Over 1 million tech questions and answers.

Suspicious Event Logs in Eventvwr. Something to be concerned about?

Q: Suspicious Event Logs in Eventvwr. Something to be concerned about?

Following is the Eventvwr event log, which occurs multiple times per day, quite frequently. The Account name has been changed.
 
The PID indicates Local Security Authority Process with sub-services of CNG Key Isolation, Encrypting File System (ESF) and Security Accounts Manager.
 
--------------------------------------------------------------------------------------
 
An account was successfully logged on.
 
Subject:
Security ID: SYSTEM
Account Name: PCNAME$
Account Domain: WORKGROUP
Logon ID: 0x3E7
 
Logon Information:
Logon Type: 5
Restricted Admin Mode: -
Virtual Account: No
Elevated Token: Yes
 
Impersonation Level: Impersonation
 
New Logon:
Security ID: SYSTEM
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3E7
Linked Logon ID: 0x0
Network Account Name: -
Network Account Domain: -
Logon GUID: {00000000-0000-0000-0000-000000000000}
 
Process Information:
Process ID: 0x2d8
Process Name: C:\Windows\System32\services.exe
 
Network Information:
Workstation Name:
Source Network Address: -
Source Port: -
 
Detailed Authentication Information:
Logon Process: Advapi  
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
 
This event is generated when a logon session is created. It is generated on the computer that was accessed.
 
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
 
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
 
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
 
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
 
The impersonation level field indicates the extent to which a process in the logon session can impersonate.
 
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
 
-------------------------------------------------------------------------------------------------------
 
 It's always Advapi.exe.
 
Is this normal behavior or something to be concerned about? My knowledge of Eventvwr is limited.
 
Is there some way I could confirm the cause of these logs?
 
Much appreciated and regards.

RELEVANCY SCORE 200
Preferred Solution: Suspicious Event Logs in Eventvwr. Something to be concerned about?

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Suspicious Event Logs in Eventvwr. Something to be concerned about?

I suggest you post here

Read other 1 answers
RELEVANCY SCORE 158.4

Following is the Eventvwr event log, which occurs multiple times per day, quite frequently. The Account name has been changed.
 
The PID indicates Local Security Authority Process with sub-services of CNG Key Isolation, Encrypting File System (ESF) and Security Accounts Manager.
 
--------------------------------------------------------------------------------------
 
An account was successfully logged on.
 
Subject:
Security ID: SYSTEM
Account Name: PCNAME$
Account Domain: WORKGROUP
Logon ID: 0x3E7
 
Logon Information:
Logon Type: 5
Restricted Admin Mode: -
Virtual Account: No
Elevated Token: Yes
 
Impersonation Level: Impersonation
 
New Logon:
Security ID: SYSTEM
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3E7
Linked Logon ID: 0x0
Network Account Name: -
Network Account Domain: -
Logon GUID: {00000000-0000-0000-0000-000000000000}
 
Process Information:
Process ID: 0x2d8
Process Name: C:\Windows\System32\services.exe
 
Network Information:
Workstation Name:
Source Network Address: -
Source Port: -
 
Detailed Authentication Information:
Logon Process: Advapi  
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
 
This event is generated when a logon session is created. It is generated on the comp... Read more

A:Suspicious Event Logs in Eventvwr. Something to be concerned about?

Didier Stevens answered your query in your other thread.
 
http://www.bleepingcomputer.com/forums/t/615907/suspicious-event-logs-in-eventvwr-something-to-be-concerned-about/

Read other 0 answers
RELEVANCY SCORE 67.6

I have already posted this in the General Discussion section but I saw there's a different thread for BSOD's so i'm posting it here again with the logs. Sorry about that. c:
Hi,
First, let me tell you this issue has not been going on since a few days or just a week, but is occurring for about 3 months now.

So here's the issue, I mostly play League of Legends and mostly the first 10-15 minutes of the game go fine or just have 1-2 freezes for 2/3 seconds but as the game persists, the game starts freezing more and more and there comes a point when the background music(league has this background music tune while playing)just goes away and all I can hear is the sound of abilities. This is the point when I know my PC is going to freeze because after the sound goes away, in just 1-2 minutes the game freezes. Sometimes the freeze is for 45-60 seconds and then it comes back but after another 15 seconds the whole computer freezes again and this time it doesn't come back and the last sound which I heard keeps looping again and again.
I have completely reset my windows THRICE, used another copy of Windows 8.1 from my friend but there is no luck in them for me.
Currently, I have nothing on my system except League of Legends, TeamSpeak 3 and Garena.
Also, when my computer freezes, I've seen the event viewer for logs at that time and I noticed that my Event Viewer has like 8000 overall logs which made me a bit worried.

I am also sure of the fact that my PC can handle League a... Read more

A:BSOD while gaming accompanied by freezes and tons of eventvwr logs

Bump.

Read other 2 answers
RELEVANCY SCORE 65.6

Yesterday I noticed that AVG, ZoneAlarm and Windows Defender were all turned on. I turned them back on and AVG gave me an error saying that "VDB check has failed". When I tried to fix it nothing would happen. To be safe, I ran a scan with AVG and Malwarebytes and they found nothing, so I kind of shrugged it off, hoping that AVG would fix itself the next time I restarted. When I came back on today I noticed that all three programs were turned off again, and AVG was still having the same problem. I turned them back on, but I'm a bit concerned as this activity is really suspicious.

Hijack this log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:31:35 PM, on 5/17/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Clownfish\Clownfish.exe
C:\Program Files (x86)\Blackboard\Blackboard IM\blackboardim.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Users\Kyle\Documents\my games\hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\... Read more

A:Suspicious things, feeling a little concerned.

Uninstall AVG and ZoneAlarm, then install Microsoft Security Essentials 4.0.1526.0 and stick with the built-in Windows 7 firewall.

