtutil.exe cl Microsoft-PerfTrack-MSHTML/Diagnostic
wevtutil.exe cl Microsoft-Windows-ADSI/Debug
wevtutil.exe cl Microsoft-Windows-API-Tracing/Operational
wevtutil.exe cl Microsoft-Windows-ATAPort/General
wevtutil.exe cl Microsoft-Windows-ATAPort/SATA-LPM
wevtutil.exe cl Microsoft-Windows-ActionQueue/Analytic
wevtutil.exe cl Microsoft-Windows-AltTab/Diagnostic
wevtutil.exe cl Microsoft-Windows-AppID/Operational
wevtutil.exe cl Microsoft-Windows-AppLocker/EXE and DLL
wevtutil.exe cl Microsoft-Windows-AppLocker/MSI and Script
wevtutil.exe cl Microsoft-Windows-Application-Experience/Problem-Steps-Recorder
wevtutil.exe cl Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant
wevtutil.exe cl Microsoft-Windows-Application-Experience/Program-Compatibility-Troubleshooter
wevtutil.exe cl Microsoft-Windows-Application-Experience/Program-Inventory
wevtutil.exe cl Microsoft-Windows-Application-Experience/Program-Inventory/Debug
wevtutil.exe cl Microsoft-Windows-Application-Experience/Program-Telemetry
wevtutil.exe cl Microsoft-Windows-Audio/CaptureMonitor
wevtutil.exe cl Microsoft-Windows-Audio/Operational
wevtutil.exe cl Microsoft-Windows-Audio/Performance
wevtutil.exe cl Microsoft-Windows-Audit/Analytic
wevtutil.exe cl "Microsoft-Windows-Authentication User Interface/Operational"
wevtutil.exe cl Microsoft-Windows-AxInstallService/Log
wevtutil.exe cl Microsoft-Windows-Backup
wevtutil.exe cl Microsoft-Windows-Biometrics/Operational
wevtutil.exe cl Microsoft-Windows-BitLocker-DrivePreparationTool/Admin
wevtutil.exe cl Microsoft-Windows-BitLocker-DrivePreparationTool/Operational
wevtutil.exe cl Microsoft-Windows-Bits-Client/Analytic
wevtutil.exe cl Microsoft-Windows-Bits-Client/Operational
wevtutil.exe cl Microsoft-Windows-Bluetooth-MTPEnum/Operational
wevtutil.exe cl Microsoft-Windows-BranchCache/Operational
wevtutil.exe cl Microsoft-Windows-BranchCacheClientEventProvider/Diagnostic
wevtutil.exe cl Microsoft-Windows-BranchCacheEventProvider/Diagnostic
wevtutil.exe cl Microsoft-Windows-BranchCacheSMB/Analytic
wevtutil.exe cl Microsoft-Windows-BranchCacheSMB/Operational
wevtutil.exe cl Microsoft-Windows-CAPI2/Operational
wevtutil.exe cl Microsoft-Windows-CDROM/Operational
wevtutil.exe cl Microsoft-Windows-COM/Analytic
wevtutil.exe cl Microsoft-Windows-COMRuntime/Tracing
wevtutil.exe cl Microsoft-Windows-Calculator/Debug
wevtutil.exe cl Microsoft-Windows-Calculator/Diagnostic
wevtutil.exe cl Microsoft-Windows-CertPoleEng/Operational
wevtutil.exe cl Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational
wevtutil.exe cl Microsoft-Windows-ClearTypeTextTuner/Diagnostic
wevtutil.exe cl Microsoft-Windows-CmiSetup/Analytic
wevtutil.exe cl Microsoft-Windows-CodeIntegrity/Operational
wevtutil.exe cl Microsoft-Windows-CodeIntegrity/Verbose
wevtutil.exe cl Microsoft-Windows-ComDlg32/Analytic
wevtutil.exe cl Microsoft-Windows-ComDlg32/Debug
wevtutil.exe cl Microsoft-Windows-CorruptedFileRecovery-Client/Operational
wevtutil.exe cl Microsoft-Windows-CorruptedFileRecovery-Server/Operational
wevtutil.exe cl Microsoft-Windows-CredUI/Diagnostic
wevtutil.exe cl Microsoft-Windows-Crypto-RNG/Analytic
wevtutil.exe cl Microsoft-Windows-DCLocator/Debug
wevtutil.exe cl Microsoft-Windows-DNS-Client/Operational
wevtutil.exe cl Microsoft-Windows-DUI/Diagnostic
wevtutil.exe cl Microsoft-Windows-DUSER/Diagnostic
wevtutil.exe cl Microsoft-Windows-DXP/Analytic
wevtutil.exe cl Microsoft-Windows-DateTimeControlPanel/Analytic
wevtutil.exe cl Microsoft-Windows-DateTimeControlPanel/Debug
wevtutil.exe cl Microsoft-Windows-DateTimeControlPanel/Operational
wevtutil.exe cl Microsoft-Windows-Deplorch/Analytic
wevtutil.exe cl Microsoft-Windows-DeviceSync/Analytic
wevtutil.exe cl Microsoft-Windows-DeviceSync/Operational
wevtutil.exe cl Microsoft-Windows-DeviceUx/Informational
wevtutil.exe cl Microsoft-Windows-DeviceUx/Performance
wevtutil.exe cl Microsoft-Windows-Dhcp-Client/Admin
wevtutil.exe cl Microsoft-Windows-Dhcp-Client/Operational
wevtutil.exe cl Microsoft-Windows-DhcpNap/Admin
wevtutil.exe cl Microsoft-Windows-DhcpNap/Operational
wevtutil.exe cl Microsoft-Windows-Dhcpv6-Client/Admin
wevtutil.exe cl Microsoft-Windows-Dhcpv6-Client/Operational
wevtutil.exe cl Microsoft-Windows-DiagCpl/Debug
wevtutil.exe cl Microsoft-Windows-Diagnosis-DPS/Analytic
wevtutil.exe cl Microsoft-Windows-Diagnosis-DPS/Debug
wevtutil.exe cl Microsoft-Windows-Diagnosis-DPS/Operational
wevtutil.exe cl Microsoft-Windows-Diagnosis-MSDE/Debug
wevtutil.exe cl Microsoft-Windows-Diagnosis-PCW/Analytic
wevtutil.exe cl Microsoft-Windows-Diagnosis-PCW/Debug
wevtutil.exe cl Microsoft-Windows-Diagnosis-PCW/Operational
wevtutil.exe cl Microsoft-Windows-Diagnosis-PLA/Debug
wevtutil.exe cl Microsoft-Windows-Diagnosis-PLA/Operational
wevtutil.exe cl Microsoft-Windows-Diagnosis-Perfhost/Analytic
wevtutil.exe cl Microsoft-Windows-Diagnosis-Scheduled/Operational
wevtutil.exe cl Microsoft-Windows-Diagnosis-Scripted/Admin
wevtutil.exe cl Microsoft-Windows-Diagnosis-Scripted/Analytic
wevtutil.exe cl Microsoft-Windows-Diagnosis-Scripted/Debug
wevtutil.exe cl Microsoft-Windows-Diagnosis-Scripted/Operational
wevtutil.exe cl Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Debug
wevtutil.exe cl Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Operational
wevtutil.exe cl Microsoft-Windows-Diagnosis-TaskManager/Debug
wevtutil.exe cl Microsoft-Windows-Diagnosis-WDC/Analytic
wevtutil.exe cl Microsoft-Windows-Diagnosis-WDI/Debug
wevtutil.exe cl Microsoft-Windows-Diagnostics-Networking/Debug
wevtutil.exe cl Microsoft-Windows-Diagnostics-Networking/Operational
wevtutil.exe cl Microsoft-Windows-Diagnostics-PerfTrack-Counters/Diagnostic
wevtutil.exe cl Microsoft-Windows-Diagnostics-PerfTrack/Diagnostic
wevtutil.exe cl Microsoft-Windows-Diagnostics-Performance/Diagnostic
wevtutil.exe cl Microsoft-Windows-Diagnostics-Performance/Diagnostic/Loopback
wevtutil.exe cl Microsoft-Windows-Diagnostics-Performance/Operational
wevtutil.exe cl Microsoft-Windows-DirectShow-KernelSupport/Performance
wevtutil.exe cl Microsoft-Windows-DirectSound/Debug
wevtutil.exe cl Microsoft-Windows-DirectWrite-FontCache/Tracing
wevtutil.exe cl Microsoft-Windows-Disk/Operational
wevtutil.exe cl Microsoft-Windows-DiskDiagnostic/Operational
wevtutil.exe cl Microsoft-Windows-DiskDiagnosticDataCollector/Operational
wevtutil.exe cl Microsoft-Windows-DiskDiagnosticResolver/Operational
wevtutil.exe cl Microsoft-Windows-DisplayColorCalibration/Debug
wevtutil.exe cl Microsoft-Windows-DisplayColorCalibration/Operational
wevtutil.exe cl Microsoft-Windows-DisplaySwitch/Diagnostic
