I have been encountering slow shutdown times on my desktop recently. I looked in the event logs to try and find some clue but they were not that helpful to the less than technically minded

I had a lot of the above that were listed both as information and warning

2: also W32time came up several time as both info and warning

3: NetBT came up several times - with
"the name MSHOME could not be registered on the interface with IP address xxx, the machine with the ip address yyy did not allow the name to be claimed by this machine.

The only hardware I have installed recently is a Belkin wireless card (whose problems I have posted elsewhere ) This may have something to do with it but I am not sure. Briefly my setup is a wireless laptop (no problems) and a wired desktop (which has been re-configured to run on wireless)

I am running Windows XP pro with SP2 on an AMD system with 2 gigs ram

I have run several virus checks and I run spybot regularly, I have a belkin router to connect through to my blueyonder broadband.

Any advice?

OK so for the last week or so my pc has been cshutting off at random times and then on reboot indicating that there had been a thermal event. The fan on the CPU is working and the computer often shutdown immediately following start up (before there would be any chance for it to get too hot) I have run Advanced Systemcare free SInc I got it along with AVG Free. When I started noticing problems I also downloaded Ad-Aware and MalWareBytes. All systems run clean, but performance still sucks. Today I get the Thermal event Shutdown message again and when I look at thr event log it shows that my memeory was reduced on Oct 14th. I decide to try to go back to a restore point, and coincedientally the last restore point is Oct 14th. I run system restore, and the restore application comes back and tells me that it can't restore the computer to that day.

There is too much coincidence to make me think that nothing is happening, but I'm not PC savvy enough to figure out on my own. PLease help. Hi Jack this logs below
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:18:42 AM, on 11/6/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS�... Read more

Answer:Thermal Event Shutdown? HiJack this Logs

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

I have W7 SP1 - 64 bit, MSE, Windows firewall

using a pendrive dongle, I use Reliance Netconnet+ having a claimed speed of 3.1 Mbps. I never achieved that speed in 3-4 years, but that good enough never to face any bottleneck really. But, for last one month, net is crawling slower than a snail somehow. I get 5-10-20 Kbps speeds mostly, on some servers it reaches 40-50-60, hardly ever go above that.

There are also a lot of messages in event logs. dns failure, server not responding, dhcpv6_client.

ISP has confirmed that they are not giving ipv6 access.

IPConfig /all used to come with
Windows IP Configuration

Host Name . . . . . . . . . . . . : ilLUSion64-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

PPP adapter Reliance:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Reliance
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . :
Subnet Mask . . . . . . . . . . . :
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled

Then there were the following with "Media disconnected"
Tunnel adapter isatap.{3637C87A-F939-4D2F-88F8-49CE0147BDFC}:
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Tun... Read more

Windows 10 64 bit, latest version, is working fine on my Toshiba i7 laptop with 8 Gb ram. But I have problems with shutdowns when I click on restart. It seems to take far too long to shutdown. I am not sure how to find out why but when checking out the event viewer, I found several shutdown errors (some critical and some warnings). So I got the following screen shots (not sure how I got there) which seem to reveal several errors during shutdown. When I click on the web link I get a non working website.

1. How do I find out what is making shutdowns so slow when I click restart? (I "think" Shutdown seems faster if I just click on shutdown instead of restart)
2. What problem do these screenshots of error indicate and how do I fix them?
Thank you
Got to those screens: Control Panel - Administrative Tools - Component services. Event viewer(Local) -Applications and Services Logs - Microsoft -Windows - Diagnostics Performance - Operational.

Here are some recent error screenshots which occur in both shutdown and bootups.
As can be seen this is a problem that goes back to 2016.

I have vista 32bit and event viewer is showing the problems as follows:
1.The following boot-start or system-start driver(s) failed to load:

2. The Internet Connection Sharing (ICS) service depends on the Base Filtering Engine service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

3. The IPsec Policy Agent service depends on the Base Filtering Engine service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

4. The LogMeIn Kernel Information Provider service failed to start due to the following error:
The system cannot find the path specified.

5. The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

6. Terminal Service start failed. The relevant status code was The configuration data for this product is corrupt. Contact your support personnel.

7. Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.

8. The server service was unable to recreate the share york because the directory C... Read more

I was running 3DMark06 and got a BSOD code 124. After that every time I boot Event Viewer logs Error Codes ID 3012 and 3011. Attached are screenshots of both.

I googled this and found two different threads where someone suggested to rebuild the performance counters. Both responses were basically the same, below is one. Neither of the OP's came back and said if this worked for them.

Re: LoadPerf 3011, 3012
I had the same problem with LoadPerf and here is what I found out:
All performance counter names and explain text are maintained in string tables managed by the performance counter subsystem (Perflib).

The current contents of the performance counter string tables are corrupted and cannot be displayed. To correct the problem, rebuild the string tables.

User Action
To rebuild the string tables, on the computer that displayed the message, at the command prompt, type Lodctr /r
The contents of the string tables are automatically rebuilt.

I hope this helps

Since this was from 2008 (XP?) and the other response was for Vista I wanted to see if the guru's at SevenForums thought that this was okay before I did this.

Here are the screenshoots of my two errors.

Answer:After BSOD Event Viewer Logs Event ID 3012 and 3011 every time I boot

Rebuilding the string tables as outlined in my first post fixed the problem.

After too many unexplained problems, I decided to reinstall Windows 8.1 Pro x64, and migrate off of SBS 2011 Standard. In addition to the primary workstation that can't read any event logs, I built five Server 2012 R2 servers (Hyper-V host, Active Directory
VM, Exchange 2013 VM, SQL Server 2014 VM, and WSUS VM).

I was diagnosing why my workstation's Outlook cannot reach the local Exchange Server.   I tried to look at the event logs, and found the
Event Viewer cannot open the event log or custom view.  Verify that Event Log service is running (it is) or the query is too long (whatever that indicates).  The request is not supported (50)
Looking at the directory of the event logs folder.  It appears that most logs are empty, which is understandable since it's a rebuilt installation.  I found a small number of Applications and Services Logs and it appears nothing was logged since
six days ago on 4/4/2016.   On support forums, I found many have this exact problem on Win 7, Win 8, and Win 10.  Of the solutions posted none of them would even execute on my Win 8.1 Pro x64 machine.  I tried clearing the event logs (WEVTUTIL
CL logfilename) and am told Failed to clear log .... The request is not supported. 
It's very difficult to diagnose why Outlook 2013 cannot reach Exchange 2013, even if Outlook is installed on the Exchange server machine (just as a test).  The web-based Outlook owa, ecp, ... all work fine. ... Read more

Hi all,

I've just built an AcerPower F6 desktop to Win 7 Pro 32 every shutdown it shows BSOD and promptly restarts.

Event log is showing me the following for a critical event at the same time the shutdown occurs (The date on the log is from a week ago but this happens every shutdown which is once every weekday):

Log Name: System
Source: Microsoft-Windows-Kernel-Processor-Power
Date: 14/03/2014 13:19:19
Event ID: 6
Task Category: (6)
Level: Error
Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.
Event Xml:
<Event xmlns="">
<Provider Name="Microsoft-Windows-Kernel-Processor-Power" Guid="{0F67E49F-FE51-4E9F-B490-6F2948CC6027}" />
<TimeCreated SystemTime="2014-03-14T13:19:19.519629700Z" />
<Correlation />
<Execution ProcessID="4" ThreadID="52" />
<Security UserID="S-1-5-18" /&g... Read more

Answer:BSOD on Shutdown Event Log = Kernel-Processor-Power. Event ID: 6

Your NI Measurement Studio driver appears to be causing problems.

Probably caused by : NIPALK.sys
It's outdated by 11 years, if you wish to keep the program I suggest you update the driver.

88a32000 88aab000 NIPALK T (no symbols)
Loaded symbol image file: NIPALK.sys
Image path: \SystemRoot\System32\Drivers\NIPALK.sys
Image name: NIPALK.sys
Timestamp: Mon May 12 22:21:05 2003 (3EC01041)
CheckSum: 0007ACFC
ImageSize: 00079000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
Please remove it or update it from the following link.

NI Measurement Studio - National Instruments

EDIT, there is a fix you can download which prevents file corruption, if you can't find an updated driver then download this.