If you uninstall AVG, download and save and then run AVG Remover(64bit) 2012 afterwards so it can find and remove all the leftover "debris" from the uninstall.

----------------------------------------------------------------
 

Read other 3 answers
RELEVANCY SCORE 61.6

So I've been through multiple scans and such but am still paranoid of my computers security and as such id appreciate it if you could go over these hijack this logs and let me know if anythings is abnormal. I am mainly concerned that i may i have a kelogger and have done all thorough scans to determine wether or not this is the case, all came up clean but i am still paranoid so this is the last bastion of hope for me!I did this test first and for some reason it was different from the second test I am about to show you below this one. For exmaple, it said AVG Tray wasnt open when it was open the whole time (minimized in my taskbar) but as you can see in the log I posted above it says it was open. Also this first log says it was 5429 bytes and the second one was 8377 bytes? Anyway here are the two logs.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 12:15:56 PM, on 26/07/2010Platform: Windows 7 (WinNT 6.00.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16385)Boot mode: NormalRunning processes:C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exeC:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exeC:\Program Files\Logitech\Logitech WebCam Software\LWS.exeC:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\Windows Media Player... Read more

A:HijackThis logs - concerned about pc security, please help

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.1.Please do not run any other tool untill instructed to do so!2.Please reply to this thread, do not start another!3.Please tell me about any problems that have occurred during the fix.4.Please tell me of any other symptoms you may be having as these can help also.5.Please try as much as possible not to run anything while executing a fix.If you follow these instructions, everything should go smoothly.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Vista and Win 7 Users please Right Click and run as Admin all programs that I ask you to run: Malwarebytes' Anti-Malware :Please download Malwarebytes' Anti-Malware to your desktop.Double-click mbam-setup.exe and follow the prompts to install the program.At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select Perform quick scan, then click Scan.When the scan is complete, click OK, then Show Results to view the results.Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.W... Read more

Read other 26 answers
RELEVANCY SCORE 60

I was running 3DMark06 and got a BSOD code 124. After that every time I boot Event Viewer logs Error Codes ID 3012 and 3011. Attached are screenshots of both.

I googled this and found two different threads where someone suggested to rebuild the performance counters. Both responses were basically the same, below is one. Neither of the OP's came back and said if this worked for them.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Re: LoadPerf 3011, 3012
Hi-
I had the same problem with LoadPerf and here is what I found out:
All performance counter names and explain text are maintained in string tables managed by the performance counter subsystem (Perflib).

The current contents of the performance counter string tables are corrupted and cannot be displayed. To correct the problem, rebuild the string tables.

User Action
To rebuild the string tables, on the computer that displayed the message, at the command prompt, type Lodctr /r
The contents of the string tables are automatically rebuilt.

I hope this helps
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Since this was from 2008 (XP?) and the other response was for Vista I wanted to see if the guru's at SevenForums thought that this was okay before I did this.

Here are the screenshoots of my two errors.

A:After BSOD Event Viewer Logs Event ID 3012 and 3011 every time I boot

Rebuilding the string tables as outlined in my first post fixed the problem.

Read other 1 answers
RELEVANCY SCORE 59.6

I am not sure what to make of something that happened online a couple of weeks ago. A user of a forum (which I used an anonymous pseudonym for) and posted no real information about myself on other than the state that I grew up in and the state that I live in now "guessed" my first name correctly. In a comment that the user posted, they addressed me by first name. Not the last, just the first. I do have a common name. However, this strikes me as quite odd. As I said, I provided little to no information on the forum. What do you think could be going on here? Could this user of the forum have somehow been able to connect this anonymous pseudonym, which I only used for this site and is not similar to other usernames I have had. And the only information about myself that I mentioned was the state that I live in and the state that I grew up in. No information about my occupation, age, or anything of the sort.

Just the state I live in, the state I grew up in, a a couple comments about some technical subjects I have knowledge on (publicly available information that anyone could research either out of sufficient interest as a hobby or for their occupation), and a story about a friend's UFO sighting which I had posted about on another anonymous account many years ago. This account was actually my first name, but when I typed the more recent comment into Google nothing from this forum or that earlier post came up. Could someone really have figured out my name based on su... Read more

Read other answers
RELEVANCY SCORE 59.6

After too many unexplained problems, I decided to reinstall Windows 8.1 Pro x64, and migrate off of SBS 2011 Standard. In addition to the primary workstation that can't read any event logs, I built five Server 2012 R2 servers (Hyper-V host, Active Directory
VM, Exchange 2013 VM, SQL Server 2014 VM, and WSUS VM).

I was diagnosing why my workstation's Outlook cannot reach the local Exchange Server.   I tried to look at the event logs, and found the
Event Viewer cannot open the event log or custom view.  Verify that Event Log service is running (it is) or the query is too long (whatever that indicates).  The request is not supported (50)
Looking at the directory of the event logs folder.  It appears that most logs are empty, which is understandable since it's a rebuilt installation.  I found a small number of Applications and Services Logs and it appears nothing was logged since
six days ago on 4/4/2016.   On support forums, I found many have this exact problem on Win 7, Win 8, and Win 10.  Of the solutions posted none of them would even execute on my Win 8.1 Pro x64 machine.  I tried clearing the event logs (WEVTUTIL
CL logfilename) and am told Failed to clear log .... The request is not supported. 
It's very difficult to diagnose why Outlook 2013 cannot reach Exchange 2013, even if Outlook is installed on the Exchange server machine (just as a test).  The web-based Outlook owa, ecp, ... all work fine. ... Read more

Read other answers
RELEVANCY SCORE 58.8

Hi...
Have an issue I've been dealing with for several weeks.  I have a standalone system that certain event IDs such as 4647 and 4634 and others are not populating in the security log.  Success and failures is set in the Local Group Policy,
but they are not being logged.  Performed gpupdate after making changes, and scoured the internet for a solution.  Any ideas?  Was this an issue in the past that an MS patch corrected?  Thanks in advance for any suggestions!!