wevtutil.exe cl Microsoft-Windows-Documents/Performance
wevtutil.exe cl Microsoft-Windows-DriverFrameworks-UserMode/Operational
wevtutil.exe cl Microsoft-Windows-DxgKrnl/Diagnostic
wevtutil.exe cl Microsoft-Windows-DxgKrnl/Performance
wevtutil.exe cl Microsoft-Windows-DxpTaskRingtone/Analytic
wevtutil.exe cl Microsoft-Windows-DxpTaskSyncProvider/Analytic
wevtutil.exe cl Microsoft-Windows-EFS/Debug
wevtutil.exe cl Microsoft-Windows-EapHost/Analytic
wevtutil.exe cl Microsoft-Windows-EapHost/Debug
wevtutil.exe cl Microsoft-Windows-EapHost/Operational
wevtutil.exe cl Microsoft-Windows-EaseOfAccess/Diagnostic
wevtutil.exe cl Microsoft-Windows-EventCollector/Debug
wevtutil.exe cl Microsoft-Windows-EventCollector/Operational
wevtutil.exe cl Microsoft-Windows-EventLog-WMIProvider/Debug
wevtutil.exe cl Microsoft-Windows-EventLog/Analytic
wevtutil.exe cl Microsoft-Windows-EventLog/Debug
wevtutil.exe cl Microsoft-Windows-FMS/Analytic
wevtutil.exe cl Microsoft-Windows-FMS/Debug
wevtutil.exe cl Microsoft-Windows-FMS/Operational
wevtutil.exe cl Microsoft-Windows-FailoverClustering-Client/Diagnostic
wevtutil.exe cl Microsoft-Windows-Fault-Tolerant-Heap/Operational
wevtutil.exe cl Microsoft-Windows-Feedback-Service-TriggerProvider
wevtutil.exe cl Microsoft-Windows-FileInfoMinifilter/Operational
wevtutil.exe cl Microsoft-Windows-Firewall-CPL/Diagnostic
wevtutil.exe cl "Microsoft-Windows-Folder Redirection/Operational"
wevtutil.exe cl Microsoft-Windows-Forwarding/Debug
wevtutil.exe cl Microsoft-Windows-Forwarding/Operational
wevtutil.exe cl Microsoft-Windows-GettingStarted/Diagnostic
wevtutil.exe cl Microsoft-Windows-GroupPolicy/Operational
wevtutil.exe cl Microsoft-Windows-HAL/Debug
wevtutil.exe cl Microsoft-Windows-HealthCenter/Debug
wevtutil.exe cl Microsoft-Windows-HealthCenter/Performance
wevtutil.exe cl Microsoft-Windows-HealthCenterCPL/Performance
wevtutil.exe cl Microsoft-Windows-Help/Operational
wevtutil.exe cl "Microsoft-Windows-HomeGroup Control Panel Performance/Diagnostic"
wevtutil.exe cl "Microsoft-Windows-HomeGroup Control Panel/Operational"
wevtutil.exe cl "Microsoft-Windows-HomeGroup Listener Service/Operational"
wevtutil.exe cl "Microsoft-Windows-HomeGroup Provider Service Performance/Diagnostic"
wevtutil.exe cl "Microsoft-Windows-HomeGroup Provider Service/Operational"
wevtutil.exe cl Microsoft-Windows-HomeGroup-ListenerService
wevtutil.exe cl Microsoft-Windows-HotStart/Diagnostic
wevtutil.exe cl Microsoft-Windows-HttpService/Trace
wevtutil.exe cl Microsoft-Windows-IKE/Operational
wevtutil.exe cl Microsoft-Windows-IKEDBG/Debug
wevtutil.exe cl Microsoft-Windows-IPBusEnum/Tracing
wevtutil.exe cl Microsoft-Windows-IPSEC-SRV/Diagnostic
wevtutil.exe cl Microsoft-Windows-International-RegionalOptionsControlPanel/Operational
wevtutil.exe cl Microsoft-Windows-International/Operational
wevtutil.exe cl Microsoft-Windows-Iphlpsvc/Debug
wevtutil.exe cl Microsoft-Windows-Iphlpsvc/Operational
wevtutil.exe cl Microsoft-Windows-Iphlpsvc/Trace
wevtutil.exe cl Microsoft-Windows-Kernel-Acpi/Diagnostic
wevtutil.exe cl Microsoft-Windows-Kernel-Boot/Analytic
wevtutil.exe cl Microsoft-Windows-Kernel-BootDiagnostics/Diagnostic
wevtutil.exe cl Microsoft-Windows-Kernel-Disk/Analytic
wevtutil.exe cl Microsoft-Windows-Kernel-EventTracing/Admin
wevtutil.exe cl Microsoft-Windows-Kernel-EventTracing/Analytic
wevtutil.exe cl Microsoft-Windows-Kernel-File/Analytic
wevtutil.exe cl Microsoft-Windows-Kernel-Memory/Analytic
wevtutil.exe cl Microsoft-Windows-Kernel-Network/Analytic
wevtutil.exe cl Microsoft-Windows-Kernel-PnP/Diagnostic
wevtutil.exe cl Microsoft-Windows-Kernel-Power/Diagnostic
wevtutil.exe cl Microsoft-Windows-Kernel-Power/Thermal-Diagnostic
wevtutil.exe cl Microsoft-Windows-Kernel-Power/Thermal-Operational
wevtutil.exe cl Microsoft-Windows-Kernel-Prefetch/Diagnostic
wevtutil.exe cl Microsoft-Windows-Kernel-Process/Analytic
wevtutil.exe cl Microsoft-Windows-Kernel-Processor-Power/Diagnostic
wevtutil.exe cl Microsoft-Windows-Kernel-Registry/Analytic
wevtutil.exe cl Microsoft-Windows-Kernel-StoreMgr/Analytic
wevtutil.exe cl Microsoft-Windows-Kernel-StoreMgr/Operational
wevtutil.exe cl Microsoft-Windows-Kernel-WDI/Analytic
wevtutil.exe cl Microsoft-Windows-Kernel-WDI/Debug
wevtutil.exe cl Microsoft-Windows-Kernel-WDI/Operational
wevtutil.exe cl Microsoft-Windows-Kernel-WHEA/Errors
wevtutil.exe cl Microsoft-Windows-Kernel-WHEA/Operational
wevtutil.exe cl Microsoft-Windows-Known Folders API Service
wevtutil.exe cl Microsoft-Windows-Known Folders/Operational
wevtutil.exe cl Microsoft-Windows-L2NA/Diagnostic
wevtutil.exe cl Microsoft-Windows-LDAP-Client/Debug
wevtutil.exe cl Microsoft-Windows-LUA-ConsentUI/Diagnostic
wevtutil.exe cl Microsoft-Windows-LanguagePackSetup/Analytic
wevtutil.exe cl Microsoft-Windows-LanguagePackSetup/Debug
wevtutil.exe cl Microsoft-Windows-LanguagePackSetup/Operational
wevtutil.exe cl Microsoft-Windows-MCT/Operational
wevtutil.exe cl Microsoft-Windows-MPS-CLNT/Diagnostic
wevtutil.exe cl Microsoft-Windows-MPS-DRV/Diagnostic
wevtutil.exe cl Microsoft-Windows-MPS-SRV/Diagnostic
wevtutil.exe cl Microsoft-Windows-MSPaint/Admin
wevtutil.exe cl Microsoft-Windows-MSPaint/Debug
wevtutil.exe cl Microsoft-Windows-MSPaint/Diagnostic
wevtutil.exe cl Microsoft-Windows-MUI/Admin
wevtutil.exe cl Microsoft-Windows-MUI/Analytic
wevtutil.exe cl Microsoft-Windows-MUI/Debug
wevtutil.exe cl Microsoft-Windows-MUI/Operational
wevtutil.exe cl Microsoft-Windows-MediaFoundation-MFReadWrite/SinkWriter
wevtutil.exe cl Microsoft-Windows-MediaFoundation-MFReadWrite/SourceReader
wevtutil.exe cl Microsoft-Windows-MediaFoundation-MFReadWrite/Transform
wevtutil.exe cl Microsoft-Windows-MediaFoundation-PlayAPI/Analytic
wevtutil.exe cl Microsoft-Windows-MemoryDiagnostics-Results/Debug
wevtutil.exe cl Microsoft-Windows-MobilityCenter/Performance
wevtutil.exe cl Microsoft-Windows-NCSI/Analytic
wevtutil.exe cl Microsoft-Windows-NCSI/Operational
wevtutil.exe cl Microsoft-Windows-NDF-HelperClassDiscovery/Debug
wevtutil.exe cl Microsoft-Windows-NDIS-PacketCapture/Diagnostic
wevtutil.exe cl Microsoft-Windows-NDIS/Diagnostic
wevtutil.exe cl Microsoft-Windows-NDIS/Operational
wevtutil.exe cl Microsoft-Windows-NTLM/Operational
wevtutil.exe cl Microsoft-Windows-NWiFi/Diagnostic
wevtutil.exe cl Microsoft-Windows-Narrator/Diagnostic
wevtutil.exe cl Microsoft-Windows-NetShell/Performance
wevtutil.exe cl Microsoft-Windows-Network-and-Sharing-Center/Diagnostic
wevtutil.exe cl Microsoft-Windows-NetworkAccessProtection/Operational
wevtutil.exe cl Microsoft-Windows-NetworkAccessProtection/WHC