Event Log Explorer
A tool to help Manage, Analyze and Report Windows Event Logs
For Windows NT/2000/XP/2003 operating systems​
This is a simple, "starter" guide to help use this tool. (Note this tool will only work on Windows NT/2000/XP/2003. It will not work with Windows Vista.) Download and run Event Log Explorer.

One time initialization

Click Tree->Show Tree
Click File->New Workspace
Click File->Save Workspace As (and save your workspace file anywhere you choose)
Example: To Filter / View / Export Recent Error and Warning Log Events

Open an Event Log
>> (e.g Typically, you only need look at the System Log (for System event records) and the Application Log (for Application related events)
Filter the events you want to see (for this example we filter to only see Non-Information events that occured in the last 7 days)
>> Click View->Filter.
>> Uncheck Information. Towards the bottom of the filter window, look for ?Display event for the last? enter 7 days. Click OK
Click File->Export Log to save a copy of the events for later viewing or sending to others
>> Check: Text file, All events, Event Description
>> Uncheck Export Event Data
>> Check Close dialog when done
Click Export and save as a txt file on your Desktop
Help Troubleshooting an Event

Double click an event to see the "Event Description" (which provides more detail about the event)
Click Event ID Database button for an web page a... Read more

Answer:"Event Log Explorer" tool helps manage/analyze/report on your Windows Event Logs

I use the subscription to It has been greatly helpful. I don't have this analyser but am a big believer in using the Event Viewer. I'll add a description I have written up which will help in determining the Events: This may be useful in addition to the Event Analyzer.

One thing I have not been able to do is keep the filters set with the software in the OS.

Find the Error(s)in the Event Viewer that correspond to the crash/freeze/error message/blue screen, etc.:

Description of the Event Viewer:

Unfortunately, many Windows XP users aren't aware of the Event Viewer, what it is, where it is, how it can help with a problem:
The Event Viewer has logs for everything that happens on the computer. There are three sets of logs: System, Applications and Security. By opening the first two to display the Events, you can look for Errors that correspond to the time of the problem- in your case, the crash.

There are three types of Events in the System and Apps logs:
1. Information (white circle w/blue i): this is just basic documentation of the normal working of the System or Apps.
2. Warnings (yellow triangle w/black exclamation mark) noting some problem at that moment. Warnings usually resolve on their own. If they do not, they become>>>
3. Errors (red circle w/white X- they document something that didn't work or isn't happening as it should. Each Errors has three parts: an ID#, a Source and a Description. By doing a right clic... Read more

Greetings Gents

? Windows 7 ultimate
? x64
? it was vista upgraded to 7
? full retail version
? 2009
? 2010
? Intel(R) Core(TM)2 Quad CPU Q9100 @ 2.26GHz
? NVIDIA GeForce GTX 260M
? Alienware M17x
? FLEXTRONICS 19.5 v *12.3 a = 239.85 w

out of sudden when i playing mkv or .avi media it stopped working and force me to total shutdown the system. To be precise, I never faced the BOSD; yet I know it the same/equivalent to it. I am seeking your help gents :D

kindly find the attached

thank you & your rapid response is highly appreciated.

Answer:BSOD - Event ID 6008 Previous Shutdown was Unexpected - need total shutdown

Hi -

Most of the 11 BSODs list NVIDIA video as the probable cause.

1. Update your NVIDIA video drivers -


nvlddmkm.sys Tue Mar 16 22:00:40 2010 (4BA037C8)
nvBridge.kmd Tue Mar 16 21:31:37 2010 (4BA030F9)


One of the BSODs had a bugcheck = 0x124 = WHEA = Windows Hardware Error Architecture - potential hardware failure

Info on 0x124 -->

2. Remove Daemon Tools/ Alcohol 120. A driver common to both sptd.sys is known to cause BSODs.

3. Update your ESET installation to v4.2.64.12 -->

You need device driver updates. Alienware Support sends me to Dell Support -

4. Update all device drivers - chipset (NVIDIA & Ricoh), audio, network. DO NOT download the NVIDIA Video driver from Dell - go to NVIDIA Support per step #1 above.

Windbg Logs

If BSODs persist after driver updates, run the Driver Verifier -->

Regards. . .





Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
Debug session time: Tue Aug 17 21:36:50.639 2010 (GMT-4)
System Uptime: 0 days 3:49:08.761
*** WARNING: Unable to verify tim... Read more

Question: Event Logs

Been snooping through event logs because my pc randomly freezes.I have the asus striker II extreme moboIntel Core2 Quad Q9400 Well Im getting stupid kernel errors. I want them fixed. Running windows 7 Ultimate with all updates.Log Name: SystemSource: Microsoft-Windows-Kernel-Processor-PowerDate: 9/23/2010 10:50:48 PMEvent ID: 35Task Category: (2)Level: ErrorKeywords: User: SYSTEMComputer: Vaine-PCDescription:Performance power management features on processor 0 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.Event Xml:<Event xmlns=""> <System> <Provider Name="Microsoft-Windows-Kernel-Processor-Power" Guid="{0F67E49F-FE51-4E9F-B490-6F2948CC6027}" /> <EventID>35</EventID> <Version>0</Version> <Level>2</Level> <Task>2</Task> <Opcode>0</Opcode> <Keywords>0x8000000000000000</Keywords> <TimeCreated SystemTime="2010-09-24T02:50:48.657200000Z" /> <EventRecordID>38790</EventRecordID> <Correlation /> <Execution ProcessID="4" ThreadID="60" /> <Channel>System</Channel> <Computer>Vaine-PC</Computer> <Security UserID="S-1-5-18" /> </System> <EventData> ... Read more

Answer:Event Logs

Disable Speedstep, and see if the issues go away. If it does, then you need to update your chipset drivers or keep speedstep disabled.

Question: Event logs

Is there any way to clear all windows 8 event logs..

Answer:Event logs

Event Viewer One Click Clear - Windows 7 Forums
This was for windows 7 but is still working for windows 8.I'm using it.Just run it as administrator

Question: Event Logs

Attached is two event log files, one is the system events "EVENT LOG.csv, the other is application events "APPLICATION LOG.csv.
Can you please tell me what happend, or what could have happend to this pc on the 7 October 2008 at 7 in the morning. The time and date reset after that, or it was changed by someone and i need to find out if it was the pc or someone.
thank you

Question: Join Event logs

Is any way to join several event logs in one?

Answer:Join Event logs

If you are talking about Windows Logs, actually there is a way. When you open Event Viewer, you will see a 'Custom Views' group in the left sidebar. By right clicking on it you get a menu from which you can select 'Create Custom View'. That opens a new window, where you have to check the first radio button that says "by log" (it is checked by default but make sure), and on its right side there is a dropdown menu from which you can pick logs that you want. After clicking OK and naming your custom view, you will have a list of all the events from all the logs you selected.

Microsoft Corporation

You can list the contents of an event log, sort by source, group by message type and more. To get the a whole log use the following command: get-eventlog [log name] get-eventlog Application

If you wish to sort the records by source use this command: get-eventlog Application | sort Source You can also group the records by Source, it can take a while depending on the number of records, but it is handy! Just run:
get-eventlog Application | group Message

Now event logs can get quite large and hold thousands and thousands of records. You can use the -Newest ### switch to retrieve a set number of the latest events recorded And, of course, these can all be combined to get exactly what you are looking for.
get-eventlog Application -newest 100 | sort source

Question: Event Viewer logs

I have events from Anonymous log ons. What are those? In the security log!

Successful Network Logon:
User Name:
Logon ID: (0x0,0x10FF3)
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name:
Logon GUID: -
This is the only on in almost a month!

Thank you lots!!

Answer:Event Viewer logs

Probably nothing to be concerned about, those are typical entries on my system.Comments from,655...ty,1~mode=flat:"A successful user logon is always listed as an event ID 528 and then you'll see a type which can be anything from 2 to 7. If it's not 528, then it's not an actual user and it's not necessarily successful.Event ID 538 is a successful logoff and not necessarily by an actual user.Event ID 540 is a successful "network" logon as in mapping a network drive. Your computer keeps checking for Network connections or shared folders, etc... on a regular basis to make sure you are connected."LouisWhat Is Anonymous Logon?

Question: Event Viewer logs

Win XP: in Event Viewer there are a bunch of event logs. Is it 'safe' to delete all these logs? of course, some of them have 'red' warnings and some 'yellow'....but my pc is working just fine now. Thanks for any advice.