Read other answers
RELEVANCY SCORE 56.4

Ok, so I didn't follow through on the last thread and it seems like I was able to remove the malware with malwarebytes anti malware. I didn't get the log from the other post but I have log info from the security check and hjt not on safe mode.Security Check: Results of screen317's Security Check version 0.99.4 Windows XP Service Pack 3 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Trend Micro Internet Security ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware HijackThis 2.0.2 Java™ 6 Update 17 Java™ 6 Update 7 Out of date Java installed! Adobe Flash Player 10.0.45.2 Adobe Reader 8.1.2 Out of date Adobe Reader installed! Mozilla Firefox (3.6.3) ```````````````````````````````` Process Check: objlist.exe by Laurent Trend Micro Internet Security SfCtlCom.exe Trend Micro Internet Security TmPfw.exe Trend Micro Internet Security TmProxy.exe Trend Micro Internet Security UfSeAgnt.exe Trend Micro BM TMBMSRV.exe Trend Micro HijackThis HiJackThis.exe Trend Micro Internet Sec... Read more

A:Suspicious HJT logs

Hello and and Welcome to BleepingcomputerPlease note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have sinceresolved your issues I would appreciate if you would let me no so I can close this topic.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%systemroot%\System32\config\*.sav%systemroot%\*. /mp /s%SYSTEMDRIVE%\*.exenetsvcsmsconfigdrivers32CREATERESTOREPOINTPush the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedThanks

Read other 14 answers
RELEVANCY SCORE 56

Event Log Explorer
A tool to help Manage, Analyze and Report Windows Event Logs
For Windows NT/2000/XP/2003 operating systems​
This is a simple, "starter" guide to help use this tool. (Note this tool will only work on Windows NT/2000/XP/2003. It will not work with Windows Vista.) Download and run Event Log Explorer.

One time initialization

Click Tree->Show Tree
Click File->New Workspace
Click File->Save Workspace As (and save your workspace file anywhere you choose)
Example: To Filter / View / Export Recent Error and Warning Log Events

Open an Event Log
>> (e.g Typically, you only need look at the System Log (for System event records) and the Application Log (for Application related events)
Filter the events you want to see (for this example we filter to only see Non-Information events that occured in the last 7 days)
>> Click View->Filter.
>> Uncheck Information. Towards the bottom of the filter window, look for ?Display event for the last? enter 7 days. Click OK
Click File->Export Log to save a copy of the events for later viewing or sending to others
>> Check: Text file, All events, Event Description
>> Uncheck Export Event Data
>> Check Close dialog when done
Click Export and save as a txt file on your Desktop
Help Troubleshooting an Event

Double click an event to see the "Event Description" (which provides more detail about the event)
Click Event ID Database button for an web page a... Read more

A:"Event Log Explorer" tool helps manage/analyze/report on your Windows Event Logs

I use the subscription to EventID.net. It has been greatly helpful. I don't have this analyser but am a big believer in using the Event Viewer. I'll add a description I have written up which will help in determining the Events: This may be useful in addition to the Event Analyzer.

One thing I have not been able to do is keep the filters set with the software in the OS.

Find the Error(s)in the Event Viewer that correspond to the crash/freeze/error message/blue screen, etc.:

Description of the Event Viewer:




Unfortunately, many Windows XP users aren't aware of the Event Viewer, what it is, where it is, how it can help with a problem:
The Event Viewer has logs for everything that happens on the computer. There are three sets of logs: System, Applications and Security. By opening the first two to display the Events, you can look for Errors that correspond to the time of the problem- in your case, the crash.

There are three types of Events in the System and Apps logs:
1. Information (white circle w/blue i): this is just basic documentation of the normal working of the System or Apps.
2. Warnings (yellow triangle w/black exclamation mark) noting some problem at that moment. Warnings usually resolve on their own. If they do not, they become>>>
3. Errors (red circle w/white X- they document something that didn't work or isn't happening as it should. Each Errors has three parts: an ID#, a Source and a Description. By doing a right clic... Read more

Read other 1 answers
RELEVANCY SCORE 55.6

Hi, just now someone used teamviewer to gain access to my computer and immediately turned off my monitor. I could see my mouse move to a dialog box before my screen went black. I immediately shut off my computer and checked the teamviewer logs right after. Can someone inspect the logs for me? Any help would be appreciated. Thanks

A:Suspicious Teamviewer logs

Hi,
 
Welcome here at BleepingComputer.com. I am Black_Bird and I'll be helping you with your questions & problems.
 
About the logfiles: I don't see any special things in it, that would worry me. But on the other side you can't actually see in those logs what has been visited (through a browser) or which files have been transferred eventually.
 
Why did you allow such a connection anyway, when you don't trust the other person? It can't "just" happen, as he has to know an ID & password, which you gave him/her. Can you explain this please?
 
I also advice you to follow up all steps given in this topic: Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help. Please post all logfiles and a detailed description of all PC problems you've eventually got in your next reply.

Read other 4 answers
RELEVANCY SCORE 55.2

Okay, so I ran a DDS and GMER scan. I was told to run GMER, even though I had a a 64 bit system for Windows 7, it did not find any modications or rootkits, which meant it having an extra log. Here is the DDS text log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_29
Run by Boot at 22:08:44 on 2012-02-25
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5942.3515 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkServi... Read more

A:Logs for Suspicious Babylon Web browser add-on

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

Read other 58 answers
RELEVANCY SCORE 54.4

I'm running Norton Internet Security on two of home computers (laptop and desktop) on a wireless home network (XBox 360 and Blu-Ray share wireless connection). I've been noticing that is is taking longer and longer to log into windows and open any application. So I ran Norton AV and it came back clean except for a few cookies which it deleted. However upon inspection of the recent activity on my machines it appears my competers are infected or someone has hacked into or out of my firewall (hopefully not both). When I called Norton they said to run their Power Eraser, but once again nothing came up. I exported the recent history logs to .txt files if you need me to attach those.

