Over 1 million tech questions and answers.

Monitoring Event Logs in Vista

Q: Monitoring Event Logs in Vista

http://tinyurl.com/gpc3c

Event Viewer in pre-Vista platforms suffers from several limitations that make it underperform as a troubleshooting tool. These limitations include a lack of support for centralized logging, inability to query across multiple logs, limited event filtering capability, and a general lack of "software intelligence" in terms of helping you understand how different events correlate with possible problems and how they can be resolved.

Windows Vista's enhanced version of Event Viewer is a big improvement in many of these areas, and while it's still not perfect (especially in the area of software intelligence) it's still a good step forward over the previous version of the tool. Let's walk through using some of these new features so you can learn how to use their capabilities for troubleshooting purposes.

RELEVANCY SCORE 200
Preferred Solution: Monitoring Event Logs in Vista

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Monitoring Event Logs in Vista

Wooohoo something I have been praying for since the Windows NT days has come true!

Read other 1 answers
RELEVANCY SCORE 64.4

Dear Team,
We are upgrading from windows 2008 to 2016 all the Domain controllers, DFS and File servers, 
We are actively monitoring the following events if triggered through OMI monitoring.
I am trying to find the equivalent events for Windows 2016 OS, the below mentioned are for windows 2008 OS.
Please let me know where I can get those or is the event IDs are same for windows 2008 & 2016?
Event ID: 58, 4657, 127
1063
14553
14534
5002
5008
5012
5014
55
2001
13552
13555
13508
2213
1058
7017
4612

Read other answers
RELEVANCY SCORE 60

I was running 3DMark06 and got a BSOD code 124. After that every time I boot Event Viewer logs Error Codes ID 3012 and 3011. Attached are screenshots of both.

I googled this and found two different threads where someone suggested to rebuild the performance counters. Both responses were basically the same, below is one. Neither of the OP's came back and said if this worked for them.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Re: LoadPerf 3011, 3012
Hi-
I had the same problem with LoadPerf and here is what I found out:
All performance counter names and explain text are maintained in string tables managed by the performance counter subsystem (Perflib).

The current contents of the performance counter string tables are corrupted and cannot be displayed. To correct the problem, rebuild the string tables.

User Action
To rebuild the string tables, on the computer that displayed the message, at the command prompt, type Lodctr /r
The contents of the string tables are automatically rebuilt.

I hope this helps
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Since this was from 2008 (XP?) and the other response was for Vista I wanted to see if the guru's at SevenForums thought that this was okay before I did this.

Here are the screenshoots of my two errors.

A:After BSOD Event Viewer Logs Event ID 3012 and 3011 every time I boot

Rebuilding the string tables as outlined in my first post fixed the problem.

Read other 1 answers
RELEVANCY SCORE 59.6

After too many unexplained problems, I decided to reinstall Windows 8.1 Pro x64, and migrate off of SBS 2011 Standard. In addition to the primary workstation that can't read any event logs, I built five Server 2012 R2 servers (Hyper-V host, Active Directory
VM, Exchange 2013 VM, SQL Server 2014 VM, and WSUS VM).

I was diagnosing why my workstation's Outlook cannot reach the local Exchange Server.   I tried to look at the event logs, and found the
Event Viewer cannot open the event log or custom view.  Verify that Event Log service is running (it is) or the query is too long (whatever that indicates).  The request is not supported (50)
Looking at the directory of the event logs folder.  It appears that most logs are empty, which is understandable since it's a rebuilt installation.  I found a small number of Applications and Services Logs and it appears nothing was logged since
six days ago on 4/4/2016.   On support forums, I found many have this exact problem on Win 7, Win 8, and Win 10.  Of the solutions posted none of them would even execute on my Win 8.1 Pro x64 machine.  I tried clearing the event logs (WEVTUTIL
CL logfilename) and am told Failed to clear log .... The request is not supported. 
It's very difficult to diagnose why Outlook 2013 cannot reach Exchange 2013, even if Outlook is installed on the Exchange server machine (just as a test).  The web-based Outlook owa, ecp, ... all work fine. ... Read more

Read other answers
RELEVANCY SCORE 58.8

Hi...
Have an issue I've been dealing with for several weeks.  I have a standalone system that certain event IDs such as 4647 and 4634 and others are not populating in the security log.  Success and failures is set in the Local Group Policy,
but they are not being logged.  Performed gpupdate after making changes, and scoured the internet for a solution.  Any ideas?  Was this an issue in the past that an MS patch corrected?  Thanks in advance for any suggestions!!