wevtutil.exe cl Microsoft-Windows-NetworkLocationWizard/Operational
wevtutil.exe cl Microsoft-Windows-NetworkProfile/Diagnostic
wevtutil.exe cl Microsoft-Windows-NetworkProfile/Operational
wevtutil.exe cl Microsoft-Windows-Networking-Correlation/Diagnostic
wevtutil.exe cl Microsoft-Windows-NlaSvc/Diagnostic
wevtutil.exe cl Microsoft-Windows-NlaSvc/Operational
wevtutil.exe cl Microsoft-Windows-OLEACC/Debug
wevtutil.exe cl Microsoft-Windows-OLEACC/Diagnostic
wevtutil.exe cl Microsoft-Windows-OOBE-Machine/Diagnostic
wevtutil.exe cl Microsoft-Windows-OfflineFiles/Analytic
wevtutil.exe cl Microsoft-Windows-OfflineFiles/Debug
wevtutil.exe cl Microsoft-Windows-OfflineFiles/Operational
wevtutil.exe cl Microsoft-Windows-OfflineFiles/SyncLog
wevtutil.exe cl Microsoft-Windows-OneX/Diagnostic
wevtutil.exe cl Microsoft-Windows-OobeLdr/Analytic
wevtutil.exe cl Microsoft-Windows-PCI/Diagnostic
wevtutil.exe cl Microsoft-Windows-ParentalControls/Operational
wevtutil.exe cl Microsoft-Windows-PeerToPeerDrtEventProvider/Diagnostic
wevtutil.exe cl Microsoft-Windows-PeopleNearMe/Operational
wevtutil.exe cl Microsoft-Windows-PortableDeviceStatusProvider/Analytic
wevtutil.exe cl Microsoft-Windows-PortableDeviceSyncProvider/Analytic
wevtutil.exe cl Microsoft-Windows-PowerCfg/Diagnostic
wevtutil.exe cl Microsoft-Windows-PowerCpl/Diagnostic
wevtutil.exe cl Microsoft-Windows-PowerEfficiencyDiagnostics/Diagnostic
wevtutil.exe cl Microsoft-Windows-PowerShell/Analytic
wevtutil.exe cl Microsoft-Windows-PowerShell/Operational
wevtutil.exe cl Microsoft-Windows-PrimaryNetworkIcon/Performance
wevtutil.exe cl Microsoft-Windows-PrintService/Admin
wevtutil.exe cl Microsoft-Windows-PrintService/Debug
wevtutil.exe cl Microsoft-Windows-PrintService/Operational
wevtutil.exe cl Microsoft-Windows-Program-Compatibility-Assistant/Debug
wevtutil.exe cl Microsoft-Windows-QoS-Pacer/Diagnostic
wevtutil.exe cl Microsoft-Windows-QoS-qWAVE/Debug
wevtutil.exe cl Microsoft-Windows-RPC/Debug
wevtutil.exe cl Microsoft-Windows-RPC/EEInfo
wevtutil.exe cl Microsoft-Windows-ReadyBoost/Analytic
wevtutil.exe cl Microsoft-Windows-ReadyBoost/Operational
wevtutil.exe cl Microsoft-Windows-ReadyBoostDriver/Analytic
wevtutil.exe cl Microsoft-Windows-ReadyBoostDriver/Operational
wevtutil.exe cl Microsoft-Windows-Recovery/Operational
wevtutil.exe cl Microsoft-Windows-ReliabilityAnalysisComponent/Operational
wevtutil.exe cl Microsoft-Windows-RemoteApp and Desktop Connections/Admin
wevtutil.exe cl Microsoft-Windows-RemoteAssistance/Admin
wevtutil.exe cl Microsoft-Windows-RemoteAssistance/Operational
wevtutil.exe cl Microsoft-Windows-RemoteAssistance/Tracing
wevtutil.exe cl Microsoft-Windows-Remotefs-UTProvider/Diagnostic
wevtutil.exe cl Microsoft-Windows-Resource-Exhaustion-Detector/Operational
wevtutil.exe cl Microsoft-Windows-Resource-Exhaustion-Resolver/Operational
wevtutil.exe cl Microsoft-Windows-Resource-Leak-Diagnostic/Operational
wevtutil.exe cl Microsoft-Windows-ResourcePublication/Tracing
wevtutil.exe cl Microsoft-Windows-RestartManager/Operational
wevtutil.exe cl Microsoft-Windows-Search-Core/Diagnostic
wevtutil.exe cl Microsoft-Windows-Search-ProtocolHandlers/Diagnostic
wevtutil.exe cl Microsoft-Windows-Security-Audit-Configuration-Client/Diagnostic
wevtutil.exe cl Microsoft-Windows-Security-Audit-Configuration-Client/Operational
wevtutil.exe cl Microsoft-Windows-Security-IdentityListener/Operational
wevtutil.exe cl Microsoft-Windows-Security-SPP/Perf
wevtutil.exe cl Microsoft-Windows-Sens/Debug
wevtutil.exe cl Microsoft-Windows-ServiceReportingApi/Debug
wevtutil.exe cl Microsoft-Windows-Services-Svchost/Diagnostic
wevtutil.exe cl Microsoft-Windows-Services/Diagnostic
wevtutil.exe cl Microsoft-Windows-Setup/Analytic
wevtutil.exe cl Microsoft-Windows-SetupCl/Analytic
wevtutil.exe cl Microsoft-Windows-SetupQueue/Analytic
wevtutil.exe cl Microsoft-Windows-SetupUGC/Analytic
wevtutil.exe cl Microsoft-Windows-ShareMedia-ControlPanel/Diagnostic
wevtutil.exe cl Microsoft-Windows-Shell-AuthUI-BootAnim/Diagnostic
wevtutil.exe cl Microsoft-Windows-Shell-AuthUI-Common/Diagnostic
wevtutil.exe cl Microsoft-Windows-Shell-AuthUI-CredUI/Diagnostic
wevtutil.exe cl Microsoft-Windows-Shell-AuthUI-Logon/Diagnostic
wevtutil.exe cl Microsoft-Windows-Shell-AuthUI-PasswordProvider/Diagnostic
wevtutil.exe cl Microsoft-Windows-Shell-AuthUI-Shutdown/Diagnostic
wevtutil.exe cl Microsoft-Windows-Shell-Core/Diagnostic
wevtutil.exe cl Microsoft-Windows-Shell-DefaultPrograms/Diagnostic
wevtutil.exe cl Microsoft-Windows-Shell-Shwebsvc
wevtutil.exe cl Microsoft-Windows-Shell-ZipFolder/Diagnostic
wevtutil.exe cl Microsoft-Windows-Shsvcs/Diagnostic
wevtutil.exe cl Microsoft-Windows-Sidebar/Diagnostic
wevtutil.exe cl Microsoft-Windows-Speech-UserExperience/Diagnostic
wevtutil.exe cl Microsoft-Windows-StickyNotes/Admin
wevtutil.exe cl Microsoft-Windows-StickyNotes/Debug
wevtutil.exe cl Microsoft-Windows-StickyNotes/Diagnostic
wevtutil.exe cl Microsoft-Windows-StorDiag/Operational
wevtutil.exe cl Microsoft-Windows-StorPort/Operational
wevtutil.exe cl Microsoft-Windows-Subsys-Csr/Operational
wevtutil.exe cl Microsoft-Windows-Subsys-SMSS/Operational
wevtutil.exe cl Microsoft-Windows-Superfetch/Main
wevtutil.exe cl Microsoft-Windows-Superfetch/StoreLog
wevtutil.exe cl Microsoft-Windows-Sysprep/Analytic
wevtutil.exe cl Microsoft-Windows-SystemHealthAgent/Diagnostic
wevtutil.exe cl Microsoft-Windows-TCPIP/Diagnostic
wevtutil.exe cl Microsoft-Windows-TSF-msctf/Debug
wevtutil.exe cl Microsoft-Windows-TSF-msctf/Diagnostic
wevtutil.exe cl Microsoft-Windows-TSF-msutb/Debug
wevtutil.exe cl Microsoft-Windows-TSF-msutb/Diagnostic
wevtutil.exe cl Microsoft-Windows-TZUtil/Operational
wevtutil.exe cl Microsoft-Windows-TaskScheduler/Debug
wevtutil.exe cl Microsoft-Windows-TaskScheduler/Diagnostic
wevtutil.exe cl Microsoft-Windows-TaskScheduler/Operational
wevtutil.exe cl Microsoft-Windows-TaskbarCPL/Diagnostic
wevtutil.exe cl Microsoft-Windows-TerminalServices-LocalSessionManager/Admin
wevtutil.exe cl Microsoft-Windows-TerminalServices-LocalSessionManager/Analytic
wevtutil.exe cl Microsoft-Windows-TerminalServices-LocalSessionManager/Debug
wevtutil.exe cl Microsoft-Windows-TerminalServices-LocalSessionManager/Operational
wevtutil.exe cl Microsoft-Windows-TerminalServices-MediaRedirection/Analytic
wevtutil.exe cl Microsoft-Windows-TerminalServices-PnPDevices/Admin
wevtutil.exe cl Microsoft-Windows-TerminalServices-PnPDevices/Analytic
wevtutil.exe cl Microsoft-Windows-TerminalServices-PnPDevices/Debug