I then decided to run Spybot and it discovered both machines were infected with "WISHBONE". Spybot was able to clean it off both machines and is now coming back clean, but my logs still have suspicious activity. I just downloaded and ran Malwarebytes, but once again it found nothing. I also ran TDSSKiller and it came back with no problems found as well. So what is the next step to find out if I actually have a problem with one of my machines or my firewall security?

Here is the Malwarebytes log file:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5947

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

3/3/2011 5:58:02 PM
mbam-log-2011-03-03 (17-58-02).txt

Scan type: Full scan (C:\|H:\|)
Objects scanned: 299416
Time elapsed: 38 m... Read more

A:Suspicious Norton Internet Security Logs - HELP

Hello, go into your Control Panel and see if there's a Wishbone Tool bar/ If so temove it.Now do an online scan please.Please perform a scan with Eset Online Antiivirus Scanner.This scan requires Internet Explorer,Opera or Firefox to work. Vista/Windows 7 users need to run Internet Explorer as Administrator.To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.Click the green button.Read the End User License Agreement and check the box: Check .Click the button.Accept any security warnings from your browser.Check Check Remove found threats and Scan potentially unwanted applications. (If given the option, choose "Quarantine" instead of delete.)Click the Start button.ESET will then download updates for itself, install itself, and begin scanning your computer.If offered the option to get information or buy software at any point, just close the window.The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.When the scan completes, push Push , and save the file to your desktop as ESETScan.txt. Push the button, then Finish.Copy and paste the contents of ESETScan.txt in your next reply.Note: A log.txt file will also be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.If you did not save the ESETScan log, click > Run..., then type or copy and p... Read more

Read other 8 answers
RELEVANCY SCORE 54.4

hey all,been thru 3 days of pc hell. finally reinstalled windows XP sp2 and havent had the stop error messages like i was getting....here is my hijackthis log which was created today, 9/18/2006:Logfile of HijackThis v1.99.1Scan saved at 1:57:33 PM, on 09/18/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Documents and Settings\Cody.TREE\Desktop\protection fldr\HijackThis.exeO2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exeO4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run... Read more

A:Reinstalled Windowsxp Sp2 , Still Seeing Suspicious Logs In 'hijackthis'

Log is fine BUT!!!!!!!!!!!!!!!You have no active AntiVirus!Get the free AVG 7 install it, check for updates and run a full scanAVG 7 - http://free.grisoft.com/freeweb.php/doc/2/=================Get all of these and/or verify you have the current versionsSpywareBlaster 3.5.1 http://majorgeeks.com/download2859.htmlSpyBot V1.4 http://www.majorgeeks.com/download2471.html AdAware SE 1.06 http://www.majorgeeks.com/download506.html MS Windows Defender - http://www.microsoft.com/downloads/details...;displaylang=en (XP and W2K only)DownLoad them (they are free), install them, check each for their definition updates and then run AdAware, MS Defender (W2k/XP) and Spybot, fixing anything they say.In SpywareBlaster - Always enable all protection after updatesIn SpyBot - After an update run immunize Check for updates and run weekly

Read other 1 answers
RELEVANCY SCORE 53.2

Hi there,
I have dozens of logon/logoff entries in my event viewer
most of which are supposedly done by NT AUTHORITY
or NETWORK SERVICE. Running WINXP HOME SP3 IE8

5/21/2012 1:58:01 PM Security Success Audit Policy Change
858 NT AUTHORITY\SYSTEM PAS Windows Firewall group policy settings have been applied.

5/21/2012 1:57:58 PM Security Success Audit Policy Change
858 NT AUTHORITY\SYSTEM PAS Windows Firewall group policy settings have been applied.

5/21/2012 9:43:51 AM Security Success Audit Privilege Use
576 NT AUTHORITY\NETWORK SERVICE PAS "Special privileges assigned to new logon:
User Name: NETWORK SERVICE
Domain: NT AUTHORITY
Logon ID: (0x0,0x3E4)
Privileges: SeAuditPrivilege
SeAssignPrimaryTokenPrivilege
SeChangeNotifyPrivilege"

5/21/2012 9:43:51 AM Security Success Audit Logon/Logoff
528 NT AUTHORITY\NETWORK SERVICE PAS "Successful Logon:
User Name: NETWORK SERVICE
Domain: NT AUTHORITY
Logon ID: (0x0,0x3E4)
Logon Type: 5
Logon Process: Advapi
Authentication Package: Negotiate
Workstation Name:
Logon GUID: -"

5/21/2012 7:17:49 AM Security Success Audit Privilege Use
576 NT AUTHORITY\NETWORK SERVICE PAS "Special privileges assigned to new logon:
User Name: NETWORK SERVICE
Domain: NT AUTHORITY
Logon ID: (0x0,0x3E4)
Privileges: SeAuditPrivilege
SeAssignPrimaryTokenPrivilege
SeChangeNotifyPrivilege"

5/21/2012 7:17:49 AM Security Success Audit Logon/Logoff
528 NT AUTHORITY\NETWORK SERVICE PAS "Successf... Read more

A:Suspicious logon/logoff entries in event viewer

First what alerted you of these "warnings"?

Read other 13 answers
RELEVANCY SCORE 53.2

While I was reading a news article on CNET (I use the latest version of Pale Moon as my default browser) I noticed a pop up from Avira saying it had blocked access to the registry. There's no other info it provides, just that it prevented access.
 
I don't recall ever having anything like this happen before, at least not seemingly out of the blue or without manually editing the registry myself. My first thought was a drive-by download from a hijacked page but the extensions I use (uBlock Origin, uMatrix, and httpseverywhere) should theoretically prevent such things. While I can't remember exactly what other websites I may have had open I'm pretty sure I didn't visit any place unusual or out of the ordinary that I don't check most everyday without problem.
Other than that nothing out of the ordinary has happened since. I disconnected my PC from the Internet for a time anyway.
 