Read other answers
RELEVANCY SCORE 56

Meow 
Gentelments and ladies, i need one very small request
Can someone share super-puper guide, blog, etc about Windows Server 2016 Critical Event ID.
What to monitor and why

Something like it
https://blogs.technet.microsoft.com/datacentersecurity/2017/01/30/windows-server-2016-security-auditing/

Thank you!

Read other answers
RELEVANCY SCORE 56

Is it possible to find out within Event Viewer information when USB device was plugged in? I would like to find out exact time when USB was pugged in, of course if it is possible...

Hope I was clear

A:Event Viewer monitoring USB connection

Take a look at
USBDeview

Read other 3 answers
RELEVANCY SCORE 56

Event Log Explorer
A tool to help Manage, Analyze and Report Windows Event Logs
For Windows NT/2000/XP/2003 operating systems​
This is a simple, "starter" guide to help use this tool. (Note this tool will only work on Windows NT/2000/XP/2003. It will not work with Windows Vista.) Download and run Event Log Explorer.

One time initialization

Click Tree->Show Tree
Click File->New Workspace
Click File->Save Workspace As (and save your workspace file anywhere you choose)
Example: To Filter / View / Export Recent Error and Warning Log Events

Open an Event Log
>> (e.g Typically, you only need look at the System Log (for System event records) and the Application Log (for Application related events)
Filter the events you want to see (for this example we filter to only see Non-Information events that occured in the last 7 days)
>> Click View->Filter.
>> Uncheck Information. Towards the bottom of the filter window, look for ?Display event for the last? enter 7 days. Click OK
Click File->Export Log to save a copy of the events for later viewing or sending to others
>> Check: Text file, All events, Event Description
>> Uncheck Export Event Data
>> Check Close dialog when done
Click Export and save as a txt file on your Desktop
Help Troubleshooting an Event

Double click an event to see the "Event Description" (which provides more detail about the event)
Click Event ID Database button for an web page a... Read more

A:"Event Log Explorer" tool helps manage/analyze/report on your Windows Event Logs

I use the subscription to EventID.net. It has been greatly helpful. I don't have this analyser but am a big believer in using the Event Viewer. I'll add a description I have written up which will help in determining the Events: This may be useful in addition to the Event Analyzer.

One thing I have not been able to do is keep the filters set with the software in the OS.

Find the Error(s)in the Event Viewer that correspond to the crash/freeze/error message/blue screen, etc.:

Description of the Event Viewer:




Unfortunately, many Windows XP users aren't aware of the Event Viewer, what it is, where it is, how it can help with a problem:
The Event Viewer has logs for everything that happens on the computer. There are three sets of logs: System, Applications and Security. By opening the first two to display the Events, you can look for Errors that correspond to the time of the problem- in your case, the crash.

There are three types of Events in the System and Apps logs:
1. Information (white circle w/blue i): this is just basic documentation of the normal working of the System or Apps.
2. Warnings (yellow triangle w/black exclamation mark) noting some problem at that moment. Warnings usually resolve on their own. If they do not, they become>>>
3. Errors (red circle w/white X- they document something that didn't work or isn't happening as it should. Each Errors has three parts: an ID#, a Source and a Description. By doing a right clic... Read more

Read other 1 answers
RELEVANCY SCORE 55.6

After some recent issues, I've been looking more carefully at the event logs. My system seems more healthy than it's been in months, but one thing I've noticed is that the Windows Diagnostics-Performance log has been showing "Error" or "Critical" for Event ID 100 as far back as I've got a retained log. The latest details are below. The log labelled this "Error." This boot was a "restart" and did not generate any log entry for events 101 to 110.

Could someone suggest why the system considers this an error and whether it's worth worrying about, and, if so, what to do about it. FWIW I've already cut back on the number of startup programs.