Answer:Event Viewer logs

It's just a log file. If you want to clear it, it'll just clear all previous events and start from scratch. It wont cause you problems.

Question: Strange event logs

Hi guys
i dont really look into my event logs because usually, i dont have the need too.

i randomly decided to look into my event log (while doing some maintenance on my setup)
and found some strange events.

two distinct event logs which are somewhat related.

Problem 1. I can cause the following event by removing my iPod from my pc via iTunes (remove virtually not physically)

Following events have
Log name: Microsoft-Windows-WMI-Activity/Operational
Event ID: 5858
Level: Error

Event 1:
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = SHADY-PC; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2992; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\wmi : select * from WDMClassesOfDriver where ClassName = "MSStorageDriver_ClassErrorLogEntry"; ResultCode = 0x80041032; PossibleCause = Unknown

Event 2:
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = SHADY-PC; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2992; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\wmi : select * from WDMClassesOfDriver where ClassName = "MSStorageDriver_ClassErrorLog"; ResultCode = 0x80041032; PossibleCause = Unknown

Event 3:
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = SHADY-PC; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2992; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\wmi : select * from WMIBinaryMofResource where Name = "IDE\\DiskOCZ-VE... Read more

Answer:Strange event logs


these errors only occur when removing a USB device.

Relevance 52.89%
Question: Windows event logs

I have encountered a number of 'Error' messages in the Event logs (system and application)of an office system and the supporting info (double click on the log message) really doesn't mean a lot. Is there a good source of info to help me decipher the messages and determine how to cure the errors?

Answer:Windows event logs

Click on the Microsoft Support URL in the event properties box - this will take you to the help and support centre and a brief explanation of the error.

hi all,
i need to print out security logs of windows 2000 servers on a daily basis.
does anyone knows how to automate this?


Answer:printing event logs

Why not create a batch file using the Print command
then include the batch file as a scheduled task

Print [/D:device] [[drive:][path]filename[...]]

/D:device specifies the print device

Question: Windows Event logs

I figured this would be the best group to ask as we [H] as a large number of network consultants on it that I'm sure have faced this issue before.

I was wondering what people have done to their event logs for various windows servers (IE auditing, changes, better reporting etc)

I am looking hard at the area around user authentication logging as we have servers on customer sites, and they have had "Unexplainable issues".

Answer:Windows Event logs

I set up a syslog server based on Syslog-NG and use eventlog-to-syslog ( to send the data to the syslog server from the windows servers. it works pretty well.

we also use pre-version 3.0 php-syslog-ng ( as a front end. it works very well for searching and filtering the events

Question: Event viewer logs

Hi guys
For the last 4 weeks i get the following 4 errors at boot in the event viewer never get anything else just these.Can anyone translate the squiggles for me and tell me if there is anything to be worried about or not

Answer:Event viewer logs

Look in the text document you attached cuz i've put them by Event ID (written in the text document):
Event ID: 40968
The Security System has received an authentication request that could not be decoded. The request has failed.

Problem with your system.
Event ID: 1060
\??\C:\Windows\SysWow64\drivers\mdvrmng.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

it's either replaced by a recently installed software or infected by a virus.
Event ID: 7000
The Mobile IP Route Manager service failed to start due to the following error:
This driver has been blocked from loading

Again it's either a virus blocking it from running or the driver got messed up.
1- Event ID: 40968
Since it has the Level: Warning then I think you better try System Restore Point, if still does the same problem, run a full system scan for viruses and if you find viruses in C:\WINDOWS, then you should Format / Reinstall Windows cuz if viruses can't be fixed they will be autmoticly quarentined and leads to lose of files for windows.

2- Event ID: 1060
Since it's in the windows Fold... Read more

Relevance 52.89%

Hi everyone. I was just wondering if there was any real purpose in cleaning up the event/security logs ?
The actual size they take up seems minimal and I'm pretty sure mine are set to overwrite themselves when they are full.
So I guess my question is - to clean or not to clean ? pro's/con's

Answer:Event Logs - clean up or not ?

IMHO, no.

Is any way to join several event logs in one?

Question: event viewer logs

I see in event viewer logs somethings say overwrite
is this normal

tried this

but having a problem.
this wont work when I save the one liner as a bat file or a cmd file. The command window appears and disappears rapidly when I right click on the bat file and ask it to run as admin. Even when I open a command window as admin and type in the name of the bat file I get nothing-just two prompts.
but pasting the code works??

Using win 8.1

Answer:clearing ALL the event logs

How to Clear the Windows 7 Event Viewer with One Click

Hi, I have a huge problem with my power supply and video cards. I have tried to include the event log files. I just started having trouble last week, but I can see by the logs that are in the Thousands. I have Reformatted my Hard Drive, Once already. I dont know where to start, or if I should Reformat it again. I am not the best with computers, and I am sure that I have Downloaded some Crap and I am Paying for it now. I have just tried to upload my Event Logs, but it says the file is Too Large. Any Help is Greatly Appreciated. Thx

Answer:Event Logs in the Thousands

Firstly welcome.
Now, a description of the fault/s and any error code that may have been displayed would be a good place to start.

Hi @Brink, hope you are around for this! LOL
This has not occurred between October 16, 2016, when I purchased this it, and today.
So, if it is a minor issue, I am OK with ignoring these results.

Failed to clear event logs

Failed to clear event logs using Clear_Event_Viewer_Logs.bat, which I downloaded yesterday.
Please note the three logs just below:

clearing "Microsoft-Windows-LiveId/Analytic"
Failed to clear log Microsoft-Windows-LiveId/Analytic.
Access is denied.

clearing "Microsoft-Windows-LiveId/Operational"
Failed to clear log Microsoft-Windows-LiveId/Operational.
Access is denied.

clearing "Microsoft-Windows-USBVideo/Analytic"
Failed to clear log Microsoft-Windows-USBVideo/Analytic.
The instance name passed was not recognized as valid
by a WMI data provider.



:: Created by: Shawn Brink
:: Created on: August 15th 2016
:: Updated on: May 13th 2017
:: Tutorial: Clear All Event Logs in Event Viewer in Windows Performance Maintenance Tutorials
@echo off

FOR /F "tokens=1,2*" %%V IN ('bcdedit') DO SET adminTest=%%V
IF (%adminTest%)==(Access) goto noAdmin
for /F "tokens=*" %%G in ('wevtutil.exe el') DO (call :do_clear "%%G")
echo All Event Logs have been cleared!
goto theEnd

echo clearing %1
wevtutil.exe cl %1
goto :eof

echo Current user permissions to execute this .BAT file are inade... Read more

Answer:Failed to clear event logs

Hello Jim, and welcome to Ten Forums.

Just to verify, did you right click on the .bat file and click on "Run as administrator"?

Relevance 52.07%

By mistake, I have executed a wrong command (SL /e:false to disable all event logging instead of clearing it. Got it from another website ).

Now I would like to reset all my event logs to default.
Has someone an idea, how I could apply the steps from this article:
Reset an event log to default settings: Management Services (which is for Windows Server only!)
to my Windows 10 machine?

Answer:I would like to reset all my event logs to default

Originally Posted by WTenNewbie

By mistake, I have executed a wrong command (SL /e:false to disable all event logging instead of clearing it. Got it from another website ).

Now I would like to reset all my event logs to default.
Has someone an idea, how I could apply the steps from this article:
Reset an event log to default settings: Management Services (which is for Windows Server only!)
to my Windows 10 machine?

WTenNewbie... what was the exact command you entered, the full command?

Relevance 52.07%


We are reading the event log information in our application from using query in windows management service and Java script. The required event log is based on the current system time that we send through the query to fetch the details. We face a problem while fetching a event log of Windows xp and Windows-7 as the actual time the error message logs differs from the system time. Also the time difference is not same in all the machines of same configuration.

Example : Conider an error is logged in windows event log at 05.00 AM but the time logged as 02.00 AM (which can also 07.00 AM or any difference of time) in the event log. Now I was unable to decide the exact time of an error log.

We made a workaround in Windows-7 by fetching it using Record ID which is increasing for every event log but the same does not work in Windows-XP as the record id is not increasing and does not look to have a standard format.

Kindly provide us some solution to fetch the error log information of the particular time.

Deva Veluchamy.

How or where can I find old event logs? My logs are only going back about a week, and I need to go back a month.