Things that might have caused it:
Shortly before this event happened I had created a Windows XP Home edition bootable USB using Rufus (specifically the portable edition which I ran from the desktop).
A few days earlier I had installed a few things - Microsoft .NET Framework 4.5.2, ScpToolkit, Microsoft Xbox 360 Accessories 1.2, and received an update for Pale Moon 26.2.0 (x86 en-US).
ScpToolkit might have something to do with it as I believe it has some automatic update features and the program itself deals with drivers and the registry.
 
I am using Windows 7 Ultimate 32-bit.
My anti-vir... Read more

A:Suspicious Avira event - blocked access to registry

Welcome to BC...
 
If it is the ScpUpdater that Avira is blocking and you don't need the ScpToolkit to be in the Windows Startups then
you can disable the Startup and stop the updater. CCleaner's Tools will show you what is in Windows Startups and some Scheduled Tasks.
You can disable items in those lists about clicking on them and then choosing to Disable on the right.
 
You can find the updater using the Windows Services Console, too. Type in services.msc in the Start search box and press ENTER.
 
If you need help in deciding what to Disable do this:
 
Post the three lists mentioned below using CCleaner.
Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.
At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next
post. Please do that.
 
Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you
will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.

Read other 1 answers
RELEVANCY SCORE 52.8

Hi there,
I have dozens of logon/logoff entries in my event viewer when I turn on my PC, most of which are supposedly done by NT AUTHORITY or NETWORK SERVICE. What's also weird is that I get some failed logon attempts as well. This happens every time. I should say that I do suspect someone on the same network (I am one of two clients hooked up to a router+modem that connects to the internet) of malicious activity. But I don't know if this is related. I have turned on logon/logoff auditing. The following is what I see upon waking up my PC from standby. You can see my actual logon occurring a few seconds after all the 'network services' have logged on.

4/12/2008 11:38:20 PM Security Success Audit Logon/Logoff 538 YOUR-699C5579F9\Laura YOUR-699C5579F9 "User Logoff:
User Name: Laura
Domain: YOUR-699C5579F9
Logon ID: (0x0,0x56CA957)
Logon Type: 7
"
4/12/2008 11:38:20 PM Security Success Audit Privilege Use 576 YOUR-699C5579F9\Laura YOUR-699C5579F9 "Special privileges assigned to new logon:
User Name:
Domain:
Logon ID: (0x0,0x56CA957)
Privileges: SeChangeNotifyPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege"
4/12/2008 11:38:20 PM Security Success Audit Logon/Logoff 528 YOUR-699C5579F9\Laura YOUR-699C5579F9 "Successful Logon:
User Name: Laura
Domain: YOUR-699C5579F9
Logon ID: (0x0,0x56CA957)
Logon Type: 7
Logon Process: User32
Authentication Package: Negotiate
Workstation Name: YOUR-699C5579F9
Logon GUID: {00000000-... Read more

A:Solved: Suspicious logon/logoff entries in event viewer

Read other 12 answers
RELEVANCY SCORE 52.8

My roommate has been a known hacker, and i have a constant feeling as if someone else is always able to see what i am doing on my phones and laptop.  The command prompt constantly is appearing and diapering on my screen. My mouse is continually being randomly moved around the screen and i will see it open and close boxes, but always too quickly to see exactly what is happening.  The amount of activity i see in my event viewer is astronomical, and compared to a computer that has no issues, there has got to be something going on with my laptop, Ive tried everything possible to clean my laptop and delete all programs, factory reset, clean the hard drive, but i know my roommate is a hard core hacker and very smart..please provide me with confirmation that there is in fact something happening, and if possible guide me to how i can stop this, and also possibly provide proof that i can show my roommate and hopefully he will stop, or tell me exactly what has been installed on my laptop and when.anything will help, i am tired of looking crazy when i address the matter.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-11-2016
Ran by tee (administrator) on TEE-PC (10-11-2016 04:37:50)
Running from C:\Users\tee\Downloads
Loaded Profiles: tee (Available Profiles: tee)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farb... Read more

Read other answers
RELEVANCY SCORE 52.8

Hi there,
I have dozens of logon/logoff entries in my event viewer when I turn on my PC, most of which
are supposedly done by NT AUTHORITY or NETWORK SERVICE.

5/21/2012 1:58:01 PM Security Success Audit Policy Change
858 NT AUTHORITY\SYSTEM PAS Windows Firewall group policy settings have been applied.

5/21/2012 1:57:58 PM Security Success Audit Policy Change
858 NT AUTHORITY\SYSTEM PAS Windows Firewall group policy settings have been applied.

5/21/2012 9:43:51 AM Security Success Audit Privilege Use
576 NT AUTHORITY\NETWORK SERVICE PAS "Special privileges assigned to new logon:
User Name: NETWORK SERVICE
Domain: NT AUTHORITY
Logon ID: (0x0,0x3E4)
Privileges: SeAuditPrivilege
SeAssignPrimaryTokenPrivilege
SeChangeNotifyPrivilege"

5/21/2012 9:43:51 AM Security Success Audit Logon/Logoff
528 NT AUTHORITY\NETWORK SERVICE PAS "Successful Logon:
User Name: NETWORK SERVICE
Domain: NT AUTHORITY
Logon ID: (0x0,0x3E4)
Logon Type: 5
Logon Process: Advapi
Authentication Package: Negotiate
Workstation Name:
Logon GUID: -"

5/21/2012 7:17:49 AM Security Success Audit Privilege Use
576 NT AUTHORITY\NETWORK SERVICE PAS "Special privileges assigned to new logon:
User Name: NETWORK SERVICE
Domain: NT AUTHORITY
Logon ID: (0x0,0x3E4)
Privileges: SeAuditPrivilege
SeAssignPrimaryTokenPrivilege
SeChangeNotifyPrivilege"