Many thanks, -Ron

Code:
- System

- Provider
[ Name] Microsoft-Windows-Diagnostics-Performance
[ Guid] {CFC18EC0-96B1-4EBA-961B-622CAEE05B0A}



EventID 100


Version 2


Level 2


Task 4002


Opcode 34


Keywords 0x8000000000010000

- TimeCreated
[ SystemTime] 2013-03-09T21:15:26.927487000Z



EventRecordID 1799

- Correlation
[ ActivityID] {038B2A50-F800-0002-1026-19C40A1DCE01}


- Execution
[ ProcessID] 2284
[ ThreadID] 1644



Channel Microsoft-Windows-Diagnostics-Performance/Operational


Computer Ron-PC

- Security
[ UserID] S-1-5-19
- EventData

BootTsVersion 2

BootStartTime 2013-03-09T21:12:11.71... Read more

A:Boot Performance Monitoring Event 100 Errors

Welcome to Seven Forums Ron. Frankly, I think everyone has those errors. I think windows is set to consider a high end machine normal, and everything else is lower on the scale. Hqave a read here for more info

Boot Times - Monitor with Event Viewer

If your boot time is consistent, then I wouldn't be concerned.

ReBoot Time

A Guy

Read other 2 answers
RELEVANCY SCORE 55.6

Hey all-

Does anyone know of a free (or relatively inexpensive) program that can monitor event viewer logs across the network and send e-mails when it encounters an error? We have multiple servers running on our network and it would be really handy to have a program that would alert me to errors in the event viewer on these servers as opposed to my having to check the logs constantly.

Any help would be appreciated!

Thanks!
 

A:Free Event Viewer Monitoring software

How about Nagios with the NagEventLog plugin? This could be overkill if you just want to do event log monitoring. Never tried any of this stuff; let us know what you end up doing!
 

Read other 3 answers
RELEVANCY SCORE 54.8

I gave my self a time-out before writing the post so frustratrion doesn't reign. I am looking for suggestions for real-time monitoring tools to figure out what I can tweak on my various windows computers.

First, I am a visual learner, so some of the documented Micrsoft development practices in recent years are anti-thetical to my nature. For example, loosing the graphical display for disk optimization. MSFT posted an article where they indicated they dropped it because most peopled didn't understand what it meant. See? I'm not planning to rant. This just doesn't match my personality and learning style.

Second, most of the time, the issues I am trying to solve are on PC's used by the kids for homework. Microsoft office for students and such. As today, I went to one of the computers to use it to search for something. Performance was horrible. I rebooted. Then I started deleting the most recently installed games, which I'll be asked for again later this weekend, etc. Still, performance is not great. Disk frag says everything is great, but there is of course, no clue about the details there (read as: I want to rant, but I'm still good.)

So, running MMC I see a lot of events going on, some several times a second that have to do with Security logins. From some research this might or might not be normal, as Windows chatters to itself a lot. This particular PC is on a WiFi network. That's just one example. I'm not here to list them all.

Trouble is, examining hundreds of ev... Read more

A:Need suggestions for simple real-time event monitoring.

I'm not sure whether this what you are after, but check out the Windows Sysinternals Suite, which you can download here.

Sysinternals Suite

It's part of the Microsoft Technet site and provides utilities to troubleshoot and monitor a Windows system.

Read other 1 answers
RELEVANCY SCORE 51.6

Hi
Attached is two event log files, one is the system events "EVENT LOG.csv, the other is application events "APPLICATION LOG.csv.
Can you please tell me what happend, or what could have happend to this pc on the 7 October 2008 at 7 in the morning. The time and date reset after that, or it was changed by someone and i need to find out if it was the pc or someone.
thank you
 

Read other answers
RELEVANCY SCORE 51.6

Is there any way to clear all windows 8 event logs..

A:Event logs

Event Viewer One Click Clear - Windows 7 Forums
This was for windows 7 but is still working for windows 8.I'm using it.Just run it as administrator

Read other 2 answers
RELEVANCY SCORE 51.6

Been snooping through event logs because my pc randomly freezes.I have the asus striker II extreme moboIntel Core2 Quad Q9400 Well Im getting stupid kernel errors. I want them fixed. Running windows 7 Ultimate with all updates.Log Name: SystemSource: Microsoft-Windows-Kernel-Processor-PowerDate: 9/23/2010 10:50:48 PMEvent ID: 35Task Category: (2)Level: ErrorKeywords: User: SYSTEMComputer: Vaine-PCDescription:Performance power management features on processor 0 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Kernel-Processor-Power" Guid="{0F67E49F-FE51-4E9F-B490-6F2948CC6027}" /> <EventID>35</EventID> <Version>0</Version> <Level>2</Level> <Task>2</Task> <Opcode>0</Opcode> <Keywords>0x8000000000000000</Keywords> <TimeCreated SystemTime="2010-09-24T02:50:48.657200000Z" /> <EventRecordID>38790</EventRecordID> <Correlation /> <Execution ProcessID="4" ThreadID="60" /> <Channel>System</Channel> <Computer>Vaine-PC</Computer> <Security UserID="S-1-5-18" /> </System> <EventData> ... Read more

A:Event Logs

Disable Speedstep, and see if the issues go away. If it does, then you need to update your chipset drivers or keep speedstep disabled.