Answer:Windows 2003 Event Logs

Whats the retention of the logs?

'Overwrite events as needed'
'Overwrite events older than x days' (7 is default)
'Do not overwrite events'

Sounds like you have the first or second set..

Does anyone know where the Windows 10 Event Logs are stored? I know you can access them with Event Viewer, but I want to know where it loads them from. Googling didn't help much, as I only got results for Windows 7 and XP.

More replies
Relevance 52.07%

Is it possible to examine the event logs (*.evt) of Win NT/2000 on a windows 95/98 pc? If so, how?

Event Viewer in pre-Vista platforms suffers from several limitations that make it underperform as a troubleshooting tool. These limitations include a lack of support for centralized logging, inability to query across multiple logs, limited event filtering capability, and a general lack of "software intelligence" in terms of helping you understand how different events correlate with possible problems and how they can be resolved.

Windows Vista's enhanced version of Event Viewer is a big improvement in many of these areas, and while it's still not perfect (especially in the area of software intelligence) it's still a good step forward over the previous version of the tool. Let's walk through using some of these new features so you can learn how to use their capabilities for troubleshooting purposes.

Answer:Monitoring Event Logs in Vista

Wooohoo something I have been praying for since the Windows NT days has come true!

I'm curious if there are any windows events, either system or application, that would tell me the Time Zone the system is in. If I get event logs (*.evtx) from windows 7 system from customer, how would I find out TimeZone.

More replies
Relevance 52.07%

Ok so here's the deal:

Much like the rest of the IT world, my workplace does not have the manpower to manually parse event logs for every machine on a monthly basis. I am looking for anyone who has tried some 3rd party software that will monitor event logs and either email or send alerts. Sort of like a syslog daemon server does.

Any help? I am already only auditing the events I need and using dumpel to dump the logs in the format I prefer to a central location.

By mistake, I have executed a wrong command (SL /e:false to disable all event logging instead of clearing it. Got it from another website ).

Now I would like to reset all my event logs to default.
Has someone an idea, how I could apply the steps from this article:
Reset an event log to default settings: Management Services (which is for Windows Server only!)
to my Windows 10 machine?

WTenNewbie said:

By mistake, I have executed a wrong command (SL /e:false to disable all event logging instead of clearing it. Got it from another website ).

Now I would like to reset all my event logs to default.
Has someone an idea, how I could apply the steps from this article:
Reset an event log to default settings: Management Services (which is for Windows Server only!)
to my Windows 10 machine?

WTenNewbie... what was the exact command you entered, the full command?

6 more replies
Relevance 52.07%

Is there a way to delete the logs from Event Viewer?

Answer:Delete Logs From Event Viewer?

Yep, make Google your friend, the following is good for 7, 8, and 10

I am doing proof of concept testing and I am running into a lot of scenarios where EMET blocks an exploit attempts but does not generate a log or notification. For example CVE-2015-5119. I can compromise a vulnerable test machine no problem. When I apply
EMET to IE the exploit is stopped (application crashes) but I get no event. I have been unable to generate an EMET event for IE (flash plugin) or Java so far this way. The only way that I get an EMET notification is for when I have it protecting another application
like notepad or audioconverter. I have also tried CVE-2012-4969 and CVE-2011-3544 which is a java exploit and EMET mitigates it but not message or Event log. The vulnerable system running EMET is Windows 7 SP1 with IE 8. I have tried both EMET 5.2 and
5.5. Any thoughts?


More replies
Before I post my BSOD thread, what I'd like to is see where it is in event viewer, I can't find it. It happened at 11:45 yesterday (it's 12:57AM here now) the computer was off for about an hour, but the last event it shows under system is 11:06 and it's just an information event.

Answer:BSOD not showing in event logs, why?

There may not be a event logged depending on the type/cause of the bsod.

Is it possible to prevent JRT from clearing the event logs?
What is the reason behind this feature?  Event Logs are often crucial for diagnosing Windows issues.  I'm not aware of any reason that the event logs should be cleared to help with junkware removal.  Please help me understand the reason for this feature, and if possible, provide away to disable it.

Answer:Is it possible to prevent JRT from clearing Event Logs?

JRT's disclaimer clearly states: "This software is provided "as is" without warranty of any kind. You may use this software at your own risk."However, you can ask a question (leave a comment/suggestion) on Thisisu's JRT Blog.

Hello Support,
I'm investigating a case where a log entry has been found when exporting that event file(opened in eventviewer) to text file but its not found when searching in Event Viewer.
I've done multiple searches and its not seen in event viewer but can be seen once i export the same event into text files.
Please suggest some solutions asap.

Thanks in advance.

Anyone knows if the following steps apply to Windows XP as well?

"How to Change the Default Event Viewer Log File Location"


More replies
Relevance 52.07%

Any suggestion?(in windows 10)

Does anyone know if Event Viewer actually captures information when an administrator sets up forwarding on a mailbox. If so, where can I find this info.Thanks in advance.

I have read that I need to be checking firewall logs every day (ZDNet suggested this), and I know where to find the info. What I do not understand is how to interpret what I see. Is there a place to post here to have someone look at it, or can someone recommend other web sites that might be able to help? I have some concerns since I am seeing a lot of dropped packets.

Same question re event viewer. I see 'warnings' and dhcp and 1,000 events, but I don't know what that means, or whether I should be concerned, or take action in some way. Again, is that info something that can be looked at here, or where do I learn more about how to interpet the data?

Any suggestions/recommendations would be greatly appreciated.

Answer:Event Viewer and Firewall Logs

I have read that I need to be checking firewall logs every day (ZDNet suggested this),Hi Anonix -Unless you are having problems I see no reason to do this. Your Antivirus will keep a check on any problems usually. - or - you think you have problems then run Malwarebytes or SUPERAntiSpyware programs.(Both free)If there is a serious problem please post in the Malware removal area of this forum -Thank You -

Hi guys ,
I'm seeking help to troubleshoot my PC at times running slowly with CPU usage reeching 100%.
I'm on win2000 SP4
P4 HT 2.8
1 GB ram
5 hdd ( 40GB ata , 80GB SATA ,160GB SATA , 200GB SATA , 500 GB SATA )
I saw at event viewer these logs
Event ID - 51 - An error was detected on device \Device\Harddisk2\DR2 during a paging operation
Event ID - 51 - An error was detected on device \Device\Harddisk3\DR3 during a paging operation.
I had run chkdsk with the /F /R commands , also defrag the disks , cheched for virus , adware , spyware , trojans , checked the connections at the motherboard , repair the windows instalation but the problem insists and drives me crazy for weeks now
Any help please ?

Which event logs can one check to identify hardware errors or general hardware health for the disk (SSD), battery, or memory? Are there additional health checks that can be collected through PowerShell/WMI? I know Win32_battery has for example an attribute
for ExpectedBatteryLife although  I don't see it populated. Also the below blog shows how to query disk health through WMI.

More replies
Relevance 51.66%

Okay here's my problem...

We had someone do something to one of the servers at work and when we went in to go look at the Application, Security, and System logs in event viewer, we realized that whoever did the damage, deleted them. Does anyone know if windows caches these logs somewhere else and if there's a utility to retrieve them?

Answer:Question about Event Viewer logs for Server 2k3

once the event logs are wiped you don't get them back. if this was a hack they had full admin access to the machine. the only safe bet (because they could have installed a rootkit) is to wipe the drives, reinstall and restore all data from a clean backup. Change ALL admin / service account passwords.

edit: don't do this if you're persuing the person either criminally or civily - have a some external forensics company go over it first /make images of the drives.

I'm looking for a low cost product to centralize viewing, collection and archiving of Windows Event Logs and Syslog messages from my firewall. I know of Event Manager from GFI, but they are too expensive - their WorkStation-only product costs less, but it doesn't handle systog data, only their server product does, and the server edition costs $220 for 9 nodes. I only want something for home use, with 4 nodes. Any ideas?

More replies
Relevance 51.66%

My computer crashes while watching video or playing games (even css) at least twice a day. It just goes to black or fuzzed screen, light dies from keyboard and makes real hard to describe sound. (not like a loop, I don't think anyway) I have a feeling its my graphics card as its old as compared to rest of PC. If you need to view event viewer logs in another format please let me know. I'm learning.