5/21/2012 7:17:49 AM Security Success Audit Logon/Logoff
528 NT AUTHORITY\NETWORK SERVICE PAS "Successful Logon:
User Name: NETWOR... Read more

A:Solved: Suspicious logon/logoff entries in event viewer

Read other 14 answers
RELEVANCY SCORE 52.8

My roommate has been a known hacker, and i have a constant feeling as if someone else is always able to see what i am doing on my phones and laptop.  The command prompt constantly is appearing and diapering on my screen. My mouse is continually being randomly moved around the screen and i will see it open and close boxes, but always too quickly to see exactly what is happening.  The amount of activity i see in my event viewer is astronomical, and compared to a computer that has no issues, there has got to be something going on with my laptop, Ive tried everything possible to clean my laptop and delete all programs, factory reset, clean the hard drive, but i know my roommate is a hard core hacker and very smart..please provide me with confirmation that there is in fact something happening, and if possible guide me to how i can stop this, and also possibly provide proof that i can show my roommate and hopefully he will stop, or tell me exactly what has been installed on my laptop and when.anything will help, i am tired of looking crazy when i address the matter.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-11-2016
Ran by tee (administrator) on TEE-PC (10-11-2016 04:37:50)
Running from C:\Users\tee\Downloads
Loaded Profiles: tee (Available Profiles: tee)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farb... Read more

A:suspicious logon's in event viewer, cmd is alwasy appearing and disappearing

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/631906 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 2 answers
RELEVANCY SCORE 51.6

Been snooping through event logs because my pc randomly freezes.I have the asus striker II extreme moboIntel Core2 Quad Q9400 Well Im getting stupid kernel errors. I want them fixed. Running windows 7 Ultimate with all updates.Log Name: SystemSource: Microsoft-Windows-Kernel-Processor-PowerDate: 9/23/2010 10:50:48 PMEvent ID: 35Task Category: (2)Level: ErrorKeywords: User: SYSTEMComputer: Vaine-PCDescription:Performance power management features on processor 0 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Kernel-Processor-Power" Guid="{0F67E49F-FE51-4E9F-B490-6F2948CC6027}" /> <EventID>35</EventID> <Version>0</Version> <Level>2</Level> <Task>2</Task> <Opcode>0</Opcode> <Keywords>0x8000000000000000</Keywords> <TimeCreated SystemTime="2010-09-24T02:50:48.657200000Z" /> <EventRecordID>38790</EventRecordID> <Correlation /> <Execution ProcessID="4" ThreadID="60" /> <Channel>System</Channel> <Computer>Vaine-PC</Computer> <Security UserID="S-1-5-18" /> </System> <EventData> ... Read more

A:Event Logs

Disable Speedstep, and see if the issues go away. If it does, then you need to update your chipset drivers or keep speedstep disabled.

Read other 13 answers
RELEVANCY SCORE 51.6

Is there any way to clear all windows 8 event logs..

A:Event logs

Event Viewer One Click Clear - Windows 7 Forums
This was for windows 7 but is still working for windows 8.I'm using it.Just run it as administrator

Read other 2 answers
RELEVANCY SCORE 51.6

Hi
Attached is two event log files, one is the system events "EVENT LOG.csv, the other is application events "APPLICATION LOG.csv.
Can you please tell me what happend, or what could have happend to this pc on the 7 October 2008 at 7 in the morning. The time and date reset after that, or it was changed by someone and i need to find out if it was the pc or someone.
thank you
 

Read other answers
RELEVANCY SCORE 51.2

Hi, I have a huge problem with my power supply and video cards. I have tried to include the event log files. I just started having trouble last week, but I can see by the logs that are in the Thousands. I have Reformatted my Hard Drive, Once already. I dont know where to start, or if I should Reformat it again. I am not the best with computers, and I am sure that I have Downloaded some Crap and I am Paying for it now. I have just tried to upload my Event Logs, but it says the file is Too Large. Any Help is Greatly Appreciated. Thx

A:Event Logs in the Thousands

Firstly welcome.
Now, a description of the fault/s and any error code that may have been displayed would be a good place to start.

Read other 3 answers
RELEVANCY SCORE 51.2

Hi guys
For the last 4 weeks i get the following 4 errors at boot in the event viewer never get anything else just these.Can anyone translate the squiggles for me and tell me if there is anything to be worried about or not
Thankyou

A:Event viewer logs

Look in the text document you attached cuz i've put them by Event ID (written in the text document):
Event ID: 40968
Discription:
The Security System has received an authentication request that could not be decoded. The request has failed.

Problem with your system.
----------------------------------------------------------------------------------------------
Event ID: 1060
Description:
\??\C:\Windows\SysWow64\drivers\mdvrmng.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

it's either replaced by a recently installed software or infected by a virus.
----------------------------------------------------------------------------------------------
Event ID: 7000
Description:
The Mobile IP Route Manager service failed to start due to the following error:
This driver has been blocked from loading

Again it's either a virus blocking it from running or the driver got messed up.
----------------------------------------------------------------------------------------------
Fixing:
1- Event ID: 40968
Since it has the Level: Warning then I think you better try System Restore Point, if still does the same problem, run a full system scan for viruses and if you find viruses in C:\WINDOWS, then you should Format / Reinstall Windows cuz if viruses can't be fixed they will be autmoticly quarentined and leads to lose of files for windows.

2- Event ID: 1060
Since it's in the windows Fold... Read more

Read other 1 answers
RELEVANCY SCORE 51.2

hi all,
i need to print out security logs of windows 2000 servers on a daily basis.
does anyone knows how to automate this?

Thanks
 

A:printing event logs

Why not create a batch file using the Print command
then include the batch file as a scheduled task

Print [/D:device] [[drive:][path]filename[...]]