Read other 13 answers
RELEVANCY SCORE 51.2

Hi everyone. I was just wondering if there was any real purpose in cleaning up the event/security logs ?
The actual size they take up seems minimal and I'm pretty sure mine are set to overwrite themselves when they are full.
So I guess my question is - to clean or not to clean ? pro's/con's
Thanks.

A:Event Logs - clean up or not ?

IMHO, no.

Read other 9 answers
RELEVANCY SCORE 51.2

hi all,
i need to print out security logs of windows 2000 servers on a daily basis.
does anyone knows how to automate this?

Thanks
 

A:printing event logs

Why not create a batch file using the Print command
then include the batch file as a scheduled task

Print [/D:device] [[drive:][path]filename[...]]

/D:device specifies the print device
 

Read other 2 answers
RELEVANCY SCORE 51.2

Hi guys
For the last 4 weeks i get the following 4 errors at boot in the event viewer never get anything else just these.Can anyone translate the squiggles for me and tell me if there is anything to be worried about or not
Thankyou

A:Event viewer logs

Look in the text document you attached cuz i've put them by Event ID (written in the text document):
Event ID: 40968
Discription:
The Security System has received an authentication request that could not be decoded. The request has failed.

Problem with your system.
----------------------------------------------------------------------------------------------
Event ID: 1060
Description:
\??\C:\Windows\SysWow64\drivers\mdvrmng.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

it's either replaced by a recently installed software or infected by a virus.
----------------------------------------------------------------------------------------------
Event ID: 7000
Description:
The Mobile IP Route Manager service failed to start due to the following error:
This driver has been blocked from loading

Again it's either a virus blocking it from running or the driver got messed up.
----------------------------------------------------------------------------------------------
Fixing:
1- Event ID: 40968
Since it has the Level: Warning then I think you better try System Restore Point, if still does the same problem, run a full system scan for viruses and if you find viruses in C:\WINDOWS, then you should Format / Reinstall Windows cuz if viruses can't be fixed they will be autmoticly quarentined and leads to lose of files for windows.

2- Event ID: 1060
Since it's in the windows Fold... Read more

Read other 1 answers
RELEVANCY SCORE 51.2

I have events from Anonymous log ons. What are those? In the security log!

For example: NT AUTHORITY\ANONYMOUS LOGON
Successful Network Logon:
User Name:
Domain:
Logon ID: (0x0,0x10FF3)
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name:
Logon GUID: -
This is the only on in almost a month!

Thank you lots!!

A:Event Viewer logs

Probably nothing to be concerned about, those are typical entries on my system.Comments from http://www.dslreports.com/forum/remark,655...ty,1~mode=flat:"A successful user logon is always listed as an event ID 528 and then you'll see a type which can be anything from 2 to 7. If it's not 528, then it's not an actual user and it's not necessarily successful.Event ID 538 is a successful logoff and not necessarily by an actual user.Event ID 540 is a successful "network" logon as in mapping a network drive. Your computer keeps checking for Network connections or shared folders, etc... on a regular basis to make sure you are connected."LouisWhat Is Anonymous Logon?

Read other 1 answers
RELEVANCY SCORE 51.2

Hi, I have a huge problem with my power supply and video cards. I have tried to include the event log files. I just started having trouble last week, but I can see by the logs that are in the Thousands. I have Reformatted my Hard Drive, Once already. I dont know where to start, or if I should Reformat it again. I am not the best with computers, and I am sure that I have Downloaded some Crap and I am Paying for it now. I have just tried to upload my Event Logs, but it says the file is Too Large. Any Help is Greatly Appreciated. Thx

A:Event Logs in the Thousands

Firstly welcome.
Now, a description of the fault/s and any error code that may have been displayed would be a good place to start.

Read other 3 answers
RELEVANCY SCORE 51.2

Hi guys
i dont really look into my event logs because usually, i dont have the need too.

i randomly decided to look into my event log (while doing some maintenance on my setup)
and found some strange events.

two distinct event logs which are somewhat related.