MSI p45 Platinum
Wolfdale E8600
Radeon x1600
4Gb Gskill ram

Answer:PC crash description. With event viewer logs, please help

windows 7 X64 btw, always forget something

1 more replies
Relevance 51.66%

Hey guys. I'm playing an old game and experiencing a lot of lag and freezing. I also noticed the following events in my Event Viewer:


0000000073: 2010-12-11 14:11:09:283 FAILED: ADL.ADL.ADL_Display_ImageExpansion_Get
Error Called by: ATI.ACE.CLI.Aspect.DeviceProperty.Graphics.Runtime.DevicePropertyImageScalingController::Parse processID:01908 threadID:( ) domainName:(ccc.exe ) assemblyName:(CLI.Aspect.DeviceProperty.Graphics.Runtime, Version=2.0.3951.39058, Culture=neutral, PublicKeyToken=90ba9c70f846762e)

0000000072: 2010-12-11 14:11:09:233 RT_MMVideo::InitializeInternetVideo GetMMVideoAdjustInfoItem Pulldown FAILED
Error Called by: ATI.ACE.CLI.Aspect.MMVideo.Graphics.Runtime.RT_MMVideo::InitializeInternetVideo processID:01908 threadID:( ) domainName:(ccc.exe ) assemblyName:(CLI.Aspect.MMVideo.Graphics.Runtime, Version=2.0.3951.39060, Culture=neutral, PublicKeyToken=90ba9c70f846762e)

0000000071: 2010-12-11 14:11:09:223 RT_MMVideo::InitAdvancedVideoFeature: Failed in VideoItem = CONTROLLER_VIDEO_MOSQUITONOISEREMOVAL
Error Called by: ATI.ACE.CLI.Aspect.MMVideo.Graphics.Runtime.RT_MMVi... Read more

Answer:Old game freezing a lot - event viewer logs

what game?

Windows 2003/2008 server event logs automation question.
Okay, I need help! This is my first post, and if I get an answer that resolves it, I swear that I will donate to the site! (okay, I will anyway, but what other motivation could I offer?)
Problem: I need to collect the system,application and security event logs
from multiple servers that I am testing often. Manually saving the logs and
resetting them is a chore for dozens of systems, each time i run a test.
What I would like is a VBS script that I could call from a shortcut on the
desktop, which points to a COLLECT.VBS script located on a mapped drive. This
would be to allow me to use 1 script on all systems. I could log in and run
it quickly or set it up on the scheduler to run daily.
The code below does the capture and clear of the logs, but i have had to edit one per server. I also have to create a different name or location each time to allow multiple captures to exist together and not overwrite each other.
So, here are the features that I would like some help with how to code a solution to my problem:
1. vbs script called from a desktop icon or tripped off by a daily scheduled
2. must copy then clear the system,security and application logs (code below
does do that, btw)
3. Pickup the system name and date stamp so as to write them on the x:
drive in a location that lets you easily see what they came from and where
they are.
Example- when I click on this from SYSTEM A, it creates the 3 logs they look... Read more

More replies
website which are used for cobranding & adv. display. When I checked the
Event log i could find some msi warnings which comes reqularly whenever I
access the asp pages which contains the .net component calls.

I would like to know the reason why those warnings are coming and also would like to know how can I avoid those warning from event log.

Please find the some entries in the event log

Applicatoin (Warning)
Event Id:1001 Source :msiinstaller user:NT AUTHORITY\NETWORK
Detection of product '{F23B8E68-217D-4D5F-B57F-0AD152FEED63}', feature
'DefaultFeature' failed during request for component

Event Id:1004 Source :msiinstaller user:NT AUTHORITY\NETWORK SERVICE

Detection of product '{F23B8E68-217D-4D5F-B57F-0AD152FEED63}', feature
'DefaultFeature', component '{3AE8A87A-CD50-1B46-29F5-E7B192E50960}' failed.
The resource
does not exist.

Can any one help me!!!

Thanks in advance


-- HP Compaq Presario CQ57 Refurbished -- Windows 7 Home Premium 64bit -- i2330 2.2GHz -- 16GB RAM --

Almost each time I play a game or use game modding software, after between minutes to 2 hours, suddenly the screen becomes black. The only thing I then can do, is to reboot my laptop.

I found the logs of the Windows 7 Event Log Manager, but I don't know how to interpret them I would like to know, what's happening to my laptop. Can anyone here help?

Interestingly, I just upgraded my system. Only since then I have these problems. Before it was just a Celeron B800 1.5GHz and 8GB RAM, and I could use those programs, that bring now blackouts, without problems...

Answer:Mysterious Windows 7 Blackouts - Event Logs

11 more replies
Following is the Eventvwr event log, which occurs multiple times per day, quite frequently. The Account name has been changed.
The PID indicates Local Security Authority Process with sub-services of CNG Key Isolation, Encrypting File System (ESF) and Security Accounts Manager.
An account was successfully logged on.
Security ID: SYSTEM
Account Name: PCNAME$
Account Domain: WORKGROUP
Logon ID: 0x3E7
Logon Information:
Logon Type: 5
Restricted Admin Mode: -
Virtual Account: No
Elevated Token: Yes
Impersonation Level: Impersonation
New Logon:
Security ID: SYSTEM
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3E7
Linked Logon ID: 0x0
Network Account Name: -
Network Account Domain: -
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process ID: 0x2d8
Process Name: C:\Windows\System32\services.exe
Network Information:
Workstation Name:
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: Advapi  
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon session is created. It is generated on the comp... Read more

Answer:Suspicious Event Logs in Eventvwr. Something to be concerned about?

Didier Stevens answered your query in your other thread.

Hi all:

Being compulsive about the efficiency of things, from time to time I Clear the Event Viewer Logs.

1: Left alone, how big will these things get? I see 7000+ entries at times!
2: Does clearing them out make sense? No?
3: Is there a way to set an upper limit on their sizes?


Answer:Event Viewer Logs - Size Adjustments

If left to the default settings the logs will grow to about "20480 KB", "20 MB" before it overwrites old entries.
This is of course for the default logs, Applications that puts logs may be less kind.

I'm trying to diagnose an application that's failing to launch in Win10 but launches on Win7. I've enabled "Show analytic and debug logs" in event view but i'm only get a couple of extra folders, there should be a lot more to view. Do I need to
enable something else?

What I get

What I should be seeing


I just have a question about Event Logs. Is it ok to delete Event Logs or .evtx files of uninstalled programs? The reason I am asking is because as of right now, I am in need of some assistance in trying to solve a problem I've been having in a previous thread that I've posted a few days ago.

Here is the link to the thread for those interested.

I have read other numerous threads, however some say it is best to not touch the Event Logs at all. Either way much help is appreciated.


Answer:Ok To Delete Event Logs of Uninstalled Programs?

Give Unlocker a try. Have it delete the file on the next boot, see if that works.

Careful when installing it, make sure you do not install Delta Toolbar.

To use, right click on the file and select Delete. If it doesn't work then tell it to delete on next boot.

Hello all,

This Windows 7 utility actually works on Windows 8 Pro (at least it does on my installation).

Event Viewer One Click Clear - Windows 7 Support Forums

Use at your own risk.

Note: There are some that frown on removing historical event logs and I say "To each their own."

Good luck.

I periodically get lockups on my Windows 7 laptop.

Just prior to the lockup events, the System Event Log under the System tab reports several Information messages, roughly around 20 and about one or more every second.

The source is Application Popup and the Event ID is 26. The description is: "Application popup: Windows - Application Error: The instruction at 0x77632239 referenced memory at 0x000000014. The memory could not be written."

No popup actually was shown on my screen, though. Within 20 minutes of these events being logged, the system inevitably locks up. Does anyone know what the reason might be?

(PS, when the system does come back, I see an event that notes that the previous system shutdown was unexpected. The time it gives for the shutdown seems to be the time when it locked up. (I can see that the clock was frozen at that time.))

More replies
Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Description: Faulting application soffice.exe, version 6.0.7663.500, faulting module kernel32.dll, version 5.1.2600.3119, fault address 0x00012a5b

Event Type: Error
Event Source: System Error
Event Category: (102)
Event ID: 1003
Description: Error code 1000008e, parameter1 c000001d, parameter2 ecd3bcd8, parameter3 80548dc4, parameter4 00000000

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error: The system cannot find the file specified.