/D:device specifies the print device
 

Read other 2 answers
RELEVANCY SCORE 51.2

Hi everyone. I was just wondering if there was any real purpose in cleaning up the event/security logs ?
The actual size they take up seems minimal and I'm pretty sure mine are set to overwrite themselves when they are full.
So I guess my question is - to clean or not to clean ? pro's/con's
Thanks.

A:Event Logs - clean up or not ?

IMHO, no.

Read other 9 answers
RELEVANCY SCORE 51.2

I have events from Anonymous log ons. What are those? In the security log!

For example: NT AUTHORITY\ANONYMOUS LOGON
Successful Network Logon:
User Name:
Domain:
Logon ID: (0x0,0x10FF3)
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name:
Logon GUID: -
This is the only on in almost a month!

Thank you lots!!

A:Event Viewer logs

Probably nothing to be concerned about, those are typical entries on my system.Comments from http://www.dslreports.com/forum/remark,655...ty,1~mode=flat:"A successful user logon is always listed as an event ID 528 and then you'll see a type which can be anything from 2 to 7. If it's not 528, then it's not an actual user and it's not necessarily successful.Event ID 538 is a successful logoff and not necessarily by an actual user.Event ID 540 is a successful "network" logon as in mapping a network drive. Your computer keeps checking for Network connections or shared folders, etc... on a regular basis to make sure you are connected."LouisWhat Is Anonymous Logon?

Read other 1 answers
RELEVANCY SCORE 51.2

Is any way to join several event logs in one?

A:Join Event logs

If you are talking about Windows Logs, actually there is a way. When you open Event Viewer, you will see a 'Custom Views' group in the left sidebar. By right clicking on it you get a menu from which you can select 'Create Custom View'. That opens a new window, where you have to check the first radio button that says "by log" (it is checked by default but make sure), and on its right side there is a dropdown menu from which you can pick logs that you want. After clicking OK and naming your custom view, you will have a list of all the events from all the logs you selected.

Read other 1 answers
RELEVANCY SCORE 51.2

Win XP: in Event Viewer there are a bunch of event logs. Is it 'safe' to delete all these logs? of course, some of them have 'red' warnings and some 'yellow'....but my pc is working just fine now. Thanks for any advice.
 

A:Event Viewer logs

It's just a log file. If you want to clear it, it'll just clear all previous events and start from scratch. It wont cause you problems.
 

Read other 1 answers
RELEVANCY SCORE 51.2

http://www.microsoft.com/technet/scr....mspx?mfr=true

Microsoft Corporation

You can list the contents of an event log, sort by source, group by message type and more. To get the a whole log use the following command: get-eventlog [log name] get-eventlog Application

If you wish to sort the records by source use this command: get-eventlog Application | sort Source You can also group the records by Source, it can take a while depending on the number of records, but it is handy! Just run:
get-eventlog Application | group Message

Now event logs can get quite large and hold thousands and thousands of records. You can use the -Newest ### switch to retrieve a set number of the latest events recorded And, of course, these can all be combined to get exactly what you are looking for.
get-eventlog Application -newest 100 | sort source

Read other answers
RELEVANCY SCORE 51.2

Hi guys
i dont really look into my event logs because usually, i dont have the need too.

i randomly decided to look into my event log (while doing some maintenance on my setup)
and found some strange events.

two distinct event logs which are somewhat related.

Problem 1. I can cause the following event by removing my iPod from my pc via iTunes (remove virtually not physically)

Following events have
Log name: Microsoft-Windows-WMI-Activity/Operational
Event ID: 5858
Level: Error

Event 1:
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = SHADY-PC; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2992; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\wmi : select * from WDMClassesOfDriver where ClassName = "MSStorageDriver_ClassErrorLogEntry"; ResultCode = 0x80041032; PossibleCause = Unknown

Event 2:
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = SHADY-PC; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2992; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\wmi : select * from WDMClassesOfDriver where ClassName = "MSStorageDriver_ClassErrorLog"; ResultCode = 0x80041032; PossibleCause = Unknown

Event 3:
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = SHADY-PC; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2992; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\wmi : select * from WMIBinaryMofResource where Name = "IDE\\DiskOCZ-VE... Read more

A:Strange event logs

anyone?

these errors only occur when removing a USB device.

Read other 9 answers
RELEVANCY SCORE 50.4

Hello Support,
I'm investigating a case where a log entry has been found when exporting that event file(opened in eventviewer) to text file but its not found when searching in Event Viewer.
I've done multiple searches and its not seen in event viewer but can be seen once i export the same event into text files.
Please suggest some solutions asap.

Thanks in advance.

Read other answers
RELEVANCY SCORE 50.4

Hello,
I am doing proof of concept testing and I am running into a lot of scenarios where EMET blocks an exploit attempts but does not generate a log or notification. For example CVE-2015-5119. I can compromise a vulnerable test machine no problem. When I apply
EMET to IE the exploit is stopped (application crashes) but I get no event. I have been unable to generate an EMET event for IE (flash plugin) or Java so far this way. The only way that I get an EMET notification is for when I have it protecting another application
like notepad or audioconverter. I have also tried CVE-2012-4969 and CVE-2011-3544 which is a java exploit and EMET mitigates it but not message or Event log. The vulnerable system running EMET is Windows 7 SP1 with IE 8. I have tried both EMET 5.2 and
5.5. Any thoughts?

Thanks!

Read other answers
RELEVANCY SCORE 50.4

Before I post my BSOD thread, what I'd like to is see where it is in event viewer, I can't find it. It happened at 11:45 yesterday (it's 12:57AM here now) the computer was off for about an hour, but the last event it shows under system is 11:06 and it's just an information event.

A:BSOD not showing in event logs, why?

There may not be a event logged depending on the type/cause of the bsod.