wevtutil.exe cl Microsoft-Windows-TerminalServices-PnPDevices/Operational
wevtutil.exe cl Microsoft-Windows-TerminalServices-RDPClient/Analytic
wevtutil.exe cl Microsoft-Windows-TerminalServices-RDPClient/Debug
wevtutil.exe cl Microsoft-Windows-TerminalServices-RDPClient/Operational
wevtutil.exe cl Microsoft-Windows-TerminalServices-RdpSoundDriver/Capture
wevtutil.exe cl Microsoft-Windows-TerminalServices-RdpSoundDriver/Playback
wevtutil.exe cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Admin
wevtutil.exe cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Analytic
wevtutil.exe cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Debug
wevtutil.exe cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational
wevtutil.exe cl Microsoft-Windows-ThemeCPL/Diagnostic
wevtutil.exe cl Microsoft-Windows-ThemeUI/Diagnostic
wevtutil.exe cl Microsoft-Windows-TunnelDriver
wevtutil.exe cl Microsoft-Windows-UAC-FileVirtualization/Operational
wevtutil.exe cl Microsoft-Windows-UAC/Operational
wevtutil.exe cl Microsoft-Windows-UIAnimation/Diagnostic
wevtutil.exe cl Microsoft-Windows-UIAutomationCore/Debug
wevtutil.exe cl Microsoft-Windows-UIAutomationCore/Diagnostic
wevtutil.exe cl Microsoft-Windows-UIAutomationCore/Perf
wevtutil.exe cl Microsoft-Windows-UIRibbon/Diagnostic
wevtutil.exe cl Microsoft-Windows-USB-USBHUB/Diagnostic
wevtutil.exe cl Microsoft-Windows-USB-USBPORT/Diagnostic
wevtutil.exe cl "Microsoft-Windows-User Control Panel Performance/Diagnostic"
wevtutil.exe cl "Microsoft-Windows-User Profile Service/Diagnostic"
wevtutil.exe cl "Microsoft-Windows-User Profile Service/Operational"
wevtutil.exe cl Microsoft-Windows-User-Loader/Analytic
wevtutil.exe cl Microsoft-Windows-UserModePowerService/Diagnostic
wevtutil.exe cl Microsoft-Windows-UserPnp/DeviceMetadata/Debug
wevtutil.exe cl Microsoft-Windows-UserPnp/DeviceNotifications
wevtutil.exe cl Microsoft-Windows-UserPnp/Performance
wevtutil.exe cl Microsoft-Windows-UserPnp/SchedulerOperations
wevtutil.exe cl Microsoft-Windows-UxTheme/Diagnostic
wevtutil.exe cl Microsoft-Windows-VAN/Diagnostic
wevtutil.exe cl Microsoft-Windows-VDRVROOT/Operational
wevtutil.exe cl Microsoft-Windows-VHDMP/Operational
wevtutil.exe cl Microsoft-Windows-VWiFi/Diagnostic
wevtutil.exe cl "Microsoft-Windows-Virtual PC/Admin"
wevtutil.exe cl Microsoft-Windows-VolumeControl/Performance
wevtutil.exe cl Microsoft-Windows-VolumeSnapshot-Driver/Operational
wevtutil.exe cl Microsoft-Windows-WABSyncProvider/Analytic
wevtutil.exe cl Microsoft-Windows-WCN-Config-Registrar/Diagnostic
wevtutil.exe cl Microsoft-Windows-WER-Diag/Operational
wevtutil.exe cl Microsoft-Windows-WFP/Analytic
wevtutil.exe cl Microsoft-Windows-WFP/Operational
wevtutil.exe cl Microsoft-Windows-WLAN-AutoConfig/Operational
wevtutil.exe cl Microsoft-Windows-WLAN-Autoconfig/Diagnostic
wevtutil.exe cl Microsoft-Windows-WLANConnectionFlow/Diagnostic
wevtutil.exe cl Microsoft-Windows-WMI-Activity/Trace
wevtutil.exe cl Microsoft-Windows-WMPDMCCore/Diagnostic
wevtutil.exe cl Microsoft-Windows-WMPDMCUI/Diagnostic
wevtutil.exe cl Microsoft-Windows-WMPNSS-PublicAPI/Diagnostic
wevtutil.exe cl Microsoft-Windows-WMPNSS-Service/Diagnostic
wevtutil.exe cl Microsoft-Windows-WMPNSSUI/Diagnostic
wevtutil.exe cl Microsoft-Windows-WPD-ClassInstaller/Analytic
wevtutil.exe cl Microsoft-Windows-WPD-ClassInstaller/Operational
wevtutil.exe cl Microsoft-Windows-WPD-CompositeClassDriver/Analytic
wevtutil.exe cl Microsoft-Windows-WPD-CompositeClassDriver/Operational
wevtutil.exe cl Microsoft-Windows-WPD-MTPClassDriver/Operational
wevtutil.exe cl Microsoft-Windows-WSC-SRV/Diagnostic
wevtutil.exe cl Microsoft-Windows-WUSA/Debug
wevtutil.exe cl Microsoft-Windows-WWAN-MM-Events/Diagnostic
wevtutil.exe cl Microsoft-Windows-WWAN-NDISUIO-EVENTS/Diagnostic
wevtutil.exe cl Microsoft-Windows-WWAN-SVC-Events/Diagnostic
wevtutil.exe cl Microsoft-Windows-WWAN-UI-Events/Diagnostic
wevtutil.exe cl Microsoft-Windows-WebIO-NDF/Diagnostic
wevtutil.exe cl Microsoft-Windows-WebIO/Diagnostic
wevtutil.exe cl Microsoft-Windows-WebServices/Tracing
wevtutil.exe cl Microsoft-Windows-Win32k/Concurrency
wevtutil.exe cl Microsoft-Windows-Win32k/Power
wevtutil.exe cl Microsoft-Windows-Win32k/Render
wevtutil.exe cl Microsoft-Windows-Win32k/Tracing
wevtutil.exe cl Microsoft-Windows-Win32k/UIPI
wevtutil.exe cl Microsoft-Windows-WinHTTP-NDF/Diagnostic
wevtutil.exe cl Microsoft-Windows-WinHttp/Diagnostic
wevtutil.exe cl Microsoft-Windows-WinINet/Analytic
wevtutil.exe cl Microsoft-Windows-WinRM/Analytic
wevtutil.exe cl Microsoft-Windows-WinRM/Debug
wevtutil.exe cl Microsoft-Windows-WinRM/Operational
wevtutil.exe cl Microsoft-Windows-Windeploy/Analytic
wevtutil.exe cl "Microsoft-Windows-Windows Defender/Operational"
wevtutil.exe cl "Microsoft-Windows-Windows Defender/WHC"
wevtutil.exe cl 'Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurity"
wevtutil.exe cl "Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurityVerbose"
wevtutil.exe cl 'Microsoft-Windows-Windows Firewall With Advanced Security/Firewall"
wevtutil.exe cl 'Microsoft-Windows-Windows Firewall With Advanced Security/FirewallVerbose"
wevtutil.exe cl Microsoft-Windows-WindowsBackup/ActionCenter
wevtutil.exe cl Microsoft-Windows-WindowsColorSystem/Debug
wevtutil.exe cl Microsoft-Windows-WindowsColorSystem/Operational
wevtutil.exe cl Microsoft-Windows-WindowsSystemAssessmentTool/Operational
wevtutil.exe cl Microsoft-Windows-WindowsSystemAssessmentTool/Tracing
wevtutil.exe cl Microsoft-Windows-WindowsUpdateClient/Operational
wevtutil.exe cl Microsoft-Windows-Wininit/Diagnostic
wevtutil.exe cl Microsoft-Windows-Winlogon/Diagnostic
wevtutil.exe cl Microsoft-Windows-Winlogon/Operational
wevtutil.exe cl Microsoft-Windows-Winsock-AFD/Operational
wevtutil.exe cl Microsoft-Windows-Winsock-WS2HELP/Operational
wevtutil.exe cl Microsoft-Windows-Winsrv/Analytic
wevtutil.exe cl Microsoft-Windows-Wired-AutoConfig/Diagnostic
wevtutil.exe cl Microsoft-Windows-Wired-AutoConfig/Operational
wevtutil.exe cl Microsoft-Windows-Wordpad/Admin
wevtutil.exe cl Microsoft-Windows-Wordpad/Debug
wevtutil.exe cl Microsoft-Windows-Wordpad/Diagnostic
wevtutil.exe cl Microsoft-Windows-mobsync/Diagnostic
wevtutil.exe cl Microsoft-Windows-ntshrui
wevtutil.exe cl Microsoft-Windows-osk/Diagnostic
wevtutil.exe cl Microsoft-Windows-stobject/Diagnostic
wevtutil.exe cl ODiag
wevtutil.exe cl OSession
wevtutil.exe cl Security
wevtutil.exe cl Setup
wevtutil.exe cl System
wevtutil.exe cl TabletPC_InputPanel_Channel
wevtutil.exe cl WMPSetup
wevtutil.exe cl WMPSyncEngine
wevtutil.exe cl "Windows PowerShell"