Problem 1. I can cause the following event by removing my iPod from my pc via iTunes (remove virtually not physically)

Following events have
Log name: Microsoft-Windows-WMI-Activity/Operational
Event ID: 5858
Level: Error

Event 1:
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = SHADY-PC; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2992; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\wmi : select * from WDMClassesOfDriver where ClassName = "MSStorageDriver_ClassErrorLogEntry"; ResultCode = 0x80041032; PossibleCause = Unknown

Event 2:
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = SHADY-PC; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2992; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\wmi : select * from WDMClassesOfDriver where ClassName = "MSStorageDriver_ClassErrorLog"; ResultCode = 0x80041032; PossibleCause = Unknown

Event 3:
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = SHADY-PC; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2992; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\wmi : select * from WMIBinaryMofResource where Name = "IDE\\DiskOCZ-VE... Read more

A:Strange event logs

anyone?

these errors only occur when removing a USB device.

Read other 9 answers
RELEVANCY SCORE 51.2

Win XP: in Event Viewer there are a bunch of event logs. Is it 'safe' to delete all these logs? of course, some of them have 'red' warnings and some 'yellow'....but my pc is working just fine now. Thanks for any advice.
 

A:Event Viewer logs

It's just a log file. If you want to clear it, it'll just clear all previous events and start from scratch. It wont cause you problems.
 

Read other 1 answers
RELEVANCY SCORE 51.2

Is any way to join several event logs in one?

A:Join Event logs

If you are talking about Windows Logs, actually there is a way. When you open Event Viewer, you will see a 'Custom Views' group in the left sidebar. By right clicking on it you get a menu from which you can select 'Create Custom View'. That opens a new window, where you have to check the first radio button that says "by log" (it is checked by default but make sure), and on its right side there is a dropdown menu from which you can pick logs that you want. After clicking OK and naming your custom view, you will have a list of all the events from all the logs you selected.

Read other 1 answers
RELEVANCY SCORE 51.2

http://www.microsoft.com/technet/scr....mspx?mfr=true

Microsoft Corporation

You can list the contents of an event log, sort by source, group by message type and more. To get the a whole log use the following command: get-eventlog [log name] get-eventlog Application

If you wish to sort the records by source use this command: get-eventlog Application | sort Source You can also group the records by Source, it can take a while depending on the number of records, but it is handy! Just run:
get-eventlog Application | group Message

Now event logs can get quite large and hold thousands and thousands of records. You can use the -Newest ### switch to retrieve a set number of the latest events recorded And, of course, these can all be combined to get exactly what you are looking for.
get-eventlog Application -newest 100 | sort source

Read other answers
RELEVANCY SCORE 50.4

Is it possible to prevent JRT from clearing the event logs?
 
What is the reason behind this feature?  Event Logs are often crucial for diagnosing Windows issues.  I'm not aware of any reason that the event logs should be cleared to help with junkware removal.  Please help me understand the reason for this feature, and if possible, provide away to disable it.
 
Thanks!

A:Is it possible to prevent JRT from clearing Event Logs?

JRT's disclaimer clearly states: "This software is provided "as is" without warranty of any kind. You may use this software at your own risk."However, you can ask a question (leave a comment/suggestion) on Thisisu's JRT Blog.

Read other 12 answers
RELEVANCY SCORE 50.4

Hi,

We are reading the event log information in our application from using query in windows management service and Java script. The required event log is based on the current system time that we send through the query to fetch the details. We face a problem while fetching a event log of Windows xp and Windows-7 as the actual time the error message logs differs from the system time. Also the time difference is not same in all the machines of same configuration.

Example : Conider an error is logged in windows event log at 05.00 AM but the time logged as 02.00 AM (which can also 07.00 AM or any difference of time) in the event log. Now I was unable to decide the exact time of an error log.

We made a workaround in Windows-7 by fetching it using Record ID which is increasing for every event log but the same does not work in Windows-XP as the record id is not increasing and does not look to have a standard format.

Kindly provide us some solution to fetch the error log information of the particular time.

Thanks,
Deva Veluchamy.

Read other answers
RELEVANCY SCORE 50.4

Hello:

Anyone knows if the following steps apply to Windows XP as well?

"How to Change the Default Event Viewer Log File Location"

http://support.microsoft.com/kb/216169

Thanks

Read other answers
RELEVANCY SCORE 50.4

By mistake, I have executed a wrong command (SL /e:false to disable all event logging instead of clearing it. Got it from another website ).