Read other 1 answers
RELEVANCY SCORE 50.4

Hello,
I was told that internet explorer logs are located in Event viewer > windows logs > application. After looking through that tree, I was unable to find any IE logs. How would I filter the view to only get IE; also, what would the source of IE be? Fixing
IE is a pain.

Edit: this is for Windows 10 1709.

Read other answers
RELEVANCY SCORE 50.4

How can you clear the event logs without an event being created stating that the logs were cleared in Powershell? The "clear-eventlog" command does clear the events, however it leaves behind an event that states that the logs were cleared.
Anyway to get around this and totally clear the logs?
Thanks,

Read other answers
RELEVANCY SCORE 50.4

Hello:

Anyone knows if the following steps apply to Windows XP as well?

"How to Change the Default Event Viewer Log File Location"

http://support.microsoft.com/kb/216169

Thanks

Read other answers
RELEVANCY SCORE 50.4

Hi guys ,
I'm seeking help to troubleshoot my PC at times running slowly with CPU usage reeching 100%.
I'm on win2000 SP4
P4 HT 2.8
1 GB ram
5 hdd ( 40GB ata , 80GB SATA ,160GB SATA , 200GB SATA , 500 GB SATA )
I saw at event viewer these logs
Event ID - 51 - An error was detected on device \Device\Harddisk2\DR2 during a paging operation
Event ID - 51 - An error was detected on device \Device\Harddisk3\DR3 during a paging operation.
I had run chkdsk with the /F /R commands , also defrag the disks , cheched for virus , adware , spyware , trojans , checked the connections at the motherboard , repair the windows instalation but the problem insists and drives me crazy for weeks now
Any help please ?
 

Read other answers
RELEVANCY SCORE 50.4

Hi,

We are reading the event log information in our application from using query in windows management service and Java script. The required event log is based on the current system time that we send through the query to fetch the details. We face a problem while fetching a event log of Windows xp and Windows-7 as the actual time the error message logs differs from the system time. Also the time difference is not same in all the machines of same configuration.

Example : Conider an error is logged in windows event log at 05.00 AM but the time logged as 02.00 AM (which can also 07.00 AM or any difference of time) in the event log. Now I was unable to decide the exact time of an error log.

We made a workaround in Windows-7 by fetching it using Record ID which is increasing for every event log but the same does not work in Windows-XP as the record id is not increasing and does not look to have a standard format.

Kindly provide us some solution to fetch the error log information of the particular time.

Thanks,
Deva Veluchamy.

Read other answers
RELEVANCY SCORE 50.4

http://tinyurl.com/gpc3c

Event Viewer in pre-Vista platforms suffers from several limitations that make it underperform as a troubleshooting tool. These limitations include a lack of support for centralized logging, inability to query across multiple logs, limited event filtering capability, and a general lack of "software intelligence" in terms of helping you understand how different events correlate with possible problems and how they can be resolved.

Windows Vista's enhanced version of Event Viewer is a big improvement in many of these areas, and while it's still not perfect (especially in the area of software intelligence) it's still a good step forward over the previous version of the tool. Let's walk through using some of these new features so you can learn how to use their capabilities for troubleshooting purposes.
 

A:Monitoring Event Logs in Vista

Wooohoo something I have been praying for since the Windows NT days has come true!
 

Read other 1 answers
RELEVANCY SCORE 50.4

Is it possible to prevent JRT from clearing the event logs?
 
What is the reason behind this feature?  Event Logs are often crucial for diagnosing Windows issues.  I'm not aware of any reason that the event logs should be cleared to help with junkware removal.  Please help me understand the reason for this feature, and if possible, provide away to disable it.
 
Thanks!

A:Is it possible to prevent JRT from clearing Event Logs?

JRT's disclaimer clearly states: "This software is provided "as is" without warranty of any kind. You may use this software at your own risk."However, you can ask a question (leave a comment/suggestion) on Thisisu's JRT Blog.

Read other 12 answers
RELEVANCY SCORE 50.4

By mistake, I have executed a wrong command (SL /e:false to disable all event logging instead of clearing it. Got it from another website ).

Now I would like to reset all my event logs to default.
Has someone an idea, how I could apply the steps from this article:
Reset an event log to default settings: Management Services (which is for Windows Server only!)
to my Windows 10 machine?

A:I would like to reset all my event logs to default

Originally Posted by WTenNewbie


By mistake, I have executed a wrong command (SL /e:false to disable all event logging instead of clearing it. Got it from another website ).

Now I would like to reset all my event logs to default.
Has someone an idea, how I could apply the steps from this article:
Reset an event log to default settings: Management Services (which is for Windows Server only!)
to my Windows 10 machine?



WTenNewbie... what was the exact command you entered, the full command?

Read other 2 answers
RELEVANCY SCORE 50.4

I have been encountering slow shutdown times on my desktop recently. I looked in the event logs to try and find some clue but they were not that helpful to the less than technically minded

1: EVENT_TCPIP_TCP_CONNECT_LIMIT_REACHED
I had a lot of the above that were listed both as information and warning

2: also W32time came up several time as both info and warning

3: NetBT came up several times - with
"the name MSHOME could not be registered on the interface with IP address xxx, the machine with the ip address yyy did not allow the name to be claimed by this machine.

The only hardware I have installed recently is a Belkin wireless card (whose problems I have posted elsewhere ) This may have something to do with it but I am not sure. Briefly my setup is a wireless laptop (no problems) and a wired desktop (which has been re-configured to run on wireless)

I am running Windows XP pro with SP2 on an AMD system with 2 gigs ram

I have run several virus checks and I run spybot regularly, I have a belkin router to connect through to my blueyonder broadband.

Any advice?
 

A:XP very slow shutdown - event logs

Read other 13 answers
RELEVANCY SCORE 50.4

I'm curious if there are any windows events, either system or application, that would tell me the Time Zone the system is in. If I get event logs (*.evtx) from windows 7 system from customer, how would I find out TimeZone.
Thanks,
MDExch

Read other answers