Read other answers
Preferred Solution: Is there another way to clear all events in the event logs with or without saving?

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)



Does anyone know how to clear the Administrative Events log listed under Custom Views in the Event Viewer?

All the logs listed under the Windows logs have options to clear, but the above does not.



A:How To Clear Administrative Events Log - Event Viewer

Thats just a filter. I dont know of any way to clear it other than clearing all events that appear in it under: System, Security and Application event logs.

Read other 9 answers

Windows Logs and Applications and Services Logs have a "clear log" option; however, I am puzzled how to edit/delete Administrative Events?Eighter from Decatur, county seat of Wise (of course it's in Texas)

A:How does one clear Custom Views (Administrative Events) in the Event Viewer?

Ronnie Vernon said: Hi p010neThe Custom View / Administrative Events is a compilation of all the other event logs in the Event Viewer. Entries in this log will be removed when the logwhere the event originated from is cleared.Hope this helps.

Ronnie Vernon MVPI thought that was the case; however, I cleared all the other logs! This is an example of an entry in this log:Log Name: Microsoft-Windows-Dhcpv6-Client/AdminSource: Microsoft-Windows-DHCPv6-ClientDate: 1/17/2009 7:52:33 AMEvent ID: 1001Task Category: Address Configuration State EventLevel: ErrorKeywords: User: LOCAL SERVICEComputer: Windows7Description:Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0x000129F558C5. The following error occurred: 0x79. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System> <Provider Name="Microsoft-Windows-DHCPv6-Client" Guid="{6A1F2B00-6A90-4C38-95A5-5CAB3B056778}" /> <EventID>1001</EventID> <Version>0</Version> <Level>2</Level> <Task>3</Task> <Opcode>74</Opcode> <Keywords>0x8000000000000000</Keywords> <TimeCreated S... Read more

Read other 9 answers


Is there a way to get a full list of the possible events that can appear in the system event's log file?

I am working on a project through which I can get alerts on these errors, but I need to classify them.

Let me know what you can do.


Read other answers

Windows 2003/2008 server event logs automation question.
Okay, I need help! This is my first post, and if I get an answer that resolves it, I swear that I will donate to the site! (okay, I will anyway, but what other motivation could I offer?)
Problem: I need to collect the system,application and security event logs
from multiple servers that I am testing often. Manually saving the logs and
resetting them is a chore for dozens of systems, each time i run a test.
What I would like is a VBS script that I could call from a shortcut on the
desktop, which points to a COLLECT.VBS script located on a mapped drive. This
would be to allow me to use 1 script on all systems. I could log in and run
it quickly or set it up on the scheduler to run daily.
The code below does the capture and clear of the logs, but i have had to edit one per server. I also have to create a different name or location each time to allow multiple captures to exist together and not overwrite each other.
So, here are the features that I would like some help with how to code a solution to my problem:
1. vbs script called from a desktop icon or tripped off by a daily scheduled
2. must copy then clear the system,security and application logs (code below
does do that, btw)
3. Pickup the system name and date stamp so as to write them on the x:
drive in a location that lets you easily see what they came from and where
they are.
Example- when I click on this from SYSTEM A, it creates the 3 logs they look... Read more

Read other answers

Hello all,

This Windows 7 utility actually works on Windows 8 Pro (at least it does on my installation).

Event Viewer One Click Clear - Windows 7 Support Forums

Use at your own risk.

Note: There are some that frown on removing historical event logs and I say "To each their own."

Good luck.

Read other answers

It should be two files text files one for apps events and one for the system events.
This is an example about how the format of the text files and what content should be inside:
Log Name: Application
Source: ESENT
Date: 2013-02-25T03:18:39.000
Event ID: 105
Task: General
Level: Information
Opcode: Info
Keyword: Classic
User: N/A
User Name: N/A
Computer: Chocolade
msiexec (48672) Instance: The database engine started a new instance (0). (Time=0 seconds)

Internal Timing Sequence: [1] 0.000, [2] 0.000, [3] 0.063, [4] 0.031, [5] 0.000, [6] 0.000, [7] 0.000, [8] 0.000, [9] 0.000, [10] 0.000.
Log Name: Application
Source: ESENT
Date: 2013-02-25T03:18:39.000
Event ID: 326
Task: General
Level: Information
Opcode: Info
Keyword: Classic
User: N/A
User Name: N/A
Computer: Chocolade
msiexec (48672) Instance: The database engine attached a database (1, C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb). (Time=0 seconds)

Internal Timing Sequence: [1] 0.000, [2] 0.015, [3] 0.000, [4] 0.000, [5] 0.000, [6] 0.016, [7] 0.000, [8] 0.000, [9] 0.000, [10] 0.000, [11] 0.000, [12] 0.000.
Saved Cache: 1
I have two text files with it which i didn't create but i want to create or if the files are exist somewhere in windows directories then just copy the files.
If not exist then make a bat(batch) file that will create/copy the files for me.

I just attached to this thread the ... Read more

A:How can i get windows events app and events system logs ?

What are you trying to accomplish? Can you identify some specific issue you are having that might be directly associated with these event logs? BTW, the logs you posted in your description appear to just be informational logs.

Read other 4 answers

How, in W7, does one clear the events? In vista, I went to actions and clear events. On W7, I do not see a clear events.



A:How to clear events in viewer?

Right click and clear

Read other 3 answers

My computer keeps getting error messages while trying to go to internet sites like hulu.com, facebook.com, msn.com, etc saying "___ is not working properly, will try to see what is the problem ".  After this kept happening, my speed decreased to a snails pace.  I tried to increase the speed and memory in my PC by deleting all unnecessary files and photos.  I  also scanned my computer for viruses with Avasti Premier and tried a defrag of each drive (could not get defrag to work on the hard drive-"needs optimization" message stays next to  the hard drive item).  Then I checked Event Manager and it showed that I had over 524 events some critical and with warnings.  I again tried to get Windows 10 online to help me address one event at a time by assigning tasks to a few of them.  This happened 2 days ago and I still have these events listed and nothing happened.  Please tell me what can be done that isn't so complicated?  I'm not very computer savvy.

Read other answers

I am new to Microsoft Message Analyzer and just downloaded version 1.4 and installed on my Windows 10 laptop
I saved my Windows System Event log as an .evtx file to have some data to start looking at. I note the column entitled 'summary' appears to show the body of the event message. However I see many rows which state "unable to retrieve the event description"
in this column, what do I need to do to fix this issues please? could it of been the way that I saved the .evtx file in the first instance (I accepted the defaults) or do I need to install some additional files/components so the messages are displayed

Thanks all

Read other answers

How does one clear these? pls view attachment, thanks.

A:How to clear Administrative Events under Custom Views?

Select a log
Menu Bar - Action

Clear Log (it might say Clear Events - I'm not looking at it niw).

Read other 5 answers

I was running 3DMark06 and got a BSOD code 124. After that every time I boot Event Viewer logs Error Codes ID 3012 and 3011. Attached are screenshots of both.