Answer:Random Reboot: Event Viewer Logs

In order to figure out why you are getting random reboots, you need to make a settings change to your computer. Go to:

Start > right click on My Computer > Properties > Advanced tab > Setup and Recovery 'Settings'

UN check 'Automatically Restart'. Click OK.

Reboot your computer. Now when Windows detects a problem it will not automatically reboot, but rather give you a blue screen.

Blue screens are often called 'Blue Screens of Death' (or BSOD) by users, and 'Stop Messages' by Microsoft. We need to know the exact message you see when you get the blue screen. We especially are looking for a set of letters and numbers about half way down the page that take this format:


This is usually followed by a set of 4 similar numbers in parenthesis. For now we just need the first set of letter and numbers (before the numbers in the parenthesis).

6 more replies
I did a clean install cpl weks ago and noticed my machine started randomly rebooting. At first I thought the machine was just killing any prog I left running; but I've had it reboot while playing games or just browsing the web. Thought that it might be a web-bug but did a full scan on trend micro's site & nothing showed up. I then thought that it was SP3, so I rolled back but it was still occuring. I ran Memtest and my mem passed. I then thought that it might be my vidcard, so I went to an older version of forceware & it still occurs. The only thing showing up in my event logs are dhcp warnings from my wireless adapter.

Anyone see anything strange in the log below?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:15:29 PM, on 2/26/2008
Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Softwar... Read more

I have a folder, 'test', which includes folders 'test1', 'test2', 'test3' and 'test4'. Somehow the folders 'test3' and 'test4' were moved one level up. there is security log enabled and audit in windows level. the action took place within a period of 9 minutes but it did not last more than 1 or 2 minutes due to the size of the files included in them. i need to find the event and figure out who performed the move in order to prevent it next time. Generally, if i move or delete folders i get events 560 and 560. these events are not there for the period of time when the incident occurred.Thank youRenold

Answer:security event logs missing within 9 minutes

security event logs missing

First off let me say sorry for my grammar.
so my problem is a person from microsoft called my home and said was i aware that my pc had a security threat and then proceeded to tell me to go too my event viewer and showed me 49 thousand plus system events with tons of errors and there was alot errors in the application logs. also he showed me something about hkkeys missing or something like that.

From what i can tell from the dates this might of started when i went from xp to windows 7 which i'm not sure i did right now what i did was got home with the windows 7 and put the 64 bit disk in and installed it then that was somewhat ok but i was having issues with it and older programs so i decided to install the 32 bit version instead and everything seems to be working fine untill i get this call.

He eventually explained that i needed microsoft security essentials for windows 7 for the registered oem number and said it would cost $450 from the store or $229 online which wouldn't that all come with the new windows 7 cd and he said even if i reformatted i would still continue to have this issue how can that be i don't know. so any advice would be greatly appreciated and if you need more info let me know.

Answer:Solved: event viewer logs errors

Relevance 51.66%

Following is the Eventvwr event log, which occurs multiple times per day, quite frequently. The Account name has been changed.
The PID indicates Local Security Authority Process with sub-services of CNG Key Isolation, Encrypting File System (ESF) and Security Accounts Manager.
An account was successfully logged on.
Security ID: SYSTEM
Account Name: PCNAME$
Account Domain: WORKGROUP
Logon ID: 0x3E7
Logon Information:
Logon Type: 5
Restricted Admin Mode: -
Virtual Account: No
Elevated Token: Yes
Impersonation Level: Impersonation
New Logon:
Security ID: SYSTEM
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3E7
Linked Logon ID: 0x0
Network Account Domain: -
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x2d8
Process Name: C:\Windows\System32\services.exe
Network Information:
Workstation Name:
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: Advapi  
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon session is created. It is generated on the computer that was accessed.
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as t... Read more

Answer:Suspicious Event Logs in Eventvwr. Something to be concerned about?

Relevance 51.66%

I haven't been able to find a way to clear all event logs without saving. In Win 7 and vista (I only tested this in win 7) I like to occassionaly clear the administrator alerts without having to go in to each event log area to do so. Sometimes I just want
to wipe the all clean do a reboot and see what happens. There doesn't seem an easy way to clear out everything, so I wrote a simple batch file that does this. If there is another way, please let me know. It's a real simple script, just time consuming to write
it. I used a lot of copy/paste and a macro utility to insert the wevtutil command.

For more info on wevtutil, open a cmd prompt and type wevtutil /?
You can edit this script to save each event log too if you need to. Good luck editing each line though...

Otherwise, maybe others will find this useful. Simply copy and paste the text below in to a batch file (text file with extension bat) then right click and run as administrator to clean out all events in all event logs...

REM - Will clear all event logs in Windows 7 Ultimate without prompting or saving.
REM - Created by Leonard Rivera
wevtutil.exe cl Analytic
wevtutil.exe cl Application
wevtutil.exe cl DirectShowFilterGraph
wevtutil.exe cl DirectShowPluginControl
wevtutil.exe cl EndpointMapper
wevtutil.exe cl ForwardedEvents
wevtutil.exe cl HardwareEvents
wevtutil.exe cl Internet Explorer
wevtutil.exe cl Key Management Service
wevtutil.exe cl MF_MediaFoundationDeviceProxy
wevtutil.exe cl "... Read more

We are getting the following error continuously in our NT 4.0 server event log: Most of the computers are logging in to the domain okay. (I say most because one or two have been having problems, I don't know if they are related.)

My understanding is that another tech had recently (last eight months or so) reinstalled the operating system on the server, and it looks like he named the domain controller the same as it was. He didn't make any changes to the clients because they were logging in after the format.

Does anyone have any ideas?

Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5513
Date: 2/5/2004
Time: 5:08:39 PM
User: N/A
Computer: SERVER
The computer KAREN tried to connect to the server SERVER using the trust relationship established by the SDA-SERVER domain. However, the computer lost the correct security identifier (SID) when the domain was reconfigured. Reestablish the trust relationship.

Answer:Regular errors in system event logs

This might help you out some...

1 more replies
Relevance 51.66%

If you have a lot of entries in the event logs, depending on your system, it can take a bit to open the logs.  Here is a way to clear all the 4 main event logs quickly.
Open a text editor (e.g. notepad), and copy the following into it.

@echo on
wevtutil.exe cl Application
wevtutil.exe cl Security
wevtutil.exe cl Setup
wevtutil.exe cl System
@echo off
Save it as "clear_logs.bat" (no quotes).  Now, just double click on the file, and all 4 main logs will be cleared.  It will not work on Windows XP.
This will work on Windows 8.1 for sure.  It should work on Windows 8, 7, maybe Vista.
Relevance 50.84%

Hi everyone, all of a sudden without reason the Win 8 maps app has started crashing at startup. I have tried all that I could think of including reinstalling GPU drivers, any ideas?

The is another attempt at getting this answered.
Previous replies noted that the Administrative Events under the Custom view was just a compilation of all the other logs.
I do not belive this is entirely correct as all the events in this log concern the operating system and do NOT appear in the other logs such as Application, Security, etc.
Below is an example of what is showing up on my system after all the individual logs shown under Event Viewer are cleared:


Date and Time


Event ID

Task Category


8/27/2015 13:59





8/27/2015 12:56





8/27/2015 12:56



Address Configuration State Event


8/27/2015 12:54



Sharing a printer


8/24/2015 9:15



Address Configuration State Event


8/24/2015 9:13



Sharing a printer


8/20/2015 3:19



Address Configuration State Event


8/20/2015 3:17



Sharing a printer


8/17/2015 10:24

Microsoft-Windows-... Read more

More replies
Relevance 50.84%

CASE Cooler Master HAF 912 RC-912-KKN1 Mid Tower
CPU Intel BX80623I72600K Core i7-2600K Sandy Bridge 3.4GHz (3.8GHz Turbo Boost)
CPU Heat Sink Cooler Master GeminII S RR-CCH-PBU1-GP 120mm Sleeve
DRAM 8GB (2 x 4GB) 240-Pin DDR3 SDRAM DDR3 1333 (PC3 10600) Desktop Memory Model CT2KIT51264BA1339
ZOTAC ZT-40503-10L GeForce GTS 450 (Fermi) 1GB 128-bit GDDR5 PCI Express 2.0 x16 HDCP Ready SLI Support Video Card
PSU Cooler Master Silent Pro Gold Series RS800-80GAD3-US 800W
DRIVE0 (O/S) OCZ VTX3MI-25SAT3-120G Vertex 3 MAX IOPS Edition 2.5" 120GB SATA III MLC Internal Solid State Drive (SSD)
DRIVE1 (Data) Hitachi UltraStar A7K2000 0F... Read more

The best place to start is in event viewer. You want to do whatever you need to cause the problem and look in event viewer around that time.