Now I would like to reset all my event logs to default.
Has someone an idea, how I could apply the steps from this article:
Reset an event log to default settings: Management Services (which is for Windows Server only!)
to my Windows 10 machine?

A:I would like to reset all my event logs to default

Originally Posted by WTenNewbie


By mistake, I have executed a wrong command (SL /e:false to disable all event logging instead of clearing it. Got it from another website ).

Now I would like to reset all my event logs to default.
Has someone an idea, how I could apply the steps from this article:
Reset an event log to default settings: Management Services (which is for Windows Server only!)
to my Windows 10 machine?



WTenNewbie... what was the exact command you entered, the full command?

Read other 2 answers
RELEVANCY SCORE 50.4

How can you clear the event logs without an event being created stating that the logs were cleared in Powershell? The "clear-eventlog" command does clear the events, however it leaves behind an event that states that the logs were cleared.
Anyway to get around this and totally clear the logs?
Thanks,

Read other answers
RELEVANCY SCORE 50.4

I have read that I need to be checking firewall logs every day (ZDNet suggested this), and I know where to find the info. What I do not understand is how to interpret what I see. Is there a place to post here to have someone look at it, or can someone recommend other web sites that might be able to help? I have some concerns since I am seeing a lot of dropped packets.

Same question re event viewer. I see 'warnings' and dhcp and 1,000 events, but I don't know what that means, or whether I should be concerned, or take action in some way. Again, is that info something that can be looked at here, or where do I learn more about how to interpet the data?

Any suggestions/recommendations would be greatly appreciated.

A:Event Viewer and Firewall Logs

I have read that I need to be checking firewall logs every day (ZDNet suggested this),Hi Anonix -Unless you are having problems I see no reason to do this. Your Antivirus will keep a check on any problems usually.http://www.malwarebytes.org/ - or - http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREEIf you think you have problems then run Malwarebytes or SUPERAntiSpyware programs.(Both free)If there is a serious problem please post in the Malware removal area of this forum -Thank You -

Read other 4 answers
RELEVANCY SCORE 50.4

Hello,
I was told that internet explorer logs are located in Event viewer > windows logs > application. After looking through that tree, I was unable to find any IE logs. How would I filter the view to only get IE; also, what would the source of IE be? Fixing
IE is a pain.

Edit: this is for Windows 10 1709.

Read other answers
RELEVANCY SCORE 50.4

Hello Support,
I'm investigating a case where a log entry has been found when exporting that event file(opened in eventviewer) to text file but its not found when searching in Event Viewer.
I've done multiple searches and its not seen in event viewer but can be seen once i export the same event into text files.
Please suggest some solutions asap.

Thanks in advance.

Read other answers
RELEVANCY SCORE 50.4

Hi guys ,
I'm seeking help to troubleshoot my PC at times running slowly with CPU usage reeching 100%.
I'm on win2000 SP4
P4 HT 2.8
1 GB ram
5 hdd ( 40GB ata , 80GB SATA ,160GB SATA , 200GB SATA , 500 GB SATA )
I saw at event viewer these logs
Event ID - 51 - An error was detected on device \Device\Harddisk2\DR2 during a paging operation
Event ID - 51 - An error was detected on device \Device\Harddisk3\DR3 during a paging operation.
I had run chkdsk with the /F /R commands , also defrag the disks , cheched for virus , adware , spyware , trojans , checked the connections at the motherboard , repair the windows instalation but the problem insists and drives me crazy for weeks now
Any help please ?
 

Read other answers
RELEVANCY SCORE 50.4

Before I post my BSOD thread, what I'd like to is see where it is in event viewer, I can't find it. It happened at 11:45 yesterday (it's 12:57AM here now) the computer was off for about an hour, but the last event it shows under system is 11:06 and it's just an information event.

A:BSOD not showing in event logs, why?

There may not be a event logged depending on the type/cause of the bsod.

Read other 1 answers
RELEVANCY SCORE 50.4

I have been encountering slow shutdown times on my desktop recently. I looked in the event logs to try and find some clue but they were not that helpful to the less than technically minded

1: EVENT_TCPIP_TCP_CONNECT_LIMIT_REACHED
I had a lot of the above that were listed both as information and warning

2: also W32time came up several time as both info and warning

3: NetBT came up several times - with
"the name MSHOME could not be registered on the interface with IP address xxx, the machine with the ip address yyy did not allow the name to be claimed by this machine.