I googled this and found two different threads where someone suggested to rebuild the performance counters. Both responses were basically the same, below is one. Neither of the OP's came back and said if this worked for them.

Re: LoadPerf 3011, 3012
I had the same problem with LoadPerf and here is what I found out:
All performance counter names and explain text are maintained in string tables managed by the performance counter subsystem (Perflib).

The current contents of the performance counter string tables are corrupted and cannot be displayed. To correct the problem, rebuild the string tables.

User Action
To rebuild the string tables, on the computer that displayed the message, at the command prompt, type Lodctr /r
The contents of the string tables are automatically rebuilt.

I hope this helps

Since this was from 2008 (XP?) and the other response was for Vista I wanted to see if the guru's at SevenForums thought that this was okay before I did this.

Here are the screenshoots of my two errors.

A:After BSOD Event Viewer Logs Event ID 3012 and 3011 every time I boot

Rebuilding the string tables as outlined in my first post fixed the problem.

Read other 1 answers

After too many unexplained problems, I decided to reinstall Windows 8.1 Pro x64, and migrate off of SBS 2011 Standard. In addition to the primary workstation that can't read any event logs, I built five Server 2012 R2 servers (Hyper-V host, Active Directory
VM, Exchange 2013 VM, SQL Server 2014 VM, and WSUS VM).

I was diagnosing why my workstation's Outlook cannot reach the local Exchange Server.   I tried to look at the event logs, and found the
Event Viewer cannot open the event log or custom view.  Verify that Event Log service is running (it is) or the query is too long (whatever that indicates).  The request is not supported (50)
Looking at the directory of the event logs folder.  It appears that most logs are empty, which is understandable since it's a rebuilt installation.  I found a small number of Applications and Services Logs and it appears nothing was logged since
six days ago on 4/4/2016.   On support forums, I found many have this exact problem on Win 7, Win 8, and Win 10.  Of the solutions posted none of them would even execute on my Win 8.1 Pro x64 machine.  I tried clearing the event logs (WEVTUTIL
CL logfilename) and am told Failed to clear log .... The request is not supported. 
It's very difficult to diagnose why Outlook 2013 cannot reach Exchange 2013, even if Outlook is installed on the Exchange server machine (just as a test).  The web-based Outlook owa, ecp, ... all work fine. ... Read more

Read other answers

On server 2000, has anyone ever seen the events go missing from the event log? You open up the event viewer, and it says there are (for example) 800 events, but below is just blank.


A:Event log events missing

Is this true for all logs (system, application, security)?

Any chance that the little window divider is just moved all the way to the right? This would leave only the "Type" column displaying.

Also under the "view" tab there is an option to add/remove columns. Are they all selected? (Type, Date, Time, ID, etc....)

Read other 1 answers

what is 


in the windows security events 

Read other answers

Have an issue I've been dealing with for several weeks.  I have a standalone system that certain event IDs such as 4647 and 4634 and others are not populating in the security log.  Success and failures is set in the Local Group Policy,
but they are not being logged.  Performed gpupdate after making changes, and scoured the internet for a solution.  Any ideas?  Was this an issue in the past that an MS patch corrected?  Thanks in advance for any suggestions!!

Read other answers

Hello, thanks for taking the time to read this and attempt to help me it is greatly appreciated! So I have an ASUS ROG Strix laptop PC with Nvidia GTX 970m, 16gb RAM, 500gb SSD, intel i7 6700HQ. I've been using it for a few months or so now constantly doing all the normal routine things I can to keep it running smoothly. I use Kaspersky and Malwarebytes both paid versions. I did a system reset a couple weeks back because I felt like there was SOMETHING running in the background that I could NOT find after countless hours of researching. Anyways my PC was running a little slow and I needed more space so I thought a fresh install was best. I'm noticing that my PC isn't performing smoothly anymore and in the event viewer I saw dwm.exe, AUDIODG.exe, Microsoft.photos.exe and zeroconfigservices.exe critical events. Also something that I find weird but not necessarily problematic is that after doing the reset when I come to the logon screen I always am trying to change it to the PIN entry and sometimes it will stay that way but it always resets after a couple times back to entering the password only. I can't figure out why..... Sometime Steam won't start and I can't open it along with a couple of other select programs.... I just don't know what's going on. I attached a Diagnostic report. I tried uploading the reliability history too but it wouldn't allow an XML file so I tried to convert it to .txt..... didn't work out too well but i... Read more

Read other answers

good day,

My event viewer is full of events such as security audit - special logon (special privileges assigned to new user) user account management (security enabled local group membership enumerated). They show as originating on the Builtin/administrators id. I am not part of a group; this is my home laptop.
I never used to see these events but some of them now originate every 15 minutes or so.
Does anyone know what this is?

A:Strange events in event viewer

Please list the Event ID associated with each event.

Read other 2 answers

Hi there!
I need event log help...i already searched everything possible but cant find an answer. I need event viewer to stop recording any events...i disabled it from whereever possible...services,regedit and everywhere else...i restart the computer and it shows the event log is disabled....once i enable it again it shows all the events..even the once which are during the time when it was disabled. How to permanently stop it from logging anything? Or at least how to clear all the logs,specially the one that shows that logs were cleared. Any help and ideas would be greatly appreciated.
Help please...


A:Event log keeps logging events even if disabled??

HEllo, im afraid i don't know the answer.

But i would like to know why, if/when you have a problem with your computer it will be very hard to find the fault of your problem!

Read other 2 answers

is there a way to delete all events in event viewer//// nevermind found the clear path for them

Read other answers

I have Been getting bsod xd1 from iastora.sys I have come to the conclusion that I want it gone and want to switch to ahci and get rid of irst. Only problem is I heard you have to reinstall to do that and I don't want to. I really need this done and I'm scared because I get bsod in the middle of dayz and writing papers and its annoying.

A:45,120 events in event viewer, I have a keylogger

Hi Amingst

See if the tutorial below will help

AHCI : Enable in Windows 7 / Vista

Read other 9 answers

Im working on a project testing ETW tracing with manifest-based events. What Im struggling to understand is why I cant see any events in my log file.

Here is the manifest:
<?xml version="1.0" encoding="UTF-16"?>
<instrumentationManifest xsi:schemaLocation="http://schemas.microsoft.com/win/2004/08/events eventman.xsd"Read more

Read other answers

Hi, I recieved a phone call today from someone claiming to be from Windows who wanted to walk me thru an issue on our computer. We had been alerted by them before because of a virus on computers at our IP address or something like (I was not the one to talk to them at that time) and we did find two trojans on one of the laptops in our household (now taken care of). However today he asked me to go to Event Viewer and look at the administrative events there. I have heard of event viewer, but I know next to nothing about what it does. He asked me to look at how many administrative events I had and when he heard the answer he asked me to download Ammyy for remote access to my computer. Because we have had phone calls about actual issues on our computers before I downloaded it and allowed him to do what he needed. He commented on how my computer is running slower and such which I have noticed, however I do know that I am using it a lot heavier now and doing some gaming on it so it is getting more use which I have attributed some of the slowness issues to. (Though that may or may not be true). When he quoted me on prices to remove the issues with my computer I told him I would phone him back because I needed to discuss with other members in my household as his offers were applicable to their computers as well. However when I went to find out more about Event Viewer and what he was trying to offer to remove I got some notices about scams.

Therefore I was wondering if I could get s... Read more

A:Event Viewer and Administrative Events

No one will ever call or email you so that tells you it's a SCAM.

Wait for a tech that knows more on what to do help you check your PC.

Read other 1 answers

I have had constant entries in my event log (5-10 a day) that are of error 1014 DNS Client Events. They ALL read "Name resolution for the name www.linux.org timed out after none of the configured DNS servers responded."

Not sure what is causing these and why anything on my system is attempting to access www.linux.org. I tooked at the details of the error and noted that the PID that is creating the errors belongs to svchost.exe.

A:Event Log: DNS Client Events (1014)

Check host file for linux.org entries. Make sure you're not running through a Proxy.
What is your primary and secondary DNS server listed as?