There are several ways to find what the problem is. The best is to go into event viewer (type eventvwr in search). Event viewer (local) and look for the critical errors listed in the last day, week, etc. Then go to the windows log>application tab. Finally the windows Logs>system tabs.

You want to look for critical errors (they have red in the left column ). If nothing critical is related to the problem keep looking it is there.

When you find them please note the event ID, and the source codes and tell us what they are.

5 more replies
Relevance 50.84%

Is there anyway to stop it fromnrecording forna certain period of time and then make it start recording again at a later time?

Answer:How can i temporarily prevent event viewer from recording logs

You can disable it and enable it through:

Control Panel> System and Security> Administrative Tools> Services > Windows Event Log

5 more replies
Relevance 50.84%


Is there a way to get a full list of the possible events that can appear in the system event's log file?

I am working on a project through which I can get alerts on these errors, but I need to classify them.

Let me know what you can do.


I am troubleshooting a video game that refuses to work. The developers of said game are aware of an issue, and have asked for feedback on a web-forum. I wanted to post the event viewer logs to the forum, for them to see. Is it safe to post the event viewer error logs online? My main concern was computer name, and SID (Security Identifier) number. Which are both included in the log.

More replies
Relevance 50.84%

This has been happening since last 24 hours, My toshiba laptops shuts down automatically without showing any warning, the first it happened about 20 minutes after I turned it on , after the shutdown I again hit the power button and it started normally but after 2 minutes it happened again. I put it away and this afternoon I again turned it on and the same happened after 15-20 minutes this time when I tried turning it own it was not responding, I placed My hand underneath and it was hot around the fan and exactly under the touchpad. After 2-3 minutes I was able to turn it on again but it shutdown after a minute.
The fan is working , I do not see any hardware problem as well because its working FINE right now (been on for about 40 minutes)
I just checked the event logs and this is what I for the unexpected shutdowns.


HTML Code:
EventData11:57:08 PM‎3/‎6/‎2017439802E1070300010006001700390008004B00E1070300010006001200390008004B00600900003C000000010000006009000001000000B00400000100000000000000[FONT=Segoe UI]Binary data:
[FONT=Segoe UI]In Words[/FONT]
[FONT=Courier New]0000: 000307E1 00060001 00390017 004B0008
0010: 000307E1 00060001 00390012 004B0008
0020: 00000960 0000003C 00000001 00000960
0030: 00000001 000004B0 00000001 00000000
[FONT=Segoe UI]In Bytes[/FONT]
[FONT=Courier New]0000: E1 07 03 00 01 00 06 00 ?.......
0008: 17 00 39 00 08 0... Read more

Answer:Unexpected shutdowns with no warning - event logs attached

How long has it been since you cleaned the fan intake and exhaust for the laptop? You live in a hot, dusty climate. You're heatsink might be clogged with dust and dirt.

You laptop is showing all of the classic symptoms of overheating.

1 more replies
Relevance 50.84%

hi all,

i always check my boot time from event manager following this pattern:

Event viewer -> Applications and Services log -> Microsoft -> Windows -> Diagnostic Performance -> Operational

off late, i have noticed under Microsoft i get another entry along with Windows. it is IEResp. this was not present earlier.

further under Diagnostic Performance, there was only operational but now there are two more entries i.e Diagnostic and Diagnostic -loopback.

i have observed that my booting time has also gone up.

are these entries valid? why have they turned up? is it ok to keep them or is there any thing i need to do since these entries have turned up.

pls drop in your views

6 more replies
Relevance 50.84%

Windows Home Premium SP1 64 bit

When opening Win 7 Event Viewer, in the Summary of Administrative Events window, it's reading the "Microsoft windowsbackup/ActionCenter log". Shouldn't it instead be reading the original logs? Application, System, Security, etc. ?

When I click on these logs in the left hand pane they open properly.

Answer:Event Viewer Reading Backup Logs Instead of Original

1 more replies
Relevance 50.84%

Apologies if the question has been asked before, but I've tried a search for this sort of event, without success. I've made it a practice to clear the Event Logs prior to shutting down (somewhat anal, I know!), so that - if anything goes pear-shaped during a session - I might have a chance of tracking it down, as I've only got that day's logs to view. In Vista Ultimate, you can filter the Windows Logs for that viewing, but I can see a way of getting the filter ("Warning" only) to stick permanently. Saving the filters as a custom view only seems to last for that session too. Is there a way, please?TIA! Ray.

Answer:Controlling The Appearance Of Windows Logs In Event Viewer

Hello Ray, yes you can filter logs, but about Warning-only permamently you cannot...For a little solution try press on "Type" ...

I'm currently having an issue with my Win7 64 bit Pro computer.

Transfers to other computers on my network is slow and sometimes the icon in the taskbar shows that it's disconnecting and reconnecting. I've also noticed that uploads to the internet are either slow or just never complete as the network keeps resetting.

I've also noticed in the System Event Viewer, for the past hour:

355 Service Event Errors ID # 7036 (4439 occurrences in 7 days); and
177 for Service Event Error ID 7042 (1165 occurrences in 7 days)

ID 7036 messages alternate between:

The TCP/IP NetBIOS Helper service entered the stopped state.
The TCP/IP NetBIOS Helper service entered the running state.

ID 7042 has messages reading:

The TCP/IP NetBIOS Helper service was successfully sent a stop control.
The reason specified was: 0x40030011 [Operating System: Network Connectivity (Planned)]

The other event message which occurs a lot is event 8033 which has 207 occurrances over the past 7 days. It reads:

The browser has forced an election on network \Device\NetBT_Tcpip_{180E5F8A-7005-4484-A0D4-553607321AC0} because a master browser was stopped.

Does the screenshot here indicate a conflict on IRQ 16. If so, would that have an impact on these disconnections.

I believe this might be the underlying cause of my slow transfe... Read more

Nvidia chipset?
(if it is, you need to install the drivers)

if not, other options are to set a static IP instead of DHCP and / or 'force' the drivers to be installed instead of using the ms ones for the nic

4 more replies
Relevance 50.84%

Is there any way to temporarily prevent event viwer from recording logs?

Answer:How can i temporarily disable event viewer or delete certain logs

We've already told you that we aren't going to help you get around the controls that your father setup on his own machine. Posting again won't do you any good.
how is he tracking when I am logging on and off the computer??

Howdy folks,
I did a fresh reinstall of WinXP a couple days ago, then I set the computer to defrag last night at midnight and went to bed. Now, I have literally /hundreds/ of messages in my Event Log (System) generated by the Windows File Protection - the file names are all different (and run in alphabetical order), but they all have identical messages:

Event Type: Information
Event Source: Windows File Protection
Event Category: None
Event ID: 64004
Date: 5/24/2003
Time: 8:27:26 AM
User: N/A
Computer: GRIMJACK
The protected system file XXX.XXX [all different -Mook] could not be
restored to its original, valid version. The file version of the bad
file is 5.1.2600.1106 The specific error code is 0x800b0100 [No
signature was present in the subject.

This is continuing to occur, even after I've rebooted the machine - anyone know what this means?


Answer:Hundreds of Windows File Protection Event Logs?

8 more replies
Relevance 50.43%

SORRY if I posted this in the wrong section!!!

For some reason my pc keeps on crashing lately when I am watching youtube videos or gaming (screen going black and hearing some buzzing sound) and after a few seconds it reboots. This happens randomly. It can happen in 5 minutes or even in 10/24 hours.
Here is a screenshot of event viewer with a critical error which appeared exactly when the pc crashes. Here's a screenshot of that critical event.

Following that error there are a few more events and among them are a few error events. After the pc is rebooted, it appears another error event which is saying "The computer has rebooted from a bugcheck. The bugcheck was: 0x00000124 (0x0000000000000000, 0xffffe00001ccb038, 0x0000000000000000, 0x0000000000000000). " and has a dump file attacked to it. Here's a screenshot of it.
Here's the dump file. I've uploaded it on tinyupload because I couldn't find how to attack it here.
Anyone knows what the cause might be? Mb not sending power to the components? Faulty PSU? anything else? My budget is extremely limited so I have to find out exactly which component is causing this problem.
Also, does the dump file say anything what the cause might be?