The only hardware I have installed recently is a Belkin wireless card (whose problems I have posted elsewhere ) This may have something to do with it but I am not sure. Briefly my setup is a wireless laptop (no problems) and a wired desktop (which has been re-configured to run on wireless)

I am running Windows XP pro with SP2 on an AMD system with 2 gigs ram

I have run several virus checks and I run spybot regularly, I have a belkin router to connect through to my blueyonder broadband.

Any advice?
 

A:XP very slow shutdown - event logs

Read other 13 answers
RELEVANCY SCORE 50.4

Hello,
I am doing proof of concept testing and I am running into a lot of scenarios where EMET blocks an exploit attempts but does not generate a log or notification. For example CVE-2015-5119. I can compromise a vulnerable test machine no problem. When I apply
EMET to IE the exploit is stopped (application crashes) but I get no event. I have been unable to generate an EMET event for IE (flash plugin) or Java so far this way. The only way that I get an EMET notification is for when I have it protecting another application
like notepad or audioconverter. I have also tried CVE-2012-4969 and CVE-2011-3544 which is a java exploit and EMET mitigates it but not message or Event log. The vulnerable system running EMET is Windows 7 SP1 with IE 8. I have tried both EMET 5.2 and
5.5. Any thoughts?

Thanks!

Read other answers
RELEVANCY SCORE 50.4

I'm curious if there are any windows events, either system or application, that would tell me the Time Zone the system is in. If I get event logs (*.evtx) from windows 7 system from customer, how would I find out TimeZone.
Thanks,
MDExch

Read other answers
RELEVANCY SCORE 50.4

Is it possible to examine the event logs (*.evt) of Win NT/2000 on a windows 95/98 pc? If so, how?
 

Read other answers
RELEVANCY SCORE 50.4

Hi all,

i tried loading the eventvwr.msc file from system32 folder directly as well as from the administrator tools, but i get:

"event log service is unavailable. verify that the service is running."

so i try to start the event log service, from the services.msc program;
whenever i try to start windows event log from services i get the message:

"Windows could not start the windows event log service on local computer.
Error 3: The system cannot find the path specified."

how can i specify the path?
or
how can i resolve the problem?

any help would be appreciated please---thanks

A:Unable to start event viewer/event log service on vista

By the way the OS is a Vista Home Prem without SP1. and i have searched this problem extensively, finding no solutions.

If anyone has any advice it would be greatly appreciated.

Read other 19 answers
RELEVANCY SCORE 50.4

System event not recording anything. It is empty, says "date is invalid(13)".

I have some flaky things going on like unexplained CPU spikes causing slowdowns and mouse drag. Also have video problems screen going blank then recovery.

I have reloaded video drivers to no avail. No system lockups or BSODs. I need to see system event log to debug. Other event logs OK. I am proficient on PC and have searched for event log problem. The Event Log service is running. Thanks.

hp pavilion dv9000
OS Name Microsoft® Windows Vista™ Home Premium
Version 6.0.6001 Service Pack 1 Build 6001
Processor Intel(R) Core(TM)2 Duo CPU T7100 @ 1.80GHz, 1801 Mhz, 2 Core(s), 2 Logical Processor(s)
BIOS Version/Date Hewlett-Packard F.23, 10/3/2007
SMBIOS Version 2.4
Installed Physical Memory (RAM) 2.00 GB
Adapter Type GeForce 8400M GS, NVIDIA compatible
Adapter Description NVIDIA GeForce 8400M GS
Adapter RAM 128.00 MB (134,217,728 bytes)
 

A:Solved: Vista, Event Viewer - system event log not recording

Did you check the - %SystemRoot%\System32\Winevt\Logs\System.evtx file? It may be corrupted and you may want to rename it to .old and let it recreate itself.
 

Read other 2 answers
RELEVANCY SCORE 50

Which event logs can one check to identify hardware errors or general hardware health for the disk (SSD), battery, or memory? Are there additional health checks that can be collected through PowerShell/WMI? I know Win32_battery has for example an attribute
for ExpectedBatteryLife although  I don't see it populated. Also the below blog shows how to query disk health through WMI.
http://blogs.msdn.com/b/san/archive/2011/08/11/have-you-ever-wanted-to-know-if-your-disk-is-going-to-fail-before-it-does.aspx

Read other answers
RELEVANCY SCORE 50

First off let me say sorry for my grammar.
so my problem is a person from microsoft called my home and said was i aware that my pc had a security threat and then proceeded to tell me to go too my event viewer and showed me 49 thousand plus system events with tons of errors and there was alot errors in the application logs. also he showed me something about hkkeys missing or something like that.