Read other 5 answers

There are a lot of errors in Event Viewer related to Windows Search (Event ID:3013, Search). They started to appear last 7-8 days without any reason. No such errors before.All of them seem to be related to Firefox:Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f)C:\USERS\XX\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\35D2WEW0.DEFAULT-1447234321783\SAFEBROWSING\GOOG-PHISH-SHAVAR.CACHEC:\USERS\XX\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\35D2WEW0.DEFAULT-1447234321783\SAFEBROWSING\GOOG-MALWARE-SHAVAR.SBSTOREC:\USERS\XX\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\35D2WEW0.DEFAULT-1447234321783\SAFEBROWSING\GOOG-MALWARE-SHAVAR.PSETC:\USERS\XX\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\35D2WEW0.DEFAULT-1447234321783\SAFEBROWSING\GOOG-MALWARE-SHAVAR.CACHEC:\USERS\XX\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\35D2WEW0.DEFAULT-1447234321783\SAFEBROWSING\GOOG-DOWNLOADWHITE DIGEST256.SBSTOREC:\USERS\XX\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\35D2WEW0.DEFAULT-1447234321783\SAFEBROWSING\GOOG-BADBINURL-SHAVAR.CACHE.......Etc. etc. What mean these entries? I've never got them before.Thanks in advance.Edit: Moved topic from Web Browsing/Email and Other Internet Applications to the more appropriate forum, as suggested by member helping OP. ~ Animal

A:Suddenly strange events in Event Viewer

After disabling indexing option for some drives, I rebuilt the index (System and maintenance/Indexing Options/Advanced/Rebuild). I let it run for a while only. Didn't wait until the end of process.
The errors seem to be stopped for now. I hope it doesn't occur again.

Read other 6 answers

I don't really know what they are about, they seem to be related to msn/windows messenger, but im not sure that they occur every time i go on msn. They are coming up as errors, but does anyone know what they are about?

Event Type: Information
Event Source: ESENT
Event Category: General
Event ID: 101
Date: 23/10/2006
Time: 20:03:52
User: N/A
Computer: USER-2F62D3344E
msnmsgr (2896) The database engine stopped.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Information
Event Source: ESENT
Event Category: General
Event ID: 102
Date: 23/10/2006
Time: 19:32:23
User: N/A
Computer: USER-2F62D3344E
msnmsgr (2896) \\.\C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_22E8_B00E_E8AF_DDF3\dfsr.db: The database engine started a new instance (0).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Read other answers

I have an event in the Event Viewer in the Administrative Events that started at the end of October. I've been having problems with my laptop, and found this while digging for a clue as to what is wrong. It refers to computer MATT. This is my sons computer on my network. We have been networked for years and I've never seen this problem before. He also has an XBox that he uses. This laptop with the error message is wireless if that matters.

I tried to research this but have had no luck. Any advice on this would be appreciated.

Thank you in advance.

Event 8003, bowser
The master browser has received a server announcement from the computer MATT that believes that it is the master browser for the domain on transport NetBT_Tcpip_{FA9EB726-8E72-4BDF-89C3-03D06240ABA0}. The master browser is stopping or an election is being forced.

Read other answers

Whenever i reboot my vista system, I'm seeing my event log is flooded with Windows servicing events (4373). Any particular reasons, why same events are getting generated thousands of times on reboot?

Read other answers

I see there is a way to delete or clean out all events that build up over time in Event Viewer.
Is that necessary or should it be left alone?
Will any harm be done by cleaning?

A:Cleaning/deleting events in Event Viewer

Leave Windows event logs alone. There's absolutely nothing to be gained by trying to "clean" them out.

Read other 2 answers

When dealing with Event-ID 4776 is ATA interested in failed or successfull (or both) credential validation events ?

Read other answers

Looking for more information or at least suggestions on alternatives to EventRecordID as an index when using the Windows Event Collector.  When working with an individual server and individual Eventlog, the EventRecordID element can be used as an index
to keep your place when crawling through events in order.  However, when using the Windows Event Collector, the events retain their original EventRecordID in the ForwardedEvents log.  That makes it difficult at best to keep track of where you were
when crawling through events with a script/program.  The date/timestamp doesn't help either, as events can come in from other systems after you have moved past a given date/time.

Anyone have any suggestions on a way to track, bookmark, or index events in ForwardedEvents?

Read other answers

What is the available number space for user-defined events?

A:Available event id # space for user-defined system events

/id EventID : Specifies the event ID for the event. A valid ID is any number from 1 to 65535.
That answers the first question.

I guess the question now is does it matter what number I use or will using the same id as a pre-defined system event cause an issue?

Read other 1 answers

Win8 Pro with Media Center. 
I have a Custom View in Event Viewer which collects status reports from my UPS.  The Custom View contains over 3000 events.  When I use the "Save All Events in Custom View As..." Action I don't get all the event records in my save file.

If I use .xml, .txt (tab-delimited) or .csv format I get only about 300 records. Only the proprietary .evtx format seems to retain all the records.

How do I get save _ALL_ the events in my view to a .csv format?

I've tried "Save All Events As..." from other views and get similar results.  The number of records saved varies, but I don't get all of them.

A:How do I save more events from event viewer to a text file?

I'd still like an answer, but I found a work-around.  First save all events from the Custom view as an evtx file.  When it's done, load the file.  Open the loaded entry in the Saved Logs folder tree.  Now select "Save All Events As..."
and choose the format of your choice.  The file will now contain all the entries.

Read other 3 answers

I've unfortunately caught this once before:

Today, as I finished up doing some bill paying, my computer rebooted. As soon as it came back up, I ran a virus scan, and it came up positive for JAVA Payload.D

C:\Documents and Settings\Michelle\Application Data\Sun\Java\Deployment\cache\6.0\42\7aad51aa-6c4ee9cc
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/PayLoad.D Java virus
--> dk/komogvind/games/egyptianpyramids2/c/y.class
[DETECTION] Contains recognition pattern of the JAVA/PayLoad.D Java virus

(I've emailed Playtopia, the site I play Egyptian Pyramids on, to let them know that the game seems to be infected.)

Avira removed it. Last time I was infected, Avira's removal was complete. I've run MalwareBytes and it didn't find anything, but I'm really concerned because Event Viewer has some really troubling entries in it and some things on my system have been changed. For one, Windows Firewall has been re-activated, seemingly by itself, and Event Viewer's logs appear to indicate that it has been tampered with. This did NOT happen last time I was infected with this virus. EDIT: I've gone back through and it seems the firewall was probably re-enabled when I did my last set of Windows updates. The logon/logoffs, including periodical anonymous logons, seem to have been happening over the last month. They may be valid?

I'm ... Read more

Read other answers
A:Missing Events Logs and Not Recognizing Anti-Virus Product

Hi there, try the below suggestion from Symantec. See if it helps you to register Norton.

1. Click the Start button, and then click All Programs > Accessories > Run.
2. In the Run dialog box, type the following text:

regsvr32 /u WMIUTILS.DLL
3. Click OK.
4. Restart the computer.
5. Click the Start button, and then click All Programs > Accessories > Run.
6. In the Run dialog box, type the following text:

7. Click OK.
8. Restart the computer.

Read other 9 answers

Hello all i am totally new here so i wasn't absolutely sure what section to ask this question so please don't shoot me if i guessed wrong. To keep this short and sweet i get this event message every 2 min or less.

Router Advertisement settings have been changed on the network adapter 11. The current M - Managed Address Configuration flag is true and the O - Other Stateful Configuration flag is true. User Action: If you are seeing this event frequently, then it could be due to frequent change in M and O flag settings on the router in the network. Please contact your network administrator to have it resolved.

I know it's not a error but informational. But what's strange is if i go to a system image of a know good point where i only get the message on restart. It doesn't reoccur until i restart again instead of every 2 min, so i am lead to beleive its not normal behavior. I am on a wired optimum modem and router. The router is a D-Link DIR 868L. And i have Cable internet and Bitdefender 2015 TS
I have tried my best to research this but most of the info is from 2009 and half of the threads say to disable IPv6 from adapter properties to make error go away but i have read that is not a good solution because certain programs use it for windows 7.

OS Name Microsoft Windows 7 Home Premium
Version 6.1.7601 Service Pack 1 Build 7601
Other OS Description Not Available
OS Manufacturer Microsoft Corporation
System Name VIGGYS-PC
System Manufacturer To Be Filled By O.E.M.
System Mode... Read more

A:Is it normal to get DHCPv6-Client event 1006 events every 2 minutes ?

I finally solved this issue by the following ways, contacting optimum who pointed me to contact Microsoft who was kind enough to connect to my desktop pc remotely and troubleshoot that is was a actual router setting that was bad " for free can you believe it " and to contact D-Link. Well optimum uses there own firmware for D-Link routers lol " not sure what firmware is ". Long story short brought router back and exchanged it and guess what? Solved.

Read other 1 answers

While looking at Event Viewer, if I send a file to Print, I can see various entries in the logs regarding spooling and cancelled jobs - all located in:
But if I send a print job to an offline printer or if there is some other error, like the printer having no paper. I see no reference to an event in the Event Viewer, even though I receive a slide in notification in Windows 10.
Is there a different service that handles these?
It seems that something is catching those warnings or dialogs, but I just cant figure out which source is handling them? It's definitely not PrintSystems.
Is there an error logging attribute I am not checking regarding PrintSystems? I saw something of the kind in references to Windows 7 but for Windows 10 it seems it has been changed.
The reason is I am trying to create a task referencing these warnings and errors.