PS: CPU and GPU temps are fine around 50-55 during gaming. I have tried all possible driver versions for every component. Tried it on windows 7 8... Read more

More replies
Relevance 50.43%

Originally posted on Sevenforums, and reposted into the right forum thread.

For some backstory: I built this computer in late Feb of 2015. Over the last 5/7 months (two of which - July and August - I wasn't around to use it) and have had several issues with it since such as

Early March - Random BSOD relation to Shadowcopy files (reinstalled OS, issue ceisted)

Early September - Several random BSOD due to GPU driver (uninstalling and reinstalling the drivers in Safe Mode - doing so in regular boot mode caused a BSOD - fixed this)

Late September - Single, random BSOD again. However, the computer could not get past the Windows Repair Environment (reinstalled the OS, issue ceisted)

Now - random freezing every few days to as often as once every few hours. This is my current issue.
These freezes will occur suddenly and with no warning. One second I'll be watching a video, browsing, or playing a game then the next I'll be stuck. Any audio will loop constantly and the screen will be stuck at the last "frame". I've left it for as long as 30 minutes and it will not crash or bluescreen. The only option is to simply hold the Power button.
The event viewer will not have any error or warnings at the time of the freeze but will only have the error regarding the computer shutdown being forced at the time I hold the Power button.

I'm starting to think this issue is far beyond that of a software issue. This rig has had problems on both Windows 7 and 10. I'... Read more

I followed the prep guide. I couldn't backup my data. I think that's because I was trying to burn it to DVD. I have posted the Cobian Backup log, just in case. 2011-07-27 17:27 Welcome to Cobian Backup 10. The engine is now started. Engine version: OS: 6.1.7601. Service: No 2011-07-27 17:27 Loading the current list: "C:\Program Files (x86)\Cobian Backup 10\DB\MainList.lst" 2011-07-27 17:27 The safe mirror directory "C:\Users\Julie\AppData\Local\Safe mirror" doesn't exists. Trying to create it... 2011-07-27 17:27 The safe mirror directory "C:\Users\Julie\AppData\Local\Safe mirror" has been successfully created 2011-07-27 17:27 Starting the user interface 2011-07-27 17:27 The user interface has been started 2011-07-27 17:47 Getting version information from the server 2011-07-27 17:47 Your version is up to date 2011-07-27 17:49 The settings have been reloaded 2011-07-27 17:53 The task list has been reloaded: "C:\Program Files (x86)\Cobian Backup 10\DB\MainList.lst" 2011-07-27 17:55 *** A new backup has begun. Number of tasks in queue: 1 *** 2011-07-27 17:55 Preventing the system from entering Sleep mode 2011-07-27 17:55 Applying parameters to the task "Inc Backup" 2011-07-27 17:55 ** Starting backup for the task "Inc Backup" ** 2011-07-27 17:55 Calc... Read more

Answer:Redirects, Strange Event Logs, Possible Google Redirect Virus

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

37 more replies
Relevance 50.43%

After testing it for over a month, I can say for sure that the power supply was the cause. Changed it with a 450w one and ever since then, the pc is working great.
For anyone who can't open up his PSU or doesn't want to risk by doing it to check the capacitors, go to bios and check your voltages. Any voltage in red means that either a cable is not plugged in perfectly, or a capacitor has leaked.

Special thanks to axe0 and Ztruker for helping me!

For some reason my pc keeps on crashing lately when I am watching youtube videos or gaming (screen going black and hearing some buzzing sound) and after a few seconds it reboots. This happens randomly. It can happen in 5 minutes or even in 10/24 hours.
Here is a screenshot of event viewer with a critical error which appeared exactly when the pc crashes. Here's a screenshot of that critical event.

Following that error there are a few more events and among them are a few error events. After the pc is rebooted, it appears another error event which is saying "The computer has rebooted from a bugcheck. The bugcheck was: 0x00000124 (0x0000000000000000, 0xffffe00001ccb038, 0x0000000000000000, 0x0000000000000000). " and has a dump file attacked to it. Here's a screenshot of it.
Here's the dump file. I've uploaded it on tinyupload because I couldn't find how to attack it here. Read more

Answer:Computer crashing. Event logs and dump files included.

Are you overclocking? The dump shows a machine check in AuthenticAMD which is a hardware failure.

10 more replies
Relevance 50.43%

How do i find who has modified proxy settings in Windows 7 Enterprise Edition. 

Is there any event logs to verify

Please help me

I am sorry to say that there is no official method to implement what you would like. 
Thanks for understanding.Kate Li
TechNet Community Support

Hello Forum,

I'm getting a error in the Windows Logs - Application that appears to be related to the Win 10 free upgrade push. Without removing all the Win 10 updates to my Win 7 Pro x64 system, I'm looking for a way to resolve the error.

This is a Win 7 clean install return from Win 10.

Does anyone have a solution?

Faulting application name: GWXUX.exe, version: 6.3.9600.18064, time stamp:

Faulting module name: ntdll.dll, version: 6.1.7601.19045, time stamp:

Exception code: 0xc0000005

Fault offset: 0x000000000004ac04

Faulting process id: 0x1ddc

Faulting application start time: 0x01d134a2492ae39f

Faulting application path: C:\Windows\System32\GWX\GWXUX.exe

Faulting module path: C:\Windows\SYSTEM32\ntdll.dll

Report Id: 87823f99-a095-11e5-8cbe-386077b56e17

Answer:Application Error - Windows Logs - Event ID: 1000 (Win 10 related)

Quote: Originally Posted by tjg79

Without removing all the Win 10 updates to my Win 7 Pro x64 system, I'm looking for a way to resolve the error...

...Does anyone have a solution?

I would try to correct the error by running sfc /scannow, if that doesn't fix the problem you may have other file corruption/manifest issues; check the log located in C:\Windows\Logs\CBS\CBS.log. Another possibility would be to uninstall/reinstall KB3035583. Disabling the GWX associated tasks in Task Scheduler is a bit of a problem, see this post for the gory details.

Relevance 50.43%

Howdy everyone. I've got a problem with my computer hard freezing (locking up, no input, have to perform a hard reboot) since July 15th. It seems impossible for me to diagnose this problem since I've never dealt with a recurring hard freeze before. My initial reaction was that the hardware was problematic, but at the same time I have no idea if it could be caused by a driver.

Attempted solutions so far:
Ran CHKDSK on both HDDs, no errors found (this is on a four-week old HDD with a fresh Windows 7 x64 install)
Ran Memtest+ for 7 hours, no errors found
Replaced the graphics card with a weaker one, problem still occurred
Constantly checking temps for overheating, card and processor rarely get above 40, but the computer still freezes during idle or low processing stages

Uninstalled, and swept video card drivers, then reinstalled twice
Ran Driver Verifier (as of now), and no blue screens
Started checking for any errors in Event Viewer (none are related to the crash so far, as I've fixed about 5 random things getting reported)
Checked for dump files, to no avail
Reinstalled all motherboard drivers from the manufacturer

At this point, I'm at the end of my ideas, so I came to you guys. I have no idea what information I could provide to you that may be of assistance. While the computer is frozen, it is still powered on as well - I have to turn it off manually, if that is revealing of anything. I'm basically willing to try anything. Please let me know if you have a... Read more

Answer:Computer Hard Freezes with No BSOD or Event Viewer Logs

Here are my solutions to freezing, and an excellent article, which I hope is of some help
Go to search type device manager and look for any yellow warning markers
Download and run malwarebytes, a full scan after you update
Run antivirus scan
Check memory with memtest86
Make sure that you are not over heating.
Try in safe mode; report back if it works properly.
Try a clean boot
Make sure PSU is working properly
If overclocking, restore to original
Test hard drive at company website.
Test in safe mode, does it still happen?
Try with clean boot..

2 more replies
hi does anyone have a tutorial or ebook i could read for reading windows event logs? id like to learn more about them and i think i have the right section so pleas correct me if im wrong

Answer:Tutorials for reading windows event logs in schedule tasks

Good basic guide : Use Windows 7 Event Viewer to track down issues that cause slower boot times - TechRepublic

THE database of log events : Troubleshooting Microsoft Windows Event Logs

And of course don't forget google.

3 more replies