From what i can tell from the dates this might of started when i went from xp to windows 7 which i'm not sure i did right now what i did was got home with the windows 7 and put the 64 bit disk in and installed it then that was somewhat ok but i was having issues with it and older programs so i decided to install the 32 bit version instead and everything seems to be working fine untill i get this call.

He eventually explained that i needed microsoft security essentials for windows 7 for the registered oem number and said it would cost $450 from the store or $229 online which wouldn't that all come with the new windows 7 cd and he said even if i reformatted i would still continue to have this issue how can that be i don't know. so any advice would be greatly appreciated and if you need more info let me know.
 

A:Solved: event viewer logs errors

Sounds like a scam to me - is your computer running ok, and do you have any anti virus software installed? Microsoft does not monitor your computer like that and call you proactively.
 

Read other 3 answers
RELEVANCY SCORE 50

Hi,

I'm looking for a low cost product to centralize viewing, collection and archiving of Windows Event Logs and Syslog messages from my firewall. I know of Event Manager from GFI, but they are too expensive - their WorkStation-only product costs less, but it doesn't handle systog data, only their server product does, and the server edition costs $220 for 9 nodes. I only want something for home use, with 4 nodes. Any ideas?
 

Read other answers
RELEVANCY SCORE 50

If you have a lot of entries in the event logs, depending on your system, it can take a bit to open the logs.  Here is a way to clear all the 4 main event logs quickly.
Open a text editor (e.g. notepad), and copy the following into it.
 

@cls
@echo on
wevtutil.exe cl Application
wevtutil.exe cl Security
wevtutil.exe cl Setup
wevtutil.exe cl System
@echo off
pause
Save it as "clear_logs.bat" (no quotes).  Now, just double click on the file, and all 4 main logs will be cleared.  It will not work on Windows XP.
 
This will work on Windows 8.1 for sure.  It should work on Windows 8, 7, maybe Vista.
Have a great day!

 

Read other answers
RELEVANCY SCORE 50

Windows 2003/2008 server event logs automation question.
Okay, I need help! This is my first post, and if I get an answer that resolves it, I swear that I will donate to the site! (okay, I will anyway, but what other motivation could I offer?)
Problem: I need to collect the system,application and security event logs
from multiple servers that I am testing often. Manually saving the logs and
resetting them is a chore for dozens of systems, each time i run a test.
What I would like is a VBS script that I could call from a shortcut on the
desktop, which points to a COLLECT.VBS script located on a mapped drive. This
would be to allow me to use 1 script on all systems. I could log in and run
it quickly or set it up on the scheduler to run daily.
The code below does the capture and clear of the logs, but i have had to edit one per server. I also have to create a different name or location each time to allow multiple captures to exist together and not overwrite each other.
So, here are the features that I would like some help with how to code a solution to my problem:
1. vbs script called from a desktop icon or tripped off by a daily scheduled
job.
2. must copy then clear the system,security and application logs (code below
does do that, btw)
3. Pickup the system name and date stamp so as to write them on the x:
drive in a location that lets you easily see what they came from and where
they are.
Example- when I click on this from SYSTEM A, it creates the 3 logs they look... Read more

Read other answers
RELEVANCY SCORE 50

I have W7 SP1 - 64 bit, MSE, Windows firewall

using a pendrive dongle, I use Reliance Netconnet+ having a claimed speed of 3.1 Mbps. I never achieved that speed in 3-4 years, but that good enough never to face any bottleneck really. But, for last one month, net is crawling slower than a snail somehow. I get 5-10-20 Kbps speeds mostly, on some servers it reaches 40-50-60, hardly ever go above that.

There are also a lot of messages in event logs. dns failure, server not responding, dhcpv6_client.

ISP has confirmed that they are not giving ipv6 access.

IPConfig /all used to come with
--
Windows IP Configuration

Host Name . . . . . . . . . . . . : ilLUSion64-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

PPP adapter Reliance:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Reliance
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 115.242.0.39(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 0.0.0.0
DNS Servers . . . . . . . . . . . : 220.226.100.40
220.226.6.104
NetBIOS over Tcpip. . . . . . . . : Disabled

Then there were the following with "Media disconnected"
Tunnel adapter isatap.{3637C87A-F939-4D2F-88F8-49CE0147BDFC}:
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Tun... Read more

Read other answers