Read other answers

I noticed that event (100) is not always reported or not reported at all on several machines and I would like to understand how can I force reporting it.
In addition I would appreciate if you can explain regarding the keys under:

Things I've already tested on win7:
1. Verified that the diagnostic performance > operational log is enabled
2. Services: ?Diagnostic Policy Service? (auto) and ?Diagnostic service host? (manual) were running
3. Verified that GPO is not disabled for:
- Computer Configuration\Administrative Templates\System\Troubleshooting
- Diagnostics\Windows Boot Performance Diagnostics Computer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\Diagnostics: Configuration scenario executing level


A:Missing boot events on the Diagnostic performance operational log (event-id 100)

For keys under [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\Performance\Boot]
Please take a look of discussions in this link(reply posted by David J)
Diagnostics-Performance log Event 100 - Critical, Error, or Warning - when and why?

My understanding to this issue??event (100) is not always reported or not reported at all on several machines?
is that : this kind event log occurs when an time parameter during the boot process reaches a threshold in the registry key, then a warning, critical or error message will appear in the event viewer. If it doesn?t reach the threshold, then there will be
no report.
TechNet Community Support

Read other 3 answers

While looking at Event Viewer, if I send a file to Print, I can see various entries in the logs regarding spooling and cancelled jobs - all located in:
But if I send a print job to an offline printer or if there is some other error, like the printer having no paper. I see no reference to an event in the Event Viewer, even though I receive a slide in notification in Windows 10.
Is there a different service that handles these?
It seems that something is catching those warnings or dialogs, but I just cant figure out which source is handling them? It's definitely not PrintSystems.
Is there an error logging attribute I am not checking regarding PrintSystems? I saw something of the kind in references to Windows 7 but for Windows 10 it seems it has been changed.
The reason is I am trying to create a task referencing these warnings and errors.

Read other answers

i have noticed that my computer has been taking longer to start up and shut down lately. i have used all my resources to see and control what i am running on startup, from msconfig to spybot's startup manager, there's not a lot running there so i went to check the event viewer and it's full of errors, critical events and warnings.

I tried using MS's websites for help but they are a nightmare to use, posted this same entry in their forums but no answer yet. I'll appreciate if you can help me understand what's going on with my computer. Thanks in advance

the last critical event reads as follows (the OS is in spanish so i'll translate to what i think it should be):

Windows has started up:

Boot duration : 135986ms
IsDegradation : true
Incident Time (UTC) : 27/04/2008 05:35:27 p.m.

Log Name: Microsoft-Windows-Diagnostics-Performance/Operational
Source: Diagnostics-Performance
Date: 27/04/2008 12:38:01 p.m.
Event ID: 100
Task Category: Boot Performance Monitoring
Level: Critical
Keywords: Event Log
Computer: (name deleted by me)


BootTsVersion 2
BootStartTime 2008-04-27T17:35:27.656Z
BootEndTime 2008-04-27T17:37:54.087Z
SystemBootInstance 512
UserBootInstance 493
BootTime 135986
MainPathBootTime 53423
BootKernelInitTime 15
BootDriverInitTime 3316
BootDevicesInitTime 5470
BootPrefetchInitTime 90685
BootPrefetchBytes 446992384
BootAutoChkTime 0
BootSm... Read more

A:Event viewer reports errors and critical events on boot and shutdown

the system specs in case t hey are useful at all:

DELL vostro 400
Intel core 2 Duo E6750 @ 2.66 ghz

i tried to edit the previous post and there was a time limit, sorry for bumping this

Read other 1 answers

Can anyone explain why the event viewers reported time for a sleep wake event is different to the event. e.g. in the attached I woke the PC at around 7 this a.m. but I also put it back to sleep at midday and it woke it again around 3; it seems (maybe coincidence) to be reporting the prior event?


Read other answers

Continuously during use, for Standby Performance Monitoring, Boot Performance Monitoring, and Desktop Window Manager Monitoring; should I be concerned?

A:Windows Event Viewer Shows Critical, Error, and Warning Events

Read other 6 answers

Hi All , TIAWhen i go to all my suppliers websites and see the images i want , they initially appear a bit blurry...My competitors use the same suppliers and images and theirs are crystal clear..When i 'right click' to save they are obviously blurry as they started that way..Even when i find a very clear image and then try to save it , it becomes blurry or just not high res.I managed to 'right click' , 'open in new tab' an image , it was crystal clear..! Saved it and it was low quality..!!!Any ideas please would be awesome..Thankstuoser

A:YOGA 310 images not clear when saving

Hi @tuoser,
Welcome to the Community,
In regards to the issue are the photo's your trying to save in JPEG or PNG format? PNG for mat would output a higher resolution image.
Hope this helps and let us know how it goes,Jeremy

Read other 1 answers

Event Log Explorer
A tool to help Manage, Analyze and Report Windows Event Logs
For Windows NT/2000/XP/2003 operating systems​
This is a simple, "starter" guide to help use this tool. (Note this tool will only work on Windows NT/2000/XP/2003. It will not work with Windows Vista.) Download and run Event Log Explorer.

One time initialization

Click Tree->Show Tree
Click File->New Workspace
Click File->Save Workspace As (and save your workspace file anywhere you choose)
Example: To Filter / View / Export Recent Error and Warning Log Events

Open an Event Log
>> (e.g Typically, you only need look at the System Log (for System event records) and the Application Log (for Application related events)
Filter the events you want to see (for this example we filter to only see Non-Information events that occured in the last 7 days)
>> Click View->Filter.
>> Uncheck Information. Towards the bottom of the filter window, look for ?Display event for the last? enter 7 days. Click OK
Click File->Export Log to save a copy of the events for later viewing or sending to others
>> Check: Text file, All events, Event Description
>> Uncheck Export Event Data
>> Check Close dialog when done
Click Export and save as a txt file on your Desktop
Help Troubleshooting an Event

Double click an event to see the "Event Description" (which provides more detail about the event)
Click Event ID Database button for an web page a... Read more

A:"Event Log Explorer" tool helps manage/analyze/report on your Windows Event Logs

I use the subscription to EventID.net. It has been greatly helpful. I don't have this analyser but am a big believer in using the Event Viewer. I'll add a description I have written up which will help in determining the Events: This may be useful in addition to the Event Analyzer.

One thing I have not been able to do is keep the filters set with the software in the OS.

Find the Error(s)in the Event Viewer that correspond to the crash/freeze/error message/blue screen, etc.:

Description of the Event Viewer:

Unfortunately, many Windows XP users aren't aware of the Event Viewer, what it is, where it is, how it can help with a problem:
The Event Viewer has logs for everything that happens on the computer. There are three sets of logs: System, Applications and Security. By opening the first two to display the Events, you can look for Errors that correspond to the time of the problem- in your case, the crash.

There are three types of Events in the System and Apps logs:
1. Information (white circle w/blue i): this is just basic documentation of the normal working of the System or Apps.
2. Warnings (yellow triangle w/black exclamation mark) noting some problem at that moment. Warnings usually resolve on their own. If they do not, they become>>>
3. Errors (red circle w/white X- they document something that didn't work or isn't happening as it should. Each Errors has three parts: an ID#, a Source and a Description. By doing a right clic... Read more

Read other 1 answers

how can i clear a particular event in the windows 2000 system event log?

A:clear event from sys log

Maybe this will help you?
good luck

Read other 1 answers

Hi, I have Windows 7 Home premium.My question is regarding the "events log" found in Administrative tools.I can clear every log in events under "WINDOWS LOGS", however the one I cant find a way to reset or clear is the one known as "CUSTOM VIEWS" (the one that looks like a folder with a funnel on it. This folder has a drop down icon, that looks like a funnel with the name "ADMINISTRATIVE EVENTS" next to it.When I click this it shows all the warnings and errors going way back to the day I origionally installed windows 7 which was four months ago!No one has come up with an answer to my question or clearly understands which log I am refering to.How do I clear this part of the log? Nothing I do shows any clear or delete options to remove those old way out of date error messages.Is there a way to clear this part of the log and if so, how is it done?Thanks in advance!

A:Windows 7 "custom views" how to clear admin events log?

HiThe Administrative Events is a custom view and compilation of all the critical, warning, and other important events, from certain other logs in the Event Viewer. You would need to clear all of those other logs to clear the Administrative Events list.The easiest way to do this is to note the Source name of the event in the Administrative Events, expand the Applications and Service Logs\Microsoft\Windows Logs.Look for the folder with the Source name. Expand that folder, right click each of the logs under that folder and select the Clear option.Hope this helps.
Thank You for using Windows 7

Ronnie Vernon MVP

Read other 16 answers